Please use this identifier to cite or link to this item:
http://hdl.handle.net/10773/31192
Title: | Safeguarding from abuse by IoT vendors: edge messages verification of cloud-assisted equipment |
Author: | Cunha, Vítor A. Silva, Eduardo da Carvalho, Marcio B. de Corujo, Daniel Barraca, João P. Gomes, Diogo Schaeffer-Filho, Alberto E. Santos, Carlos R. P. dos Granville, Lisandro Z. Aguiar, Rui L. |
Issue Date: | 8-Apr-2019 |
Publisher: | IEEE |
Abstract: | The fact that most IoT solutions are provided by 3rd-parties, along with the pervasiveness of the collected data, raises privacy and security concerns. There is a need to verify which data is being sent to the 3rd-party, as well as preventing those channels from becoming an exploitation avenue. We propose to use existing API definition languages to create contracts which define the data that can be transmitted, in what format, and with which constraints. To verify the compliance with these contracts, we propose a converging "Multi-Access Edge Computing" architecture which validates RESTalike API requests/responses against a Swagger schema. We deal with encrypted traffic using an SFC-enabled Man-in-the-Middle, allowing us to do verifications in "real-time". We devised a Proof of Concept and shown that we were able to detect (and stop) contract violations. |
Peer review: | yes |
URI: | http://hdl.handle.net/10773/31192 |
Publisher Version: | https://ieeexplore.ieee.org/document/8717812 |
Appears in Collections: | DETI - Capítulo de livro IT - Capítulo de livro |
Files in This Item:
File | Description | Size | Format | |
---|---|---|---|---|
08717812.pdf | 330.94 kB | Adobe PDF |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.