Bayu Anggorojati

eWALL: An Intelligent Caring Home Environment Offering Personalized Context-Aware Applications Based on Advanced Sensing

Independent living of senior citizens is one of the main challenges linked to the ageing population. Senior citizens may suffer from a number of diseases, including the decline in cardiopulmonary conditions, weaker muscle functions and a declined neuromuscular control of the movements, which result in a higher risk of fall and a higher vulnerability for cardiovascular and pulmonary diseases. With respect to cognitive functions, senior citizens may suffer from a decline of memory function, less ability to orientate and a declined ability to cope with complex situations. This is by itself a big societal challenge with impact in multiple sectors. In this paper we present an innovative ICT solution, named eWALL, that aims to address these challenges by means of an advanced ICT infrastructure and home sensing environment; thus differentiating from existing eHealth and eCare solutions. The system of eWALL will extend the state-of-the-art of Assistive Platforms and will significantly increase the independent living of seniors.

BETaaS: A Platform for Development and Execution of Machine-to-Machine Applications in the Internet of Things

The integration of everyday objects into the Internet represents the foundation of the forthcoming Internet of Things (IoT). Smart objects will be the building blocks of the next generation of applications that will exploit interaction between machines to implement enhanced services with minimum or no human intervention in the loop. A crucial factor to enable Machine-to-Machine (M2M) applications is a horizontal service infrastructure that seamlessly integrates existing IoT heterogeneous systems. The authors present BETaaS, a framework that enables horizontal M2M deployments. BETaaS is based on a distributed service infrastructure built on top of an overlay network of gateways that allows seamless integration of existing IoT systems. The platform enables easy deployment of applications by exposing to developers a service oriented interface to access things (according to a Things-as-a-Service model) regardless of the technology and the physical infrastructure they belong to.

Identity driven capability based access control (ICAC) scheme for the Internet of Things

Internet of Things (IoT) is becoming integral and mandatory part of everyday life. Scalability and manageability is intimidating due to unbounded number of devices and services. Access control and authorization in IoT with least privilege is important to establish secure communication between multiple devices and services. In this paper, the concept of capability for access control is introduced where the identities of the involved devices are entrenched in the access capabilities. Identity driven capability based access control (ICAC) scheme presented in this paper helps to alleviate issues related to the complexity and dynamics of device identities. ICAC is implemented for Wi-Fi and results shows that ICAC is scalable and performs better compared to other access control schemes. The ICAC evaluation by using security protocol verification tool shows that ICAC is secure against man-in-the-middle attack, especially eavesdropping and replay attacks.

QoS-guaranteed admission control for OFDMA-based systems

This paper proposes a novel admission control (AC) algorithm for guaranteed quality of service (QoS) to all users. The proposed solution provides better utilization of system capacity using adaptive modulation (AM). A scheduler based on a per user priority function is also given in this paper. The AC is given by allocating the exact number of slots for each user that will meet its QoS. For every new user the number of slots required to meet its service requirements is estimated based on its channel quality information (CQI), packet arrival rate and buffer length. Using the average QoS achieved, the satisfaction index (SI) and priority is calculated for every user, which is used as key input for the scheduler. Further, the resource allocation in time and frequency for Orthogonal Frequency Division Multiplexing (OFDMA) systems is also discussed based on user satisfaction and number of slots required for each user. Finally, the proposed design is validated with OFDMA systems, but can be extended to any wireless system.

Secure capability-based access control in the M2M local cloud platform

Managing access to and protecting resources is one of the important aspect in managing security, especially in a distributed computing system such as Machine-to-Machine (M2M). One such platform known as the M2M local cloud platform, referring to BETaaS architecture [1], which conceptually consists of multiple distributed M2M gateways, creating new challenges in the access control. Some existing access control systems lack in scalability and flexibility to manage access from users or entity that belong to different authorization domains, or fails to provide fine grained and flexible access right delegation. Recently, the capability based access control has been considered as method to manage access in the Internet of Things (IoT) or M2M domain. In this paper, the implementation and evaluation of a proposed secure capability based access control in the M2M local cloud platform is presented. The implementation of the proposed capability based access control is within the security manager which is part of the overall building block of the platform. The experiment is carried out to evaluate the functionality and performance of the proposed method.

An Intrusion Detection game in access control system for the M2M local cloud platform

A distributed M2M local cloud platform which consists of distributed M2M gateways, needs to be equipped with an Intrusion Detection System (IDS) to monitor its resources against security attacks, especially from the insider, e.g. another gateway within the local cloud. In this paper, the interaction between rational attacker and defender in the context of an M2M local cloud platform as a multi-stage Bayesian game is studied. In this game formulation, a defender is able to update its belief upon the maliciousness of the attacker. The feasible Nash equilibrium of the game is reviewed and an analytical framework for the rational attacker and defender is provided for a given set of resources with different security values under some constraints on the attack and monitor resources. In the numerical analysis, it can be shown that by having multiple resources to be attacked and/or monitored simultaneously provides a kind of diversity which helps to improve the belief update of the defender.

Elliptic curve cryptography based key management for the M2M local cloud platform

Machine-to-Machine (M2M) technology is one of the key enablers of Internet of Things (IoT) vision which allows communication among smart things in the network and the back end system. Ensuring security through proper key management utilization is without a doubt an important requirement of any M2M system. This paper proposed a key management scheme based on the Elliptic Curve Cryptography (ECC) for the M2M local cloud platform which consists of multiple gateways, which provides scalability to the distributed architecture of the platform while suitable for the low powered device. The scheme has been implemented as part of the M2M platform and its performance has been evaluated. The analysis of the evaluation results in terms of processing time to perform various operations will be discussed.

Cloud systems and big data processing for environmental telemetry

Current environmental measurement platforms consist of a large number of networked cyber-physical systems, which are interconnected according to different Internet of Things scenarios. It is likely that large telemetry systems have several hundreds of RTUs that are sending data to be processed by intelligence algorithms and stored in a resilient database that is accessible via Web interface on the Internet. The paper proposes to use the recent technologies of Cloud systems and Big Data processing in order to implement a telemetry application for viticulture. In this paper we present the general architecture and methodology for using SlapOS, an open source provisioning and billing system for distributed cloud computing, used to gather centrally environmental information from different sensors at remote observation points. Finally, the main findings for viticulture applications are presented and discussed.

Evaluation of secure capability-based access control in the M2M local cloud platform

Managing access to and protecting resources is one of the important aspect in managing security, especially in a distributed computing system such as Machine-to-Machine (M2M). One such platform known as the M2M local cloud platform, referring to BETaaS architecture [1], which conceptually consists of multiple distributed M2M gateways, creating new challenges in the access control. Some existing access control systems lack in scalability and flexibility to manage access from users or entity that belong to different authorization domains, or fails to provide fine grained and flexible access right delegation. Recently, the capability based access control has been considered as method to manage access in the Internet of Things (IoT) or M2M domain. In this paper, the implementation and evaluation of a proposed secure capability based access control in the M2M local cloud platform is presented. The implementation of the proposed capability based access control is within the security manager which is part of the overall building block of the platform. The experiment is carried out to evaluate the functionality and performance of the proposed method.

Capability-Based Access Control with ECC Key Management for the M2M Local Cloud Platform

One of the critical requirement in managing security of any computing system is access control, which includes protection and access management to the available resources. This requirement becomes more strict especially in a distributed computing environment that consists of constrained devices such as Machine-to-Machine (M2M). New challenges in access control are identified in a system comprises a group of distributed multiple M2M gateways forming a so called M2M local cloud platform (Vallati et al. in Wirel Trans Commun 87(3):1071–1091, 2016). Scalability is obviously a necessity which is lacking in some existing access control system. In addition, flexibility in managing access from users or entity belonging to other authorization domains as well as delegating access right are not provided as an integrated features. Lately, the capability-based access control has been suggested as method to manage access for M2M as the key enabler of Internet of Things. In this paper, a capability based access control equipped with Elliptic Curve Cryptography based key management is proposed for the M2M local cloud platform. The feasibility of the proposed capability based access control and key management are tested by implementing them within the security manager that is part of the overall component of the platform architecture, and evaluating their performances by a series of experimentations.