Flexible IoT Security Middleware

for End-to-End Cloud-Fog Communication

Bidyut Mukherjeea, Songjie Wangb, Wenyi Lua, Roshan Lal Neupanea,Daniel Dunna, Yijie Rena, Qi Sua, Prasad Calyamb

a{bm346, wldh6, rlnzq8, dpdbp7, yry7d, qsn4c}@mail.missouri.edub{wangso, calyamp}@missouri.edu

Abstract

IoT (Internet of Things) based smart devices such as sensors have been ac-tively used in edge clouds i.e., ‘fogs’ along with public clouds. They providecritical data during scenarios ranging from e.g., disaster response to in-homehealthcare. However, for these devices to work effectively, end-to-end se-curity schemes for the device communication protocols have to be flexibleand should depend upon the application requirements as well as the resourceconstraints at the network-edge. In this paper, we present the design andimplementation of a flexible IoT security middleware for end-to-end cloud-fogcommunications involving smart devices and cloud-hosted applications. Thenovel features of our middleware are in its ability to cope with intermittentnetwork connectivity as well as device constraints in terms of computationalpower, memory, energy, and network bandwidth. To provide security duringintermittent network conditions, we use a ‘Session Resumption’ algorithm inorder for our middleware to reuse encrypted sessions from the recent past,if a recently disconnected device wants to resume a prior connection thatwas interrupted. In addition, we describe an ‘Optimal Scheme Decider’ al-gorithm that enables our middleware to select the best possible end-to-endsecurity scheme option that matches with a given set of device constraints.Experiment results show how our middleware implementation also providesfast and resource-aware security by leveraging static properties i.e., staticpre-shared keys (PSKs) for a variety of IoT-based application requirementsthat have trade-offs in higher security or faster data transfer rates.

Keywords: IoT Security Middleware, Mobile Edge Cloud, Cloud-FogCommunication, Secure IoT Applications

Preprint submitted to Future Generation Computer Systems December 28, 2017

1. Introduction1

Internet of Things (IoT) systems typically comprise of a network of con-2

nected devices or “things”. The term “thing” here can constitute any smart3

device ranging from sensor devices in automobiles, bio-chemical sensing de-4

vices in homeland security, to heart monitoring devices inside of a human5

body. In fact, any object that has the ability to collect and transfer data6

across the network to an edge or core cloud computing platform can be a7

part of an IoT system. As mentioned in [1], emerging IoT system trends are8

set to completely change the way businesses, governments, and consumers9

interact with each other, and transact in a data-driven economy.10

As a specific example, an IoT system of Geo Sensors could involve col-11

lection of various kinds of geographical information related to soil, forest12

terrains, and weather. The collected data is continually sent to nearby edge13

clouds or ‘fog computing platforms’ for aggregation and drill-down analy-14

sis/visualization. Similarly, smart devices in IoT systems can also provide15

critical data during e.g., disaster response scenarios or in-home healthcare.16

An exemplar application of an IoT system used for disaster response is17

Panacea’s Cloud [2, 3, 4]. Such systems aid in providing medical triaging18

and quick response during emergency disaster situations. The Panacea’s19

Cloud system involves many distributed IoT devices transmitting data from20

various locations in a disaster region to a responding personnel’s handheld21

device, which in turn utilizes a mobile cloud-fog setup that provides intelli-22

gent dashboard visualizations. Considering the in-home healthcare applica-23

tion scenario, IoT systems such as [5, 6] are aimed at providing emergency24

services to the elderly, if the need arises. These involve smart sensors and25

cameras using cloud-fog storage for keeping track of movements made by the26

elderly. The IoT system here could use cloud-fog computation for algorithms27

that help notify primary care contacts if an elder’s gait signature appears to28

contain certain types of anomaly events that suggest high fall risk.29

We can see that the above IoT-based applications can have broad use30

cases involving diverse infrastructure configurations and data/resource se-31

curity requirements. Consequently, ad-hoc communication protocol imple-32

mentations with undesirable security overheads are not suitable. Consider33

the aforementioned case of disaster response systems [3]; the edge network34

here comprises of IoT devices that typically operate in resource-constrained35

(compute, memory, storage, network, energy) environments. Such systems36

could become highly unstable and unreliable due to physical infrastructure37

2

damage or lossy edge links when there are extreme events such as hurricanes,38

tornadoes or earthquakes. The IoT system security in this case needs to be39

configured such that the security overhead of the communication protocols40

does not impede the already slow data transfer speeds due to constrained41

edge resources and infrastructure.42

Alternately, the above IoT systems for providing in-home healthcare, as43

in [5, 6] may have access to fully functional edge infrastructure including44

Gigabit fiber connections (e.g., Google Fiber) to user sites and a set of fog45

resources at a nearby hospital data center. In such cases, the available re-46

sources can be readily used to handle the big data generated from patient47

homes (typically up to 23GB/Person/Week). The IoT system security for48

this application case involving elderly patient data needs to be configured for49

maximum data confidentiality and integrity, even if data transfer speeds are50

affected due to security overhead of the communication protocols.51

In this paper, we address the wide-ranging IoT-based application secu-52

rity needs and diverse network-edge resource constraints by proposing a novel53

design of a flexible IoT security middleware for end-to-end cloud-fog commu-54

nication. Our goal is to primarily secure the network located at the user55

fogs, i.e., where the IoT devices are located. However, we also seek to main-56

tain security compatibility with an existing core cloud network using System57

Level or Application Level deployment considerations of our middleware.58

The salient features of our IoT security middleware, which form the main59

paper contributions of our work are in its ability to provide: (i) ‘Intermittent60

Security’, and (ii) ‘Resource-aware Security’ for smart devices and cloud-61

hosted applications. Pertaining to Intermittent Security, our middleware uses62

a Session Resumption algorithm in order to reuse encrypted sessions from63

recent past, if a recently disconnected device wants to resume a prior con-64

nection that was interrupted due to an unreliable network connection. With65

regards to Flexible Security, our middleware uses a novel Optimal Scheme66

Decider algorithm that allows users to configure the best possible end-to-67

end security scheme option that matches with a given set of device resource68

constraints. Through application resource-awareness obtained via supervised69

machine learning (versus blindly following a rigid/adhoc security configura-70

tion), our middleware enables users to configure either higher security or71

prioritize faster data transfer rates, via RESTful APIs for data collection at72

a cloud or a fog site.73

We validate our middleware implementation’s ability to provide robust,74

fast and resource-aware security through experiment results in an actual75

3

cloud-fog testbed, as well as through simulation results. Results also show76

that our work lays a foundation for promoting increased adoption of static77

properties such as Static PSKs that can handle the trade-offs in high security78

or faster data transfer rate requirements within IoT-based applications.79

The remainder of this paper is organized as follows: In Section 2, we dis-80

cuss related work. In Section 3, we provide an overview of our middleware81

and provide a detailed description of our approach with a corresponding refer-82

ence architecture. Section 4 elaborates on our Intermittent Security solution83

and details our Session Resumption algorithm. Next, Section 5 discusses84

our Resource-aware Security solution and details our Optimal Scheme De-85

cider algorithm. Section 6 evaluates the effectiveness of our middleware and86

compares the performance of an IoT-based application with-and-without our87

middleware. Section 7 concludes this paper and suggests future work.88

2. Related Work89

The core concepts of IoT related sensing and communication have been90

outlined in prior works such as [7] and [8]. Authors in [7] identify that IoT91

systems need to implement a shared understanding of the situation of users92

and their devices with context-awareness. Thus, a requirement for IoT-based93

sensing systems design including security needs to address adaptation re-94

quirements to cope with dynamic contexts and varied application platforms.95

Similarly, authors in [8] identify the high-level abstractions and interoperabil-96

ity needs to ensure proper security in the form of confidentiality, integrity97

and availability, as well as to bridge the gap between IoT (i.e., constrained98

edge) and enterprise (i.e., unconstrained core cloud) communications.99

From the perspective of frameworks that address IoT related sensing and100

communication issues, prior work such as [9] and [10] have focused on smart101

city applications. In [9], data service models to deal with real-time data102

analysis are presented along with a tiered security service to handle data103

transmissions. The proposed framework supposes that communication be-104

tween IoT sensors and the application back-end (i.e., in an agricultural data105

analysis use case) needs to be ad-hoc and fast, while security design needs106

to be flexible to handle time-sensitivity or content-sensitivity. In contrast,107

a case for scalability and plug-in components in IoT-based applications is108

presented in [10], and a flexible framework design similar to our security109

middleware is presented. The authors list challenges in handling differences110

in communication protocols between the IoT devices and the edge gateway.111

4

IoT-based application deployment is a relatively new trend, however meth-112

ods to secure networked IoT devices have been explored in the past. Work113

in [11] discusses security procedures for constrained IoT devices. An archi-114

tecture to offload computation intensive tasks to the gateway is proposed,115

which helps in reducing the cost of security encryptions at the IoT node side.116

However, offloading at a large scale is a tedious task as mentioned in [12].117

In [13] and [14], the authors propose lightweight authentication schemes that118

can be used in the context of IoT systems and constrained wireless sensor119

networks. In comparison, our work investigates a security middleware which120

makes use of static Pre-Shared Keys (PSKs) that is different from the multi-121

phase encryption and decryption used in earlier works. We phase down to122

just one iteration for lightweight authentication. Consequently, our approach123

reduces security overhead in the cloud-fog communication protocols and is124

less time consuming in an IoT-based application deployment.125

Work in [15] addresses issues in session key management for IoT-based ap-126

plications, particularly concerning health-care sensors. The authors devised a127

secure end-to-end protocol for resource-constrained devices by adapting secu-128

rity functionality used in unconstrained devices, but without computationally129

intensive operations. They offloaded heavy computation at constrained de-130

vices to neighboring trusted nodes/devices. Their session key creation, how-131

ever, was ephemeral. Similarly, authors in [16] provide methods to offload132

security computation from devices to the edge cloud. Our work builds on133

top of these works, and uses an easier, yet effective key management scheme.134

Specifically, we create static keys which are not short-lived, reducing the key135

exchange cost and time significantly.136

Our work is closely related to prior work in [17, 18], where the same137

authors developed security schemes for mobility-enabled healthcare IoT sys-138

tems. They outline architectures that are based on certificate-based DTLS139

handshake. In addition, their scheme utilizes the session resumption concept140

for communication, and proposes system mobility through interconnected141

smart gateways. Our work extends this highly relevant work to incorpo-142

rate flexibility and resource-awareness in the security scheme configuration143

for IoT-based applications that function in both austere and smart network144

environments.145

A comprehensive session resumption mechanism is discussed in [19]. The146

work uses HIP DEX i.e., Host Identity Protocol Diet EXchange which pro-147

vides secured end-to-end connections in IoT systems. Perfect forward se-148

crecy and non-repudiation properties of HIP result in significantly decreased149

5

protocol handshake overhead and reduced handshake run-time. Storage of150

session state after session tear-down enables efficient re-authentication and151

re-establishment of a secure payload channel in an abbreviated session re-152

sumption handshake. Our work utilizes the concept of session resumption153

but makes a few changes for broader compatibility. Instead of HIP, we utilize154

Device ID, which can additionally act as a static unique device property.155

We encountered use of different encryption techniques in earlier works. As156

an exemplar, work in [20] makes use of Physical Unclonable Functions (PUF)157

over public key cryptography, which takes advantage of existing physical158

properties of a device. They utilize Physical Key Generation (PKG) that159

use physical properties of the communication channel, and is lighter than160

common public-key cryptography. Along the same lines, work in [21] aims for161

lightweight user authentication and key agreement protocol implementation,162

but relies heavily on use of smart cards. Our work extends upon such works163

to use physical properties of the devices, and is able to forgo re-authentication164

by using session resumption.165

Authors in [22] give a standard security compliant framework to secure166

the IEEE 802.15.4 networks in low power lossy network (LLNs). The frame-167

work supports five different levels of security with their proposed security168

configurations (i.e., Fully Secured, Unsecured, Partial Secured, Hybrid Se-169

cured and Flexible Secured). Flexible secured configuration has the potential170

to change the level of security based on requirements when needed, and shifts171

from full secured state to hybrid secured state. However, the approach is not172

quite scalable since re-entry of device request is not supported. This is a gap173

that can be filled by the presence of a flexible, dynamic security middleware174

to act as an interface for fast or secure encrypted communication. Hence, our175

work takes the security framework, specifically the concept of Resource-aware176

Security, a step further towards practical use within IoT-based applications.177

3. IoT Security Middleware Overview178

In this section, we first describe our vision of the physical infrastructure179

necessary to deploy our middleware that builds upon our previous work [23].180

Following this, we list the various modules in our middleware and explain181

the interactions of our middleware with a cloud gateway and a smart device.182

Lastly, we discuss practical deployment considerations for the deployment of183

our middleware in an IoT system.184

6

GATEWAY

CORE CLOUD

WIRELESS NETWORK

MID

DLE

WA

RE

MID

DLE

WA

RE

EDGE CLOUD/FOG

Figure 1: IoT system architecture - Core Cloud along with the Gateway forms an un-constrained network, whereas Gateway along with the IoT devices forms a constrainednetwork segment [23]

.

3.1. Physical Infrastructure185

Figure 1 illustrates a physical infrastructure view to integrate our mid-186

dleware in an IoT system that involves cloud-fog communication. The in-187

frastructure primarily consists of a core cloud infrastructure, a gateway, and188

several edge IoT devices. The core cloud has a communication channel with189

gateways at the network-edge. The edge gateways form an interface to the190

network for the IoT devices. Parts of the primary middleware need to be191

installed on both the gateway and the fog IoT devices. The fog network192

can constitute any number or type of IoT devices, such as heart monitor,193

beacon, geo sensor, etc. The primary middleware allows secure and fast data194

transfer between the sensor devices and the gateway by using the “Intermit-195

tent Security” feature to ensure robustness against frequent disconnections,196

and by using security schemes chosen through our “Resource-aware Security”197

module. To realize these benefits, our middleware stores and tracks sessions,198

certificates, or keys, between both the fog and the gateway. Once data has199

been securely transferred to the gateway, it handles the translation of pro-200

tocols to allow compatibility between the core cloud protocols and the IoT201

device protocols.202

Optionally, secondary middleware can be integrated between the gateway203

and the core cloud to provide additional flexibility and robustness, if needed.204

There is a key benefit of having this integration setup. The presence of inter-205

7

mediate gateways allows for decoupling of services and protocols between the206

cloud-gateway and gateway-iot subnets, essentially paving way for end-to-end207

security via our intermediate middleware. Our ideal integration consists of208

a middleware piece in the core cloud network side, and another middleware209

piece at the fog network side. Each middleware piece consists of a server-210

client pair interacting with just each other. At the gateway, the client of the211

cloud interacts with the server of edge, allowing end-to-end secured communi-212

cation. Our middleware additionally supports device resource-aware security213

by accommodating different protocols for individual nodes in the fog net-214

work, in addition to being accessible to use static PSKs for quick encryption215

setup, and support for intermittent security through session resumption.216

We suppose in Figure 1 that smart applications that are based on IoT217

data from e.g., sensors collect contextual data at large scales from several218

geographically distributed fog/edge locations. Our middleware helps in se-219

cure integration and analysis of such data using cloud platforms and wireless220

communication networks for actionable insights. Our middleware can be221

useful in cases where custom application dashboards in e.g., public safety,222

transportation or rural healthcare require secure data import and export223

in a cloud and fog communications infrastructure to deal with IoT devices224

with varying trust, resource constraints and wireless network reliability. The225

middleware can be customized in rural areas or in the middle of areas with226

sparse/intermittent wireless connectivity, where strict security requirements227

might lead to channel bandwidth consumption overheads or fast drainage of228

constrained device resources. This in turn might block data access from IoT229

devices, or cause data integrity issues that lead to discarding of important230

data in some cases. Thus, our middleware addresses the lack of flexible trust231

management in today’s smart applications in a manner that can enable data232

collection with minimal viable security. Consequently, it helps with real-time233

IoT device data ingest into a cloud from both trusted and un/low-trusted234

devices to facilitate follow-up actions by decision makers at the fog sites.235

3.2. Logical Modules236

A modular diagram of our proposed middleware is shown in Figure 2.237

The involved devices keep track of (D)TLS sessions, PSKs, and the Device238

IDs. The security association occurs first by letting the Intermittent Se-239

curity module (see Section 4 for details on the background, algorithm and240

implementation) try and resume a past connection, by first verifying ses-241

sion existence and validity. If the resumption fails, Resource-aware Security242

8

Intermittent Security Module

SessionPSK*

Device ID

IoT Node

Gateway

Session Verifier

Session Serializer

Session Resumer

Resource-aware Security Module

AuthenticatorMAC Algorithm

Encryption Cipher

(D)TLS

SessionPSK*

Device ID

*Recommended, over Certificates

Middlew

are

Figure 2: End-to-End IoT Security Middleware Module Diagram

[23]

module (see Section 5 for details on the background, algorithm and imple-243

mentation) acts as an interface to allow configuration of required security244

schemes. These two modules in conjunction form the middleware.245

246

Our middleware allows flexibility of security through various available247

protocols. The reasoning behind providing flexibility is because all applica-248

tions and devices are not built with same level of security in mind. There is a249

trade-off between security and speed when it comes to a preset of a security250

protocol. High level of security is usually desired, but not always needed.251

Based on the application, it might be detrimental to have full-fledged secu-252

rity. For instance, if an edge beacon (based on e.g., iBeacon technology) is253

transmitting confidential medical information, the data security is a major254

priority. However, if the same beacon is to be reused for emergency medical255

triage, the priority for speed and low power consumption goes up, at the256

expense of high security.257

9

3.3. Deployment258

In practical IoT system deployments, the middleware can be installed at259

both the System Level and Application Level. A System Level installation260

could involve integrating the features of the middleware into the Operating261

System services of the device, ideally by the device manufacturer or software262

developer. This approach allows an application developer to incorporate the263

features of the middleware for customization by users. On the other hand,264

Application Level installation can allow an application developer to directly265

integrate the middleware features into the application logic. This approach266

could be useful if full device control is not available at the Application Level.267

4. Intermittent Security268

4.1. Solution Approach269

Intermittent security utilizes session resumption to quickly bring a discon-270

nected device back in the network when needed again. This concept closely271

follows the ideas proposed in [19], and but we consider a few modified fac-272

tors. Our middleware implements intermittent security using a “Device ID”,273

instead of using the Host Identity Protocol (HIP). This allows compatibility274

with a broader range of device types. The device IDs of the edge nodes are275

managed by the nearest hop gateway. (D)TLS sessions are stored by the276

devices on disconnection for future use. If such a recently disconnected edge277

node attempts to make a connection with the gateway, the gateway uses278

the client Device IDs to determine the session to resume for that requesting279

node. This module allows fewer security handshake steps that result in time280

savings, and the data to be transmitted can still successfully be transferred281

without compromising security.282

A possible major concern in a session resumption implementation is the283

possibility of Replay Attacks [24]. Given that the serialized sessions are tied284

to the property of the device, i.e., the Device ID, replaying using the same285

session is made extremely difficult by any malicious device, almost certainly286

having a different Device ID. To prevent an active session from being replayed287

by a spoofing device, a simple flag is sufficient to block such replay requests.288

Data Encryption is commonly done using keys established through Public289

Key Cryptography (PKC). Instead of using PKC, our middleware chooses to290

leverage static elements such as Static Pre-shared Key (PSK) or Certificates.291

This is because PKC can be quite slow, in addition to being intensive in292

terms of time, computation, bandwidth, and memory resources, [20]. Despite293

10

Resume Session

Resource-aware Security Scheme

Session

Data prep

Session Resumption Success?

Device Storage

No

Reuse session

Yes

Ser

ializ

e S

essi

onS

erialize S

ession

Data transmit

Figure 3: Illustration of Intermittent Security handling with Session Resumption [23]

lacking in nonce and entropy compared to ephemeral schemes, static PSKs294

still are capable of providing a reasonable level of encryption using the user’s295

choice of cipher, such as block or stream ciphers. Hence, it is a preferable296

scheme for most use cases, allowing a tradeoff balance between speed and297

security requirements of an IoT-based application [25].298

4.2. Logic Implementation299

Figure 3 shows a flowchart illustration of how our middleware leverages300

intermittent security with session resumption for quick data transmission.301

A contingent flexible security scheme is used to quickly establish lost con-302

nections with the fastest possible way, based on the security needs of an303

IoT-based application. Algorithm 1 shows our pseudocode for providing in-304

termittent security. The main() function gets executed first, to check whether305

the connection between the associated devices is being made for the very first306

time. Or, if there already is a valid session corresponding to these devices.307

If so, we can simply fetch the stored session from device storage and at-308

tempt to resume it, allowing quick reconnection between them. If not, a new309

connection has to be established with device resource-awareness i.e., based310

on chosen protocol, authentication scheme, encryption scheme, and message311

authentication code algorithm, a new session would be initiated.312

11

Once a session has been found (either new or resumed), two operations313

occur in parallel: First, serializeSession() ensures that the current session314

state is serialized to the device storage every few seconds, as represented315

by variable x. Based on the need, the value of x can be made higher or316

lower. Higher value of x would result in more frequent writes to the storage,317

providing more reliability for future session resumptions at the expense of318

using higher computation and storage. Conversely, less frequent writes would319

be less reliable, but faster and resource conservative. Second, transmit()320

keeps data flow active between the connected devices.321

12

Algorithm 1: Intermittent Security HandlerData: Device ID dID. Protocol p, either DTLS or TLSData: Authentication Scheme auth, Encryption Scheme enData: Message Authentication Code macData: session variable holds encrypted session infoData: stored session holds deserialized session fetched from device storageData: first connect is true if this is the first time connecting

Result: The latest session is stored on the respective devices to be quicklyresumable

function initSession ()/* Creates a new session from specified configuration */session ← flex security vector(dID, {p, auth, en, mac})

endfunction resume ()

/* Pulls the stored session and uses it as new session */session ← stored session

endfunction serializeSession (x)

/* Store the session in storage of member devices */while true do

sleep (x)stored session ← session

endendfunction main ()

/* Decide and create or resume a session */if firstConnect or stored session.isNull then

initSession()else

resume()endserializeSession()transmit()

end

322

13

Figure 4: Illustration of Resource-aware Security handling with Protocol Selection [23]

5. Resource-aware Security323

The first step for security association and communication initiation is324

selection of the security protocols to be used. Our middleware supports dif-325

ferent kinds of protocols and allows switching between them. The possible326

choices all select one of the options in each category. The categories include:327

(i) Protocol, (ii) Authentication Scheme, (iii) Bulk Encryption Scheme, and328

(iv) Message Authentication Code (MAC) algorithm as shown in Figure 4.329

330

Protocol Selection: The Protocol selection allows a choice between {TLS,331

DTLS}. TLS (Transport Layer Security) and DTLS (Datagram Transport332

Layer Security) are both extremely secure protocols enforcing network en-333

cryption between participants. Both of these protocols ensure confidentiality334

and integrity of data. DTLS is a better choice for stream-based applica-335

tions, and can work over UDP (User Datagram Protocol). For use with TCP336

based applications, TLS is the preferred choice. The difference in perfor-337

mance and bandwidth requirements of TLS and DTLS can get noticeably338

high when adding the impact of the ideal authentication, encryption, and339

MAC schemes.340

14

Authentication Scheme Selection: Authentication Scheme can be either {PSK,341

Certificate}. Furthermore, each of these entities can be either {Ephemeral,342

Static}. Ephemeral PSKs or Certificates require full security handshake343

and key exchange before use. On the other hand, Static authentication344

elements do not require repeated key exchange, and hence can save a sig-345

nificant amount of time and bandwidth. In our middleware, if PSK is found346

to be an ideal candidate, the default setup goes for Static PSK. In fact,347

Static PSK can exist as a device property on the IoT devices, allowing many348

benefits such as: quick connection, resumption, low memory footprint, low349

bandwidth consumption, and low CPU usage. If the requirement is for even350

higher security, ephemeral PSK or Certificate can be generated using Key351

Exchange algorithms, such as RSA, or DH (Diffie-Hellman).352

353

Bulk Encryption Scheme Selection: Once authentication is chosen, the Bulk354

Encryption scheme is the next option. Encryption can be done using ei-355

ther Block Ciphers, or Stream Ciphers. Block Ciphers are useful for sending356

large chunk of data, and can consume a significant amount of bandwidth and357

memory if the payload is small. This is due to the padding added to each358

block of data being sent. For example, AES uses 128-bit (16-byte) padding359

by default. If the data being transmitted is 1024-bit in length, then the total360

packets sent would be d1024/128e = 8. But, if the data size is 130-bit, the361

number of packets sent would be d130/128e = 2. The second packet would362

have 126 empty reserved bits. Hence, for small payload applications (such363

as video streams) it is better to opt for Stream Cipher, which encrypts small364

chunks of data before sending. The most common Stream Cipher is RC4,365

but ChaCha20 is starting to take over as the next generation of much faster366

and more secure stream ciphers. All ciphers can be configured to various key367

sizes (if applicable), including 128-bit, 224-bit, 256-bit, and so on.368

369

Message Authentication Code Selection: Lastly, the chosen Message Authen-370

tication Code algorithm is used to generate a checksum, to ensure integrity371

of data being sent. The available options are MD5, SHA {1/2/3}, and a372

few lesser-used options. SHA2 or SHA3 should be used whenever possible,373

since MD5 and SHA1 have been found to be vulnerable to various checksum374

attacks [26, 27] and collision attacks [28]. Through permutation and combi-375

nation, the possible choices for the security scheme can be a large collection.376

Tables 1 shows a subset of candidate security schemes, and Table 2 provides377

a brief description for each of these schemes.378

15

Table 1: A subset of candidate security schemes for resource-aware security

Security Scheme Protocol Authentication Encryption MAC

DTLS PSK WITH CHACHA20 SHA256 DTLS Static PSK ChaCha20 SHA2(256)

DTLS DHE WITH NULL SHA384 DTLS Certificate - SHA2(384)

DTLS DHE PSK WITH 3DES EDE SHA DTLS PSK 3DES (EDE) SHA1

TLS PSK WITH AES 128 CBC SHA TLS Static PSK AES128(CBC) SHA1

TLS PSK WITH CHACHA20 POLY1305 TLS Static PSK ChaCha20 POLY1305

TLS ECDHE WITH AES 256 GCM SHA384 TLS Certificate AES256(GCM) SHA2(384)

Table 2: Key use-cases and description of schemes in Table 1 for resource-aware securitySecurity Scheme Description

DTLS PSK WITH CHACHA20 SHA256 Very fast, secure. Excellent for secure video streaming

DTLS DHE WITH NULL SHA384 Fast scheme, high security

DTLS DHE PSK WITH 3DES EDE SHA Fast, but risk of integrity loss due to SHA1

TLS PSK WITH AES 128 CBC SHA Fast, highly secure, suitable for moderately heavy data

TLS PSK WITH CHACHA20 POLY1305 Fast, highly secure, suitable for quick bulk data transfer

TLS ECDHE WITH AES 256 GCM SHA384 Very high security, suitable for confidential data on a reliable network

5.1. Solution Approach379

As discussed in the previous subsection, our middleware allows picking380

and choosing of security protocol components (e.g., bulk encryption, message381

authentication) as per the user’s requirements. However, when it comes to382

actually choosing the best scheme option for an application context, the deci-383

sion process is quite difficult. It can be even more onerous given the fact that384

not every user might be well versed with the various security components, or385

have a strong understanding of the differences between the various schemes,386

their advantages or disadvantages. Consequently, users need to be presented387

with relevant information of suitable options to choose the best scheme op-388

tion. To assist in this difficult decision process, the Optimal Scheme Decider389

solution of our middleware becomes relevant. We found ∼200 possible secu-390

rity scheme choices (that result from combinations of various protocol com-391

ponents) that the Optimal Scheme Decider needs to be analyze to find the392

optimal choice of security scheme for a given IoT-based application context.393

As part of the solution approach, we use supervised machine learning that is394

done in two phases: (i) Offline Phase, and (ii) Online Phase.395

16

5.1.1. Offline Phase396

The Offline Phase is a step used to narrow down the searchable space397

of security schemes by filtering our ∼200 scheme set database. Although398

the schemes can be quite varied, there exist many schemes that have close399

similarities in practical aspects. Moreover, it is possible to find alternative400

schemes to any chosen scheme when the requirements and priorities are ad-401

justed according to the needs of the application. Hence, it turns out, every402

permutation or combination of protocol components is not a necessary option403

for IoT-based application developers. In fact, as shown in Figure 5, we are404

able to group security schemes based on their protocol choices.405

Application Requirements

TLS DTLS

No Session Resumption Session Resumption No Session

Resumption

Group-A Group-B Group-C

Figure 5: Scheme Groups formed based on various protocol component configurations; thegroups can be used to categorize future clusters of security schemes to choose the optimalscheme

As a proof-of-concept, we implemented three groups {Group-A, Group-B,406

Group-C} that are significant. Group-A represents all configurations utilizing407

TLS as the base protocol, and using no session resumption. Group-B repre-408

sents all configurations under TLS, but with support for session resumption.409

Group-C comprises of all DTLS schemes with no session resumption. Session410

Resumption can be an optional configuration because there are trade-offs in411

having this feature. The resumption feature itself requires some periodic disk412

I/O to serialize active sessions. In addition, the serialized files are stored on413

17

the device, utilizing notable disk space. This process also ends up consuming414

notable energy. Thus, in cases of highly constrained IoT devices, not having415

session resumption enabled within the middleware may be beneficial.416

Since our server is considered to be Full Function Device (i.e., a device417

that is enterprise data center grade and is generally not limited in terms418

of resources and function capabilities), it can be safely assumed that client419

benchmarks are the bottleneck, and hence sufficient for forming clusters.420

Since the clusters are to choose the optimal security scheme targeted for the421

IoT-devices involved, we are able to discard the benchmark values for the422

server side without any negative impact on the Optimal Scheme Decider.423

Table 3: Parameters used for client benchmark analysis and their descriptions. Theseparameters are utilized in Offline and Online phasesParameter Label Client Parameter Description Desired Level for RFD

P1 CPU Usage The security scheme’s CPU usage Smaller value

P2 Bandwidth Usage The bandwidth of the security schemes network usage Smaller value

P3 Peak Bytes The peak memory consumption on device Smaller value

P4 Connection Time The elapsed time to successfully connect with server Smaller value

P5 TX The speed of transmitting data Higher value

P6 RX The speed of receiving data Higher value

Table 3 shows the parameters used for client benchmark analysis in our424

database. The desired level represents whether high value is optimal, or425

lower, when operating on a Reduced Function Device (i.e., a sensor device426

that is highly constrained in terms of available resources and functioning427

capabilities). These 6 metrics under the ‘Client Parameter’ column in Ta-428

ble 3 can next be used to form the cluster of devices. By calculating the429

mean values of each variable for each cluster, we can classify them into inter-430

mediate categories. For instance, if the mean value of the bandwidth for a431

specific cluster is larger than other clusters, we classify this cluster as “secu-432

rity configuration with high bandwidth need”. The formation of the cluster433

of devices is thus fuzzy in nature, but aligns well with our approach for the434

security scheme selection. To move forward, we need to perform a set of435

operations on the raw data to successfully filter the schemes into appropriate436

clusters under each group. Hence, the following steps are followed:437

1. Scale the raw data438

Note: The parameter labels {P1, P2, P3, P4, P5, P6} can be col-439

lectively referred to as members of set “P”. This step is needed to440

18

decrease the correlation between each metric, in addition to decreas-441

ing the influence of units, i.e., Normalization. Hence, we perform data442

scaling on our raw data using the scaling formula:443

444

x′ =xij − xmj

σj(1)

where445

x′ : scaled valuexij : observations or row vectors of jth parameter, where j ∈ Pxmj : mean value of jth parameter, where j ∈ Pσj : standard variance for jth parameter, where j ∈ P

446

2. Identify principal components and generate weighted formula for clus-447

tering448

Next step involves applying principal component analysis (PCA) to449

decide the number of clusters that may exist in each for the groups450

{Group-A, Group-B, Group-C}. The needed number of clusters is451

selected by a commonly-used statistic testing index viz., cumulative452

proportion of variance explained. Usually, when this index is around453

80%, that number of clusters is the appropriate one. After deciding454

how many clusters we need to separate at a broad level, we apply the455

k-means clustering to see what security combinations should be dis-456

tributed to which cluster. After receiving the k-means outcome, we457

pick the security combination which best represents the property of a458

specific cluster based on: (a) our knowledge of the properties of each459

cluster, and (b) the mean values from the PCA result and the security460

combinations that are contained in each cluster. The formula for each461

potential cluster can be as below:462

zi1 = φ11 · xi1 + φ12 · xi2 + · · ·+ φ1p · xip (2)

zi2 = φ21 · xi1 + φ22 · xi2 + · · ·+ φ2p · xip (3)463

· · ·

zip = φp1 · xi1 + φp2 · xi2 + · · ·+ φpp · xip (4)

19

where464

zip : final adjusted data in ith row and pth parameter (∈ P ) that makeeigen vectors perpendicular to each other

φ : eigen vectors that make covariance matrix have length 1xip : value of element

465

3. Calculate the weight value for data elements466

Once we have the principal component formula, we need to calculate467

the value of weight φ of every element. This is an optimization problem468

to calculate the weight φ:469

maximizeφ11,··· ,φp1

1

n

n∑i=1

(p∑j=1

φj1 · xij

)2

subject to

p∑j=1

φ2j1 = 1.

(5)

Figure 6 shows our results for principal components of Group-A. Every470

column is now categorized as per metric value similarity. For example,471

PC1 might have all schemes with maximum CPU consumption, PC2472

might represent all schemes with maximum network bandwidth, and so473

on. Similarly, principal component analysis is generated for Group-B474

and Group-C.475

PC1 PC2 PC3 PC4 PC5 PC60.41360938 0.100293698 0.092052776 0.09619145 0.12976439 -0.202704800.36011693 0.135860875 0.379974741 0.15717643 0.19895004 0.412284360.34665052 0.014556344 -0.483856615 -0.09589430 0.21425282 0.301677440.41213841 0.094629048 -0.008309101 0.04835103 0.05232809 -0.784725380.36602790 0.139084453 0.363904173 0.14463286 0.17486990 0.204244880.28722876 -0.012811214 -0.615630188 -0.17073142 0.15632095 0.10162907

Figure 6: Group-A principal component raw results

4. Identify number of clusters needed per group476

The number of clusters that need to be generated per group can next477

be calculated using proportion of variance explained (PVE). We apply478

20

the following on the dataset:479

p∑j=1

Var (Xj) =

p∑j=1

1

n

n∑i=1

x2ij (6)

The PVE result for each group is shown in Figures 7, 8, and 9. Ana-480

lyzing Group-A PVE in Figure 7 indicates that 89.1% (∼90%) of the481

schemes in this group can be taken into consideration if we use three482

clusters. Any higher cluster count would provide only trivial advan-483

tage. For Group-B, the PVE in Figure 8 suggests taking four clusters484

to encompass 90.4% (∼90%) of the schemes. Similarly, Group-C can485

benefit by housing four clusters, i.e., 90.6% (∼90%) of the schemes.486

Hence, we accept 3 clusters in Group-A, and 4 clusters each in Group-487

B and Group-C, as shown in Figure 10. We remark that Figure 10488

illustrates a proof-of-concept method to create various categories of se-489

curity schemes, and for an optimal scheme to flexibly customize as per490

an application’s needs. In the specific case of Figure 10, the cluster491

formation is based on our proof-of-concept implementation with wolf-492

SSL [29] for crypto and authentication functions with ∼200 security493

schemes. We choose wolfSSL owing to its lightweight SSL/TLS li-494

braries that are small, portable and standardized for development with495

embedded system devices. However, our security framework can work496

with other categories of security schemes based on any other choice of497

implementation stacks (e.g., OpenSSL) suitable to cater to any appli-498

cation needs.499

[A] 0.493 0.766 0.891 0.966 0.989 0.996 0.998 0.999 1.000 1.000 1.000

[B] 0.424 0.769 0.861 0.904 0.946 0.967 0.982 0.992 0.995 0.997 0.998 0.999 0.999 0.999 0.999 0.999

[C] 0.495 0.698 0.825 0.906 0.961 0.981 0.991 0.995 0.998 1.000 1.000

Figure 7: Group-A proportion of variance explained results. Forming 3 clusters is sufficientto include ∼90% of the schemes

[A] 0.493 0.766 0.891 0.966 0.989 0.996 0.998 0.999 1.000 1.000 1.000

[B] 0.424 0.769 0.861 0.904 0.946 0.967 0.982 0.992 0.995 0.997 0.998 0.999 0.999 0.999 0.999 0.999

[C] 0.495 0.698 0.825 0.906 0.961 0.981 0.991 0.995 0.998 1.000 1.000Figure 8: Group-B proportion of variance explained results. Forming 4 clusters is sufficientto include ∼90% of the schemes

21

[A] 0.493 0.766 0.891 0.966 0.989 0.996 0.998 0.999 1.000 1.000 1.000

[B] 0.424 0.769 0.861 0.904 0.946 0.967 0.982 0.992 0.995 0.997 0.998 0.999 0.999 0.999 0.999 0.999

[C] 0.495 0.698 0.825 0.906 0.961 0.981 0.991 0.995 0.998 1.000 1.000

Figure 9: Group-C proportion of variance explained results. Forming 3 clusters is sufficientto include ∼90% of the schemes

Application Requirements

TLS DTLS

No Session Resumption Session Resumption No Session

Resumption

Group-A Group-B Group-C

Cluster 1

Cluster 2

Cluster 3

Cluster 4

Cluster 5

Cluster 6

Cluster 8

Cluster 9

Cluster 10

Cluster 7 Cluster 11

Figure 10: Number of clusters per group, calculated using proportion of variance explainedin Step 4

5. Final clustering500

Once we have decided on number of clusters in each group, we can use501

k-means clustering by calculating Euclidean distance for each observa-502

tion. This can be done by applying the following:503

W (Ck) =1

|Ck|∑i,i′εCk

p∑j=1

(xij − xi′j)2 . (7)

where504

22

W (Ck) : within-cluster variation, square Euclidean distanceCk : the amount by which observations within a cluster differ from

each otherxij − xi′j : the distance between different observations, Euclidean

distance

505

We want to cluster together the observations with minimum distance506

between them. Hence, we find the minimum distance in Equation 7:507

minimizeC1,··· ,CK

{K∑k=1

W (Ck)

}. (8)

where508

Ck : set of observations in cluster k509

In essence, clustering allows us to reduce the overhead of relying on use510

of hundreds of redundant security schemes in our database, and instead finds511

the best alternative from a smaller scope containing equivalent schemes. We512

are able to choose the most optimal cluster in each group, hence allowing a513

small subset of schemes to be used by our middleware in an Online Phase514

(i.e., in real-time application use context).515

5.1.2. Online Phase516

For the online phase, the non-redundant schemes shortlisted in the offline517

phase can be accessed using a set of RESTful APIs by our middleware inte-518

gration on an IoT device, gateway, or a core cloud. Figure 11 shows a tabular519

listing of available APIs for use in our middleware. The Optimal Scheme De-520

cider acts as our decision making engine which finds the optimal security521

scheme for a given application use case and resource awareness. The metrics522

for resource awareness that we consider are: Type of Data, Estimated size of523

data transfer, Energy available to the device, Computation power available,524

Memory available, and Session Resumption requirement.525

The options chosen by the user are each internally mapped to a value526

in the range {1, 2, · · · , 10}. The mapping has been done by surveying many527

devices ranging from lower end of the spectrum in the metric to the higher528

end. For example, CPU frequency of over 750 MHz can be safely categorized529

as a Level-4 device, considering it is higher than most IoT devices. A full530

description of the acceptable parameter values can be viewed in Figure 12.531

23

Figure 11: A subset of the RESTful APIs available during Online Phase; Connecteddevices in the IoT system may invoke the API methods to collect required target deviceor parameter information

5.2. Logic Implementation532

Once the internal map has been generated as detailed above, the Optimal533

Scheme Decider algorithm shown in Algorithm 2 is invoked to filter good534

candidate schemes from the cluster chosen in the Offline Phase. We can see535

the various filters applied in the algorithm to narrow down to a single security536

scheme from the input metrics. We decided to choose Stream Cipher as the537

preferred option over Block Cipher for all multimedia applications, as well as538

for general applications with smaller payloads. For further filtering, we have539

tied DTLS protocol with STREAM ciphers, and TLS protocol with BLOCK540

ciphers. This is because utilizing TLS with STREAM ciphers or DTLS with541

BLOCK ciphers would essentially undo the benefits offered by the protocol542

or cipher.543

24

Figure 12: RESTful API Parameter Values. The acceptable JSON values are mappedinternally as noted in the Description column

In the algorithm, once the data type and size have been used to fil-544

ter according to protocol and cipher type, subsequent decisions are based545

on the device specifications. Priority is given to energy level of the device546

in question, since IoT-based applications are almost invariably limited by547

energy consumption or availability to securely handle data. Hence, a low548

energy availability and extremely-high security scheme will not be combined549

together. Three major threshold variables have been set up to make cer-550

tain decisions, mapped on a scale of {1-10}. The threshold value to decide551

whether the device has enough energy available to support complex schemes552

can be set using the variable iotEnergyThreshold. E.g., a threshold of Level-4553

implies any device with energy value below 4 is not to be handed a heavy se-554

curity scheme. Similarly, lowCompMemThreshold & medCompMemThresh-555

old are used to filter low or medium security requirements. The best scheme556

is picked based on the limiting value between available CPU and Memory.557

For instance, a Level-2 CPU in conjunction with Level-9 Memory will still558

be incapable of running high security schemes. The same would be true if559

the CPU and Memory levels are reversed. Finally, the result is the choice of560

scheme that gets used by the middleware to initiate a secure session.561

25

Algorithm 2: Optimal Security Scheme DeciderData: Data to be transmitted, dataData: Protocol to be used for transmission, protocolData: Cipher to be used for encryption, macData: Energy Level classification of the device, energyLevelData: CPU level classification of the device, cpuLevelData: Memory level classification of the device, memLevelData: On a scale of 1-10, threshold used to decide low energy availability,

iotEnergyThresholdData: On a scale of 1-10, threshold used to decide low memory/computation

availability, lowCompMemThresholdData: On a scale of 1-10, threshold used to decide medium memory/computation

availability, medCompMemThreshold

Result: The best security scheme is chosen

/* data.PACKET SIZE in bits */if data.TYPE = MULTIMEDIA or data.PACKET SIZE < 128 then

protocol ← DTLScipher.TYPE ← STREAM

elseprotocol ← TLScipher.TYPE ← BLOCK

end

if energyLevel < iotEnergyThreshold thenEliminate heavy encryption schemes

end

if min (cpuLevel,memLevel) < lowCompMemThreshold thenChoose low-level security scheme

else if min (cpuLevel,memLevel) < medCompMemThreshold thenChoose medium-level security scheme

elseChoose high-level security scheme

end

26

6. Performance Evaluation562

In this section, we compare the performance of various schemes accessible563

on our middleware to randomly selected schemes. This allows us to check564

the difference in impact caused by a better selection. Since the middleware565

has multiple submodules capable of working independently, we perform our566

middleware evaluation using two sets of experiments: (i) Validation of Inter-567

mittent Security, and (ii) Validation of Resource-aware Security.568

6.1. Intermittent Security Validation Results569

Our first set of experiments aim to check the impact of utilizing the570

middleware to switch from ephemeral, high security protocol schemes to using571

static properties such as PSK for secure session. For this, we use a prototype572

implementation of our middleware based on wolfSSL [29] within a GENI [30]573

Cloud testbed as shown in Figure 13. Live video stream is supported using574

OpenCV [31]. The application itself is built completely using C/C++, using575

GCC compiler. Our implementation consists of a client and server prototype.576

The server is hosted on core cloud and gateway, and listens for client requests577

from gateway and IoT nodes. The client side of the system provides an578

interactive interface where one can choose from five different levels of security.579

The image representing the server side shows the server when DTLS-PSK580

cipher scheme is being used. In general case, we choose and recommend the581

static PSK scheme.582

The first step for security association and communication initiation is583

selection of the security protocols to be used. Our middleware supports584

different kinds of protocols and allows switching between them. The possible585

choices all select one of the options in each category. The categories include586

Protocol, Authentication Scheme, Bulk Encryption Scheme, and Message587

Authentication Code (MAC) algorithm. Our experiments account for: (i)588

Memory Footprint, including number of memory allocations and total size589

of allocation, and (ii) Time taken for security association, for initial session590

establishment and session resumption scenario.591

Figure 14(a) gives the graph generated by comparing different cipher592

schemes. The schemes we compared are Datagram TLS (DTLS), and TLS.593

The schemes were evaluated using Pre-shared Keys (PSKs) and certificates.594

Likewise, Figure 14(b) shows how much memory allocation size it takes to595

have the connection established. DTLS-PSK comes out to be low, by order596

of millions. We can see that certificate generation takes more size. Hence,597

27

Figure 13: Testbed setup over the GENI Cloud Infrastructure

choosing PSK for the resumption can be quite an excellent choice. Even598

better results are obtained using Static PSK, if high security is not critical599

to the use case.600

Figure 15 shows results for the connection and resumption time for the601

four different schemes we compared in our experiments with our prototype602

middleware. Even though using DTLS-certificate gives consistently low time603

spent, we see that DTLS-PSK is the fastest scheme. DTLS can offer speed-604

up of over a few hundred times, regardless of cases where there is a fresh605

handshake or resumed session. Hence, our results show how useful Intermit-606

tent security in IoT systems can be, all the while without compromising the607

security, by allowing flexibility in configuration.608

6.2. Resource-aware Security Validation Results609

In our first set of experiments describe above, we established the useful-610

ness of utilizing Session Resumption, as well as having the option to choose611

from a few different security schemes. In our second set of experiments, we612

aim to expand on our results and investigate our middleware’s ability to613

form clusters from almost 200 security schemes. To test the offline phase614

detailed in Section 5.1.1, we check validity of: (i) the clusters formed using615

our method, (ii) the optimal cluster chosen, and (iii) whether limiting scope616

is a safe and accurate way of choosing the optimal scheme.617

28

(a) Number of memory allocations (b) Memory allocated (in bytes)

Figure 14: Memory footprint for different encryption schemes. Our chosen scheme utilizingDTLS-PSK shows the most promising result in terms of memory consumption

Figure 15: Time for connection vs. resumption for different encryption schemes. Ourchosen scheme DTLS-PSK has very fast connection, and the fastest reconnection, due toSession Resumption support

In the offline phase, we attempted forming clusters to narrow down the618

choices to a few viable ones. Following the logic and analysis described in619

Section 3, the optimal clusters were formed. For our statistical threshold, the620

within-cluster sum of squares ratio of at least 60% proves that the cluster621

formed is valid and successful. Figures 16, 17, and 18 show the within-622

cluster sum of square ratio for the optimum cluster chosen in Group-A, B623

and C, respectively. As can be observed, the ratios 61.1%, 69.4%, and 62.1%624

are generated, and hence, the clusters are successful. This increases the625

certainty of optimal schemes being made available to be sifted through in626

the online phase. The schemes in the chosen cluster for Group-A are shown627

in Figure 19. Similarly, Group-B and Group-C have their own schemes for628

their corresponding chosen cluster.629

29

Clustering vector:2 4 6 8 10 12 14 16 18 20 22 24 26 28 30 32 34 36 38 40 42 44 46 48 50 52 54 56 58 60 62 64 661 1 1 3 1 1 1 3 1 1 1 3 3 1 3 3 2 2 2 1 1 1 3 3 2 2 2 3 3 1 1 1 1

Within cluster sum of squares by cluster:

(between_SS / total_SS = 61.1 %)[A] 71.84645 17.85738 47.12641

Figure 16: Within-cluster sum of squares for Group-A. Value of 61.1%(>60%) showssuccessful clustering

Clustering vector:1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 652 2 2 4 2 2 2 4 2 2 2 4 4 4 3 3 1 1 1 2 2 2 4 4 1 1 1 4 4 4 2 2 2

Within cluster sum of squares by cluster:

(between_SS / total_SS = 69.4 %)[B] 42.004220 56.013587 4.281206 54.327632

Figure 17: Within-cluster sum of squares for Group-B. Value of 69.4%(>60%) showssuccessful clustering

Clustering vector:67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 992 2 2 4 2 2 2 4 2 2 2 4 4 3 3 3 1 1 1 2 2 2 3 3 1 1 1 4 4 4 2 2 2

Within cluster sum of squares by cluster:

(between_SS / total_SS = 62.1 %)[C] 20.94528 46.51529 44.52632 21.46218

Figure 18: Within-cluster sum of squares for Group-C. Value of 62.1%(>60%) showssuccessful clustering

Figures 20, 21, and 22 show the selection of best cluster in each category,630

as chosen by the Optimal Scheme Decider’s offline phase. We can see the631

clusters in each group that are formed after normalization of the computation632

index. The computation index is a compilation of the benchmark metrics633

used for clustering and decision making. Each of the chosen clusters have634

their advantages and disadvantages, which can be filtered in the online phase635

by the Optimal Scheme Decider.636

To verify that clustering and choosing a narrow scope is still able to637

provide us an optimal scheme, a visual representation through Dendrogram638

can be used. The dendrogram portrays the relationship between various639

schemes in a group. As can be observed in Figure 23, multiple schemes in640

30

# Security Scheme Cluster #2 TLS-DHE-RSA-AES128CBC-SHA 38 TLS-PSK-AES128CBC-SHA 310 TLS-DHE-RSA-AES256CBC-SHA 316 TLS-PSK-AES256CBC-SHA 318 TLS-DHE-RSA-AES128CBC-SHA256 324 TLS-PSK-AES128CBC-SHA256 326 TLS-DHE-PSK-AES128CBC-SHA256 340 TLS-DHE-RSA-AES256GCM-SHA256 346 TLS-PSK-AES256GCM-SHA384 348 TLS-DHE-PSK-AES256GCM-SHA384 3

Figure 19: Chosen cluster’s security schemes categorized in Group-A

each group have siblings at the same level. This implies extreme similarities641

in the sibling schemes, and an absence of considerable performance benefit.642

This redundancy can be easily handled by randomly picking one of the leaves643

in the dendrogram and discarding the other scheme.644

Cluster 3 is chosen, due to collectively lowest bandwidth usage, lowest CPU usage, fastest connection speed, and data exchange speed

Figure 20: Chosen cluster in Group-A, by the Optimal Scheme Decider

Finally, the online phase requires collecting software requirements for the645

IoT-based application to be utilized. The current requirement collection646

can be done by making an API call to /api/gateway/:device_id service647

endpoint. The application user may send the required information using a648

parameter list to the gateway. The response from these queries help form the649

metrics that are later used by the Optimal Scheme Decider. In our related set650

31

Cluster 4 is chosen, due to collectively lowest bandwidth usage, lowest CPU usage, fastest connection speed, and data exchange speed

Figure 21: Chosen cluster in Group-B, by the Optimal Scheme Decider

of experiments, we tested the Optimal Scheme Decider by using random val-651

ues as input requirements to check the scheme chosen by our middleware. As652

expected, for a low-security and low-resource multimedia application, PSK-653

CHACHA20 combination was found to be the optimal choice. To analyze the654

trade-off characteristics for various use-cases of IoT-based applications, we655

utilize radar diagrams for visual representation of the results. For instance,656

as shown in Figure 24(a), PSK-CHACHA20 scheme demands substantial657

memory resources, and exhibits fast re/connection speed but at the expense658

of a lower level of security.659

Similarly, results were analyzed to highlight a contrasting case. The new660

requirement priority being high security on a low-resource multimedia ap-661

plication, Epehemeral (DHE) PSK-CHACHA20 combination was found to662

be the optimal choice. A radar diagram in Figure 24(b) shows the security663

mapping of the same. In this case, security was found to be the most impor-664

tant criteria, even if at the expense of re/connection speed. Hence, public665

key cryptography scheme was chosen for key exchange, along with a highly666

reliable integrity check MAC algorithm (POLY1305).667

In many other experiment results, we observed the radar diagram to668

visualize the trade-offs and analyze when session resumption is useful, and669

when it is not. For instance, Figure 25(a) shows the specifications for a670

chosen scheme for an application requiring high reconnection speed through671

32

Cluster 11 is chosen, due to collectively lowest bandwidth usage, lowest CPU usage, fastest connection speed, and data exchange speed

Figure 22: Chosen cluster in Group-C, by the Optimal Scheme Decider

session resumption, having lower memory and security requirements. This672

application appears to be a good candidate for ‘austere-edge‘ (constrained673

network-edge with limited resource availability) IoT-based application use-674

cases. Contrasting this application to a ‘smart edge’ (unconstrained network-675

edge with enterprise data center resource availability), Figure 25(b) shows676

the corresponding application’s chosen scheme trade-off specifications. We677

can observe that a very high level of security can be obtained at expense of678

faster reconnection.679

Similarly, for another austere-edge IoT-based application, chosen scheme’s680

specifications are visualized in Figure 26(a). Very high reconnection speed681

appears to be a requirement, hence speed is preferred over security. And682

finally, for a similar application without session resumption support, the683

chosen scheme specifications can be visualized in Figure 26(b). This applica-684

tion represents another ‘smart-edge‘ IoT-based application, as an all-rounded685

security scheme is needed, with a higher priority for security and initial con-686

nection speed.687

33

Heigh

t

Lower value of height difference implies similarity between different schemes

These schemes are very similar. Hence, if decider traverses to this branch, we can safely ignore the other schemes for further analysis

Figure 23: Group-A Dendrogram depicting reasoning for safely narrowing scope of searchof optimal scheme in Offline Phase

Transfer Speed

Secure

Memory

Connection SpeedReconnection Speed

(a) Scheme DTLS-PSK-CHACHA20-

POLY1305

Transfer Speed

Secure

Memory

Connection SpeedReconnection Speed

(b) Scheme DTLS-DHE-PSK-CHACHA20-

POLY1305

Figure 24: Radar representation of chosen schemes in two contrasting IoT applications

34

Transfer Speed

Secure

Memory

Connection SpeedReconnection Speed

(a) Scheme TLS-DHE-PSK-AES256-GCM-

SHA384 w/ Session Resumption

Secure

Memory

Connection SpeedReconnection Speed

Transfer Speed

(b) Scheme TLS-DHE-PSK-AES256-GCM-

SHA384 w/o Session Resumption

Figure 25: Radar representation of two very similar schemes, chosen for ‘Austere-Edge’and ‘Smart-Edge’ respectively. Presence/Absence of resumption support allows differentuse-cases

Secure

Memory

Connection SpeedReconnection Speed

Transfer Speed

(a) Scheme TLS-PSK-AES256-CBC-SHA

w/ Session Resumption

Secure

Memory

Connection SpeedReconnection Speed

Transfer Speed

(b) Scheme TLS-PSK-AES256-CBC-SHA w/o

Session Resumption

Figure 26: Radar representation of two more schemes, chosen for ‘Austere-Edge’ and‘Smart-Edge’ respectively. In certain cases, lack of resumption might prove more useful,as shown in (b)

35

7. Conclusion688

In this paper, we developed a flexible IoT security middleware that can be689

used in end-to-end cloud-fog communications involving smart devices at the690

network-edge and a cloud-hosted application. The end-to-end feature is pos-691

sible due to the middleware’s task of translating protocols between two dif-692

ferent network segments (i.e., cloud-to-gateway and gateway-to-edge), hence693

resulting in full security without being limited by protocol compatibility be-694

tween the networks. Our middleware features two major modules, the first of695

which is the ‘Intermittent Security’ module that offers quick re-connections696

to aid in situations of unreliable network conditions within cloud-fog commu-697

nication platforms. The second module handles ‘Flexibile Security’, which698

provides flexibility in choosing an optimal security scheme that is suitable for699

securing an IoT-based application depending upon user’s requirements and700

edge-resource constraints.701

Our results from testbed experiments with a prototype implementation702

of our middleware validate its benefits. We showed that whenever feasible703

and acceptable, the use of static properties such as Static PSK can notably704

speed-up secure communications. Static PSKs in prior literature have not re-705

ceived much attention. However, our work demonstrated that they could be706

a valuable tool for low-resource, moderate-security applications within IoT707

systems in both ‘austere’ and ‘smart’ network-edges, even for unreliable net-708

works with frequent disconnections. Our investigations have also shown that709

it is possible to find equivalence amongst various kinds of security schemes710

available, and there is potential to have real-time advice to select the opti-711

mal scheme for a given set of constraints in an IoT application. Towards this712

end, we have developed an optimal scheme decider which is capable of using713

a security scheme database to find and use the optimal security scheme for a714

given set of constraints. This has been done by using a new set of RESTful715

APIs that we created, which allows our middleware to collect information716

about data and devices involved in the network. We also used supervised717

machine learning to narrow down on subsets of appropriate security schemes718

by considering different trade-offs involved in IoT-applications.719

Future work can involve extending our middleware with a transient repu-720

tation scheme that can collect and use short-term knowledge about the con-721

necting devices to build a short-lived reputation. This would alleviate the722

need to maintain trust states in the network-edge amongst the IoT devices.723

36

Acknowledgement724

This material is based upon work supported by the National Science725

Foundation under Award Number: CNS-1647182. Any opinions, findings,726

and conclusions or recommendations expressed in this publication are those727

of the author(s) and do not necessarily reflect the views of the National728

Science Foundation.729

References730

[1] IoT Trends - Tech Insider, 2016. http://www.businessinsider.com/731

top-internet-of-things-trends-2016-1.732

[2] J. Gillis, P. Calyam, O. Apperson, S. Ahmad, “Panacea’s Cloud:733

Augmented reality for mass casualty disaster incident triage and co-734

ordination”, IEEE Annual Consumer Communications & Networking735

Conference (CCNC) (2016).736

[3] J. Gillis, P. Calyam, A. Bartels, M. Popescu, S. Barnes, J. Doty, D. Hig-737

bee, S. Ahmad, “Panacea’s Glass: Mobile Cloud Framework for Com-738

munication in Mass Casualty Disaster Triage”, IEEE International Con-739

ference on Mobile Cloud Computing, Services, and Engineering (2015).740

[4] J. Burchard, D. Chemodanov, J. Gillis, P. Calyam, “Wireless Mesh741

networking Protocol for sustained throughput in Edge Computing”, In-742

ternational Conference on Computing, Networking and Communications743

(ICNC) (2017).744

[5] M. Rantz, M. Skubic, C. Abbott, C. Galambos, M. Popescu, J. Keller,745

E. Stone, J. Back, S. J. Miller, G. F. Petroski, “Automated in-home fall746

risk assessment and detection sensor system for elders”, The Gerontol-747

ogist 55 (2015) S78–S87.748

[6] P. Calyam, A. Mishra, R. Bazan Antequera, D. Chemodanov, A. Berry-749

man, K. Zhu, C. Abbott, M. Skubic, “Synchronous Big Data Analytics750

for Personalized and Remote Physical Therapy”, Elsevier Pervasive and751

Mobile Computing (2015).752

[7] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, “Internet of Things753

(IoT): A vision, architectural elements, and future directions”, Future754

generation computer systems 29 (2013) 1645–1660.755

37

[8] M. Ali, N. Ono, M. Kaysar, Z. Shamszaman, T. Pham, F. Gao, K.756

Griffin, A. Mileo, “Real-time data analytics and event detection for IoT-757

enabled communication systems”, Web Semantics: Science, Services and758

Agents on the World Wide Web 42 (2017) 19–37.759

[9] C. Perera, A. Zaslavsky, P. Christen, D. Georgakopoulos, “Sensing as a760

service model for smart cities supported by internet of things”, Trans-761

actions on Emerging Telecommunications Technologies 25 (2014) 81–93.762

[10] S. Sicari, A. Rizzardi, L. Grieco, A. Coen-Porisini, “Security, privacy763

and trust in Internet of Things: The road ahead”, Computer Networks764

76 (2015) 146–164.765

[11] R. Bonetto, N. Bui, V. Lakkundi, A. Olivereau, A. Serbanati, M. Rossi,766

“Secure Communication for Smart IoT Objects: Protocol Stacks, Use767

Cases and Practical Examples”, IEEE World of Wireless, Mobile and768

Multimedia Networks (WoWMoM) (2012).769

[12] X. S. Huber Flores, V. Kostakos, A. Y. Ding, P. Nurmi, S. Tarkoma,770

P. Hui, Y. Li, “Large-scale Offloading in the Internet of Things”, in:771

International Conference on Pervasive Computing and Communications772

Workshops, PerCom WS.773

[13] H. Khemissa, D. Tandjaoui, “A novel lightweight authentication scheme774

for heterogeneous wireless sensor networks in the context of Internet775

of Things”, in: Wireless Telecommunications Symposium, WTS 2016,776

London, United Kingdom, April 18-20, 2016, pp. 1–6.777

[14] M. Turkanovi, B. Brumen, M. Hlbl, “A novel user authentication and778

key agreement scheme for heterogeneous ad hoc wireless sensor networks,779

based on the Internet of Things notion”, Ad Hoc Networks 20 (2014)780

96 – 112.781

[15] Md. A. Iqbal, M. Bayoumi, “Secure End-to-End Key Establishment782

Protocol for Resource-Constrained Healthcare Sensors in the Context of783

IoT”, International Conference on High Performance Computing and784

Simulation (HPCS) (2016).785

[16] C. Stergiou, K. E. Psannis, B. G. Kim, B. Gupta, “Secure integration786

of IoT and Cloud Computing”, Future Generation Computer Systems787

(2016).788

38

[17] S. R. Moosavi, T. N. Gia, E. Nigussie, A. M. Rahmani, S. Virtanen,789

H. Tenhunen, J. Isoaho, “Session Resumption-Based End-to-End Secu-790

rity for Healthcare Internet-of-Things”, IEEE International Conference791

on Computer and Information Technology (2015) 581–588.792

[18] S. R. Moosavi, T. N. Gia, E. Nigussie, A. M. Rahmani, S. Virtanen, H.793

Tenhunen, J. Isoaho, “End-to-end security scheme for mobility enabled794

healthcare Internet of Things”, Future Generation Computer Systems795

64 (2016) 108 – 124.796

[19] R. Hummen, H. Wirtz, J. H. Ziegeldorf, J. Hiller, K. Wehrle, “Tailoring797

End-to-End IP Security Protocols to the Internet of Things”, 21st IEEE798

International Conference on Network Protocols (ICNP) (2013).799

[20] C. Huth, J. Zibuschka, P. Duplys, T. Guneysu, “Securing Systems on800

the Internet of Things via Physical Properties of Devices and Communi-801

cations”, Systems Conference (SysCon), 9th Annual IEEE International802

(2015).803

[21] R. Amin, G. P. Biswas, “A secure light weight scheme for user au-804

thentication and key agreement in multi-gateway based wireless sensor805

networks”, Ad Hoc Networks 36, Part 1 (2016) 58 – 80.806

[22] G. Piro, G. Boggia, L. A. Grieco, “A standard compliant security frame-807

work for IEEE 802.15.4 networks”, IEEE World Forum on Internet of808

Things (WF-IoT) (2014).809

[23] B. Mukherjee, R. Neupane, P. Calyam, “End-to-End IoT Security Mid-810

dleware for Cloud-Fog Communication”, IEEE Cyber Security and811

Cloud Computing (CSCloud) (2017).812

[24] P. Syverson, “A Taxonomy of Replay Attacks [cryptographic proto-813

cols]”, Computer Security Foundations Workshop VII. (1994).814

[25] F. C. Kuo, H. Tschofenig, F. Meyer, X. Fu, “Comparison Studies be-815

tween Pre-Shared and Public Key Exchange Mechanisms for Transport816

Layer Security”, IEEE International Conference on Computer Commu-817

nications. Proceedings (INFOCOM) (2006).818

39

[26] J. A. Dev, “Usage of Botnets for High Speed MD5 Hash Cracking”, In-819

ternational Conference on Innovative Computing Technology (INTECH)820

(2013).821

[27] D. Lee, “Hash Function Vulnerability Index and Hash Chain Attacks”,822

IEEE Workshop on Secure Network Protocols, NPSec (2007).823

[28] M. Stevens, E. Bursztein, P. Karpman, A. Albertini, Y. Markov, “The824

first collision for full SHA-1”, Accessed June 2017. https://shattered.825

io/static/shattered.pdf.826

[29] wolfSSL SSL library, Accessed June 2017. https://www.wolfssl.com/827

wolfSSL/Home.html.828

[30] NSF-supported GENI Cloud Infrastructure, Accessed June 2017. https:829

//www.geni.net.830

[31] OpenCV library, Accessed June 2017. http://opencv.org.831

Bidyut Mukherjee received his MS degree in ComputerScience from University of Missouri-Columbia in 2017, andBE degree in Computer Technology from RTM Nagpur Uni-versity, India in 2015. His current research interests in-clude: Cloud Computing, Computer Networking, Internetof Things, and Cyber Security. He is a student member of

IEEE.

Songjie Wang is currently a graduate student pursuing MSdegree in the Department of Computer Science at the Uni-versity of Missouri-Columbia. His current research interestsinclude: Cloud Computing, Internet of Things and Data Sci-ence.

40

Wenyi Lu received her MS degree in Statistics from Uni-versity of Missouri-Columbia in 2015. Currently, she is aPhD student in the Department of Computer Science at MU.Her current research interests include: Serious-game Designand Development, Deep-Learning analytics and Data Min-ing technologies.

Roshan Lal Neupane received his BE degree in ComputerScience and Engineering from Visvesvaraya TechnologicalUniversity, Karnataka, India. He is currently a graduatestudent at University of Missouri-Columbia, pursuing MS inComputer Science. Cloud Computing, Computer Network-ing, Internet of Things, and Cyber Security. He is a studentmember of IEEE.

Daniel Dunn received his BS degree in Computer Sciencefrom the University of Missouri-Columbia in 2017. He re-mains a student there with the expectation to receive hisMS degree in Computer Science in 2018 as a student in the5-year BS/MS Computer Science Fast Track Program. He

is a member and the Vice President of Upsilon Pi Epsilon Computer ScienceHonors Society. His current research focus is in Cyber Security.

Yijie Ren is now earning her MS degree in Computer Sci-ence at University of Missouri-Columbia. She also receivedher BS Degree in Computer Science at MU, and BE Degreein Software Engineering at Taiyuan University in China. Herresearch interests include: Big Data Analytics and Cloud

Computing.

41

Qi Su received her bachelor’s degree in Communicationsfrom University of Missouri-Columbia in 2014. She is cur-rently a MS student in the Department of Computer Scienceat MU. Her current research interests include: Cloud Com-puting and Bioinformatics.

Prasad Calyam received his MS and PhD degrees fromthe Department of Electrical and Computer Engineering atThe Ohio State University in 2002 and 2007, respectively.He is currently an Assistant Professor in the Department ofComputer Science at University of Missouri-Columbia. Pre-viously, he was a Research Director at the Ohio Supercom-

puter Center. His research interests include: Distributed and Cloud comput-ing, Computer Networking, and Cyber Security. He is a Senior Member ofIEEE.

42