Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Designing a Secure IoT System Architecture from a Virtual Premise for a Collaborative AI Lab
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.ORCID iD: 0000-0002-0128-4127
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.ORCID iD: 0000-0001-8453-447X
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.ORCID iD: 0000-0003-4814-4428
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

IoT systems are increasingly composed out of flexible, programmable, virtualised, and arbitrarily chained IoT elements and services using portable code. Moreover, they might be sliced, i.e. allowing multiple logical IoT systems (network + application) to run on top of a shared physical network and compute infrastructure. However, implementing and designing particularly security mechanisms for such IoT systems is challenging since a) promising technologies are still maturing, and b) the relationships among the many requirements, technologies and components are difficult to model a-priori.

The aim of the paper is to define design cues for the security architecture and mechanisms of future, virtualised, arbitrarily chained, and eventually sliced IoT systems. Hereby, our focus is laid on the authorisation and authentication of user, host, and code integrity in these virtualised systems. The design cues are derived from the design and implementation of a secure virtual environment for distributed and collaborative AI system engineering using so called AI pipelines. The pipelines apply chained virtual elements and services and facilitate the slicing of the system. The virtual environment is denoted for short as the virtual premise (VP). The use-case of the VP for AI design provides insight into the complex interactions in the architecture, leading us to believe that the VP concept can be generalised to the IoT systems mentioned above. In addition, the use-case permits to derive, implement, and test solutions. This paper describes the flexible architecture of the VP and the design and implementation of access and execution control in virtual and containerised environments. 

Place, publisher, year, edition, pages
2019.
Keywords [en]
IoT, AI, Security, Authentication, Collaboration
National Category
Telecommunications
Identifiers
URN: urn:nbn:se:bth-17550DOI: 10.14722/diss.2019.23006ISBN: 1-891562-56-8 (print)OAI: oai:DiVA.org:bth-17550DiVA, id: diva2:1284028
Conference
Workshop on Decentralized IoT Systems and Security (DISS) 24 February 2019, San Diego, CA,
Funder
EU, Horizon 2020, 732204Available from: 2019-01-30 Created: 2019-01-30 Last updated: 2019-08-09Bibliographically approved
In thesis
1. Towards Secure Collaborative AI Service Chains
Open this publication in new window or tab >>Towards Secure Collaborative AI Service Chains
2019 (English)Licentiate thesis, comprehensive summary (Other academic)
Abstract [en]

At present, Artificial Intelligence (AI) systems have been adopted in many different domains such as healthcare, robotics, automotive, telecommunication systems, security, and finance for integrating intelligence in their services and applications. The intelligent personal assistant such as Siri and Alexa are examples of AI systems making an impact on our daily lives. Since many AI systems are data-driven systems, they require large volumes of data for training and validation, advanced algorithms, computing power and storage in their development process. Collaboration in the AI development process (AI engineering process) will reduce cost and time for the AI applications in the market. However, collaboration introduces the concern of privacy and piracy of intellectual properties, which can be caused by the actors who collaborate in the engineering process.  This work investigates the non-functional requirements, such as privacy and security, for enabling collaboration in AI service chains. It proposes an architectural design approach for collaborative AI engineering and explores the concept of the pipeline (service chain) for chaining AI functions. In order to enable controlled collaboration between AI artefacts in a pipeline, this work makes use of virtualisation technology to define and implement Virtual Premises (VPs), which act as protection wrappers for AI pipelines. A VP is a virtual policy enforcement point for a pipeline and requires access permission and authenticity for each element in a pipeline before the pipeline can be used.  Furthermore, the proposed architecture is evaluated in use-case approach that enables quick detection of design flaw during the initial stage of implementation. To evaluate the security level and compliance with security requirements, threat modeling was used to identify potential threats and vulnerabilities of the system and analyses their possible effects. The output of threat modeling was used to define countermeasure to threats related to unauthorised access and execution of AI artefacts.

Place, publisher, year, edition, pages
Karlskrona: Blekinge Tekniska Högskola, 2019. p. 146
Series
Blekinge Institute of Technology Licentiate Dissertation Series, ISSN 1650-2140 ; 11
National Category
Telecommunications
Identifiers
urn:nbn:se:bth-18531 (URN)978-91-7295-381-9 (ISBN)
Presentation
2019-09-10, Karlskrona, 00:00 (English)
Opponent
Supervisors
Available from: 2019-08-09 Created: 2019-08-09 Last updated: 2019-08-09Bibliographically approved

Open Access in DiVA

fulltext(707 kB)12 downloads
File information
File name FULLTEXT02.pdfFile size 707 kBChecksum SHA-512
2c8aada7c09e78a2c207c7486d60e359130c0ff0d2e8e056ec049fb873787790d972e1ea93009e96b60a5897309a0ffaa5f0ce60bd7964c72c1681800727b81c
Type fulltextMimetype application/pdf

Other links

Publisher's full text

Search in DiVA

By author/editor
Mehri, Vida. A.Ilie, DragosTutschku, Kurt
By organisation
Department of Computer Science and Engineering
Telecommunications

Search outside of DiVA

GoogleGoogle Scholar
Total: 82 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
isbn
urn-nbn

Altmetric score

doi
isbn
urn-nbn
Total: 1821 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf