Implementing secure applications in smart city clouds using microservices

Abstract Smart Cities make use of ICT technology to address the challenges of modern urban management. The cloud provides an efficient and cost-effective platform on which they can manage, store and process data, as well as build applications performing complex computations and analyses. The quickly changing requirements in a Smart City require flexible software architectures that let these applications scale in a distributed environment such as the cloud. Smart Cities have to deal with huge amounts of data including sensitive information about infrastructure and citizens. In order to leverage the benefits of the cloud, in particular in terms of scalability and cost-effectiveness, this data should be stored in a public cloud. However, in such an environment, sensitive data needs to be encrypted to prevent unauthorized access. In this paper, we present a software architecture design that can be used as a template for the implementation of Smart City applications. The design is based on the microservice architectural style, which provides properties that help make Smart City applications scalable and flexible. In addition, we present a hybrid approach to securing sensitive data in the cloud. Our architecture design combines a public cloud with a trusted private environment. To store data in a cost-effective manner in the public cloud, we encrypt metadata items with CP-ABE (Ciphertext-Policy Attribute-Based Encryption) and actual Smart City data with symmetric encryption. This approach allows data to be shared across multiple administrations and makes efficient use of cloud resources. We show the applicability of our design by implementing a web-based application for urban risk management. We evaluate our architecture based on qualitative criteria, benchmark the performance of our security approach, and discuss it regarding honest-but-curious cloud providers as well as attackers trying to access user data through eavesdropping. Our findings indicate that the microservice architectural style fits the requirements of scalable Smart City applications while the proposed security approach helps prevent unauthorized access.

[1]  Hari Balakrishnan,et al.  Building Web Applications on Top of Encrypted Data Using Mylar , 2014, NSDI.

[2]  Yao Zheng,et al.  Scalable and Secure Sharing of Personal Health Records in Cloud Computing Using Attribute-Based Encryption , 2019, IEEE Transactions on Parallel and Distributed Systems.

[3]  Zaheer Abbas Khan,et al.  Domain-Specific Languages For Agile Urban Policy Modelling , 2013, ECMS.

[4]  David Ludlow,et al.  Participatory democracy and the governance of smart cities , 2012 .

[5]  R. Kalaiselvi,et al.  SCALABLE AND SECURE SHARING OF PERSONAL HEALTH RECORDS IN CLOUD COMPUTING , 2016 .

[6]  Jörg Schwenk,et al.  All your clouds are belong to us: security analysis of cloud management interfaces , 2011, CCSW '11.

[7]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[8]  Ashiq Anjum,et al.  Cloud Based Big Data Analytics for Smart Future Cities , 2013, UCC.

[9]  Michael F. Goodchild,et al.  Spatial cloud computing: how can the geospatial sciences use and help shape cloud computing? , 2011, Int. J. Digit. Earth.

[10]  Evans,et al.  Domain-driven design , 2003 .

[11]  Ahmad-Reza Sadeghi,et al.  Twin Clouds: Secure Cloud Computing with Low Latency - (Full Version) , 2011, Communications and Multimedia Security.

[12]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[13]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[14]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[15]  Thorsten Strufe,et al.  Processing and visualizing traffic pollution data in Hanoi City from a wireless sensor network , 2013, 38th Annual IEEE Conference on Local Computer Networks - Workshops.

[16]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[17]  Michel Krämer,et al.  Dynamic searchable symmetric encryption for storing geospatial data in the cloud , 2018, International Journal of Information Security.

[18]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[19]  Michel Krämer A microservice architecture for the processing of large geospatial data in the Cloud , 2018 .

[20]  Marco Jahn,et al.  Designing a Smart City Internet of Things Platform with Microservice Architecture , 2015, 2015 3rd International Conference on Future Internet of Things and Cloud.

[21]  Muhammad Atif Tahir,et al.  Towards cloud based big data analytics for smart future cities , 2013, 2013 IEEE/ACM 6th International Conference on Utility and Cloud Computing.

[22]  Reihaneh Safavi-Naini,et al.  Privacy preserving EHR system using attribute-based infrastructure , 2010, CCSW '10.

[23]  Zaheer Abbas Khan,et al.  Towards Cloud Based Smart Cities Data Security and Privacy Management , 2014, 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing.

[24]  Horst Lichter,et al.  Experience on a Microservice-Based Reference Architecture for Measurement Systems , 2014, 2014 21st Asia-Pacific Software Engineering Conference.

[25]  Michel Krämer,et al.  A modular software architecture for processing of big geospatial data in the cloud , 2015, Comput. Graph..

[26]  Jens Dambruch,et al.  Leveraging public participation in urban planning with 3D web technology , 2014, Web3D '14.

[27]  Rubby Casallas,et al.  Infrastructure Cost Comparison of Running Web Applications in the Cloud Using AWS Lambda and Monolithic and Microservice Architectures , 2016, 2016 16th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGrid).

[28]  Sam Newman,et al.  Building Microservices , 2015 .

[29]  Kun Liu,et al.  The Iqmulus Urban Showcase: Automatic Tree Classification and Identification in Huge Mobile Mapping Point Clouds , 2016 .

[30]  Roderik Lindenbergh,et al.  Automatic classification of trees from laser scanning point clouds , 2015 .

[31]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[32]  Andrew Warfield,et al.  Cloud security: a gathering storm , 2014, CACM.