A Trust Point-based Security Architecture for Sensor Data in the Cloud

  • Martin Henze
  • René Hummen
  • Roman Matzutt
  • Klaus Wehrle


The SensorCloud project aims at enabling the use of elastic, on-demand resources of today’s Cloud offers for the storage and processing of sensed information about the physical world. Recent privacy concerns regarding the Cloud computing paradigm, however, constitute an adoption barrier that must be overcome to leverage the full potential of the envisioned scenario. To this end, a key goal of the SensorCloud project is to develop a security architecture that offers full access control to the data owner when outsourcing her sensed information to the Cloud. The central idea of this security architecture is the introduction of the trust point, a security-enhanced gateway at the border of the information sensing network. Based on a security analysis of the SensorCloud scenario, this chapter presents the design and implementation of the main components of our proposed security architecture. Our evaluation results confirm the feasibility of our proposed architecture with respect to the elastic, on-demand resources of today’s commodity Cloud offers.


Sensor Network Sensor Node Cloud Computing Sensor Data Data Item 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Amazon Web Services, Inc.: Amazon EC2 Instances. URL Retrieved: 09/10/2013
  2. 2.
    Amazon Web Services, Inc.: AWS GovCloud (US) Region – Government Cloud Computing. URL Retrieved: 09/10/2013
  3. 3.
    Barker, E., Barker, W., Burr, W., Polk, W., Smid, M.: Recommendation for Key Management – Part 1: General (Revision 3). Tech. rep, National Institute of Standards and Technology (2012)Google Scholar
  4. 4.
    Boneh, D., Waters, B.: Conjunctive, Subset, and Range Queries on Encrypted Data. In: S.P. Vadhan (ed.) Theory of Cryptography, Lecture Notes in Computer Science, vol. 4392. Springer (2007)Google Scholar
  5. 5.
    Bowers, K.D., Juels, A., Oprea, A.: HAIL: A High-Availability and Integrity Layer for Cloud Storage. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS) (2009)Google Scholar
  6. 6.
    Bugiel, S., N¨urnberger, S., Sadeghi, A.R., Schneider, T.: Twin Clouds: Secure Cloud Computing with Low Latency. In: B. Decker, J. Lapon, V. Naessens, A. Uhl (eds.) Communications and Multimedia Security, Lecture Notes in Computer Science, vol. 7025. Springer (2011)Google Scholar
  7. 7.
    Carpenter, B., Brim, S.: Middleboxes: Taxonomy and Issues. IETF RFC 3234 (Informational) (2002)Google Scholar
  8. 8.
    Chow, R., Golle, P., Jakobsson, M., Shi, E., Staddon, J., Masuoka, R., Molina, J.: Controlling Data in the Cloud: Outsourcing Computation without Outsourcing Control. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW) (2009)Google Scholar
  9. 9.
    Coarfa, C., Druschel, P., Wallach, D.S.: Performance Analysis of TLS Web servers. ACM Trans. Comput. Syst. 24(1) (2006)Google Scholar
  10. 10.
    Crockford, D.: The application/json Media Type for JavaScript Object Notation (JSON). RFC 4627 (2006) A Trust Point-based Security Architecture for Sensor Data in the Cloud 105Google Scholar
  11. 11.
    Danezis, G., Livshits, B.: Towards Ensuring Client-Side Computational Integrity. In: Proceedings of the 3rd ACM Workshop on Cloud Computing Security (CCSW) (2011)Google Scholar
  12. 12.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. IETF RFC 5246 (Proposed Standard) (2008)Google Scholar
  13. 13.
    Eggert, M., H¨außling, R., Henze, M., Hermerschmidt, L., Hummen, R., Kerpen, D., Navarro P´erez, A., Rumpe, B., Thißen, D., Wehrle, K.: SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators. Tech. rep., RWTH Aachen University (2013)Google Scholar
  14. 14.
    Ferraiolo, D., Kuhn, R.: Role-Based Access Control. In: 15th NIST-NCSC National Computer Security Conference (1992)Google Scholar
  15. 15.
    Gentry, C.: Computing Arbitrary Functions of Encrypted Data. Commun. ACM 53(3) (2010)Google Scholar
  16. 16.
    Guarnieri, S., Livshits, B.: GATEKEEPER: Mostly Static Enforcement of Security and Reliability Policies for JavaScript Code. In: 18th USENIX Security Symposium (USENIX Security) (2009)Google Scholar
  17. 17.
    Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749 (Proposed Standard) (2012)Google Scholar
  18. 18.
    Heer, T., G¨otz, S., Weing¨artner, E., Wehrle, K.: Secure Wi-Fi Sharing at Global Scales. In: International Conference on Telecommunications (ICT) (2008)Google Scholar
  19. 19.
    Henze, M., Großfengels, M., Koprowski, M., Wehrle, K.: Towards Data Handling Requirements-aware Cloud Computing. In: 2013 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (2013)Google Scholar
  20. 20.
    Henze, M., Hummen, R., Matzutt, R., Catrein, D., Wehrle, K.: Maintaining User Control While Storing and Processing Sensor Data in the Cloud. International Journal of Grid and High Performance Computing (IJGHPC) 5(4) (2013)Google Scholar
  21. 21.
    Henze, M., Hummen, R., Wehrle, K.: The Cloud Needs Cross-Layer Data Handling Annotations. In: 2013 IEEE Security and Privacy Workshops (2013)Google Scholar
  22. 22.
    Hummen, R., Henze, M., Catrein, D., Wehrle, K.: A Cloud Design for User-controlled Storage and Processing of Sensor Data. In: 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom) (2012)Google Scholar
  23. 23.
    Hummen, R., Hiller, J., Henze, M., Wehrle, K.: Slimfit - A HIP DEX Compression Layer for the IP-based Internet of Things. In: 1st International Workshop on Internet of Things Communications and Technologies (IoT) (2013)Google Scholar
  24. 24.
    Hummen, R., Hiller, J., Wirtz, H., Henze, M., Shafagh, H., Wehrle, K.: 6LoWPAN Fragmentation Attacks and Mitigation Mechanisms. In: Proceedings of the sixth ACM Conference on Security and privacy in Wireless and Mobile Networks (WiSec) (2013)Google Scholar
  25. 25.
    Hummen, R., Shafagh, H., Raza, S., Voigt, T., Wehrle, K.: Delegation-based authentication and authorization for the ip-based internet of things. In: 2014 IEEE International Conference on Sensing, Communications and Networking (SECON) (2014)Google Scholar
  26. 26.
    Hummen, R., Wirtz, H., Ziegeldorf, J.H., Hiller, J., Wehrle, K.: Tailoring End-to-End IP Security Protocols to the Internet of Things. In: 21st IEEE International Conference on Network Protocols (ICNP) (2013)Google Scholar
  27. 27.
    Itani, W., Kayssi, A., Chehab, A.: Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures. In: Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC) (2009)Google Scholar
  28. 28.
    Jennings, C., Shelby, Z., Arkko, J.: Media Types for Sensor Markup Language (SENML). IETF Internet-Draft draft-jennings-senml-10 (2013). Work in progressGoogle Scholar
  29. 29.
    Kamara, S., Lauter, K.: Cryptographic Cloud Storage. In: R. Sion, R. Curtmola, S. Dietrich, A. Kiayias, J. Miret, K. Sako, F. Seb´e (eds.) Financial Cryptography and Data Security, Lecture Notes in Computer Science, vol. 6054. Springer (2010)Google Scholar
  30. 30.
    Kaufman, C., Hoffman, P., Nir, Y., Eronen, P.: Internet Key Exchange Protocol Version 2 (IKEv2). IETF RFC 5996 (Proposed Standard) (2010)Google Scholar
  31. 31.
    Lamport, L.: Password Authentication with Insecure Communication. Commun. ACM 24(11) (1981)Google Scholar
  32. 32.
    Lindell, Y., Pinkas, B.: A Proof of Security of Yao’s Protocol for Two-Party Computation. Journal of Cryptology 22(2) (2009) 106 Martin Henze, Ren´e Hummen, Roman Matzutt, and Klaus WehrleGoogle Scholar
  33. 33.
    Mitchell, C.J. (ed.): Trusted Computing. IEE (2005)Google Scholar
  34. 34.
    Montenegro, G., Kushalnagar, N., Hui, J., Culler, D.: Transmission of IPv6 Packets over IEEE 802.15.4 Networks. RFC 4944 (2007)Google Scholar
  35. 35.
    Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol. IETF RFC 5201 (Experimental) (2008)Google Scholar
  36. 36.
    National Institute of Standards and Technology: FIPS PUB 197: Advanced Encryption Standard (AES) (2001)Google Scholar
  37. 37.
    National Institute of Standards and Technology: FIPS PUB 186-4: Digital Signature Standard (DSS) (2013)Google Scholar
  38. 38.
    Navarro P´erez, A., Rumpe, B.: Modeling Cloud Architectures as Interactive Systems. In: 2nd International Workshop on Model-Driven Engineering for High Performance and Cloud Computing (MDHPCL) (2013)Google Scholar
  39. 39.
    Paillier, P.: Public-Key Cryptosystems Based on Composite Degree Residuosity Classes. In: J. Stern (ed.) Advances in Cryptology — EUROCRYPT ’99, Lecture Notes in Computer Science, vol. 1592. Springer (1999)Google Scholar
  40. 40.
    Pearson, S., Benameur, A.: Privacy, Security and Trust Issues Arising from Cloud Computing. In: 2010 IEEE 2nd International Conference on Cloud Computing Technology and Science (CloudCom) (2010)Google Scholar
  41. 41.
    Pearson, S., Mont, M.C., Chen, L., Reed, A.: End-to-End Policy-Based Encryption and Management of Data in the Cloud. In: 2011 IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom) (2011)Google Scholar
  42. 42.
    Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: Protecting Confidentiality with Encrypted Query Processing. In: Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles (SOSP ’11) (2011)Google Scholar
  43. 43.
    Robertson, J.: How Private Data Became Public on Amazon’s Cloud. URL Retrieved: 09/10/2013
  44. 44.
    Santos, N., Gummadi, K.P., Rodrigues, R.: Towards Trusted Cloud Computing. In: USENIX Workshop on Hot Topics in Cloud Computing (HotCloud ’09) (2009)Google Scholar
  45. 45.
    The HIPL Project: Host Identity Protocol for Linux. online @ (2013)
  46. 46.
    The OpenSSL Project: OpenSSL. online @ (2013)
  47. 47.
    The strongSwan Project: strongSwan - IPsec for Linux. online@ (2013)
  48. 48.
    Wallom, D., Turilli, M., Taylor, G., Hargreaves, N., Martin, A., Raun, A., McMoran, A.: myTrustedCloud: Trusted Cloud Infrastructure for Security-critical Computation and Data Managment. In: 2011 IEEE 3rd International Conference on Cloud Computing Technology and Science (CloudCom) (2011)Google Scholar
  49. 49.
    Wang, Q., Wang, C., Ren, K., Lou, W., Li, J.: Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing. IEEE Trans. Parallel Distrib. Syst. 22(5), 847–859 (2011)CrossRefGoogle Scholar
  50. 50.
    Yao, A.C.C.: How to Generate and Exchange Secrets. In: 27th Annual Symposium on Foundations of Computer Science (1986)Google Scholar
  51. 51.
    Yu, S.,Wang, C., Ren, K., Lou,W.: Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing. In: 2010 Proceedings IEEE INFOCOM (2010)Google Scholar
  52. 52.
    Ziegeldorf, J.H., Garcia Morchon, O., Wehrle, K.: Privacy in the Internet of Things: Threats and Challenges. Security and Communication Networks (2013)Google Scholar
  53. 53.
    ZigBee Alliance: ZigBee 2012 Specification (2012)Google Scholar
  54. 54.
    ZigBee Alliance: ZigBee Smart Energy Profile 2 (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Martin Henze
    • 1
  • René Hummen
    • 1
  • Roman Matzutt
    • 1
  • Klaus Wehrle
    • 1
  1. 1.Communication and Distributed SystemsRWTH Aachen UniversityAachenGermany

Personalised recommendations