{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,1]],"date-time":"2026-04-01T08:02:43Z","timestamp":1775030563067,"version":"3.50.1"},"reference-count":28,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2020,2,29]],"date-time":"2020-02-29T00:00:00Z","timestamp":1582934400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"iCyPhy Research Center"},{"name":"Swedish Foundation for Strategic Research","award":["FFL15-0032"],"award-info":[{"award-number":["FFL15-0032"]}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["1446619"],"award-info":[{"award-number":["1446619"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Avast, Denso, Ford, and Siemens"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Internet Things"],"published-print":{"date-parts":[[2020,2,29]]},"abstract":"<jats:p>\n            An emerging type of network architecture called\n            <jats:italic>edge computing<\/jats:italic>\n            has the potential to improve the availability and resilience of IoT services under anomalous situations such as network failures or denial-of-service (DoS) attacks. However, relatively little has been explored on the problem of ensuring availability even when edge computers that provide key security services (e.g., authentication and authorization) become unavailable themselves. This article proposes a resilient authentication and authorization framework to enhance the availability of IoT services under DoS attacks or failures. The proposed approach leverages a technique called\n            <jats:italic>secure migration<\/jats:italic>\n            , which allows an IoT device to migrate to another trusted edge computer when its own local authorization service becomes unavailable. Specifically, we describe the design of a secure migration framework and its supporting mechanisms, including (1) automated migration policy construction and (2) protocols for preparing and executing the secure migration. We formalize secure migration policy construction as an integer linear programming (ILP) problem and show its effectiveness using a case study on smart buildings, where the proposed solution achieves significantly higher availability under simulated attacks on authorization services.\n          <\/jats:p>","DOI":"10.1145\/3375837","type":"journal-article","created":{"date-parts":[[2020,3,2]],"date-time":"2020-03-02T18:52:45Z","timestamp":1583175165000},"page":"1-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":35,"title":["Resilient Authentication and Authorization for the Internet of Things (IoT) Using Edge Computing"],"prefix":"10.1145","volume":"1","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1450-5248","authenticated-orcid":false,"given":"Hokeun","family":"Kim","sequence":"first","affiliation":[{"name":"University of California, Berkeley, USA"}]},{"given":"Eunsuk","family":"Kang","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"given":"David","family":"Broman","sequence":"additional","affiliation":[{"name":"KTH Royal Institute of Technology, Kista, Sweden"}]},{"given":"Edward A.","family":"Lee","sequence":"additional","affiliation":[{"name":"University of California, Berkeley, USA"}]}],"member":"320","published-online":{"date-parts":[[2020,3,2]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"Amazon Web Services. 2018. How the AWS IoT Platform Works\u2014Amazon Web Services. Retrieved from http:\/\/aws.amazon.com\/iot-platform\/how-it-works\/."},{"key":"e_1_2_1_2_1","first-page":"5","article-title":"TACIoT: Multidimensional trust-aware access control system for the Internet of Things","volume":"20","author":"Bernabe Jorge Bernal","year":"2016","unstructured":"Jorge Bernal Bernabe, Jose Luis Hernandez Ramos, and Antonio F. Skarmeta Gomez. 2016. TACIoT: Multidimensional trust-aware access control system for the Internet of Things. Soft Comput. 20, 5 (May 2016), 1763--1779.","journal-title":"Soft Comput."},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSEN.2014.2361406"},{"key":"e_1_2_1_4_1","volume-title":"Hooker and Mar\u00eda Auxilio Osorio Lama","author":"John","year":"1999","unstructured":"John N. Hooker and Mar\u00eda Auxilio Osorio Lama. 1999. Mixed logical-linear programming. Disc. Appl. Math. 96--97 (1999), 395--442."},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2013.6733571"},{"key":"e_1_2_1_6_1","volume-title":"Proceedings of the 1st ACM Workshop on the Internet of Safe Things (SafeThings\u201917)","author":"Kim Hokeun","unstructured":"Hokeun Kim, Eunsuk Kang, David Broman, and Edward A. Lee. 2017a. An architectural mechanism for resilient IoT services. In Proceedings of the 1st ACM Workshop on the Internet of Safe Things (SafeThings\u201917). ACM, New York, NY, 8--13."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3054977.3054980"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/MITP.2017.3680960"},{"key":"e_1_2_1_9_1","volume-title":"Proceedings of the 4th IEEE International Conference on Future Internet of Things and Cloud. IEEE, 114--122","author":"Kim Hokeun","unstructured":"Hokeun Kim, Armin Wasicek, Benjamin Mehne, and Edward A. Lee. 2016. A secure network architecture for the internet of things based on local authorization entities. In Proceedings of the 4th IEEE International Conference on Future Internet of Things and Cloud. IEEE, 114--122."},{"key":"e_1_2_1_10_1","first-page":"5","article-title":"Edge-centric computing: Vision and challenges","volume":"45","author":"Lopez Pedro Garcia","year":"2015","unstructured":"Pedro Garcia Lopez, Alberto Montresor, Dick Epema, Anwitaman Datta, Teruo Higashino, Adriana Iamnitchi, Marinho Barcellos, Pascal Felber, and Etienne Riviere. 2015. Edge-centric computing: Vision and challenges. SIGCOMM Comput. Commun. Rev. 45, 5 (Sept. 2015), 37--42.","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"e_1_2_1_11_1","volume-title":"Fog computing: Focusing on mobile users at the edge. Arxiv:1502.01815 [cs] (Feb","author":"Luan Tom H.","year":"2015","unstructured":"Tom H. Luan, Longxiang Gao, Zhi Li, Yang Xiang, Guiyi Wei, and Limin Sun. 2015. Fog computing: Focusing on mobile users at the edge. Arxiv:1502.01815 [cs] (Feb. 2015). Retrieved from http:\/\/arxiv.org\/abs\/1502.01815."},{"key":"e_1_2_1_12_1","first-page":"309","article-title":"Identity authentication and Capability Based Access Control (IACAC) for the internet of things","volume":"1","author":"Mahalle Parikshit N.","year":"2013","unstructured":"Parikshit N. Mahalle, Bayu Anggorojati, Neeli R. Prasad, and Ramjee Prasad. 2013. Identity authentication and Capability Based Access Control (IACAC) for the internet of things. J. Cyber Sec. Mob. 1, 4 (2013), 309--348.","journal-title":"J. Cyber Sec. Mob."},{"key":"e_1_2_1_13_1","volume-title":"Moosavi et al","author":"Sanaz","year":"2015","unstructured":"Sanaz R. Moosavi et al. 2015. SEA: A secure and efficient authentication and authorization architecture for IoT-based healthcare using smart gateways. Procedia Comput. Sci. 52 (Jan. 2015), 452--459."},{"key":"e_1_2_1_14_1","volume-title":"Google\u2019s latest failure shows how immature its hardware is. Forbes (Feb","author":"Morris Ian","year":"2017","unstructured":"Ian Morris. 2017. Google\u2019s latest failure shows how immature its hardware is. Forbes (Feb. 2017). Retrieved from http:\/\/www.forbes.com\/sites\/ianmorris\/2017\/02\/24\/googles-latest-failure-shows-how-immature-its-hardware-is\/."},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM (SenSys\u201916)","author":"Antonio","unstructured":"Antonio L. Maia Neto et al. 2016. AoT: Authentication and access control for the entire IoT device life-cycle. In Proceedings of the 14th ACM Conference on Embedded Network Sensor Systems CD-ROM (SenSys\u201916). ACM, New York, NY, 1--15."},{"key":"e_1_2_1_16_1","first-page":"1","article-title":"Denial of service mitigation approach for IPv6-enabled smart object networks","volume":"25","author":"Oliveira Lu\u00eds M. L.","year":"2013","unstructured":"Lu\u00eds M. L. Oliveira, Joel J. P. C. Rodrigues, Amaro F. de Sousa, and Jaime Lloret. 2013. Denial of service mitigation approach for IPv6-enabled smart object networks. Concur. Comput.ation: Pract. Exper. 25, 1 (Jan. 2013), 129--142.","journal-title":"Concur. Comput.ation: Pract. Exper."},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/UIC-ATC.2013.71"},{"key":"e_1_2_1_18_1","first-page":"3","article-title":"IoTPOT: A novel honeypot for revealing current IoT threats","volume":"24","author":"Pa Pa Yin Minn","year":"2016","unstructured":"Yin Minn Pa Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, and Christian Rossow. 2016. IoTPOT: A novel honeypot for revealing current IoT threats. J. Inf. Proc. 24, 3 (May 2016), 522--533.","journal-title":"J. Inf. Proc."},{"key":"e_1_2_1_19_1","volume-title":"The TESLA broadcast authentication protocol. RSA CryptoB. (July","author":"Perrig Adrian","year":"2005","unstructured":"Adrian Perrig, Ran Canetti, J. D. Tygar, and Dawn Song. 2005. The TESLA broadcast authentication protocol. RSA CryptoB. (July 2005)."},{"key":"e_1_2_1_20_1","volume-title":"Henderson","author":"Riley George F.","year":"2010","unstructured":"George F. Riley and Thomas R. Henderson. 2010. The ns-3 network simulator. In Modeling and Tools for Network Simulation. Springer Berlin, 15--34."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/iCOST.2012.6271291"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2016.145"},{"key":"e_1_2_1_23_1","volume-title":"Arkady Zaslavsky, Ivana Podnar Zarko, Lea Skorin-Kapov, and Reinhard Herzog.","author":"Soldatos John","year":"2015","unstructured":"John Soldatos, Nikos Kefalakis, Manfred Hauswirth, Martin Serrano, Jean-Paul Calbimonte, Mehdi Riahi, Karl Aberer, Prem Prakash Jayaraman, Arkady Zaslavsky, Ivana Podnar Zarko, Lea Skorin-Kapov, and Reinhard Herzog. 2015. OpenIoT: Open source internet-of-things in the cloud. In Interoperability and Open-Source Solutions for the Internet of Things. Springer, Cham, 13--25."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-981-10-0135-2_36"},{"key":"e_1_2_1_25_1","volume-title":"OSCAR: Object security architecture for the internet of things. Ad Hoc Netw. 32 (Sept.","author":"Vu\u010dini\u0107 Mali\u0161a","year":"2015","unstructured":"Mali\u0161a Vu\u010dini\u0107, Bernard Tourancheau, Franck Rousseau, Andrzej Duda, Laurent Damon, and Roberto Guizzetti. 2015. OSCAR: Object security architecture for the internet of things. Ad Hoc Netw. 32 (Sept. 2015), 3--16."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2016.1600113NM"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.031413.00127"},{"key":"e_1_2_1_28_1","volume-title":"Proceedings of the 18th Symposium on Communications 8 Networking (CNS\u201915)","author":"Zhang Congyingzi","year":"2015","unstructured":"Congyingzi Zhang and Robert Green. 2015. Communication security in internet of things: Preventive mMeasure and avoid DDoS attack over IoT network. In Proceedings of the 18th Symposium on Communications 8 Networking (CNS\u201915). Society for Computer Simulation International, 8--15."}],"container-title":["ACM Transactions on Internet of Things"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3375837","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3375837","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3375837","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:38:15Z","timestamp":1750199895000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3375837"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2,29]]},"references-count":28,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2020,2,29]]}},"alternative-id":["10.1145\/3375837"],"URL":"https:\/\/doi.org\/10.1145\/3375837","relation":{},"ISSN":["2577-6207"],"issn-type":[{"value":"2577-6207","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,2,29]]},"assertion":[{"value":"2018-10-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-11-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-03-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}