Abstract
This paper proposes security measures for a defined uniform and transparent internet of things middleware, named UIoT. The proposed architecture is deployable and comprises protection measures based on existent technologies for internet security, as well as support for peculiar security needs of the internet of things (IoT). The aim is to provide privacy, authenticity, integrity and confidentiality on data exchange among participant entities in a given IoT scenario yet allowing resource constrained nodes to be part of the network. The main contributions of this work include a brief survey on IoT attack models and possible defenses and proposal of a security model for UIoT, which can be generalized as security measures for other IoT middleware and gateways.
Graphical Abstract
Similar content being viewed by others
References
Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991)
Giusto, D., Iera, A., Morabito, G., Atzori, L. (Eds.): The Internet of Things. Springer, New York. ISBN: 978-1-4419-1673-0 (2010)
Ashton, K.: That ’internet of things’ thing. RFID J. www.rfidjournal.com/article/print/4986 (2009)
Weber, R.H.: Internet of things new security and privacy challenges. Comput. Law Secur. Rep. 26(1), 23–30 (2010)
Miorandi, D., Sicari, S., Pellegrini, F., Chlamtac, I.: Internet of things: vision, applications and research challenges. Ad Hoc Netw. 10(7), 1497–1516 (2012)
Borgia, E.: The internet of things vision: key features, applications and open issues. Comput. Commun. 54, 1–31 (2014)
Wu, Q., Ding, G., Xu, Y., Feng, S., Du, Z., Wang, J., Long, K.: Cognitive internet of things: a new paradigm beyond connection. IEEE Int. Things J. 1(2), 129–143 (2014)
Silva, C.C.M., Ferreira, H.G.C., Sousa Jr, R.T., Buiati, F., Villalba, L.J.G.: Design and evaluation of a services interface for the internet of things. Wirel. Pers. Commun. 91, 1711–1748 (2016)
Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013)
Zhang, D., Huang, H., Lai, C.-F., Liang, X., Zou, Q., Guo, M.: Survey on context-awareness in ubiquitous media. Multimed. Tools Appl. 67(1), 179–211 (2013)
Perera, C., Zaslavsky, A., Christen, P., Georgakopoulos, D.: Context aware computing for the internet of things: a survey. IEEE Commun. Surv. Tutor. 46(1), 414–454 (2014)
Rizzardi, A., Sicari, S., Miorandi, D., Coen-Porisini, A.: AUPS: an open source AUthenticated publish/subscribe system for the internet of things. Inform. Syst. 62, 29–41 (2016)
Ferreira, H.G.C., Canedo, E.D., Sousa Jr, R.T.: IoT architecture to enable intercommunication through REST API and UPnP using IP, ZigBee and Arduino. In: IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 53–60 (2013). doi:10.1109/WiMOB.2013.6673340
Ferreira, H.G.C., Sousa Jr., R.T., Canedo, E.D.: A ubiquitous communication architecture integrating transparent UPnP and REST APIs. Int. J. Embed. Syst. 6, 188–197 (2014)
Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54, 2787–2805 (2010)
Hydra Middleware/Link Smart Middleware. http://www.hydramiddleware.eu. Accessed 18 Feb 2014
IoT-A, Internet of Things Architecture. http://www.iot-a.eu. Accessed 18 Feb 2014
iCore Project. http://www.iot-icore.eu. Accessed 18 Feb 2014
Understanding Universal Plug and Play. http://www.upnp.org/download/UPNP_understandingUPNP.doc. Accessed 18 Feb 2014
Shelby, Z., Bormann, C.: 6LoWPAN: The Wireless Embedded Internet. Wiley, New York (2011)
Raspberry Pi. http://www.raspberrypi.org/. Accessed 18 Feb 2014
Arduino. http://www.arduino.cc/. Accessed 18 Feb 2014
ZigBee Alliance. http://www.zigbee.org. Accessed 18 Feb 2014
Stirbu, V.: Towards a RESTful plug and play experience in the web of things. In: IEEE International Conference on Semantic Computing, pp. 512–517 (2008). doi:10.1109/ICSC.2008.51
McGrew, D., Bailey, D.: RFC-6655 AES-CCM Cipher Suites for Transport Layer Security (TLS). IETF (2012)
Whiting, D., Housley, R., Ferguson, N.: RFC-3610 Counter with CBC-MAC (CCM). IETF (2003)
Dierks, T., Rescorlar, E.: RFC-5246 The Transport Layer Security (TLS) Protocol Version 1.2. IETF (2008)
Rescolar, E.: RFC-2818 HTTP Over TLS. IETF (2000)
Iwendi, C.O., Allen, A.R.: Enhanced security technique for wireless sensor network nodes. In: IET Conference on Wireless Sensor Systems (WSS 2012), pp. 1–5 (2012). doi:10.1049/cp.2012.0610
Hardt, D.: RFC-6749 oAuth 2.0h Authorization Framework. IETF (2012)
oAuth, open standard for authorization. http://oauth.net/2/. Accessed 18 Feb 2014
Sousa, Jr., R.T., Puttini, R.S.: Trust management in ad hoc networks. In: Trust Modeling and Management in Digital Environments: From Social Concept to System Development, pp. 224–249. IGI Global (2010). doi:10.4018/978-1-61520-682-7.ch010
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Puttini, R.S., Percher, J-M., Me, L., Sousa, Jr., R.T.: A fully distributed IDS for MANET. In: Proceedings of the Ninth International Symposium on Computers and Communications ISCC, vol. 1, pp. 331–338. IEEE (2004)
Adnane, A., Bidan, C., Sousa Jr., R.T.: Trust-based security for the OLSR routing protocol. Comput. Commun. 36(10), 1159–1171 (2013)
Acknowledgements
The authors wish to thank the Brazilian research and innovation Agencies CAPES (Grant FORTE 23038.007604/2014-69), FINEP (Grant RENASIC/PROTO 01.12.0555.00), and the Brazilian Ministry of Planning, Budget and Management (Grant DIPLA 005/2016).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Ferreira, H.G.C., de Sousa Junior, R.T. Security analysis of a proposed internet of things middleware. Cluster Comput 20, 651–660 (2017). https://doi.org/10.1007/s10586-017-0729-3
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-017-0729-3