Showing papers by "Alberto Coen-Porisini published in 2022"

Analysis on functionalities and security features of Internet of Things related protocols

Abstract: Abstract The Internet of Things (IoT) paradigm is characterized by the adoption of different protocols and standards to enable communications among heterogeneous and, often, resource-constrained devices. The risk of violation is high due to the wireless nature of the communication protocols usually involved in the IoT environments (e.g., e-health, smart agriculture, industry 4.0, military scenarios). For such a reason, proper security countermeasures must be undertaken, in order to prevent and react to malicious attacks, which could hinder the data reliability. In particular, the following requirements should be addressed: authentication, confidentiality, integrity, and authorization. This paper aims at investigating such security features, which are often combined with native functionalities, in the most known IoT-related protocols: MQTT, CoAP, LoRaWAN, AMQP, RFID, ZigBee, and Sigfox. The advantages and weaknesses of each one will be revealed, in order to point out open issues and best practices in the design of efficient and robust IoT network infrastructure.

Securing the access control policies to the Internet of Things resources through permissioned blockchain

Abstract: Security and privacy of information transmitted among the devices involved in an Internet of Things (IoT) network represent relevant issues in IoT contexts. Guaranteeing effective control and supervising access permissions to IoT applications is a complex task, mainly due to resources' heterogeneity and scalability requirements. The design and development of highly customizable access control policies, along with an efficient mechanism for ensuring that the rules applied by the IoT platform are not tampered with or violated, will undoubtedly have a significant impact on the diffusion of IoT‐based solutions. In such a direction, the article proposes the integration of a permissioned blockchain within an honest‐but‐curious (i.e., not trusted) IoT distributed middleware layer, which aims to guarantee the correct management of access to resources by the interested parties. The result is a robust and lightweight system, able to manage the data produced by IoT devices, support relevant security features, such as integrity and confidentiality, and resist different kinds of attacks. The use of blockchain will ensure the tamper‐resistance and synchronization of the distributed system, where various stakeholders own applications and IoT platforms. The methodology and the proposed architecture are validated employing a test‐bed.

Security&privacy issues and challenges in NoSQL databases

Abstract: Organizing the storing of information and data retrieval from databases is a crucial issue, which has become more critical with the spreading of cloud and Internet of Things (IoT) based applications. In fact, not only the network’s traffic has increased, but also the amount of memory and the mechanisms needed to manage the so-called Big Data efficiently. Relational databases, based on SQL, are giving way to the NoSQL ones due to their efficiency in managing the heterogeneous information gathered from IoT environments. Such data can be stored, in a distributed manner, within the IoT network’s devices or in the cloud. Hence, security and privacy concerns naturally emerge regarding access control, authentication, and authorization requirements. This paper analyzes the current state of the art of security and privacy solutions tailored to NoSQL databases, particularly Redis, Cassandra, MongoDB, and Neo4j stores. The paper also aims to shed light on current challenges and future research directions in the field databases’ security in the IoT scenario.