Adaptable secure communication for the Cloud of Things

Cloud of Things (CoT) is a novel concept driven by the synergy of the Internet of Things (IoT) and cloud computing paradigm. The CoT concept has expedited the development of smart services resulting in the proliferation of their real world deployments. However, new research challenges arise because of the transition of research‐driven and proof‐of‐concept solutions to commercial offerings, which need to provide secure, energy‐efficient, and reliable services. An open research issue in the CoT is to provide a satisfactory level of security between various IoT devices and the cloud. Existing solutions for secure CoT communication typically use devices with pre‐loaded and pre‐configured parameters, which define a static setup for secure communication. In contrast to existing pre‐configured solutions, we present an adaptable model for secure communication in CoT environments. The model defines six secure communication operations to enable CoT entities to autonomously and dynamically agree on the security protocol and cryptographic keys used for communication. Further on, we focus on device agreement and present an original solution, which uses the Agile Cryptographic Agreement Protocol in the context of CoT. We verify our solution by a prototype implementation of CoT device agreement based on required security level, which takes into account the capabilities of communicating devices. Our experimental evaluation compares the average processing times of the proposed secure communication operations demonstrating the viability of the proposed solution in real‐world deployments. Copyright © 2016 John Wiley & Sons, Ltd.

[1]  Arkady B. Zaslavsky,et al.  Context Aware Computing for The Internet of Things: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[2]  Miljenko Mikuc,et al.  Lightweight and adaptable solution for security agility , 2016, KSII Trans. Internet Inf. Syst..

[3]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[4]  C.J.F. Cremers Scyther: Unbounded verification of security protocols , 2011 .

[5]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[6]  Miljenko Mikuc,et al.  Security Agility Solution Independent of the Underlaying Protocol Architecture , 2012, AT.

[7]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[8]  John Soldatos,et al.  Design principles for utility-driven services and cloud-based computing modelling for the Internet of Things , 2014, Int. J. Web Grid Serv..

[9]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[10]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[11]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[12]  PageKicker Robot Phil OWASP Top 10: The Top 10 Most Critical Web Application Security Threats Enhanced with Text Analytics and Content by PageKicker Robot Phil 73 , 2014 .

[13]  Seref Sagiroglu,et al.  Big data: A review , 2013, 2013 International Conference on Collaboration Technologies and Systems (CTS).

[14]  Qinghua Li,et al.  Privacy-preserving participatory sensing , 2015, IEEE Communications Magazine.

[15]  Apu Kapadia,et al.  Opportunistic sensing: Security challenges for the new paradigm , 2009, 2009 First International Communication Systems and Networks and Workshops.

[16]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[17]  Xuemin Shen,et al.  Security and privacy in mobile crowdsourcing networks: challenges and opportunities , 2015, IEEE Communications Magazine.

[18]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[19]  Tatu Ylönen,et al.  The Secure Shell (SSH) Protocol Architecture , 2006, RFC.

[20]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[21]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[22]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[23]  Zhang,et al.  Security Architecture on the Trusting Internet of Things , 2011 .

[24]  Alan O. Freier,et al.  Internet Engineering Task Force (ietf) the Secure Sockets Layer (ssl) Protocol Version 3.0 , 2022 .

[25]  Sheila Frankel,et al.  IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap , 2011, RFC.

[26]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[27]  Salil S. Kanhere,et al.  A survey on privacy in mobile participatory sensing applications , 2011, J. Syst. Softw..