Embed Size (px)
Citation preview
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES AND SYSTEMS
1
E. Vasilomanolakis, J. Daubert, M. Luthra, V. Gazis, A. Wiesmaier, P. Kikiras
2
Outline
Introduction Security Requirements
Discussion and comparison of IoT architectures IOT-A BeTaaS OpenIoT IoT@Work
Conclusion
3
Introduction
Motivation
IoT specific properties Mobility Constrained resources Heterogeneity Scalability
[email protected] source: Google Images
Security Requirements
4
Confidentiality
Integrity
Authenticity
Availability
Authentication
Authorization
Accountability
Revocation
Data Privacy
Anonymity
Pseudonimity
Unlinkability
Trust
Device Trust
Entity Trust
Data Trust
Resilience
Robustness against attacks
Resilience against failures
Network Security
Identity Management Privacy Trust Resilience
IoT Architecture (1) – IoT-A
Overview Goal : provide Architectural
Reference model (ARM) forming guidelines for network protocols.
Successful integration of ARM to service into IoT.
EU FP7 project completed in 2013.
Five logical security components (SC) mapped to our security requirements.
Security components Dedicated security components
for network security, Identity Management, privacy and trust.
Fault tolerance as a dedicated functional group.
6
Security reqt. RatingNetwork security Identity ManagementPrivacyTrustResilience
[email protected] source: http://www.iot-a.eu/public
IoT Architecture (2) – BeTaaS
Overview Goal : architecture for IoT and
M2M communication for apps over cloud of gateways.
Things as a Service (TaaS) reference model comprising four layers.
Physical layer, Adaptation layer, TaaS layer, Service layer.
EU FP7 project completed in 2015.
Security components Augments the reference model
of IoT-A – similar security. Confidentiality, integrity and
authenticity via PKI. OAuth for identity management.
7
Security reqt. RatingNetwork securityIdentity ManagementPrivacyTrustResilience
[email protected] source: http://www.betaas.eu/
IoT Architecture (3) – OpenIoT
Overview Goal : Open source with cloud
characteristics – pay-as-you-go and on-demand services.
EU FP7 project completed in 2014.
Based on IoT-A ARM. Specifies two modules security and privacy.
However privacy seems not to be addressed apart from data privacy.
Trust is a module addressing data and device trust.
Security components TLS ensures encrypted
messaging. Centralized architecture
providing OAuth and RBAC. Robustness not addressed.
8
Security reqt. RatingNetwork securityIdentity ManagementPrivacyTrustResilience
[email protected] source: http://www.openiot.eu/
IoT Architecture (4) – IoT@Work
Overview Goal : IoT architecture for an
industrial automation domain.
EU FP7 project completed in 2013.
Use common technologies such as EAP and CBAC.
Privacy and Trust not driving requirements due to industry focus.
Security components Some data privacy is provided
and access delegation is used for pseudonyms.
Trust based reqts. seems not be addressed.
9
Security reqt. RatingNetwork security Identity Management
Privacy Trust Resilience
[email protected] source: https://www.iot-at-work.eu/
Comparison Summary
10
Each architecture has a specific focus area. IoT@Work works best for the manufacturing domain. OpenIoT as open sensor and service marketplace. IoT-A and BeTaaS provides an ARM and fulfills most of the requirements. Though the actual implementation may vary.
IoT architecturesSecurity reqt. IoT-A BeTaaS OpenIoT IoT@WorkNetwork security Identity ManagementPrivacy Trust Resilience
Conclusion
Architectural Gaps Data transmission in
constrained devices and gateway remains unprotected.
Focus on enclosed domain, lack inter-domain capabilities.
Privacy and Trust in most IoT architectures seems to be unaddressed.
11
Future Work Accountability mechanisms e.g.,
blind signatures with threshold cryptography can be adopted.
We plan to propose framework for protection at the device, communication and cloud level, rather only at one of these.
To realize the envisioned marketplace of IoT, transitive trust can be adopted.
