Cloudlet for the Internet-of- Things

Vargas Vargas, Fernando

January 2016

With an increasing number of people currently living in urban areas, many cities around the globe are faced with issues such as increased pollution and traffic congestion. In an effort to tackle such challenges, governments and city councils are formulating new and innovative strategies. The integration of ICT with these strategies creates the concept of smart cities. The Internet of Things (IoT) is a key driver for smart city initiatives, making it necessary to have an IT infrastructure that can take advantage of the many benefits that IoT can provide. The Cloudlet is a new infrastructure model that offers cloud-computing capabilities at the edge of the mobile network. This environment is characterized by low latency and high bandwidth, constituting a novel ecosystem where network operators can open their network edge to third parties, allowing them to flexibly and rapidly deploy innovative applications and services towards mobile subscribers. In this thesis, we present a cloudlet architecture that leverages edge computing to provide a platform for IoT devices on top of which many smart city applications can be deployed. We first provide an overview of existing challenges and requirements in IoT systems development. Next, we analyse existing cloudlet solutions. Finally, we present our cloudlet architecture for IoT, including design and a prototype solution. For our cloudlet prototype, we focused on a micro-scale emission model to calculate the CO2 emissions per individual trip of a vehicle, and implemented the functionality that allows us to read CO2 data from CO2 sensors. The location data is obtained from an Android smartphone and is processed in the cloudlet. Finally, we conclude with a performance evaluation. / Med en befolkning som ökar i urbana områden, står många av världens städer inför utmaningar som ökande avgaser och trafikstockning. I ett försök att tackla sådana utmaningar, formulerar regeringar och stadsfullmäktige nya och innovativa strategier. Integrationen av ICT med dessa strategier bildar konceptet smart cities. Internet of Things (IoT) är en drivande faktor för smart city initiativ, vilket gör det nödvändigt för en IT infrastruktur som kan ta till vara på de många fördelar som IoT bidrar med. Cloudlet är en ny infrastrukturell modell som erbjuder datormolnskompetens i mobilnätverkets edge. Denna miljö karakteriseras av låg latens och hög bandbredd, utgörande ett nytt ekosystem där nätverksoperatörer kan hålla deras nätverks-edge öppet för utomstående, vilket tillåter att flexibelt och snabbt utveckla innovativa applikationer och tjänster för mobila subskribenter. I denna avhandling presenterar vi en cloudlet-arkitektur som framhäver edge computing, för att förse en plattform för IoT utrustning där många smart city applikationer kan utvecklas. Vi förser er först med en överblick av existerande utmaningar och krav i IoT systemutveckling. Sedan analyserar vi existerande cloudlet lösningar. Slutligen presenteras vår cloudlet arkitektur för IoT, inklusive design och en prototyplösning. För vår cloudlet-prototyp har vi fokuserat på en modell av mikroskala för att räkna ut CO2 emissioner per enskild resa med fordon, och implementerat en funktion som tillåter oss att läsa CO2 data från CO2 sensorer. Platsdata är inhämtad med hjälp av en Android smartphone och behandlas i cloudlet. Det hela sammanfattas med en prestandaevaluering.

Internet of Things (IoT)

Cloud Computing

Mobile Edge Computing (MEC)

Cloudlet.

Internet of Things (IoT)

Cloud Computing

Mobile Edge Computing (MEC)

Cloudlet

Computer Engineering

Datorteknik

Agile Network Security for Software Defined Edge Clouds

Osman, Amr

07 March 2023

Today's Internet is seeing a massive shift from traditional client-server applications towards real-time, context-sensitive, and highly immersive applications. The fusion between Cyber-physical systems, The Internet of Things (IoT), Augmented/Virtual-Reality (AR/VR), and the Tactile Internet with the Human-in-the-Loop (TaHIL) means that Ultra-Reliable Low Latency Communication (URLLC) is a key functional requirement. Mobile Edge Computing (MEC) has emerged as a network architectural paradigm to address such ever-increasing resource demands. MEC leverages networking and computational resource pools that are closer to the end-users at the far edge of the network, eliminating the need to send and process large volumes of data over multiple distant hops at central cloud computing data centers. Multiple 'cloudlets' are formed at the edge, and the access to resources is shared and federated across them over multiple network domains that are distributed over various geographical locations. However, this federated access comes at the cost of a fuzzy and dynamically-changing network security perimeter because there are multiple sources of mobility. Not only are the end users mobile, but the applications themselves virtually migrate over multiple network domains and cloudlets to serve the end users, bypassing statically placed network security middleboxes and firewalls. This work aims to address this problem by proposing adaptive network security measures that can be dynamically changed at runtime, and are decoupled from the ever-changing network topology. In particular, we: 1) use the state of the art in programmable networking to protect MEC networks from internal adversaries that can adapt and laterally move, 2) Automatically infer application security contexts, and device vulnerabilities, then evolve the network access control policies to segment the network in such a way that minimizes the attack surface with minimal impact on its utility, 3) propose new metrics to assess the susceptibility of edge nodes to a new class of stealthy attacks that bypasses traditional statically placed Intrusion Detection Systems (IDS), and a probabilistic approach to pro-actively protect them.:Acknowledgments Acronyms & Abbreviations 1 Introduction 1.1 Prelude 1.2 Motivation and Challenges 1.3 Aim and objectives 1.4 Contributions 1.5 Thesis structure 2 Background 2.1 A primer on computer networks 2.2 Network security 2.3 Network softwarization 2.4 Cloudification of networks 2.5 Securing cloud networks 2.6 Towards Securing Edge Cloud Networks 2.7 Summary I Adaptive security in consumer edge cloud networks 3 Automatic microsegmentation of smarthome IoT networks 3.1 Introduction 3.2 Related work 3.3 Smart home microsegmentation 3.4 Software-Defined Secure Isolation 3.5 Evaluation 3.6 Summary 4 Smart home microsegmentation with user privacy in mind 4.1 Introduction 4.2 Related Work 4.3 Goals and Assumptions 4.4 Quantifying the security and privacy of SHIoT devices 4.5 Automatic microsegmentation 4.6 Manual microsegmentation 4.7 Experimental setup 4.8 Evaluation 4.9 Summary II Adaptive security in enterprise edge cloud networks 5 Adaptive real-time network deception and isolation 5.1 Introduction 5.2 Related work 5.3 Sandnet’s concept 5.4 Live Cloning and Network Deception 5.5 Evaluation 5.6 Summary 6 Localization of internal stealthy DDoS attacks on Microservices 6.1 Introduction 6.2 Related work 6.3 Assumptions & Threat model 6.4 Mitigating SILVDDoS 6.5 Evaluation 6.6 Summary III Summary of Results 7 Conclusion 7.1 Main outcomes 7.2 Future outlook Listings Bibliography List of Algorithms List of Figures List of Tables Appendix

info:eu-repo/classification/ddc/006

ddc:006