DDITA: A Naive Security Model for IoT Resource Security
Information security has its own importance in information era. It forms the third pillar of information world after the performance upsurge and power issues. Security, as the term suggests, is the state of being free from threats. Resultantly Internet of Things receives almost all of the existing security threats from the world of Internet, along with some newly generated threats. In this paper, we are essentially and largely focussing on the security of data as well as resources involved in an Internet of Things system. In this paper, we propose a naive security model, namely DDITA (Definition, Design, Implementation, Testing and Amendment) that emphasizes on security policies, their implementation, their testing under various strategies and finally the amendments if required. In this paper, we have focussed on data involved in Internet of Things. We have classified data as private data and public data. We have also extended our studies toward the further classification of private data into Stored Data and Data in Transit. The security of Stored Data is proposed keeping encryption, authorization, authentication, attestation, and encryption using TPM under its umbrella.
KeywordsSecurity Internet of Things Threats DDITA model Stored Data
- 2.Alex W., The Guardian, The internet of things is revolutionizing our lives, but standards are a must, http://www.theguardian.com/media-network/2015/mar/31/, 2015 (accessed 15.08.2016).
- 3.ITU, Internet of Things Global Standards Initiative, http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx, 2015 (accessed 05.06.2016).
- 4.Machara, S., Chabridon, S., and Taconet, C., Trust-based context contract models for the internet of things, Ubiquitous Intelligence and Computing, Proceedings of IEEE 10th International Conference on Autonomic and Trusted Computing (UIC/ATC), pp. 557–562, 2013.Google Scholar
- 5.Renu, A. and Manik L.D.. RFID security in the context of internet of things, Proceedings of the First International Conference on Security of Internet of Things, ACM, 2012.Google Scholar
- 6.Bhattasali, Tapalina, Rituparna Chaki, and Nabendu Chaki., Secure and trusted cloud of things’, Annual IEEE India Conference (INDICON), IEEE, 2013.Google Scholar
- 7.Zorzi, M., Gluhak, A., Lange, S. and Bassi, A., From today’s INTRAnet of things to a future INTERnet of things: A wireless- and mobility-related view, IEEE Wireless Communication, Vol. 17, No. 6, pp. 44–51, 2013.Google Scholar
- 8.Mark, W., Smart devices to get security tune-up’, BBC News, 23 September 2014, Available Online: http://www.bbc.com/news/technology-34324247, Retrieved on 25 Jan, 2016.
- 9.Yuichi Kawamoto, Hiroki Nishiyama, NeiKato, Yoshitaka Shimizu, Atsushi Takahara, and Tingting Jiang., Effectively Collecting Data for the Location-Based Authentication in Internet of Things’, IEEE Systems Journal, Vol. 99, pp. 1–9, 2015; https://doi.org/10.1109/jsyst.2015.2456878.
- 10.Tsai, C.W., Lai, C.F., Chiang, M.C. and Yang, L. T., Data mining for internet of things: a survey, Communications Surveys and Tutorials’, IEEE. Vol. 16, 2014, pp. 77–97.Google Scholar
- 11.Whitmore, A., Anurag A., and Li Da Xu., The Internet of Things—A survey of topics and trends’, Information Systems Frontiers, Vol. 17, No. 2, 2015, pp. 261–274.Google Scholar
- 12.Jun, Y.K., Secure and Efficient Management Architecture for the IoT, ACM, 2015.Google Scholar
- 13.William Stallings, Cryptography and Network Security; Principles and Practices, Pearson Education, Inc, 4th edition, 2009.Google Scholar
- 14.Behrouz A. Forouzan and Debdeep Mukhopadhyay, Cryptography and Network Security, McGraw Hill Education, 3rd edition, 2016.Google Scholar
- 15.Bare, J. Christopher, Attestation and Trusted Computing’, CSEP 590: Practical Aspects of Modern Cryptography, University of Washington, Washington, 2016.Google Scholar
- 16.Berger, S., C´aceres, R., Goldman, K. A., Perez, R., Sailer, R. and van Doorn, L., vTPM: Virtualizing the Trusted Platform Module, Security Symposium. USENIX, 2006, pp. 305–320.Google Scholar
- 18.Babar, S., Mahalle, P., Stango, A., Prasad, N., and Prasad, R., Proposed security model and threat taxonomy for the Internet of Things (IoT)’, In N. Meghanathan et al. (Eds.), Recent trends in network security and applications, communications in computer and information science, Berlin: Springer, Vol. 89, 2010, pp. 420–429.Google Scholar