Reduciendo la brecha de seguridad del IoT con una arquitectura de microservicios basada en TLS y OAuth2

Contenido principal del artículo

Diego Ordonez-Camacho https://orcid.org/0000-0001-8390-634X

Resumen

El Internet de las cosas es una de las tendencias más prometedoras en la actualidad. La rapidez de su adopción, sin embargo, ha provocado ciertas brechas críticas en la seguridad de los sistemas involucrados. Este proyecto analizó el problema de seguridad de una manera amplia, pero enfocándose en entornos de tipo hogar inteligente, donde el uso de dispositivos con tecnologías ampliamente heterogéneas genera problemas en la autenticación con múltiples servicios, y en la confidencialidad de los datos, si la red llegara a verse comprometida. Para atacar estos problemas, se juntaron tecnologías de última generación como OAuth2 y TLS, entre otras, junto a una metodología arquitectural de microservicios de acoplamiento ligero, para generar una arquitectura IoT segura y de amplio alcance, respaldada y validada por una implementación de referencia. La división en capas funcionales permite que tanto los dispositivos y sensores fijos como aquellos móviles, puedan acoplarse al sistema de manera transparente y fluida. El esquema de seguridad estructurado en tres niveles incrementales permite que cada equipo pueda integrarse al que mejor se adapte tanto a sus recursos computacionales como al tipo de información que debe entregar o consumir. Los resultados muestran la flexibilidad de la solución y la solidez del esquema de seguridad presentado.
Abstract 26 | PDF Downloads 9 PDF (English) Downloads 6

Citas

[1] Y. Lu and L. D. Xu, “Internet of things (IoT) cybersecurity research: A review of current research topics,” IEEE Internet of Things Journal, vol. 6, no. 2, pp. 2103–2115, 2019. [Online]. Available: https://doi.org/10.1109/JIOT.2018.2869847
[2] A. Riahi Sfar, E. Natalizio, Y. Challal, and Z. Chtourou, “A roadmap for security challenges in the internet of things,” Digital Communications and Networks, vol. 4, no. 2, pp. 118–137, 2018. [Online]. Available: https://doi.org/10.1016/j.dcan.2017.04.003
[3] P. Lea, Internet of Things for Architects: Architecting IoT solutions by implementing sensors, communication infrastructure, edge computing, analytics, and security. Packt Publishing Ltd, 2018. [Online]. Available: https://bit.ly/3oJ1XRl
[4] P. Jamshidi, C. Pahl, N. C. Mendonça, J. Lewis, and S. Tilkov, “Microservices: The journey so far and challenges ahead,” IEEE Software, vol. 35, no. 3, pp. 24–35, 2018. [Online]. Available: https://doi.org/10.1109/MS.2018.2141039
[5] J. Khan, J. p. Li, I. Ali, S. Parveen, G. a. Khan, M. Khalil, A. Khan, A. U. Haq, and M. Shahid, “An authentication technique based on oauth 2.0 protocol for internet of things (IoT) network,” in 2018 15th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), 2018, pp. 160–165. [Online]. Available: https://doi.org/10.1109/ICCWAMTIP.2018.8632587
[6] C. Chan, R. Fontugne, K. Cho, and S. Goto, “Monitoring tls adoption using backbone and edge traffic,” in IEEE INFOCOM 2018 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2018, pp. 208–213. [Online]. Available: https://doi.org/10.1109/INFCOMW.2018.8406957
[7] F. Izquierdo, M. Ciurana, F. Barcelo, J. Paradells, and E. Zola, “Performance evaluation of a TOA-based trilateration method to locate terminals in WLAN,” in 2006 1st International Symposium on Wireless Pervasive Computing, 2006, pp. 1–6. [Online]. Available: https://doi.org/10.1109/ISWPC.2006.1613598
[8] M. A. Khan and K. Salah, “IoT security: Review, blockchain solutions, and open challenges,” Future Generation Computer Systems, vol. 82, pp. 395–411, 2018. [Online]. Available: https://doi.org/10.1016/j.future.2017.11.022
[9] J. P. Rojas, J. C. Bustos, and D. Ordóñez Camacho, “Smart public transportation at your fingertips,” Enfoque UTE, vol. 8, no. 1, pp. 122–134, Feb. 2017. [Online]. Available: https://doi.org/10.29019/enfoqueute.v8n1.143
[10] J. P. Rojas, J. C. Bustos, and D. Ordóñez- Camacho, “Qbus: Movilidad inteligente para el usuario de transporte público,” in Proceedings of the International Conference on Information Systems and Computer Science, INCISCOS 2016, 2016. [Online]. Available: https://bit.ly/3jZlBpE
[11] E. A. Q. Montoya, S. F. J. Colorado, W. Y. C. Muñoz, and G. E. C. Golondrino, “Propuesta de una arquitectura para agricultura de precisión soportada en IoT,” RISTI - Revista Iberica de Sistemas e Tecnologias de Informacao, pp. 39–56, 2017. [Online]. Available: http://dx.doi.org/10.17013/risti.24.39-56
[12] M. Agiwal, N. Saxena, and A. Roy, “Towards connected living: 5g enabled internet of things (IoT),” IETE Technical Review, vol. 36, no. 2, pp. 190–202, 2019. [Online]. Available: https://doi.org/10.1080/02564602.2018.1444516
[13] H. Lin and N. Bergmann, “IoT privacy and security challenges for smart home environments,” Information, vol. 7, no. 3, p. 44, Jul 2016. [Online]. Available: http://dx.doi.org/10.3390/info7030044
[14] H. Kaffel-Ben Ayed, H. Boujezza, and I. Riabi, “An idms approach towards privacy and new requirements in IoT,” in 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC), 2017, pp. 429–434. [Online]. Available: https://doi.org/10.1109/IWCMC.2017.7986324
[15] F. Fernández, A. Alonso, L. Marco, and J. Salvachúa, “A model to enable applicationscoped access control as a service for IoT using OAuth 2.0,” in 2017 20th Conference on Innovations in Clouds, Internet and Networks (ICIN), 2017, pp. 322–324. [Online]. Available: https://doi.org/10.1109/ICIN.2017.7899433
[16] J. Bugeja, A. Jacobsson, and P. Davidsson, “On privacy and security challenges in smart connected homes,” in 2016 European Intelligence and Security Informatics Conference (EISIC), 2016, pp. 172–175. [Online]. Available: https://doi.org/10.1109/EISIC.2016.044
[17] L. Sun, Y. Li, and R. A. Memon, “An open IoT framework based on microservices architecture,” China Communications, vol. 14, no. 2, pp. 154–162, 2017. [Online]. Available: https://doi.org/10.1109/CC.2017.7868163 [18] T. Vresk and I. Çavrak, “Architecture of an interoperable IoT platform based on microservices,” in 2016 39th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2016, pp. 1196–1201. [Online]. Available: https://doi.org/10.1109/MIPRO.2016.7522321
[19] R. Yu, V. T. Kilari, G. Xue, and D. Yang, “Load balancing for interdependent IoT microservices,” in IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, 2019, pp. 298–306. [Online]. Available: https://doi.org/10.1109/INFOCOM.2019.8737450
[20] D. Díaz-Sánchez, A. Marín-Lopez, F. A. Mendoza, P. A. Cabarcos, and R. S. Sherratt, “TLS/PKI challenges and certificate pinning techniques for IoT and M2M secure communications,” IEEE Communications Surveys Tutorials, vol. 21, no. 4, pp. 3502–3531, 2019. [Online]. Available: https://doi.org/10.1109/COMST.2019.2914453
[21] P. Urien, “Securing the IoT with TLS/DTLS server stacks embedded in secure elements: An ePlug usecase,” in 2017 14th IEEE Annual Consumer Communications Networking Conference (CCNC), 2017, pp. 569–570. [Online]. Available: https://doi.org/10.1109/CCNC.2017.7983170
[22] J. D. Hoz, J. Saldana, J. Fernández- Navajas, J. Ruiz-Mas, R. G. Rodríguez, and F. d. J. M. Luna, “SSH as an alternative to TLS in IoT environments using HTTP,” in 2018 Global Internet of Things Summit (GIoTS), 2018, pp. 1–6. [Online]. Available: https://doi.org/10.1109/GIOTS.2018.8534545
[23] M. Khan, M. W. Anwar, F. Azam, F. Samea, and M. F. Shinwari, A Model-Driven Approach for Access Control in Internet of Things (IoT) Applications – An Introduction to UMLOA. Communications in Computer and Information Science, Springer, 2018, vol. 920. [Online]. Available: https://doi.org/10.1007/978-3-319-99972-2_16
[24] H. Kim, A. Wasicek, B. Mehne, and E. A. Lee, “A secure network architecture for the internet of things based on local authorization entities,” in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud), 2016, pp. 114–122. [Online]. Available: https://doi.org/10.1109/FiCloud.2016.24
[25] M. Pahl and L. Donini, “Securing IoT microservices with certificates,” in NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium, 2018, pp. 1–5. [Online]. Available: https://doi.org/10.1109/NOMS.2018.8406189
[26] S. Sciancalepore, G. Piro, D. Caldarola, G. Boggia, and G. Bianchi, “Oauth-iot: An access control framework for the internet of things based on open standards,” in 2017 IEEE Symposium on Computers and Communications (ISCC), 2017, pp. 676–681. [Online]. Available: https://doi.org/10.1109/ISCC.2017.8024606
[27] S. Shapsough, F. Aloul, and I. A. Zualkernan, “Securing low-resource edge devices for IoT systems,” in 2018 International Symposium in Sensing and Instrumentation in IoT Era (ISSI), 2018, pp. 1–4. [Online]. Available: https://doi.org/10.1109/ISSI.2018.8538135
[28] M. Singh, M. A. Rajan, V. L. Shivraj, and P. Balamuralidhar, “Secure mqtt for internet of things (IoT),” in 2015 Fifth International Conference on Communication Systems and Network Technologies, 2015, pp. 746–751. [Online]. Available: https://doi.org/10.1109/CSNT.2015.16
[29] C. Singh and M. Kumar, Mastering Hadoop 3: Big data processing at scale to unlock unique business insights. Packt Publishing, 2019. [Online]. Available: https://bit.ly/37Qi2O9
[30] J. Turnbull, The Docker Book: Containerization is the new virtualization, 2014. [Online]. Available: https://bit.ly/3m7nqRY
[31] A. Selva. (2014) Java MQTT lightweight broker. moquette. [Online]. Available: https://bit.ly/3gB82Mw
[32] M. Bhushan, Big Data and Hadoop: Learn by Example. BPB Publications, 2018. [Online]. Available: https://bit.ly/2W0AmP1
[33] T. Dunning and E. Friedman, Time Series Databases: New Ways to Store and Access Data, Edition: 1. Sebastopol. O’Reilly Media, Inc, 2014. [Online]. Available: https://bit.ly/2W1VnsU
[34] B. Brazil, Prometheus: Up & Running: Infrastructure and Application Performance Monitoring. O’Reilly Media, 2018. [Online]. Available: https://bit.ly/39V80xX
[35] A. Kurniawan, Arduino MKR WIFI 1010 Development Workshop. PE Press, 2018. [Online]. Available: https://bit.ly/37OEnvD
[36] I. Dogan and I. Ahmet, The Official ESP32 Book. Elektor International Media, 2017. [Online]. Available: https://bit.ly/2IzEW3G
[37] G. C. Hillar, Hands-On MQTT Programming with Python: Work with the lightweight IoT protocol in Python. Packt Publishing, 2018. [Online]. Available: https://bit.ly/33YpdTg
[38] B. Charles, Beginning Sensor Networks with Arduino and Raspberry Pi. Apress, 2013. [Online]. Available: https://bit.ly/3m5syGj