SecIoT: a security framework for the Internet of Things

The 5th generation wireless system 5G will support Internet of Things IoT by increasing the interconnectivity of electronic devices to support a variety of new and promising networked applications such as the home of the future, environmental monitoring networks, and infrastructure management systems. The potential benefits of the IoT are as profound as they are diverse. However, the benefits of the IoT come with some significant challenges. Not the least of these is that the increased interconnectivity integral to an IoT network increases its vulnerability to malevolent attacks. There is still no proven methodology for the design of security frameworks with device authentication and access control. This paper attempts to address this problem through the development of a prototype security framework with robust and transparent security protection. This includes an investigation into the security requirements of three different characteristic IoT scenarios concretely, body IoT, home IoT, and hotel IoT, a design of new authentication mechanisms, and an access control subsystem with fine-grained roles and risk indicators. Our prototype security framework gives us an insight into some of the major difficulties of IoT security as well as providing some feasible solutions. Copyright © 2015 John Wiley & Sons, Ltd.

[1]  Claude Castelluccia,et al.  Shake them up!: a movement-based pairing protocol for CPU-constrained devices , 2005, MobiSys '05.

[2]  Geng Wu,et al.  5G Network Capacity: Key Elements and Technologies , 2014, IEEE Vehicular Technology Magazine.

[3]  Sandra Dominikus,et al.  Secure Communication with RFID tags in the Internet of Things , 2014, Secur. Commun. Networks.

[4]  Carsten Bormann,et al.  The Constrained Application Protocol (CoAP) , 2014, RFC.

[5]  Klaus Wehrle,et al.  Sensor network security for pervasive e-health , 2011, Secur. Commun. Networks.

[6]  Geir M. Køien A privacy enhanced device access protocol for an IoT context , 2016, Secur. Commun. Networks.

[7]  A. W. Roscoe,et al.  Bootstrapping body sensor networks using human controlled LED-camera channels , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[8]  Stefan Parkvall,et al.  5G radio access , 2014 .

[9]  Rodrigo Roman,et al.  User-centric secure integration of personal RFID tags and sensor networks , 2013, Secur. Commun. Networks.

[10]  John A. Stankovic,et al.  Context-aware wireless sensor networks for assisted living and residential monitoring , 2008, IEEE Network.

[11]  Ken Cai,et al.  Design of Field Information Monitoring Platform Based on the Internet of Things , 2012 .

[12]  Lin Yan,et al.  Context-aware usage control for web of things , 2014, Secur. Commun. Networks.

[13]  A. W. Roscoe,et al.  Body sensor network key distribution using human interactive channels , 2011, ISABEL '11.

[14]  Vladimir A. Oleshchuk,et al.  Remote Patient Monitoring Within a Future 5G Infrastructure , 2011, Wirel. Pers. Commun..

[15]  Ming Yang,et al.  Research and implementation of M2M smart home and security system , 2015, Secur. Commun. Networks.

[16]  Thomas Peltier,et al.  Information Security Risk Analysis: A Pedagogic Model Based on a Teaching Hospital , 2006 .

[17]  Markus Fiedler,et al.  Security and privacy issues for the network of the future , 2012, Secur. Commun. Networks.

[18]  Michael Sirivianos,et al.  Loud and Clear: Human-Verifiable Authentication Based on Audio , 2006, 26th IEEE International Conference on Distributed Computing Systems (ICDCS'06).

[19]  WehrleKlaus,et al.  Sensor network security for pervasive e-health , 2011 .

[20]  Zheng Zhou,et al.  A security authentication scheme in machine-to-machine home network service , 2015, Secur. Commun. Networks.

[21]  Stefanos Gritzalis,et al.  How to protect security and privacy in the IoT: a policy-based RFID tag management protocol , 2014, Secur. Commun. Networks.

[22]  Elisa Bertino,et al.  A Trust-Based Context-Aware Access Control Model for Web-Services , 2004, Proceedings. IEEE International Conference on Web Services, 2004..

[23]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[24]  Sadie Creese,et al.  Exploiting Empirical Engagement in Authentication Protocol Design , 2005, SPC.

[25]  Marco Gruteser,et al.  USENIX Association , 1992 .

[26]  A. W. Roscoe,et al.  Human interactive secure key and identity exchange protocols in body sensor networks , 2013, IET Inf. Secur..

[27]  Taoka Hidekazu,et al.  Scenarios for 5G mobile and wireless communications: the vision of the METIS project , 2014, IEEE Communications Magazine.

[28]  Vera Stavroulaki,et al.  5G on the Horizon: Key Challenges for the Radio-Access Network , 2013, IEEE Vehicular Technology Magazine.

[29]  A. W. Roscoe,et al.  User interactive Internet of things privacy preserved access control , 2012, 2012 International Conference for Internet Technology and Secured Transactions.

[30]  Maik Moeller Managing Information Security Risks The Octave Approach , 2016 .

[31]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[32]  A. W. Roscoe,et al.  Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey , 2011, J. Comput. Secur..

[33]  Utz Roedig,et al.  Secure communication for the Internet of Things - a comparison of link-layer security and IPsec for 6LoWPAN , 2014, Secur. Commun. Networks.

[34]  Janine. Brooks International conference for the whole team , 2009, BDJ.

[35]  Toni Janevski,et al.  Design for 5G Mobile Network Architecture , 2011, Int. J. Commun. Networks Inf. Secur..