Implementing secure applications in smart city clouds using microservices

Smart Cit­ies make use of ICT tech­no­logy to ad­dress the chal­lenges of mod­ern urban man­age­ment. The cloud provides an ef­fi­cient and cost-ef­fect­ive plat­form on which they can man­age, store and pro­cess data, as well as build ap­plic­a­tions per­form­ing com­plex com­pu­ta­tions and ana­lyses. The quickly chan­ging re­quire­ments in a Smart City re­quire flex­ible soft­ware ar­chi­tec­tures that let these ap­plic­a­tions scale in a dis­trib­uted en­vir­on­ment. Smart Cit­ies have to deal with huge amounts of data in­clud­ing sens­it­ive in­form­a­tion about in­fra­struc­ture and cit­izens. In or­der to lever­age the be­ne­fits of the cloud, in par­tic­u­lar in terms of scalab­il­ity and cost-ef­fect­ive­ness, this data should be stored in a pub­lic cloud. However, in such an en­vir­on­ment, sens­it­ive data needs to be en­cryp­ted to pre­vent un­au­thor­ized ac­cess.

In our pa­per en­titled Im­ple­ment­ing se­cure ap­plic­a­tions in smart city clouds us­ing mi­croservices, we present a soft­ware ar­chi­tec­ture design that can be used as a tem­plate for the im­ple­ment­a­tion of Smart City ap­plic­a­tions. The pa­per has just been pub­lished to the Fu­ture Gen­er­a­tion Com­puter Sys­tems journal.

The design de­scribed in our pa­per is based on the mi­croservice ar­chi­tec­tural style, which provides prop­er­ties that help make Smart City ap­plic­a­tions scal­able and flex­ible. In ad­di­tion, we present a hy­brid ap­proach to se­cur­ing sens­it­ive data in the cloud. Our ar­chi­tec­ture design com­bines a pub­lic cloud with a trus­ted private en­vir­on­ment. To store data in a cost-ef­fect­ive man­ner in the pub­lic cloud, we en­crypt metadata items with CP-ABE (Cipher­text-Policy At­trib­ute-Based En­cryp­tion) and ac­tual Smart City data with sym­met­ric en­cryp­tion. This ap­proach al­lows data to be shared across mul­tiple ad­min­is­tra­tions and makes ef­fi­cient use of cloud re­sources.

We show the ap­plic­ab­il­ity of our design by im­ple­ment­ing a web-based ap­plic­a­tion for urban risk man­age­ment. We eval­u­ate our ar­chi­tec­ture based on qual­it­at­ive cri­teria, bench­mark the per­form­ance of our se­cur­ity ap­proach, and dis­cuss it re­gard­ing hon­est-but-curi­ous cloud pro­viders as well as at­tack­ers try­ing to ac­cess user data through eaves­drop­ping. Our find­ings in­dic­ate that the mi­croservice ar­chi­tec­tural style fits the re­quire­ments of scal­able Smart City ap­plic­a­tions while the pro­posed se­cur­ity ap­proach helps pre­vent un­au­thor­ized ac­cess.

Reference

Krämer, M., Frese, S., & Kuijper, A. (2019). Im­ple­ment­ing se­cure ap­plic­a­tions in smart city clouds us­ing mi­croservices. Fu­ture Gen­er­a­tion Com­puter Sys­tems, 99, 308–320. ht­tps://​doi.org/​10.1016/​j.fu­ture.2019.04.042

Download

Ac­cord­ing to El­sevi­er’s art­icle shar­ing policy, you may down­load the ac­cep­ted manuscript here. This doc­u­ment is avail­able un­der the CC-BY-NC-ND li­cense. The fi­nal pub­lished journal art­icle can be found on the pub­lish­er’s web­site.

Posted by Michel Krämer
on May, 14th 2019.

Next post

Dynamic SSE for storing geospatial data in the cloud

Geo­spa­tial data sets of­ten con­tain sens­it­ive in­form­a­tion, for ex­ample, about urban in­fra­struc­tures. Since clouds are usu­ally provided by third parties, this data needs to be pro­tec­ted. In our pa­per en­titled Dy­namic search­able sym­met­ric en­cryp­tion for stor­ing geo­spa­tial data in the cloud, we present an en­cryp­tion scheme al­low­ing users to en­crypt their data in the cloud and make it search­able at the same time. The pa­per has just been pub­lished to the In­ter­na­tional Journal of In­form­a­tion Se­cur­ity by Springer.

Previous post

Acoustic Cover of Damien Rice's The Greatest Bastard

I just up­loaded a new acous­tic cover to You­Tube. Damien Rice is one of my fa­vour­ite artists of all time. It’s a won­der I haven’t up­loaded more cov­ers of his songs yet but I will def­in­itely do that in the fu­ture 😊

Related posts

Two new cloud-based data processing papers published

Two of my latest re­search pa­pers about cloud-based data pro­cessing have just been pub­lished. The first pa­per is en­titled “Cap­ab­il­ity-based Schedul­ing of Sci­entific Work­flows in the Cloud” and deals with the schedul­ing al­gorithm I im­ple­men­ted in Steep. I presen­ted this pa­per at the 9th In­ter­na­tional Con­fer­ence on Data Sci­ence, Tech­no­logy and Ap­plic­a­tions (DATA), which was held as a vir­tual con­fer­ence due to COVID-19.

Steep - Run Scientific Workflows in the Cloud

For the last couple of years, I’ve been work­ing on a sci­entific work­flow man­age­ment sys­tem called Steep. I’m more than happy to an­nounce that, here at Fraunhofer IGD, we de­cided to make Steep Open-Source! You can down­load the bin­ar­ies and the source code of Steep from its Git­Hub re­pos­it­ory.

Dynamic SSE for storing geospatial data in the cloud

Geo­spa­tial data sets of­ten con­tain sens­it­ive in­form­a­tion, for ex­ample, about urban in­fra­struc­tures. Since clouds are usu­ally provided by third parties, this data needs to be pro­tec­ted. In our pa­per en­titled Dy­namic search­able sym­met­ric en­cryp­tion for stor­ing geo­spa­tial data in the cloud, we present an en­cryp­tion scheme al­low­ing users to en­crypt their data in the cloud and make it search­able at the same time. The pa­per has just been pub­lished to the In­ter­na­tional Journal of In­form­a­tion Se­cur­ity by Springer.