Page 128 - ITU Kaleidoscope 2016
P. 128
The resources can be hardware (e.g. CPU cycles, (c) Replication: The authorized directory or on-demand
memory, disk space, and network bandwidth) as well cache can replicate the records stored in it to replica
as software modules (e.g. network protocols, servers upon receiving a replication command from
configuration parameters, software commands, the resource controller. The replication of records may
adaptation tools). It obtains the status of hardware take place in different granularity (i.e. a single record
resources (i.e. CPU load statics, available memory or a group of records). The authorized directory and
size and storage size) as well as the status of database cache servers keep a list of all replica servers storing
(e.g. access latency, number of records, access records copied from them. Similarly, replica servers
frequency, number of replicas, and trackable caches also keep a list of replica origins from where the
holding a record) by monitoring them periodically, records have been replicated (also known as anchor
and then decides if more resources have to be assigned points).
to create new replicas for distributing workloads, or (d) Record lookup: When a client needs the record of an
assigned resources to existing servers must be adjusted IoT device, it sends a record lookup request to a
to meet the changing workload. nearly cache server securely and receives a response
(4) Private directory: It provides a proxy gateway message containing the record. We assume that the
function to register records of IoT devices in the client obtains info about the address of the cache
public directory. It is the authority that determines the server at the time of its attachment to the network (e.g.
privacy level of each record belonging to the IoT like DHCP providing a DNS server address in the
devices it manages. Internet) and proactively establishes a security
(5) Record owners: They are IoT device owners who association using an existing security mechanism,
possess the records and are the final authority to such as Datagram Transport Layer Security (DTLS)
assign the privacy level to each attribute of the [11], which has been adopted by the IETF to provide a
records. security layer to the Constrained Application Protocol
(6) Record clients: They are the IoT applications that (CoAP), a specialized web transfer protocol having
send queries to cache servers to obtain the desired potential to be used in IoT application.
records of IoT devices. (e) Record update: The record update process is initiated
either from the record owner device that changes its
3.2. Processes parameters stored in the directory or from the network
Each of the below processes involves both processing (e.g. proxy gateway) that detects the change in
inside a component and interaction between two or more attributes, e.g. a mobile IoT device’s address when it
components of the IoT directory service. is moving from one network to another. The latter
(a) Record registration: A record is created when an IoT approach is better suited for resource-constrained IoT
device/object finishes its initial configuration and gets devices because they are not required to involve in the
connected to the network. Either the device/object update process, thus helping in the reduction of
itself or its proxy gateway creates the record. The signaling overhead and power consumption.
record includes various attributes: name, ID, location, (f) Load statistics monitoring: This process runs in all
data types it generates (e.g. temperature, pressure, and components to monitor two types of loads: database
video) security keys, certificates, privacy levels, etc. load and system load. It then provides the load
The record is firstly stored in the private directory statistics to the resource controller. The database load
(e.g. home directory, personal directory) for local use statistics include information about the number of
only. The private directory assigns a privacy level to records in database, record lookup and update
each attribute of the record, e.g. location or address is frequencies, and corresponding latencies. Similarly,
visible to anybody, but data types are visible only to the system load statistics includes information about
those who share the same shared key. After setting up the usages of CPU, memory, bandwidth, number of
the privacy levels, the private directory registers the replica servers, number of cache servers, etc.
records in the authorized public directory. The (g) Resource provisioning: This process runs in the
privacy/identity of the record is well-protected by resource controller to allocate and adjust hardware and
encrypting messages exchanged between the private software resources on-demand. It implements a
directory and authorized public directory servers, e.g. resource allocation algorithm that takes the system and
using transport-layer security (TLS) [10]. The database load statistics as input parameters and makes
registration process is not as time-critical as the the resource allocation, adjustment or adaptation
lookup process. decision.
(b) On-demand record caching: The authorized public
directory provides records to on-demand caches after 3.3. Security and Privacy Protection
receiving a cache command from the resource Privacy and security issues are key aspects of any network
controller. The resource controller uses several logics architecture. They are more important for IoT applications
(described in the next section) to decide about the that deal with delicate and highly private data. Therefore,
potential cache locations and prepares cache servers. we have considered both issues from the design phase of
Each cache copy has a timeout value, and is deleted on the IoT directory service, and it adjusts to the different
timeout. levels of security and privacy requirements of different IoT
– 110 –
