Please use this identifier to cite or link to this item:
Title: Safeguarding from abuse by IoT vendors: edge messages verification of cloud-assisted equipment
Author: Cunha, Vítor A.
Silva, Eduardo da
Carvalho, Marcio B. de
Corujo, Daniel
Barraca, João P.
Gomes, Diogo
Schaeffer-Filho, Alberto E.
Santos, Carlos R. P. dos
Granville, Lisandro Z.
Aguiar, Rui L.
Issue Date: 8-Apr-2019
Publisher: IEEE
Abstract: The fact that most IoT solutions are provided by 3rd-parties, along with the pervasiveness of the collected data, raises privacy and security concerns. There is a need to verify which data is being sent to the 3rd-party, as well as preventing those channels from becoming an exploitation avenue. We propose to use existing API definition languages to create contracts which define the data that can be transmitted, in what format, and with which constraints. To verify the compliance with these contracts, we propose a converging "Multi-Access Edge Computing" architecture which validates RESTalike API requests/responses against a Swagger schema. We deal with encrypted traffic using an SFC-enabled Man-in-the-Middle, allowing us to do verifications in "real-time". We devised a Proof of Concept and shown that we were able to detect (and stop) contract violations.
Peer review: yes
Publisher Version:
Appears in Collections:DETI - Capítulo de livro
IT - Capítulo de livro

Files in This Item:
File Description SizeFormat 
08717812.pdf330.94 kBAdobe PDFrestrictedAccess

Formato BibTex MendeleyEndnote Degois 

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.