A taxonomy of security and privacy requirements for the Internet of Things (IoT)

Capturing security and privacy requirements in the early stages of system development is essential for creating sufficient public confidence in order to facilitate the adaption of novel systems such as the Internet of Things (IoT). However, security and privacy requirements are often not handled properly due to their wide variety of facets and aspects which make them difficult to formulate. In this study, security-related requirements of IoT heterogeneous systems are decomposed into a taxonomy of quality attributes, and existing security mechanisms and policies are proposed to alleviate the identified forms of security attacks and to reduce the vulnerabilities in the future development of the IoT systems. Finally, the taxonomy is applied on an IoT smart grid scenario.

[1]  H. Nissenbaum Privacy as contextual integrity , 2004 .

[2]  Elisa Bertino,et al.  Trust Negotiation in Identity Management , 2007, IEEE Security & Privacy.

[3]  Xiong Li,et al.  Research on the Architecture of Trusted Security System Based on the Internet of Things , 2011, 2011 Fourth International Conference on Intelligent Computation Technology and Automation.

[4]  Jing Liu,et al.  Authentication and Access Control in the Internet of Things , 2012, 2012 32nd International Conference on Distributed Computing Systems Workshops.

[5]  M. Mrinalni Vaknishadh,et al.  Enabling Public Auditability and Data Dynamics for Storage Security in Cloud Computing , 2012 .

[6]  Javier López,et al.  Multiparty nonrepudiation: A survey , 2009, CSUR.

[7]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[8]  Huifang Chen,et al.  An identity authentication scheme in wireless peer-to-peer network , 2010, 2010 IEEE 12th International Conference on Communication Technology.

[9]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[10]  Herman T. Tavani,et al.  Privacy in "the cloud": applying Nissenbaum's theory of contextual integrity , 2011, CSOC.

[11]  S. Sabitha,et al.  Data anonymization and integrity checking in cloud computing , 2013, 2013 Fourth International Conference on Computing, Communications and Networking Technologies (ICCCNT).

[12]  Davor Svetinovic,et al.  Inter-Domain Analysis of Smart Grid Domain Dependencies Using Domain-Link Matrices , 2012, IEEE Transactions on Smart Grid.

[13]  O. Gemikonakli,et al.  Improving kerberos security through the combined use of the timed authentication protocol and frequent key renewal , 2008, 2008 7th IEEE International Conference on Cybernetic Intelligent Systems.

[14]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[15]  Nahid Shahmehri,et al.  2-clickAuth Optical Challenge-Response Authentication , 2010, 2010 International Conference on Availability, Reliability and Security.

[16]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[17]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[18]  Alistair Sutcliffe,et al.  Requirements elicitation: Towards the unknown unknowns , 2013, 2013 21st IEEE International Requirements Engineering Conference (RE).

[19]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[20]  Friedemann Mattern,et al.  From the Internet of Computers to the Internet of Things , 2010, From Active Data Management to Event-Based Systems and More.

[21]  E Xample A Pplications Revisiting Smart Dust with RFID Sensor Networks , 2008 .

[22]  Thiemo Voigt,et al.  SVELTE: Real-time intrusion detection in the Internet of Things , 2013, Ad Hoc Networks.

[23]  Hossam Afifi,et al.  Dynamic Aggregation Protocol for Wireless Sensor Networks , 2013, 2013 IEEE 27th International Conference on Advanced Information Networking and Applications (AINA).

[24]  Florian Michahelles,et al.  Technology, Standards, and Real-World Deployments of the EPC Network , 2009, IEEE Internet Computing.

[25]  Donald Firesmith Analyzing and Specifying Reusable Security Requirements , 2003 .