Increasingly numerous mundane everyday physical entities (e.g., door locks,
thermostats, lights, surveillance cameras) are augmented with sensing, actuation,
computing, communication and storage resources, transformed into smart objects
operated by humans, applications or each other. Though multiple standards at each
layer of the IoT stack have been created, they do not meet the functionality and
performance demanded by IoT in enterprise environments, due to the context’s
characteristics such as large scale, heterogeneity and user churns. We introduce the
solutions addressing three key problems in enterprise IoT: service discovery, access
control, and command execution automation.
First, we propose Argus, a distributed algorithm offering three-level IoT service
visibility scoping in parallel: Level 1 public visibility where services are identically visible
to everyone; Level 2 differentiated visibility where service visibility depends on users’
non-sensitive attributes; Level 3 covert visibility where visibility depends on users’
sensitive attributes that should never be explicitly disclosed. Extensive analysis and
experiments show that: 1) Argus is secure; 2) its Level 2 is 10x as scalable and
computationally efficient as work using Attribute-based Encryption, and Level 3 is 10x
as efficient as work using Paring-based Cryptography; 3) it costs 0.25 second to
discover 20 Level 1 devices, 0.63 second for Level 2 or Level 3 devices, and is fast and
agile for satisfactory user experience.
Second, we propose Heracles, an IoT access control system achieving fine-
grained access control and responsive execution on an enterprise scale. It adopts a
capability-based approach using secure, unforgeable tokens that describe users’
authorizations to IoT devices. It has centralized policy management yet distributed
execution: the former makes it convenient to add/remove a user by changing a few
records in the backend database; the latter allows users to access devices directly
without detouring to other entities including the backend, achieving high availability and
responsiveness. Extensive analysis and performance evaluation on a testbed prove
Heracles’s good scalability and responsiveness. Compared with systems using access
control list, it eliminates or reduces the updating overhead by 10x–100x under frequent
changes of user memberships and policies. Besides, it takes only 0.57 second to
access 18 target devices scattered 1–9 hops away from the user.
Third, we notice that in IoT there are situations where before users can execute
commands on IoT devices, certain conditions on possibly other devices must be met
first for sake of safety or efficiency. Thus, a series of other commands may need to
precede a user command in a correct order to make those preconditions true. Users
have to consciously follow the order and manually send those commands one by one,
which is laborious and error-prone. We propose APEX, a system automatically
satisfying all the preconditions of a user command. It has two execution strategies.
According to our evaluation on a 20-node testbed, the conservative strategy sustains
high execution success rates despite resource contention, while in real enterprise environments the aggressive strategy may execute significantly faster, saving up to 7
seconds and reducing 46% of the conservative strategy’s time cost.
Qian Zhou received the PhD degree from Stony Brook University in Spring 2020 and
the BE degree from Beihang University, China. He will join Illinois CS as a postdoc from
Fall 2020 and work with Prof. Klara Nahrstedt on multimedia. His doctoral research
mainly focuses on enterprise-scale Internet of Things, particularly in security & privacy
and networking aspects. He is the first author of publications in ACM/IEEE IoTDI, IEEE
TMC, INFOCOM, IPDPS, ICC and GLOBECOM.
Hosted by: Nancy Amato