Skip to main content
SpringerLink
Log in

Security analysis of a proposed internet of things middleware

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

This paper proposes security measures for a defined uniform and transparent internet of things middleware, named UIoT. The proposed architecture is deployable and comprises protection measures based on existent technologies for internet security, as well as support for peculiar security needs of the internet of things (IoT). The aim is to provide privacy, authenticity, integrity and confidentiality on data exchange among participant entities in a given IoT scenario yet allowing resource constrained nodes to be part of the network. The main contributions of this work include a brief survey on IoT attack models and possible defenses and proposal of a security model for UIoT, which can be generalized as security measures for other IoT middleware and gateways.

Graphical Abstract

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Weiser, M.: The computer for the 21st century. Sci. Am. 265(3), 94–104 (1991)

    Article  Google Scholar 

  2. Giusto, D., Iera, A., Morabito, G., Atzori, L. (Eds.): The Internet of Things. Springer, New York. ISBN: 978-1-4419-1673-0 (2010)

  3. Ashton, K.: That ’internet of things’ thing. RFID J. www.rfidjournal.com/article/print/4986 (2009)

  4. Weber, R.H.: Internet of things new security and privacy challenges. Comput. Law Secur. Rep. 26(1), 23–30 (2010)

    Article  Google Scholar 

  5. Miorandi, D., Sicari, S., Pellegrini, F., Chlamtac, I.: Internet of things: vision, applications and research challenges. Ad Hoc Netw. 10(7), 1497–1516 (2012)

    Article  Google Scholar 

  6. Borgia, E.: The internet of things vision: key features, applications and open issues. Comput. Commun. 54, 1–31 (2014)

    Article  Google Scholar 

  7. Wu, Q., Ding, G., Xu, Y., Feng, S., Du, Z., Wang, J., Long, K.: Cognitive internet of things: a new paradigm beyond connection. IEEE Int. Things J. 1(2), 129–143 (2014)

    Article  Google Scholar 

  8. Silva, C.C.M., Ferreira, H.G.C., Sousa Jr, R.T., Buiati, F., Villalba, L.J.G.: Design and evaluation of a services interface for the internet of things. Wirel. Pers. Commun. 91, 1711–1748 (2016)

    Article  Google Scholar 

  9. Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M.: Internet of things (IoT): a vision, architectural elements, and future directions. Future Gener. Comput. Syst. 29(7), 1645–1660 (2013)

    Article  Google Scholar 

  10. Zhang, D., Huang, H., Lai, C.-F., Liang, X., Zou, Q., Guo, M.: Survey on context-awareness in ubiquitous media. Multimed. Tools Appl. 67(1), 179–211 (2013)

    Article  Google Scholar 

  11. Perera, C., Zaslavsky, A., Christen, P., Georgakopoulos, D.: Context aware computing for the internet of things: a survey. IEEE Commun. Surv. Tutor. 46(1), 414–454 (2014)

    Article  Google Scholar 

  12. Rizzardi, A., Sicari, S., Miorandi, D., Coen-Porisini, A.: AUPS: an open source AUthenticated publish/subscribe system for the internet of things. Inform. Syst. 62, 29–41 (2016)

    Article  Google Scholar 

  13. Ferreira, H.G.C., Canedo, E.D., Sousa Jr, R.T.: IoT architecture to enable intercommunication through REST API and UPnP using IP, ZigBee and Arduino. In: IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), pp. 53–60 (2013). doi:10.1109/WiMOB.2013.6673340

  14. Ferreira, H.G.C., Sousa Jr., R.T., Canedo, E.D.: A ubiquitous communication architecture integrating transparent UPnP and REST APIs. Int. J. Embed. Syst. 6, 188–197 (2014)

    Article  Google Scholar 

  15. Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54, 2787–2805 (2010)

    Article  MATH  Google Scholar 

  16. Hydra Middleware/Link Smart Middleware. http://www.hydramiddleware.eu. Accessed 18 Feb 2014

  17. IoT-A, Internet of Things Architecture. http://www.iot-a.eu. Accessed 18 Feb 2014

  18. iCore Project. http://www.iot-icore.eu. Accessed 18 Feb 2014

  19. Understanding Universal Plug and Play. http://www.upnp.org/download/UPNP_understandingUPNP.doc. Accessed 18 Feb 2014

  20. Shelby, Z., Bormann, C.: 6LoWPAN: The Wireless Embedded Internet. Wiley, New York (2011)

    Google Scholar 

  21. Raspberry Pi. http://www.raspberrypi.org/. Accessed 18 Feb 2014

  22. Arduino. http://www.arduino.cc/. Accessed 18 Feb 2014

  23. ZigBee Alliance. http://www.zigbee.org. Accessed 18 Feb 2014

  24. Stirbu, V.: Towards a RESTful plug and play experience in the web of things. In: IEEE International Conference on Semantic Computing, pp. 512–517 (2008). doi:10.1109/ICSC.2008.51

  25. McGrew, D., Bailey, D.: RFC-6655 AES-CCM Cipher Suites for Transport Layer Security (TLS). IETF (2012)

  26. Whiting, D., Housley, R., Ferguson, N.: RFC-3610 Counter with CBC-MAC (CCM). IETF (2003)

  27. Dierks, T., Rescorlar, E.: RFC-5246 The Transport Layer Security (TLS) Protocol Version 1.2. IETF (2008)

  28. Rescolar, E.: RFC-2818 HTTP Over TLS. IETF (2000)

  29. Iwendi, C.O., Allen, A.R.: Enhanced security technique for wireless sensor network nodes. In: IET Conference on Wireless Sensor Systems (WSS 2012), pp. 1–5 (2012). doi:10.1049/cp.2012.0610

  30. Hardt, D.: RFC-6749 oAuth 2.0h Authorization Framework. IETF (2012)

  31. oAuth, open standard for authorization. http://oauth.net/2/. Accessed 18 Feb 2014

  32. Sousa, Jr., R.T., Puttini, R.S.: Trust management in ad hoc networks. In: Trust Modeling and Management in Digital Environments: From Social Concept to System Development, pp. 224–249. IGI Global (2010). doi:10.4018/978-1-61520-682-7.ch010

  33. Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)

    Article  Google Scholar 

  34. Puttini, R.S., Percher, J-M., Me, L., Sousa, Jr., R.T.: A fully distributed IDS for MANET. In: Proceedings of the Ninth International Symposium on Computers and Communications ISCC, vol. 1, pp. 331–338. IEEE (2004)

  35. Adnane, A., Bidan, C., Sousa Jr., R.T.: Trust-based security for the OLSR routing protocol. Comput. Commun. 36(10), 1159–1171 (2013)

    Article  Google Scholar 

Download references

Acknowledgements

The authors wish to thank the Brazilian research and innovation Agencies CAPES (Grant FORTE 23038.007604/2014-69), FINEP (Grant RENASIC/PROTO 01.12.0555.00), and the Brazilian Ministry of Planning, Budget and Management (Grant DIPLA 005/2016).

Author information

Authors and Affiliations

  1. Electrical Engineering Department, University of Brasilia UnB, Campus Darcy Ribeiro Asa Norte, Brasília, DF, 70910-900, Brazil

    Hiro Gabriel Cerqueira Ferreira & Rafael Timoteo de Sousa Junior

Authors
  1. Hiro Gabriel Cerqueira Ferreira
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rafael Timoteo de Sousa Junior
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hiro Gabriel Cerqueira Ferreira.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ferreira, H.G.C., de Sousa Junior, R.T. Security analysis of a proposed internet of things middleware. Cluster Comput 20, 651–660 (2017). https://doi.org/10.1007/s10586-017-0729-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-017-0729-3

Keywords

Search

Navigation