On the design of security mechanisms for the Internet of Things

With the rapid growth of the Internet of Things (IoT), there is a need for secure and scalable architectures for the IoT. This paper is a step towards this goal. We propose a set of security requirements for IoT systems and describe a novel security mechanism designed to those requirements. We divide the security threats and attacks on the IoT into five distinct categories, i.e. communications, device/services, users, mobility and integration of resources and employ them in developing the proposed requirements and mechanism. We argue that, by adopting such an approach in an IoT system, security can be achieved in a practical and comprehensive manner.

[1]  Adi Shamir,et al.  Extended Functionality Attacks on IoT Devices: The Case of Smart Lights , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[2]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[3]  Gaurav Somani,et al.  Access Control and Authentication in the Internet of Things Environment , 2016 .

[4]  Yunpeng Zhang,et al.  Access Control in Internet of Things: A Survey , 2016, ArXiv.

[5]  H. Hashim,et al.  A lightweight and secure TFTP protocol for smart environment , 2012, 2012 International Symposium on Computer Applications and Industrial Electronics (ISCAIE).

[6]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[7]  Pavan Pongle,et al.  A survey: Attacks on RPL and 6LoWPAN in IoT , 2015, 2015 International Conference on Pervasive Computing (ICPC).

[8]  Kevin Ashton,et al.  That ‘Internet of Things’ Thing , 1999 .

[9]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[10]  Satish Narayana Srirama,et al.  Mobile web and cloud services enabling Internet of Things , 2017, CSI Transactions on ICT.

[11]  Jin-cui Yang,et al.  Security model and key technologies for the Internet of things , 2011 .

[12]  Theodore Tryfonas,et al.  The Internet of Things: a security point of view , 2016, Internet Res..

[13]  Antonio F. Gómez-Skarmeta,et al.  DCapBAC: embedding authorization logic into smart things through ECC optimizations , 2016, Int. J. Comput. Math..

[14]  Attlee M. Gamundani An impact review on internet of things attacks , 2015, 2015 International Conference on Emerging Trends in Networks and Computer Communications (ETNCC).

[15]  Y. Simmhan,et al.  Towards a Practical Architecture for the Next Generation Internet of Things , 2015, ArXiv.

[16]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[17]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[18]  Geir M. Køien,et al.  Security and privacy in the Internet of Things: Current status and open issues , 2014, 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS).

[19]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[20]  Jiri Hosek,et al.  On perspective of security and privacy-preserving solutions in the internet of things , 2016, Comput. Networks.

[21]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..