Protecting the Internet of Things with Security-by-Contract and Fog Computing

Nowadays, the Internet of Things (IoT) is a consolidated reality. Smart homes are equipped with a growing number of IoT devices that capture more and more information about human beings lives. However, manufacturers paid little or no attention to security, so that various challenges are still in place. In this paper, we propose a novel approach to secure IoT systems that combines the concept of Security-by-Contract (S×C) with the Fog computing distributed paradigm. We define the pillars of our approach, namely the notions of IoT device contract, Fog node policy and contract-policy matching, the respective life-cycles, and the resulting S×C workflow. To better understand all the concepts of the S×C framework, and highlight its practical feasibility, we use a running case study based on a context-aware system deployed in a real smart home.

[1]  Fabio Massacci,et al.  Security-by-Contract: Toward a Semantics for Digital Signatures on Mobile Code , 2007, EuroPKI.

[2]  Angelo Spognardi,et al.  Analysis of DDoS-capable IoT malwares , 2017, 2017 Federated Conference on Computer Science and Information Systems (FedCSIS).

[3]  Fabio Massacci,et al.  Security-by-contract for web services , 2007, SWS '07.

[4]  Eva Blomqvist,et al.  An Ontology-based Context-aware System for Smart Homes: E-care@home , 2017, Sensors.

[5]  Brian Weis,et al.  Slinging MUD: Manufacturer usage descriptions: How the network can protect things , 2016, 2016 International Conference on Selected Topics in Mobile & Wireless Networking (MoWNeT).

[6]  Vijay Sivaraman,et al.  Combining MUD Policies with SDN for IoT Intrusion Detection , 2018, IoT S&P@SIGCOMM.

[7]  Angelo Spognardi,et al.  DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation , 2018, Secur. Commun. Networks.

[8]  Antonio F. Gómez-Skarmeta,et al.  Risk-based automated assessment and testing for the cybersecurity certification and labelling of IoT devices , 2019, Comput. Stand. Interfaces.

[9]  Christian Schaefer,et al.  What the heck is this application doing? - A security-by-contract architecture for pervasive services , 2009, Comput. Secur..

[10]  Fabio Massacci,et al.  Can We Support Applications' Evolution in Multi-application Smart Cards by Security-by-Contract? , 2010, WISTP.

[11]  Manuel Mazzara,et al.  AntibIoTic: Protecting IoT Devices Against DDoS Attacks , 2016, SEDA.

[12]  Fabio Massacci,et al.  Matching in security-by-contract for mobile code , 2009, J. Log. Algebraic Methods Program..

[13]  Ihab Mohammed,et al.  Performance Evaluation of the Policy Enforcement Fog Module for Protecting Privacy of IoT Data , 2018, 2018 IEEE International Conference on Electro/Information Technology (EIT).

[14]  Matthew Roughan,et al.  Clear as MUD: Generating, Validating and Applying IoT Behavioral Profiles , 2018, IoT S&P@SIGCOMM.

[15]  Marthony Taguinod,et al.  Policy-driven security management for fog computing: Preliminary framework and a case study , 2014, Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014).

[16]  Jiang Zhu,et al.  Fog Computing: A Platform for Internet of Things and Analytics , 2014, Big Data and Internet of Things.

[17]  Manuel Mazzara,et al.  The Internet of Hackable Things , 2016, SEDA.

[18]  Katsiaryna Naliuka,et al.  ConSpec - A formal language for policy specification , 2008, Sci. Comput. Program..

[19]  Raja Lavanya,et al.  Fog Computing and Its Role in the Internet of Things , 2019, Advances in Computer and Electrical Engineering.