Publications - Pervasive Computing Laboratory

Access control anotacionsemantica authentication Cloud computing coap compromise cryptography cynamon emadrid emrisco home network I-Shaper identity management inrisco inteligenciafuentesabiertas Internet of Things IoT IPTV magos Pervasive computing privacy Protocols Qursa raudo2 Security Smart Card trust Trust management Ubisec VANETs 
Show all
2020
 Rubio-Drosdov, Eugenio;  Díaz-Sánchez, Daniel;  Marín-López, Andrés;  Almenares-Mendoza, Florina
A Framework for Microservice Migration and Performance Assessment Proceedings Article 
In: pp. 291 - 299, 2020, ISBN: 978-1-4503-5988-7.
Abstract | Links | BibTeX | Tags: cynamon, inteligenciafuentesabiertas, IoT, microservices, smart grids, testing
@inproceedings{pa059,

title = {A Framework for Microservice Migration and Performance Assessment},

author = {Eugenio Rubio-Drosdov and Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenares-Mendoza},

doi = {doi:10.3233/AISE200053},

isbn = {978-1-4503-5988-7},

year  = {2020},

date = {2020-06-25},

urldate = {2020-06-25},

pages = {291 - 299},

abstract = {In a large Smart Grid, smart meters produce tremendous amount of data that are hard to process, analyze and store. Fog computing is an environment that offers a place for collecting, computing and storing smart meter data before transmitting them to the cloud. Due to the distributed, heterogeneous and resource constrained nature of the fog computing nodes, fog applications need to be developed as a collection of interdependent, lightweight modules. Since this concept aligns with the goals of microservices architecture (MSA), efficient placement of microservices-based Smart Grid applications within fog environments has the potential to fully leverage capabilities of fog devices. Microservice architecture is an emerging software architectural style. It is based on microservices to provide several advantages over a monolithic solution, such as autonomy, composability, scalability, and fault-tolerance. However, optimizing the migration of microservices from one fog environment to other while assuring certain quality is still a big issue that needs to be addressed. In this paper, we propose an approach for assisting the migration of microservices in MSA-based Smart Grid systems, based on the analysis of their performance within the possible candidate destinations. Developers create microservices that will be eventually deployed at a given infrastructure. Either the developer, cosidering the design, or the entity deploying the service have a good knowledge of the quality required by the microservice. Due to that, they can create tests that determine if a destination meets the requirements of a given microservice and embed these tests as part of the microservice. Our goal is to automate the execution of performance tests by attaching a specification that contains the test parameters to each microservice.},

keywords = {cynamon, inteligenciafuentesabiertas, IoT, microservices, smart grids, testing},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
In a large Smart Grid, smart meters produce tremendous amount of data that are hard to process, analyze and store. Fog computing is an environment that offers a place for collecting, computing and storing smart meter data before transmitting them to the cloud. Due to the distributed, heterogeneous and resource constrained nature of the fog computing nodes, fog applications need to be developed as a collection of interdependent, lightweight modules. Since this concept aligns with the goals of microservices architecture (MSA), efficient placement of microservices-based Smart Grid applications within fog environments has the potential to fully leverage capabilities of fog devices. Microservice architecture is an emerging software architectural style. It is based on microservices to provide several advantages over a monolithic solution, such as autonomy, composability, scalability, and fault-tolerance. However, optimizing the migration of microservices from one fog environment to other while assuring certain quality is still a big issue that needs to be addressed. In this paper, we propose an approach for assisting the migration of microservices in MSA-based Smart Grid systems, based on the analysis of their performance within the possible candidate destinations. Developers create microservices that will be eventually deployed at a given infrastructure. Either the developer, cosidering the design, or the entity deploying the service have a good knowledge of the quality required by the microservice. Due to that, they can create tests that determine if a destination meets the requirements of a given microservice and embed these tests as part of the microservice. Our goal is to automate the execution of performance tests by attaching a specification that contains the test parameters to each microservice.
Close
doi:doi:10.3233/AISE200053
Close
2019
 Díaz-Sánchez, Daniel;  Marín-Lopez, Andrés;  Mendoza, Florina Almenárez;  Cabarcos, Patricia Arias
DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT † Journal Article 
In: Sensors, vol. 19, iss. 15, pp. 1-23, 2019, ISSN: 1424-8220.
Abstract | Links | BibTeX | Tags: authentication, chameleon signatures, cynamon, DANE, DNSSEC, Internet of Things, magos, microservices
@article{Diaz_Sanchez_2019,

title = {DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT †},

author = {Daniel Díaz-Sánchez and Andrés Marín-Lopez and Florina Almenárez Mendoza and Patricia Arias Cabarcos},

url = {http://dx.doi.org/10.3390/s19153292

/download/DNS_DANE_Collision-Based_Distributed_and_Dynamic_Authentication_for_Microservices_in_IoT.pdf},

doi = {https://doi.org/10.3390/s19153292},

issn = {1424-8220},

year  = {2019},

date = {2019-07-26},

urldate = {2019-07-26},

journal = {Sensors},

volume = {19},

issue = {15},

pages = {1-23},

publisher = {MDPI AG},

abstract = {IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.},

keywords = {authentication, chameleon signatures, cynamon, DANE, DNSSEC, Internet of Things, magos, microservices},

pubstate = {published},

tppubtype = {article}

}

Close
IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices’ clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.
Close
http://dx.doi.org/10.3390/s19153292
/download/DNS_DANE_Collision-Based_Distributed_and_Dynamic_Authentication_for_Mi[...]
doi:https://doi.org/10.3390/s19153292
Close
2018
 Díaz-Sánchez, Daniel;  Marín-López, Andrés;  Almenares-Mendoza, Florina;  Arias-Cabarcos, Patricia
DNS-Based Dynamic Authentication for Microservices in IoT Proceedings Article 
In: pp. 1-11, 2018, ISSN: 2504-3900.
Abstract | Links | BibTeX | Tags: chameleon signatures, DANE, DNSSEC, inteligenciafuentesabiertas, IoT, microservices
@inproceedings{pa055,

title = {DNS-Based Dynamic Authentication for Microservices in IoT},

author = {Daniel Díaz-Sánchez and Andrés Marín-López and Florina Almenares-Mendoza and Patricia Arias-Cabarcos},

url = {https://www.mdpi.com/2504-3900/2/19/1233},

doi = {https://doi.org/10.3390/proceedings2191233},

issn = {2504-3900},

year  = {2018},

date = {2018-10-25},

pages = {1-11},

abstract = {IoT devices provide with real-time data to a rich ecosystems of services and applications that will be of uttermost importance for ubiquitous computing. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core netkworks. Designers may opt for microservice architectures and fog computing to address this challenge while offering the required flexibility for the main players of ubiquitous computing: nomadic users. Microservices require strong security support for Fog computing, to rely on nodes in the boundary of the network for secure data collection and processing. IoT low cost devices face outdated certificates and security support, due to the elapsed time from manufacture to deployment. In this paper we propose a solution based on microservice architectures and DNSSEC, DANE and chameleon signatures to overcome these difficulties. We will show how trap doors included in the certificates allow a secure and flexible delegation for off-loading data collection and processing to the fog. The main result is showing this requires minimal manufacture device configuration, thanks to DNSSEC support.},

keywords = {chameleon signatures, DANE, DNSSEC, inteligenciafuentesabiertas, IoT, microservices},

pubstate = {published},

tppubtype = {inproceedings}

}

Close
IoT devices provide with real-time data to a rich ecosystems of services and applications that will be of uttermost importance for ubiquitous computing. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core netkworks. Designers may opt for microservice architectures and fog computing to address this challenge while offering the required flexibility for the main players of ubiquitous computing: nomadic users. Microservices require strong security support for Fog computing, to rely on nodes in the boundary of the network for secure data collection and processing. IoT low cost devices face outdated certificates and security support, due to the elapsed time from manufacture to deployment. In this paper we propose a solution based on microservice architectures and DNSSEC, DANE and chameleon signatures to overcome these difficulties. We will show how trap doors included in the certificates allow a secure and flexible delegation for off-loading data collection and processing to the fog. The main result is showing this requires minimal manufacture device configuration, thanks to DNSSEC support.
Close
https://www.mdpi.com/2504-3900/2/19/1233
doi:https://doi.org/10.3390/proceedings2191233
Close