Hybrid Encryption for Messages’ Confidentiality in SOSE-Based IOT Service Systems

Abstract

Internet of Things (IOT) is an essential paradigm where devices are interconnected into network. The operations of these devices can be through service-oriented software engineering (SOSE) principles for efficient service provision. SOSE is an important software development method for flexible, agile, loose-coupled, heterogeneous and interoperable applications. Despite all these benefits, its adoption for IOT services is slow due to security challenges. The security challenge of integration of IOT with service-oriented architecture (SOA) is man-in-the-middle attack on the messages exchanged. The transport layer security (TLS) creates a secured socket channel between the client and server. This is efficient in securing messages exchanged at the transport layer only. SOSE-based IOT systems needs an end-to-end security to handle its vulnerabilities. This integration enables interoperability of heterogeneous devices, but renders the system vulnerable to passive attacks. The confidentiality problem is hereby addressed by message level hybrid encryption. This is by encrypting the messages by AES for efficiency. However, to enable end-to-end security, the key sharing problem of advanced encryption standard (AES) is handled by RSA public key encryption. The results shows that this solution addressed data contents security and credentials security privacy issues. Furthermore, the solution enables end-to- end security of interaction in SOSE-based IOT systems.