The project IDSECOM aims to build a secure platform for self-management of the Things and services in the Internet of Things environment. The proposed platform brings the functionalities of the so-called ID layer to the network structure and integrates self-management, mobility and security/privacy functionalities in order to create a network infrastructure that offers an easier (and intuitive) access to the IoT (Internet of Things) services.
As referred in the project CASAGRAS, Internet of Things (IoT) is a global network infrastructure, linking physical and virtual objects through the exploitation of data capture and communication capabilities. Briefly speaking, IoT will be a huge connectivity platform for self-managed devices. A key-challenging question in IoT research is how to identify and access the objects. This issue is solved in the so-called ID layer, which is the common layer for communicating Things. The current solutions for ID layer are performed by additional protocols, overlay services or infrastructures that need a lot of configuration, have a limited support or may suffer incompatibility between solutions in different networks. In the same way, the current solutions for discovering and accessing the services in IoT are limited to overlay systems. The efforts of this project are directed to build an extended secure ID layer, which solves object and service access in the network itself. Moreover, IDSECOM system extends the current ID layer solutions by:
- addressing not only objects but also services,
- distributing and facilitating general process as registration and publication of objects/services,
- adding enhanced security and privacy mechanisms,
- introducing ID layer selfmanagement functionalities in network level,
- improving flexibility in multicast/anycast communications at different levels and optimizing information forwarding.
The following proposal is based on the architecture that we presented in Springer journal, and extends its functionalities by providing a self-managed and secure network that is capable of registering, publishing, discovering and managing IDentifiers (ID) attached to objects and services in the IoT.
Over ID layer proposed in IDSECOM it will be possible to present primitive services of sensors/actuators or composed services for sharing the resources of different sensor networks. Each service may acquire a public context and location-aware ID (with appropriate hierarchy), by which the service can be easily discovered by remote applications. For building the platform we consider the Software Defined Networking approach and, specifically, Openflow, which is widely extended in modern network devices. Openflow allows for separation of control and data plane in the devices. This way, dedicated traffic can be processed with appropriate routing rules, which are different than the IP based routing and, on the other hand, the network devices are able to fulfil high level IoT-specific operations. The project partners will investigate new solutions in Openflow to ensure IoT-specific operations and ID-based routing into the IoT domain. These solutions may cover new controller functionalities, new Openflow rules for treating the ID header and extensions of the Openflow protocol, if needed.
At last, for assuring security in the communications inside of the ID layer, we will analyze how switches and controllers can directly collaborate in anomalies discovery (ID layer specific security issue) taken benefit from the efficient organization and routing. On the other hand, we will deal with security in specific modules of ID layer architecture.
Project duration: 01.04.2014 - 31.03.2017.