Ricardo Neisse

Implementing Trust in Cloud Infrastructures

Todays cloud computing infrastructures usually require customers who transfer data into the cloud to trust the providers of the cloud infrastructure. Not every customer is willing to grant this trust without justification. It should be possible to detect that at least the configuration of the cloud infrastructure -- as provided in the form of a hyper visor and administrative domain software -- has not been changed without the customers consent. We present a system that enables periodical and necessity-driven integrity measurements and remote attestations of vital parts of cloud computing infrastructures. Building on the analysis of several relevant attack scenarios, our system is implemented on top of the Xen Cloud Platform and makes use of trusted computing technology to provide security guarantees. We evaluate both security and performance of this system. We show how our system attests the integrity of a cloud infrastructure and detects all changes performed by system administrators in a typical software configuration, even in the presence of a simulated denial-of-service attack.

SecKit: a Model-based Security Toolkit for the Internet of Things

Abstract The control and protection of user data is a very important aspect in the design and deployment of the Internet of Things (IoT). The heterogeneity of IoT technologies, the large number of devices and systems, and the different types of users and roles create important challenges in this context. In particular, requirements of scalability, interoperability, trust and privacy are difficult to address even with the considerable amount of existing work both in the research and standardization community. In this paper we propose a Model-based Security Toolkit, which is integrated in a management framework for IoT devices, and supports specification and efficient evaluation of security policies to enable the protection of user data. Our framework is applied to a Smart City scenario in order to demonstrate its feasibility and performance.

A Model-Based Security Toolkit for the Internet of Things

The control and protection of user data is a very important aspect in the design and deployment of the Internet of Things (IoT). The heterogeneity of the IoT technologies, the number of the participating devices and systems, and the different types of users and roles create important challenges in the IoT context. In particular, requirements of scalability, interoperability and privacy are difficult to address even with the considerable amount of existing work both in the research and standardization community. In this paper we propose a Model-based Security Toolkit, which is integrated in a management framework for IoT devices, and supports specification and efficient evaluation of security policies to enable the protection of user data. Our framework is applied to a Smart City scenario in order to demonstrate its feasibility and performance.

A Trustworthy Usage Control Enforcement Framework

Usage control policies specify restrictions on the handling of data after access has been granted. We present the design and implementation of a framework for enforcing usage control requirements and demonstrate its genericity by instantiating it to two different levels of abstraction, those of the operating system and an enterprise service bus. This framework consists of a policy language, an automatic conversion of policies into enforcement mechanisms, and technology implemented on the grounds of trusted computing technology that makes it possible to detect tampering with the infrastructure. We show how this framework can, among other things, be used to enforce separation-of-duty policies. We provide a performance analysis.

Ethical Design in the Internet of Things

Even though public awareness about privacy risks in the Internet is increasing, in the evolution of the Internet to the Internet of Things (IoT) these risks are likely to become more relevant due to the large amount of data collected and processed by the “Things”. The business drivers for exploring ways to monetize such data are one of the challenges identified in this paper for the protection of Privacy in the IoT. Beyond the protection of privacy, this paper highlights the need for new approaches, which grant a more active role to the users of the IoT and which address other potential issues such as the Digital Divide or safety risks. A key facet in ethical design is the transparency of the technology and services in how that technology handles data, as well as providing choice for the user. This paper presents a new approach for users’ interaction with the IoT, which is based on the concept of Ethical Design implemented through a policy-based framework. In the proposed framework, users are provided with wider controls over personal data or the IoT services by selecting specific sets of policies, which can be tailored according to users’ capabilities and to the contexts where they operate. The potential deployment of the framework in a typical IoT context is described with the identification of the main stakeholders and the processes that should be put in place.

A novel multi-hop secure LTE-D2D communication protocol for IoT scenarios

The Internet-of-Things (IoT) is promising to inter-connect physical objects and machines in an intelligent network. In this context, scalable and resilient Machine-to-Machine (M2M) communication protocols are required, and the new Device-to-Device (D2D) feature of the 4G system constitutes an appealing solution. Standardization activities are still in progress, but the rapid diffusion of both LTE and IoT devices and applications leads to development of experimental proposals aimed at merging these two technologies. We contribute in this work with a novel D2D communication protocol, which enables user equipments (UEs) to become the hubs of machine-type traffic by means of a suitable radio interface and upload data in the Web via the mobile network, thus opening to new cloud services. The protocol we propose is designed for multi-hop communications between D2D-enabled terminals and it is equipped with a light-weight security mechanism. It is meant to address the communication needs of UEs inside mobile network coverage, and those of UEs that suffer from scarce radio coverage. In terms of performance, we analyse connectivity and security in the multi-hop D2D network, taking into account the interference created by the transmission of beacon signals during the discovery phase of the wide network. We resort to stochastic geometry to model the end-to-end delay and communication resilience of the multi-hop D2D network.

Security and privacy issues for an IoT based smart home

Internet of Things (IoT) can support numerous applications and services in various domains, such as smart cities and smart homes. IoT smart objects interact with other components e.g., proxies, mobile devices, and data collectors, for management, data sharing and other activities in the context of the provided service. Though such components contribute to address various societal challenges and provide new advanced services for users, their limited processing capabilities make them vulnerable to well-known security and privacy threats. Until now various research works have studied security and privacy in IoT, validating this claim. However, to the best of our knowledge literature lacks research focusing on security and privacy flaws introduced in IoT through interactions among different devices supporting a smart home architecture. In particular, we set up the scene for a security and privacy threat analysis for a typical smart home architecture using off the shelf components. To do so, we employ a smart home IoT architecture that enables users to interact with it through various devices that support smart house management, and we analyze different scenarios to identify possible security and privacy issues for users.

A Privacy Enforcing Framework for Android Applications

The widespread adoption of the Android operating system in a variety type of devices ranging from smart phones to smart TVs, makes it an interesting target for developers of malicious applications. One of the main flaws exploited by these developers is the permissions granting mechanism, which does not allow users to easily understand the privacy implications of the granted permissions. In this paper, we propose an approach to enforce fine-grained usage control privacy policies that enable users to control the access of applications to sensitive resources through application instrumentation. The purpose of this work is to enhance user control on privacy, confidentiality and security of their mobile devices, with regards to application intrusive behaviours. Our approach relies on instrumentation techniques and includes a refinement step where high-level resource-centric abstract policies defined by users are automatically refined to enforceable concrete policies. The abstract policies consider the resources being used and not the specific multiple concrete API methods that may allow an app to access the specific sensitive resources. For example, access to the user location may be done using multiple API methods that should be instrumented and controlled according to the user selected privacy policies. We show how our approach can be applied in Android applications and discuss performance implications under different scenarios.

A Blockchain-based Approach for Data Accountability and Provenance Tracking

The recent approval of the General Data Protection Regulation (GDPR) imposes new data protection requirements on data controllers and processors with respect to the processing of European Union (EU) residents data. These requirements consist of a single set of rules that have binding legal status and should be enforced in all EU member states. In light of these requirements, we propose in this paper the use of a blockchain-based approach to support data accountability and provenance tracking. Our approach relies on the use of publicly auditable contracts deployed in a blockchain that increase the transparency with respect to the access and usage of data. We identify and discuss three models for our approach with different granularity and scalability requirements where contracts can be used to encode data usage policies and provenance tracking information in a privacy-friendly way. From these three models we designed, implemented, and evaluated a model where contracts are deployed by data subjects for each data controller, and a model where subjects join contracts deployed by data controllers in case they accept the data handling conditions. Our implementations show in practice the feasibility and limitations of contracts for the purposes identified in this paper.

Informed consent in Internet of Things: The case study of cooperative intelligent transport systems

Informed Consent is an important element for data protection of Information and Communication Technology (ICT) systems as the consent of a data subject (e.g., the citizen) is often necessary for a third party to legitimately process personal data. To provide informed consent regarding the use of personal data, the citizen must have a clear understanding on how his/her personal data will be used by the system. This may not be an easy task in the upcoming paradigm of Internet of Things (IoT) where personal data can be collected without the full awareness of the user. A specific case study of IoT is Cooperative Intelligent Transport Systems (ITS), where vehicles will be capable of broadcasting or receiving data that allow them to communicate with each other and/or with the road infrastructure. C-ITS equipped vehicles constantly broadcasting data, including their speed and location may generate privacy risks, which must be addressed. While various privacy mitigation techniques have been proposed in literature, one key function is the provision of informed consent. This paper will describe a potential implementation for informed consent in C-ITS using a policy-based framework, where privacy settings and preferences can be defined by the user, thus empowering the user in the control of his/her private data.