Publication:
DNS/DANE collision-based distributed and dynamic authentication for microservices in IoT

Thumbnail Image
Identifiers
URI: https://hdl.handle.net/10016/31416
ISSN: 1424-8220
DOI: https://doi.org/10.3390/s19153292
UXXI: AR/0000024753
Files
collision_almenares_2019.pdf (1.21 MB)
Publication date
2019-08-01
Defense date
Authors
Advisors
Tutors
Journal Title
Journal ISSN
Volume Title
Publisher
Impact
Google Scholar
Export
Research Projects
Organizational Units
Journal Issue
Abstract
IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices' clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. [...]
Description
Keywords
Iot, Microservices, DNSSEC, DANE, Chameleon signatures
Bibliographic citation
Díaz-Sánchez, D., Marín-Lopez, A., Almenárez Mendoza, F., Arias Cabarcos, P. (2019). DNS/DANE Collision-Based Distributed and Dynamic Authentication for Microservices in IoT. Sensors, 19(15), 3292
Collections
DIT - GAST - Artículos de Revistas