Abstract
Today the proliferation of ubiquitous devices interacting with the external environment and connected by means of wired/wireless communication technologies points to the definition of a new vision of ICT called Internet of Things (IoT). In IoT, sensors and actuators, possibly embedded in more powerful devices, such as smartphones, interact with the surrounding environment. They collect information and supply it across networks to platforms where IoT applications are built. IoT services are then made available to final customers through these platforms. Needless to say, IoT scenario revolutionizes the concept of security, which becomes even more critical than before. Security protection must consider millions of devices that are under control of external entities, freshness and integrity of data that are produced by the latter devices, and heterogeneous environments and contexts that co-exist in the same IoT environment. These aspects make the need of a systematic way of assessing the quality and security of IoT systems evident, introducing the need of rethinking existing assurance methods to fit the IoT-based services. In this chapter, we discuss and analyze challenges in the design and development of assurance methods in IoT, focusing on traditional CIA properties, and provide a first process for the development of continuous assurance methods for IoT services. We also design a conceptual framework for IoT security assurance evaluation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ezra Caltum and Ory Segal. SSHowDowN: Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns. https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf. Accessed 11 Oct 2016.
US-CERT/NIST. CVE-2004-1653. 2004. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1653. Aug, 2004. Accessed 11 2016.
Sadeghi, Ahmad-Reza, Christian Wachsmann, and Michael Waidner. 2015. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd Annual Design Automation Conference (DAC), 54. ACM.
Abomhara, Mohamed and Geir M Køien. 2014. Security and privacy in the Internet of Things: Current status and open issues. In International Conference on Privacy and Security in Mobile Systems (PRISMS), 1–8. IEEE.
Zhang, Zhi-Kai, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei Hsu, Chong-Kuan Chen, and Shiuhpyng Shieh. 2014. IoT security: ongoing challenges and research opportunities. In 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, 230–234. IEEE.
Sato, Hiroyuki, Atsushi Kanai, Shigeaki Tanimoto, and Toru Kobayashi. 2016. Establishing trust in the emerging era of IoT. In 2016 IEEE Symposium on Service-Oriented System Engineering (SOSE), 398–406. IEEE.
Zhao, Kai, and Lina Ge. 2013. A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on, 663–667. IEEE.
Bagci, Ibrahim Ethem, Mohammad Reza Pourmirza, Shahid Raza, Utz Roedig, and Thiemo Voigt. 2012. Codo: Confidential data storage for wireless sensor networks. In 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS), 1–6. IEEE.
Raza, Shahid, Hossein Shafagh, Kasun Hewage, René Hummen, and Thiemo Voigt. 2013. Lithe: Lightweight secure CoAP for the internet of things. IEEE Sensors Journal 13(10): 3711–3720.
Dofe, Jaya, Jonathan Frey, and Qiaoyan Yu. 2016. Hardware security assurance in emerging IoT applications. In International Symposium on Circuits and Systems (ISCAS), 2050–2053. IEEE.
Raza, Shahid, Linus Wallgren, and Thiemo Voigt. 2013. SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks 11(8): 2661–2674.
Raza, Shahid, Simon Duquennoy, Joel Höglund, Utz Roedig, and Thiemo Voigt. 2014. Secure communication for the Internet of Things—a comparison of link-layer security and IPsec for 6LoWPAN. Security and Communication Networks 7(12): 2654–2668.
Lee, Jun-Ya, Wei-Cheng Lin, and Yu-Hung Huang. 2014. A lightweight authentication protocol for internet of things. In 2014 International Symposium on Next-Generation Electronics (ISNE), 1–2. IEEE.
Park, Haemin, Dongwon Seo, Heejo Lee, and Adrian Perrig. 2012. SMATT: Smart meter attestation using multiple target selection and copy-proof memory. In Computer Science and its Applications, 875–887. Springer.
Ardagna, Claudio Agostino, Rasool Asal, Ernesto Damiani, and Quang Hieu Vu. 2015. From security to assurance in the cloud: A survey. ACM Computing Surveys (CSUR), 48(1): 2:1–2:50.
ISO/IEC JTC 1. 2014. Information Technology. Internet of things (iot). preliminary report.
B. Leukert et al. IoT 2020: Smart and secure IoT platform. IEC 2016. https://www.openstack.org/.
Minerva, Roberto, Abyi Biru, and Domenico Rotondi. 2015. Towards a Definition of the Internet of Things (IoT). Torino, Italy: IEEE Internet Initiative.
Weiser, Mark. 1991. The computer for the twenty-first century. Scientific American, 6675.
Ala Al Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys and Tutorials 17(4): 2347–2376.
IATAC and DACS. 2007. Software security assurance: State of the art report (SOAR). http://www.dtic.mil/cgi-bin/GetTRDoc?Location=U2&doc=GetTRDoc.pdf&AD=ADA472363.
Beznosov, Konstantin, and Philippe Kruchten. 2004. Towards agile security assurance. In Proceedings of the 2004 workshop on New security paradigms, 47–54, ACM.
Misra, Sridipta, Muthucumaru Maheswaran, and Salman Hashmi. 2017. Security challenges and approaches in internet of things. Springer International Publishing.
Mahalle, Parikshit Narendra, and Poonam N. Railkar. 2015. Identity management for internet of things. River Publishers Series in Communications.
Shelby, Zach, Klaus Hartke, and Carsten Bormann. 2014. The constrained application protocol (CoAP). Technical report.
Montenegro, Gabriel, Nandakishore Kushalnagar, Jonathan Hui, and David Culler. 2007. Transmission of IPv6 packets over IEEE 802.15. 4 networks. Technical report.
Stephen Kent and Seo, Karen. 2005. Security architecture for the internet protocol. Technical report.
Bhatnagar, Neerja, and Ethan L. Miller. 2007. Designing a secure reliable file system for sensor networks. In Proceedings of the 2007 ACM workshop on Storage security and survivability, 19–24. ACM.
Wei Ren, Yi Ren, and Hui Zhang. 2008. Hybrids: A scheme for secure distributed data storage in wsns. In IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2008. EUC’08, vol. 2, 318–323. IEEE.
Ericsson. 2016. Bootstrapping security-the key to internet of things access authentication and data integrity. Ericsson White paper, 284 23-3284. http://www.ericsson.com/res/docs/whitepapers/wp-iot-security.pdf.
Doug, J. 2011. Tygar. Adversarial machine learning. IEEE Internet Computing 15(5): 4.
Huang, Ling, Anthony D. Joseph, Blaine Nelson, Benjamin IP Rubinstein, and J.D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM workshop on security and artificial intelligence, 43–58. ACM.
Liu, Chang, Chi Yang, Xuyun Zhang, and Jinjun Chen. 2015. External integrity verification for outsourced big data in cloud and iot. Future generation computer systems, 49(C): 58–67.
Newe, Thomas, Muzaffar Rao, Daniel Toal, Gerard Dooly, Edin Omerdic, and Avijit Mathur. 2017. Efficient and high speed fpga bump in the wire implementation for data integrity and confidentiality services in the iot. In Postolache, Octavian Adrian, Subhas Chandra Mukhopadhyay, Krishanthi P. Jayasundera, and Akshya K. Swain (eds.). Sensors for everyday life: Healthcare settings, 259–285. Springer International Publishing.
Gaurav, Kumar, Pravin Goyal, Vartika Agrawal, and Shwetha Lakshman Rao. 2015. Iot transaction security. In Proceedings of the 5th International Conference on the Internet of Things (IoT 2015).
Yick, Jennifer, Biswanath Mukherjee, and Dipak Ghosal. 2008. Wireless sensor network survey. Computer Networks 52(12): 2292–2330.
Tanenbaum, Andrew S., and Maarten Van Steen. 2007. Distributed systems. Prentice-Hall.
National Institute of Standards and Technology (NIST). 2013. Security and privacy controls for federal information systems and organizations. Special Publication 800: 53.
International Organization for Standardization (ISO). 2016. ISO/IEC 27001:2013 Information technology–Security techniques–Information security management systems–Requirements. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1:en. Accessed 10 2016.
Acknowledgements
This work was partly supported by the program “piano sostegno alla ricerca 2015-17” funded by Università degli Studi di Milano.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Singapore Pte Ltd.
About this chapter
Cite this chapter
Ardagna, C.A., Damiani, E., Schütte, J., Stephanow, P. (2018). A Case for IoT Security Assurance. In: Di Martino, B., Li, KC., Yang, L., Esposito, A. (eds) Internet of Everything. Internet of Things. Springer, Singapore. https://doi.org/10.1007/978-981-10-5861-5_8
Download citation
DOI: https://doi.org/10.1007/978-981-10-5861-5_8
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-5860-8
Online ISBN: 978-981-10-5861-5
eBook Packages: EngineeringEngineering (R0)