Abstract
The Internet of Things (IoT) has significant security and privacy risks. Currently, most devices connect to a cloud service that is provided by the manufacturer of the device.
We outline a proposed model for IoT that allows the identity of users and devices to be federated. Users and devices are issued with secure, random, anonymised identities that are not shared with third-parties. We demonstrate how devices can be connected to third-party applications without inherently de-anonymising them. Sensor data and actuator commands are federated through APIs to cloud services. All access to device data and commands is based on explicit consent from users. Each user’s data is handled by a personal cloud instance providing improved security and isolation.
We demonstrate this model is workable with a prototype system that implements the major features of the model. We present experiment results including performance, capacity and cost metrics from the prototype. We compare this work with other related work, and outline areas for discussion and future work.
We outline a proposed model for IoT that allows the identity of users and devices to be federated. Users and devices are issued with secure, random, anonymised identities that are not shared with third-parties. We demonstrate how devices can be connected to third-party applications without inherently de-anonymising them. Sensor data and actuator commands are federated through APIs to cloud services. All access to device data and commands is based on explicit consent from users. Each user’s data is handled by a personal cloud instance providing improved security and isolation.
We demonstrate this model is workable with a prototype system that implements the major features of the model. We present experiment results including performance, capacity and cost metrics from the prototype. We compare this work with other related work, and outline areas for discussion and future work.
Original language | English |
---|---|
Title of host publication | Proceedings of the Second International Conference on Cloudification of the Internet of Things |
Publisher | IEEE Computer Society |
Pages | 17-22 |
ISBN (Electronic) | 978-1509049608 |
ISBN (Print) | 978-1509049615 |
DOIs | |
Publication status | Published - 9 Mar 2017 |
Event | 2nd Cloudification on the Internet of Things: CIoT 2016 - Paris, France Duration: 23 Nov 2016 → 25 Nov 2016 |
Conference
Conference | 2nd Cloudification on the Internet of Things |
---|---|
Country/Territory | France |
City | Paris |
Period | 23/11/16 → 25/11/16 |
Keywords
- Internet of Things
- data privacy
- security
- middleware
- risk analysis
- application program interfaces
- cloud computing
Fingerprint
Dive into the research topics of 'OAuthing: privacy-enhancing federation for the Internet of Things'. Together they form a unique fingerprint.Press/Media
-
Framework to show how blockchain technology can enhance the security of the Internet of Things
Paul Fremantle
21/06/17 → 20/07/17
3 items of Media coverage
Press/Media: Research cited