This page has only limited features, please log in for full access.
Since the inception of the Internet of Things (IoT), we have adopted centralized architecture for decades. With the vastly growing number of IoT devices and gateways, this architecture struggles to cope with the high demands of state-of-the-art IoT services, which require scalable and responsive infrastructure. In response, decentralization becomes a considerable interest among IoT adopters. Following a similar trajectory, this paper introduces an IoT architecture re-work that enables three spheres of IoT workflows (i.e., computing, storage, and networking) to be run in a distributed manner. In particular, we employ the blockchain and smart contract to provide a secure computing platform. The distributed storage network maintains the saving of IoT raw data and application data. The software-defined networking (SDN) controllers and SDN switches exist in the architecture to provide connectivity across multiple IoT domains. We envision all of those services in the form of separate yet integrated peer-to-peer (P2P) overlay networks, which IoT actors such as IoT domain owners, IoT users, Internet Service Provider (ISP), and government can cultivate. We also present several IoT workflow examples showing how IoT developers can adapt to this new proposed architecture. Based on the presented workflows, the IoT computing can be performed in a trusted and privacy-preserving manner, the IoT storage can be made robust and verifiable, and finally, we can react to the network events automatically and quickly. Our discussions in this paper can be beneficial for many people ranging from academia, industries, and investors that are interested in the future of IoT in general.
Yustus Oktian; Elizabeth Witanto; Sang-Gon Lee. A Conceptual Architecture in Decentralizing Computing, Storage, and Networking Aspect of IoT Infrastructure. IoT 2021, 2, 205 -221.
AMA StyleYustus Oktian, Elizabeth Witanto, Sang-Gon Lee. A Conceptual Architecture in Decentralizing Computing, Storage, and Networking Aspect of IoT Infrastructure. IoT. 2021; 2 (2):205-221.
Chicago/Turabian StyleYustus Oktian; Elizabeth Witanto; Sang-Gon Lee. 2021. "A Conceptual Architecture in Decentralizing Computing, Storage, and Networking Aspect of IoT Infrastructure." IoT 2, no. 2: 205-221.
Improper configuration of web applications or servers can lead to various security flaws. Security misconfiguration is ranked number 6 on the OWASP top 10 2017 list, meaning it is a critical risk in web applications that web developers need to focus on. The exploitation of this kind of vulnerabilities can lead to exploitation of other severe vulnerabilities and complete compromise of web applications. In this paper, we collaborate with security experts from a web security company to propose a tool to detect security misconfigurations in web applications. Our proposed tool, BitScanner, can effectively identify misconfiguration issues in all web applications regardless of the platform and technology they are built. The proposed tool is to enable web developers to fix any misconfiguration issues in applications before deployment in real development scenarios. Evaluation results show that our proposed tool has higher detection coverage and avoids false positives.
Sandra Kumi; ChaeHo Lim; Sang-Gon Lee; Yustus Oko Oktian; Elizabeth Nathania Witanto. Automatic Detection of Security Misconfigurations in Web Applications. Proceedings of International Conference on Big Data, Machine Learning and Applications 2020, 91 -99.
AMA StyleSandra Kumi, ChaeHo Lim, Sang-Gon Lee, Yustus Oko Oktian, Elizabeth Nathania Witanto. Automatic Detection of Security Misconfigurations in Web Applications. Proceedings of International Conference on Big Data, Machine Learning and Applications. 2020; ():91-99.
Chicago/Turabian StyleSandra Kumi; ChaeHo Lim; Sang-Gon Lee; Yustus Oko Oktian; Elizabeth Nathania Witanto. 2020. "Automatic Detection of Security Misconfigurations in Web Applications." Proceedings of International Conference on Big Data, Machine Learning and Applications , no. : 91-99.
As the usage growth rate of Internet of Things (IoT) devices is increasing, various issues related to these devices need attention. One of them is the distribution of the IoT firmware update. The IoT devices’ software development does not end when the manufacturer sells the devices to the market. It still needs to be kept updated to prevent cyber-attacks. The commonly used firmware update process, over-the-air (OTA), mostly happens in a centralized way, in which the IoT devices directly download the firmware update from the manufacturer’s server. This central architecture makes the manufacturer’s server vulnerable to single-point-of-failure and latency issues that can delay critical patches from being applied to vulnerable devices. The Open Connectivity Foundation (OCF) is one organization contributing to providing interoperability services for IoT devices. In one of their subject areas, they provide a firmware update protocol for IoT devices. However, their firmware update process does not ensure the integrity and security of the patches. In this paper, we propose a blockchain-based OCF firmware update for IoT devices. Specifically, we introduce two types of firmware update protocol, direct and peer-to-peer updates, integrated into OCF firmware update specifications. In the direct scenario, the device, through the IoT gateway, can download the new firmware update from the manufacturer’s server. Meanwhile, in the peer-to-peer scheme, the device can query the update from the nearby gateways. We implemented our protocol using Raspberry Pi hardware and Ethereum-based blockchain with the smart contracts to record metadata of the manufacturer’s firmware updates. We evaluated the proposed system’s performance by measuring the average throughput, the latency, and the firmware update distribution’s duration. The analysis results indicate that our proposal can deliver firmware updates in a reasonable duration, with the peer-to-peer version having a faster completion time than the direct one.
Elizabeth Nathania Witanto; Yustus Eko Oktian; Sang-Gon Lee; Jin-Heung Lee. A Blockchain-Based OCF Firmware Update for IoT Devices. Applied Sciences 2020, 10, 6744 .
AMA StyleElizabeth Nathania Witanto, Yustus Eko Oktian, Sang-Gon Lee, Jin-Heung Lee. A Blockchain-Based OCF Firmware Update for IoT Devices. Applied Sciences. 2020; 10 (19):6744.
Chicago/Turabian StyleElizabeth Nathania Witanto; Yustus Eko Oktian; Sang-Gon Lee; Jin-Heung Lee. 2020. "A Blockchain-Based OCF Firmware Update for IoT Devices." Applied Sciences 10, no. 19: 6744.
The state-of-the-art centralized Internet of Things (IoT) data flow pipeline has started aging since it cannot cope with the vast number of newly connected IoT devices. As a result, the community begins the transition to a decentralized pipeline to encourage data and resource sharing. However, the move is not trivial. With many instances allocating data or service arbitrarily, how can we guarantee the correctness of IoT data or processes that other parties offer. Furthermore, in case of dispute, how can the IoT data assist in determining which party is guilty of faulty behavior. Finally, the number of Service Level Agreement (SLA) increases as the number of sharing grows. The problem then becomes how we can provide a natural SLA generation and verification that we can automate instead of going through a manual and tedious legalization process through a trusted third party. In this paper, we explore blockchain solutions to answer those issues and propose continued data integrity services for IoT big data management. Specifically, we design five integrity protocols across three phases of IoT operations—during the transmission of IoT data (data in transit), when we physically store the data in the database (data at rest), and at the time of data processing (data in process). In each phase, we first lay out our motivations and survey the related blockchain solutions from the literature. We then use curated papers from our surveys as building blocks in designing the protocol. Using our proposal, we augment the overall value of IoT data and commands, generated in the IoT system, as they are now tamper-proof, verifiable, non-repudiable, and more robust.
Yustus Eko Oktian; Sang-Gon Lee; Byung-Gook Lee. Blockchain-Based Continued Integrity Service for IoT Big Data Management: A Comprehensive Design. Electronics 2020, 9, 1434 .
AMA StyleYustus Eko Oktian, Sang-Gon Lee, Byung-Gook Lee. Blockchain-Based Continued Integrity Service for IoT Big Data Management: A Comprehensive Design. Electronics. 2020; 9 (9):1434.
Chicago/Turabian StyleYustus Eko Oktian; Sang-Gon Lee; Byung-Gook Lee. 2020. "Blockchain-Based Continued Integrity Service for IoT Big Data Management: A Comprehensive Design." Electronics 9, no. 9: 1434.
Many researchers challenge the possibility of using blockchain and smart contracts to disrupt the Internet of Things (IoT) architecture because of their security and decentralization guarantees. However, the state-of-the-art blockchain architecture is not scalable enough to satisfy the requirements of massive data traffics in the IoT environment. The main reason for this issue is one needs to choose the consensus trade-off between either coping with a high throughput or a high number of nodes. Consequently, this issue prevents the applicability of blockchain for IoT use cases. In this paper, we propose a scalable two-tiered hierarchical blockchain architecture for IoT. The first tier is a Core Engine, which is based on a Practical Byzantine Fault Tolerance (PBFT) consensus to cope with a high throughput, that supervises the underlying subordinate engines (sub-engines) as its second tier. This second tier comprises of the Payment, Compute, and Storage Engine, respectively. We can deploy multiple instances of these sub-engines as many as we need and as local as possible near to the IoT domains, where IoT devices reside, to cope with a high number of nodes. Furthermore, to further extend the scalability of the proposed architecture, we also provide additional scalability features on the Core Engine such as request aggregation, request prioritization, as well as sub-engine parallelism. We implement all of our engines and expose them to IoT applications through the Engine APIs. With these APIs, developers can build and run IoT applications in our architecture. Our evaluation results show that our proposed features on the Core Engine can indeed enhance the overall performance of our architecture. Moreover, based on our proof-of-concept IoT car rental application, we also show that the interoperability between sub-engines through the Core Engine is possible, even when the particular sub-engine is under sub-engine parallelism.
Yustus Eko Oktian; Sang-Gon Lee; Hoon Jae Lee. Hierarchical Multi-Blockchain Architecture for Scalable Internet of Things Environment. Electronics 2020, 9, 1050 .
AMA StyleYustus Eko Oktian, Sang-Gon Lee, Hoon Jae Lee. Hierarchical Multi-Blockchain Architecture for Scalable Internet of Things Environment. Electronics. 2020; 9 (6):1050.
Chicago/Turabian StyleYustus Eko Oktian; Sang-Gon Lee; Hoon Jae Lee. 2020. "Hierarchical Multi-Blockchain Architecture for Scalable Internet of Things Environment." Electronics 9, no. 6: 1050.
Implementing REST API for SDN is quite challenging compared to conventional web services. First, the state transfers in SDN are more complex among network devices, controllers, and applications. Second, SDN provides more granular resources in both the controller and the network device itself. Those challenges require SDN to have a proper REST API security definition, which is currently not available in most of the SDN controllers. In this paper, we propose and implement a REST API security module for SDN controller based on OAuth 2.0. We answer the SDN REST API security challenges by presenting novel access control parameters to cope with the granular resources introduced by SDN. Our prototype maintains the best trade-off between performance and safety by generating a maximum value of 15% overhead during our benchmark. It also offers a customizable and flexible access control for the network in various use cases.
Yustus Eko Oktian; Sang-Gon Lee; JunHuy Lam. OAuthkeeper: An Authorization Framework for Software Defined Network. Journal of Network and Systems Management 2017, 26, 147 -168.
AMA StyleYustus Eko Oktian, Sang-Gon Lee, JunHuy Lam. OAuthkeeper: An Authorization Framework for Software Defined Network. Journal of Network and Systems Management. 2017; 26 (1):147-168.
Chicago/Turabian StyleYustus Eko Oktian; Sang-Gon Lee; JunHuy Lam. 2017. "OAuthkeeper: An Authorization Framework for Software Defined Network." Journal of Network and Systems Management 26, no. 1: 147-168.
In software-defined network (SDN), the southbound protocol defines the communication between the control plane and the data plane. The agreed protocol, OpenFlow, suggests securing the southbound communication with Transport Layer Security (TLS). However, most current SDN projects do not implement the security segment, with only a few exceptions such as OpenDayLight, HP VAN SDN, and ONOS implementing TLS in the southbound communication. From the telecommunication providers’ perspective, one of the major SDN consumers besides data centers, the data plane becomes much more complicated with the addition of wireless data plane as it involves numerous wireless technologies. Therefore, the complicated resource management along with the security of such a data plane can hinder the migration to SDN. In this paper, we propose securing the distributed SDN communication with a multidomain capable Identity-Based Cryptography (IBC) protocol, particularly for the southbound and wireless data plane communication. We also analyze the TLS-secured Message Queuing Telemetry Transport (MQTT) message exchanges to find out the possible bandwidth saved with IBC.
JunHuy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. Securing SDN Southbound and Data Plane Communication with IBC. Mobile Information Systems 2016, 2016, 1 -12.
AMA StyleJunHuy Lam, Sang-Gon Lee, Hoon-Jae Lee, Yustus Eko Oktian. Securing SDN Southbound and Data Plane Communication with IBC. Mobile Information Systems. 2016; 2016 ():1-12.
Chicago/Turabian StyleJunHuy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. 2016. "Securing SDN Southbound and Data Plane Communication with IBC." Mobile Information Systems 2016, no. : 1-12.
East/West-bound communication is the communication channel which exists only in the distributed software-defined network (SDN) that governs the communication within the control plane of the network. Unlike most SDN projects, that have neglected the security of, and have achieved east/west-bound communication with the assistance of a network application on the management plane through the representational state transfer (REST) application program interface (API), the Open Networking Operating System (ONOS) was designed with distributed functionality as one of its core features. Hence, it supports both the native intra-cluster and the network application’s inter-cluster communication. In this paper, the transport layer security (TLS) channel for ONOS’s native east/west-bound communication was implemented and the performance impact was evaluated.
Jun Huy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. TLS Channel Implementation for ONOS’s East/West-Bound Communication. Lecture Notes in Electrical Engineering 2016, 397 -403.
AMA StyleJun Huy Lam, Sang-Gon Lee, Hoon-Jae Lee, Yustus Eko Oktian. TLS Channel Implementation for ONOS’s East/West-Bound Communication. Lecture Notes in Electrical Engineering. 2016; ():397-403.
Chicago/Turabian StyleJun Huy Lam; Sang-Gon Lee; Hoon-Jae Lee; Yustus Eko Oktian. 2016. "TLS Channel Implementation for ONOS’s East/West-Bound Communication." Lecture Notes in Electrical Engineering , no. : 397-403.
Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. According to our analysis, Jing et al.’s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.
Bruce Ndibanje; Hoon-Jae Lee; Sang-Gon Lee. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things. Sensors 2014, 14, 14786 -14805.
AMA StyleBruce Ndibanje, Hoon-Jae Lee, Sang-Gon Lee. Security Analysis and Improvements of Authentication and Access Control in the Internet of Things. Sensors. 2014; 14 (8):14786-14805.
Chicago/Turabian StyleBruce Ndibanje; Hoon-Jae Lee; Sang-Gon Lee. 2014. "Security Analysis and Improvements of Authentication and Access Control in the Internet of Things." Sensors 14, no. 8: 14786-14805.
Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors’ sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.
Pardeep Kumar; Mika Ylianttila; Andrei Gurtov; Sang-Gon Lee; Hoon-Jae Lee. An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications. Sensors 2014, 14, 2732 -2755.
AMA StylePardeep Kumar, Mika Ylianttila, Andrei Gurtov, Sang-Gon Lee, Hoon-Jae Lee. An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications. Sensors. 2014; 14 (2):2732-2755.
Chicago/Turabian StylePardeep Kumar; Mika Ylianttila; Andrei Gurtov; Sang-Gon Lee; Hoon-Jae Lee. 2014. "An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications." Sensors 14, no. 2: 2732-2755.
A wireless medical sensor network (WMSN) can sense humans’ physiological signs without sacrificing patient comfort and transmit patient vital signs to health professionals’ hand-held devices. The patient physiological data are highly sensitive and WMSNs are extremely vulnerable to many attacks. Therefore, it must be ensured that patients’ medical signs are not exposed to unauthorized users. Consequently, strong user authentication is the main concern for the success and large scale deployment of WMSNs. In this regard, this paper presents an efficient, strong authentication protocol, named E-SAP, for healthcare application using WMSNs. The proposed E-SAP includes: (1) a two-factor (i.e., password and smartcard) professional authentication; (2) mutual authentication between the professional and the medical sensor; (3) symmetric encryption/decryption for providing message confidentiality; (4) establishment of a secure session key at the end of authentication; and (5) professionals can change their password. Further, the proposed protocol requires three message exchanges between the professional, medical sensor node and gateway node, and achieves efficiency (i.e., low computation and communication cost). Through the formal analysis, security analysis and performance analysis, we demonstrate that E-SAP is more secure against many practical attacks, and allows a tradeoff between the security and the performance cost for healthcare application using WMSNs.
Pardeep Kumar; Sang-Gon Lee; Hoon-Jae Lee. E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks. Sensors 2012, 12, 1625 -1647.
AMA StylePardeep Kumar, Sang-Gon Lee, Hoon-Jae Lee. E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks. Sensors. 2012; 12 (2):1625-1647.
Chicago/Turabian StylePardeep Kumar; Sang-Gon Lee; Hoon-Jae Lee. 2012. "E-SAP: Efficient-Strong Authentication Protocol for Healthcare Applications Using Wireless Medical Sensor Networks." Sensors 12, no. 2: 1625-1647.
In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.
Pardeep Kumar; Amlan Jyoti Choudhury; Mangal Sain; Sang-Gon Lee; Hoon-Jae Lee. RUASN: A Robust User Authentication Framework for Wireless Sensor Networks. Sensors 2011, 11, 5020 -5046.
AMA StylePardeep Kumar, Amlan Jyoti Choudhury, Mangal Sain, Sang-Gon Lee, Hoon-Jae Lee. RUASN: A Robust User Authentication Framework for Wireless Sensor Networks. Sensors. 2011; 11 (5):5020-5046.
Chicago/Turabian StylePardeep Kumar; Amlan Jyoti Choudhury; Mangal Sain; Sang-Gon Lee; Hoon-Jae Lee. 2011. "RUASN: A Robust User Authentication Framework for Wireless Sensor Networks." Sensors 11, no. 5: 5020-5046.