IoT Security Roadmap 2018
IoT Security Roadmap 2018
IoT Security Roadmap 2018
www.elsevier.com/locate/dcan
PII: S2352-8648(17)30021-4
DOI: http://dx.doi.org/10.1016/j.dcan.2017.04.003
Reference: DCAN81
To appear in: Digital Communications and Networks
Cite this article as: Arbia Riahi Sfar, Enrico Natalizio, Yacine Challal and Zied
Chtourou, A Roadmap for Security Challenges in Internet of Things, Digital
Communications and Networks, http://dx.doi.org/10.1016/j.dcan.2017.04.003
This is a PDF file of an unedited manuscript that has been accepted for
publication. As a service to our customers we are providing this early version of
the manuscript. The manuscript will undergo copyediting, typesetting, and
review of the resulting galley proof before it is published in its final citable form.
Please note that during the production process errors may be discovered which
could affect the content, and all legal disclaimers that apply to the journal pertain.
Digital Communications and Networks(DCN)
Abstract
Unquestionably, communicating entities (objects, or things) in the Internet of Things (IoT) context, are acquir-
ing an active role in human activities, systems and processes. The high connectivity of intelligent objects and
their severe constraints lead to many security challenges, which are not included into the classical formulation of
security problems and solutions. "Security Shield for Internet of Things" has been identified by DARPA (Defense
Advanced Research Projects Agency) as one of the four projects with a potential broader impact larger than
the Internet itself 1 . To help interested researchers to contribute to this research area, an IoT security roadmap
overview is presented in this work based on a novel cognitive and systemic approach. The role of each component
of the approach will be explained and interactions with the other main components of the proposed scheme and
their impact on the overall system will be detailed. A case study will be presented to highlight components and
interactions of the systemic and cognitive approach. Then, security questions about privacy, trust, identification
and access control will be discussed. According to the novel taxonomy of IoT framework, different research chal-
lenges will be highlighted, important solutions and research activities will be exposed, and interesting research
directions will be proposed. In addition, current standardization activities will be surveyed and discussed to
ensure security of IoT components and applications.
nitions, roles and interactions between these ele- ing SCADA systems in different countries was led
ments are given in Section 3. at McAfee enterprise, and showed that most facil-
In 2011, the number of interconnected systems ities were victims of cyber attacks [3].
exceeded the number of human beings [1]. In
2012, 9 billion of devices were interconnected; this Unquestionably, many challenging security is-
number is expected to reach 24 billion devices sues must be addressed before making the IoT
in 2020 [1]. The financial market size is around vision a reality. We need to answer important
the amount of 1.3 trillion dollars for mobile net- questions about enabling IoT while guaranteeing
work operators in various domains and applica- aspects as trust, security, and privacy. We led
tions like healthcare, transportation, public ser- this work to help those who are interested in the
vices and electronics [1]. development and the improvement of this domain.
As an extension of the classical Internet frame- Different surveys have already been proposed, but
work and technology, previous security models they are mainly based either on a broader vi-
should be applicable to the IoT to guarantee ba- sion that includes "Things"-oriented, "Internet"-
sic security services including authentication, con- oriented and "Semantic"-oriented visions, or on a
fidentiality, integrity, non-repudiation, access con- layered vision, whereas the purpose of our work
trol and availability. However, IoT is constrained is to offer a roadmap that considers systemic and
by many new factors. First, numerous things may cognitive approach of IoT. This is useful especially
interact together in a complex manner, through when we consider the complexity, variability, inter-
many security techniques and according to dif- actions and constraints of IoT components. De-
ferent policy requirements [2]. Second, IoT de- spite of its theoretical rigor limitation, our vision
vices can have different operation environments remains an adequate choice for decision making,
and, usually, limited computational power. Third, since we consider overall system operation.
some IoT applications can foresee the participa-
tion of a huge number of nodes leading to seri-
ous security problems. As a consequence, security The main contribution of this work is fourfold:
challenges became more difficult to fulfill as it is (a) we propose a classification of different surveys
hard to develop a generic "one fits all" security based on IoT vision and security issues; (b) we
strategy or model. Consequently, "Security Shield detail our systemic and cognitive approach for
for Internet of Things" has been identified in 2014 IoT, which was introduced in [4], [5]; (c) we re-
by DARPA (Defense Advanced Research Projects port and analyze the state-of-the-art of IoT se-
Agency) as one of the four projects with a poten- curity research activities, and present the major
tial broader impact larger than the Internet itself. technological solutions and projects according to
the systemic and cognitive approach; and (d) we
Also, the evolution from closed or limited-access
show the main standardization activities related
networks to open ones increased the need for se-
to IoT security. We believe that our effort is inter-
curity alarms to protect interconnected devices
esting as it grants particular attention to interac-
from intrusions. Many attacks can occur in
tions among system elements and their effects on
IoT: message modification and/or alteration, traf-
the overall system. Also, by using a systemic and
fic analysis, Denial of Service (DoS), Distributed
cognitive approach, we look at the results coming
DoS, eavesdropping, Sybil attack, etc. Concretely,
from system behaviors and compare them to real-
many real attacks were led in the latest period.
life results to validate models and practices.
An example of attack related to the IoT was led
against Supervisory Control and Data Acquisition
(SCADA) systems which aim to facilitate the man- Section 2 shows the related work, and highlights
agement of remote systems by issuing real-time our contribution in respect of other existing sur-
supervisory commands over communication chan- veys. Section 3 presents the systemic and cogni-
nels [3]. As a result of commercial availability of tive approach of IoT that we use as a basis for
cloud computing, these systems became progres- our actual work. Section 4 shows how the pre-
sively used by IoT technology to decrease infras- sented model may be easily adapted to any real
tructure fees and facilitate maintenance and inte- environment, by using it for smart manufacturing
gration operations. In [3], authors highlighted sev- to improve productivity. Section 5 presents solu-
eral security vulnerabilities and possible attacks of tions and projects related to IoT security field and
these systems (Denial of Service, SQL Injection, classify them according to different taxonomies,
Buffer Overflow, and many others). The British and, for each main research axis, highlights new re-
Columbia Institute of Technologies Internet En- search directions. Section 6 details the main stan-
gineering Lab (BCIT/IEL) has recorded a list of dardization activities in IoT security field. Section
over than 120 events since the project’s initiation. 7 discusses IoT security evolution and concludes
Another analysis of 200 IT security executives us- the paper.
4 Arbia Riahi Sfar, et al.
Intelligent
Object
Technogical
Ecosystem
Person
Process
Fig. 1: A smart factory environment composed of person, smart object, process and technological ecosystem as the main
elements of our systemic and cognitive approach for security in the Internet of Things. (©http://www.moxa.com.)
of view, and other relevant security issues were authors adopted an open IoT vision and consid-
neglected. ered a set of intelligent objects that cooperate to
In "Towards Internet of Things: Survey and accomplish a common objective. In their vision,
Future Vision" [9], authors proposed different ar- they considered that, from a technological point
chitectures of IoT, and discussed new research of view, IoT deployments may involve diverse con-
challenges. They detailed the 3-Layer and 5- ceptions, technologies, implementations and archi-
Layer architectures and highlighted the relevant tectures to build a communication or to perform a
research challenges in communications problems process. They divided security aspects into three
(QoS, huge number of objects, transport control categories: security requirements (authentication,
protocol, real time objects detection, etc.), and confidentiality and access control), privacy, and
information gathering problems (massive informa- trust. The main limitation of this work is the
tion, and security and privacy problems). Authors taxonomy of IoT which remains unclear and, con-
were limited to physical security and privacy is- sequently, the lack of classification of the listed re-
sues and they treated security problems superfi- search activities according to a clear sorting logic.
cially without presenting any possible solutions. In 2016, the SANS institute published an inter-
In "Context Aware Computing for The Inter- esting survey: "Securing the Internet of Things
net of Things: A Survey" [10], authors proposed Survey" [14], to reveal the opinion of the security
a context awareness for IoT framework and gave community about IoT security state in the present
a deep analysis of context life cycle (techniques, and in the future by interrogating security person-
methods, models, functionalities, systems, appli- nel active in the IT field. By the end of this survey,
cations, and middleware solutions) by studying the author concluded that most of respondents ex-
a set of 50 projects during the decade between pected IoT device producers to grant more interest
2001 and 2011. Then, according to their taxon- to security concerns than other IT systems.
omy, they proposed a number of possible research Finally, we cite the survey "Internet of Things:
directions based on emerging IoT issues. In this A Review of Surveys Based on Context Aware In-
survey, authors suggested that security and pri- telligent Services" [15] which presented the current
vacy issues are addressed at the middleware level, IoT technologies, approaches and models to find
and at several layers of the model (sensor hard- out new data-related challenges. The paper pro-
ware, sensor data communication, context annota- posed well integrated and context aware intelli-
tion and context discovery, context modeling and gent services for IoT. Authors focused on social
the context distribution layers) in order to gain network and IoT integration in the emerging con-
trust from IoT users. This survey dealt with se- text of Social Internet of Things (SIoT). Security
curity as an orthogonal issue among many others, aspects were considered by authors during their
but no particular attention was given to real re- survey but were not discussed separately.
search activities in this field. It is clear that all of the aforementioned sur-
In "Security for the Internet of Things: A Sur- veys either did not consider security in the IoT
vey of Existing Protocols and Open Research is- framework as a priority or were limited to a part
sues" [12], published in 2015, J. Granjal et al. pro- of its issues. In our work, we consider different
posed a deep analysis of existing protocols and se- IoT threats and focus on many areas such as pro-
curity mechanisms of communications in IoT and tocol and network security, data privacy, identity
present different open research issues. For their management, trust and governance, fault toler-
presentation, authors adopted a standardized 5- ance, dynamic trust, security, and privacy man-
layer protocol stack and considered security re- agement. More than offering a classic survey, our
quirements and solutions for each layer. This work intent is to present a roadmap for designers and
focused exclusively on security issues based on practitioners of IoT to provide supplementary ef-
some standardization efforts performed by IEEE forts in different and interesting areas to improve
and IETF including IEEE 802.15.4, CoAP, 6loW- IoT security features. To this end, we proposed a
PAN, RPL and CORE. Unfortunately, authors ne- systemic and cognitive approach for IoT security
glected many other important standards in the to cover all these aspects in a consistent frame-
same area such as IoT-A reference model, P2413 work [16]. Compared to the layered approach, our
(IEEE), oneM2M project, and ETSI efforts (TC vision is more convenient and flexible for making
M2M, and TC ITS) as explained in section 6. decisions while the whole system is accomplishing
Their work remained dependent on a limited num- a given action. We handle security issues that
ber of standards and was not sufficiently open to may occur to interactions among all the system
other efforts. elements, and analyze their consequences on the
Another survey was published in 2015, from S. global system. We concentrate our analysis to spe-
Sicari et al. entitled "Security, privacy and trust cific interactions which are directly related to se-
in Internet of Things: The road ahead" [13] where curity: privacy, trust, identification, and access
6 Arbia Riahi Sfar, et al.
control. We consider that other interactions (auto- management, according to Plan-Do-Check-Act ap-
immunity, safety, reliability and responsibility) are proach described in ISO/IEC 27000-series2 .
considered during the system design phase, and
do not involve enhancing technologies; and then 3.1.2. Process
remain out of the scope of this work. is about procedures, means or ways to perform
tasks within IoT framework with respect to spe-
3. A systemic and cognitive approach for cific security policy. Processes must thoroughly
the IoT fit the requirements of policies, standards, strate-
gies, procedures and other specific documentation
In [5], authors proposed a holistic view of IoT or regulation to guarantee the expected security
suggesting a systemic and cognitive approach for level for every IoT architectural components.
IoT security. The main idea is originally inspired
from [17], where L. Kiely et al. proposed a sys- 3.1.3. Intelligent object
temic security management system for all types of encompasses various devices with communica-
organizations beginning with the micro level. As tion capabilities regardless of their processing
shown in figure 2, our illustration of the IoT con- power, memory or energy as tags, sensors, actu-
text is described by a tetrahedron-shaped scheme ators, etc. Objects can be deployed to work au-
built around four nodes: person, process, intel- tonomously, as is the case of phase meters for a
ligent object and technological ecosystem. The smart grid, or as part of a more complex system
presence of the intelligent object in this system such as a thermostat in HVAC (Heating Venti-
increases the complexity of the control process lation and Air Conditioning) system. Designers
in the resulting computing environment which of these objects have to deal with their pervasive
may include humans, computers, sensors, RFID character to comply with specific security levels.
tags, network equipments, communication proto-
cols, system software, and applications. Edges 3.1.4. Technological ecosystem
between intelligent object and people nodes be- It stands for technological solutions to guaran-
come hard to handle due to the large number of tee efficient functioning and acceptable IoT se-
involved entities (objects and/or persons) and the curity level including joining applications, com-
variation of security requirements. These connec- mand and control processing, routing and secu-
tions are dynamic and complex; follow the envi- rity. An extensive, reusable and accessible ecosys-
ronment characteristics and play a key role of co- tem is highly recommended to help the develop-
operation/conflict between nodes [16]. Nodes are ment of IoT nodes and applications. To guar-
connected to each other and their interactions are antee a generic and efficient secure technological
represented by seven edges: trust, privacy, identi- ecosystem, the following aspects need to be con-
fication and access control, safety, reliability, auto sidered: (1) design and configuration of security
immunity and responsibility. In the following, we procedures, (2) identification and authorization of
will provide detailed definition of each of the tetra- involved entities, (3) precision of internal and ex-
hedron nodes and edges. The relevant research ternal security perimeters, and (4) protection of
issues will be presented in section 5. the physical environment. Practically, in a real im-
plementation of a technological ecosystem, many
3.1. Nodes issues have to be handled concerning communica-
3.1.1. Person tions infrastructures and protocols, system archi-
symbolizes the human resources and related se- tecture, implemented algorithms, access control
curity issues. As the IoT context is character- methods, etc. As data and commands may be re-
ized by its diversity and large-scaled structure, se- motely generated and handled, adequate interest
curity limitations and threats are more probable needs to be granted to communication choices.
and influenced by large numbers of persons. To
highlight the complexity of this node we should 3.2. Edges
be aware that involved persons include humans 3.2.1. Privacy
with different security background levels. This dif- depicts the edge between person and technolog-
fers according to their characters, manners, exper- ical ecosystem nodes and originates from the ne-
tise, knowledge, outlook, etc. [17]. According to cessity of protecting data related to humans. In
their roles, different types of human profiles are IoT, it is essential to fulfill privacy requirements
involved in IoT context such as consumers, end due to the omnipresence of intelligent objects, and
users, service or technology providers, etc. Con- the risk of technology mishandling by legitimate
trolled by their security and safety, we suggest
that persons, each from own perspective, have
to accomplish the tasks related to security rules 2 http://www.27000.org/
8 Arbia Riahi Sfar, et al.
Non-security tensions
Person
Security tensions
Identif.
/
Access Ctl
Privacy Safety
Int.
Object
Trust
Auto-immunity
Responsibility
Techno.
Process
EcoSys. Reliability
Fig. 2: Graphical illustration of IoT context according to its main elements (nodes) and their relationships (edges).
and/or illegitimate users. For example, we con- them easily using their identifiers. We can con-
sider a healthcare scenario where hospital employ- sider the example of vehicle control in an industry
ees need to access patient data for administrative chain where identifying connected devices (vehi-
purposes (statistics generation, patient registra- cles, products, etc.) permits their localization and
tion, billing, age, sex...) and are not allowed to tracking. Obviously, getting this type of informa-
know details about patient disease. In this situ- tion instantly can improve the global system func-
ation, privacy is about granting adequate access tioning and efficiency by immediate intervention
privileges to employees without divulging sensitive when needed. Identification affects many aspects
information. of the global IoT system including conception, ar-
chitecture, access rules, etc.
3.2.2. Trust
is the edge that links the intelligent object with 3.2.4. Reliability
the technological ecosystem. In smart environ- links process and technological ecosystem nodes
ments, IoT devices may perform various read- and depicts the probability of non-failure of the
ings (temperature, humidity, fire, pressure mea- system operation. In IoT, reliability can be con-
surements, etc.) to help decision making by ad- sidered in many cases such as handling unique
ministrators and instant reaction. This reflects and reliable addresses for entities, managing data
the necessity of trusting the involved device(s) to over the network, and effective use of intelligent
make the right assessment, and highlights the in- objects in various applications. In the systemic
teraction between entities by trusting what do and cognitive approach, we classify reliability as
they report and acting accordingly. Then, estab- a non-security edge as it is considered in the over-
lishing and managing trust in a huge number of all system designing. Although research efforts
objects in heterogeneous and large-scaled environ- in IoT reliability are still limited, we can list two
ments is a considerable challenge for researchers mains projects: NEBULA (A trustworthy, secure
and manufacturers. Trust management definition and evolvable Future Internet Architecture)3 and
and operations (establishing, updating, and revok- Soft Reliability Project4 .
ing credentials, keys and certificates) have to be
addressed as a key security issue in IoT. In our ap- 3.2.5. Safety
proach, trust establishment between objects and is largely about protecting persons and objects
persons is performed via technological ecosystems during a process execution. The software embed-
due to the involvement of human and non-human ded into autonomous objects may be the cause
entities in the global system. of a random or unpredictable behavior so it has
to be carefully checked to avoid disastrous con-
sequences for the whole system and the physical
3.2.3. Identification / Access control
stands for the edge between persons and intel-
ligent nodes, which emphasizes the mean to es- 3 http://www.nebula-fia.org/
environment. To explain the importance of safety sary to attribute responsibilities to right entities,
in IoT domain, we consider the example of digital and reactions may be taken accordingly.
cities where smart phones are more and more pow- In [16], systemic and cognitive approach is
erful tools that can be used as sensors. They must developed through identification of contextual
be capable to protect their internal and sensitive plans within the tetrahedron: safety plan, cyber-
information and can predict and prevent safety security plan, access plan, and security plan; and
issues through dedicated applications (eg. geo- edges between nodes are sorted accordingly. It is
positioning). Safety is also considered during the then put into evidence by shedding light on the se-
system design, with explains the limited related re- curity plan that involves the privacy, trust, iden-
search efforts. Three main projects may be listed: tification and access control edges. Each of the
E-Safety Project5 , e-Crime Wales6 , and Internet other plans of the tetrahedron (safety, access and
Safety Project7 . cyber-security planes) share one edge with the se-
curity plan. Thus, we suggest a by-design inclu-
3.2.6. Auto-immunity sion of security in the different aspects of IoT de-
concerns only intelligent objects as they may op- velopment.
erate in remote and/or hostile zones where risks
of physical attacks and other possible menaces be- 4. Case study: smart manufacturing
come probable (failure of communication media,
resource constraints, inadequate physical protec- To highlight the efficiency of the systemic and
tion, weakness of the trust management system, cognitive approach, we consider the case of smart
sporadic nature of connectivity, etc). In high manufacturing, where IoT applications are ex-
electromagnetic disturbance, the node function- pected to generate 1.2 to 3.7 trillion of economic
ing may be interrupted or even stopped. This in- value annually by 20258 . Concretely, IoT appli-
creases workload and battery consumption, which cations increase manufacturing productivity by
reduces service time of the wireless sensors. Also, providing a comprehensive view of the produc-
it is important to improve IoT system immunity tion chain and making instant adjustments. In
against electromagnetic interference to guarantee smart manufacturing scenario illustrated in figure
low probability of interception and low probability 3, nodes of the tetrahedron correspond to the fol-
of detection [18]. Auto-immunity deals with all of lowing actors during supply chain management
the aforementioned aspects and needs to be con- process:
sidered as a conception requirement of every IoT Process: smart manufacturing process in-
system rather than a security measure. This edge cludes supply chain management, efficient oper-
is considered at the conception phase by manufac- ation, predictive maintenance and inventory op-
turers of IoT devices to ensure a prevention tech- timization. Data collected from terminal equip-
nique for intelligent objects which may explain the ment, workers, vehicles, and other sensors are an-
limited related research efforts. Two main works alyzed to produce real-time models and control,
may be listed about artificial immunity-based se- and plan algorithms to coordinate between chain
curity [19], and immunity-based intrusion detec- components. Monitoring the status of production
tion technology [20]. equipment in real-time helps the increase of effi-
ciency and reliability, and improve overall perfor-
3.2.7. Responsibility mance.
links process to intelligent object nodes. Smart Person: to ensure the management of a large
devices may be autonomous and behave as ac- amount of heterogeneous data, manufacturing en-
tors in many cases. For example, persons may vironment involves several actors with different
grant a form of responsibility to these nodes to competences and expertise. Depending on their
perform a precise action as responsibility for risk interest, qualifications and ability to act in a re-
and vulnerabilities management of these products flective and autonomous way, persons needed in
[21]. We consider a smart refrigerator, which is smart manufacturing context may be engineers,
able to know the list of the stored aliments, and workers, managers, suppliers, consumers, tele-
autonomously order new products. This device be- operators (conferencing, maintenance, etc.).
comes responsible for product ordering which may Intelligent object: involved devices in smart
facilitate the task of its proprietor. But in case of manufacturing include physical components (me-
intentional or accidental dysfunction (bad prod- chanical, electrical pieces), intelligent components
ucts details, quantity problems, etc.), it is neces- (sensors, actuators, microprocessors, software, em-
bedded operating system) and connectivity com-
ponents (wireless connectivity, ports, antennas).
5 http://www.em-esafetyproject.co.uk/
6 http://www.ecrimewales.com/
7 http://www.internetsafetyproject.org/ 8 http://www2.itif.org/
10 Arbia Riahi Sfar, et al.
Non-security tensions
Engineers
Security tensions
Sensors
Trust Responsibility
between sensors liability of intelligent object
and engineers during the supply chain process
Auto-immunity
resistence to interference
and jamming Supply
Inf. & com. chain
tech. Reliability management
of collected information
by sensors during supply chain
Fig. 3: Actors (nodes) and interactions (edges) in IoT context during supply chain management.
Explosion of sensor technologies has made every lishment will depend on two factors: the ability of
manufacturing process and component a potential intelligent object to protect itself in hostile envi-
data source. For example, sensors may be used to ronments, and person’s ability to interrogate the
monitor humidity conditions during vehicle paint- node to see if it is still trustworthy.
ing, and enable real-time monitoring by adjusting Reliability: focuses on reliability of informa-
ventilation systems. tion collected and results reported by technolog-
Technological ecosystem: innovations pro- ical ecosystem during the manufacturing process.
vide many opportunities to develop new products This requires effective means of sensing, metrol-
and corporate models, multiply economic benefits ogy, calibration, signal processing, diagnostics,
and facilitate greater employee engagement. In anomaly detection, maintenance, etc. In addition,
smart manufacturing, examples of these ecosys- automatic, flexible and adaptive control mecha-
tems may concern control technologies (sensors, nisms need to be developed to obtain a higher de-
actuators), cognition-based intelligence (machin- gree of the overall system reliability.
ery, robots), human-machine interaction, continu- Safety: focuses on several operations such as
ous monitoring, energy technologies, information control, command, surveillance, communications,
and communication technologies, etc. intelligence, reconnaissance, etc. It aims to meet
Privacy: aims to reduce the risk of privacy the need for intelligent objects, ensure their whole
disclosure of sensitive data (financial, technical life cycle safety, and improve persons safety by
or personal details) when exchanged with techno- reducing injuries and fatalities during the man-
logical ecosystem (radio link). Data control tech- ufacturing process. In this context, IoT may
niques such as anonymization, encryption, aggre- be applied to devices and employees (RFID tags,
gation, integration and synchronization may be badges) to alert or even power off equipment if a
used to hide these data while providing essential physical attack occurs.
information usable for the relevant applications. Auto-immunity: deals with the way to protect
Identification / Access control: consist intelligent objects from physical attack in harsh
of controlling illegitimate intrusions of per- environments and providing sufficient resistance
sons/objects in restricted areas. It may concern with the ability to self-monitor and reporting. It
identification and localization of vehicles, mea- also focuses on better immunity of intelligent ob-
surement of humidity and temperature, tracking jects and communication channels towards inter-
of products, surveillance parameters management ference and jamming.
in sensitive areas, etc. Responsibility: handles liability of intelligent
Trust: concentrates on soft security (techno- object to perform a precise process. In manufac-
logical ecosystem) to establish mutual trust be- turing scenario, IoT devices must answer only au-
tween intelligent objects and persons, to create thorized reader’s request. If a strategic change
security guarantees and transparency. This leads occurs, the responsibility for monitoring would
the global system to make timely and trusted in- change automatically, and responsibilities are dis-
formation available where it is needed, when it is tributed across multiple intelligent objects to per-
needed, and to those who need it. Trust estab- form new processes. Consequently, it is the re-
A Roadmap for Security Challenges in Internet of Things 11
sponsibility of the whole system to maintain a pseudo random number generator functions, and
consistent task agenda by inserting missing ac- lightweight public key primitives. These tech-
tions, guaranteeing general domain knowledge and niques are generally combined to provide the re-
causality, and so on. quired level of privacy depending on the sensitiv-
ity of data, network settings, and application and
5. Roadmap overview of Security-related users requirements.
edges Access privacy emphasizes the manner how peo-
ple can access to personal information. It is impor-
In this section, we will survey security related tant to highlight the need for efficient policies and
edges: privacy, trust, identification and access con- mechanisms to manage different types of data and
trol, present the current state of the art and pro- fit various situations in IoT contexts. This group
pose possible research issues. may include blocking approaches, lightweight pro-
tocols and data sharing, and accessing techniques.
5.1. Privacy
Information privacy means that the user is able
Data privacy
to control when, how, and to what limit personal
important research results can be divided
information will be collected, used, and shared. It
into six categories: anonymization based tech-
can affect user confidence and people’s lives. In an
niques, block ciphers, stream ciphers, hash func-
IoT environment, connected systems may commu-
tions, lightweight pseudo-random number gener-
nicate with each other, transmit collected, treated
ator functions, and lightweight public key prim-
or control exchanged data. The capabilities of sys-
itives. Figure 4 represents the chronological
tem’s connections during various processes imply
progress of research efforts in this domain.
many security and privacy issues in the dynamic
world of IoT, regarding constraints of maintaining
the meaning of the handled information. Anonymization-based solutions
aim to guarantee data privacy-preservation and
5.1.1. State of the art and taxonomy include k-anonymity, l-diversity and t-closeness.
In ubiquitous computing systems, sensitive data K-anonymity focus on the manner how data hold-
can be stored in a distributed manner. It is impor- ers can issue their private data without any risk of
tant to set up an adequate control mechanism, to re-identification of data subjects. A formal protec-
control and manage data disclosure to third par- tion model for sensitive data ensures that informa-
ties according to information sensitivity. Privacy tion for each person cannot be differentiated from
for end-users is a very complex issue because it that belonging to a group of at least (k − 1) indi-
involves interactions with all of the different sys- viduals [24].
tem components, and it cuts across all the lay- The principle of k-anonymization consists of
ers of the systems structure. Obtaining and an- representing a database as a table with n rows
alyzing all these properties denotes a significant and m columns. Each row depicts an entry asso-
research challenge. Two comprehensive surveys ciated with a precise member of the population,
about challenges and opportunities in big privacy the entries are not necessarily unique. Columns
can be found in [22] and [23] where authors re- of the table correspond to various attributes of
viewed the milestones of research activities of big different members of the population. To accom-
data privacy, and debated the challenges and op- plish k-anonymity, two methods may be used: (1)
portunities from various perspectives. suppression, where some values of the attributes
To address a consistent roadmap overview for are replaced by an asterisk ’*’; and in one column,
the different research achievements and projects all or some values can be replaced by ’*’; and (2)
in IoT privacy concerns, we can distinguish two generalization, where personal values of attributes
main axes: data privacy and access privacy, as are replaced by values in a broader category (ex.
illustrated in figure 5. if the attribute ’age’ is considered, the value of ’21’
Data privacy must be considered throughout can be replaced by ’6 25’ expression).
different phases of data usage, including collection, In IoT environments, k-anonymity may be used
transmission, and storage. During data collection for intelligent objects localization to improve loca-
and transmission, we need to focus on network- tion privacy [25]. This can solve security problems
ing issues and technologies as RFID, WSN, and related to the use of a third party service for obfus-
mobile connectivity. In storage and processing cation, difficulty of managing several k-anonymity
phase at collection nodes, guaranteeing data con- groups for different queries, and infeasibility of us-
fidentiality and integrity, and implementing ade- ing global GPS coordinates indoor. Another pro-
quate security techniques must take place. Ef- posal is to use a tree based location privacy ap-
fective solutions include anonymization, block ci- proach against multi-precision continuous attacks,
phers, stream ciphers, hash functions, lightweight based on new location query approach supporting
12 Arbia Riahi Sfar, et al.
K-anonymity
Anonymization based
(privacy preservation) L-diversity
T-closeness
Symmetric algorithms
Encryption based
Stream ciphers
Asymmetric algorithms
Lightweight primitives
Hash functions
kill command
Blocking approaches
Data aggregation
Semantic web
multi-precision queries [25]. A third use of the lisher ignores what the adversary knows about the
k-anonymity concept was the case of building an records. A formal foundation is given and followed
algorithm for data releasing based on fine-grained by an experimental evaluation and some practical
generalization [26]. directions of solution. In IoT, a possible applica-
tion of this mechanism can be found in healthcare
L-diversity, is proposed to overcome k- domain where data publication is needed without
anonymity vulnerability to homogeneity attack divulging sensitive information about individuals.
and background knowledge attack [27]. A.
Machanavajjhala et al. proposed a stronger defini- T-closeness, was proposed in [28] to surmount
tion through well-represented sensitive attributes limitations of k-anonymity and l-diversity related
to guarantee privacy even when the data pub- to attribute revelation. N. Li et al. proposal
A Roadmap for Security Challenges in Internet of Things 13
requires that distribution of sensitive attributes has been presented in [32], where M. Cazorla et
in any group should be close to their distribu- al. presented a broad comparison of all these
tion in the overall database. To highlight the algorithms in term of operation and performance.
value of this work, authors use real examples Some block ciphers are compared in table 2
and experiments. In [29], authors present a regarding to key sizes, block sizes, consumed
decomposition with (n-t) closeness, to maintain area measured in gate equivalents (GEs) , and
privacy in case of multiple sensitive attributes. technology values (µm) [49],[50],[51].
Their goal is to solve the problem of reducing
the amount of significant information that
may be extracted from the released data in
t-closeness case. In [30], a new proposal is Stream ciphers
presented based on post randomization method plain text is enciphered entirely with a pseudo-
(PRAM) for hiding discrete data, and on noise random key stream, generated with the same
addition for other cases. In IoT context, this length of plain text. Encryption operation con-
proposal may be used in many cases such as sists in XORing plain text and key stream. Al-
those where perturbative methods for privacy though this category of cryptographic primitives
are considerable, or in location-based services [30]. represent an alternative for block cipher, its use is
still limited due to the long initialization phase
needed before the first usage. This drawback
makes them unusable in some communication pro-
Blocks ciphers tocols. However, their main advantage is the sim-
in resource-constrained environments, commu- plicity of the implementation in hardware and the
nication of intelligent objects must overcome hard easiness of usage when the plain text size is un-
restrictions of energy, performances and efficiency. known.
In these scenarios, conventional cryptographic Contrarily to block ciphers, the number of
primitives are infeasible. A detailed survey is lightweight stream ciphers for constrained envi-
given in [31], where M. R. S. Abyaneh et al. pre- ronments is limited. The most important systems
sented the state-of-art of lightweight algorithms include hardware-oriented algorithms of the
and protocols for RFID systems. Block ciphers eStream project’s, namely Grain [52], Trivium
primitives constitute the most fundamental cat- [53], and MICKEY 2.0 [54]. Newer algorithms
egory of cryptographic algorithms. They trans- include WG-8 [55], Espresso [56], and A2U2 [57].
form a binary plain text of a fixed length into Enocoro v.2 [58] can be listed as a pseudo-random
a cipher text of the same length using a sym- number generator for use in a stream cipher. In
metric key. To ensure communication security, table 3 we report a quick comparison between
lightweight block ciphers are introduced in the end some algorithms in term of key size, consumed
of 1990s. Lightweight primitives are known for the area (GEs), and technology values (µm) [59],[51].
block size of input data chosen between 32 and 64
bits, the use of elementary operations like binary
XOR and binary AND, and the simplicity of the
key schedule [32]. Hash functions
Traditional cryptography schemes such as 3- are used for message integrity verification,
DES and AES, are still U.S. government standard digital signatures, and fingerprints. They fulfill
ciphers for non-classified data. Recently, the Na- the following requirements: (1) easy to compute,
tional Institute of Standards and Technology con- (2) collision resistant, (3) pre-image resistant
firmed this point of view in [33]. However, they (it should be difficult to calculate a message
do not fit well in IoT scenario due to their con- m, such that h = hash(m)); and (4) second
strained resources as energy and real time execu- pre-image resistant. In resource-constrained con-
tion, as explained and experimentally proved in texts, lightweight cryptographic hash functions
[34], through a comparison of estimated energy of are necessary to reduce hardware and energy
three different ciphers. consumption. According to their publication
Numerous research activities were accom- date, we can consider the following algorithms:
plished and led to plenty of block ciphers DM-Present, H-Present, C-present [60], SQUASH
primitives for IoT, including mCRYPTON [35], [61], Keccak [62], SHA1 [63], D,U,S-Quark [64],
HIGHT [36], SEA [37], DESXL [38], CLEFIA Armadillo-C [65], Photon [66], Spongent [67],
[39], PRESENT [40], KATAN, KTANTAN [41], Cube [68] and GLUON [69]. Some of these func-
PRINT Cipher [42], TEA/XTEA [42], Kasumi tions are compared in table 4 regarding to their
[43], LED [44], CLEFIA [39], KLEIN [45], Piccolo output size (bits), area (GEs) and technologies
[46], LBlock [47], Simon and Speck [48], etc. A (µm) [70].
comprehensive survey of lightweight algorithms
14 Arbia Riahi Sfar, et al.
Algorithm Key size [bits] Block size Area (GE) Technology value [µm]
[bits]
PRINTcipher 80 48 402 0.18
PRESENT 128 64 1570 0.18
DESXL 184 64 2168 0.18
HIGHT 128 64 3048 0.25
KATAN 80 64 1054 0.13
KTANTAN 80 64 684 0.13
LED 128 64 1265 0.18
KLEIN 64 64 1981 0.18
Piccolo 80 64 683 0.13
LBlock 80 64 1320 0.18
Comparison is based on key sizes, block sizes, consumed area measured in gate equivalents (GEs), and technology
values (µm). GEs is a measurement unit used to specify complexity of digital electronic circuits independently
from manufacturer and technology, and corresponds to a silicon area for a dedicated manufacturing technology.
Technology value refers to the level of semiconductor process technology and expresses the size of the finished
transistor and other components.
PolicyMaker
Policy-based REFEREE
KeyNote
Trust-Recommendation Model
XenoTrust
Community-based Reputation
NodeRanking
aim to strengthen computational trust methods scheme in these environments to build an efficient
using behavioral trust to face the increase of par- network.
ticipation of humans in modern networks (social
networks, on line games, economical services, etc.). 5.3. Identification / Authentication
Reliability of the provided services should take
into consideration the participation of the newly 5.3.1. Definition
added users. Authors state that trust establish- Identification is used for devices such as
ment must be done according to user’s preferences computers, servers, application gateways, RFID
and beliefs, and demonstrate how behavioral trust tags/readers, sensors, actuators, and more. They
is useful to establish solid trust relationship be- are associated with an identifier such as RFID tag
tween humans and computers. identifiers, IP address, URIs (Universal Resource
In [136], L. Atzori et al. introduced a new Identifier), hostname, etc. More precisely, three
paradigm for social network of intelligent objects categories of IoT identifiers can be differentiated:
based on a new paradigm of social relationships (1) Object Identifiers, used for physical or vir-
called Social IoT (SIoT). Similar to social net- tual objects, (2) Communication Identifiers, used
works for people, authors define social network to identify devices when they are communicating
of intelligent objects, which refers to social rela- with other devices, and (3) Application Identifiers,
tionships between objects. Inspired from research used for applications and services [138]. Authenti-
activities about trust in P2P networks, authors cation is the process of confirming entity’s identity
of [137] built a subjective model for trust man- using a login and additional information to sign
agement in SIoT. The basic rule for trust calcu- in, such as passwords, PIN, smart cards, digital
lation is based on node’s experience and reputa- certificates, biometrics, etc. It is used to prevent
tion among its common friends. To calculate trust unauthorized access to resources.
value, authors developed a feedback system, where
they merge trustworthiness and centrality of the 5.3.2. Literature Overview
involved nodes. according to credential elements, research activ-
ities can be divided into three main axes, as shown
5.2.3. Open research issues in figure 8 and figure 9: (1) cryptographic primi-
as we notice a need for a general and generic tives and ultra lightweight operations, (2) capabil-
theory for trust in heterogeneous networks where ities of EPCglobal Class-1 Generation 2; and (3)
humans and objects need to interact, it is inter- physical primitives [139]. The group of protocols
esting to solve foundation limitations in this field. based on cryptographic primitives includes hash
Also, understanding exact relationship between functions, MACs, PRNGs, stream ciphers, block
computational trust and behavioral trust in IoT ciphers, and public keys [140]. The group of proto-
seems to be a good issue. Moreover, trust updat- cols based on ultra lightweight operations includes
ing in changing network environments should be easy binary operations as XOR, AND, OR and
handled by researchers as involved parties may be rotations (also called minimalist cryptography),
exposed to external attacks or may face severe en- or NP-hard mathematical problems. The group
ergy conditions. Finally, although various mathe- of protocols based on EPCglobal Class-1 Genera-
matical models of trust were proposed, their appli- tion 2 capabilities aims to ensure authentication
cations in real networks are still limited. Conceiv- using the 16-bit CRC and 16-bit RNG of the stan-
ing and implementing trust mechanisms to protect dard. The last group is based on physical primi-
services/users/objects in changing infrastructures tives, which means the exploitation of electronic
is a good research direction. We believe that it is and physical properties of RFID tags to form an
interesting to integrate trust within access control authentication primitive [31].
A Roadmap for Security Challenges in Internet of Things 19
Minimalist cryptography
protocols
Context-related physical
IoT identification solutions Distance bounding protocols
metrics based protocols
the proof generation [144]. which resource (object) [148]. It assigns and ver-
Distance bounding protocols are used to avoid ifies the permission granted to a user allowing
relay attack, distance fraud and terrorist attack him/her (or not) to perform some operation on
by controlling the distance between any tag and some resource(s). When designing an access con-
reader. The process is accomplished in two phases: trol system for IoT environments, some functional
a slow phase and a fast phase [145]. parameters must be considered as delegation sup-
Tag ownership transfer protocol involves three port, access right revocation, granularity, scalabil-
entities: current/old owner, tag and new owner; ity, time efficiency, and security.
and is accomplished in two steps: authentication
phase and ownership transfer phase. Examples 5.4.2. State of the art and taxonomy
of this type of protocols contain those exploiting
in figure 11, we classify research activities in IoT
a Trusted Third Party (TTP) and decentralized
access control systems in a two-dimensional dia-
proposals without TTP [146].
gram. The most common form of these systems is
based on access control lists (ACLs), which consist
Biometric based protocols on assigning access rights to specific subjects. In
The lack of physical protection will encourage IoT, ACLs become very complex to manage due
attacks based on compromised physical objects to the increase of the number of subjects and re-
to access sensitive cryptographic data, leading to sources. Other access control model are proposed
privilege-escalation attacks. R. Greenstadt et al. to overcome the burden of basic ACLs systems as
suggested the use of an impregnation of objects shown in figure 10.
followed by continued biometric identification to Role Based Access Control (RBAC), proposed
protect objects [147]. Biometric identification can in [149], ensures authentication and access con-
be diverse, including fingerprints, retinal images, trol in IoT. In the authentication phase, authors
voice frequency, movement, facial recognition, etc. used elliptic curve cryptosystem with ephemeral
The aim is to implement enough natural recogni- private key for establishing a session key for a
tion of the object’s owner to overcome a lot of vul- user and an object. Then, they propose a global
nerabilities and prevent security attacks by unau- architecture for IoT and provide an approach to
thorized third parties. authenticate a specific user. Authors adopted the
RBAC model and make use of OpenID technology
5.3.3. Open research issues and trustable central entities for authentication
To contribute to identification development in purposes. In the same trend, OrBAC model is a
IoT, the following research directions may be generic and expressive access control model that
explored. First, it is important to address a extends the RBAC model. It expresses the secu-
global identification scheme to handle a large num- rity policy and enables distinction between an ab-
ber of object identification schemes. For exam- stract policy defining organizational requirements
ple, hierarchical naming scheme used in Internet and its real implementation in a given information
are inadequate for highly mobile environment as system. SmartOrBAC model distributes process-
IoT. In addition, industries employ proprietary ing costs between IoT devices with different levels
standards for identification, which aggravates the of energy limitations and addresses the collabora-
problem. Second, an infrastructure using non- tive aspect with a specific solution [150].
colliding unique addresses should be set up to take Credential Based Access Control (CBAC) so-
into consideration dynamic intelligent objects that lutions require user’s credentials to gain access
may appear and depart randomly from the net- to given resource or data. They can be divided
work, and choose between revealing and hiding into two families: Attribute Based Access Con-
their identities. To fulfill interoperability and co- trol (ABAC), and Capability Based Access Con-
operation requirements, this infrastructure must trol (CapBAC). In ABAC, a user must present
be capable to recover information related to a correct attributes to have access authorization.
specific device, according to privacy preferences. The most known attribute based access control
Third, methods of automatic discovery are neces- approach is Cipher text Policy Attribute Based
sary to organize global communications especially Encryption (CP-ABE) [151], but its voluminous
when devices, services and network topologies are overhead prevent its usage in IoT environments.
constantly changing. G. Bianchi et al. propose AGREE (Access con-
trol for GREEn wireless sensor networks), which
5.4. Access control implements Multi-authority CP-ABE scheme in
energy harvesting wireless sensor network [152].
5.4.1. Definition Authors exploit the surplus of energy, which can-
an access control system aims to control who not be stored in batteries, to compute parame-
(subject) can do what (operation or right) on ters with high requirements of computation re-
A Roadmap for Security Challenges in Internet of Things 21
Role based
Attribute based CP-ABE (AGREE)
Credential based
IACAC
Capability based
IoT@Work project
Distance bounding
T/gsi/iot/Pages/default.aspx 12 http://www.3gpp.org/
A Roadmap for Security Challenges in Internet of Things 23
authentication or using authentication keys / dig- devices and services in smart home including gate-
ital certificates. Thus, considerable efforts were ways and networks. It published technical require-
provided to deal with security questions; 3GPP is- ments for home gateways including QoS, and soft-
sued two technical specifications series, namely 33 ware modularity. In the security area, HGI dis-
series (Security aspects) and 35 series(Security al- cussed many aspects including security manage-
gorithms). They include several documents defin- ment procedures, firewall policy, key management,
ing various aspects of LTE security aspects in- WLAN security and authentication mechanisms.
cluding architecture, Network Domain Security, In practice, many specifications were interested in
IP network layer security, authentication Frame- the aforementioned security questions such as HGI
work, Inter-Domain Trust Establishment, Appli- Guideline Paper, HGI-RD048 (HG requirements
cation Security, MVPN Access to Home, etc. Sec- for HGI open platform 2.0) and HGI-GD006-R2
ond, 3GPP standardization activities on mobile (HGI guideline paper IMS Enabled HG).
network-based M2M are known as "Machine Type
Communications (MTC)". They focus on the opti- Type 1 partners Technical Specifications and Tech-
mization of access and core network infrastructure, nical Reports
permitting effective providing of M2M services. OneM2M has established two types of partners:
Many specifications covering use cases, service re- type 1 and type 2. The second type involves a
quirements, a functional architecture for MTC ap- limited number of organizations and plays a key
plication were released and approved. Further, role in the dissemination of standards. The first
3GPP discussed secure telecommunication func- type includes many Standards Development Or-
tions in MTC including authorization, authentica- ganizations (SDO) and plays an important role in
tion, identification, access control, confidentiality technical specifications and technical reports pub-
and privacy. These features were debated in many lishing. In IoT context, many efforts were pro-
Technical Reports such as TR 23.887 and 23.888. vided within M2M communication and oneM2M
framework to propose a general framework, tech-
nical requirements and security requirements for
BBF (BroadBand Forum)13
IoT. Also, a special interest was given to seman-
consists of a huge number of service providers, tic web best practices where guidelines for do-
vendors, consultants, academic institutes and test main knowledge interoperability to build the Se-
labs. Its main roles are related to engineering mantic Web of Things were proposed. In secu-
solutions to provide adequate broadband deploy- rity context, considerable contribution can be no-
ments. Within its M2M activities, BBF aims ticed regarding security and privacy aspects in-
to enable, among others, services in the Smart cluding authentication, encryption and integrity
Home to manage growing ecosystem of M2M/IoT. verification. More details are related to authoriza-
It made an important action in network architec- tion, access control, confidentiality, authentica-
tures with the release of a set of technical reports, tion, identification, trust and integrity verification
and by defining its own TR-069 protocol suite and can be found in oneM2M-TS-0003 (oneM2M Secu-
data models for home network management. It rity Solutions) and oneM2M-TR-0008 (oneM2M-
is worth to mention that TR-069 protocol is de- TR-0008-Security).
signed to function on secure transport protocols
such as secure HTTP transport over TLS to en- ETSI (European Telecommunications Standards
sure data confidentiality. Moreover, in its various Institute)15
TRs and TSs, BBF discussed protection against defines two main technical committees: ETSI
MAC address spoofing and DoS attacks, protec- M2M and ETSI ITS (Intelligent Transport Sys-
tion against broadcast / multicast storms, ARP tems). ETSI M2M focuses on services, func-
processing and IP spoofing prevention to avoid tional requirements, interfaces and architecture of
malicious attackers. M2M solutions, divided into five domains, namely:
smart grids, health, connected consumers, trans-
HGI (Home Gateway Initiative)14 portation, and smart cities. Security aspects de-
aims to develop smart home ecosystem, and bated by ETSI M2M technical committee are re-
publish requirements and test plans for home gate- lated to authentication, integrity, confidentiality,
ways and wireless/wireline home networks. It im- trust management and access control (eg. TS-
proves applications, and facilitates connections of 102690, TR-118-508). ETSI ITS debates all types
home gateway middleware and communicating de- of vehicular communications. In security context,
vices. The HGI issued technical requirements for ETSI ITS discusses confidentiality, integrity, avail-
ability, accountability and authenticity (eg. TR-
102-893).
13 www.broadband-forum.org
14 http://www.homegatewayinitiative.org/ 15 http://www.etsi.org
24 Arbia Riahi Sfar, et al.
IEEE (Institute of Electrical and Electronics En- cations, called CoRE (Constrained RESTful Envi-
gineers)16 ronment) which applies the same securty features
launched the P-2413 standardization project, as HTTP over TLS (RFC2818).
which aims to build an architectural framework
for IoT. The standard intends to supply a quadru- IoT-A (Internet of Things - Architecture)18
ple trust feature (protection, security, privacy, and proposes an architectural reference model for
safety). Besides, IEEE contributed in Smart Grid IoT context, made up of a suite of key building
(SG) field development, and issued important re- blocks. The main objective is to assist providers
lated standards (eg. IEEE-2030, IEEE 1711 and and researchers when they have to make their
IEEE 1686-2007) where different security features technical choices. Thus, IoT-A gives design di-
are discussed including specific serial security, safe- rectives with simulation and prototyping options.
guards, audit mechanisms, access control, data Many security features are deeply debated in this
recovery, etc. Besides, we can list many other model and are related to authorization, authenti-
standards issued by IEEE, not directly linked to cation, identification, key management, trust man-
IoT but can be used or adapted to answer its re- agement.
quirements such as IEEE-802.15.4 (ZigBee) and
IEEE 802.16p (IEEE Standard for Air Interface 6.2. Open research issues
for Broadband Wireless Access Systems). The Although considerable efforts were provided in
first example is known as a Low Rate Personal IoT security domain, we can still propose many
Area Network and includes a set of security func- issues to be addressed. First, security of IoT end-
tions located in the datalink level, namely access points is crucial since we deal with a huge number
control, integrity verification, data confidentiality of intelligent objects. Then, efficient authentica-
and protection against replay attacks. The sec- tion standards need to be proposed and have to
ond example aims to enhance the support of M2M take into consideration names unifying, encoding,
applications through the management of informa- profiles and privileges, explicit trust relationship,
tion exchange between a subscriber station and a time-stamping protocol, etc. Second, a consider-
server in the core network (through a base station) able interest should be granted to IoT ecosystems.
or between subscriber station without any human A huge data ecosystem registry is needed to fa-
interaction. Security of this standard lies in sup- cilitate tracking of all parties which may touch
porting integrity and authentication of M2M de- security of IoT system components during their
vices; integrity and privacy of M2M application life-cycle. Finally, IoT interactions need to be de-
traffic; device validity check; and enabling a flexi- bated among IoT security concerns. A security
ble security suite to meet the requirements of the incident and event management repository is use-
M2M application. ful to study IoT logs for predictive, real-time, and
historical analysis.
IETF (Internet Engineering Task Force)17
is interested in semantic web, social networks
and RESTful services. First, it contributed to
the IPv6 supporting by limited-energy devices
in 6LowWPAN-IPv6 protocol (IPv6 over Low-
Power Wireless Personal Area Networks). This
protocol adopts the same security features as
IEEE 802.15.4 and IPv6. Second, IEEE issued
the Constrained Application Protocol (CoAP) for
resource-constrained devices to facilitate transla-
tion to HTTP for integration purpose with web
application. Regarding security aspects, this
protocol discusses authentication, integrity, con-
fidentiality and protection against replay attacks.
Third, IETF developed RPL (IPv6 Routing Pro-
tocol for Low-Power and Lossy Networks) proto-
col in RFC6550. Security of this protocol adopts
three modes (unsecured mode, pre-installed mode
and authenticated mode. Fourth, IETF proposed
an integrated web services for M2M and IoT appli-
16 http://www.ieee.org
17 http://www.ietf.org 18 http://www.iot-a.eu
A Roadmap for Security Challenges in Internet of Things 25
Rec. 2060
Rec. 2066
GSI SERIES Y
Rec. 2067
ITU Rec. 2069
JCA
33 Series
Security aspects
3G and beyond / GSM
35 Series
3GPP/3GPP2 Security algorithms
Liaison relationships
(ARIB, ATIS, CCSA,
organizations
ETSI, TTA, TTC)
TR 069
TR 101
BBF (Broadband Forum Broadband wireline
TR 134
for wireline networks) solutions
TR 291
oneM2M
TR 300
HGI-RD039
HGI-RD048
HGI
HGI-GD006-R2
HGI guideline paper
IoT security
standardization
TR-M2M-0002
activities
TR-M2M-0006
Type 1 partners TR-M2M-0009
(ARIB, ATIS, CCSA, ETSI, oneM2M-TS-0001
TIA, TTA, TTC) oneM2M-TS-0003
oneM2MâTSâ0004
oneM2M-TR-0008
ETSI-TR-103167
ETSI-TS-102690
ETSI TC M2M ETSI-TS-102689
ETSI-TS-102921
ETSI-TR-118508
ETSI-EN-302665
TC ITS
ETSI-TR-102893
IEEE 802.11
IEEE 802.15.4/4e
IoT related standards
IEEE 802.16p
IEEE 1609.2 /3
rfc-4919
IETF Protocols 6LoWPANs
rfc-4944
rfc-7252
CoAP
rfc-7390
RPL rfc-6550
CORE rfc-6690
lights a systemic dimension to IoT security that [14] J. Pescatore, G. Shpantzer, Securing the internet of
we proposed to use as a roadmap overview in this things survey, InfoSec Reading Room.
[15] D. Gil, A. Ferrandez, H. Mora-Mora, J. Peral, Inter-
work. We have then surveyed security related in- net of things: A review of surveys based on context
teractions and solutions: Privacy, Trust, Identifi- aware intelligent services, Sensors 16 (7) (2016) 1069.
cation and Access Control. In addition to high- doi:10.3390/s16071069.
lighting scientific and technological locks we have URL http://www.mdpi.com/1424-8220/16/7/1069
[16] A. Riahi, E. Natalizio, Y. Challal, N. Mitton, A. Iera,
shed some light on the main standardization ac- A systemic and cognitive approach for IoT security,
tivities and the open issues. We have shown that in: International Conference on Computing, Net-
the evolution of objects towards greater autonomy working and Communications (ICNC 2014), Hon-
intensifies the issues of security and privacy. Fi- olulu, United States, 2014, invited Paper.
[17] L. Kiely, T. V. Benzel, Systemic security manage-
nally, we have concluded that objects autonomy to ment, IEEE Security and Privacy 4 (6) (2006) 74–77.
perceive and act on their environment will cause [18] R. publishers (Ed.), Principles of Inductive Near
IoT security to move towards greater perceptive Field Communications for Internet of Things, 2011.
[19] C. Liu, Y. Zhang, Z. Cai, J. Yang, L. Peng, Artifi-
and actional autonomy based on a cognitive and
cial immunity-based security response model for the
systemic approach. internet of things., JCP 8 (12) (2013) 3111–3118.
[20] C. Liu, J. Yang, R. Chen, Y. Zhang, J. Zeng, Re-
search on immunity-based intrusion detection tech-
References nology for the internet of things., in: Y. Ding,
H. Wang, N. Xiong, K. Hao, L. Wang (Eds.), ICNC,
IEEE, 2011, pp. 212–216.
[1] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, [21] J. Pescatore, Securing the internet of things survey:
Internet of things (iot): A vision, architectural ele- A sans analyst survey, Tech. rep., SANS Institute
ments, and future directions, Future Gener. Comput. (January 2014).
Syst. 29 (7) (2013) 1645–1660. [22] S. Yu, M. Liu, W. Dou, X. Liu, S. Zhou, Net-
[2] H. Sundmaeker, P. Guillemin, P. Friess, S. Woelffle working for big data: A survey, IEEE Commu-
(Eds.), Vision and Challenges for Realising the Inter- nications Surveys Tutorials 19 (1) (2017) 531–549.
net of Things, 2010. doi:10.1109/COMST.2016.2610963.
[3] B. Zhu, A. Joseph, S. Sastry, A taxonomy of cyber [23] S. Yu, Big privacy: Challenges and op-
attacks on scada systems, in: Proceedings of the 2011 portunities of privacy study in the age of
International Conference on Internet of Things and big data, IEEE Access 4 (2016) 2751–2763.
4th International Conference on Cyber, Physical and doi:10.1109/ACCESS.2016.2577036.
Social Computing, ITHINGSCPSCOM ’11, IEEE [24] L. Sweeney, k-anonymity: A model for protecting pri-
Computer Society, Washington, DC, USA, 2011, pp. vacy, International Journal of Uncertainty, Fuzziness
380–388. and Knowledge-Based Systems 10 (5) (2002) 557–
[4] Y. Challal, Securite de l’internet des objets : vers une 570.
approche cognitive et systemique, Hdr, Universite de [25] W. Liu, B. Fang, L. Yin, X. Yu, A tree based lo-
Technologie de Compiegne (2012). cation privacy approach against multi-precision con-
[5] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou, tinuous attacks in the internet of things, Journal of
A. Bouabdallah, A systemic approach for iot secu- Information and Computational Science 9 (7) (2012)
rity, in: DCOSS, IEEE, 2013, pp. 351–355. 1807Ű1819.
[6] L. Atzori, A. Iera, G. Morabito, The internet of [26] Y. Xu, X. Qin, Z. Yang, Y. Yang, C. Huang, An
things: A survey, Comput. Netw. 54 (15) (2010) algorithm of k-anonymity for data releasing based on
2787–2805. fine-grained generalization, Journal of Information
[7] D. Miorandi, S. Sicari, F. De Pellegrini, I. Chlam- and Computational Science JICS 9 (11) (2012) 3071–
tac, Survey internet of things: Vision, applications 3080.
and research challenges, Ad Hoc Netw. 10 (7) (2012) [27] A. Machanavajjhala, D. Kifer, J. Gehrke, M. Venki-
1497–1516. tasubramaniam, L-diversity: Privacy beyond k-
[8] C. C. Aggarwal, N. Ashish, A. P. Sheth, The inter- anonymity, ACM Transactions on Knowledge Discov-
net of things: A survey from the data-centric per- ery from Data TKDD 1 (1) (2007) 146.
spective, in: C. C. Aggarwal (Ed.), Managing and [28] N. Li, T. Li, S. Venkatasubramanian, t-Closeness:
Mining Sensor Data, Springer, 2013, pp. 383–428. Privacy Beyond k-Anonymity and l-Diversity, in:
[9] O. Said, Accurate performance evaluation of internet 23rd International Conference on Data Engineering
multicast architectures: Hierarchical and fully dis- (ICDE 2007), IEEE, 2007, pp. 106–115.
tributed vs. service-centric, TIIS 7 (9) (2013) 2194– [29] M. V. R. NarasimhaRao, J.S.VenuGopalkrisna, R. V.
2212. Murthy, C. R. Ramesh, Closeness: privacy mea-
[10] C. Perera, A. B. Zaslavsky, P. Christen, D. Geor- sure for data publishing using multiple sensitive at-
gakopoulos, Context aware computing for the inter- tributes, International Journal of Engineering Sci-
net of things: A survey, CoRR abs/1305.0982. ence and Advanced Technology 2 (2) (2012) 278–284.
[11] O. Vermesan, P. Friess, P. Guillemin, S. Gusmeroli, [30] D. Rebollo-Monedero, J. Forn, J. Domingo-Ferrer,
H. Sundmaeker, A. Bassi, I. S. Jubert, M. Mazura, From t-closeness-like privacy to postrandomization
M. Harrison, M. Eisenhauer, P. Doody, Internet of via information theory, IEEE Trans. Knowl. Data
things strategic research roadmap, Tech. rep., IERC Eng. 22 (11) (2010) 1623–1636.
Cluster SRA (2011). [31] M. R. S. Abyaneh, Security analysis of lightweight
[12] J. Granjal, E. Monteiro, J. Silva, Security for the in- schemes for rfid systems, Tech. rep., dissertation
ternet of things: A survey of existing protocols and for the degree of philosophiae doctor, university of
open research issues, Communications Surveys Tuto- bergen Norway (2012).
rials, IEEE PP (99) (2015) 1–1. [32] M. Cazorla, K. Marquet, M. Minier, Survey and
[13] S. Sicari, A. Rizzardi, L. A. Grieco, A. Coen-Porisini, benchmark of lightweight block ciphers for wireless
Security, privacy and trust in internet of things: The sensor networks, in: P. Samarati (Ed.), SECRYPT,
road ahead, Computer Networks 76 (2015) 146–164.
A Roadmap for Security Challenges in Internet of Things 28
SciTePress, 2013, pp. 543–548. [47] W. Wu, L. Z. 0012, Lblock: A lightweight block ci-
[33] K. A. McKay, L. Bassham, M. S. Turan, N. Mouha, pher, in: J. Lopez, G. Tsudik (Eds.), ACNS, Vol.
Report on lightweight cryptography, draft nistir 6715 of Lecture Notes in Computer Science, 2011,
8114, Tech. rep., National Institute of Standards and pp. 327–344.
Technology (August 2016). [48] R. Beaulieu, D. Shors, J. Smith, S. Treatman-
[34] D. Kim, J.-Y. Choi, J.-E. Hong, Evaluating Clark, B. Weeks, L. Wingers, Simon and speck:
energy efficiency of internet of things software Block ciphers for the internet of things, Cryptology
architecture based on reusable software com- ePrint Archive, Report 2015/585, http://eprint.
ponents, International Journal of Distributed iacr.org/2015/585 (2015).
Sensor Networks 13 (1) (2017) 1550147716682738. [49] Q. Chai, G. Gong, A cryptanalysis of hummingbird-
doi:10.1177/1550147716682738. 2: The differential sequence analysis, IACR Cryptol-
URL http://dx.doi.org/10.1177/ ogy ePrint Archive 2012 (2012) 233.
1550147716682738 [50] D. Lee, D.-C. Kim, D. Kwon, H. Kim, Efficient hard-
[35] C. H. Lim, T. Korkishko, mcrypton - a lightweight ware implementation of the lightweight block encryp-
block cipher for security of low-cost rfid tags and sen- tion algorithm lea, Sensors 14 (1) (2014) 975–994.
sors, in: J. Song, T. Kwon, M. Yung (Eds.), WISA, doi:10.3390/s140100975.
Vol. 3786 of Lecture Notes in Computer Science, URL http://www.mdpi.com/1424-8220/14/1/975
Springer, 2005, pp. 243–258. [51] A. K. Manjulata, Survey on lightweight primitives
[36] D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B. Koo, and protocols for rfid in wireless sensor networks, In-
C. Lee, D. Chang, J. Lee, K. Jeong, H. Kim, J. Kim, ternational Journal of Communication Networks and
S. Chee, Hight: A new block cipher suitable for low- Information Security (IJCNIS) 6 (1) (2014) 29–43.
resource device, in: L. Goubin, M. Matsui (Eds.), [52] M. Hell, T. Johansson, W. Meier, Grain: a stream
Cryptographic Hardware and Embedded Systems - cipher for constrained environments, IJWMC 2 (1)
CHES 2006, 8th International Workshop, Yokohama, (2007) 86–93.
Japan, October 10-13, 2006, Proceedings, Vol. 4249 [53] C. D. Canniere, B. Preneel, Trivium specifications,
of Lecture Notes in Computer Science, Springer, eSTREAM, ECRYPT Stream Cipher Project.
2006, pp. 46–59. [54] P. Kitsos, N. Sklavos, M. Parousi, A. N. Skodras,
[37] F. Mace, F.-X. Standaert, J.-J. Quisquater, Asic im- A comparative study of hardware architectures for
plementations of the block cipher sea for constrained lightweight block ciphers, Computers and Electrical
applications, in: Proceedings of the Third Interna- Engineering 38 (1) (2012) 148–160.
tional Conference on RFID Security - RFIDSec 2007, [55] X. Fan, K. Mandal, G. Gong, WG-8: A Lightweight
2007, pp. 103–114. Stream Cipher for Resource-Constrained Smart De-
[38] G. Leander, C. Paar, A. Poschmann, K. Schramm, vices, Springer Berlin Heidelberg, Berlin, Heidelberg,
New lightweight des variants, in: A. Biryukov (Ed.), 2013, pp. 617–632. doi:10.1007/978-3-642-37949-
FSE, Vol. 4593 of Lecture Notes in Computer Sci- 9_54.
ence, Springer, 2007, pp. 196–210. [56] E. Dubrova, M. Hell, Espresso: A stream ci-
[39] T. Shirai, K. Shibutani, T. Akishita, S. Moriai, pher for 5g wireless communication systems,
T. Iwata, The 128-bit blockcipher clefia (extended Cryptography and Communications (2015) 1–
abstract), in: A. Biryukov (Ed.), FSE, Vol. 4593 of 17doi:10.1007/s12095-015-0173-2.
Lecture Notes in Computer Science, Springer, 2007, URL http://dx.doi.org/10.1007/
pp. 181–195. s12095-015-0173-2
[40] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, [57] M. David, D. C. Ranasinghe, T. Larsen, A2u2:
A. Poschmann, M. J. B. Robshaw, Y. Seurin, A stream cipher for printed electronics rfid tags,
C. Vikkelsoe, Present: An ultra-lightweight block ci- in: IEEE International Conference on RFID (IEEE
pher, in: P. Paillier, I. Verbauwhede (Eds.), CHES, RFID 2011), Orlando, Florida, USA, 2011.
Vol. 4727 of Lecture Notes in Computer Science, [58] D. Watanabe, T. Owada, K. Okamoto, Y. Igarashi,
Springer, 2007, pp. 450–466. T. Kaneko, Update on enocoro stream cipher, in:
[41] C. D. Cannire, O. Dunkelman, M. Knezevic, Katan ISITA, IEEE, 2010, pp. 778–783.
and ktantan - a family of small and efficient [59] C. Manifavas, G. Hatzivasilis, K. Fysarakis,
hardware-oriented block ciphers, in: C. Clavier, K. Rantos, Lightweight cryptography for embedded
K. Gaj (Eds.), CHES, Vol. 5747 of Lecture Notes systems - a comparative analysis, in: DPM/SETOP,
in Computer Science, Springer, 2009, pp. 272–288. 2013, pp. 333–349.
[42] G. N. Khan, J. Yu, F. Yuan, Xtea based secure au- [60] A. Bogdanov, G. Leander, C. Paar, A. Poschmann,
thentication protocol for rfid systems., in: H. Wang, M. J. B. Robshaw, Y. Seurin, Hash functions and
J. Li, G. N. Rouskas, X. Zhou (Eds.), ICCCN, IEEE, rfid tags: Mind the gap, in: E. Oswald, P. Rohatgi
2011, pp. 1–6. (Eds.), CHES, Vol. 5154 of Lecture Notes in Com-
[43] 3rd Generation Partnership Project, Specification of puter Science, Springer, 2008, pp. 283–299.
the 3GPP Confidentiality and Integrity Algorithms [61] A. Shamir, Squash - a new mac with provable secu-
- Document 2: KASUMI Specification (Release 6), rity properties for highly constrained devices such as
Tech. Rep. 3GPP TS 35.202 V6.1.0 (2005-09) (2005). rfid tags, in: K. Nyberg (Ed.), FSE, Vol. 5086 of Lec-
[44] J. G. 0001, T. Peyrin, A. Poschmann, M. J. B. Rob- ture Notes in Computer Science, Springer, 2008, pp.
shaw, The led block cipher, in: B. Preneel, T. Takagi 144–157.
(Eds.), CHES, Vol. 6917 of Lecture Notes in Com- [62] E. B. Kavun, T. Yalin, A lightweight implementation
puter Science, Springer, 2011, pp. 326–341. of keccak hash function for radio-frequency identifi-
[45] Z. Gong, S. Nikova, Y. W. Law, Klein: A new fam- cation applications, in: S. B. O. Yalcin (Ed.), RFID-
ily of lightweight block ciphers, in: A. Juels, C. Paar Sec, Vol. 6370 of Lecture Notes in Computer Science,
(Eds.), RFIDSec, Vol. 7055 of Lecture Notes in Com- Springer, 2010, pp. 258–269.
puter Science, Springer, 2011, pp. 1–18. [63] M. O’Neill, M. J. B. Robshaw, Low-cost digital signa-
[46] K. Shibutani, T. Isobe, H. Hiwatari, A. Mitsuda, ture architecture suitable for radio frequency identifi-
T. Akishita, T. Shirai, Piccolo: An ultra-lightweight cation tags, IET Computers and Digital Techniques
blockcipher, in: B. Preneel, T. Takagi (Eds.), CHES, 4 (1) (2010) 14–26.
Vol. 6917 of Lecture Notes in Computer Science, [64] J.-P. Aumasson, L. Henzen, W. Meier, M. Naya-
Springer, 2011, pp. 342–357. Plasencia, Quark: A lightweight hash, in: S. Man-
A Roadmap for Security Challenges in Internet of Things 29
structure to the internet of things, IEEE Communi- policy attribute-based encryption, in: Proceedings
cations Letters 15 (11) (2011) 1193–1195. of the 2007 IEEE Symposium on Security and Pri-
[137] M. Nitti, R. Girau, L. Atzori, A. Iera, G. Morabito, vacy, IEEE Computer Society, 2007, pp. 321–334.
A subjective model for trustworthiness evaluation in [152] G. Bianchi, A. T. Capossele, C. Petrioli, D. Spenza,
the social internet of things, in: PIMRC, IEEE, 2012, Agree: exploiting energy harvesting to support data-
pp. 18–23. centric access control in {WSNs}, Ad Hoc Networks
[138] C. Pastrone, D. Rotondi, A. Skarmeta, H. Sund- 11 (8) (2013) 2625 – 2636.
maeker, O. Vermesan, S. Ziegler, P. T. Kirstein, [153] J. B. Dennis, E. C. Van Horn, Program-
S. Varakliotis, A. Al-Hezmi, Z. Xueli, L. Yang, T. Ye, ming semantics for multiprogrammed computa-
X. Pengfei, W. Dongya, Z. Xu, M. Wenjing, Internet tions, Commun. ACM 9 (3) (1966) 143–155.
of things, eu-china joint white paper on internet-of- doi:10.1145/365230.365252.
things identification, Tech. rep., European Research URL http://doi.acm.org/10.1145/365230.365252
Cluster on the Internet of Things (November 2014). [154] N. R. P. Parikshit N. Mahalle, Bayu Anggorojati,
[139] P. Peris-Lopez, J. C. H. Castro, J. M. Estvez- R. Prasad, Identity authentication and capability
Tapiador, A. Ribagorda, An ultra light authentica- based access control (iacac) for the internet of things,
tion protocol resistant to passive attacks under the Journal of Cyber Security and Mobility 1 (4) (2013)
gen-2 specification, J. Inf. Sci. Eng. 25 (1) (2009) 309–348.
33–57. [155] B. Anggorojati, P. Mahalle, N. Prasad, R. Prasad,
[140] J. Miao, L. Wang, Rapid identification authentica- Capability-based access control delegation model on
tion protocol for mobile nodes in internet of things the federated iot network, in: Wireless Personal Mul-
with privacy protection, JNW 7 (7) (2012) 1099– timedia Communications (WPMC), 2012 15th Inter-
1105. national Symposium on, 2012, pp. 604–608.
[141] N. P. S. Ian F. Blake, Gadiel Seroussi, Advances in [156] N. R. P. Parikshit N. Mahalle, Bayu Anggorojati,
Elliptic Curve Cryptography, London Mathematical R. Prasad, Identity establishment and capability
Society Lecture Note Series, Springer, 2005. based access control (iecac) scheme for internet of
[142] S. B. Tom J. Kamierski, Energy Harvesting Systems: things, in: Wireless Personal Multimedia Commu-
Principles, Modeling and Applications, Springer, nications (WPMC), 2012 15th International Sympo-
2010. sium on, 2012, pp. 187–191.
[143] D. N. Duc, J. Kim, K. Kim, Scalable grouping-proof [157] L. H.-R. Jose, J. J. Antonio, M. Leandro, F. S. Anto-
protocol for rfid tags, in: Proceedings of the Sym- nio, Distributed capability-based access control for
posium on Cryptography and Information Security, the internet of things, Journal of Internet Services
Takamatsu, Japan, 2010. and Information Security (JISIS) 3 (3-4) (2013) 1–
[144] W.-T. Ko, S.-Y. Chiou, E.-H. Lu, H. K.-C. Chang, A 16.
privacy-preserving grouping proof protocol based on [158] P. Mahalle, P. Thakre, N. Prasad, R. Prasad, A
ecc with untraceability for rfid, Applied Mathematics fuzzy approach to trust based access control in inter-
3 (4) (2012) 336–341. net of things, in: Wireless Communications, Vehic-
[145] G. P. Hancke, Design of a secure distance-bounding ular Technology, Information Theory and Aerospace
channel for rfid, J. Network and Computer Applica- Electronic Systems (VITAE), 2013 3rd International
tions 34 (3) (2011) 877–887. Conference on, 2013, pp. 1–5.
[146] A. Fernndez-Mir, R. Trujillo-Rasua, J. Castell-Roca, [159] S. T. Tim Polk, Security challenges for the internet
J. Domingo-Ferrer, A scalable rfid authentication of things, in: Workshop on Interconnecting Smart
protocol supporting ownership transfer and con- Objects with the Internet, 2011.
trolled delegation, in: A. Juels, C. Paar (Eds.),
RFID. Security and Privacy - 7th International
Workshop, RFIDSec 2011, Amherst, USA, June 26-
28, 2011, Revised Selected Papers, Vol. 7055 of Lec-
ture Notes in Computer Science, Springer, 2011, pp.
147–162.
[147] J. B. Rachel Greenstadt, Cognitive security for per-
sonal devices, in: ACM Workshop on Artificial Intel-
ligence and Security, ACM Conference on Computer
and Communications Security, ACM, 2008, pp. 27–
30.
[148] S. Gusmeroli, S. Piccione, D. Rotondi, A capability-
based security approach to manage access control in
the internet of things, Mathematical and Computer
Modelling 58 (5Ű6) (2013) 1189 – 1205, the Mea-
surement of Undesirable Outputs: Models Develop-
ment and Empirical Analyses and Advances in mo-
bile, ubiquitous and cognitive computing.
[149] J. Liu, Y. Xiao, C. P. Chen, Internet of things’ au-
thentication and access control, Int. J. Secur. Netw.
7 (4) (2012) 228–241.
[150] I. Bouij-Pasquier, A. A. Ouahman, A. A. E. Kalam,
M. O. de Montfort, Smartorbac security and privacy
in the internet of things, in: 12th IEEE/ACS
International Conference of Computer Systems
and Applications, AICCSA 2015, Marrakech,
Morocco, November 17-20, 2015, 2015, pp. 1–8.
doi:10.1109/AICCSA.2015.7507098.
URL http://dx.doi.org/10.1109/AICCSA.2015.
7507098
[151] J. Bethencourt, A. Sahai, B. Waters, Ciphertext-