Academic Survey of Internet Of Things (2011-12-29)

Chen-Yu Lee

Academic Survey of Internet Of Things

2011-12-29

• Research on the Architecture of Trusted Security System Based on the Internet of Things.

– 2011 Fourth International Conference on Intelligent Computation Technology and Automation.

• Interoperability of Security-Enabled Internet of Things

– Wireless Pers Commun, Vol. 61, ppt.567–586, 2011.

Table of Contents

2

Research on the Architecture of Trusted Security System Based on the

Internet of Things

2011 Fourth International Conference on Intelligent Computation Technology and Automation

Xiong Li, Zhou Xuan,Liu Wen

• Propose a general architecture of trusted security system based on IoT.

– trusted safety management system

– security gateway

– unified service platforms of IoT

– security infrastructure

– unified information exchange platform,

Architecture of trusted security system based on IoT

4

Architecture of trusted security system based on IoT

5

• The key of trusted user module is users’ legitimate identity authentication in multi-technology ways to to achieve multiple certification, integrated authentication.

Trusted User Module

6

• Many security challenges

– copy and counterfeit of labels, DoS attacks of electronic tags, unauthorized access of users, or stealing and modification of label information by attackers through a counterfeit of legitimate reader.

• Ensure users’ trustfulness through authentication mechanism

• Control users’ access through access control mechanism

• Protect the confidentiality and integrity of information through encryption mechanism.

• Audit mechanism should be introduced to supervise, track and audit any operation on the tags and readers.

Trusted Perception Module

7

Trusted Perception Module

8

• Trusted terminal can not only ensure the legality of users and the consistency of resources, but also make users operate only according to the authority and access control rules.

Trusted Terminal Module

9

Trusted Terminal Module

(Trusted Platform Module)

10

• IoT should securely and reliably transmit the information gathered during the process of trusted perception to the information processing layer.

• Trusted network module and trusted agent module are designed to analyze, evaluate and manage the network security situations from the global perspective.

• Trusted Network Security Management System (TSM) accredits network users, the collection and distribution of security management information.

Trusted Network Module

11

Trusted Network Module

12

• TSM:

– Ensures the security during the storage, use and transmission of the data, and especially to guard against the leakage of sensitive information inside.

– Security information protection model, trusted information transmission mechanism, users’ authentication and authorization mechanism, information flow control mechanism, and content filtering mechanism are involved.

Trusted Network Security Management System

13

Trusted Agent Module

14

• According to different locations and different functions of trusted agent module, it can be divided into four types:

– trusted agent of perception layer

– terminal trusted agent

– gateway trusted agent

– network trusted agent

• Trusted agent of perception layer

– Works in the perception layer of IoT.

– Collect safety status information of various sensing devices and authentication information of readers and operation users.

– Establish security communication channel with the sensor gateway trusted agent or the sensor network trusted agent.


15

• Terminal trusted agent

– Works on the desktop systems.

– Collect safety status information of terminals that will access the trusted network and authentication information of readers and operation users.

– Establish trusted communication channel with the network trusted agent or the gateway trusted agent of Internet.

• Gateway trusted agent

– Collect positioning information of associative devices, establish trusted communication channel with TSM for information interaction, and monitor and distribute strategies to endpoints.

• Network trusted agent

– Works on the network access devices.


16

Interoperability of Security-Enabled Internet of Things

Wireless Pers Commun, Vol. 61, ppt.567–586, 2011.

Josef Noll

• A layered architecture of Internet of Things framework where a semantically enhanced overlay interlink the other layers and facilitate secure access provision to Internet of Things-enabled services.

• The main element of semantic overlay is security reasoning through ontologies and semantic rules.

• The interoperability of security aspect is addressed through ontology and a machine-to-machine platform.

• Only focus secure access provision to IoT-enabled services.

• Address how different security attributes and constraints lying in different administrative domains will work together to secure an integrated operation.


18

• The paper:

– Only focus secure access provision to IoT-enabled services.

– Address how different security attributes and constraints lying in different administrative domains will work together to secure an integrated operation.

– Presented in this are the outcome of the research conducted in an ongoing European project, pSHIELD.

– Scenario: Interoperable Rail Information System (IRIS).


19

• Key contributions:

– A functional architecture of IoT framework is going to be introduced.

– a semantic overlay (on top of ‘Things’) is proposed to facilitate the intelligence in IoT.

– Ontologies are designed to contrive partly the semantic overlay.

– A rule-based service access mechanism is proposed.

– Interoperability of security is going to be addressed through ontology and machine to machine (M2M) technology.


20

• Need to derive some decisions based on these retrieved information and predefined logics.

• Instead of hardcoded decisions, we need dynamic update of decisions.

• Automated reasoning which is defined as the process of deriving new facts based on predefined knowledge.

• Reasoning requires structured knowledge about the devices and sensors, sensor networks, and sensor data.

• An overlay that contains a model to describe these structured knowledge and a reasoning process.

Overlay

21

• Semantics mean the explicit interpretation of domain knowledge to make machine processing more intelligent, adaptive and efficient.

• Semantic technologies can satisfy the capabilities:

– machine understandable knowledge description

– machine understandable logic description

– automated reasoning

Semantic Enhancement

22

• Two aspects:

– access to sensors and sensor data

– interoperable security between different administrative domains

• Standardized machine-to-machine (M2M) technology as suggested by ETSI.

The Interoperable Rail Information System (IRIS)

23

• TS 102.690

– The European Telecommunications Standards Institute (ETSI)

– An architectural standard used for any infrastructure based on the M2M concept.

– Describes authentication and authorization of applications through the Network Security Capability (NSEC).

Cell-Based M2M Standardisation

24

• Conventional Security Requirements for IoT

– Confidentiality, integrity, availability, trustworthiness, auditing.

– Authentication, authorization, access control.

• Security Proxy Model

– Policy Enforcement Point (PEP): connected to a Policy Decision Point (PDP) and an Identity manager (IdM).

– Audit is responsible for managing the logs of service calls-out and maintains the history of service interaction.

– Plays a role of edge-oriented policy enforcement point, which uses a PDP to get access decisions.

Handling Security in IoT

25

• Security Proxy Model

Handling Security in IoT

26

• The Conceptual View of IoT Framework

– The core idea is to provide the semantic description of node types, capabilities of an IoT cloud and expose nodes capabilities in the form of web services.

– This will not only integrate the IoT with service-world but it will also allow third party applications to query about the data resided in the IoT cloud.

• Functional Architecture

– Communication and Real-world Access Layer

– Semantic Overlay Layer

– Service Virtualization Layer

– Application Layer

From Concepts to Architecture

27



28


– Communication and Real-world Access Layer • Provides an interface with an underlying IoT cloud

• Discovering nodes, receiving events from nodes

• Dispatching them to upper layers both for making sense of the events and sending them to their subscriber

• Iinvoking services hosted on the nodes

– Semantic Overlay Layer • Provides the semantic model of an underlying IoT cloud by maintaining IoT

ontology, sensor ontology, event ontology and service access polices.

• Facilitating create, read, update and delete (CRUD) operations on the semantic model, and translating SensorML [7] description into OWL description.


29


– Service Virtualization Layer • Provides web service interface for the functional aspects of the nodes.

• Translating virtual service into web service definition

• Generating micro-formats of available web service, publishing services both in service registries and social network sites, and notifying subscribers about the IoT cloud events.

– Application Layer • Real applications created using the data, semantics of data and application

logics.

• Resolving the interoperability issues between different service provider’s platforms is


30

Implementation

31

• Formal Knowledge Base

– Web Ontology Language (OWL)

• Knowledge base is divided:

– Sensor Ontology: describes the sensors and the retrieved data by the sensors

– Event Ontology: describes faults and their characteristics. Most of the instances of these classes are derived from the Sensor Ontology using certain policies.

– Access Control Ontology: describes the actors involved in secure access provisioning

• Use Protégé Ontology editor platform to design these ontologies.

Implementation --Security Reasoning

32

Implementation --Security Reasoning

33

• Implemented the policies using the Semantic Web Rule Language (SWRL) and the Semantic Web Query Enhanced Web Rule Language (SQWRL).

• The logical explanation of rule to generate decisions on access authorization provision is:

• semantic rule using the SWRL syntax:

Implementation --Semantic Rules

34

• Different Role Group

– Different organizations maintain their Roles/Responsibilities in a different way.

– The mapping (inside the mapping ontology) was done using owl:equivalentClass constructs.

• Different Security Level

– Different organizations maintain their security level in a different way.

– The mapping was done using owl:sameAs constructs between these two Security Level instances.

Implementation --Interoperability Through Ontology

35

• Rule Execution Environment

– SWRLJess bridge (a java class) allows the rule engine to interact with the knowledge base and SWRL-SQWRL rules.

• Sensor Integration to M2M Platform

– Using SunSPOT sensors being integrated into the Telenor Object’s M2M platform.

• M2M Platform

– Used Shepherd™, an M2M platform from Telenor Objects, Norway which is an instance of ETSI TS 102 690.

Implementation

36

• Shepherd M2M platform: – Service Management for monitoring, device configuration, SLAs, and supporting.

– Service Enabler has a specific API that allows further access to other modules.

– Message Engine handles and secures the process of message flow, including capturing, processing, routing and storage of data in an environment.

– Notification services that inform about the status of devices and applications.

– Device library consists of interfaces for tools and services recognition.

• The Shepherd offers two methods for establishing connection: – HTTP Connection API

– The Connected Objects Operating System (COOS) which is a Java based open source tool.

Implementation

37

Thanks For Your Listening !

Fortune favors the bold

~by Sheryl Sandberg

Academic Survey of Internet Of Things (2011-12-29)

Documents