Security analysis of a proposed internet of things middleware

This paper proposes security measures for a defined uniform and transparent internet of things middleware, named UIoT. The proposed architecture is deployable and comprises protection measures based on existent technologies for internet security, as well as support for peculiar security needs of the internet of things (IoT). The aim is to provide privacy, authenticity, integrity and confidentiality on data exchange among participant entities in a given IoT scenario yet allowing resource constrained nodes to be part of the network. The main contributions of this work include a brief survey on IoT attack models and possible defenses and proposal of a security model for UIoT, which can be generalized as security measures for other IoT middleware and gateways.Graphical Abstract

[1]  Aref Meddeb,et al.  Internet of Things Architectures , 2016 .

[2]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[3]  Carsten Bormann,et al.  6LoWPAN: The Wireless Embedded Internet , 2009 .

[4]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[5]  Ricardo Staciarini Puttini,et al.  A fully distributed IDS for MANET , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[6]  Arkady B. Zaslavsky,et al.  Context Aware Computing for The Internet of Things: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[7]  Rafael Timóteo de Sousa Júnior,et al.  Trust-based security for the OLSR routing protocol , 2013, Comput. Commun..

[8]  Edna Dias Canedo,et al.  IoT architecture to enable intercommunication through REST API and UPnP using IP, ZigBee and arduino , 2013, 2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob).

[9]  Eleonora Borgia,et al.  The Internet of Things vision: Key features, applications and open issues , 2014, Comput. Commun..

[10]  Antonio Iera,et al.  The Internet of things , 2010 .

[11]  Celestine Iwendi,et al.  Enhanced Security Technique for Wireless Sensor Network Nodes , 2012 .

[12]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[13]  Ricardo Staciarini Puttini,et al.  Trust Management in Ad Hoc Networks , 2010 .

[14]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[15]  Vlad Stirbu,et al.  Towards a RESTful Plug and Play Experience in the Web of Things , 2008, 2008 IEEE International Conference on Semantic Computing.

[16]  David A. McGrew,et al.  AES-CCM Cipher Suites for Transport Layer Security (TLS) , 2012, RFC.

[17]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[18]  Daniele Miorandi,et al.  AUPS: An Open Source AUthenticated Publish/Subscribe system for the Internet of Things , 2016, Inf. Syst..

[19]  L. Javier García-Villalba,et al.  Design and Evaluation of a Services Interface for the Internet of Things , 2016, Wirel. Pers. Commun..

[20]  Russ Housley,et al.  Counter with CBC-MAC (CCM) , 2003, RFC.

[21]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[22]  Edna Dias Canedo,et al.  A ubiquitous communication architecture integrating transparent UPnP and REST APIs , 2014, Int. J. Embed. Syst..

[23]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[24]  Qihui Wu,et al.  Cognitive Internet of Things: A New Paradigm Beyond Connection , 2014, IEEE Internet of Things Journal.

[25]  Minyi Guo,et al.  Survey on context-awareness in ubiquitous media , 2011, Multimedia Tools and Applications.

[26]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..