Simone Cirani

IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios

Open authorization (OAuth) is an open protocol, which allows secure authorization in a simple and standardized way from third-party applications accessing online services, based on the representational state transfer (REST) web architecture. OAuth has been designed to provide an authorization layer, typically on top of a secure transport layer such as HTTPS. The Internet of Things (IoTs) refers to the interconnection of billions of resource-constrained devices, denoted as smart objects, in an Internet-like structure. Smart objects have limited processing/memory capabilities and operate in challenging environments, such as low-power and lossy networks. IP has been foreseen as the standard communication protocol for smart object interoperability. The Internet engineering task force constrained RESTful environments working group has defined the constrained application protocol (CoAP) as a generic web protocol for RESTful-constrained environments, targeting machine-to-machine applications, which maps to HTTP for integration with the existing web. In this paper, we propose an architecture targeting HTTP/CoAP services to provide an authorization framework, which can be integrated by invoking an external oauth-based authorization service (OAS). The overall architecture is denoted as IoT-OAS. We also present an overview of significant IoT application scenarios. The IoT-OAS architecture is meant to be flexible, highly configurable, and easy to integrate with existing services. Among the advantages achieved by delegating the authorization functionality, IoT scenarios benefit by: 1) lower processing load with respect to solutions, where access control is implemented on the smart object; 2) fine-grained (remote) customization of access policies; and 3) scalability, without the need to operate directly on the device.

Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview

The Internet of Things (IoT) refers to the Internet-like structure of billions of interconnected constrained devices, denoted as “smart objects”. Smart objects have limited capabilities, in terms of computational power and memory, and might be battery-powered devices, thus raising the need to adopt particularly energy efficient technologies. Among the most notable challenges that building interconnected smart objects brings about, there are standardization and interoperability. The use of IP has been foreseen as the standard for interoperability for smart objects. As billions of smart objects are expected to come to life and IPv4 addresses have eventually reached depletion, IPv6 has been identified as a candidate for smart-object communication. The deployment of the IoT raises many security issues coming from (i) the very nature of smart objects, e.g., the adoption of lightweight cryptographic algorithms, in terms of processing and memory requirements; and (ii) the use of standard protocols, e.g., the need to minimize the amount of data exchanged between nodes. This paper provides a detailed overview of the security challenges related to the deployment of smart objects. Security protocols at network, transport, and application layers are discussed, together with lightweight cryptographic algorithms proposed to be used instead of conventional and demanding ones, in terms of computational resources. Security aspects, such as key distribution and security bootstrapping, and application scenarios, such as secure data aggregation and service authorization, are also discussed.

Design and Deployment of an IoT Application-Oriented Testbed

The global reach and extreme heterogeneity of the Internet of Things present major application development challenges. Using the same Web-based approach underlying the Internets evolution into the IoT, the Web of Things Testbed provides a stable, open, dynamic, and secure infrastructure to simplify application design and testing.

The IoT hub: a fog node for seamless management of heterogeneous connected smart objects

The Internet of Things (IoT) will interconnect billions of devices, denoted as “smart objects,” deployed pervasively, which will be extremely heterogeneous, in terms of hardware (i.e., computational power and available memory), software (i.e., operating systems, applications), and communication interfaces. Traditional Internet actors, such as personal computers, mobile devices, and cloud servers, will also communicate with smart objects, thus creating even more complexity. The IoT has so far grown as several vertical silos, with the purpose of demonstrating the concept of the IoT, rather than focusing on the actual construction of a highly interoperable infrastructure for the development of applications. The Internet Protocol (IP) stack (in particular, HTTP and CoAP) has been foreseen as the driver for integration and interoperability among devices and basis for the evolution of the Web of Things. However, in order to manage the physical diversity of devices and to create an IP-based infrastructure, the presence of network elements able to bridge different networks to enable direct end-to-end communication is required. Moreover, effective interaction with applications might require the presence of intermediaries, such as proxies, which may optionally implement protocol and data format translation functionalities. Given the above considerations, we propose a Fog node, denoted as “IoT Hub,” placed at the edge of multiple networks, which enhances the networks capabilities by implementing the following functions: border router; cross-proxy; cache; and resource directory. An implementation of the IoT Hub is presented together with a performance evaluation in a real-world IoT testbed.

Lightweight multicast forwarding for service discovery in low-power IoT networks

The Internet of Things (IoT) will interconnect billions of devices (denoted as “Smart Objects,” SOs) in an IP-based Internet-like structure. SOs are typically sensor/actuator-equipped devices with severe constraints on processing capabilities, available RAM/ROM, and energy consumption. In a context where billions of deployed SOs, it is important that the SOs are able to self-configure and adapt to the surrounding environment with minimal, if any, external human intervention. Among the service discovery mechanisms proposed in literature for deploying SOs without any prior knowledge, Zeroconf represents a good candidate to automate service and resource discovery in local constrained environments. In this paper, we propose a lightweight forwarding algorithm for efficient multicast support in Low-power and Lossy Networks (LLNs) targeting service discovery for duty-cycled SOs. Among the advantages achieved by the proposed solution, SOs might benefit from smaller memory footprint with respect to those required by other multicast implementations. The performance of the proposed forwarding algorithm is evaluated through Contiki-based nodes in the Cooja simulator.

CoSIP: A Constrained Session Initiation Protocol for the Internet of Things

The Internet of Things (IoT) refers to the interconnection of billions of constrained devices, denoted as “smart objects” (SO), in an Internet-like structure. SOs typically feature limited capabilities in terms of computation and memory and operate in constrained environments, such low-power lossy networks. As IP has been foreseen as the standard for smart-object communication, an effort to bring IP connectivity to SOs and define suitable communication protocols (i.e. CoAP) is being carried out within standardization organisms, such as IETF. In this paper, we propose a constrained version of the Session Initiation Protocol (SIP), named “CoSIP”, whose intent is to allow constrained devices to instantiate communication sessions in a lightweight and standard fashion. Session instantiation can include a negotiation phase of some parameters which will be used for all subsequent communication. CoSIP can be adopted in several application scenarios, such as service discovery and publish/subscribe applications, which are detailed. An evaluation of the proposed protocol is also presented, based on a Java implementation of CoSIP, to show the benefits that its adoption can bring about, in terms of compression rate with the existing SIP protocol and message overhead compared with the use of CoAP.

Implementation of a framework for a DHT-based Distributed Location Service

Distributed hash tables (DHTs) are structured peer-to-peer systems in which a number of peer nodes collectively cooperate to provide a key/value pair information storage and retrieval service. All DHTs are characterized by desirable features such as scalability, fault tolerance, and self organization. Each DHT node is responsible for maintaining a subset of the stored information, which depends on the specific DHT algorithm. Many Internet-based applications strongly rely on a location service (LS), such as DNS, in order to map a URI to one or more IP addresses (and port numbers) that specify where the resource identified by the URI can actually be accessed. However, location services typically introduce centralization points into the architectures they are used in and therefore expose the overall system to possible failures. Because of their nature, DHT appear to be a perfect mean for setting up a distributed location service (DLS). In this paper we present a Java-based framework that can be used for building a DLS independent from the specific DHT algorithm and communication protocol adopted.

A Graph-Based Cloud Architecture for Big Stream Real-Time Applications in the Internet of Things

The Internet of Things (IoT) will consist of billions of interconnected heterogeneous devices denoted as “smart objects.” Smart objects are generally sensor/actuator-equipped and have constrained resources in terms of: (i) processing capabilities; (ii) available ROM/RAM; and (iii) communication reliability. To meet low-latency requirements, real-time IoT applications must rely on specific architectures designed in order to handle and process gigantic (in terms of number of sources of information and rate of received data) streams of data coming from smart objects. We refer to this smart object-generated data stream as “Big Stream,” in contrast to traditional “Big Data” scenarios, where real-time constraints are not considered. In this paper, we propose a novel Cloud architecture for Big Stream applications that can efficiently handle data coming from deployed smart objects through a graph-based processing platform and deliver processed data to consumer applications with lowest latency.

mjCoAP: An Open-Source Lightweight Java CoAP Library for Internet of Things Applications

The Internet of Things (IoT) is expected to pervasively interconnect more than 50 billion devices, denoted as “smart objects”, by 2020 in an Internet-like structure, which will extend the current Internet, enabling new forms of interaction between physical objects and people. The IoT will be made up of heterogeneous devices, featuring extremely diverse capabilities, in terms of computational power, connectivity, availability, and mobility. In such a scenario, characterized by the heterogeneity and large number of involved devices, in order to effectively allow and foster the growth of new applications and services, it is necessary to provide appropriate standards that can guarantee full interoperability among existing hosts and IoT nodes. Standardization organizations, such as the Internet Engineering Task Force (IETF), and research projects are chartered to bring IP to smart objects and to define suitable application-layer and security protocols for IoT scenarios. In order to cope with the limitations of smart objects, the IETF CoRE Working Group has defined the Constrained Application Protocol (CoAP), a standard application-layer protocol for use with constrained nodes and constrained networks. In this work, we present mjCoAP, an open source lightweight Java-based implementation of CoAP, which aims at simplifying the development of CoAP-based IoT applications. The mjCoAP library is fully RFC-compliant and integrates several IETF CoRE WG specifications, such as blockwise transfers, resource observing, and HTTP/CoAP mapping. We also present some application scenarios and we describe how they can be easily implemented based on mjCoAP.

Wearable Computing for the Internet of Things

In the next few years, the Internet of Things (IoT) will become a reality, merging the social, physical, and cyber worlds to enable new applications and forms of interaction between humans and connected, smart sensing and actuating devices. As billions of smart objects become deployed pervasively in the environment, users should be able to discover and interact with objects in their proximity in a seamless and transparent way. Although smartphones have become an extremely popular computing device, smart wearable devices, such as Google Glass and the Apple watch, are now providing even more effective means to bridge the gap between humans and smart objects. The authors analyze the characteristics of wearable applications for IoT scenarios and describe the interaction patterns that should occur between wearable or mobile devices and smart objects. The authors also present an implementation of a wearable-based Web of Things application used to evaluate the described interaction patterns in a smart environment, deployed within their departments IoT testbed.