NCSA staff who would like to submit an item for the calendar can email newsdesk@ncsa.illinois.edu.
Abstract:Increasingly numerous mundane everyday physical entities (e.g., door locks,thermostats, lights, surveillance cameras) are augmented with sensing, actuation,computing, communication and storage resources, transformed into smart objectsoperated by humans, applications or each other. Though multiple standards at eachlayer of the IoT stack have been created, they do not meet the functionality andperformance demanded by IoT in enterprise environments, due to the context’scharacteristics such as large scale, heterogeneity and user churns. We introduce thesolutions addressing three key problems in enterprise IoT: service discovery, accesscontrol, and command execution automation.First, we propose Argus, a distributed algorithm offering three-level IoT servicevisibility scoping in parallel: Level 1 public visibility where services are identically visibleto everyone; Level 2 differentiated visibility where service visibility depends on users’non-sensitive attributes; Level 3 covert visibility where visibility depends on users’sensitive attributes that should never be explicitly disclosed. Extensive analysis andexperiments show that: 1) Argus is secure; 2) its Level 2 is 10x as scalable andcomputationally efficient as work using Attribute-based Encryption, and Level 3 is 10xas efficient as work using Paring-based Cryptography; 3) it costs 0.25 second todiscover 20 Level 1 devices, 0.63 second for Level 2 or Level 3 devices, and is fast andagile for satisfactory user experience.Second, we propose Heracles, an IoT access control system achieving fine-grained access control and responsive execution on an enterprise scale. It adopts acapability-based approach using secure, unforgeable tokens that describe users’authorizations to IoT devices. It has centralized policy management yet distributedexecution: the former makes it convenient to add/remove a user by changing a fewrecords in the backend database; the latter allows users to access devices directlywithout detouring to other entities including the backend, achieving high availability andresponsiveness. Extensive analysis and performance evaluation on a testbed proveHeracles’s good scalability and responsiveness. Compared with systems using accesscontrol list, it eliminates or reduces the updating overhead by 10x–100x under frequentchanges of user memberships and policies. Besides, it takes only 0.57 second toaccess 18 target devices scattered 1–9 hops away from the user.Third, we notice that in IoT there are situations where before users can executecommands on IoT devices, certain conditions on possibly other devices must be metfirst for sake of safety or efficiency. Thus, a series of other commands may need toprecede a user command in a correct order to make those preconditions true. Usershave to consciously follow the order and manually send those commands one by one,which is laborious and error-prone. We propose APEX, a system automaticallysatisfying all the preconditions of a user command. It has two execution strategies.According to our evaluation on a 20-node testbed, the conservative strategy sustainshigh execution success rates despite resource contention, while in real enterprise environments the aggressive strategy may execute significantly faster, saving up to 7seconds and reducing 46% of the conservative strategy’s time cost.
Bio:Qian Zhou received the PhD degree from Stony Brook University in Spring 2020 andthe BE degree from Beihang University, China. He will join Illinois CS as a postdoc fromFall 2020 and work with Prof. Klara Nahrstedt on multimedia. His doctoral researchmainly focuses on enterprise-scale Internet of Things, particularly in security & privacyand networking aspects. He is the first author of publications in ACM/IEEE IoTDI, IEEETMC, INFOCOM, IPDPS, ICC and GLOBECOM.
Hosted by: Nancy Amato