Skip to main content
SpringerLink
Log in

A Trust Point-based Security Architecture for Sensor Data in the Cloud

  • Chapter
  • First Online:
Trusted Cloud Computing

Abstract

The SensorCloud project aims at enabling the use of elastic, on-demand resources of today’s Cloud offers for the storage and processing of sensed information about the physical world. Recent privacy concerns regarding the Cloud computing paradigm, however, constitute an adoption barrier that must be overcome to leverage the full potential of the envisioned scenario. To this end, a key goal of the SensorCloud project is to develop a security architecture that offers full access control to the data owner when outsourcing her sensed information to the Cloud. The central idea of this security architecture is the introduction of the trust point, a security-enhanced gateway at the border of the information sensing network. Based on a security analysis of the SensorCloud scenario, this chapter presents the design and implementation of the main components of our proposed security architecture. Our evaluation results confirm the feasibility of our proposed architecture with respect to the elastic, on-demand resources of today’s commodity Cloud offers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 54.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Amazon Web Services, Inc.: Amazon EC2 Instances. URL http://aws.amazon.com/en/ec2/instance-types/. Retrieved: 09/10/2013

  2. Amazon Web Services, Inc.: AWS GovCloud (US) Region – Government Cloud Computing. URL http://aws.amazon.com/en/govcloud-us/. Retrieved: 09/10/2013

  3. Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for Key Management – Part 1: General (Revision 3). Tech. rep, National Institute of Standards and Technology (2012)

    Google Scholar 

  4. Boneh, D., Waters, B.: Conjunctive, Subset, and Range Queries on Encrypted Data. In: S.P. Vadhan (ed.) Theory of Cryptography, Lecture Notes in Computer Science, vol. 4392. Springer (2007)

    Google Scholar 

  5. Bowers, K.D., Juels, A., Oprea, A.: HAIL: A High-Availability and Integrity Layer for Cloud Storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS) (2009)

    Google Scholar 

  6. Bugiel, S., N¨urnberger, S., Sadeghi, A.R., Schneider, T.: Twin Clouds: Secure Cloud Computing with Low Latency. In: B. Decker, J. Lapon, V. Naessens, A. Uhl (eds.) Communications and Multimedia Security, Lecture Notes in Computer Science, vol. 7025. Springer (2011)

    Google Scholar 

  7. Carpenter, B., Brim, S.: Middleboxes: Taxonomy and Issues. IETF RFC 3234 (Informational) (2002)

    Google Scholar 

  8. Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW) (2009)

    Google Scholar 

  9. Coarfa, C., Druschel, P., Wallach, D.S.: Performance Analysis of TLS Web servers. ACM Trans. Comput. Syst. 24(1) (2006)

    Google Scholar 

  10. Crockford, D.: The application/json Media Type for JavaScript Object Notation (JSON). RFC 4627 (2006) A Trust Point-based Security Architecture for Sensor Data in the Cloud 105

    Google Scholar 

  11. Danezis, G., Livshits, B.: Towards Ensuring Client-Side Computational Integrity. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security (CCSW) (2011)

    Google Scholar 

  12. Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. IETF RFC 5246 (Proposed Standard) (2008)

    Google Scholar 

  13. Eggert, M., H¨außling, R., Henze, M., Hermerschmidt, L., Hummen, R., Kerpen, D., Navarro P´erez, A., Rumpe, B., Thißen, D., Wehrle, K.: SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators. Tech. rep., RWTH Aachen University (2013)

    Google Scholar 

  14. Ferraiolo, D., Kuhn, R.: Role-Based Access Control. In: 15th NIST-NCSC National Computer Security Conference (1992)

    Google Scholar 

  15. Gentry, C.: Computing Arbitrary Functions of Encrypted Data. Commun. ACM 53(3) (2010)

    Google Scholar 

  16. Guarnieri, S., Livshits, B.: GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. In: 18th USENIX Security Symposium (USENIX Security) (2009)

    Google Scholar 

  17. Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard) (2012)

    Google Scholar 

  18. Heer, T., G¨otz, S., Weing¨artner, E., Wehrle, K.: Secure Wi-Fi Sharing at Global Scales. In: International Conference on Telecommunications (ICT) (2008)

    Google Scholar 

  19. Henze, M., Großfengels, M., Koprowski, M., Wehrle, K.: Towards Data Handling Requirements-aware Cloud Computing. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (2013)

    Google Scholar 

  20. Henze, M., Hummen, R., Matzutt, R., Catrein, D., Wehrle, K.: Maintaining User Control While Storing and Processing Sensor Data in the Cloud. International Journal of Grid and High Performance Computing (IJGHPC) 5(4) (2013)

    Google Scholar 

  21. Henze, M., Hummen, R., Wehrle, K.: The Cloud Needs Cross-Layer Data Handling Annotations. In: 2013 IEEE Security and Privacy Workshops (2013)

    Google Scholar 

  22. Hummen, R., Henze, M., Catrein, D., Wehrle, K.: A Cloud Design for User-controlled Storage and Processing of Sensor Data. In: 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom) (2012)

    Google Scholar 

  23. Hummen, R., Hiller, J., Henze, M., Wehrle, K.: Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things. In: 1st International Workshop on Internet of Things Communications and Technologies (IoT) (2013)

    Google Scholar 

  24. Hummen, R., Hiller, J., Wirtz, H., Henze, M., Shafagh, H., Wehrle, K.: 6LoWPAN Fragmentation Attacks and Mitigation Mechanisms. In: Proceedings of the sixth ACM Conference on Security and privacy in Wireless and Mobile Networks (WiSec) (2013)

    Google Scholar 

  25. Hummen, R., Shafagh, H., Raza, S., Voigt, T., Wehrle, K.: Delegation-based authentication and authorization for the ip-based internet of things. In: 2014 IEEE International Conference on Sensing, Communications and Networking (SECON) (2014)

    Google Scholar 

  26. Hummen, R., Wirtz, H., Ziegeldorf, J.H., Hiller, J., Wehrle, K.: Tailoring End-to-End IP Security Protocols to the Internet of Things. In: 21st IEEE International Conference on Network Protocols (ICNP) (2013)

    Google Scholar 

  27. Itani, W., Kayssi, A., Chehab, A.: Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC) (2009)

    Google Scholar 

  28. Jennings, C., Shelby, Z., Arkko, J.: Media Types for Sensor Markup Language (SENML). IETF Internet-Draft draft-jennings-senml-10 (2013). Work in progress

    Google Scholar 

  29. Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: R. Sion, R. Curtmola, S. Dietrich, A. Kiayias, J. Miret, K. Sako, F. Seb´e (eds.) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 6054. Springer (2010)

    Google Scholar 

  30. Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). IETF RFC 5996 (Proposed Standard) (2010)

    Google Scholar 

  31. Lamport, L.: Password Authentication with Insecure Communication. Commun. ACM 24(11) (1981)

    Google Scholar 

  32. Lindell, Y., Pinkas, B.: A Proof of Security of Yao’s Protocol for Two-Party Computation. Journal of Cryptology 22(2) (2009) 106 Martin Henze, Ren´e Hummen, Roman Matzutt, and Klaus Wehrle

    Google Scholar 

  33. Mitchell, C.J. (ed.): Trusted Computing. IEE (2005)

    Google Scholar 

  34. Montenegro, G., Kushalnagar, N., Hui, J., Culler, D.: Transmission of IPv6 Packets over IEEE 802.15.4 Networks. RFC 4944 (2007)

    Google Scholar 

  35. Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol. IETF RFC 5201 (Experimental) (2008)

    Google Scholar 

  36. National Institute of Standards and Technology: FIPS PUB 197: Advanced Encryption Standard (AES) (2001)

    Google Scholar 

  37. National Institute of Standards and Technology: FIPS PUB 186-4: Digital Signature Standard (DSS) (2013)

    Google Scholar 

  38. Navarro P´erez, A., Rumpe, B.: Modeling Cloud Architectures as Interactive Systems. In: 2nd International Workshop on Model-Driven Engineering for High Performance and Cloud Computing (MDHPCL) (2013)

    Google Scholar 

  39. Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: J. Stern (ed.) Advances in Cryptology — EUROCRYPT ’99, Lecture Notes in Computer Science, vol. 1592. Springer (1999)

    Google Scholar 

  40. Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: 2010 IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom) (2010)

    Google Scholar 

  41. Pearson, S., Mont, M.C., Chen, L., Reed, A.: End-to-End Policy-Based Encryption and Management of Data in the Cloud. In: 2011 IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom) (2011)

    Google Scholar 

  42. Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: Protecting Confidentiality with Encrypted Query Processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP ’11) (2011)

    Google Scholar 

  43. Robertson, J.: How Private Data Became Public on Amazon’s Cloud. URL http://www.bloomberg.com/news/2013-03-26/how-private-databecame-public-on-amazon-s-cloud.html. Retrieved: 09/10/2013

  44. Santos, N., Gummadi, K.P., Rodrigues, R.: Towards Trusted Cloud Computing. In: USENIX Workshop on Hot Topics in Cloud Computing (HotCloud ’09) (2009)

    Google Scholar 

  45. The HIPL Project: Host Identity Protocol for Linux. online @ https://launchpad.net/hipl (2013)

  46. The OpenSSL Project: OpenSSL. online @ http://www.openssl.org/ (2013)

  47. The strongSwan Project: strongSwan - IPsec for Linux. online@http://strongswan.org (2013)

  48. Wallom, D., Turilli, M., Taylor, G., Hargreaves, N., Martin, A., Raun, A., McMoran, A.: myTrustedCloud: Trusted Cloud Infrastructure for Security-critical Computation and Data Managment. In: 2011 IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom) (2011)

    Google Scholar 

  49. Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2011)

    Article  Google Scholar 

  50. Yao, A.C.C.: How to Generate and Exchange Secrets. In: 27th Annual Symposium on Foundations of Computer Science (1986)

    Google Scholar 

  51. Yu, S.,Wang, C., Ren, K., Lou,W.: Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In: 2010 Proceedings IEEE INFOCOM (2010)

    Google Scholar 

  52. Ziegeldorf, J.H., Garcia Morchon, O., Wehrle, K.: Privacy in the Internet of Things: Threats and Challenges. Security and Communication Networks (2013)

    Google Scholar 

  53. ZigBee Alliance: ZigBee 2012 Specification (2012)

    Google Scholar 

  54. ZigBee Alliance: ZigBee Smart Energy Profile 2 (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Communication and Distributed Systems, RWTH Aachen University, Aachen, Germany

    Martin Henze, René Hummen, Roman Matzutt & Klaus Wehrle

Authors
  1. Martin Henze
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. René Hummen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roman Matzutt
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Klaus Wehrle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Henze .

Editor information

Editors and Affiliations

  1. Technische Universität München, fortiss - An-Institut Technische Universität München, Munich, Germany

    Helmut Krcmar

  2. Karlsruhe Institute of Technology, FZI - Forschungszentrum Informatik am KIT, Karlsruhe, Germany

    Ralf Reussner

  3. RWTH Aachen, RIT - Rumpe Information Technologies, Aachen, Germany

    Bernhard Rumpe

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this chapter

Cite this chapter

Henze, M., Hummen, R., Matzutt, R., Wehrle, K. (2014). A Trust Point-based Security Architecture for Sensor Data in the Cloud. In: Krcmar, H., Reussner, R., Rumpe, B. (eds) Trusted Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-12718-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12718-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12717-0

  • Online ISBN: 978-3-319-12718-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation