Web API Management Meets the Internet of Things

International Journal of Advanced Research in Computer Science, 2019

The IoT has primarily focused on establishing connectivity in a diversify of constrained networking environments, and the next logical aim is to build on top of network connectivity by focusing on the application layer. In the Web of Things (WoT), we are thinking about smart things as first class citizens of the Web. We position the Web of Things as a purification of the Internet of Things by integrating smart things not only into the Internet, for instance the network, but into the Web (the application layer). The Web of Things is a computing concept that describes a future where day-today objects are fully integrated with the Web. The WoT is very homogeneous to the IoT in some ways and in others it is drastically different. The stipulation for WoT is for the "things" to have embedded computer systems that enable communication with the Web. This type of smart devices would then be able to communicate with each other using current Web standards. For instance, renowned Web languages PHP, HTML, Python, and JavaScript can be used to easily build applications involving smart things and users can leverage well-known Web mechanisms such as caching, browsing, searching, and bookmarking to communicate and share these devices. In this paper, aim to demonstrate a close-up view about Web of Things, including Web of things architecture, Open platform in Web of Thing, Web-enabling devices, Web of Thing security, use cases of Web of Things. The WoT concept, smart things and their services are fully integrated in the Web by reusing and conforming technologies and patterns commonly used for conventional Web content.

Lecture Notes in Computer Science, 2015

Real-world things are increasingly becoming fully qualified members of the Web. From, pacemakers and medical records to children's toys and sneakers, things are connected over the Web and publish information that is available for the whole world to see. It is crucial that there is secure access to this Web of Things (WoT) and to the related information published by things on the Web. In this paper, we introduce an architecture that encompasses Web-enabled things in a secure and scalable manner. Our architecture utilizes the features of the well-known role-based access control (RBAC) to specify the access control policies to the WoT, and we use cryptographic keys to enforce such policies. This approach enables prescribers to WoT services to control who can access what things and how access can continue or should terminate, thereby enabling privacy and security of large amount of data that these things are poised to flood the future Web with.

2016

As we are moving from networked "Things" towards the Internet of Things (IoT), new security requirements arise. Access control in this new environment is a burgeoning and challenging problem. On the one hand, an access control system should be generic enough to cover the requirements of all the new exciting applications that become pervasive with the IoT. On the other hand, an access control system should be lightweight and easily implementable, considering at the same time the restrictions that Things impose. In this paper, we develop an access control system which enables offloading of complex access control decisions to third, trusted parties. Our system provides Thing authentication without public keys and establishes a shared symmetric encryption key that can be used to secure the communication between authorized users and Things. Our design imposes minimal overhead and it is based on a simple communication protocol. The resulting system is secure, enhances end-user privacy and the architecture facilitates the creation of new applications.

Journal of Network and Computer Applications

The Internet of Things (IoT) is an emerging technology that is revolutionizing the global economy and society. IoT enables a collaborative environment where different entities-devices, people and applications-exchange information for service provision. Despite the benefits that IoT technology brings to individuals, society and industry, its wide adoption opens new security and privacy challenges. Among them, a vital challenge is the protection of devices and resources produced within IoT ecosystems. This need has attracted growing attention from the research community and industry, and several authorization frameworks have been designed specifically for IoT. In this survey, we investigate the main trends in access control in IoT and perform an extensive analysis of existing authorization frameworks tailored to IoT systems. Driven by the needs of representative IoT applications and key requirements for IoT, we elicit the main requirements that authorization frameworks for IoT should satisfy along with criteria for their assessment. These criteria and requirements form a baseline for our literature study. Based on this study, we identify the main open issues in the field of access control for IoT and draw directions for future research.

— Internet of Things (IoT) is a proposed development of the Internet in which everyday objects have Network Connectivity, allowing them to send and receive data. It visions to provide ease of accessibility and interoperability among things of daily use. For the purpose, implementation of web-based services and applications over IoT architecture is progressive nowadays. The technology in focus is Cloud Computing. It has brought the exponentially increasing information at the user's finger tip. But again storing data and important files on external service providers opens up to security and privacy challenges such as data leaks, malicious users, limited control for users, etc.. In this paper, we present reliable, cost-effective and feasible solutions to reduce the intensity of current challenges. Also current advancements regarding this topic have been mentioned to get a view of what is going on and what else can be done to achieve better outcomes.

2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN), 2017

Access Control is crucial for security management, but in the context of the Internet of Things it cannot be implemented the same way as traditional systems do. Indeed, devices that make the Internet of Things impose some constraints that encourage the design of new access control mechanisms, which should provide flexibility of configuration, as well as support several authorization scopes at the same time, yet being computationally light, dynamic and scalable in order to be ready for the forthcoming Cloud Computing paradigm. In this paper we propose an authorization model that is based on the OAuth 2.0 protocol. From the point of view of the identity provider, this model allows managing roles and permissions for an application-scoped authorization, to enable more flexible scenarios in which multiple tenants take part. With regard to devices, the OAuth 2.0 makes authorization extremely light, because all the required information is provided with a token. Considering all this, authorization management is completely delegated to an external system, so that an as-a-service access control mechanism is provided. The proposed model complies with the security, flexibility and performance requirements that are needed in the Internet of Things paradigm.

IEEE Internet Computing, 2015

The recent advances in information and communication technologies brought about a novel paradigm, Internet of Things (IoT), in which a variety of devices in the physical world are connected to the Internet. The security cannot be disregarded from the employment of API-enabled devices because the impact of the security breach in these devices tends to be larger, as it directly affects the physical environment we live in. If an unauthorized user is able to access API-enabled devices in smart buildings, it may harm an occupant's life for instance by locking a door, turning off lights or air conditioners, which make occupants, lose their comfortable and so on. In this paper, an access control framework for API-enabled devices in smart buildings is implemented.

The challenges posed by the Internet of Things (IoT) render existing security measures ineffective against emerging networks and devices. These challenges include heterogeneity, operation in open environments, and scalability. In this paper, we propose SST (Secure Swarm Toolkit), an open-source toolkit for construction and deployment of an authorization service infrastructure for the IoT. The infrastructure uses distributed local authorization entities, which provide authorization services that can address heterogeneous security requirements and resource constraints in the IoT. The authorization services can be accessed by network entities through software interfaces provided by SST, called accessors. The accessors enable IoT developers to readily integrate their devices with authorization services without needing to manage cryptographic keys and operations. To rigorously show that SST provides necessary security guarantees, we have performed a formal security analysis using an automated verification tool. In addition, we demonstrate the scalability of our approach with a mathematical analysis, as well as experiments to evaluate security overhead of network entities under different security profiles supported by SST.

2019

A radical evolution of the current Internet into a Network of interconnected objects that not only senses information from the environment and interacts with the physical world, but also uses existing Internet standards to provide services for information transfer, analytics, applications and communications results in an enormous amount of vital applications. The pervasive nature of the information sources means that a great amount of data pertaining to possibly every aspect of human activity, both public and private, will be produced, transmitted, collected, stored and processed. Consequently, integrity and confidentiality of transmitted data, as well as the authentication of (and trust in) the services that offer the data, is crucial. Hence, security is a critical functionality for the Internet of Things (IoT). The enormous growth of mobile devices capability, critical automation industry fields and the widespread of wireless communication cast need for the seamless provision of m...