FLAT: Um Protocolo de Autenticação Federada para a Internet das Coisas
Resumo
Com o crescimento da Internet das Coisas (IoT), a autenticação de dispositivos passa a ser um grande desafio, principalmente quando se leva em consideração a restrição de recursos computacionais e seu potencial de mobilidade entre diferentes domínios de autenticação. Nossa solução, FLAT, é um protocolo de autenticação federada especialmente modelado para IoT, com o uso de primitivas criptográficas simétricas na comunicação com o Cliente IoT. Apresentamos um protótipo do protocolo e cenários de uso da solução, além de uma avaliação de seus custos computacionais e de comunicação, que mostram ser possível uma redução de cerca de 36% nos custos totais de comunicação.
Referências
Abomhara, M. and Køien, G. M. (2014). Security and privacy in the internet of things: Current status and open issues. In PRISMS 2014, pages 1–8.
Aranha, D. F. and Gouvêa, C. P. L. RELIC is an Efcient LIbrary for Cryptography. https://github.com/relic-toolkit/relic.
Atzori, L., Iera, A., and Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15):2787 – 2805.
Brown, D. R., Gallant, R., and Vanstone, S. A. (2001). Provably secure implicit certicate schemes. In FC’01 Financial Cryptography, pages 156–165. Springer.
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., and Ferrari, G. (2015). IoT-OAS: An OAuthbased Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal, 15(2):1224–1234.
Domenech, M. C., Boukerche, A., and Wangham, M. S. (2016). An Authentication and Authorization Infrastructure for the Web of Things. In Q2SWinet. ACM.
Fremantle, P. and Aziz, B. (2016). Oauthing: privacy-enhancing federation for the internet of things. In Cloudication of the Internet of Things (CIoT), pages 1–6. IEEE.
Fremantle, P., Aziz, B., Kopecký, J., and Scott, P. (2014). Federated identity and access management for the internet of things. In SIoT’14.
Hong, J., Levy, A., and Levis, P. (2016). Demo: Building Comprehensible Access Control for the Internet of Things Using Beetle. In MobiSys’16.
Koppula, S. and Muthukuru, J. (2016). Secure digital signature scheme based on ellipInternational Journal of Electrical and Computer tic curves for internet of things. Engineering, 6(3):1002.
Lopez, D. R., Macias, J., Molina, M., Rauschenbach, J., Solberg, A., and Stanica, M.(2006). Deliverable DJ5.2.3.1: Best Practice Guide – AAI Cookbook. Géant 2.
Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (2001). Handbook of Applied Cryptography. CRC Press.
Neuman, C., Yu, T., Hartman, S., and Raeburn, K. (2005). The kerberos network authentication service (v5). RFC 4120, RFC Editor.
Nogueira, H., Custodio, R. F., Moecke, C. T., and Wangham, M. S. (2011). Using notary based public key infrastructure in shibboleth. In SBSeg’11, pages 405–413. SBC.
Sasso, F. C., De Moraes, R. A. R., and Martina, J. E. (2014). A proposal for a unied identity card for use in an academic federation environment. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, pages 265–272. IEEE.
Shim, S. S., Bhalla, G., and Pendyala, V. (2005). Federated identity management. Computer, 38(12):120–122.
Silva, C. E. and Silva, G. C. (2017). Uma proposta de arquitetura para autorização federada com internet das coisas. In SBSeg’17, pages 783–766. SBC.
Suh, G. E. and Devadas, S. (2007). Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th DAC, pages 9–14. ACM.
Ververidis, C. N. and Polyzos, G. C. (2008). Service discovery for mobile ad hoc networks: a survey of issues and techniques. IEEE Communications Surveys & Tutorials, 10(3).
Wangham, M. S., Mello, E. R. d., Souza, M. C., and Coelho, H. (2013). Gidlab: Laboratório de experimentação em gestão de identidades. In SBSeg’13, pages 481–486. SBC.
Wei, J. (2014). How wearables intersect with the cloud and the internet of things : Considerations for the developers of wearables. IEEE Consumer Electronics Magazine, 3(3):53–56.
Witkovski, A., Santin, A., Abreu, V., and Marynowski, J. (2015). An IdM and Key-based Authentication Method for Providing Single Sign-On in IoT. In GLOBECOM. IEEE.
Aranha, D. F. and Gouvêa, C. P. L. RELIC is an Efcient LIbrary for Cryptography. https://github.com/relic-toolkit/relic.
Atzori, L., Iera, A., and Morabito, G. (2010). The internet of things: A survey. Computer Networks, 54(15):2787 – 2805.
Brown, D. R., Gallant, R., and Vanstone, S. A. (2001). Provably secure implicit certicate schemes. In FC’01 Financial Cryptography, pages 156–165. Springer.
Cirani, S., Picone, M., Gonizzi, P., Veltri, L., and Ferrari, G. (2015). IoT-OAS: An OAuthbased Authorization Service Architecture for Secure Services in IoT Scenarios. IEEE Sensors Journal, 15(2):1224–1234.
Domenech, M. C., Boukerche, A., and Wangham, M. S. (2016). An Authentication and Authorization Infrastructure for the Web of Things. In Q2SWinet. ACM.
Fremantle, P. and Aziz, B. (2016). Oauthing: privacy-enhancing federation for the internet of things. In Cloudication of the Internet of Things (CIoT), pages 1–6. IEEE.
Fremantle, P., Aziz, B., Kopecký, J., and Scott, P. (2014). Federated identity and access management for the internet of things. In SIoT’14.
Hong, J., Levy, A., and Levis, P. (2016). Demo: Building Comprehensible Access Control for the Internet of Things Using Beetle. In MobiSys’16.
Koppula, S. and Muthukuru, J. (2016). Secure digital signature scheme based on ellipInternational Journal of Electrical and Computer tic curves for internet of things. Engineering, 6(3):1002.
Lopez, D. R., Macias, J., Molina, M., Rauschenbach, J., Solberg, A., and Stanica, M.(2006). Deliverable DJ5.2.3.1: Best Practice Guide – AAI Cookbook. Géant 2.
Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (2001). Handbook of Applied Cryptography. CRC Press.
Neuman, C., Yu, T., Hartman, S., and Raeburn, K. (2005). The kerberos network authentication service (v5). RFC 4120, RFC Editor.
Nogueira, H., Custodio, R. F., Moecke, C. T., and Wangham, M. S. (2011). Using notary based public key infrastructure in shibboleth. In SBSeg’11, pages 405–413. SBC.
Sasso, F. C., De Moraes, R. A. R., and Martina, J. E. (2014). A proposal for a unied identity card for use in an academic federation environment. In Availability, Reliability and Security (ARES), 2014 Ninth International Conference on, pages 265–272. IEEE.
Shim, S. S., Bhalla, G., and Pendyala, V. (2005). Federated identity management. Computer, 38(12):120–122.
Silva, C. E. and Silva, G. C. (2017). Uma proposta de arquitetura para autorização federada com internet das coisas. In SBSeg’17, pages 783–766. SBC.
Suh, G. E. and Devadas, S. (2007). Physical unclonable functions for device authentication and secret key generation. In Proceedings of the 44th DAC, pages 9–14. ACM.
Ververidis, C. N. and Polyzos, G. C. (2008). Service discovery for mobile ad hoc networks: a survey of issues and techniques. IEEE Communications Surveys & Tutorials, 10(3).
Wangham, M. S., Mello, E. R. d., Souza, M. C., and Coelho, H. (2013). Gidlab: Laboratório de experimentação em gestão de identidades. In SBSeg’13, pages 481–486. SBC.
Wei, J. (2014). How wearables intersect with the cloud and the internet of things : Considerations for the developers of wearables. IEEE Consumer Electronics Magazine, 3(3):53–56.
Witkovski, A., Santin, A., Abreu, V., and Marynowski, J. (2015). An IdM and Key-based Authentication Method for Providing Single Sign-On in IoT. In GLOBECOM. IEEE.
Publicado
10/05/2018
Como Citar
SANTOS, Maria L. B. A.; CARNEIRO, Jéssica C.; FRANCO, Antônio M. R.; TEIXEIRA, Fernando A.; HENRIQUES, Marco A.; OLIVEIRA, Leonardo B..
FLAT: Um Protocolo de Autenticação Federada para a Internet das Coisas. In: SIMPÓSIO BRASILEIRO DE REDES DE COMPUTADORES E SISTEMAS DISTRIBUÍDOS (SBRC), 36. , 2018, Campos do Jordão.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 477-490.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2018.2436.
