This is a repository for an open-source project of SST (Secure Swarm Toolkit) and the local authentication and authorization entity, Auth, for security of the Internet of Things (IoT). Auth is a local point of authorization, whose main roles are 1) providing authentication/authorization for its locally registered entities or devices, and 2) working as a bridge of authorization between its local entities and the Internet.
Our conference papers [IoTDI '17], [FiCloud '16] describe a secure network architecture with key distribution mechanisms using Auth (local, automated authorization entity). The architecture provides security guarantees while addressing IoT-related issues including resource constraints and intermittent connectivity. The architectural concept of locally centralized, globally distributed authentication and authorization is illustrated in our journal article [IT Professional '17']. Our recent journal article [ACM TIOT '20] presents a secure migration technique as a recovery mechanism from Denial-of-Service (DoS) attacks or failures.
This repository includes 1) an open-source Java implementation of Auth and 2) sample codes for local entities to use Auth (authentication/authorization) services provided by Auth in various programming languages for different platforms.
- OpenSSL command line tools for creating certificates and keystores of Auths and example entities
- Java 11 or above
- IntelliJ IDEA for managing Java project of Auth
- Maven CLI (command line interface) for building Auth from command line
- Node.js for running example server and client entities
- android: Directory for SST's Auth and entities for Android platform (currently under development)
- auth: Directory for the Java implementation of Auth (local authentication/authorization entity), IntelliJ IDEA project
- entity: Directory for SST's C and JavaScript APIs and example IoT entities using SST to be authenticated/authorized by Auth. This direcotry also includes a sub-directory for Secure Communication Accessors as software building blocks for writing IoT applications.
- examples: Directory for scripts and descriptions to run example Auths and entities.
See "How to run examples" in README.md under examples/ for a fully working example.
- Hokeun Kim (Assistant Professor at Hanyang University IoT Lab)
- Salomon Lee (Software Architect @ AlcaCruz Inc.)
- Eunsuk Kang
- Marten Lohstroh
- Dongha Kim (M.S./Ph.D. Student at Hanyang University IoT Lab)
- Yeongbin Jo (M.S. Student at Hanyang University IoT Lab)
- Taekyung Kim (M.S. Student at Hanyang University IoT Lab)
- Hanyang University IoT Lab
- bluecove-2.1.2.jar: For bluetooth APIs, exists under auth/library/jars
This project is still in its infancy and currently intended for academic and research purposes, although the ultimate goal of this project is to build a secure and robust network architecture for the Internet of Things. Therefore, users must use the provided source codes with caution at their own risk, when the tools provided in this project are used for commercial or safety-critical purposes.
This work was supported in part by the TerraSwarm Research Center, one of six centers supported by the STARnet phase of the Focus Center Research Program (FCRP) a Semiconductor Research Corporation program sponsored by MARCO and DARPA.
Last updated on September 26, 2022