Resilient Authentication and Authorization for the Internet of Things (Iot) Using Edge Computing

Author(s): Hokeun Kim, Eunsuk Kang, David Broman, and Edward A. Lee

Abstract
An emerging type of network architecture called edge computing has the potential to improve the availability and resilience of IoT services under anomalous situations such as network failures or denial-of-service (DoS) attacks. However, relatively little has been explored on the problem of ensuring availability even when edge computers that provide key security services (e.g., authentication and authorization) become unavailable themselves. This article proposes a resilient authentication and authorization framework to enhance the availability of IoT services under DoS attacks or failures. The proposed approach leverages a technique called secure migration, which allows an IoT device to migrate to another trusted edge computer when its own local authorization service becomes unavailable. Specifically, we describe the design of a secure migration framework and its supporting mechanisms, including (1) automated migration policy construction and (2) protocols for preparing and executing the secure migration. We formalize secure migration policy construction as an integer linear programming (ILP) problem and show its effectiveness using a case study on smart buildings, where the proposed solution achieves significantly higher availability under simulated attacks on authorization services.

Electronic Downloads

Citation Formats

  • APA
                    
    Hokeun Kim, Eunsuk Kang, David Broman, and Edward A. Lee. (2020). Resilient Authentication and Authorization for the Internet of Things (Iot) Using Edge Computing. In ACM Transactions on Internet of Things, 1(1), 4.                      
                    
                    
  • MLA
                    
    Hokeun Kim, Eunsuk Kang, David Broman, and Edward A. Lee. "Resilient Authentication and Authorization for the Internet of Things (Iot) Using Edge Computing." 2020. ACM Transactions on Internet of Things, vol. 1, no. 1, pp. 4.                      
                    
                    
  • Chicago
                    
    Hokeun Kim, Eunsuk Kang, David Broman, and Edward A. Lee. "Resilient Authentication and Authorization for the Internet of Things (Iot) Using Edge Computing." 2020. In ACM Transactions on Internet of Things, vol. 1(1): 4.                      
                    
                    
  • BibTeX
                        
    @article{KimEtAl:20:Authentication,
    	author = {Hokeun Kim, Eunsuk Kang, David Broman, and Edward A. Lee},
    	title = {Resilient Authentication and Authorization for the Internet of Things (Iot) Using Edge Computing},
    journal = {ACM Transactions on Internet of Things},
    volume = {1},
    number = {1},
    pages = {4},
    month = {February},
    year = {2020},
    abstract = {An emerging type of network architecture called edge computing has the potential to improve the availability and resilience of IoT services under anomalous situations such as network failures or denial-of-service (DoS) attacks. However, relatively little has been explored on the problem of ensuring availability even when edge computers that provide key security services (e.g., authentication and authorization) become unavailable themselves. This article proposes a resilient authentication and authorization framework to enhance the availability of IoT services under DoS attacks or failures. The proposed approach leverages a technique called secure migration, which allows an IoT device to migrate to another trusted edge computer when its own local authorization service becomes unavailable. Specifically, we describe the design of a secure migration framework and its supporting mechanisms, including (1) automated migration policy construction and (2) protocols for preparing and executing the secure migration. We formalize secure migration policy construction as an integer linear programming (ILP) problem and show its effectiveness using a case study on smart buildings, where the proposed solution achieves significantly higher availability under simulated attacks on authorization services.},
    URL = {https://doi.org/10.1145/3375837}}