Díaz-Sánchez Daniel, Marín-Lopez Andrés, Almenárez Mendoza Florina, Arias Cabarcos Patricia
University Carlos III de Madrid, 28911 Leganés, Spain.
University of Mannheim, 68161 Mannheim, Germany.
Sensors (Basel). 2019 Jul 26;19(15):3292. doi: 10.3390/s19153292.
IoT devices provide real-time data to a rich ecosystem of services and applications. The volume of data and the involved subscribe/notify signaling will likely become a challenge also for access and core networks. To alleviate the core of the network, other technologies like fog computing can be used. On the security side, designers of IoT low-cost devices and applications often reuse old versions of development frameworks and software components that contain vulnerabilities. Many server applications today are designed using microservice architectures where components are easier to update. Thus, IoT can benefit from deploying microservices in the fog as it offers the required flexibility for the main players of ubiquitous computing: nomadic users. In such deployments, IoT devices need the dynamic instantiation of microservices. IoT microservices require certificates so they can be accessed securely. Thus, every microservice instance may require a newly-created domain name and a certificate. The DNS-based Authentication of Named Entities (DANE) extension to Domain Name System Security Extensions (DNSSEC) allows linking a certificate to a given domain name. Thus, the combination of DNSSEC and DANE provides microservices' clients with secure information regarding the domain name, IP address, and server certificate of a given microservice. However, IoT microservices may be short-lived since devices can move from one local fog to another, forcing DNSSEC servers to sign zones whenever new changes occur. Considering DNSSEC and DANE were designed to cope with static services, coping with IoT dynamic microservice instantiation can throttle the scalability in the fog. To overcome this limitation, this article proposes a solution that modifies the DNSSEC/DANE signature mechanism using chameleon signatures and defining a new soft delegation scheme. Chameleon signatures are signatures computed over a chameleon hash, which have a property: a secret trapdoor function can be used to compute collisions to the hash. Since the hash is maintained, the signature does not have to be computed again. In the soft delegation schema, DNS servers obtain a trapdoor that allows performing changes in a constrained zone without affecting normal DNS operation. In this way, a server can receive this soft delegation and modify the DNS zone to cope with frequent changes such as microservice dynamic instantiation. Changes in the soft delegated zone are much faster and do not require the intervention of the DNS primary servers of the zone.
物联网设备为丰富的服务和应用生态系统提供实时数据。数据量以及所涉及的订阅/通知信令对于接入网和核心网来说可能也会成为一项挑战。为了减轻网络核心的负担,可以使用雾计算等其他技术。在安全方面,物联网低成本设备和应用的设计者常常重复使用包含漏洞的旧版本开发框架和软件组件。如今许多服务器应用是使用微服务架构设计的,其中组件更易于更新。因此,物联网可以从在雾中部署微服务中受益,因为它为普适计算的主要参与者——游牧用户提供了所需的灵活性。在这种部署中,物联网设备需要微服务的动态实例化。物联网微服务需要证书以便能够被安全访问。因此,每个微服务实例可能都需要一个新创建的域名和一个证书。域名系统安全扩展(DNSSEC)的基于域名的命名实体认证(DANE)扩展允许将证书链接到给定的域名。这样,DNSSEC和DANE的组合为微服务的客户端提供了有关给定微服务的域名、IP地址和服务器证书的安全信息。然而,物联网微服务可能是短暂存在的,因为设备可能从一个本地雾转移到另一个本地雾,这迫使DNSSEC服务器每当有新变化发生时就得对区域进行签名。考虑到DNSSEC和DANE是设计用于应对静态服务的,应对物联网动态微服务实例化可能会限制雾中的可扩展性。为了克服这一限制,本文提出了一种解决方案,即使用变色龙签名修改DNSSEC/DANE签名机制并定义一种新的软委托方案。变色龙签名是在变色龙哈希上计算的签名,它具有一个特性:可以使用一个秘密陷门函数来计算与该哈希的碰撞。由于哈希得以保留,签名就不必再次计算。在软委托模式中,DNS服务器获得一个陷门,该陷门允许在受限区域内进行更改而不影响正常的DNS操作。通过这种方式,一台服务器可以接收此软委托并修改DNS区域以应对诸如微服务动态实例化之类的频繁变化。软委托区域中的更改要快得多,并且不需要该区域的DNS主服务器进行干预。
