Publications - Pervasive Computing Laboratory

Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT lz magos Pervasive computing privacy Protection Protocols Qursa raudo2 Security Smart Card Trust management Ubisec VANETs 
Show all
2021
 Seoane-Merida, Victor;  García-Rubio, Carlos;  Almenares-Mendoza, Florina;  Campo-Vázquez, Celeste
Performance evaluation of CoAP and MQTT with security support for IoT environments Journal Article 
In: COMPUTER NETWORKS, vol. 197, iss. 108338, pp. 1-22, 2021, ISSN: 1389-1286.
Abstract | Links | BibTeX | Tags: coap, cynamon, Internet of Things, magos, mqtt, Performance evaluation, Security
@article{campos004,

title = {Performance evaluation of CoAP and MQTT with security support for IoT environments},

author = {Victor Seoane-Merida and Carlos García-Rubio and Florina Almenares-Mendoza and Celeste Campo-Vázquez},

url = {http://hdl.handle.net/10016/33795},

doi = {https://doi.org/10.1016/j.comnet.2021.108338},

issn = {1389-1286},

year  = {2021},

date = {2021-10-04},

urldate = {2021-10-04},

journal = {COMPUTER NETWORKS},

volume = {197},

issue = {108338},

pages = {1-22},

abstract = {World is living an overwhelming explosion of smart devices: electronic gadgets, appliances, meters, cars, sensors, camera and even traffic lights, that are connected to the Internet to extend their capabilities, constituting what is known as Internet of Things (IoT). In these environments, the application layer is decisive for the quality of the connection, which has dependencies to the transport layer, mainly when secure communications are used. This paper analyses the performance offered by these two most popular protocols for the application layer: Constrained Application Protocol (CoAP) and Message Queue Telemetry Transport (MQTT). This analysis aims to examine the features and capabilities of the two protocols and to determine their feasibility to operate under constrained devices taking into account security support and diverse network conditions, unlike the previous works. Since IoT devices typically show battery constraints, the analysis is focused on bandwidth and CPU use, using realistic network scenarios, since this use translates to power consumption.},

keywords = {coap, cynamon, Internet of Things, magos, mqtt, Performance evaluation, Security},

pubstate = {published},

tppubtype = {article}

}

Close
World is living an overwhelming explosion of smart devices: electronic gadgets, appliances, meters, cars, sensors, camera and even traffic lights, that are connected to the Internet to extend their capabilities, constituting what is known as Internet of Things (IoT). In these environments, the application layer is decisive for the quality of the connection, which has dependencies to the transport layer, mainly when secure communications are used. This paper analyses the performance offered by these two most popular protocols for the application layer: Constrained Application Protocol (CoAP) and Message Queue Telemetry Transport (MQTT). This analysis aims to examine the features and capabilities of the two protocols and to determine their feasibility to operate under constrained devices taking into account security support and diverse network conditions, unlike the previous works. Since IoT devices typically show battery constraints, the analysis is focused on bandwidth and CPU use, using realistic network scenarios, since this use translates to power consumption.
Close
http://hdl.handle.net/10016/33795
doi:https://doi.org/10.1016/j.comnet.2021.108338
Close
2019
 Díaz-Sánchez, Daniel;  Marín-Lopez, Andrés;  Mendoza, Florina Almenárez;  Cabarcos, Patricia Arias
DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT † Journal Article 
In: Sensors, vol. 19, iss. 15, pp. 1-23, 2019, ISSN: 1424-8220.
Abstract | Links | BibTeX | Tags: authentication, chameleon signatures, cynamon, DANE, DNSSEC, Internet of Things, magos, microservices
@article{Diaz_Sanchez_2019,

title = {DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT †},

author = {Daniel Díaz-Sánchez and Andrés Marín-Lopez and Florina Almenárez Mendoza and Patricia Arias Cabarcos},

url = {http://dx.doi.org/10.3390/s19153292

/download/DNS_DANE_Collision-Based_Distributed_and_Dynamic_Authentication_for_Microservices_in_IoT.pdf},

doi = {https://doi.org/10.3390/s19153292},

issn = {1424-8220},

year  = {2019},

date = {2019-07-26},

urldate = {2019-07-26},

journal = {Sensors},

volume = {19},

issue = {15},

pages = {1-23},

publisher = {MDPI AG},

abstract = {IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.},

keywords = {authentication, chameleon signatures, cynamon, DANE, DNSSEC, Internet of Things, magos, microservices},

pubstate = {published},

tppubtype = {article}

}

Close
IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.
Close
http://dx.doi.org/10.3390/s19153292
/download/DNS_DANE_Collision-Based_Distributed_and_Dynamic_Authentication_for_Mi[...]
doi:https://doi.org/10.3390/s19153292
Close
 Díaz-Sánchez, Daniel;  Marín-López, Andrés;  Almenárez-Mendoza, Florina;  Arias-Cabarcos, Patricia;  Simon-Sherratt, R.
TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications Journal Article 
In: IEEE Communications Surveys and Tutorials, vol. 21, iss. 4, pp. 3502-3531, 2019, ISSN: 1553-877X.
Abstract | Links | BibTeX | Tags: authentication, certificate pinning, cynamon, DTLS, Internet of Things, Machine to Machine, magos, PKI, Protocols, TLS, Trusted Third Party, Tutorials
@article{8704893,

title = {TLS/PKI Challenges and Certificate Pinning Techniques for IoT and M2M Secure Communications},

author = {Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenárez-Mendoza and Patricia Arias-Cabarcos and R. Simon-Sherratt},

url = {https://doi.org/10.1109/COMST.2019.2914453

https://ieeexplore.ieee.org/document/8704893

https://phpmyadmin.pervasive.it.uc3m.es/download/TLC-PKI-challenges-certificate-pinning.pdf},

doi = {10.1109/COMST.2019.2914453},

issn = {1553-877X},

year  = {2019},

date = {2019-05-02},

urldate = {2019-05-02},

journal = {IEEE Communications Surveys and Tutorials},

volume = {21},

issue = {4},

pages = {3502-3531},

abstract = {Transport layer security (TLS) is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on public key infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, this paper provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current certificate pinning solutions in order to illustrate the potential problems that should be addressed.},

keywords = {authentication, certificate pinning, cynamon, DTLS, Internet of Things, Machine to Machine, magos, PKI, Protocols, TLS, Trusted Third Party, Tutorials},

pubstate = {published},

tppubtype = {article}

}

Close
Transport layer security (TLS) is becoming the de facto standard to provide end-to-end security in the current Internet. IoT and M2M scenarios are not an exception since TLS is also being adopted there. The ability of TLS for negotiating any security parameter, its flexibility and extensibility are responsible for its wide adoption but also for several attacks. Moreover, as it relies on public key infrastructure (PKI) for authentication, it is also affected by PKI problems. Considering the advent of IoT/M2M scenarios and their particularities, it is necessary to have a closer look at TLS history to evaluate the potential challenges of using TLS and PKI in these scenarios. According to this, this paper provides a deep revision of several security aspects of TLS and PKI, with a particular focus on current certificate pinning solutions in order to illustrate the potential problems that should be addressed.
Close
https://doi.org/10.1109/COMST.2019.2914453
https://ieeexplore.ieee.org/document/8704893
https://phpmyadmin.pervasive.it.uc3m.es/download/TLC-PKI-challenges-certificate-[...]
doi:10.1109/COMST.2019.2914453
Close
2017
 Rubio-Drosdov, E;  Díaz-Sánchez, D;  Almenárez, F;  Arias-Cabarcos, P;  Marín, A
Seamless human-device interaction in the internet of things Journal Article 
In: IEEE Transactions on Consumer Electronics, vol. 63, iss. 4, pp. 490-498, 2017, ISSN: 1558-4127.
Abstract | Links | BibTeX | Tags: Human-Device Interaction, inrisco, Internet of Things, Natural Language Processing
@article{8246828,

title = {Seamless human-device interaction in the internet of things},

author = {E Rubio-Drosdov and D Díaz-Sánchez and F Almenárez and P Arias-Cabarcos and A Marín},

url = {/download/Seamless_Human-Device_Interaction_in_the_Internet_of_Things.pdf

https://ieeexplore.ieee.org/document/8246828},

doi = {10.1109/TCE.2017.015076},

issn = {1558-4127},

year  = {2017},

date = {2017-11-01},

urldate = {2017-11-01},

journal = {IEEE Transactions on Consumer Electronics},

volume = {63},

issue = {4},

pages = {490-498},

abstract = {The Internet of Things will bring a scenario in which interaction between humans and devices will be critical to allow people to use, monitor or configure Internet of Things devices. Interactions in such applications are based on traditional graphical interfaces. Devices that accept interaction based on Natural Language, e.g., through voice commands, can understand basic human orders or answering questions whenever user expressions fit into a known language pattern. Some devices can understand natural language voice commands but require sophisticated voice assistants located in the cloud, which raises significant privacy concerns. Others devices which handle voice-processing locally can perform a very limited local recognition system, requiring users to be familiar with words the system can process. The purpose of this work is to diminish the complexity of Natural Language processing in the context of IoT. The solution posited in this article allows Internet of Things devices to offload Natural Language processing to a system that improves the use of Natural Language and alleviates the need to learn or remember specific words or terms intended for triggering device actions. We have evaluated the feasibility of the design with a proof-of-concept implemented in a home environment and it was tested by real users.},

keywords = {Human-Device Interaction, inrisco, Internet of Things, Natural Language Processing},

pubstate = {published},

tppubtype = {article}

}

Close
The Internet of Things will bring a scenario in which interaction between humans and devices will be critical to allow people to use, monitor or configure Internet of Things devices. Interactions in such applications are based on traditional graphical interfaces. Devices that accept interaction based on Natural Language, e.g., through voice commands, can understand basic human orders or answering questions whenever user expressions fit into a known language pattern. Some devices can understand natural language voice commands but require sophisticated voice assistants located in the cloud, which raises significant privacy concerns. Others devices which handle voice-processing locally can perform a very limited local recognition system, requiring users to be familiar with words the system can process. The purpose of this work is to diminish the complexity of Natural Language processing in the context of IoT. The solution posited in this article allows Internet of Things devices to offload Natural Language processing to a system that improves the use of Natural Language and alleviates the need to learn or remember specific words or terms intended for triggering device actions. We have evaluated the feasibility of the design with a proof-of-concept implemented in a home environment and it was tested by real users.
Close
/download/Seamless_Human-Device_Interaction_in_the_Internet_of_Things.pdf
https://ieeexplore.ieee.org/document/8246828
doi:10.1109/TCE.2017.015076
Close
2016
 Díaz-Sánchez, Daniel;  Simon-Sherratt, R.;  Almenarez, Florina;  Arias, Patricia;  Marín, Andrés
Secure store and forward proxy for dynamic IoT applications over M2M networks Journal Article 
In: IEEE Transactions on Consumer Electronics, vol. 62, iss. 4, pp. 389-397, 2016, ISSN: 0098-3063.
Abstract | Links | BibTeX | Tags: encryption, Internet of Things, Machine to Machine, privacy
@article{7838091,

title = {Secure store and forward proxy for dynamic IoT applications over M2M networks},

author = {Daniel Díaz-Sánchez and R. Simon-Sherratt and Florina Almenarez and Patricia Arias and Andrés Marín},

url = {https://ieeexplore.ieee.org/document/7838091

https://phpmyadmin.pervasive.it.uc3m.es/download/Secure__Store_and_Forward_Proxy_for_Dynamic_IoT_Applications_over_M2M_Networks.pdf},

doi = {10.1109/TCE.2016.7838091},

issn = {0098-3063},

year  = {2016},

date = {2016-11-01},

urldate = {2016-11-01},

journal = {IEEE Transactions on Consumer Electronics},

volume = {62},

issue = {4},

pages = {389-397},

abstract = {Internet of Things (IoT) applications are expected to generate a huge unforeseen amount of traffic flowing from Consumer Electronics devices to the network. In order to overcome existing interoperability problems, several standardization bodies have joined to bring a new generation of Machine to Machine (M2M) networks as a result of the evolution of wireless sensor/actor networks and mobile cellular networks to converged networks. M2M is expected to enable IoT paradigms and related concepts into a reality at a reasonable cost. As part of the convergence, several technologies preventing new IoT services to interfere with existing Internet services are flourishing. Responsive, message-driven, resilient and elastic architectures are becoming essential parts of the system. These architectures will control the entire data flow for an IoT system requiring sometimes to store, shape and forward data among nodes of a M2M network to improve network performance. However, IoT generated data have an important personal component since it is generated in personal devices or are the result of the observation of the physical world, so rises significant security concerns. This article proposes a novel opportunistic flexible secure store and forward proxy for M2M networks and its mapping to asynchronous protocols that guarantees data confidentiality.},

keywords = {encryption, Internet of Things, Machine to Machine, privacy},

pubstate = {published},

tppubtype = {article}

}

Close
Internet of Things (IoT) applications are expected to generate a huge unforeseen amount of traffic flowing from Consumer Electronics devices to the network. In order to overcome existing interoperability problems, several standardization bodies have joined to bring a new generation of Machine to Machine (M2M) networks as a result of the evolution of wireless sensor/actor networks and mobile cellular networks to converged networks. M2M is expected to enable IoT paradigms and related concepts into a reality at a reasonable cost. As part of the convergence, several technologies preventing new IoT services to interfere with existing Internet services are flourishing. Responsive, message-driven, resilient and elastic architectures are becoming essential parts of the system. These architectures will control the entire data flow for an IoT system requiring sometimes to store, shape and forward data among nodes of a M2M network to improve network performance. However, IoT generated data have an important personal component since it is generated in personal devices or are the result of the observation of the physical world, so rises significant security concerns. This article proposes a novel opportunistic flexible secure store and forward proxy for M2M networks and its mapping to asynchronous protocols that guarantees data confidentiality.
Close
https://ieeexplore.ieee.org/document/7838091
https://phpmyadmin.pervasive.it.uc3m.es/download/Secure__Store_and_Forward_Proxy[...]
doi:10.1109/TCE.2016.7838091
Close
 K-L-Hui, Terence;  R-Sherratt, Simon;  Díaz-Sánchez, Daniel
Major requirements for building Smart Homes in Smart Cities based on Internet of Things technologies Journal Article 
In: Future Generation Computer Systems, vol. 76, pp. 358 - 369, 2016, ISSN: 0167-739X.
Abstract | Links | BibTeX | Tags: Ambient intelligence, Home Automation, Internet of Things, Smart Cities, Smart Home requirements
@article{HUI2017358,

title = {Major requirements for building Smart Homes in Smart Cities based on Internet of Things technologies},

author = {Terence K-L-Hui and Simon R-Sherratt and Daniel Díaz-Sánchez},

url = {http://www.sciencedirect.com/science/article/pii/S0167739X16304721

/download/Major_requirements_for_building_Smart_Homes_in_Smart_Cities_based.pdf},

doi = {https://doi.org/10.1016/j.future.2016.10.026},

issn = {0167-739X},

year  = {2016},

date = {2016-11-01},

urldate = {2016-11-01},

journal = {Future Generation Computer Systems},

volume = {76},

pages = {358 - 369},

abstract = {The recent boom in the Internet of Things (IoT) will turn Smart Cities and Smart Homes (SH) from hype to reality. SH is the major building block for Smart Cities and have long been a dream for decades, hobbyists in the late 1970s made Home Automation (HA) possible when personal computers started invading home spaces. While SH can share most of the IoT technologies, there are unique characteristics that make SH special. From the result of a recent research survey on SH and IoT technologies, this paper defines the major requirements for building SH. Seven unique requirement recommendations are defined and classified according to the specific quality of the SH building blocks.},

keywords = {Ambient intelligence, Home Automation, Internet of Things, Smart Cities, Smart Home requirements},

pubstate = {published},

tppubtype = {article}

}

Close
The recent boom in the Internet of Things (IoT) will turn Smart Cities and Smart Homes (SH) from hype to reality. SH is the major building block for Smart Cities and have long been a dream for decades, hobbyists in the late 1970s made Home Automation (HA) possible when personal computers started invading home spaces. While SH can share most of the IoT technologies, there are unique characteristics that make SH special. From the result of a recent research survey on SH and IoT technologies, this paper defines the major requirements for building SH. Seven unique requirement recommendations are defined and classified according to the specific quality of the SH building blocks.
Close
http://www.sciencedirect.com/science/article/pii/S0167739X16304721
/download/Major_requirements_for_building_Smart_Homes_in_Smart_Cities_based.pdf
doi:https://doi.org/10.1016/j.future.2016.10.026
Close
2015
 Rubio-Drosdov, Eugenio;  Díaz-Sánchez, Daniel;  Arias-Cabarcos, Patricia;  Almenárez, Florina;  Marín, Andrés
Towards a seamless human interaction in IoT Proceedings Article 
In: IEEE, 2015, ISSN: 0747-668X.
Abstract | Links | BibTeX | Tags: Internet of Things, natural language
@inproceedings{pa016,

title = {Towards a seamless human interaction in IoT},

author = {Eugenio Rubio-Drosdov and Daniel Díaz-Sánchez and Patricia Arias-Cabarcos and Florina Almenárez and Andrés Marín},

url = {https://ieeexplore.ieee.org/document/7177781},

doi = {https://doi.org/10.1109/ISCE.2015.7177781},

issn = {0747-668X},

year  = {2015},

date = {2015-08-06},

urldate = {2015-08-06},

publisher = {IEEE},

abstract = {This article describes our approach for facilitating the interaction among devices in IoT environments. Our solution provides mechanisms to complement current IoT ontologies with device language annotations to facilitate device communication. This is our first step towards comprehensive user to environment communication that would bring the Internet of Me concept.},

keywords = {Internet of Things, natural language},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
This article describes our approach for facilitating the interaction among devices in IoT environments. Our solution provides mechanisms to complement current IoT ontologies with device language annotations to facilitate device communication. This is our first step towards comprehensive user to environment communication that would bring the Internet of Me concept.
Close
https://ieeexplore.ieee.org/document/7177781
doi:https://doi.org/10.1109/ISCE.2015.7177781
Close