1520Accesses
Abstract
The SensorCloud project aims at enabling the use of elastic, on-demand resources of today’s Cloud offers for the storage and processing of sensed information about the physical world. Recent privacy concerns regarding the Cloud computing paradigm, however, constitute an adoption barrier that must be overcome to leverage the full potential of the envisioned scenario. To this end, a key goal of the SensorCloud project is to develop a security architecture that offers full access control to the data owner when outsourcing her sensed information to the Cloud. The central idea of this security architecture is the introduction of the trust point, a security-enhanced gateway at the border of the information sensing network. Based on a security analysis of the SensorCloud scenario, this chapter presents the design and implementation of the main components of our proposed security architecture. Our evaluation results confirm the feasibility of our proposed architecture with respect to the elastic, on-demand resources of today’s commodity Cloud offers.
This is a preview of subscription content,log in via an institution to check access.
Access this chapter
Subscribe and save
- Get 10 units per month
- Download Article/Chapter or eBook
- 1 Unit = 1 Article or 1 Chapter
- Cancel anytime
Buy Now
- Chapter
- JPY 3498
- Price includes VAT (Japan)
- eBook
- JPY 5719
- Price includes VAT (Japan)
- Softcover Book
- JPY 7149
- Price includes VAT (Japan)
- Hardcover Book
- JPY 7149
- Price includes VAT (Japan)
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Amazon Web Services, Inc.: Amazon EC2 Instances. URLhttp://aws.amazon.com/en/ec2/instance-types/. Retrieved: 09/10/2013
Amazon Web Services, Inc.: AWS GovCloud (US) Region – Government Cloud Computing. URLhttp://aws.amazon.com/en/govcloud-us/. Retrieved: 09/10/2013
Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for Key Management – Part 1: General (Revision 3). Tech. rep, National Institute of Standards and Technology (2012)
Boneh, D., Waters, B.: Conjunctive, Subset, and Range Queries on Encrypted Data. In: S.P. Vadhan (ed.) Theory of Cryptography, Lecture Notes in Computer Science, vol. 4392. Springer (2007)
Bowers, K.D., Juels, A., Oprea, A.: HAIL: A High-Availability and Integrity Layer for Cloud Storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS) (2009)
Bugiel, S., N¨urnberger, S., Sadeghi, A.R., Schneider, T.: Twin Clouds: Secure Cloud Computing with Low Latency. In: B. Decker, J. Lapon, V. Naessens, A. Uhl (eds.) Communications and Multimedia Security, Lecture Notes in Computer Science, vol. 7025. Springer (2011)
Carpenter, B., Brim, S.: Middleboxes: Taxonomy and Issues. IETF RFC 3234 (Informational) (2002)
Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW) (2009)
Coarfa, C., Druschel, P., Wallach, D.S.: Performance Analysis of TLS Web servers. ACM Trans. Comput. Syst. 24(1) (2006)
Crockford, D.: The application/json Media Type for JavaScript Object Notation (JSON). RFC 4627 (2006) A Trust Point-based Security Architecture for Sensor Data in the Cloud 105
Danezis, G., Livshits, B.: Towards Ensuring Client-Side Computational Integrity. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security (CCSW) (2011)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. IETF RFC 5246 (Proposed Standard) (2008)
Eggert, M., H¨außling, R., Henze, M., Hermerschmidt, L., Hummen, R., Kerpen, D., Navarro P´erez, A., Rumpe, B., Thißen, D., Wehrle, K.: SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators. Tech. rep., RWTH Aachen University (2013)
Ferraiolo, D., Kuhn, R.: Role-Based Access Control. In: 15th NIST-NCSC National Computer Security Conference (1992)
Gentry, C.: Computing Arbitrary Functions of Encrypted Data. Commun. ACM 53(3) (2010)
Guarnieri, S., Livshits, B.: GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. In: 18th USENIX Security Symposium (USENIX Security) (2009)
Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard) (2012)
Heer, T., G¨otz, S., Weing¨artner, E., Wehrle, K.: Secure Wi-Fi Sharing at Global Scales. In: International Conference on Telecommunications (ICT) (2008)
Henze, M., Großfengels, M., Koprowski, M., Wehrle, K.: Towards Data Handling Requirements-aware Cloud Computing. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (2013)
Henze, M., Hummen, R., Matzutt, R., Catrein, D., Wehrle, K.: Maintaining User Control While Storing and Processing Sensor Data in the Cloud. International Journal of Grid and High Performance Computing (IJGHPC) 5(4) (2013)
Henze, M., Hummen, R., Wehrle, K.: The Cloud Needs Cross-Layer Data Handling Annotations. In: 2013 IEEE Security and Privacy Workshops (2013)
Hummen, R., Henze, M., Catrein, D., Wehrle, K.: A Cloud Design for User-controlled Storage and Processing of Sensor Data. In: 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom) (2012)
Hummen, R., Hiller, J., Henze, M., Wehrle, K.: Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things. In: 1st International Workshop on Internet of Things Communications and Technologies (IoT) (2013)
Hummen, R., Hiller, J., Wirtz, H., Henze, M., Shafagh, H., Wehrle, K.: 6LoWPAN Fragmentation Attacks and Mitigation Mechanisms. In: Proceedings of the sixth ACM Conference on Security and privacy in Wireless and Mobile Networks (WiSec) (2013)
Hummen, R., Shafagh, H., Raza, S., Voigt, T., Wehrle, K.: Delegation-based authentication and authorization for the ip-based internet of things. In: 2014 IEEE International Conference on Sensing, Communications and Networking (SECON) (2014)
Hummen, R., Wirtz, H., Ziegeldorf, J.H., Hiller, J., Wehrle, K.: Tailoring End-to-End IP Security Protocols to the Internet of Things. In: 21st IEEE International Conference on Network Protocols (ICNP) (2013)
Itani, W., Kayssi, A., Chehab, A.: Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC) (2009)
Jennings, C., Shelby, Z., Arkko, J.: Media Types for Sensor Markup Language (SENML). IETF Internet-Draft draft-jennings-senml-10 (2013). Work in progress
Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: R. Sion, R. Curtmola, S. Dietrich, A. Kiayias, J. Miret, K. Sako, F. Seb´e (eds.) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 6054. Springer (2010)
Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). IETF RFC 5996 (Proposed Standard) (2010)
Lamport, L.: Password Authentication with Insecure Communication. Commun. ACM 24(11) (1981)
Lindell, Y., Pinkas, B.: A Proof of Security of Yao’s Protocol for Two-Party Computation. Journal of Cryptology 22(2) (2009) 106 Martin Henze, Ren´e Hummen, Roman Matzutt, and Klaus Wehrle
Mitchell, C.J. (ed.): Trusted Computing. IEE (2005)
Montenegro, G., Kushalnagar, N., Hui, J., Culler, D.: Transmission of IPv6 Packets over IEEE 802.15.4 Networks. RFC 4944 (2007)
Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol. IETF RFC 5201 (Experimental) (2008)
National Institute of Standards and Technology: FIPS PUB 197: Advanced Encryption Standard (AES) (2001)
National Institute of Standards and Technology: FIPS PUB 186-4: Digital Signature Standard (DSS) (2013)
Navarro P´erez, A., Rumpe, B.: Modeling Cloud Architectures as Interactive Systems. In: 2nd International Workshop on Model-Driven Engineering for High Performance and Cloud Computing (MDHPCL) (2013)
Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: J. Stern (ed.) Advances in Cryptology — EUROCRYPT ’99, Lecture Notes in Computer Science, vol. 1592. Springer (1999)
Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: 2010 IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom) (2010)
Pearson, S., Mont, M.C., Chen, L., Reed, A.: End-to-End Policy-Based Encryption and Management of Data in the Cloud. In: 2011 IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom) (2011)
Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: Protecting Confidentiality with Encrypted Query Processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP ’11) (2011)
Robertson, J.: How Private Data Became Public on Amazon’s Cloud. URLhttp://www.bloomberg.com/news/2013-03-26/how-private-databecame-public-on-amazon-s-cloud.html. Retrieved: 09/10/2013
Santos, N., Gummadi, K.P., Rodrigues, R.: Towards Trusted Cloud Computing. In: USENIX Workshop on Hot Topics in Cloud Computing (HotCloud ’09) (2009)
The HIPL Project: Host Identity Protocol for Linux. online @https://launchpad.net/hipl (2013)
The OpenSSL Project: OpenSSL. online @http://www.openssl.org/ (2013)
The strongSwan Project: strongSwan - IPsec for Linux. online@http://strongswan.org (2013)
Wallom, D., Turilli, M., Taylor, G., Hargreaves, N., Martin, A., Raun, A., McMoran, A.: myTrustedCloud: Trusted Cloud Infrastructure for Security-critical Computation and Data Managment. In: 2011 IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom) (2011)
Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing. IEEE Trans. Parallel Distrib. Syst.22(5), 847–859 (2011)
Yao, A.C.C.: How to Generate and Exchange Secrets. In: 27th Annual Symposium on Foundations of Computer Science (1986)
Yu, S.,Wang, C., Ren, K., Lou,W.: Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In: 2010 Proceedings IEEE INFOCOM (2010)
Ziegeldorf, J.H., Garcia Morchon, O., Wehrle, K.: Privacy in the Internet of Things: Threats and Challenges. Security and Communication Networks (2013)
ZigBee Alliance: ZigBee 2012 Specification (2012)
ZigBee Alliance: ZigBee Smart Energy Profile 2 (2013)
Author information
Authors and Affiliations
Communication and Distributed Systems, RWTH Aachen University, Aachen, Germany
Martin Henze, René Hummen, Roman Matzutt & Klaus Wehrle
- Martin Henze
You can also search for this author inPubMed Google Scholar
- René Hummen
You can also search for this author inPubMed Google Scholar
- Roman Matzutt
You can also search for this author inPubMed Google Scholar
- Klaus Wehrle
You can also search for this author inPubMed Google Scholar
Corresponding author
Correspondence toMartin Henze.
Editor information
Editors and Affiliations
Technische Universität München, fortiss - An-Institut Technische Universität München, Munich, Germany
Helmut Krcmar
Karlsruhe Institute of Technology, FZI - Forschungszentrum Informatik am KIT, Karlsruhe, Germany
Ralf Reussner
RWTH Aachen, RIT - Rumpe Information Technologies, Aachen, Germany
Bernhard Rumpe
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Henze, M., Hummen, R., Matzutt, R., Wehrle, K. (2014). A Trust Point-based Security Architecture for Sensor Data in the Cloud. In: Krcmar, H., Reussner, R., Rumpe, B. (eds) Trusted Cloud Computing. Springer, Cham. https://doi.org/10.1007/978-3-319-12718-7_6
Download citation
Published:
Publisher Name:Springer, Cham
Print ISBN:978-3-319-12717-0
Online ISBN:978-3-319-12718-7
eBook Packages:Computer ScienceComputer Science (R0)
Share this chapter
Anyone you share the following link with will be able to read this content:
Sorry, a shareable link is not currently available for this article.
Provided by the Springer Nature SharedIt content-sharing initiative