Publication Details
Antonio Fazzi, , Jan Ryckebusch



The Internet of Things ( aims to connect everyday objects to the Internet so that they can be remotely controlled The possibility to collect data in real time, automate processes and reduce waste of resources attracted the attention of both academia and industry and resulted in a multitude of applications in many sectors such as transportation, agriculture, infrastructure, logistics, health care etc The rapid development of different IoT platforms and communication protocols has led to an extremely fragmented market To overcome the hurdles to use heterogeneous IoT devices and communication protocols in the same application, Standard Development Organizations ( and industry consortia published the oneM 2 M standard in 2012 The oneM 2 M service layer offers technical, syntactical and semantic interoperability to different IoT devices We analyzed the integration of Wireless Sensor and Actuator Networks ( in the OM 2 M open source implementation of the oneM 2 M standard WSANs often involve constrained devices which are deployed in public environments The use of the Internet Protocol ( and application protocols such as Constrained Application Protocol CoAP and Message Queuing Telemetry Transport ( in WSAN devices eases the communication with external networks Particular attention should be payed to various security vulnerabilities in the system that can endanger the privacy of people and reliability of data We investigated several lightweight security solutions which comply with the constrained hardware of these devices and also guarantee a suitable level of security in a oneM 2 M based architecture As first contribution, we integrated the Datagram Transport Layer Security ( protocol in the OM 2 M platform and evaluated the DTLS handshake using a symmetric key based and asymmetric key based cipher suite This way, the WSAN devices can securely send sensor data to the servers which will store it Second, we developed a lightweight dynamic access control system to guarantee data access to authenticated and authorized clients only This dynamic access control system is efficient enough to work with constrained client devices that need data access to trigger actuators The communication between clients and servers is also encrypted by using the session key established at the end of the algorithm Third, to secure the data stored in cloud servers, we developed a proxy re signcryption scheme The data is signed and stored encrypted in the cloud Every time an authorized client wants to access the data, the data owner re signs and re encrypts it so that the client can decrypt it and verify its authenticity and integrity Finally, as fourth contribution, we integrated a so called fog computing architecture in the OM 2 M architecture, in which the storage and computing capabilities are moved close to the edge devices in order to avoid the transfer of large amounts of data to remote servers We added an identity based and anonymous key agreement scheme for this edge fog cloud architecture in the OM 2 M platform We demonstrated that the developed security solutions offer better performance, compared to previous security solutions which often do not work in constrained environments.