Hugo BOURREAU (PhD Student)
Contact
You can reach me at hugo.bourreau@imt-atlantique.fr.
My research
PhD Student at IMT Atlantique
I'm a PhD Student working on digital twins and AI for cybersecurity.
Latest posts by Hugo Bourreau (see all)
My publications
2019
Pahl, Marc Oliver; Donini, Lorenzo
Giving IoT services an identity and changeable attributes Journal Article
In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019, no. section II, pp. 455–461, 2019, ISBN: 9783903176157.
Abstract | BibTeX | Tags: Autonomous service management, Certificates, IoT, Metadata, Microservices, Security, Unattended nodes, X.509
@article{Pahl2019,
title = {Giving IoT services an identity and changeable attributes},
author = {Marc Oliver Pahl and Lorenzo Donini},
isbn = {9783903176157},
year = {2019},
date = {2019-01-01},
journal = {2019 IFIP/IEEE Symposium on Integrated Network and Service Management, IM 2019},
number = {section II},
pages = {455--461},
abstract = {The Internet of Things (IoT) pervades our surroundings. It softwarizes our physical environments. Software controls devices that interface their physical environments. The IoT is often privacy, safety, and security critical. Consequently, it requires adequate mechanisms for securing its services. For reasons such as heterogeneity, complexity, and lack of deployment there is little research on IoT service security.Our work creates a base for IoT service security. We give IoT services secure identities and attributes. Using site-local X.509v3 certificates with short lifetimes, we show how service attributes can securely be changed at runtime. This enables enforcing security policies even on distributed, loosely coupled IoT nodes. Our central mechanisms are pinning certificates to service executables, and autonomously managing the short certificate lifetimes. We assess the resulting renewal traffic and power consumption. textcopyright 2019 IFIP.},
keywords = {Autonomous service management, Certificates, IoT, Metadata, Microservices, Security, Unattended nodes, X.509},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) pervades our surroundings. It softwarizes our physical environments. Software controls devices that interface their physical environments. The IoT is often privacy, safety, and security critical. Consequently, it requires adequate mechanisms for securing its services. For reasons such as heterogeneity, complexity, and lack of deployment there is little research on IoT service security.Our work creates a base for IoT service security. We give IoT services secure identities and attributes. Using site-local X.509v3 certificates with short lifetimes, we show how service attributes can securely be changed at runtime. This enables enforcing security policies even on distributed, loosely coupled IoT nodes. Our central mechanisms are pinning certificates to service executables, and autonomously managing the short certificate lifetimes. We assess the resulting renewal traffic and power consumption. textcopyright 2019 IFIP.
2018
Pahl, Marc Oliver; Donini, Lorenzo
Securing IoT microservices with certificates Journal Article
In: IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018, pp. 1–5, 2018, ISBN: 9781538634165.
Abstract | Links | BibTeX | Tags: Autonomous certificate management, Certificates, IoT, Microservices, Security, Unattended nodes, X.509
@article{Pahl2018c,
title = {Securing IoT microservices with certificates},
author = {Marc Oliver Pahl and Lorenzo Donini},
doi = {10.1109/NOMS.2018.8406189},
isbn = {9781538634165},
year = {2018},
date = {2018-01-01},
journal = {IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018},
pages = {1--5},
abstract = {The Internet of Things (IoT) consists of distributed computing nodes. With increasing processor power such nodes can be used as hosts for microservices. IoT services routinely processes security critical data that affects the privacy, safety, and security of users. However, suitable security mechanisms remain missing. Fundamental open challenges are the authentication of services, securing the metadata of services, and validating the correct functioning of security mechanisms on distributed entities under different authorities. In this paper we present a certificate- based methodology for authenticating services, securely adding information to their executables, and validating the correct functioning of distributed entities of our design. We add X.509 certificates with extended attributes to the service executables. By introducing different trust anchors, services and their metadata are protected through their entire life cycle from developers to the computing nodes running them. Our solution enables distributed nodes to verify the security properties locally. It enables reliably changing certificate properties across the distributed IoT nodes. It features autonomous certificate management. We evaluate the traffic caused by our autonomous certificate management process quantitatively. The presented solution is churn tolerant and applicable to diverse distributed systems.},
keywords = {Autonomous certificate management, Certificates, IoT, Microservices, Security, Unattended nodes, X.509},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) consists of distributed computing nodes. With increasing processor power such nodes can be used as hosts for microservices. IoT services routinely processes security critical data that affects the privacy, safety, and security of users. However, suitable security mechanisms remain missing. Fundamental open challenges are the authentication of services, securing the metadata of services, and validating the correct functioning of security mechanisms on distributed entities under different authorities. In this paper we present a certificate- based methodology for authenticating services, securely adding information to their executables, and validating the correct functioning of distributed entities of our design. We add X.509 certificates with extended attributes to the service executables. By introducing different trust anchors, services and their metadata are protected through their entire life cycle from developers to the computing nodes running them. Our solution enables distributed nodes to verify the security properties locally. It enables reliably changing certificate properties across the distributed IoT nodes. It features autonomous certificate management. We evaluate the traffic caused by our autonomous certificate management process quantitatively. The presented solution is churn tolerant and applicable to diverse distributed systems.
Pahl, Marc Oliver; Aubet, François Xavier; Liebald, Stefan
Graph-based IoT microservice security Journal Article
In: IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018, pp. 1–3, 2018, ISBN: 9781538634165.
Abstract | Links | BibTeX | Tags: Autonomous service management, firewall, IoT, Mi-croservices, Passive monitoring, Security, Unattended nodes
@article{Pahl2018b,
title = {Graph-based IoT microservice security},
author = {Marc Oliver Pahl and Fran\c{c}ois Xavier Aubet and Stefan Liebald},
doi = {10.1109/NOMS.2018.8406118},
isbn = {9781538634165},
year = {2018},
date = {2018-01-01},
journal = {IEEE/IFIP Network Operations and Management Symposium: Cognitive Management in a Cyber World, NOMS 2018},
pages = {1--3},
abstract = {The Internet of Things (IoT) can be considered as Service Oriented Architecture (SOA) of Microservices ($mu$S). The $mu$Ss inherently process data that affects the privacy, safety, and security of its users. IoT service security is a key challenge. Most state of the art providing IoT system security is policy based. We showcase a graph-based access control that runs as module on IoT nodes, or in the network. Our solution intercepts and firewalls inter-service communication. It automatically creates a model of legitimate communication relationships. The model is interactively updated via a simple-to-understand interface. Our solution adds inevitable IoT security to existing IoT systems .},
keywords = {Autonomous service management, firewall, IoT, Mi-croservices, Passive monitoring, Security, Unattended nodes},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) can be considered as Service Oriented Architecture (SOA) of Microservices ($mu$S). The $mu$Ss inherently process data that affects the privacy, safety, and security of its users. IoT service security is a key challenge. Most state of the art providing IoT system security is policy based. We showcase a graph-based access control that runs as module on IoT nodes, or in the network. Our solution intercepts and firewalls inter-service communication. It automatically creates a model of legitimate communication relationships. The model is interactively updated via a simple-to-understand interface. Our solution adds inevitable IoT security to existing IoT systems .
