Twenty Security Considerations for Cloud-Supported Internet of Things

To realize the broad vision of pervasive computing, underpinned by the “Internet of Things” (IoT), it is essential to break down application and technology-based silos and support broad connectivity and data sharing; the cloud being a natural enabler. Work in IoT tends toward the subsystem, often focusing on particular technical concerns or application domains, before offloading data to the cloud. As such, there has been little regard given to the security, privacy, and personal safety risks that arise beyond these subsystems; i.e., from the wide-scale, cross-platform openness that cloud services bring to IoT. In this paper, we focus on security considerations for IoT from the perspectives of cloud tenants, end-users, and cloud providers, in the context of wide-scale IoT proliferation, working across the range of IoT technologies (be they things or entire IoT subsystems). Our contribution is to analyze the current state of cloud-supported IoT to make explicit the security considerations that require further work.

[1]  Yoshinori Sato,et al.  Automated Certification for Compliant Cloud-based Business Processes , 2011, Bus. Inf. Syst. Eng..

[2]  Sindhu Singh,et al.  Factors Influencing the Adoption of Mobile Banking in India , 2014, Int. J. E Serv. Mob. Appl..

[3]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[4]  Srijith Krishnan Nair,et al.  Self Managed Security Cell, a Security Model for the Internet of Things and Services , 2009, 2009 First International Conference on Advances in Future Internet.

[5]  Mohand Tahar Kechadi,et al.  Cloud Forensics , 2011, IFIP Int. Conf. Digital Forensics.

[6]  Ali Sunyaev,et al.  Cloud services certification , 2013, CACM.

[7]  David M. Eyers,et al.  Information Flow Control for Secure Cloud Computing , 2014, IEEE Transactions on Network and Service Management.

[8]  Jatinder Singh,et al.  Governance in patient-centric healthcare , 2010, 2010 International Conference on Information Society.

[9]  Shui Yu,et al.  DDoS Attack and Defence in Cloud , 2014 .

[10]  Larry L. Peterson,et al.  Container-based operating system virtualization: a scalable, high-performance alternative to hypervisors , 2007, EuroSys '07.

[11]  Thomas Morris,et al.  Trusted Platform Module , 2011, Encyclopedia of Cryptography and Security.

[12]  Randy H. Katz,et al.  Chukwa: A System for Reliable Large-Scale Log Collection , 2010, LISA.

[13]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[14]  中尾 康二 ISO/IEC JTC 1/SC27 : セキュリティ技術 (画像電子年報) -- (標準化動向) , 2002 .

[15]  Wenke Lee,et al.  xBook: Redesigning Privacy Control in Social Networking Platforms , 2009, USENIX Security Symposium.

[16]  V. Kavitha,et al.  A survey on security issues in service delivery models of cloud computing , 2011, J. Netw. Comput. Appl..

[17]  David Lillethun,et al.  Mobile fog: a programming model for large-scale applications on the internet of things , 2013, MCC '13.

[18]  Jatinder Singh,et al.  Controlling the dissemination and disclosure of healthcare events , 2010 .

[19]  Meiko Jensen Challenges of Privacy Protection in Big Data Analytics , 2013, 2013 IEEE International Congress on Big Data.

[20]  Christopher Millard,et al.  Cloud Computing Law , 2013 .

[21]  Stjepan Picek,et al.  Homomorphic encryption in the cloud , 2014, 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO).

[22]  Thomas Kunz,et al.  Automatic Data Protection Certificates for Cloud-Services based on Secure Logging , 2014, Trusted Cloud Computing.

[23]  Jatinder Singh,et al.  Integrating Middleware with Information Flow Control , 2015 .

[24]  Refik Molva,et al.  Core: a collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks , 2002, Communications and Multimedia Security.

[25]  Jatinder Singh,et al.  Data Flow Management and Compliance in Cloud Computing , 2015, IEEE Cloud Computing.

[26]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[27]  Andreas Haeberlen,et al.  A case for the accountable cloud , 2010, OPSR.

[28]  Simon Mayer,et al.  Moving Application Logic from the Firmware to the Cloud: Towards the Thin Server Architecture for the Internet of Things , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[29]  Sneha A. Dalvi,et al.  Internet of Things for Smart Cities , 2017 .

[30]  Sasu Tarkoma,et al.  A gap analysis of Internet-of-Things platforms , 2015, Comput. Commun..

[31]  Michael Hutter,et al.  A Trusted Platform Module for Near Field Communication , 2010, 2010 Fifth International Conference on Systems and Networks Communications.

[32]  Wei Xu,et al.  Advances and challenges in log analysis , 2011, Commun. ACM.

[33]  Thomas F. J.-M. Pasquier,et al.  Expressing and Enforcing Location Requirements in the Cloud Using Information Flow Control , 2015, 2015 IEEE International Conference on Cloud Engineering.

[34]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[35]  Jon Crowcroft,et al.  Unclouded Vision , 2011, ICDCN.

[36]  David J. Scott,et al.  Unikernels: the rise of the virtual library operating system , 2013, CACM.

[37]  Ravi Sunil,et al.  ENABLING SMART CLOUD SERVICES THROUGH REMOTE SENSING: AN INTERNET OF EVERYTHING ENABLER , 2015 .

[38]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[39]  David M. Eyers,et al.  Policy enforcement within emerging distributed, event-based systems , 2014, DEBS '14.

[40]  Xueping Chen Distributed denial of service attack and defense , 2010, 2010 International Conference on Educational and Information Technology.

[41]  J. Bacon,et al.  Personal and Social Communication Services for Health and Lifestyle Monitoring , 2012 .

[42]  Bu-Sung Lee,et al.  TrustCloud: A Framework for Accountability and Trust in Cloud Computing , 2011, 2011 IEEE World Congress on Services.

[43]  Carlos Becker Westphall,et al.  SLA Perspective in Security Management for Cloud Computing , 2010, 2010 Sixth International Conference on Networking and Services.

[44]  Stefan Berger,et al.  Scalable Attestation: A Step Toward Secure and Trusted Clouds , 2015, 2015 IEEE International Conference on Cloud Engineering.

[45]  Vitaly Shmatikov,et al.  Myths and fallacies of "Personally Identifiable Information" , 2010, Commun. ACM.

[46]  Pascal Urien LLCPS: A new security framework based on TLS for NFC P2P applications in the Internet of Things , 2013, 2013 IEEE 10th Consumer Communications and Networking Conference (CCNC).

[47]  Hannes Tschofenig,et al.  Securing the Internet of Things: A Standardization Perspective , 2014, IEEE Internet of Things Journal.

[48]  Jörg Schwenk,et al.  On Technical Security Issues in Cloud Computing , 2009, 2009 IEEE International Conference on Cloud Computing.

[49]  Paul Ohm Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization , 2009 .

[50]  Wayne A. Jansen,et al.  Cloud Hooks: Security and Privacy Issues in Cloud Computing , 2011, 2011 44th Hawaii International Conference on System Sciences.

[51]  Jatinder Singh,et al.  Camflow: Managed Data-Sharing for Cloud Services , 2015, IEEE Transactions on Cloud Computing.

[52]  Jon Crowcroft,et al.  Regional Clouds: Technical Considerations , 2014 .

[53]  K. Cameron,et al.  The Laws of Identity , 2005 .

[54]  Serge Gutwirth,et al.  Legal safeguards for privacy and data protection in ambient intelligence , 2008, Personal and Ubiquitous Computing.

[55]  Sieteng Soh,et al.  Cloud forensics: Technical challenges, solutions and comparative analysis , 2015, Digit. Investig..

[56]  Jean-Marc Seigneur,et al.  A Survey of User-centric Identity Management Technologies , 2007, The International Conference on Emerging Security Information, Systems, and Technologies (SECUREWARE 2007).

[57]  I. Prasetya,et al.  Log-Based Reduction by Rewriting , 2012 .

[58]  Eugen Brenner,et al.  A secure hardware module and system concept for local and remote industrial embedded system identification , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[59]  William E. Weihl,et al.  Edgecomputing: extending enterprise applications to the edge of the internet , 2004, WWW Alt. '04.

[60]  Jatinder Singh,et al.  Information Flow Control for Strong Protection with Flexible Sharing in PaaS , 2015, 2015 IEEE International Conference on Cloud Engineering.

[61]  P.J.A. de Hert,et al.  A right to identity to face the internet of things , 2008 .

[62]  Martin Gilje Jaatun,et al.  Security SLAs for Federated Cloud Services , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[63]  Stefan Berger,et al.  vTPM: Virtualizing the Trusted Platform Module , 2006, USENIX Security Symposium.

[64]  M. Weiser,et al.  Hot topics-ubiquitous computing , 1993 .

[65]  Vinod Vaikuntanathan,et al.  Can homomorphic encryption be practical? , 2011, CCSW '11.

[66]  Michael Koch,et al.  Ubiquitous Computing , 2001, CSCW-Kompendium.

[67]  David M. Eyers,et al.  Integrating Messaging Middleware and Information Flow Control , 2015, 2015 IEEE International Conference on Cloud Engineering.

[68]  Galen C. Hunt,et al.  Shielding Applications from an Untrusted Cloud with Haven , 2014, OSDI.

[69]  Klaus Wehrle,et al.  The Cloud Needs Cross-Layer Data Handling Annotations , 2013, 2013 IEEE Security and Privacy Workshops.

[70]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[71]  Habtamu Abie,et al.  Metrics-driven security objective decomposition for an e-health application with adaptive security management , 2013, ASPI '13.

[72]  Ken Klingenstein,et al.  Federated Security: The Shibboleth Approach , 2004 .

[73]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[74]  Paramvir Bahl,et al.  The Case for VM-Based Cloudlets in Mobile Computing , 2009, IEEE Pervasive Computing.

[75]  Eric Rescorla,et al.  Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP) , 2010, RFC.

[76]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[77]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[78]  Vitaly Shmatikov,et al.  πBox: A Platform for Privacy-Preserving Apps , 2013 .

[79]  Antonio Maña,et al.  Bridging the GAP between Software Certification and Trusted Computing for Securing Cloud Computing , 2013, 2013 IEEE Ninth World Congress on Services.

[80]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[81]  Bu Sung Lee,et al.  From system-centric to data-centric logging - Accountability, trust & security in cloud computing , 2011, 2011 Defense Science Research Conference and Expo (DSR).

[82]  Jolyon Clulow,et al.  New Strategies for Revocation in Ad-Hoc Networks , 2007, ESAS.

[83]  Jatinder Singh,et al.  On middleware for emerging health services , 2014, Journal of Internet Services and Applications.

[84]  Jon Crowcroft,et al.  Policy, Legal and Regulatory Implications of a Europe-Only Cloud , 2016, Int. J. Law Inf. Technol..

[85]  Benny Rochwerger,et al.  A Monitoring and Audit Logging Architecture for Data Location Compliance in Federated Cloud Infrastructures , 2011, 2011 IEEE International Symposium on Parallel and Distributed Processing Workshops and Phd Forum.

[86]  Zhou Cheng,et al.  Overview of the Internet of Things , 2011 .

[87]  Michael J. Freedman,et al.  Making Every Bit Count in Wide-Area Analytics , 2013, HotOS.