No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Secure Distributed Storage for the Internet of Things
Abstract
The recent popularity of the Internet of Things (IoT) significantly impacts data storage and protection. The heterogeneous nature of the data generated from IoT devices makes it difficult to design a “one-solution-fits-all” storage system. Current storage solutions include object-based storage for large files like images and videos and flash array-based storage for smaller log files from sensors. The massive amounts of data generated by IoT devices make cloud-based storage a perfect solution for such data. This creates a need for a single but layered cloud storage model that would not only be effective for all types of IoT data but would also provide data privacy while guaranteeing high system availability at all times. In this chapter, we describe applications of distributed storage and the possibility of using a multi-cloud or hybrid cloud storage model to securely store data from IoT devices.
ResearchGate has not been able to resolve any citations for this publication.
Internet of things is one of the most emerging and popular technology, which has changed our life, by impacting different areas such as shopping, enterprise production, storage, monitoring physical devices, etc. The Internet of Things (IoT) is an atmosphere in which all physical objects, peoples or animals are having unique identity and they are able to transfer data over a network without any interaction. An improvement in electronic sensing devices and rapid growth in communication infrastructure, and their monitoring systems give very fast access to retrieve data and allow communication with physical devices. Now days, Organizations use IoT devices to collect real time and continuous data and make better business decisions to increase customer satisfaction. But collected data need to be processed and transferred in appropriate format to store on storage system – which is triggering organizations to rethink their data storage infrastructures. An enterprise has to store data generated from the Internet of Things and this data grows exponentially, it forces to think about cloud storage for storing IoT data. The proposed work allows the organization to store the IoT data on the cloud securely by applying different Access control policies and the cryptography concepts.
This paper considers a distributed storage system, where multiple storage nodes can be reconstructed simultaneously at a centralized location. This centralized multi-node repair (CMR) model is a generalization of regenerating codes that allow for bandwidth-efficient repair of a single failed node. This work focuses on the trade-off between the amount of data stored and repair bandwidth in this CMR model. In particular, repair bandwidth bounds are derived for the minimum storage multi-node repair (MSMR) and the minimum bandwidth multi-node repair (MBMR) operating points. The tightness of these bounds are analyzed via code constructions. The MSMR point is characterized through codes achieving this point under functional repair for general set of CMR parameters, as well as with codes enabling exact repair for certain CMR parameters. The MBMR point, on the other hand, is characterized with exact repair codes for all CMR parameters for systems that satisfy a certain entropy accumulation property. Finally, the model proposed here is utilized for the secret sharing problem, where the codes for the multi-node repair problem is used to construct communication efficient secret sharing schemes with the property of bandwidth efficient share repair.
Internet of Things (IoT)-generated data are characterized by its continuous generation, large amount, and unstructured format. The existing relational database technologies are inadequate to handle such IoT-generated data due to the limited processing speed and the significant storage-expansion cost. Thus, big data processing technologies, which are normally based on distributed file systems, distributed database management, and parallel processing technologies, have arisen as a core technology to implement IoT-generated data repositories. In this paper, we propose a sensor-integrated radio frequency identification (RFID) data repository-implementation model using MongoDB, the most popular big data-savvy document-oriented database system now. First, we devise a data repository schema that can effectively integrate and store the heterogeneous IoT data sources, such as RFID, sensor, and GPS, by extending the event data types in electronic product code information services standard, a de facto standard for the information exchange services for RFID-based traceability. Second, we propose an effective shard key to maximize query speed and uniform data distribution over data servers. Last, through a series of experiments measuring query speed and the level of data distribution, we show that the proposed design strategy, which is based on horizontal data partitioning and a compound shard key, is effective and efficient for the IoT-generated RFID/sensor big data.
The internet of things (IoT) represent the current and future state of the Internet. The large number of things (objects), which are connected to the Internet, produce a huge amount of data that needs a lot of effort and processing operations to transfer it to useful information. Moreover, the organization and control of this large volume of data requires novel ideas in the design and management of the IoT network to accelerate and enhance its performance. The software defined systems is a new paradigm that appeared recently to hide all complexity in traditional system architecture by abstracting all the controls and management operations from the underling devices (things in the IoT) and setting them inside a middleware layer, a software layer. In this work, a comprehensive software defined based framework model is proposed to simplify the IoT management process and provide a vital solution for the challenges in the traditional IoT architecture to forward, store, and secure the produced data from the IoT objects by integrating the software defined network, software defined storage, and software defined security into one software defined based control model.
A secret sharing scheme is a method to store information securely and reliably. Particularly, in the threshold secret sharing scheme (due to Shamir), a secret is divided
into shares, encoded and distributed to parties, such that any large enough collection of parties can decode the secret, and a smaller (then threshold) set of parties cannot
collude to deduce any information about the secret. While Shamir’s scheme was studied for more than 35 years, the question of minimizing its communication bandwidth was
not considered. Specifically, assume that a user (or a collection of parties) wishes to decode the secret by receiving information from a set of parties; the question we
study is how to minimize the total amount of communication between the user and the parties. We prove a tight lower bound on the amount of communication necessary for
decoding, and construct secret sharing schemes achieving the bound. The key idea for achieving optimal communication bandwidth is to let the user receive information from
more than the necessary number of parties. In contrast, the current paradigm in secret sharing schemes is to decode from a minimum set of parties. Hence, existing secret
sharing schemes are not optimal in terms of communication bandwidth. In addition, we consider secure distributed storage where our proposed communication efficient secret
sharing schemes improve disk access complexity during decoding.
A major challenge organizations face when hosting or moving their data to the Cloud is how to support complex queries over outsourced data while preserving their confidentiality. In principle, encryption-based systems can support querying encrypted data, but their high complexity has severely limited their practical use. In this paper, we propose an efficient yet secure secret sharing-based approach for outsourcing relational data to honest-but-curious data servers. The problem with using secret sharing in a data outsourcing scenario is how to efficiently search within randomly generated shares. We present multiple partitioning methods that enable clients to efficiently search among shared secrets while preventing inference attacks on the part of data servers, even if they can observe shares and queries. Also, we prove that with some of our partitioning methods the probability of finding a correspondence between a set of shares and their original values is almost equal to that of a random guess. We discuss query processing for different types of queries including equality, range, aggregation, projection, join, and update queries. Our extensive experimentation confirms the practicality and efficiency of our approach in terms of query execution time, storage, and communication overheads.
A (k, n) threshold secret sharing scheme encrypts a secret s into n parts (called shares), which are distributed into n participants, such that any k participants can recover s using their shares, any group of less than k ones cannot. When the size of s grows large (e.g. multimedia data), the efficiency of sharing/decoding s becomes a major problem. We designed efficient and parallel implementations on Shamir’s threshold secret sharing scheme using sequential CPU and parallel GPU platforms, respectively, in a personal computer. Experimental results show that GPU could achieve an appealing speedup over CPU when dealing with the sharing of multimedia data.
Today the cloud plays a central role in storing, processing, and distributing data. Despite contributing to the rapid development of IoT applications, the current IoT cloud-centric architecture has led into a myriad of isolated data silos that hinders the full potential of holistic data-driven analytics within the IoT. In this paper, we present a blockchain-based design for the IoT that brings a distributed access control and data management. We depart from the current trust model that delegates access control of our data to a centralized trusted authority and instead empower the users with data ownership. Our design is tailored for IoT data streams and enables secure data sharing. We enable a secure and resilient access control management, by utilizing the blockchain as an auditable and distributed access control layer to the storage layer. We facilitate the storage of time-series IoT data at the edge of the network via a locality-aware decentralized storage system that is managed with the blockchain technology. Our system is agnostic of the physical storage nodes and supports as well utilization of cloud storage resources as storage nodes.
Cloud computing can be generally regarded as the technology enabler for Internet of Things (IoT). To ensure the most effective collection of evidence from cloud-enabled IoT infrastructure, it is vital for forensic practitioners to possess a contemporary understanding of the artefacts from different cloud services and applications. In this paper, we seek to determine the data remnants from the use of the newer BitTorrent Sync applications (version 2.x). Findings from our research using mobile and computer devices running Windows, Mac OS, Ubuntu, iOS, and Android devices suggested that artefacts relating to the installation, uninstallation, log-in, log-off, and file synchronisation could be recovered, which are potential sources of IoT forensics. We also extend the cloud forensics framework of Martini and Choo to provide a forensically sound investigation methodology for the newer BitTorrent Sync applications.
We propose a computationally secure and non-interactive verifiable secret sharing scheme that can be efficiently constructed from any monotone Boolean circuit. By non-interactive we mean that the dealer needs to be active only once, where he posts a public message as well as a private message to each shareholder. In the random oracle model, we can even avoid interaction between shareholders. By efficient, we mean that we avoid generic zero-knowledge techniques. Such efficient constructions were previously only known from linear secret sharing schemes (LSSS). It is believed that the class of access structures that can be handled with polynomial size LSSS is incomparable to the class that can be recognized by polynomial size monotone circuits, so in this sense we extend the class of access structures with efficient and non-interactive VSS.
A computational secret-sharing scheme is a method that enables a dealer, that has a secret, to distribute this secret among a set of parties such that a “qualified” subset of parties can efficiently reconstruct the secret while any “unqualified” subset of parties cannot efficiently learn anything about the secret. The collection of “qualified” subsets is defined by a monotone Boolean function.
It has been a major open problem to understand which (monotone) functions can be realized by a computational secret-sharing scheme. Yao suggested a method for secret-sharing for any function that has a polynomial-size monotone circuit (a class which is strictly smaller than the class of monotone functions in P). Around 1990 Rudich raised the possibility of obtaining secret-sharing for all monotone functions in NP: In order to reconstruct the secret a set of parties must be “qualified” and provide a witness attesting to this fact.
Recently, Garg et al. [14] put forward the concept of witness encryption, where the goal is to encrypt a message relative to a statement x ∈ L for a language L ∈ NP such that anyone holding a witness to the statement can decrypt the message, however, if x ∉ L, then it is computationally hard to decrypt. Garg et al.showed how to construct several cryptographic primitives from witness encryption and gave a candidate construction.
One can show that computational secret-sharing implies witness encryption for the same language. Our main result is the converse: we give a construction of a computational secret-sharing scheme for any monotone function in NP assuming witness encryption for NP and one-way functions. As a consequence we get a completeness theorem for secret-sharing: computational secret-sharing scheme for any single monotone NP-complete function implies a computational secret-sharing scheme for every monotone function in NP.
Monitoring activities over many different types of sensors are very challenging to support advanced services for Internet of Things (IoT) and its future. However, one of the major issues is the explosion of the amount of heterogeneous information that has to be stored and processed, thus causing the well known Big Data problem. Some Cloud strategies have been investigated to offer IoT-oriented services, but they do not specifically address solutions for Big Data management. In this paper, we present a two-layer architecture based on a hybrid storage system able to support a Platform as a Service (PaaS) federated Cloud scenario. The proposed architecture combines the benefits of both storage approaches. In particular, it allows us on one hand to extend SQL-like legacy systems, and on the other hand to manage Big Data through an XML-like, non-SQL distributed storage system according to a Cloud federation approach.
Storage is an important research direction of the data management of the Internet of Things. Massive and heterogeneous data of the Internet of Things brings the storage huge challenges. Based on the analysis of the IoT data characteristics, this paper proposed a storage management solution called IOTMDB based on NoSQL as current storage solutions are not well support storing massive and heterogeneous IoT data. Besides, the storage strategies about expressing and organizing IoT data in a uniform manner were proposed, some evaluations were carried out. Furthermore, we not only just concerned about descripting the data itself, but also cared for sharing of the data, so a data sharing mechanism based on ontology was proposed. Finally, index was studied and a set of query syntaxes to meet the needs of different kinds of IoT queries based NoSQL was given.
In recent years, with the impressive rapid development of integrated circuit and networking technologies, computers, devices and networking have become highly pervasive, incurring to the introduction, development and deployment of the Internet of Things (IoT). The tiny identifying devices and wearables in IoT have transformed daily life in human society, as they generate, process and store amount of data increasing at exponential rate all over the world. Due to high demand on data mining and analytics activities in IoT, secure and scalable mass storage systems are highly demanded for aggregate data in efficient processing. In this paper, we propose such a secure and scalable IoT storage system based on revised secret sharing scheme with support of scalability, flexibility and reliability at both data and system levels. Shamir’s secret sharing scheme is applied to achieve data security without complex key management associated with traditional cryptographic algorithms. The original secret sharing scheme is revised to utilize all coefficients in polynomials for larger data capacity at data level. Flexible data insert and delete operations are supported. Moreover, a distributed IoT storage infrastructure is deployed to provide scalability and reliability at system level. Multiple IoT storage servers are aggregated for large storage capacity whereas individual servers can join and leave freely for flexibility at system level. Experimental results have demonstrated the feasibility and benefits of the proposed system as well as tangible performance gains.
The Internet of Things (IoT) consists of networked objects deployed worldwide and connected over the Internet. As a consequence, the major aspects of the IoT are represented by the heterogeneity and the huge number of the participating devices. These aspects also constitute the major challenges in the definition of a storage infrastructure suitable for IoT applications. In this paper, we introduce a novel data model and storage infrastructure for the IoT to address these challenges. Different from other works in the literature, we exploit a document-oriented approach and show how it is suitable to support both heterogeneous and multimedia data. Our solution is built on top of the CouchDB database server, offers a Restful API, and provides a rich set of features targeted to IoT applications. Moreover, we devise optimized schemes for uploading documents which are specifically tailored to resource-constrained IoT devices. We evaluate our proposed schemes both analytically and with experiments in a real system.
The rapid development of Internet of things (IoT) technology makes it possible for connecting various smart objects together through the Internet and providing more data interoperability methods for application purpose. Recent research shows more potential applications of IoT in information intensive industrial sectors such as healthcare services. However, the diversity of the objects in IoT causes the heterogeneity problem of the data format in IoT platform. Meanwhile, the use of IoT technology in applications has spurred the increase of real-time data, which makes the information storage and accessing more difficult and challenging. In this research, first a semantic data model is proposed to store and interpret IoT data. Then a resource-based data accessing method (UDA-IoT) is designed to acquire and process IoT data ubiquitously to improve the accessibility to IoT data resources. Finally, we present an IoT-based system for emergency medical services to demonstrate how to collect, integrate, and interoperate IoT data flexibly in order to provide support to emergency medical services. The result shows that the resource-based IoT data accessing method is effective in a distributed heterogeneous data environment for supporting data accessing timely and ubiquitously in a cloud and mobile computing platform.
The Internet of Things (IoT) has provided a promising opportunity to build powerful industrial systems and applications by leveraging the growing ubiquity of Radio Frequency IDentification (RFID) and wireless sensors devices. Benefiting from RFID and sensor network technology, common physical objects can be connected, and are able to be monitored and managed by a single system. Such a network brings a series of challenges for data storage and processing in a cloud platform. IoT data can be generated quite rapidly, the volume of data can be huge and the types of data can be various. In order to address these potential problems, this paper proposes a data storage framework not only enabling efficient storing of massive IoT data, but also integrating both structured and unstructured data. This data storage framework is able to combine and extend multiple databases and Hadoop to store and manage diverse types of data collected by sensors and RFID readers. In addition, some components are developed to extend the Hadoop to realize a distributed file repository, which is able to process massive unstructured files efficiently. A prototype system based on the proposed framework is also developed to illustrate the framework’s effectiveness.
In Shamir's (t, n) secret sharing (SS) scheme, the secret s is divided into n shares by a dealer and is shared among n shareholders in such a way that any t or more than t shares can reconstruct this secret; but fewer than t shares cannot obtain any information about the secret s. In this paper, we will introduce the security problem that an adversary can obtain the secret when there are more than t participants in Shamir's secret reconstruction. A secure secret reconstruction scheme, which prevents the adversary from obtaining the secret is proposed. In our scheme, Lagrange components, which are linear combination of shares, are used to reconstruct the secret. Lagrange component can protect shares unconditionally. We show that this scheme can be extended to design a multi-secret sharing scheme. All existing multi-secret sharing schemes are based on some cryptographic assumptions, such as a secure one-way function or solving the discrete logarithm problem; but, our proposed multi-secret sharing scheme is unconditionally secure. Copyright © 2013 John Wiley & Sons, Ltd.
An (n, n) multi-secret image sharing scheme shares n secret images among n shared images. In this type of schemes, n shared images can be used to recover all n secret images, but the loss of any shared image prevents the recovery of any secret image. Among existing image sharing techniques, Boolean-based secret schemes have good performance because they only require XOR calculation. This study presents a secure Boolean-based secret image sharing scheme that uses a random image generating function to generate a random image from secret images or shared images. The proposed function efficiently increases the sharing capacity on free of sharing the random image. The use of a bit shift subfunction in the random image generating function produces a random image to meet the random requirement. Experimental results show that the proposed scheme requires minimal CPU computation time to share or recover secret images. The time required to share n secret images is nearly the time as that required to recover n secret images. The bit shift subfunction takes more computation load than the XOR subfunction needs.
Leading the IoT, Gartner insights on how to
- M Hung
Leaks that exposed US spy program
- E Snowden
What is IoT? Everything you need to know about the Internet of Things right now
- S Ranger
US Intelligence Chief: We might use the Internet of Things to spy on you
- T Timm
Gartner Says 8.4 Billion Connected “Things” Will Be in Use in 2017
- R Meulen
Decision guide: public cloud versus on-premise storage
- B Scheier
What is the Internet of Things, WIRED explains
- M Burgess
The mathematics of secret-sharing
- K Chadha
A novel 3-4 image secret sharing scheme
- R Roy
- S Bandhopadhyay
- S Kandar
- B C Dhara
Security with intelligent computing and big-data services
- S J Shyu
- Y Z Tsai