To Örebro University

oru.seÖrebro University Publications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era
DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark.
Örebro University, School of Science and Technology. (Center of Applied Autonomous Sensor Systems (AASS))ORCID iD: 0000-0001-9293-7711
Örebro University, School of Science and Technology. DTU Compute, Technical University of Denmark, Kongens Lyngby, Denmark. (Center of Applied Autonomous Sensor Systems (AASS))ORCID iD: 0000-0001-9575-2990
Fondazione Bruno Kessler, Trento, Italy.
Show others and affiliations
2019 (English)In: Future Internet, E-ISSN 1999-5903, Vol. 11, no 6, article id 127Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) is rapidly changing our society to a world where every thing is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

Place, publisher, year, edition, pages
MDPI, 2019. Vol. 11, no 6, article id 127
Keywords [en]
security, Internet of Things, Cloud computing
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:oru:diva-75237DOI: 10.3390/fi11060127ISI: 000473805800007Scopus ID: 2-s2.0-85067464961OAI: oai:DiVA.org:oru-75237DiVA, id: diva2:1339048
Available from: 2019-07-25 Created: 2019-07-25 Last updated: 2023-08-03Bibliographically approved
In thesis
1. Securing the Internet of Things with Security-by-Contract
Open this publication in new window or tab >>Securing the Internet of Things with Security-by-Contract
2021 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Smart homes, industry, healthcare, robotics; virtually every market has seen the uprising of Internet of Things (IoT) devices with different degrees and nuances. IoT devices embody different desirable characteristics, such as mobility, ubiquity, variety, and affordability. All combined, these features made so that IoT devices reached 35 billion units in the world. However, the sudden uprising of market demand put enormous pressure on manufacturers. The necessity of delivering to customers as many devices as possible, in the shortest time possible, leads manufacturers to overlook features that are not perceived critical by the users, such as resiliency to cyberattacks. This led to severe security issues. The prime example is Mirai, a malware that infected hundreds of thousands of IoT devices in 2016 and used them to strike lethal Distributed Denial of Service (DDoS) attacks.

In the first part of this thesis, we present the state of the art regarding IoT devices security resilience. In particular, we provide relevant examples of breaches, an analysis of the relationship between IoT and Cloud from a security point of view, and an example of an IoT device penetration test. Then, we focus on the usage of IoT devices in DDoS-enabled botnets and we provide an extensive study of DDoS-enabling malwares, discussing their evolution and their capabilities.

In the second part, we contextualise the gathered knowledge and we show that the highlighted problems stem from two main causes: insecure configurations and insufficient secure configurability.We also show that, to address these two issues, it is necessary to equip IoT devices with precise and formal descriptions of their behaviour. Therefore, we propose SC4IoT, a security framework for IoT devices that combines Security-by-Contract (SC) paradigm and Fog Computing paradigm. First, we provide a thorough breakdown of our proposal. We start from high-level lifecycles that describe how devices participate to SC4IoT. Then, we discuss the pillars that compose the framework (e.g., security contracts and security policies), together with their formal descriptions. Last, we provide precise algorithms for achieving security-policy matching capabilities, as well as routines for allowing the framework to deal with dynamic changes while maintaining consistency.

Place, publisher, year, edition, pages
Örebro: Örebro University, 2021. p. 55
Series
Örebro Studies in Technology, ISSN 1650-8580 ; 90
National Category
Computer Sciences
Identifiers
urn:nbn:se:oru:diva-88151 (URN)978-91-7529-364-6 (ISBN)
Public defence
2021-01-29, Örebro universitet, Långhuset, Hörsal L2 (and online (zoom)), Fakultetsgatan 1, Örebro, 13:00 (English)
Opponent
Supervisors
Available from: 2020-12-18 Created: 2020-12-18 Last updated: 2021-01-08Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Giaretta, AlbertoDragoni, Nicola

Search in DiVA

By author/editor
Giaretta, AlbertoDragoni, Nicola
By organisation
School of Science and Technology
In the same journal
Future Internet
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 292 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf