Athanasios Rizos

Topic: 
Usage control for information sharing
Research work: 

The main topic of my research is Usage Control for Information Sharing towards Internet of Things (IoT).
Usage Control is an extension of Access Control. Although Access Control evaluates attributes only once, before the start of a session, Usage Control (UCON) can deal with them if they change during this session. Beyond Access Control, UCON provides two main novelties which are continuity of control and on mutability of attributes that might cause policy revaluation which might lead to revocation.
Security and privacy are important requirements for IoT due to the inherent heterogeneity of the Internet connected objects and the ability to monitor and control physical objects. However, proprietary security solutions do not help in formulating a coherent security vision to enable
IoT devices to securely communicate with each other in an interoperable manner.
One of the most popular application layer protocols used for information sharing in IoT is Message Queue Telemetry Transport (MQTT) which is a lightweight broker-based Publish/Subscribe messaging protocol standardized in 2013 by OASIS.
My main goal is to integrate Usage Control with IoT protocols and especially with MQTT to achieve secure data sharing. Furthermore, I have created a survey towards all famous IoT application layer protocols such as CoAP, XMPP, AllJoyn, etc. to declare why MQTT is the most appropriate to collaborate with UCON.

ESRs Publications

Description:

The distributiveness and heterogeneity of today’s systems of systems, such as the Internet of Things (IoT), on-line banking systems, and contemporary emergency information systems, require the integration of access and usage control mechanisms, for managing the right of access both to the corresponding services, and the plethora of information that is generated in a daily basis. Usage Control (UCON) is such a mechanism, allowing the fine-grained policy based management of system resources, based on dynamic monitoring and evaluation of object, subject, and environmental attributes. Yet, as we presented in an earlier article, a number of improvements can be introduced to the standard model regarding its resilience on active attacks, the simplification of the policy writing, but also in terms of run-time efficiency and scalability. In this article, we present an enhanced usage control architecture, that was developed for tackling the aforementioned issues. In order to achieve that, a dynamic role allocation system will be added to the existing architecture, alongside with a service grouping functionality which will be based on attribute aggregation. This is structured in accordance to a risk-based framework, which has been developed in order to aggregate the risk values that the individual attributes encapsulate into a unified risk value. These architectural enhancements are utilized in order to improve the resilience, scalability, and run-time efficiency of the existing model.

Description:

Modern interconnected systems of systems, such as the Internet of Things (IoT), demand the presence of access and usage control mechanisms which will be able to manage the right of access to the corresponding services, and the plethora of information being generated in a daily basis. The Usage Control (UCON) model offers the means for fine-grained dynamic control of access to specific resources, by monitoring and evaluating the attributes defined within a dedicated security policy. However, a number of improvements can be introduced to the standard model regarding the simplification of the policy writing, but also the improvement of run-time efficiency and scalability. In this article, we discuss the limitations of the original UCON, and propose suitable enhancements for their remediation. Specifically, a risk aggregation framework is proposed to be added to the existing architecture, for dynamic role allocation and service grouping management, in order to improve the scalability, and run-time efficiency of the existing model.

Description:

Due to the increasing pervasiveness of Internet of Things (IoT) and Internet of Everything (IoE) devices, securing both their communications and operations has become of capital importance. Among the several existing IoT protocols, Message Queue Telemetry Transport (MQTT) is a widely-used general purpose one, usable in both constrained and powerful devices, which coordinates data exchanges through a publish/subscribe approach. In this paper, we propose a methodology to increase the security of the MQTT protocol, by including Usage Control in its operative workflow. The inclusion of usage control enables a fine-grained dynamic control of the rights of subscribers to access data and data-streams over time, by monitoring mutable attributes related to the subscriber, the environment or data itself. We will present the architecture and workflow of MQTT enhanced through Usage Control, also presenting a real implementation on Raspberry Pi 3 for performance evaluation.

Description:

MQTT is a widely-used general purpose IoT application layer protocol, usable in both constrained and powerful devices, which coordinates data exchanges through a publish/subscribe approach. In this paper we propose a methodology to increase the security of the MQTT protocol, by including Usage Control in its operative workflow. The inclusion of Usage Control enables a fine-grained dynamic control of the rights of subscribers to access data and data-streams over time, by monitoring mutable attributes related to the subscriber, the environment or data itself. We will present the architecture and workflow of MQTT enhanced through Usage Control, also presenting a real implementation on Raspberry Pi 3 for performance evaluation.