Implementing secure applications in smart city clouds using microservices

Smart Cit­ies make use of ICT tech­no­logy to ad­dress the chal­lenges of mod­ern urban man­age­ment. The cloud provides an ef­fi­cient and cost-ef­fect­ive plat­form on which they can man­age, store and pro­cess data, as well as build ap­plic­a­tions per­form­ing com­plex com­pu­ta­tions and ana­lyses. The quickly chan­ging re­quire­ments in a Smart City re­quire flex­ible soft­ware ar­chi­tec­tures that let these ap­plic­a­tions scale in a dis­trib­uted en­vir­on­ment. Smart Cit­ies have to deal with huge amounts of data in­clud­ing sens­it­ive in­form­a­tion about in­fra­struc­ture and cit­izens. In or­der to lever­age the be­ne­fits of the cloud, in par­tic­u­lar in terms of scalab­il­ity and cost-ef­fect­ive­ness, this data should be stored in a pub­lic cloud. However, in such an en­vir­on­ment, sens­it­ive data needs to be en­cryp­ted to pre­vent un­au­thor­ized ac­cess.

In our pa­per en­titled Im­ple­ment­ing se­cure ap­plic­a­tions in smart city clouds us­ing mi­croservices, we present a soft­ware ar­chi­tec­ture design that can be used as a tem­plate for the im­ple­ment­a­tion of Smart City ap­plic­a­tions. The pa­per has just been pub­lished to the Fu­ture Gen­er­a­tion Com­puter Sys­tems journal.

The design de­scribed in our pa­per is based on the mi­croservice ar­chi­tec­tural style, which provides prop­er­ties that help make Smart City ap­plic­a­tions scal­able and flex­ible. In ad­di­tion, we present a hy­brid ap­proach to se­cur­ing sens­it­ive data in the cloud. Our ar­chi­tec­ture design com­bines a pub­lic cloud with a trus­ted private en­vir­on­ment. To store data in a cost-ef­fect­ive man­ner in the pub­lic cloud, we en­crypt metadata items with CP-ABE (Cipher­text-Policy At­trib­ute-Based En­cryp­tion) and ac­tual Smart City data with sym­met­ric en­cryp­tion. This ap­proach al­lows data to be shared across mul­tiple ad­min­is­tra­tions and makes ef­fi­cient use of cloud re­sources.

We show the ap­plic­ab­il­ity of our design by im­ple­ment­ing a web-based ap­plic­a­tion for urban risk man­age­ment. We eval­u­ate our ar­chi­tec­ture based on qual­it­at­ive cri­teria, bench­mark the per­form­ance of our se­cur­ity ap­proach, and dis­cuss it re­gard­ing hon­est-but-curi­ous cloud pro­viders as well as at­tack­ers try­ing to ac­cess user data through eaves­drop­ping. Our find­ings in­dic­ate that the mi­croservice ar­chi­tec­tural style fits the re­quire­ments of scal­able Smart City ap­plic­a­tions while the pro­posed se­cur­ity ap­proach helps pre­vent un­au­thor­ized ac­cess.

Reference

Krämer, M., Frese, S., & Kuijper, A. (2019). Im­ple­ment­ing se­cure ap­plic­a­tions in smart city clouds us­ing mi­croservices. Fu­ture Gen­er­a­tion Com­puter Sys­tems, 99, 308–320. ht­tps://​doi.org/​10.1016/​j.fu­ture.2019.04.042

Download

Ac­cord­ing to El­sevi­er’s art­icle shar­ing policy, you may down­load the ac­cep­ted manuscript here. This doc­u­ment is avail­able un­der the CC-BY-NC-ND li­cense. The fi­nal pub­lished journal art­icle can be found on the pub­lish­er’s web­site.


Posted by Michel Krämer
on May, 14th 2019.