Authorized authentication evaluation framework for constrained environments

Authorized authentication evaluation framework for constrained environments

Show other versions (1)

Internetin kasvu ei perustu tällä hetkellä vain uusien solmujen määrään, vaan Internet on levittäytymässä aivan uusille alueille. Viimeaikoina erilaiset tavat kerätä tietoa ja ohjata laitteita uusin tavoin ovat yleistyneet esimerkiksi teollisuudessa, kaupunkiympäristöjen melun ja saasteiden seuranna...

Full description

Bibliographic Details
Main Author: Poikolainen, Janne
Other Authors: Faculty of Information Technology, Informaatioteknologian tiedekunta, Tietojenkäsittelytieteiden laitos, Department of Computer Science and Information Systems, University of Jyväskylä, Jyväskylän yliopisto
Format: Master's thesis
Language:eng
Published: 2016
Subjects:
rajoitetut ympäristöt
Access control
Internet of Things
Constrained Environments
Authorized Authentication
Information Systems Science
Tietojärjestelmätiede
601
esineiden internet
todentaminen
Online Access: https://jyx.jyu.fi/handle/123456789/50914
_version_ 1828193106827149312
author Poikolainen, Janne
author2 Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_facet Poikolainen, Janne Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto Poikolainen, Janne Faculty of Information Technology Informaatioteknologian tiedekunta Tietojenkäsittelytieteiden laitos Department of Computer Science and Information Systems University of Jyväskylä Jyväskylän yliopisto
author_sort Poikolainen, Janne
datasource_str_mv jyx
description Internetin kasvu ei perustu tällä hetkellä vain uusien solmujen määrään, vaan Internet on levittäytymässä aivan uusille alueille. Viimeaikoina erilaiset tavat kerätä tietoa ja ohjata laitteita uusin tavoin ovat yleistyneet esimerkiksi teollisuudessa, kaupunkiympäristöjen melun ja saasteiden seurannassa. Lisäksi käsitteet älykoti tai -kaupunki alkavat olla yleisesti tunnettuja. Nykyinen kasvu näiden teknologioiden käytössä perustuu pitkälti laitteiden koon pienenemiseen ja hintojen laskuun. Jotta Esineiden Internet pystyy kasvamaan merkittävällä tavalla, laitteiden fyysisten kokojen ja hintojen tulisi pysyä matalalla tasolla tai laskea edelleen. Pieni koko ja hinta tarkoittaa kuitenkin usein rajoituksia laitteiden ominaisuuksille. Vaihtoehtoina tuleekin luultavasti aina olemaan rajoittuneempien laitteiden laajempi käyttö tai kyvykkäämpien laitteiden kapeampi käyttöönotto. Langattomat yhteydet ovat usein edullisin tapa toteuttaa verkkoominaisuuksia erilaisille laitteille. Tästä syystä langattomia sensoriverkkoja on käytetty teollisuudessa jo pidemmän aikaa. Samat verkkoteknologiat sopivat myös käytettäväksi Esineiden Internetin laitteille. Suuri osa nykyisistä langattomista sensoriverkoista käyttää kuitenkin kaupallisia verkkostandardeja, jotka eivät ole yhteensopivia Internet teknologioiden kanssa. Tästä syystä tämän tyyppisillä järjestelmillä ei saavuteta päästä-päähän yhteyttä Internetissä ja rajoitetussa ympäristössä sijaitsevien laitteiden välille. Tämä tarkoittaa myös sitä, että viestinnän turvaamista ei voida toteuttaa päästä-päähän, vaan viestit puretaan ja suojataan uudelleen, kun ne poistuvat tai tulevat rajoitettuun verkkoon. Ratkaisuiksi näihin yhteensopivuus ongelmiin on kehitetty IP-pohjaisia protokollia, jotka ovat tarpeeksi kevyitä rajoitetuille laitteille. Yhteyden luomiseen kahden rajoitetun laitteen välille dynaamisesti standardoitua ratkaisua ei kuitenkaan vielä ole. Dynaaminen ratkaisu rajoitettujen laitteden välisen liikenteen turvaamiseen tekisi järjestelmistä entistä paremmin integroitavia ja helpommin ylläpidettäviä. Tämä tutkielma käsitteleekin juuri niitä ongelmia, jotka tulisi ratkaista, jotta rajoitettujen laitteiden dynaamiseen autorisointiin voitaisiin löytää yleisesti hyväksytty menetelmä. Tutkielman artefakti on arviointikehys, joka tunnistaa laitteiden rajoitteet ja turvallisuustavoitteet tällaiselle ratkaisulle. The Internet today is growing not only by size, but it is spreading to new areas. New ways to gather more data and control devices are developed in many application areas from smart homes and cities, surrounding environments in cities as well as agricultural settings to industrial settings. This growth is due to miniaturization and the dropping costs. In order to deploy IoT applications in truly pervasive manner the physical size and cost of the devices should remain small. This means especially that in order to keep the cost low some of the device capabilities will be having constraints even when technologies evolve and the price might drop. The compromise is always going to be between narrower deployments with more capable devices and wider deployments with less capable devices. Wireless communication is in many cases the most economic way and for this reason Wireless Sensor Networks (WSN's) have been used in industrial settings for some time now. The same networking technologies can be used in constrained IoT devices. Many of the current WSN deployments are based on proprietary technologies and do not offer a secure end-to-end communication. Instead they provide the data for the Internet through gateways translating the WSN communication. The communication security is based on settings provided in the time of provisioning the devices. End-to-end connectivity and security can be realized by using IP-based protocols developed for constrained devices. But dynamic access control for these environments is still more or less an open question. A dynamic authorized authentication mechanism would make the systems even more integratable and easily maintainable. This paper deals with the problem field of conducting dynamic authorized authentication in constrained environments. The main artifact of this study is a framework that identifies both the constraints and security objectives for realizing authorized authentication in constrained environments.
first_indexed 2024-09-11T08:50:14Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Semenov, Alexander", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.advisor", "value": "Mazhelis, Oleksiy", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Poikolainen, Janne", "language": null, "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2016-08-08T11:53:41Z", "language": "", "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2016-08-08T11:53:41Z", "language": "", "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2016", "language": null, "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.other", "value": "oai:jykdok.linneanet.fi:1566965", "language": null, "element": "identifier", "qualifier": "other", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/50914", "language": "", "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Internetin kasvu ei perustu t\u00e4ll\u00e4 hetkell\u00e4 vain uusien solmujen m\u00e4\u00e4r\u00e4\u00e4n, vaan Internet on levitt\u00e4ytym\u00e4ss\u00e4 aivan uusille alueille. Viimeaikoina erilaiset tavat ker\u00e4t\u00e4 tietoa ja ohjata laitteita uusin tavoin ovat yleistyneet esimerkiksi teollisuudessa, kaupunkiymp\u00e4rist\u00f6jen melun ja saasteiden seurannassa. Lis\u00e4ksi k\u00e4sitteet \u00e4lykoti tai -kaupunki alkavat olla yleisesti tunnettuja. Nykyinen kasvu n\u00e4iden teknologioiden k\u00e4yt\u00f6ss\u00e4 perustuu pitk\u00e4lti laitteiden koon pienenemiseen ja hintojen laskuun. Jotta Esineiden Internet pystyy kasvamaan merkitt\u00e4v\u00e4ll\u00e4 tavalla, laitteiden fyysisten kokojen ja hintojen tulisi pysy\u00e4 matalalla tasolla tai laskea edelleen. Pieni koko ja hinta tarkoittaa kuitenkin usein rajoituksia laitteiden ominaisuuksille. Vaihtoehtoina tuleekin luultavasti aina olemaan rajoittuneempien laitteiden laajempi k\u00e4ytt\u00f6 tai kyvykk\u00e4\u00e4mpien laitteiden kapeampi k\u00e4ytt\u00f6\u00f6notto. Langattomat yhteydet ovat usein edullisin tapa toteuttaa verkkoominaisuuksia erilaisille laitteille. T\u00e4st\u00e4 syyst\u00e4 langattomia sensoriverkkoja on k\u00e4ytetty teollisuudessa jo pidemm\u00e4n aikaa. Samat verkkoteknologiat sopivat my\u00f6s k\u00e4ytett\u00e4v\u00e4ksi Esineiden Internetin laitteille. Suuri osa nykyisist\u00e4 langattomista sensoriverkoista k\u00e4ytt\u00e4\u00e4 kuitenkin kaupallisia verkkostandardeja, jotka eiv\u00e4t ole yhteensopivia Internet teknologioiden kanssa. T\u00e4st\u00e4 syyst\u00e4 t\u00e4m\u00e4n tyyppisill\u00e4 j\u00e4rjestelmill\u00e4 ei saavuteta p\u00e4\u00e4st\u00e4-p\u00e4\u00e4h\u00e4n yhteytt\u00e4 Internetiss\u00e4 ja rajoitetussa ymp\u00e4rist\u00f6ss\u00e4 sijaitsevien laitteiden v\u00e4lille. T\u00e4m\u00e4 tarkoittaa my\u00f6s sit\u00e4, ett\u00e4 viestinn\u00e4n turvaamista ei voida toteuttaa p\u00e4\u00e4st\u00e4-p\u00e4\u00e4h\u00e4n, vaan viestit puretaan ja suojataan uudelleen, kun ne poistuvat tai tulevat rajoitettuun verkkoon. Ratkaisuiksi n\u00e4ihin yhteensopivuus ongelmiin on kehitetty IP-pohjaisia protokollia, jotka ovat tarpeeksi kevyit\u00e4 rajoitetuille laitteille. Yhteyden luomiseen kahden rajoitetun laitteen v\u00e4lille dynaamisesti standardoitua ratkaisua ei kuitenkaan viel\u00e4 ole. Dynaaminen ratkaisu rajoitettujen laitteden v\u00e4lisen liikenteen turvaamiseen tekisi j\u00e4rjestelmist\u00e4 entist\u00e4 paremmin integroitavia ja helpommin yll\u00e4pidett\u00e4vi\u00e4. T\u00e4m\u00e4 tutkielma k\u00e4sitteleekin juuri niit\u00e4 ongelmia, jotka tulisi ratkaista, jotta rajoitettujen laitteiden dynaamiseen autorisointiin voitaisiin l\u00f6yt\u00e4\u00e4 yleisesti hyv\u00e4ksytty menetelm\u00e4. Tutkielman artefakti on arviointikehys, joka tunnistaa laitteiden rajoitteet ja turvallisuustavoitteet t\u00e4llaiselle ratkaisulle.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The Internet today is growing not only by size, but it is spreading to new areas. New ways to gather more data and control devices are developed in many application areas from smart homes and cities, surrounding environments in cities as well as agricultural settings to industrial settings. This growth is due to miniaturization and the dropping costs. In order to deploy IoT applications in truly pervasive manner the physical size and cost of the devices should remain small. This means especially that in order to keep the cost low some of the device capabilities will be having constraints even when technologies evolve and the price might drop. The compromise is always going to be between narrower deployments with more capable devices and wider deployments with less capable devices. Wireless communication is in many cases the most economic way and for this reason Wireless Sensor Networks (WSN's) have been used in industrial settings for some time now. The same networking technologies can be used in constrained IoT devices. Many of the current WSN deployments are based on proprietary technologies and do not offer a secure end-to-end communication. Instead they provide the data for the Internet through gateways translating the WSN communication. The communication security is based on settings provided in the time of provisioning the devices. End-to-end connectivity and security can be realized by using IP-based protocols developed for constrained devices. But dynamic access control for these environments is still more or less an open question. A dynamic authorized authentication mechanism would make the systems even more integratable and easily maintainable. This paper deals with the problem field of conducting dynamic authorized authentication in constrained environments. The main artifact of this study is a framework that identifies both the constraints and security objectives for realizing authorized authentication in constrained environments.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted using Plone Publishing form by Janne Poikolainen (jajupoik) on 2016-08-08 11:53:41.184706. Form: Pro gradu -lomake (https://kirjasto.jyu.fi/julkaisut/julkaisulomakkeet/pro-gradu-lomake). JyX data: [jyx_publishing-allowed (fi) =True]", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by jyx lomake-julkaisija (jyx-julkaisija.group@korppi.jyu.fi) on 2016-08-08T11:53:41Z\r\nNo. of bitstreams: 2\r\nURN:NBN:fi:jyu-201608083731.pdf: 947827 bytes, checksum: 079193cf7aeb0e68f2614c40777a1c78 (MD5)\r\nlicense.html: 4838 bytes, checksum: 23a3becddba2c8e244e3aab42d0beea1 (MD5)", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2016-08-08T11:53:41Z (GMT). No. of bitstreams: 2\r\nURN:NBN:fi:jyu-201608083731.pdf: 947827 bytes, checksum: 079193cf7aeb0e68f2614c40777a1c78 (MD5)\r\nlicense.html: 4838 bytes, checksum: 23a3becddba2c8e244e3aab42d0beea1 (MD5)\r\n Previous issue date: 2016", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "1 verkkoaineisto (95 s.)", "language": null, "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "rajoitetut ymp\u00e4rist\u00f6t", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Access control", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Internet of Things", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Constrained Environments", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Authorized Authentication", "language": null, "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Authorized authentication evaluation framework for constrained environments", "language": null, "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201608083731", "language": null, "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Tietojenk\u00e4sittelytieteiden laitos", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Department of Computer Science and Information Systems", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Information Systems Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietoj\u00e4rjestelm\u00e4tiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.date.updated", "value": "2016-08-08T11:53:42Z", "language": "", "element": "date", "qualifier": "updated", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": "fi", "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": null, "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "esineiden internet", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "todentaminen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_50914
language eng
last_indexed 2025-03-31T20:03:04Z
main_date 2016-01-01T00:00:00Z
main_date_str 2016
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/d1daf03b-d399-466c-a38a-42e3285432b8\/download","text":"URN:NBN:fi:jyu-201608083731.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2016
record_format qdc
source_str_mv jyx
spellingShingle Poikolainen, Janne Authorized authentication evaluation framework for constrained environments rajoitetut ympäristöt Access control Internet of Things Constrained Environments Authorized Authentication Information Systems Science Tietojärjestelmätiede 601 esineiden internet todentaminen
title Authorized authentication evaluation framework for constrained environments
title_full Authorized authentication evaluation framework for constrained environments
title_fullStr Authorized authentication evaluation framework for constrained environments Authorized authentication evaluation framework for constrained environments
title_full_unstemmed Authorized authentication evaluation framework for constrained environments Authorized authentication evaluation framework for constrained environments
title_short Authorized authentication evaluation framework for constrained environments
title_sort authorized authentication evaluation framework for constrained environments
title_txtP Authorized authentication evaluation framework for constrained environments
topic rajoitetut ympäristöt Access control Internet of Things Constrained Environments Authorized Authentication Information Systems Science Tietojärjestelmätiede 601 esineiden internet todentaminen
topic_facet 601 Access control Authorized Authentication Constrained Environments Information Systems Science Internet of Things Tietojärjestelmätiede esineiden internet rajoitetut ympäristöt todentaminen
url https://jyx.jyu.fi/handle/123456789/50914 http://www.urn.fi/URN:NBN:fi:jyu-201608083731
work_keys_str_mv AT poikolainenjanne authorizedauthenticationevaluationframeworkforconstrainedenvironments

Similar Items