A Framework for Orchestrating Secure and Dynamic Access of IoT Services in Multi-Cloud Environments

Abstract

IoT devices have complex requirements but their limitations in terms of storage, network, computing, data analytics, scalability, and big data management require it to be used it with a technology like cloud computing. IoT backend with cloud computing can present new ways to offer services that are massively scalable, can be dynamically configured, and delivered on demand with large scale infrastructure resources. However, a single cloud infrastructure might be unable to deal with the increasing demand of cloud services in which hundreds of users might be accessing cloud resources, leading to a big data problem and the need for efficient frameworks to handle a large number of user requests for IoT services. These challenges require new functional elements and provisioning schemes. To this end, we propose the usage of multi-clouds with IoT which can optimize the user requirements by allowing them to choose best IoT services from many services hosted in various cloud platforms and provide them with more infrastructure and platform resources to meet their requirements. This paper presents a novel framework for dynamic and secure IoT services access across multi-clouds using the cloud on-demand model. To facilitate multi-cloud collaboration, novel protocols are designed and implemented on cloud platforms. The various stages involved in the framework for allowing users access to IoT services in multi-clouds are service matchmaking (i.e., to choose the best service matching user requirements), authentication (i.e., a lightweight mechanism to authenticate users at runtime before granting them service access), and SLA management (including, SLA negotiation, enforcement, and monitoring). SLA management offers benefits like negotiating required service parameters, enforcing mechanisms to ensure that service execution in the external cloud is according to the agreed SLAs and monitoring to verify that the cloud provider complies with those SLAs. The detailed system design to establish secure multi-cloud collaboration has been presented. Moreover, the designed protocols are empirically implemented on two different clouds, including OpenStack and Amazon AWS. Experiments indicate that the proposed system is scalable, authentication protocols result only in a limited overhead compared to standard authentication protocols, and any SLA violation by a cloud provider could be recorded and reported back to the user.