Detalhes bibliográficos
| Ano de defesa: |
2016 |
| Autor(a) principal: |
Tiburski, Ramão Tiago
 |
| Orientador(a): |
Hessel, Fabiano Passuelo
|
| Banca de defesa: |
Não Informado pela instituição |
| Tipo de documento: |
Dissertação
|
| Tipo de acesso: |
Acesso aberto |
| Idioma: |
eng |
| Instituição de defesa: |
Pontifícia Universidade Católica do Rio Grande do Sul
|
| Programa de Pós-Graduação: |
Programa de Pós-Graduação em Ciência da Computação
|
| Departamento: |
Faculdade de Informática
|
| País: |
Brasil
|
| Palavras-chave em Português: |
|
| Área do conhecimento CNPq: |
|
| Link de acesso: |
http://tede2.pucrs.br/tede2/handle/tede/6859
|
Resumo: |
The evolution of the Internet of Things (IoT) requires an infrastructure of systems that can provide services for devices abstraction and data management, and also support the development of applications. IoT middleware has been recognized as the system that can provide this necessary infrastructure of services and has become increasingly important for IoT over the last years. The architecture of an IoT middleware is usually based on SOA (Service-Oriented Architecture) standard and has security requirement as one of its main challenges. The large amount of data that flows in this kind of system demands security services able to ensure data protection in the entire system. In addition, some IoT applications, mainly those from e-health environments, have brought new requirements in terms of secure communication and acceptable response time for critical services. Although IoT middleware technologies have been used to cope with the most relevant requirements demanded by different IoT applications, security is a special topic that is not mature enough in this kind of technology. The security challenges regarding e-health scenarios are concentrated mainly on issues surrounding the communication layer, specially those cases in which patient data are transmitted in open networks where they are more vulnerable to attacks. In this sense, there is a need for ensure data confidentiality and integrity in middleware system layers to enable a reliable understanding of a patient current life state. This work proposes the definition of four security services focused on data protection in order to minimize security problems found in SOA-based IoT middleware systems. We implemented only one of these services (CCP - Communication Channel Protection) which is composed of two security approaches: TLS and DTLS. Both approaches are known security protocols able to provide confidentiality, integrity, and authenticity. The implemented service was focused on protecting data transmission in an IoT middleware system (COMPaaS - Cooperative Middleware Platform as a Service) and was validated through a specific e-health scenario. The main goal was to verify if our security implementations compromise, in terms of response time, the communication performance of the middleware system, which is the key requirement of the e-health scenario. Tests revealed a satisfactory result since the implemented approaches respected the response time requirement of the application and protected the transmitted data. |
