1 an approach for secure edge computing in the internet
play

1 An Approach for Secure Edge Computing in the Internet of - PowerPoint PPT Presentation

Jun 21, 2023 •141 likes •654 views

1 An Approach for Secure Edge Computing in the Internet of Things Markus Endler, Anderson O. da Silva and Rafael A.M.S. Cruz {endler, anderson}@inf.puc-rio.br and ramscrz@gmail.com Laboratory for Advanced Collaboration

  1. 
 
 
 1 An Approach for Secure Edge Computing in the Internet of Things 
 Markus Endler, Anderson O. da Silva and Rafael A.M.S. Cruz 
 {endler, anderson}@inf.puc-rio.br and ramscrz@gmail.com 
 Laboratory for Advanced Collaboration Departament of Informatics PUC-Rio 


  2. 2 Why criminals have a lot of interest in IoT? Key points of IoT that can contribute to form a digital army: • Processing capability: • Execute malicious software (malware). • Storage capability: • Spread parts of data from crime among the things (P2P). • Transmission capability: • Transmit malicious data (attack messages). • Internet communication capability: • Targeted massive attacks over the Internet (high density botnets).

  3. 3 Criminals are already using IoT to increase their botnets and firepower

  4. 4 Security Threats to IoT Systems Threats in the IoT environment might be similar to those in the traditional IT environments, but… • The overall impact could be very different because the targets are abundant and cover many different industry segments. • Currently, IoT technology already supports connection of millions of smart devices and meters. • By 2025, it shall support more than 50 billion connected devices. • The potential impact could span from minor irritant to grave and significant damage to the infrastructure and loss of life. J. Frahim, C. Pignataro, J. Apcar, and M. Morrow. Securing the Internet of Things: A Proposed Framework, 2015.

  5. 5 What are the threats to the classic topology of IoT Systems? IoT Classic Three-Layer Topology: Data Acquisition – Data Aggregation – Data Analysis

  6. 6 What are the threats to the generic topology of IoT Systems? Threats that can compromise the security of IoT systems can be grouped into two distinct groups: • Group of Threats 1 (GT1) • Threats to the operation of the entities of the IoT system. • Smart Objects, Gateway and Cloud • Group of Threats 2 (GT2) • Threats to the communication between the entities of the IoT system. • Smart Objects – Gateway • Gateway – Coud

  7. 7 Group of Threats 1 (GT1) Threats of GT1, in general, aims to: • Gain privileged or unprivileged access • Tamper control information • Tamper the firmware • Produce false data • Steal information • Disrupt the system

  8. 8 Group of Threats 2 (GT2) Common threats of GT2: Monitoring the content of the messages (passive attack)

  9. 9 Group of Threats 2 (GT2) Common threats of GT2: Intercepting and tampering messages (active attack)

  10. 10 Group of Threats 2 (GT2) Common threats of GT2: Masquerading (active attack)

  11. 11 Group of Threats 2 (GT2) Common threats of GT2: Denial of Service (DoS) by Flooding (active attack)

  12. 12 What are the suitable security controls for IoT Systems? In order to determine the need of a security control, we first have to analyze the security risks. • This means we have to evaluate, for each risk, its likelihood to occur, technical impact and harm to the business or organization. • Sometimes, we will accept the risk and choose simple low-cost controls or even no control at all. • However, other times, we will face scenarios in which it would be irresponsible to choose such simple controls. For these, we have to invest more to acquire equipment aligned with our security needs. T.R. Peltier. Information Security Policies, Procedures, and Standards: Guidelines for Effective Information Security Management . CRC Press, 2001.

  13. 13 What are the suitable security controls for IoT Systems? Analysis of the security risks: IoT example scenarios • In a non-mission critical scenario where we need to acquire data about the soil moisture or the environment temperature in order to keep the well-being of the plantation, we can accept the risk to use low-cost smart things with simple security controls. low risk

  14. 14 What are the suitable security controls for IoT Systems? Analysis of the security risks: IoT example scenarios • In mission critical scenario, where we have to monitor the same kind of data related to the reactor of a nuclear power plant, we will eventually need special smart things with the necessary processing capabilities to implement classic and well-known high security standards. high risk

  15. 15 Security Architecture for the Generic Three-Layer Topology of IoT Systems Defeating targeted attacks on the cloud and on the gateway:

  16. 16 Security Architecture for the Generic Three-Layer Topology of IoT Systems Defeating targeted attacks on the gateway and on the smart thing:

  17. 17 Security Architecture for the Generic Three-Layer Topology of IoT Systems Defeating targeted attacks on the smart things: • In order to reinforce the security in the smart things, we propose that these sensors/devices shall provide two distinct operating modes: • (i) configuration mode • Allows configuration actions such as the modification of operating parameters (e.g. signal strength, cryptographic keys, network address, authentication method) and updating of the firmware, among others. • (ii) service mode • Common operating mode in which the smart thing do what it is intended to do and allows data to be collected or changed. • As a security measure, the smart thing shall use an access control method before switching modes, such as validating a PIN (Personal Identification Number).

  18. 18 Applying the Security Architecture to the ContextNet Middleware ContextNet: Middleware for IoT Systems (developed at the Laboratory for Advanced Collaboration) • Uses a scalable mobile-cloud communication layer, SDDL (Scalable Data Distribution Layer), plus the mobile component Mobile Hub, which is responsible for discovering and connecting Smart Objects to the Internet. Introduces the concept of IoMT (Internet of Mobile Things)

  19. 19 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Smart Object Service Broker (the cloud) V P N VP N security security perimet perimet er er

  20. 20 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub), which is the ContextNet IoT Gateway SNM SNM V P P P N AUT AUT H H VP N security security perimet perimet er er

  21. 21 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • For the proposed protocol, the following elements must be acknowledged: Smart Thing / SDDL Core Mobile Object Gateway Hub (S-Obj) (SDDL-C GW) (M-Hub) Symetric Symetric Symetric Private Key Public Key Private Key Public Key Authentication Cipher Key Authenticatio (Kpriv_m- (Kpriv_m- (Kpriv_sddl-c- (Kpub_ssdl-c- Keys (Kcipher_s- n Key hub) hub) gw) gw) (Kauth_s-obj) obj) (Kauth_sddl- (Kauth_sddl-c- c-gw) gw) S-Objs Access Key Control Databas Database

  22. 22 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • Step 1: Discovery Request Message: broadcast to all in-range S-Objs S-Obj SDDL-C GW M-Hub Discovery_Request(broa dcast)

  23. 23 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • Step 2: Discovery Response Message: sent by in-range S-Objs to M-Hub S-Obj SDDL-C GW M-Hub Discovery_Response(S- Obj_ID)

  24. 24 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • Step 3: TLS Connection: M-Hub creates a Sec. Assoc. with SDDL-C S-Obj SDDL-C GW M-Hub TLS- Handshake(Cert_M- TLS- Hub) Handshake(Cert_SDDL- TLS- C GW) Handshake(master_s ecret) Bi-directional Secure Channel

  25. 25 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • Step 4: Get Authorization: M-Hub sends message through TLS channel S-Obj SDDL-C GW M-Hub TLS Secure Channel Get_Authorization(S-Obj_ID, M-Hub_ID)

  26. 26 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • Step 4.1: SDDL-C verify if the M-Hub is authorized to access the S-Obj S-Obj SDDL-C GW M-Hub Query(S-Obj_ID, M- Hub_ID) Result(True/ False) - checkAuthorization(S-Obj_ID, M-Hub_ID) - If (DB_Check_Access_Authorization(S- Obj_ID, M-Hub_ID)) Then - Return Go_To_Step_4.2 - Else - Return Authorization_Error

  27. 27 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • Step 4.2: SDDL-C gets S-Obj keys (Kauth_s-obj, Kcipher_s-obj) from DB S-Obj SDDL-C GW M-Hub Query(S-Obj_ID) Result(True/False, Kauth_s-obj_id, kcipher_s-obj_id) - Get STKeys(S-Obj_ID) - If (DB_Get_Kauth_Kcipher(S-Obj_ID)) Then - Return Go_To_Step_4.3 - Else - Return S-Obj_Keys_Query_Error

  28. 28 Applying the Security Architecture to the ContextNet Middleware ContextNet: Securing the Mobile Hub (M-Hub) communication with SDDL Core and Smart Things • Step 4.3: SDDL-C generates the OTPChallenge (random positive value) S-Obj SDDL-C GW M-Hub OTP Challe nge - GenerateOTPChallenge(nonce) - OTPChallenge=GeneratePositiveRand om(nonce) - Return OTPChallenge - Go To Step 4.4

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Real-Time Edge Computing Chenyang Lu Industrial Internet of Things (IIoT) Synergizing sensing,

Real-Time Edge Computing Chenyang Lu Industrial Internet of Things (IIoT) Synergizing sensing,

Real-Time Edge Computing Chenyang Lu Industrial Internet of Things (IIoT) Synergizing sensing, analytics, and control Cloud computing for high capacity Edge computing for timely performance Condition monitoring, Cloud Emergency

1.31k views • 34 slides
Declarative, Secure, Convergent Edge Computation Christopher Meiklejohn Universit catholique

Declarative, Secure, Convergent Edge Computation Christopher Meiklejohn Universit catholique

Declarative, Secure, Convergent Edge Computation Christopher Meiklejohn Universit catholique de Louvain, Belgium 1 Internet of Things 2 Internet of Things but, more generally 2 Edge Computation Logical extremes Pushing both

1.86k views • 168 slides
Edge computing The way forward for Eclipse IoT Agenda Introduction to Edge computing Open

Edge computing The way forward for Eclipse IoT Agenda Introduction to Edge computing Open

Edge computing The way forward for Eclipse IoT Agenda Introduction to Edge computing Open source on the Edge Way forward Intro Where we are today? Everything connected to the core cloud Websites Mobile phones

509 views • 39 slides
in Real-Time Reliable Edge Computing for Internet of Things + Chao Wang, * Christopher Gill, *

in Real-Time Reliable Edge Computing for Internet of Things + Chao Wang, * Christopher Gill, *

Adaptive Data Replication in Real-Time Reliable Edge Computing for Internet of Things + Chao Wang, * Christopher Gill, * Chenyang Lu + Department of Computer Science and Information Engineering, National Taiwan Normal University * Department of

537 views • 8 slides
Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D WHY USE THE INTERNET for

Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D WHY USE THE INTERNET for

Secure Communications over the Internet Part 2 Hassen Sallay, Ph.D WHY USE THE INTERNET for Secure Communications? The Internet offers: Virtually universal worldwide coverage. Access to anywhere from anywhere, stationary or mobile.

788 views • 47 slides
IoT Edge Computing Discussion @ IETF-98 Dirk Kutscher Eve Schooler IoT Edge Computing

IoT Edge Computing Discussion @ IETF-98 Dirk Kutscher Eve Schooler IoT Edge Computing

IoT Edge Computing Discussion @ IETF-98 Dirk Kutscher Eve Schooler IoT Edge Computing Discussion Motivation for Edge Computing Terminology Research Questions Discussion

331 views • 12 slides
FORUM: Edge Computing Groups MVP Architecture; StarlingX making it real! James Penick,

FORUM: Edge Computing Groups MVP Architecture; StarlingX making it real! James Penick,

FORUM: Edge Computing Groups MVP Architecture; StarlingX making it real! James Penick, Verizon Greg Waines, StarlingX, Wind River Systems OpenStacks Edge Computing Group Edge has been a matter of opinion Edge Majority

618 views • 19 slides
AGENDA Multi-access Edge Computing(MEC) use cases K8s/Openshift as candidate for Edge PaaS

AGENDA Multi-access Edge Computing(MEC) use cases K8s/Openshift as candidate for Edge PaaS

K8s(Kubernetes) and SDN for Multi-access Edge Computing deployment Open Source Summit | 2017.06.02 | Red Hat Hyde SUGIYAMA Senior Principal Technologist NFV | SDN | ICT Red Hat APAC Office of Technology AGENDA Multi-access Edge

762 views • 28 slides
Security Challenges of Small Cell as a Service in Virtualised Mobile Edge Computing Environments

Security Challenges of Small Cell as a Service in Virtualised Mobile Edge Computing Environments

Security Challenges of Small Cell as a Service in Virtualised Mobile Edge Computing Environments Vassilios Vassilakis 1 , Emmanouil (Manos) Panaousis 2 and Haralambos Mouratidis 2 1 University of West London 2 Secure and Dependable Software

630 views • 19 slides
Ontology-based Virtual IoT Devices for Edge Computing The 8th International Conference on the

Ontology-based Virtual IoT Devices for Edge Computing The 8th International Conference on the

Ontology-based Virtual IoT Devices for Edge Computing The 8th International Conference on the Internet of Things (IoT 2018) Santa Barbara, California, USA October 1518, 2018 Kristina Sahlmann , Thomas Schwotzer Heterogeneity of network

690 views • 25 slides
OVERSEE: Outsourcing Verification to Enable Resource Sharing in Edge Environment Reporter:

OVERSEE: Outsourcing Verification to Enable Resource Sharing in Edge Environment Reporter:

OVERSEE: Outsourcing Verification to Enable Resource Sharing in Edge Environment Reporter: Xiaoqing Cai August 2020 From Cloud to Edge Cloud Computing Edge Computing Low Latency Lack of Resources Cloud Computing Edge Computing No More

582 views • 17 slides
Are Our OSes Prepared for Edge Computing? Pekka Enberg www.cs.helsinki.fi 1 Introduction

Are Our OSes Prepared for Edge Computing? Pekka Enberg www.cs.helsinki.fi 1 Introduction

Are Our OSes Prepared for Edge Computing? Pekka Enberg www.cs.helsinki.fi 1 Introduction (slide #1) Thesis title: Operating System and Middleware for Internet-of-Things Devices Student information : Pekka Enberg

642 views • 16 slides
A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun

A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun

A Model-driven Approach Towards Designing and Analysing Secure Systems for Multi-clouds Shaun Shei Secure and Dependable Software Systems (SenSe) Haralambos Mouratidis Stylianos Kapetanakis Aidan Delaney Overview What is Cloud Computing?

774 views • 56 slides
Deployment Characteristics of "The Edge" in Mobile Edge Computing Meenakshi Syamkumar *

Deployment Characteristics of "The Edge" in Mobile Edge Computing Meenakshi Syamkumar *

Deployment Characteristics of "The Edge" in Mobile Edge Computing Meenakshi Syamkumar * , Paul Barford * and Ramakrishnan Durairajan + * University of + University of Wisconsin-Madison Oregon Where is The Edge? Edge Source:

247 views • 24 slides
Chapter 1: roadmap 1.1 What is the Internet? 1 2 Network edge 1.2 Network edge end systems,

Chapter 1: roadmap 1.1 What is the Internet? 1 2 Network edge 1.2 Network edge end systems,

Chapter 1: roadmap 1.1 What is the Internet? 1 2 Network edge 1.2 Network edge end systems, access networks, links 1.3 Network core network structure, circuit switching, packet switching 1.4 Delay, loss and throughput performance in

824 views • 37 slides
Chapter 1: roadmap 1.1 What is the Internet? 1 2 Network edge 1.2 Network edge end systems,

Chapter 1: roadmap 1.1 What is the Internet? 1 2 Network edge 1.2 Network edge end systems,

Chapter 1: roadmap 1.1 What is the Internet? 1 2 Network edge 1.2 Network edge end systems, access networks, links 1.3 Network core network structure, circuit switching, packet switching 1.4 Delay, loss and throughput performance in

521 views • 38 slides
Repairing Entities using Star Constraints in Multi-relational Graphs Peng Lin 1 Qi Song 1 Yinghui

Repairing Entities using Star Constraints in Multi-relational Graphs Peng Lin 1 Qi Song 1 Yinghui

Repairing Entities using Star Constraints in Multi-relational Graphs Peng Lin 1 Qi Song 1 Yinghui Wu 2,3 Jiaxing Pi 4 1 2 4 3 Erroneous entities: how to capture? Multi-relational graphs: a labeled graph with attributes on nodes

538 views • 33 slides
Hidden Markov Models Steven J Zeil Old Dominion Univ. Fall 2010 1 Discrete Markov Processes

Hidden Markov Models Steven J Zeil Old Dominion Univ. Fall 2010 1 Discrete Markov Processes

Discrete Markov Processes Hidden Markov Models Inferences from HMMs Training an HMM Hidden Markov Models Steven J Zeil Old Dominion Univ. Fall 2010 1 Discrete Markov Processes Hidden Markov Models Inferences from HMMs Training an HMM

980 views • 32 slides
Bridging the gap between Optimal Transport and MMD with Sinkhorn Divergences Aude Genevay MIT

Bridging the gap between Optimal Transport and MMD with Sinkhorn Divergences Aude Genevay MIT

Distances Entropic Regularization Sinkhorn Divergences Conclusion Bridging the gap between Optimal Transport and MMD with Sinkhorn Divergences Aude Genevay MIT CSAIL CIRM Workshop - March 2020 Joint work with Gabriel Peyr, Marco Cuturi,

1.27k views • 64 slides
Recurrent Networks, and LSTMs, for NLP Michael Collins, Columbia University Representing

Recurrent Networks, and LSTMs, for NLP Michael Collins, Columbia University Representing

Recurrent Networks, and LSTMs, for NLP Michael Collins, Columbia University Representing Sequences Often we want to map some sequence x [1: n ] = x 1 . . . x n to a label y or a distribution p ( y | x [1: n ] ) Examples: Language

200 views • 18 slides
3 RCD as Topological Sort in this paperis an attested set all of whose el- ements are

3 RCD as Topological Sort in this paperis an attested set all of whose el- ements are

In: Eisner, J., L. Karttunen and A. Th eriault (eds.), Finite-State Phonology: Proc. of the 5th Workshop of the ACL Special Interest Group in Computational Phonology (SIGPHON) , pp. 22-33, Luxembourg, Aug. 2000. [Online proceedings version:

478 views • 12 slides
DS595/CS525 Reinforcement Learning Prof. Yanhua Li Time: 6:00pm 8:50pm R Zoom Lecture Fall

DS595/CS525 Reinforcement Learning Prof. Yanhua Li Time: 6:00pm 8:50pm R Zoom Lecture Fall

This lecture will be recorded!!! Welcome to DS595/CS525 Reinforcement Learning Prof. Yanhua Li Time: 6:00pm 8:50pm R Zoom Lecture Fall 2020 Last Lecture v What is reinforcement learning? v Difference from other AI problems v Application

1.04k views • 52 slides
UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident

UTSA Community-Based Secure Information and Resource Sharing in AWS Public Cloud Cyber Incident Response A Model for Information and Resource Sharing Amy(Yun) Zhang, Farhan Patwa, Ravi Sandhu Institute for Cyber Security University of Texas

578 views • 19 slides
Optimal Planning and Shortcut Learning: An Unfulfilled Promise Erez Karpas Carmel Domshlak

Optimal Planning and Shortcut Learning: An Unfulfilled Promise Erez Karpas Carmel Domshlak

Background Learning Shortcut Rules Empirical Evaluation Optimal Planning and Shortcut Learning: An Unfulfilled Promise Erez Karpas Carmel Domshlak Faculty of Industrial Engineering and Management, Technion Israel Institute of Technology

1.01k views • 61 slides

More recommend