The Cloud-of-Things (CoT) paradigm is a challenging approach to manage IoT applications exploiting Cloud resources and services. In order to avoid latency in Cloud–IoT communications, the management of time-sensitive services has to be moved to the edge of the CoT. To this aim, a secure Cloud-to-Edge environment for seamless management of IoT applications is necessary. The realization of a performing and secure Cloud-to-Edge middleware solution is a very strategic goal for future business CoT services. Thus, it needs to be deeply investigated, as highlighted by the Cloud Security Alliance (CSA). A valuable approach to develop an efficient Cloud-to-Edge system is based on an instant-message communication solution. In current Cloud environments, a Message Oriented Middleware (MOM) based on an Instant Message Protocol (IMP) provides good performance, but overlook security requirements. In this paper, we aim at overcoming such a gap following the CSA guidelines. In particular, we discuss the involved issues for improving such a kind of Cloud-to-Edge system in order to achieve data confidentiality, integrity, authenticity and non-repudiation. Moreover, we analyze a real case of study considering a MOM architectural model. Experimental results performed on a real testbed show how the introduced secure capabilities do not affect the overall performances of the whole middleware.

Introduction

With the advent of Cloud-of-Things (CoT) paradigm, new challenges arose, such as the real-time communication of many smart devices with a central coordination unit. However, traditional computing systems based on the Cloud paradigm do not support them. In order to avoid latency in Cloud–IoT communications, the management of time-sensitive services has to be moved to the edge of the CoT. To this aim, a secure Cloud-to-Edge environment for seamless management of IoT applications is necessary [1,2]. The communication system of a Cloud-to-Edge middleware is quite complex because it is necessary to balance performance and security management, and this is not trivial at all. In fact, considering a worldwide CoT environment, several issues need to be addressed. On one hand, the Cloud-to-Edge middleware needs to quickly react to changes. For example, according to the popular phrase of Benjamin Franklin ‘‘the time is money’’, a Service Level Agreement (SLA) violation might cause loss of money for a Cloud provider. On the other hand, a security leak can imply the disclosure of private data or cyber attacks. This can have also economic implications for the CoT provider. For this reason the Cloud Security Alliance (CSA) [3] has picked out the critical aspects of Cloud security. According to the CSA guidance, security and privacy have to ensure the availability of services, resource access control, vulnerability mitigation, privacy of the audited user data. As CoT is an emerging paradigm, software architects have to deal with the lack of adhoc security standards and of a consolidated vulnerability model as point of reference. How usually happens in emerging ICT technologies, software architects start to face new technology issues adapting existing systems and solutions to address the new requirements. The same thing is happening with Cloud and Edge computing, but such a strategy is not resulting effective. As a consequence, researchers and software designers are looking at new innovative approach. A promising approach is the adoption of a Message Oriented Middleware (MOM) for Cloud-to-Edge management. In particular, a MOM is based on an Instant Messaging Protocol (IMP) and can considerably simplify the deployment of CoT applications and services also involving devices at the edge, because it allows separating the communication and signaling system from the business logic. At present, to the best of our knowledge, existing IMPs allow achieving a high level of reactiveness and good communication performance, but they do not offer an adequate degree of security.