International Workshop on AdaptiveSecurity & Privacy management forthe Internet of Things (ASPI 2013)

Stefan PosladQueen Mary University ofLondonstefan@eecs.qmul.ac.uk

Mohamed HamdiSchool of CommunicationEngineering, Tunisiammh@supcom.rnu.tn

Habtamu AbieNorwegian Computing CenterHabtamu.Abie@nr.no

Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copies are notmade or distributed for profit or commercial advantage and that copies bearthis notice and the full citation on the first page. Copyrights for componentsof this work owned by others than the author(s) must be honored. Abstractingwith credit is permitted. To copy otherwise, or republish, to post on servers orto redistribute to lists, requires prior specific permission and/or a fee. Requestpermissions from permissions@acm.org.UbiComp’13 Adjunct, September 8–12, 2013, Zurich, Switzerland.Copyright is held by the owner/author(s). Publication rights licensed to ACM.ACM 978-1-4503-2215-7/13/09...$15.00.

AbstractThe Internet of Things (IoT) was initially proposed toconnect specific things via the Internet using devices, suchas RFID readers, to realise intelligent identification andmanagement. This vision has since expanded to include amore diverse range of devices, services and networks tobecome an Internet of anything, anywhere, connected,anyhow. Security and privacy management for the IoTremains a core challenge.

Many IoT devices maybe may have zero or minimalsecurity by design because they are low resource, lowpower devices, designed to work as closed vertical services.Security threats and risks may be higher because devicesare unattended, use local wireless communication thathave no or weak encryption making them more susceptibleto eavesdropping and because users find security toounusable to setup and operate and hence leave devicesrelatively unsecure. It may also be less problematic toreproduce and fake data sources, access nodes and datasinks that interact with IoT devices in order to attackdevices or the services they access. Devices can be movedbetween or removed from private, communal, public andhostile physical spaces. There is a higher risk of a loss ofprivacy for human users and organisations because of anincreased ability to eavesdrop, because of wirelessnetworks with soft boundaries, and because embedded

Session: Adaptive Security and Privacy Management for the Internet of Things

UbiComp’13, September 8–12, 2013, Zurich, Switzerland

373

environment devices can sense smaller amounts of physicaltrails with a greater degree of sensitivity and accuracy. Aspecific focus is on the need for IoT security to adapt.The adaptation has multiple dimensions. We can adaptexisting conventional security models to more effectivelysecure an IoT. We can adapt security pre-planned andunplanned context changes such as different movingaround in different physical spaces. IoT systems can bedesigned to self-adapt. IoT systems need to adapt to theactive (re) configuration and maintenance of IoT devicesand systems of devices by users and by artificial agents.

The proposed workshop intends to bring togetherresearchers and practitioners from relevant fields topresent and disseminate the latest on-going researchfocussing on adapting security, privacy & management forthe Internet of Things. It aims to facilitate knowledgetransfer and synergy, bridge gaps between differentresearch communities and groups, to lay down foundationfor common purposes, and to help identify opportunitiesand challenges for interested researchers and technologyand system developers.

Author KeywordsInternet of Things

ACM Classification KeywordsH.m [Information systems]: Miscellaneous.

Motivation and ChallengesMany security researchers focus more on the review ofcurrent information security threats landscape with far lessfocus on emerging and future threats for the IoT. Thesethreats are discussed below.

Unattended devices: devices may be left unsecured eitherbecause their owners expect that they will remain under

their physical control. However, if dont, they are open touse by anyone. Embedded micro devices and macrodevices may need to be left unattended for long periods,in relatively inaccessible environments, e.g., pace-makersthat are implanted in the human body and remote sensorsleft in uninhabited physical environments. Unattendedembedded devices that are used for control, e.g.,pace-maker implants, require stable timing to delivercontrol signals at set times, over time. The securitydesign of devices to be tamper-resistant or at leasttamper-evident is a key concern. Protecting specific partsof a device may be insufficient. Some threats canmanipulate the local environment to cause the device tomalfunction such as heating or freezing the environment.Hence a multi-lateral approach is needed to protectunattended devices, e.g., use of materials resistant tophysical attacks, use of counter-measures and othercorrective measures it tampering attacks are detected, andthe use of a priori preventive measures such as encryptionto lessen threats.

Low resource and low power devices: low resource devicesmay lack the CPU and memory to perform thecomputation to encrypt and decrypt data that isexchanged. Devices that run out of power essentiallycannot operate normally and this essentially constitutes adenial of service. A general type of attack on devices withlimited energy reserves is to cause their energy reserves tobe unnecessarily expended. For example, a commonstrategy to conserve power is for devices to enter variouspower-saving modes, e.g., various sleep and hibernationmodes. A sleep deprivation attack or threat makes justenough legitimate requests to prevent a device fromentering its energy-saving mode. A barrage attackbombards victim nodes with legitimate requests.

Session: Adaptive Security and Privacy Management for the Internet of Things

UbiComp’13, September 8–12, 2013, Zurich, Switzerland

374

User managed devices: security is often in practiceconfigured to be low: In complex cyber-physical systems,such as hospitals or control rooms, there is continuousinteraction between devices and operators. In thesesystems, security and privacy need therefore to be studiedin relation to users’ needs and actual practice; otherwise,they would be systematically overridden by users becausethey constitute impediments to normal work. Forinstance, authentication methods based on logins may beintroduced in a system to identify authorised users.However, users may still use weak passwords (e.g., dates,names), store passwords in unsafe places (e.g., on amobile phone), or even share passwords (e.g., with anauthorised “guest” user that is not recognised by thesystem). These and other workarounds not only void theintroduced design solutions, but potentially create newthreats to the system.

Increasing wireless PAN/BAN/LANs of devices: multipletypes of the same type of physical and network layer mayexist because multiple independent users and providersmay offer overlapping wireless networks within the samevicinity. This can make it easier for a device on onenetwork to inadvertently or maliciously breach the securityand mismanage another device on another overlappingnetwork. Targets for attack can be more readily identifiedby the mere fact that devices are communicating in thevicinity and because environments are more instrumentedwith active devices. As devices networks increasinglyinteroperate in the Internet, it leads devices to be moreopen to remote access and to an increasing risk of aremote attack.

Changing / unknown ICT infrastructure, physical space,human-social environment: the boundary between what isassumed to be a closed, more secure, private space and

more open social and public spaces becomes softerenabling private data in personal spaces to seep out intoless personal spaces. For mobile users, they may notrealise as they roam that they are accessing services overpublic or even hostile spaces and fail to enact strongersecurity measures or even counter measures.

Loss of Privacy: In addition, to an increasing ability toeavesdrop on wireless PAN/BAN/LANs that can overlap,that have soft boundaries, the profusion of smartenvironment devices means that humans can be identified,tracked and profiled to a greater degree throughout thephysical environment, without their consent. As morehuman-to- human and human to-device interactions occurover shared physical networks and shared service andsocial spaces, it is also possible to sense smaller amountsof physical trails of these interactions with a greaterdegree of sensitivity and accuracy.

Key challenges in supporting security that can adapt to alikely dynamic IoT: Security adaptation can take the formof parameter adaptation achieved by specific variations inthe security control parameter vector, structureadaptation achieved by dynamic changes in the structureof the system, goal adaptation achieved by formallydefining specific constraints on the state of the system, orany combination of these. Adaptation can take place atany layer or across-layers, i.e., vertical cooperation amongmultiple system layers, horizontal cooperation amongmultiple platforms, and universal adaptation combinationof vertical and horizontal cooperation.

The challenges in doing security adaptation are that theadaptive algorithm must respond to changes in the systemon the fly and the activities of the adaptive algorithmmust have only minimal deviations from the normal modeof operation of the system, must address the

Session: Adaptive Security and Privacy Management for the Internet of Things

UbiComp’13, September 8–12, 2013, Zurich, Switzerland

375

reconfiguration of functional logic, the architecture as awhole, and the handling of conflicts. Additional challengesare to the implementation of adaptive algorithms are thecomplexity of the correct definition of goals andrestrictions, the necessity for the on-going identification ofboth system and environment, and the required minimumreaction time of adaptive algorithms.

Self-adaptive security solutions are capable of handlingchanging operational contexts, environments or systemcharacteristics and adjust their security control parametersby monitoring the environment and the underlying systemitself. For the design and development of self-adaptivesecurity systems for IoTs where their specialties are takeninto account, concepts of control theory, such as controlloops, are normally adapted and used in order to buildflexible self-adaptive IoTs which are capable of handlingdynamic changes.

Related LiteratureKozlov et al. [2012] and Medaglia and Serbanati [2010]give an overview, categorization, and analysis of securityand privacy challenges in the IoTs. They have identifiedthat the protection of data and privacy of users is one ofthe key challenges in the Internet of Things. They statethat lack of confidence about privacy will result indecreased adoption among users and therefore is one ofthe driving factors in the success of the Internet ofThings. Hong et al. [2004], propose privacy risk modelsas a general method for refining privacy from an abstractconcept into concrete issues for specific applications andprioritizing those issues. Webera [2010] argues thatmeasures ensuring the IoT architecture’s resilience toattacks, data authentication, access control and clientprivacy need to be established.

Roman et al. [2011] contend that for IoT to fully bloominto a paradigm that will improve many aspects of dailylife, open problems remain in many areas, such ascryptographic mechanisms, network protocols, data andidentity management, user privacy, self-management, andtrusted architectures need to be addressed.

Suo et al. [2012] present a brief review of security in theIoTs and discuss the research status of key technologiesincluding encryption mechanism, communication security,protecting sensor data and cryptographic algorithms, andbriefly outline the challenges. According to Shnitko [2003]adaptation may be defined as the optimal control ofspecified object F in state S whose influence Y on theenvironment is determined by the influences X of theenvironment on the object, the relevant set of adaptablestructures or factors U, and the goals Z of the adaptationas defined by specified constraints on the state S of theobject.

Savola et al. [2012] discussed metrics-driven adaptivesecurity management needs and initial solutions forE-health IoT applications especially for the treatment ofchronic diseases and well-being of elderly people. Theyargued that adaptive security management is neededespecially for setting the sufficient security requirementsand for enforcing the adequate security controls in theface of changing security risks and use context, and thatinformed adaptive security decision-making is based onadequate security effectiveness, correctness and efficiencyevidence offered by security metrics.

Abie and Balasingham [2012] presented a high-levelrisk-based adaptive security framework for IoT in eHealthto estimate and predict risk damages and future benefitsusing context-aware game theoretic models. Theframework outlines how the security methods and

Session: Adaptive Security and Privacy Management for the Internet of Things

UbiComp’13, September 8–12, 2013, Zurich, Switzerland

376

mechanisms should adapt their security decisions uponthose risk estimates and predictions by incorporatingpractical and systematic evaluation models utilizingsecurity metrics for validation of the adaptation.

Expected ResultsThe proposed workshop has three primary objectives.Firstly, it intends to present and disseminate the latestaccomplished and on-going research on adaptive security,privacy and management for IoT and novel applications inubiquitous computing. This includes work on security innext generation Internets, including sensor networks,mobile device networks and distributed mobile andautonomous systems and services, context-aware systems,distributed AI, and HCI. Accepted papers will appear inthe conference proceedings. In addition, selectedhigh-quality papers will be invited to be published, afterrevision and extension, in a journal such as a special issueof the International Journal of Pervasive computing andCommunications (IJPCC).

Secondly, the workshop aims to bring together researchersand practitioners from the relevant fields, in particular, theaudience encompasses those with a wide range ofexpertise in modelling complex systems, developingmethodologies, systems and infrastructures, applicationdevelopers and users with expertise and experience in userrequirements, system implementation and evaluationrelated to IoT security and privacy. We expect thatthrough this workshop a research community focusing onthis high interest area can be formed, and more work andcontributions can be made available in the future,probably in another workshop next year.

The third objective of the workshop is to identifyopportunities and challenges and facilitate collaborations

and synergy between different research communities andgroups and in particular to relate the security in IoT to abroader landscape of Ubiquitous Computing.

References1. Abie, H. and Balasingham, I. 2012. Risk-Based

Adaptive Security for Smart IoT in eHealth. I:BODYNETS 2012 - 7th International Conference onBody Area Networks. Brussels: ICST - Institute forComputer Sciences, Social-Informatics andTelecommunications Engineering 2012 ISBN978-1-4503-1997-3, pp. 269-275

2. Hong, J., Ng, J., Lederer, S., and Landay, J. 2004.Privacy risk models for designing privacy-sensitiveubiquitous computing systems. In D. Benyon; P.Moody; D. Gruen and I. McAra-McWilliam (Eds.):Proc. of the 2004 conference on Designinginteractive systems: processes, practices, methods,and techniques, (August 1, 2004), NY, pp. 91-100.

3. Kozlov, D., Veijalainen, J., and Ali, Y. 2012.Security and privacy threats in IoT architectures. InProceedings of the 7th International Conference onBody Area Networks (BodyNets ’12). ICST(Institute for Computer Sciences, Social-Informaticsand Telecommunications Engineering), ICST,Brussels, Belgium, Belgium, pp. 256-262.

4. Medaglia, C. M., and Serbanati, A. 2010. AnOverview of Privacy and Security Issues in theInternet of Things. In The Internet of Things, 5, pp.389-395.

5. Roman,R., Najera, P., and Lopez, J. 2011. Securingthe Internet of Things. In IEEE Computer, 44, 9,51-58.

Session: Adaptive Security and Privacy Management for the Internet of Things

UbiComp’13, September 8–12, 2013, Zurich, Switzerland

377

6. Savola, R., Abie, H., and Sihvonen, M.2012.Towards Metrics-Driven Adaptive SecurityManagement in E-Health IoT Applications. I:BODYNETS 2012 - 7th International Conference onBody Area Networks. Brussels: ICST - Institute forComputer Sciences, Social-Informatics andTelecommunications Engineering 2012 ISBN978-1-4503-1997-3, pp. 276-281.

7. Shnitko, A. 2003. Adaptive security in complexinformation systems. In Proc. 7th Korea-Russia Int.

Symposium on Science and Technology, (8023863),206-210, (28 June - 6 July, 2003).

8. Suo, H., Wan, J., Zou C., and Liu, J. 2012.Security in the Internet of Things: A Review. In Int.Conf. Computer Science and ElectronicsEngineering (ICCSEE), 3, pp. 648-651.

9. Webera, R. H. 2010. Internet of Things Newsecurity and privacy challenges. Computer Law &Security Review, 26, 1, (January 2010), pp. 23-30.

Session: Adaptive Security and Privacy Management for the Internet of Things

UbiComp’13, September 8–12, 2013, Zurich, Switzerland

378