An Architectural Mechanism for Resilient IoT Services

Abstract

Availability of authentication and authorization services is critical for the safety of the Internet of Things (IoT). By leveraging an emerging network architecture based on edge computers, IoT’s availability can be protected even under situations such as network failures or denial-of-service (DoS) attacks. However, little has been explored for the issue of sustaining availability even when edge computers fail. In this paper, we propose an architectural mechanism for enhancing the availability of the authorization infrastructure for the IoT. The proposed approach leverages a technique called secure migration, which allows IoT devices to migrate to other local authorization entities served in trusted edge computers when their authorization entity becomes unavailable. Specifically, we point out necessary considerations for planning secure migration and present automated migration policy construction and protocols for preparing and executing the migration. The effectiveness of our approach is illustrated using a concrete application of smart buildings and network simulation, where our proposed solution achieves significantly higher availability in case of failures in some of the authorization entities.