论文信息 - Distributed Security Risks and Opportunities in the W3C Web of Things

Distributed Security Risks and Opportunities in the W3C Web of Things

The W3C Web of Things (WoT) WG has been developing an interoperability standard for IoT devices that includes as its main deliverable a “Thing Description”: a standardized representation for the metadata of an IoT device, including in particular a description of its network interface, but also allowing for multiple levels of semantic annotation. The WoT Thing Description supports a descriptive (as opposed to prescriptive) approach to interoperability. The provision of rich descriptive metadata has at least five major implications for security. First, the need for local links and, more generally, the intermittently connected and segmented networks often used in IoT raises several practical considerations regarding what metadata should be provided. Second, metadata allows for system-wide vulnerability analysis, which can be both a risk and an opportunity. Third, metadata can enable end-to-end security in multistandards networks, avoiding exposing unencrypted data within bridges otherwise needed for adapting standards pairwise. Fourth, metadata supports service and device discovery, which raises the question of how to limit discovery to authorized agents. Fifth, metadata can enable distributed security mechanisms for access control and micropayments. To the extent that metadata access can be decentralized, decentralized mechanisms for security can be supported.

Elena Reshetova | Michael McCool

[1] Matthias Kovatsch,et al. Leveraging the web of things for rapid prototyping of UbiComp applications , 2010, UbiComp '10 Adjunct.

[2] Atul Prakash,et al. Internet of Things Security Research: A Rehash of Old Ideas or New Intellectual Challenges? , 2017, IEEE Security & Privacy.

[3] Miodrag Potkonjak,et al. Security of IoT systems: Design challenges and opportunities , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[4] Bhavani M. Thuraisingham,et al. Security standards for the semantic web , 2005, Comput. Stand. Interfaces.

[5] Luis Lino Ferreira,et al. The Industrial Internet of Things , 2017 .

[6] Jacques Bughin,et al. The internet of things: mapping the value beyond the hype , 2015 .

[7] Zhihua Xia,et al. Secure semantic expansion based search over encrypted cloud data supporting similarity ranking , 2014, Journal of Cloud Computing.

[8] Tom Heath,et al. Linked Data: Evolving the Web into a Global Data Space , 2011, Linked Data.

[9] Oscar Garcia-Morchon,et al. State-of-the-Art and Challenges for the Internet of Things Security , 2018 .