Security services provision for SOA-based IoT middleware systems

Detalhes bibliográficos
Ano de defesa: 2016
Autor(a) principal: Tiburski, Ram?o Tiago lattes
Orientador(a): Hessel, Fabiano Passuelo lattes
Banca de defesa: Não Informado pela instituição
Tipo de documento: Dissertação
Tipo de acesso: Acesso aberto
Idioma: eng
Instituição de defesa: Pontif?cia Universidade Cat?lica do Rio Grande do Sul
Programa de Pós-Graduação: Programa de P?s-Gradua??o em Ci?ncia da Computa??o
Departamento: Faculdade de Inform?tica
País: Brasil
Palavras-chave em Português:
SERVI?OS WEB
SISTEMAS DE INFORMA??O
SISTEMAS DISTRIBU?DOS
SEGURAN?A DA INFORMA??O
INFORM?TICA
Área do conhecimento CNPq:
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
Link de acesso: http://tede2.pucrs.br/tede2/handle/tede/6859
Resumo: The evolution of the Internet of Things (IoT) requires an infrastructure of systems that can provide services for devices abstraction and data management, and also support the development of applications. IoT middleware has been recognized as the system that can provide this necessary infrastructure of services and has become increasingly important for IoT over the last years. The architecture of an IoT middleware is usually based on SOA (Service-Oriented Architecture) standard and has security requirement as one of its main challenges. The large amount of data that flows in this kind of system demands security services able to ensure data protection in the entire system. In addition, some IoT applications, mainly those from e-health environments, have brought new requirements in terms of secure communication and acceptable response time for critical services. Although IoT middleware technologies have been used to cope with the most relevant requirements demanded by different IoT applications, security is a special topic that is not mature enough in this kind of technology. The security challenges regarding e-health scenarios are concentrated mainly on issues surrounding the communication layer, specially those cases in which patient data are transmitted in open networks where they are more vulnerable to attacks. In this sense, there is a need for ensure data confidentiality and integrity in middleware system layers to enable a reliable understanding of a patient current life state. This work proposes the definition of four security services focused on data protection in order to minimize security problems found in SOA-based IoT middleware systems. We implemented only one of these services (CCP - Communication Channel Protection) which is composed of two security approaches: TLS and DTLS. Both approaches are known security protocols able to provide confidentiality, integrity, and authenticity. The implemented service was focused on protecting data transmission in an IoT middleware system (COMPaaS - Cooperative Middleware Platform as a Service) and was validated through a specific e-health scenario. The main goal was to verify if our security implementations compromise, in terms of response time, the communication performance of the middleware system, which is the key requirement of the e-health scenario. Tests revealed a satisfactory result since the implemented approaches respected the response time requirement of the application and protected the transmitted data.
id P_RS_ad4115a3b6941626c41c9f939c0a393f
oai_identifier_str oai:tede2.pucrs.br:tede/6859
network_acronym_str P_RS
network_name_str Biblioteca Digital de Teses e Dissertações da PUC_RS
repository_id_str
spelling Hessel, Fabiano Passuelo606.466.590-49http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4728802T7020.058.610-65http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4382255J0Tiburski, Ram?o Tiago2016-07-27T17:56:43Z2016-03-16http://tede2.pucrs.br/tede2/handle/tede/6859The evolution of the Internet of Things (IoT) requires an infrastructure of systems that can provide services for devices abstraction and data management, and also support the development of applications. IoT middleware has been recognized as the system that can provide this necessary infrastructure of services and has become increasingly important for IoT over the last years. The architecture of an IoT middleware is usually based on SOA (Service-Oriented Architecture) standard and has security requirement as one of its main challenges. The large amount of data that flows in this kind of system demands security services able to ensure data protection in the entire system. In addition, some IoT applications, mainly those from e-health environments, have brought new requirements in terms of secure communication and acceptable response time for critical services. Although IoT middleware technologies have been used to cope with the most relevant requirements demanded by different IoT applications, security is a special topic that is not mature enough in this kind of technology. The security challenges regarding e-health scenarios are concentrated mainly on issues surrounding the communication layer, specially those cases in which patient data are transmitted in open networks where they are more vulnerable to attacks. In this sense, there is a need for ensure data confidentiality and integrity in middleware system layers to enable a reliable understanding of a patient current life state. This work proposes the definition of four security services focused on data protection in order to minimize security problems found in SOA-based IoT middleware systems. We implemented only one of these services (CCP - Communication Channel Protection) which is composed of two security approaches: TLS and DTLS. Both approaches are known security protocols able to provide confidentiality, integrity, and authenticity. The implemented service was focused on protecting data transmission in an IoT middleware system (COMPaaS - Cooperative Middleware Platform as a Service) and was validated through a specific e-health scenario. The main goal was to verify if our security implementations compromise, in terms of response time, the communication performance of the middleware system, which is the key requirement of the e-health scenario. Tests revealed a satisfactory result since the implemented approaches respected the response time requirement of the application and protected the transmitted data.A evolu??o da IoT (do ingl?s, Internet of Things) requer uma infra-estrutura de sistemas que seja capaz de fornecer servi?os tanto para abstra??o de dispositivos e gerenciamento de dados, quanto para suporte ao desenvolvimento de aplica??es. Middleware para IoT tem sido reconhecido como o sistema capaz de prover esta infra-estrutura necess?ria de servi?os e vem se tornando cada vez mais importante para a Internet das Coisas ao longo dos ?ltimos anos. A arquitetura de um sistema de middleware para IoT geralmente est? baseada no padr?o SOA (do ingl?s, Service-Oriented Architecture) e tem o requisito de seguran?a como um dos seus principais desafios. A grande quantidade de dados que trafega nesse tipo de sistema exige servi?os de seguran?a capazes de garantir a prote??o dos dados em toda a extens?o do sistema. Al?m disso, algumas aplica??es para IoT, pricipalmente aquelas voltadas para ambientes de sa?de, fizeram surgir novos requisitos em termos de comunica??o segura e tempo de resposta aceit?vel para servi?os cr?ticos. Embora diversas tecnologias de middleware para IoT t?m sido utilizadas para lidar com os requisitos mais relevantes exigidos pelas diferentes aplica??es existentes para IoT, seguran?a ainda ? um tema especial que n?o est? maduro o suficiente neste tipo de tecnologia. Os desafios de seguran?a relacionados ? cen?rios de sa?de est?o concentrados, principalmente, nas quest?es relacionadas com a camada de comunica??o, especialmente nos casos em que dados de pacientes s?o transmitidos em redes abertas, onde s?o mais vulner?veis a ataques. Neste sentido, existe a necessidade de garantir confidencialidade e integridade de dados nas camadas do middleware para permitir um entendimento mais confi?vel a respeito do estado de vida de um paciente. Este trabalho prop?e a defini??o de quatro servi?os de seguran?a voltados para prote??o de dados a fim de minimizar os problemas de seguran?a encontrados em sistemas de middleware para IoT baseados em SOA. Apenas um dos servi?os de seguran?a propostos foi implementado neste trabalho (o CCP - Communication Channel Protection), o qual ? um servi?o composto pela implementa??o de dois protocolos de seguran?a: TLS e DTLS. Ambas abordagens est?o baseadas em protocolos de seguran?a j? conhecidos e capazes de garantir confidencialidade, integridade e autenticidade. O servi?o implementado visa proteger a transmiss?o de dados em um sistema de middleware para IoT (COMPaaS - Cooperative Middleware Platform as a Service), e foi validado atrav?s de um cen?rio de aplica??o espec?fico para a ?rea da sa?de. O principal objetivo da valida??o foi verificar se as implementa??es dos servi?os de seguran?a estavam comprometendo, em termos de tempo de resposta, o desempenho das camadas de comunica??o dos sistemas do middleware COMPaaS, o qual ? o requisito fundamental do cen?rio de sa?de. Testes revelaram resultados satisfat?rios visto que as abordagens implementadas respeitaram o requisito de tempo de resposta da aplica??o e protegeram os dados transmitidos.Submitted by Setor de Tratamento da Informa??o - BC/PUCRS (tede2@pucrs.br) on 2016-07-27T17:56:43Z No. of bitstreams: 1 DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf: 2123547 bytes, checksum: e9ad13edc13527a81d422052d71a67fa (MD5)Made available in DSpace on 2016-07-27T17:56:43Z (GMT). No. of bitstreams: 1 DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf: 2123547 bytes, checksum: e9ad13edc13527a81d422052d71a67fa (MD5) Previous issue date: 2016-03-16application/pdfhttp://tede2.pucrs.br:80/tede2/retrieve/165832/DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.jpgengPontif?cia Universidade Cat?lica do Rio Grande do SulPrograma de P?s-Gradua??o em Ci?ncia da Computa??oPUCRSBrasilFaculdade de Inform?ticaSERVI?OS WEBSISTEMAS DE INFORMA??OSISTEMAS DISTRIBU?DOSSEGURAN?A DA INFORMA??OINFORM?TICACIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAOSecurity services provision for SOA-based IoT middleware systemsProvis?o de servi?os de seguran?a para sistemas de middleware da IoT baseados em SOAinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesis1974996533081274470600600600-30085425104011491443671711205811204509info:eu-repo/semantics/openAccessreponame:Biblioteca Digital de Teses e Dissertações da PUC_RSinstname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)instacron:PUC_RSTHUMBNAILDIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.jpgDIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.jpgimage/jpeg3646http://tede2.pucrs.br/tede2/bitstream/tede/6859/4/DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.jpg0e21c18f1391d1c12d49cad8b2353ed7MD54TEXTDIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.txtDIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.txttext/plain183027http://tede2.pucrs.br/tede2/bitstream/tede/6859/5/DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.txt230cfb4a9550880aaa9176a93d92814aMD55LICENSElicense.txtlicense.txttext/plain; charset=utf-8610http://tede2.pucrs.br/tede2/bitstream/tede/6859/3/license.txt5a9d6006225b368ef605ba16b4f6d1beMD53ORIGINALDIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdfDIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdfapplication/pdf2123547http://tede2.pucrs.br/tede2/bitstream/tede/6859/2/DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdfe9ad13edc13527a81d422052d71a67faMD52tede/68592016-07-28 12:00:27.535oai:tede2.pucrs.br:tede/6859QXV0b3JpemHDp8OjbyBwYXJhIFB1YmxpY2HDp8OjbyBFbGV0csO0bmljYTogQ29tIGJhc2Ugbm8gZGlzcG9zdG8gbmEgTGVpIEZlZGVyYWwgbsK6OS42MTAsIGRlIDE5IGRlIGZldmVyZWlybyBkZSAxOTk4LCBvIGF1dG9yIEFVVE9SSVpBIGEgcHVibGljYcOnw6NvIGVsZXRyw7RuaWNhIGRhIHByZXNlbnRlIG9icmEgbm8gYWNlcnZvIGRhIEJpYmxpb3RlY2EgRGlnaXRhbCBkYSBQb250aWbDrWNpYSBVbml2ZXJzaWRhZGUgQ2F0w7NsaWNhIGRvIFJpbyBHcmFuZGUgZG8gU3VsLCBzZWRpYWRhIGEgQXYuIElwaXJhbmdhIDY2ODEsIFBvcnRvIEFsZWdyZSwgUmlvIEdyYW5kZSBkbyBTdWwsIGNvbSByZWdpc3RybyBkZSBDTlBKIDg4NjMwNDEzMDAwMi04MSBiZW0gY29tbyBlbSBvdXRyYXMgYmlibGlvdGVjYXMgZGlnaXRhaXMsIG5hY2lvbmFpcyBlIGludGVybmFjaW9uYWlzLCBjb25zw7NyY2lvcyBlIHJlZGVzIMOgcyBxdWFpcyBhIGJpYmxpb3RlY2EgZGEgUFVDUlMgcG9zc2EgYSB2aXIgcGFydGljaXBhciwgc2VtIMO0bnVzIGFsdXNpdm8gYW9zIGRpcmVpdG9zIGF1dG9yYWlzLCBhIHTDrXR1bG8gZGUgZGl2dWxnYcOnw6NvIGRhIHByb2R1w6fDo28gY2llbnTDrWZpY2EuCg==Biblioteca Digital de Teses e Dissertaçõeshttp://tede2.pucrs.br/tede2/PRIhttps://tede2.pucrs.br/oai/requestbiblioteca.central@pucrs.br||opendoar:2016-07-28T15:00:27Biblioteca Digital de Teses e Dissertações da PUC_RS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)false
dc.title.por.fl_str_mv Security services provision for SOA-based IoT middleware systems
dc.title.alternative.por.fl_str_mv Provis?o de servi?os de seguran?a para sistemas de middleware da IoT baseados em SOA
title Security services provision for SOA-based IoT middleware systems
spellingShingle Security services provision for SOA-based IoT middleware systems
Tiburski, Ram?o Tiago
SERVI?OS WEB
SISTEMAS DE INFORMA??O
SISTEMAS DISTRIBU?DOS
SEGURAN?A DA INFORMA??O
INFORM?TICA
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
title_short Security services provision for SOA-based IoT middleware systems
title_full Security services provision for SOA-based IoT middleware systems
title_fullStr Security services provision for SOA-based IoT middleware systems
title_full_unstemmed Security services provision for SOA-based IoT middleware systems
title_sort Security services provision for SOA-based IoT middleware systems
author Tiburski, Ram?o Tiago
author_facet Tiburski, Ram?o Tiago
author_role author
dc.contributor.advisor1.fl_str_mv Hessel, Fabiano Passuelo
dc.contributor.advisor1ID.fl_str_mv 606.466.590-49
dc.contributor.advisor1Lattes.fl_str_mv http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4728802T7
dc.contributor.authorID.fl_str_mv 020.058.610-65
dc.contributor.authorLattes.fl_str_mv http://buscatextual.cnpq.br/buscatextual/visualizacv.do?id=K4382255J0
dc.contributor.author.fl_str_mv Tiburski, Ram?o Tiago
contributor_str_mv Hessel, Fabiano Passuelo
dc.subject.por.fl_str_mv SERVI?OS WEB
SISTEMAS DE INFORMA??O
SISTEMAS DISTRIBU?DOS
SEGURAN?A DA INFORMA??O
INFORM?TICA
topic SERVI?OS WEB
SISTEMAS DE INFORMA??O
SISTEMAS DISTRIBU?DOS
SEGURAN?A DA INFORMA??O
INFORM?TICA
CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
dc.subject.cnpq.fl_str_mv CIENCIAS EXATAS E DA TERRA::CIENCIA DA COMPUTACAO
description The evolution of the Internet of Things (IoT) requires an infrastructure of systems that can provide services for devices abstraction and data management, and also support the development of applications. IoT middleware has been recognized as the system that can provide this necessary infrastructure of services and has become increasingly important for IoT over the last years. The architecture of an IoT middleware is usually based on SOA (Service-Oriented Architecture) standard and has security requirement as one of its main challenges. The large amount of data that flows in this kind of system demands security services able to ensure data protection in the entire system. In addition, some IoT applications, mainly those from e-health environments, have brought new requirements in terms of secure communication and acceptable response time for critical services. Although IoT middleware technologies have been used to cope with the most relevant requirements demanded by different IoT applications, security is a special topic that is not mature enough in this kind of technology. The security challenges regarding e-health scenarios are concentrated mainly on issues surrounding the communication layer, specially those cases in which patient data are transmitted in open networks where they are more vulnerable to attacks. In this sense, there is a need for ensure data confidentiality and integrity in middleware system layers to enable a reliable understanding of a patient current life state. This work proposes the definition of four security services focused on data protection in order to minimize security problems found in SOA-based IoT middleware systems. We implemented only one of these services (CCP - Communication Channel Protection) which is composed of two security approaches: TLS and DTLS. Both approaches are known security protocols able to provide confidentiality, integrity, and authenticity. The implemented service was focused on protecting data transmission in an IoT middleware system (COMPaaS - Cooperative Middleware Platform as a Service) and was validated through a specific e-health scenario. The main goal was to verify if our security implementations compromise, in terms of response time, the communication performance of the middleware system, which is the key requirement of the e-health scenario. Tests revealed a satisfactory result since the implemented approaches respected the response time requirement of the application and protected the transmitted data.
publishDate 2016
dc.date.accessioned.fl_str_mv 2016-07-27T17:56:43Z
dc.date.issued.fl_str_mv 2016-03-16
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://tede2.pucrs.br/tede2/handle/tede/6859
url http://tede2.pucrs.br/tede2/handle/tede/6859
dc.language.iso.fl_str_mv eng
language eng
dc.relation.program.fl_str_mv 1974996533081274470
dc.relation.confidence.fl_str_mv 600
600
600
dc.relation.department.fl_str_mv -3008542510401149144
dc.relation.cnpq.fl_str_mv 3671711205811204509
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.format.none.fl_str_mv application/pdf
dc.publisher.none.fl_str_mv Pontif?cia Universidade Cat?lica do Rio Grande do Sul
dc.publisher.program.fl_str_mv Programa de P?s-Gradua??o em Ci?ncia da Computa??o
dc.publisher.initials.fl_str_mv PUCRS
dc.publisher.country.fl_str_mv Brasil
dc.publisher.department.fl_str_mv Faculdade de Inform?tica
publisher.none.fl_str_mv Pontif?cia Universidade Cat?lica do Rio Grande do Sul
dc.source.none.fl_str_mv reponame:Biblioteca Digital de Teses e Dissertações da PUC_RS
instname:Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
instacron:PUC_RS
instname_str Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
instacron_str PUC_RS
institution PUC_RS
reponame_str Biblioteca Digital de Teses e Dissertações da PUC_RS
collection Biblioteca Digital de Teses e Dissertações da PUC_RS
bitstream.url.fl_str_mv http://tede2.pucrs.br/tede2/bitstream/tede/6859/4/DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.jpg
http://tede2.pucrs.br/tede2/bitstream/tede/6859/5/DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf.txt
http://tede2.pucrs.br/tede2/bitstream/tede/6859/3/license.txt
http://tede2.pucrs.br/tede2/bitstream/tede/6859/2/DIS_RAMAO_TIAGO_TIBURSKI_COMPLETO.pdf
bitstream.checksum.fl_str_mv 0e21c18f1391d1c12d49cad8b2353ed7
230cfb4a9550880aaa9176a93d92814a
5a9d6006225b368ef605ba16b4f6d1be
e9ad13edc13527a81d422052d71a67fa
bitstream.checksumAlgorithm.fl_str_mv MD5
MD5
MD5
MD5
repository.name.fl_str_mv Biblioteca Digital de Teses e Dissertações da PUC_RS - Pontifícia Universidade Católica do Rio Grande do Sul (PUCRS)
repository.mail.fl_str_mv biblioteca.central@pucrs.br||
_version_ 1796793221547819008

Registros relacionados