DOCSLIB.ORG

Secure Lwm2m Iot Streaming Data Pipelines in Hospworks Master Thesis

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Secure Lwm2m Iot Streaming Data Pipelines in Hospworks Master Thesis UNIVERSIDAD POLITÉCNICA DE MADRID ESCUELA TÉCNICA SUPERIOR DE INGENERÍA Y SYSTEMAS DE TELECOMUNICACIÓN EIT DIGITAL MASTER IN INTERNET TECHNOLOGY AND ARCHITECTURE Secure LwM2M IoT streaming data pipelines in Hospworks Master Thesis Kajetan Maliszewski Madrid, July 2019 Contents 1 Introduction 1 1.1 Problem description . 2 1.2 Purpose . 2 1.3 Goals . 2 1.4 Outline . 3 2 Background 4 2.1 IoT Architecture . 4 2.2 IoT Nodes . 5 2.3 IoT Gateway . 6 2.4 Hopsworks Ecosystem . 8 2.5 Apache Kafka . 9 2.6 Stream Processing . 10 2.7 Security . 10 3 Architecture 12 3.1 Components . 12 3.2 IoT Gateway in the Hopsworks Ecosystem . 14 3.3 IoT Gateway Architecture . 15 3.3.1 LeshanService . 16 3.3.2 DatabaseService . 16 3.3.3 ProducerService . 19 3.3.4 HopsworksService . 21 3.4 Hopsworks Architecture . 21 3.4.1 Hopsworks Database . 21 3.4.2 User Interface . 23 3.4.3 IotGatewayResource . 23 3.4.4 Data Storage . 24 3.4.5 Streaming Jobs . 24 3.5 IoT Nodes . 25 3.5.1 Endpoint Client Name . 25 i 3.5.2 Measurements Timestamping . 25 3.5.3 Measurement Life Cycle . 26 3.6 Security . 27 4 Implementation 29 4.1 IoT Nodes . 29 4.2 IoT Gateway . 30 4.2.1 LeshanService . 31 4.2.2 DatabaseService . 31 4.2.3 ProducerService . 32 4.2.4 HopsworksService . 32 4.3 Hopsworks . 33 4.3.1 Hopsworks Database . 33 4.3.2 IoTGatewayResource . 33 4.3.3 User Interface . 34 4.3.4 Streaming Jobs . 36 4.4 Installation . 37 5 Evaluation 39 5.1 Verification . 39 5.2 Validation . 39 5.2.1 Test setup . 40 5.2.2 Test with an IoT simulator . 40 5.2.3 Test with a real IoT device . 42 5.2.4 Multiple gateways test . 43 5.2.5 Failure test . 43 5.2.6 Anomaly Detection Test . 44 5.3 Benchmarking . 45 5.3.1 Latency in a local setup . 45 5.3.2 Latency in a remote setup . 46 5.3.3 Latency results analysis . 47 5.3.4 Cold and warm startup . 48 6 Conclusion 50 6.1 Goals Achieved . 50 6.2 Future Work . 51 6.3 Reflections . 52 Bibliography 53 ii List of Figures 2.1 Example of an IoT architecture [7]. 4 2.2 Hopsworks ecosystem schema [18]. 8 3.1 Project Architecture. 12 3.2 IoT registration procedure. 14 3.3 Example of tables generated for DatabaseService. 19 3.4 IoT Gateway state in Hopsworks. 22 3.5 New gateways table in Hopsworks database. 23 3.6 Measurement life cycle. 26 3.7 System Security Architecture. 27 4.1 Zolertia Firefly (top) and Thunderboard Sense 2 (bottom). 30 4.2 Sequence diagram of a REST call getting the list of IoT Nodes. 34 4.3 UI - Enter IoT Gateway Details window. 35 4.4 UI - Overview of IoT tab. 35 4.5 UI - IoT Gateway Details window. 35 4.6 UI - IoT Nodes window. 36 5.1 Screenshots of running IoT Gateway (top) and IoT Node simulator (bottom). 41 5.2 Screenshot of running Eclipse Leshan server. 41 5.3 IoT simulator data retrieved from HopsFS. 42 5.4 Kafka ACL after detection of too high traffic on a gateway. 44 5.5 Measurement delivery time for local setup. 46 5.6 Measurement delivery time for remote setup. 47 5.7 Average latency benchmark result comparison. 48 5.8 Measurement latency with cold and warm startup. 49 iii List of Tables 3.1 HopsworksService REST API. 21 3.2 IotGatewayResource REST API. 24 5.1 bbc2 test machine specifications. 40 5.2 computer test machine specifications. 40 5.3 Software branches used for tests. 40 5.4 Average latency benchmark results . 47 iv List of Acronyms 6LoWPAN IPv6 over Low-Power Wireless Personal Area Networks ACK Acknowledge ACL Access Control List API Application Programming Interface CoaP Constrained Application Protocol CoaPS DTLS-Secured Constrained Application Protocol DTLS Datagram Transport Layer Security DDoS Distributed Denial of Service EUI Extended Unique Identifier FS File System GPU Graphics Processing Unit Hops Hadoop Open Platform-as-a-Service HDFS Hadoop Distributed File System HTTP Hypertext Transfer Protocol HTTPS Hypertext Transfer Protocol Secure IMEI International Mobile Equipment Identity IP Internet Protocol IPSO Internet Protocol for Smart Objects IoT Internet of Things JDBC Java Database Connectivity JSON JavaScript Object Notation v JVM Java Virtual Machine JWT JSON Web Token MAC Media Access Control ML Machine Learning MVC model-view-controller MVVM model-view-viewmodel NAT Network Address Translation OMA LwM2M Open Mobile Alliance Lightweight Machine-to-Machine PKI Public Key Infrastructure PSK Pre-Shared Key REST Representational State Transfer RPK Raw Public Key SQL Structured Query Language TLS Transport Layer Security TSDB Time-Series Database UI User Interface URN Uniform Resource Name UUID Universally Unique Identifier VM Virtual Machine vi Summary The number of internet connected devices has already by far surpassed the number of human beings. The pace of growth is still so big that in the next five years that number will double. The ecosystem of these devices, collectively called Internet of Things (IoT), is a source of a tremendous amount of data and creates several unheard challenges for researchers and companies. New, unconventional ways of storing, analyzing, and processing of the data had to be proposed. One such a solution is Hadoop Open Platform-as-a-Service (Hops), a result of years-long research between KTH Royal Institute of Technology in Stockholm and RISE SICS AB. It is a platform enabling an analysis of extremely large volumes of data with cutting-edge, open-source technologies for Big Data and Machine Learning (ML). This master thesis provides support for connecting these two environments. It provides instruments for secure and reliable ingestion of IoT data into Hops platform. Moreover, it provides tools for ensuring the level of security by supporting the execution of mitigating measures, such as automated exclusion of misbehaving devices and dropping traffic from sources of Distributed Denial of Service (DDoS) attacks. To allow the data ingestion a new element was introduced to the ecosystem - IoT Gateway. It is a platform, where the authenticated IoT devices can stream data to. Furthermore, Hopsworks, one of the Hops’ main component, was extended with REST API that allowed the gateways to securely connect to the Hops ecosystem. A testbed, including IoT software simulator and a real IoT device with dedicated hardware, was built and comprehensively tested and benchmarked. The architecture is based on the publicly open and very popular security protocols - Raw Public Key (RPK) and Hypertext Transfer Protocol Secure (HTTPS). It is shown that the proposed solution is performant, scalable, and provides high reliability in a real-life case scenario. Up to our knowledge, the work done in this thesis makes Hopsworks the world’s first open source Big Data platform with secure IoT data ingestion. vii Resumen La cantidad de dispositivos conectados a Internet, ya ha superado la cantidad de seres humanos. El ritmo de crecimiento es tan elevado que en los próximos cinco años se duplicará. El ecosistema de estos dispositivos, colectivamente llamado Internet of Things (IoT), es una fuente de gran cantidad de datos y crea varios retos inauditos para investigadores y empresas. Se han propuesto nuevas formas y poco convencionales de operaciones de los datos. Una de esas soluciones es Hadoop Open Platform-as-a- Service (Hops), el resultado de investigación entre KTH Royal Institute of Technology en Estocolmo y RISE SICS AB. Además, es una plataforma que permite un análisis de datos en cantidades extremadamente grandes con tecnologías innovadoras y open source de Big Data y Machine Learning (ML). Este proyecto fin de máster, proporciona soporte para conectar esas dos tecnologías. Esta plataforma también proporciona instrumentos para introducir de manera segura y de confianza los datos de IoT a la plataforma Hops. Además, proporciona herramientas para asegurar el nivel de seguridad, permitiendo la ejecución de medidas de mitigación, tales como exclusión automatizada de fuentes de ataques de tipo Distributed Denial of Service (DDoS). Para permitir la ingesta de datos, se ha introducido un nuevo elemento a esta tecnología - IoT Gateway. Se trata de una plataforma hacia la cual los dispositivos IoT ya autenticados pueden transmitir los datos. Hopsworks, un componente de Hops, ha sido extendido a través de REST API, lo que.
Load more

Recommended publications
  • Release 0.0.2 Hypothes.Is Project and Contributors
    The h Documentation Release 0.0.2 Hypothes.is Project and contributors Sep 27, 2021 Contents 1 Contents 3 Index 25 i ii The h Documentation, Release 0.0.2 h is the web app that serves most of the https://hypothes.is/ website, including the web annotations API at https: //hypothes.is/api/. The Hypothesis client is a browser-based annotator that is a client for h’s API, see the client’s own documentation site for docs about the client. This documentation is for: • Developers working with data stored in h • Contributors to h Contents 1 The h Documentation, Release 0.0.2 2 Contents CHAPTER 1 Contents 1.1 The Hypothesis community Please be courteous and respectful in your communication on Slack (request an invite or log in once you’ve created an account), IRC (#hypothes.is on freenode.net), the mailing list (subscribe, archive), and GitHub. Humor is appreciated, but remember that some nuance may be lost in the medium and plan accordingly. If you plan to be an active contributor please join our mailing list to coordinate development effort. This coordination helps us avoid duplicating efforts and raises the level of collaboration. For small fixes, feel free to open a pull request without any prior discussion. 1.2 Advice for publishers If you publish content on the web and want to allow people to annotate your content, the following documents will help you get started. 1.2.1 Generating authorization grant tokens Warning: This document describes an integration mechanism that is undergoing early-stage testing.
    [Show full text]
  • Firmware Update for 6Lowpan Networks of OMA-Lwm2m Iot Devices
    POLITECNICO DI TORINO Master degree course in Computer engineer Master Degree Thesis Firmware update for 6LoWPAN networks of OMA-LwM2M IoT devices Supervisors Prof. Andrea Acquaviva Ing. Marco Grella (STMicroelectronics) Candidates Davide Mirisola Academic year 2017-2018 To my parents and grandparents Acknowledgements Before I start with the necessary acknowledgments, I would first and foremost like to dedicate my whole university and academic career along with my Thesis to my grandparents, who unfortunately are no longer with us. I know my grandfather, Giuseppe would have been immensely proud to have an engineer within the family. Next I would like to express my thanks to Professor Andrea Acquaviva of the Politecnico di Torino who as my supervisor inspired and instructed me throughout my Thesis work and without whom, this achievement would not have been possible. I am also deeply grateful to both my Manager Ing. Fabian Castanier and my mentor Marco Grella of STMicroelectronics. I thank them for having faith in me and allowing me the opportunity to further develop experience within my chosen field. The company provided an enriching and stimulating work environment. It was an absolute honour to work with the company. A special thanks goes to Marco Grella who despite his many work commitments, always found the time to provide me with guidance and support in helping me develop my Thesis and allowing me to learn important lessons from him going forward with my professional career. Finally, I am deeply indebted to both my parents who make me proud to be their son. I want to thank them for always believing in me and continually provid- ing support and encouragement in my journey through life and my many years of study.
    [Show full text]
  • Management Enablement(OMA)
    ONEM2M TECHNICAL SPECIFICATION Document Number TS-0005-V3.5.1 Document Name: Management Enablement (OMA) Date: 2019-04-18 Abstract: Specifies the usage of OMA DM and OMA LwM2M resources and the corresponding message flows including normal cases as well as error cases to fulfill the oneM2M management requirements. • Mapping between the oneM2M management related resources and the resources from OMA. • Protocol translation between the oneM2M service layer and OMA. The Mca reference point, ms interface and la interface are possibly involved in this protocol translation. • Resource definitions in OMA to fulfill the oneM2M management requirements. This Specification is provided for future development work within oneM2M only. The Partners accept no liability for any use of this Specification. The present document has not been subject to any approval process by the oneM2M Partners Type 1. Published oneM2M specifications and reports for implementation should be obtained via the oneM2M Partners' Publications Offices. © oneM2M Partners Type 1 (ARIB, ATIS, CCSA, ETSI, TIA, TSDSI, TTA, TTC) Page 1 of 92 This is a draft oneM2M document and should not be relied upon; the final version, if any, will be made available by oneM2M Partners Type 1. About oneM2M The purpose and goal of oneM2M is to develop technical specifications which address the need for a common M2M Service Layer that can be readily embedded within various hardware and software, and relied upon to connect the myriad of devices in the field with M2M application servers worldwide. More information about oneM2M may be found at: http//www.oneM2M.org Copyright Notification No part of this document may be reproduced, in an electronic retrieval system or otherwise, except as authorized by written permission.
    [Show full text]
  • Hacking JSON Web Token (JWT) - 101-Writeups
    Hacking JSON Web Token (JWT) - 101-writeups ... https://medium.com/101-writeups/hacking-json... Hacking JSON Web Token (JWT) Rudra Pratap Follow May 3, 2018 · 5 min read Hey, Well this is my first writeup and there might be ton of mistakes as i go along writing it out so please give me feedback so that i can work over it. So lets start! JWT ... 0x01 JWT work�low Starting with JWT, it is a very lightweight specification 1 of 13 8/21/19, 10:35 AM Hacking JSON Web Token (JWT) - 101-writeups ... https://medium.com/101-writeups/hacking-json... This specification allows us to use JWT to pass secure and reliable information between users and servers. JWT is often used for front-end and back-end separation and can be used with the Restful API and is often used to build identity authentication mechanisms. Take an example of vimeo.com , which is one of the biggest video hosting companies as per my knowledge. ... Figure 1 2 of 13 8/21/19, 10:35 AM Hacking JSON Web Token (JWT) - 101-writeups ... https://medium.com/101-writeups/hacking-json... Figure 2 When a user enters his/her credentials, a post request is sent (check Figure 1) after which the credentials are validated. If they are a correct combo then the user is presented with response having a JWT token as seen in Figure 2. ... Example JWT : eyJraWQiOiJrZXlzLzNjM2MyZWExYzNmMTEzZjY0OWRjOTM4OW RkNzFiODUxIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOi JkdWJoZTEyMyJ9.XicP4pq_WIF2bAVtPmAlWIvAUad_eeBhDOQe2 MXwHrE8a7930LlfQq1lFqBs0wLMhht6Z9BQXBRos9jvQ7eumEUF WFYKRZfu9POTOEE79wxNwTxGdHc5VidvrwiytkRMtGKIyhbv68du FPI68Qnzh0z0M7t5LkEDvNivfOrxdxwb7IQsAuenKzF67Z6UArbZE8 odNZAA9IYaWHeh1b4OUG0OPM3saXYSG- Q1R5X_5nlWogHHYwy2kD9v4nk1BaQ5kHJIl8B3Nc77gVIIVvzI9N_ klPcX5xsuw9SsUfr9d99kaKyMUSXxeiZVM-7os_dw3ttz2f- TJSNI0DYprHHLFw Now whenever a user accesses something, the request which are made are slightly different having a new header authorization: jwt 3 of 13 8/21/19, 10:35 AM Hacking JSON Web Token (JWT) - 101-writeups ..
    [Show full text]
  • Openair XML API Reference Guide
    XML API Reference Guide April 10, 2021 Copyright © 2013, 2021, Oracle and/or its affiliates. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error- free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs) and Oracle computer documentation or other Oracle data delivered to or accessed by U.S. Government end users are "commercial computer software" or "commercial computer software documentation" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, reproduction, duplication, release, display, disclosure, modification, preparation of derivative works, and/or adaptation of i) Oracle programs (including any operating system, integrated software, any programs embedded, installed or activated on delivered hardware, and modifications of such programs), ii) Oracle computer documentation and/or iii) other Oracle data, is subject to the rights and limitations specified in the license contained in the applicable contract.
    [Show full text]
  • Precompiler Session 01 - Tuesday 8:00 Machine Learning: Taking Your ML Models to Android and Ios Wes Eklund
    PreCompiler Session 01 - Tuesday 8:00 Machine Learning: Taking your ML Models to Android and iOS Wes Eklund Once you've developed a kickass Machine Learning model, you need a way to get that model to your computing devices (phones) to start doing your predictions! Most Machine Learning projects in production will 'train' the model on cloud servers, then 'deploy' the model to an API server or mobile device. This session will introduce the attendee on using TensorFlow Serving and Apple CoreML to deploy Machine Learning models to a mobile app. Prerequisites: Download Here Build a Natural Language Slack Bot for your Dev Team Michael Perry Many project teams use Slack as a means of communication with one another. Why not also use it to communicate with your infrastructure? Invite a helper into your conversation that can perform routine tasks tirelessly, conversationally, and interactively. In this 4 hour workshop, you will build a Slack bot that understands natural language and integrates with your DevOps pipeline. You will use the Slack Events API to receive messages, and the Slack Web API to send them. You will use LUIS to interpret language and extract intent. You will execute actions against the Visual Studio Team Services Web API in response to user requests, and subscribe to Webhooks to notify your team of important events. In the end, you will have a new member of your team who can help you with your build and release pipeline. Workshop outline: Slack API Authorization - OAuth and API key verification Events API - respond to posts Web
    [Show full text]
  • On the Security of Single Sign-On
    On the Security of Single Sign-On Vladislav Mladenov (Place of birth: Pleven/Bulgaria) [email protected] 30th June 2017 Ruhr-University Bochum Horst G¨ortz Institute for IT-Security Chair for Network and Data Security Dissertation zur Erlangung des Grades eines Doktor-Ingenieurs der Fakult¨atf¨urElektrotechnik und Informationstechnik an der Ruhr-Universit¨atBochum First Supervisor: Prof. Dr. rer. nat. J¨org Schwenk Second Supervisor: Prof. Dr.-Ing. Felix Freiling www.nds.rub.de Abstract Single Sign-On (SSO) is a concept of delegated authentication, where an End- User authenticates only once at a central entity called Identity Provider (IdP) and afterwards logs in at multiple Service Providers (SPs) without reauthenti- cation. For this purpose, the IdP issues an authentication token, which is sent to the SP and must be verified. There exist different SSO protocols, which are implemented as open source libraries or integrated in commercial products. Google, Facebook, Microsoft and PayPal belong to the most popular SSO IdPs. This thesis provides a comprehensive security evaluation of the most popular and widely deployed SSO protocols: OpenID Connect, OpenID, and SAML. A starting point for this research is the development of a new concept called malicious IdP, where a maliciously acting IdP is used to attack SSO. Generic attack classes are developed and categorized according to the requirements, goals, and impact. These attack classes are adapted to different SSO proto- cols, which lead to the discovery of security critical vulnerabilities in Software- as-a-Service Cloud Providers, eCommerce products, web-based news portals, Content-Management systems, and open source implementations.
    [Show full text]
  • A Cloud-Based Virtual Network Operator for Managing Multimodal LPWA Networks and Devices
    A Cloud-based Virtual Network Operator for Managing Multimodal LPWA Networks and Devices Jeroen Hoebeke∗, Jetmir Haxhibeqiri∗, Bart Moons∗, Matthias Van Eeghem∗, Jen Rossey∗, Abdulkadir Karagaac∗, and Jeroen Famaeyy ∗ IDLab, Ghent University – imec, Ghent, Belgium y IDLab, University of Antwerp – imec, Antwerp, Belgium Email: [email protected] Abstract—The Internet of Things (IoT) domain is character- However, a single technology is not flexible enough to ized by many applications that require low bandwidth commu- satisfy the requirements of more demanding or diverse IoT nication over a long range at a low cost and at low power, applications. As a consequence, we see scenarios where these which has given rise to novel Low Power Wide Area Network (LPWAN) technologies that operate in the sub-GHz domain. LPWAN technologies are being adopted in more complex Today, these technologies are being adopted in more complex settings and configurations than originally intended. Devices settings and configurations than originally intended. Devices are being equipped with more than one LPWAN radio technol- are being equipped with multiple LPWAN radio technologies ogy to satisfy more diverse requirements, such as long range to satisfy more diverse requirements, connecting to different outdoor communication combined with higher data rate indoor networks at different times and locations. Further, organizations can have devices with different LPWAN technologies in the communication. Such multimodal devices connect to different field or existing infrastructure might be shared across different networks at different times and locations, as is illustrated in organizations. As a consequence, there arises an increasing com- Figure 1a. Further, IoT use cases may involve the collection of plexity in managing such multimodal LPWANs and in designing heterogeneous data, requiring the deployment of single-radio IoT applications on top.
    [Show full text]
  • Cisco Firepower Threat Defense REST API Guide Americas Headquarters Cisco Systems, Inc
    Cisco Firepower Threat Defense REST API Guide Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Demystifying Tokens for Securing Enterprise Apis
    DEVELOPING AND CONNECTING ISSA Demystifying Tokens for CYBERSECURITY LEADERS GLOBALLY Securing Enterprise APIs Demystifying Tokens for Securing Enterprise APIs By Sandeep Jayashankar – ISSA member Delaware Chapter and Subin Thayyile Kandy – ISSA member Delaware Chapter This article is mainly designed for a software architect to help understand the problems tokens tend to solve, with illustrations of different types of tokens in use. The authors also explain the token implementation methods for an enterprise API mechanism and provide security best practices to be taken care of when implementing the same. Abstract able products, both as a software and a service, to handle the authentication security controls. The security community has Tokens have been the de-facto means that support scalable striven to set many authentication policy definitions, such as and performance-focused security solutions in the current password policies, user lockout policies, captcha frameworks, technological environments. There are currently many op- and provided many scan engines to check the implemented tions and operation modes for anybody thinking of imple- authentication policies. Enterprise organizations have priori- menting a token-based security measure with support of tized their strategic plans concerning security by utilizing the cryptographic mechanisms. With the web-attack landscapes best products to support the applications’ authentication and changing to APIs, and with APIs managed as a decoupled password handling requirements. data handling entity, APIs need to have stringent authori- zation decision engines that ensure an authorized entity re- Implementing single sign-on with compulsory multi-factor quests each data retrieval. This article is mainly designed for authentication sequences has become a de facto for appli- a software architect to help understand the problems tokens cations and web components in an enterprise environment.
    [Show full text]
  • Angularjs Passing Jwt Every Request
    Angularjs Passing Jwt Every Request Uncompassionate and jetty Gunter still understand his free-spokenness compositely. Strawlike Julie bepaints aught or boodles dumbly when Andrey is imploring. Lightless and unquoted Sloane pent his tinhorn skelly corroding aimlessly. Well to test various authorization server renders is needed and every request Is fraud possible and implement SSO with OAuth? I thought that we an angular default feature and asked in angularjs. ELI5 how JWT works angularjs Reddit. The jwt based on every http interceptor its main application file: we pass the! Token-based Authentication in Angular 6 with ASPNET Core. We pass it also easier to jwt signature as a user controlled access any errors were supposed to every http request and passing headers. This means that for every dream you send by any firm the secured API endpoints you urge to pass rush a valid JWT in humble request Header so that further back-end. Introducing OwinStatelessAuth with Jonathan Channon Blog. In JWT, the header actually comes before the payload. Call Userlogin to request content access token without the client application on. Angular project here i pass this is handled by default to medium members of mars, and password we have the interceptor? CORS is a W3C Recommendation supported by all modern browsers. Token-Based Authentication for AngularJS and Laravel Apps. Ultimately, each API is honey to predict different requirements. You passing them. Return later an user gets applied are two sections describe what they give them to reuse existing set up the signature verification signature. CSRF attack in progress. For me please make target like this.
    [Show full text]
  • Big Code Infrastructure for Building Tools to Improve Software Development
    Big Code Infrastructure for Building Tools to Improve Software Development Oscar´ Rodr´ıguezPrieto PhD Supervisor Prof. Francisco Ort´ınSoler Department of Computer Science University of Oviedo A thesis submitted for the degree of Doctor of Philosophy Oviedo, Spain June 2020 Acknowledgements This work has been partially funded by the Spanish Department of Science and Technology, under the National Program for Research, Development and Innovation (project RTI2018-099235-B-I00). We have also received funds from the University of Oviedo, through its support to official research groups (GR-2011-0040). I was awarded an FPU grant by the Spanish Department of Science and Technology (grant number FPU15/05261). The objective of these grants is to support graduate students wishing to pursue a PhD de- gree. A PhD dissertation is proposed to be undertaken by the appli- cant, within a research group and supervised by a tenure researcher. Part of the research discussed in this dissertation has also been funded by the European Union, through the European Regional Development Funds (ERDF); and the Principality of Asturias, through its Science, Innovation Plan (grant GRUPIN14-100). The research work in this dissertation was partially done during my research stay at the Computer Laboratory of the University of Cam- bridge (UK), under the supervision of Professor Alan Mycroft. I thank all the people of the Computer Laboratory for their warm welcome and their generous hospitality. Abstract The use of source code repositories such as GitHub, SourceForge and Bitbucket has significantly risen in the last decade. According to GitHub, on November 2018 this code hosting platform reached 100 million repositories; on 2019, 44 million new repositories were created.
    [Show full text]