ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
•Download as PPTX, PDF•
1 like•1,130 views
Conference presentation Secure Internet of Things 2015
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (7)
Similar to ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
Similar to ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES (20)
Recently uploaded
Recently uploaded (20)
ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES
- 1. ON THE SECURITY AND PRIVACY OF INTERNET OF THINGS ARCHITECTURES AND SYSTEMS 1 E. Vasilomanolakis, J. Daubert, M. Luthra, V. Gazis, A. Wiesmaier, P. Kikiras manisha.luthra@stud.tu-darmstadt.de
- 2. 2 Outline Introduction Security Requirements Discussion and comparison of IoT architectures IOT-A BeTaaS OpenIoT IoT@Work Conclusion manisha.luthra@stud.tu-darmstadt.de
- 3. 3 Introduction Motivation IoT specific properties Mobility Constrained resources Heterogeneity Scalability manisha.luthra@stud.tu-darmstadt.deImage source: Google Images
- 5. DISCUSSION AND COMPARISON OF IOT ARCHITECTURES 5manisha.luthra@stud.tu-darmstadt.de
- 6. IoT Architecture (1) – IoT-A Overview Goal : provide Architectural Reference model (ARM) forming guidelines for network protocols. Successful integration of ARM to service into IoT. EU FP7 project completed in 2013. Five logical security components (SC) mapped to our security requirements. Security components Dedicated security components for network security, Identity Management, privacy and trust. Fault tolerance as a dedicated functional group. 6 Security reqt. Rating Network security Identity Management Privacy Trust Resilience manisha.luthra@stud.tu-darmstadt.deImage source: http://www.iot-a.eu/public
- 7. IoT Architecture (2) – BeTaaS Overview Goal : architecture for IoT and M2M communication for apps over cloud of gateways. Things as a Service (TaaS) reference model comprising four layers. Physical layer, Adaptation layer, TaaS layer, Service layer. EU FP7 project completed in 2015. Security components Augments the reference model of IoT-A – similar security. Confidentiality, integrity and authenticity via PKI. OAuth for identity management. 7 Security reqt. Rating Network security Identity Management Privacy Trust Resilience manisha.luthra@stud.tu-darmstadt.deImage source: http://www.betaas.eu/
- 8. IoT Architecture (3) – OpenIoT Overview Goal : Open source with cloud characteristics – pay-as-you-go and on-demand services. EU FP7 project completed in 2014. Based on IoT-A ARM. Specifies two modules security and privacy. However privacy seems not to be addressed apart from data privacy. Trust is a module addressing data and device trust. Security components TLS ensures encrypted messaging. Centralized architecture providing OAuth and RBAC. Robustness not addressed. 8 Security reqt. Rating Network security Identity Management Privacy Trust Resilience manisha.luthra@stud.tu-darmstadt.deImage source: http://www.openiot.eu/
- 9. IoT Architecture (4) – IoT@Work Overview Goal : IoT architecture for an industrial automation domain. EU FP7 project completed in 2013. Use common technologies such as EAP and CBAC. Privacy and Trust not driving requirements due to industry focus. Security components Some data privacy is provided and access delegation is used for pseudonyms. Trust based reqts. seems not be addressed. 9 Security reqt. Rating Network security Identity Management Privacy Trust Resilience manisha.luthra@stud.tu-darmstadt.deImage source: https://www.iot-at-work.eu/
- 10. Comparison Summary 10 Each architecture has a specific focus area. IoT@Work works best for the manufacturing domain. OpenIoT as open sensor and service marketplace. IoT-A and BeTaaS provides an ARM and fulfills most of the requirements. Though the actual implementation may vary. IoT architectures Security reqt. IoT-A BeTaaS OpenIoT IoT@Work Network security Identity Management Privacy Trust Resilience manisha.luthra@stud.tu-darmstadt.de
- 11. Conclusion Architectural Gaps Data transmission in constrained devices and gateway remains unprotected. Focus on enclosed domain, lack inter-domain capabilities. Privacy and Trust in most IoT architectures seems to be unaddressed. 11 Future Work Accountability mechanisms e.g., blind signatures with threshold cryptography can be adopted. We plan to propose framework for protection at the device, communication and cloud level, rather only at one of these. To realize the envisioned marketplace of IoT, transitive trust can be adopted. manisha.luthra@stud.tu-darmstadt.de
- 12. Thank you Manisha Luthra (M.Sc Informatik) manisha.luthra@stud.tu-darmstadt.de 12manisha.luthra@stud.tu-darmstadt.de
Editor's Notes
- (30 sec)
- 30 sec Say about, why choose these architectures?
- 1.5 minutes Talk about not only at level of device but overall iot ecosystem
- Add bullet requirements derived from properties Show main level -> then sub reqts No “we check”! Say more about privacy and trust 1.5 minutes Give egs to explain the sub reqts avoid defn! Shift teh image up Make eg of a automated bus statio
- 10 sec
- (2 – 2.5 min) IoT-A, namely IoT architecture provides an architectural reference model as mainly guidelines for the network protocols of iot architectures. Also provides mechanisms for integrating the ARM to service into IoT. This is an EU funded project which was completed in 2013. KEM -> manages the cryptographic keys that are used for conf. And integrity in combn with authenticity. However, KEM doesnt address availability in the context of the network connections. IM is being addressed by three components namely IM, AuthZ and AuthN. AuthN module covers the authentication reqts for the user and service as well as accountability with non repudiation (assurance that someone cannot deny something). AuthZ module cover the authorization via access controls namely role based (RBAC) and attribute based access control (ABAC). Revocation depends on the ACM used. Accountability doesnt seems to be addressed by any of these security comp in IM. Pseudonymisation security (PN) componet addresses our privacy requirements. As the name suggests IoT-A replaces original identities obtained KEM by pseudonyms. It used different pseudonyms different actions that accounts for unlinkability. It doesnt seems to address anonymity on the whole. And, data privacy is not addressed by the PN component however, some means of access granurality is provided by AuthZ. Trust and reputation component provides device and entity trust but data trust in particular is not addressed. (collection of user reputation to calculate service trust) Outside the security functional group, fault tolerance is done as a separate functional group called fault handling-> is divided into four func components namely predicting the potential failures, detecting existing failures, reduction of effects of failures and repairing the system. So first address our first requirement of robustness against attacks and latter three the other ie. Resilience against attacks.
- (2 – 2.5 min) First, the Physical Layer contains the M2M systems connected to the platform. Second, the Adaptation Layer handles the connection to the physical layer, abstracting from peculiarities of the individual M2M systems. The third layer, namely the TaaS Layer, relies on the abstraction layer and provides networkwide access to the devices in the M2M layer. Finally, the Service layer manages the functionalities and services of BeTaaS applications. KM performs authentication, manages user sessions, and provides encrypted communication. Uses pki in combn with CA that ensures conf, integrity and authenticity. Authentication module addresses our IM security requirements by providing two level authentication (gateway level and app or service level auth). Auth module makes use of KM component and Oauth is adapted for authen and author. However, the accountability requirement remains unclear. While Privacy is stated as a key aspect of the security mechanisms in BeTaaS [6], there is no evidence of how this requirement is fulfilled. Trust is handled by Trust & Reputation component. The model retrieves input from individual trust aspects: security mechanisms (which for instance include information regarding the encryption algorithms, the certificates, etc.), QoS fulfillment, dependability performance, battery load and stability in provided data. Lastly, the aspect of resilience is handled via four different pillars: fault prevention, removal, tolerance and forecasting
- (2 – 2.5 min) Opposed to the specification, privacy features are not present in the public code. IPSec tunnels established by gateways to ensure confidentiality, integrity and authenticity. Availability is not mentioned in the context of network security. OpenIoT uses a centralized security and privacy module-> Oauth handles authentication and role based access control model for AuthZ. The fulfillment of further requirements, e.g., accountability, remains unclear. trust module is an independent module in OpenIoT. Addresses the requirements of data and device trust and entity trust remains unclear. OpenIoT does not address robustness in terms of failure avoidance, but rather places the focus on resilience in terms of mitigation
- (2 – 2.5 min) With other Iot arch we have discussed focuses eithr on domestic domain or both domestic and industry domain. Now we discuss Iot@Work that focuses only on industrial automation domain that shifts the security focus also. Privacy and Trust are not driving requirement due to industry focus. Network security is handled mainly mainly by commonly used technologies such as Extensible authentication protocol. However integrity or network integrity is not addressed. The concept of network slices allows for network virtualization, and thus fast network link fail-over to protect availability. Authentication is mainly provided by network security in IoT@Work. Furthermore, authorization is realized via Capability-Based Access Control (CBAC) with support for delegation, accountability, and revocation. CBAC works well with many entities as well as under connection failure to the central authorization service. Some data privacy is provided and access delegation is used for pseudonyms. Anonymity can be achieved by proving capabilities through Zero Knowledge Proofs (ZKPs). The network slice approach uses virtual network links that are robust against failures. In addition, live reconfiguration is possible and thus allows for recovery in the sense of resilience.
- (1 min) Remove highlighting BeTaaS inherits from the high level abstraction reference model of IoT-A. Thus, similarly to IoT-A, access control mechanisms enforce data privacy by restricting unauthorized access. The identity management component is responsible for managing the way identities of sensors or gateways are presented in their interaction with BeTaaS instances. Apart from data privacy being maintained by centralized access control, data anonymization and pseudonymity is not elaborated in OpenIoT The IoT scenarios described in IoT@Work do not introduce a need to deal with trust issues, so the model does not provide any mechanisms to cope with trust
- 1 min