IoT Security Roadmap 2018

Download as pdf or txt
Download as pdf or txt
You are on page 1of 31

Author’s Accepted Manuscript

A Roadmap for Security Challenges in Internet of


Things

Arbia Riahi Sfar, Enrico Natalizio, Yacine Challal,


Zied Chtourou

www.elsevier.com/locate/dcan

PII: S2352-8648(17)30021-4
DOI: http://dx.doi.org/10.1016/j.dcan.2017.04.003
Reference: DCAN81
To appear in: Digital Communications and Networks
Cite this article as: Arbia Riahi Sfar, Enrico Natalizio, Yacine Challal and Zied
Chtourou, A Roadmap for Security Challenges in Internet of Things, Digital
Communications and Networks, http://dx.doi.org/10.1016/j.dcan.2017.04.003
This is a PDF file of an unedited manuscript that has been accepted for
publication. As a service to our customers we are providing this early version of
the manuscript. The manuscript will undergo copyediting, typesetting, and
review of the resulting galley proof before it is published in its final citable form.
Please note that during the production process errors may be discovered which
could affect the content, and all legal disclaimers that apply to the journal pertain.
Digital Communications and Networks(DCN)

journal homepage: www.elsevier.com/locate/dcan

A Roadmap for Security Challenges


in Internet of Things

Arbia Riahi Sfarab , Enrico Nataliziob , Yacine Challalc , Zied Chtouroua


a VRIT Lab - Military Academy, Nabeul, Tunisia
b Sorbonne universites, Universite de technologie de Compiegne, CNRS, Heudiasyc UMR 7253, CS 60319 ;
60203 Compiegne Cedex, France
c Laboratoire de Methodes de Conception de Systemes (LMCS), Ecole Nationale Superieure d’Informatique (ESI),

Centre de Recherche sur l’Information Scientifique et Technique (CERIST) Algiers, Algeria

Abstract
Unquestionably, communicating entities (objects, or things) in the Internet of Things (IoT) context, are acquir-
ing an active role in human activities, systems and processes. The high connectivity of intelligent objects and
their severe constraints lead to many security challenges, which are not included into the classical formulation of
security problems and solutions. "Security Shield for Internet of Things" has been identified by DARPA (Defense
Advanced Research Projects Agency) as one of the four projects with a potential broader impact larger than
the Internet itself 1 . To help interested researchers to contribute to this research area, an IoT security roadmap
overview is presented in this work based on a novel cognitive and systemic approach. The role of each component
of the approach will be explained and interactions with the other main components of the proposed scheme and
their impact on the overall system will be detailed. A case study will be presented to highlight components and
interactions of the systemic and cognitive approach. Then, security questions about privacy, trust, identification
and access control will be discussed. According to the novel taxonomy of IoT framework, different research chal-
lenges will be highlighted, important solutions and research activities will be exposed, and interesting research
directions will be proposed. In addition, current standardization activities will be surveyed and discussed to
ensure security of IoT components and applications.

© 2017 Published by Elsevier Ltd.


KEYWORDS:
Internet of Things, Systemic and cognitive approach, Security, Privacy, Trust, Identification, Access Control.

1. Introduction The concept of the Internet of Things (IoT) was


introduced in 1999 [1], after the explosion of the
The long history of the Internet started in wireless devices market, and the introduction of
the 1950s following the development of electronic the Radio Frequency Identification (RFID) and
computers. Packet switched networks as the the Wireless Sensor Networks (WSN) technologies.
ARPANet were developed in the 1960s and the IoT concept aims at connecting anything, anyone,
1970s by using a variety of protocols to join to- at anytime in anyplace. It involves things or ob-
gether separate networks. In the 1980s, the In- jects such as sensors, actuators, RFID tags and
ternet protocol suite (TCP/IP) was standardized, readers, to permit interaction between the phys-
and the concept of the Internet as a world wide ical and virtual worlds. An illustrative example
network was introduced. In the 1990s, thanks to of IoT application in a smart factory is shown
the introduction of almost instantaneous commu- in figure 1. In this system, we can distinguish
nications, the Internet has led to a real revolution four main components: person, process, techno-
of everyday life domains shown in a wide variety logical ecosystem and intelligent objects. Defi-
of popular networked applications.
A Roadmap for Security Challenges in Internet of Things 3

nitions, roles and interactions between these ele- ing SCADA systems in different countries was led
ments are given in Section 3. at McAfee enterprise, and showed that most facil-
In 2011, the number of interconnected systems ities were victims of cyber attacks [3].
exceeded the number of human beings [1]. In
2012, 9 billion of devices were interconnected; this Unquestionably, many challenging security is-
number is expected to reach 24 billion devices sues must be addressed before making the IoT
in 2020 [1]. The financial market size is around vision a reality. We need to answer important
the amount of 1.3 trillion dollars for mobile net- questions about enabling IoT while guaranteeing
work operators in various domains and applica- aspects as trust, security, and privacy. We led
tions like healthcare, transportation, public ser- this work to help those who are interested in the
vices and electronics [1]. development and the improvement of this domain.
As an extension of the classical Internet frame- Different surveys have already been proposed, but
work and technology, previous security models they are mainly based either on a broader vi-
should be applicable to the IoT to guarantee ba- sion that includes "Things"-oriented, "Internet"-
sic security services including authentication, con- oriented and "Semantic"-oriented visions, or on a
fidentiality, integrity, non-repudiation, access con- layered vision, whereas the purpose of our work
trol and availability. However, IoT is constrained is to offer a roadmap that considers systemic and
by many new factors. First, numerous things may cognitive approach of IoT. This is useful especially
interact together in a complex manner, through when we consider the complexity, variability, inter-
many security techniques and according to dif- actions and constraints of IoT components. De-
ferent policy requirements [2]. Second, IoT de- spite of its theoretical rigor limitation, our vision
vices can have different operation environments remains an adequate choice for decision making,
and, usually, limited computational power. Third, since we consider overall system operation.
some IoT applications can foresee the participa-
tion of a huge number of nodes leading to seri-
ous security problems. As a consequence, security The main contribution of this work is fourfold:
challenges became more difficult to fulfill as it is (a) we propose a classification of different surveys
hard to develop a generic "one fits all" security based on IoT vision and security issues; (b) we
strategy or model. Consequently, "Security Shield detail our systemic and cognitive approach for
for Internet of Things" has been identified in 2014 IoT, which was introduced in [4], [5]; (c) we re-
by DARPA (Defense Advanced Research Projects port and analyze the state-of-the-art of IoT se-
Agency) as one of the four projects with a poten- curity research activities, and present the major
tial broader impact larger than the Internet itself. technological solutions and projects according to
the systemic and cognitive approach; and (d) we
Also, the evolution from closed or limited-access
show the main standardization activities related
networks to open ones increased the need for se-
to IoT security. We believe that our effort is inter-
curity alarms to protect interconnected devices
esting as it grants particular attention to interac-
from intrusions. Many attacks can occur in
tions among system elements and their effects on
IoT: message modification and/or alteration, traf-
the overall system. Also, by using a systemic and
fic analysis, Denial of Service (DoS), Distributed
cognitive approach, we look at the results coming
DoS, eavesdropping, Sybil attack, etc. Concretely,
from system behaviors and compare them to real-
many real attacks were led in the latest period.
life results to validate models and practices.
An example of attack related to the IoT was led
against Supervisory Control and Data Acquisition
(SCADA) systems which aim to facilitate the man- Section 2 shows the related work, and highlights
agement of remote systems by issuing real-time our contribution in respect of other existing sur-
supervisory commands over communication chan- veys. Section 3 presents the systemic and cogni-
nels [3]. As a result of commercial availability of tive approach of IoT that we use as a basis for
cloud computing, these systems became progres- our actual work. Section 4 shows how the pre-
sively used by IoT technology to decrease infras- sented model may be easily adapted to any real
tructure fees and facilitate maintenance and inte- environment, by using it for smart manufacturing
gration operations. In [3], authors highlighted sev- to improve productivity. Section 5 presents solu-
eral security vulnerabilities and possible attacks of tions and projects related to IoT security field and
these systems (Denial of Service, SQL Injection, classify them according to different taxonomies,
Buffer Overflow, and many others). The British and, for each main research axis, highlights new re-
Columbia Institute of Technologies Internet En- search directions. Section 6 details the main stan-
gineering Lab (BCIT/IEL) has recorded a list of dardization activities in IoT security field. Section
over than 120 events since the project’s initiation. 7 discusses IoT security evolution and concludes
Another analysis of 200 IT security executives us- the paper.
4 Arbia Riahi Sfar, et al.

Intelligent
Object
Technogical
Ecosystem

Person
Process

Fig. 1: A smart factory environment composed of person, smart object, process and technological ecosystem as the main
elements of our systemic and cognitive approach for security in the Internet of Things. (©http://www.moxa.com.)

2. Related work IoT is made up of three main levels: anything com-


municates, anything is identified, and anything in-
In the last few years, many surveys were pub- teracts. They focused their research challenges on
lished to emphasize the advancement of research (1) computing, communication and identification
activities in IoT framework [6, 1, 7, 8, 9, 10]. They technologies, (2) distributed systems technology,
mainly focus on general issues of IoT fundamen- and (3) distributed intelligence. D. Miorandi et
tals or models. Security concerns were presented al. said that many challenges arise in security
as a part of each survey and treated in a generic but they identified only three key issues to be in-
manner and security and privacy are often shown novated: data confidentiality, privacy and trust.
jointly as a unique concept. Unfortunately, as il- They did not grant adequate attention to authen-
lustrated in table 1, none of the other surveys has tication, integrity and access control, which were
detailed in-depth security concerns of IoT. discussed superficially and considered as parts of
In "The Internet of Things: A survey" [6], au- the key issues defined by authors.
thors aimed to present the different visions of IoT In "Internet of Things (IoT): A Vision, Archi-
paradigm: "Things"-oriented, "Internet"-oriented tectural Elements, and Future Directions" [1], au-
and "Semantic"-oriented visions. They reported thors presented a cloud centric vision for IoT and
the enabling technologies including identification illustrated the enabling technologies and applica-
techniques, sensors and communication technolo- tion domains of the future. They proposed many
gies and middleware features. Then, many appli- research issues based on [11]. Authors did not go
cations of IoT are proposed in various fields such in depth concerning security research issues and
as transportation, logistics, healthcare, smart en- they were limited to superficial questions regard-
vironment, personal and social domains. From a ing privacy and identity protection.
security point of view, they focused on authenti- In "The Internet of Things: A Survey from the
cation and data integrity concerns, and proposed Data-Centric Perspective" [8], authors detailed
research directions for problems such as proxy at- data mining and management in IoT according
tack and man-in-the-middle attack. Concerning to the same visions as [6]. They focused essen-
privacy, they suggested to develop new software tially on (1) networking issues, including effects
applications to control access to personal data dur- on data collection, RFID technology, sensor net-
ing their life cycle. Although the survey is com- works and mobile connectivity; and (2) data man-
plete and interesting, it does not provide enough agement and analysis including data cleaning, se-
details about security challenges in IoT. mantic web, real-time and big data analysis, crawl-
In "Internet of things: Vision, applications and ing and searching the IoT. In this survey, security
research challenges" [7], authors considered that concerns are detailed only from a privacy point
A Roadmap for Security Challenges in Internet of Things 5

of view, and other relevant security issues were authors adopted an open IoT vision and consid-
neglected. ered a set of intelligent objects that cooperate to
In "Towards Internet of Things: Survey and accomplish a common objective. In their vision,
Future Vision" [9], authors proposed different ar- they considered that, from a technological point
chitectures of IoT, and discussed new research of view, IoT deployments may involve diverse con-
challenges. They detailed the 3-Layer and 5- ceptions, technologies, implementations and archi-
Layer architectures and highlighted the relevant tectures to build a communication or to perform a
research challenges in communications problems process. They divided security aspects into three
(QoS, huge number of objects, transport control categories: security requirements (authentication,
protocol, real time objects detection, etc.), and confidentiality and access control), privacy, and
information gathering problems (massive informa- trust. The main limitation of this work is the
tion, and security and privacy problems). Authors taxonomy of IoT which remains unclear and, con-
were limited to physical security and privacy is- sequently, the lack of classification of the listed re-
sues and they treated security problems superfi- search activities according to a clear sorting logic.
cially without presenting any possible solutions. In 2016, the SANS institute published an inter-
In "Context Aware Computing for The Inter- esting survey: "Securing the Internet of Things
net of Things: A Survey" [10], authors proposed Survey" [14], to reveal the opinion of the security
a context awareness for IoT framework and gave community about IoT security state in the present
a deep analysis of context life cycle (techniques, and in the future by interrogating security person-
methods, models, functionalities, systems, appli- nel active in the IT field. By the end of this survey,
cations, and middleware solutions) by studying the author concluded that most of respondents ex-
a set of 50 projects during the decade between pected IoT device producers to grant more interest
2001 and 2011. Then, according to their taxon- to security concerns than other IT systems.
omy, they proposed a number of possible research Finally, we cite the survey "Internet of Things:
directions based on emerging IoT issues. In this A Review of Surveys Based on Context Aware In-
survey, authors suggested that security and pri- telligent Services" [15] which presented the current
vacy issues are addressed at the middleware level, IoT technologies, approaches and models to find
and at several layers of the model (sensor hard- out new data-related challenges. The paper pro-
ware, sensor data communication, context annota- posed well integrated and context aware intelli-
tion and context discovery, context modeling and gent services for IoT. Authors focused on social
the context distribution layers) in order to gain network and IoT integration in the emerging con-
trust from IoT users. This survey dealt with se- text of Social Internet of Things (SIoT). Security
curity as an orthogonal issue among many others, aspects were considered by authors during their
but no particular attention was given to real re- survey but were not discussed separately.
search activities in this field. It is clear that all of the aforementioned sur-
In "Security for the Internet of Things: A Sur- veys either did not consider security in the IoT
vey of Existing Protocols and Open Research is- framework as a priority or were limited to a part
sues" [12], published in 2015, J. Granjal et al. pro- of its issues. In our work, we consider different
posed a deep analysis of existing protocols and se- IoT threats and focus on many areas such as pro-
curity mechanisms of communications in IoT and tocol and network security, data privacy, identity
present different open research issues. For their management, trust and governance, fault toler-
presentation, authors adopted a standardized 5- ance, dynamic trust, security, and privacy man-
layer protocol stack and considered security re- agement. More than offering a classic survey, our
quirements and solutions for each layer. This work intent is to present a roadmap for designers and
focused exclusively on security issues based on practitioners of IoT to provide supplementary ef-
some standardization efforts performed by IEEE forts in different and interesting areas to improve
and IETF including IEEE 802.15.4, CoAP, 6loW- IoT security features. To this end, we proposed a
PAN, RPL and CORE. Unfortunately, authors ne- systemic and cognitive approach for IoT security
glected many other important standards in the to cover all these aspects in a consistent frame-
same area such as IoT-A reference model, P2413 work [16]. Compared to the layered approach, our
(IEEE), oneM2M project, and ETSI efforts (TC vision is more convenient and flexible for making
M2M, and TC ITS) as explained in section 6. decisions while the whole system is accomplishing
Their work remained dependent on a limited num- a given action. We handle security issues that
ber of standards and was not sufficiently open to may occur to interactions among all the system
other efforts. elements, and analyze their consequences on the
Another survey was published in 2015, from S. global system. We concentrate our analysis to spe-
Sicari et al. entitled "Security, privacy and trust cific interactions which are directly related to se-
in Internet of Things: The road ahead" [13] where curity: privacy, trust, identification, and access
6 Arbia Riahi Sfar, et al.

Table 1: Surveys on Internet of Things.

Survey CitationYear IoT vision Security issues


Things-oriented, Identification,
The Internet of Things: A
[6] 2010 Internet-oriented and authentication, integrity,
survey
Semantic-oriented privacy, trust
Internet of Things (IoT): Identification,
A Vision, Architectural [1] authentication, integrity,
2012 Cloud centric vision
Elements,and Future privacy
Directions
Internet of things: Vision, anything communicates,
Data confidentiality,
applications and research [7] 2012 anything is identified, and
privacy, trust
challenges anything interacts
The Internet of Things: A Things-oriented,
Identification, integrity,
Survey from the [8] 2013 Internet-oriented and
privacy
Data-Centric Perspective Semantic-oriented
Towards Internet of
3-Layer architecture,
Things: Survey and [9] 2013 Physical security, privacy
5-Layer architecture
Future Vision
Things to be connected
Context Aware
Anytime, Anyplace, with
Computing for The Identification, privacy,
[10] 2013 Anything and Anyone,
Internet of Things: A trust
using Any path, network
Survey
and Any service.
Security for the Internet
Authentication, integrity,
of Things: A Survey of
[12] 2015 5-Layer architecture confidentiality, trust,
Existing Protocols and
access control
Open Research issues
A collection of smart Privacy, trust, integrity,
Security, privacy and
devices that interact on a confidentiality,
trust in Internet of [13] 2015
collaborative basis to identification,
Things: The road ahead
fulfill a common goal authentication
Securing the Internet of Authentication, access
[14] 2016 any-to-any connectivity
Things Survey control, confidentiality
Internet of Things: A Different perspectives:
Privacy, integrity, access
Review of Surveys Based services, connectivity,
[15] 2016 control, trust,
on Context Aware communication and
identification.
Intelligent Services networking viewpoints.
- - Systemic and cognitive Identification, access
Our work
approach control, trust, privacy
A Roadmap for Security Challenges in Internet of Things 7

control. We consider that other interactions (auto- management, according to Plan-Do-Check-Act ap-
immunity, safety, reliability and responsibility) are proach described in ISO/IEC 27000-series2 .
considered during the system design phase, and
do not involve enhancing technologies; and then 3.1.2. Process
remain out of the scope of this work. is about procedures, means or ways to perform
tasks within IoT framework with respect to spe-
3. A systemic and cognitive approach for cific security policy. Processes must thoroughly
the IoT fit the requirements of policies, standards, strate-
gies, procedures and other specific documentation
In [5], authors proposed a holistic view of IoT or regulation to guarantee the expected security
suggesting a systemic and cognitive approach for level for every IoT architectural components.
IoT security. The main idea is originally inspired
from [17], where L. Kiely et al. proposed a sys- 3.1.3. Intelligent object
temic security management system for all types of encompasses various devices with communica-
organizations beginning with the micro level. As tion capabilities regardless of their processing
shown in figure 2, our illustration of the IoT con- power, memory or energy as tags, sensors, actu-
text is described by a tetrahedron-shaped scheme ators, etc. Objects can be deployed to work au-
built around four nodes: person, process, intel- tonomously, as is the case of phase meters for a
ligent object and technological ecosystem. The smart grid, or as part of a more complex system
presence of the intelligent object in this system such as a thermostat in HVAC (Heating Venti-
increases the complexity of the control process lation and Air Conditioning) system. Designers
in the resulting computing environment which of these objects have to deal with their pervasive
may include humans, computers, sensors, RFID character to comply with specific security levels.
tags, network equipments, communication proto-
cols, system software, and applications. Edges 3.1.4. Technological ecosystem
between intelligent object and people nodes be- It stands for technological solutions to guaran-
come hard to handle due to the large number of tee efficient functioning and acceptable IoT se-
involved entities (objects and/or persons) and the curity level including joining applications, com-
variation of security requirements. These connec- mand and control processing, routing and secu-
tions are dynamic and complex; follow the envi- rity. An extensive, reusable and accessible ecosys-
ronment characteristics and play a key role of co- tem is highly recommended to help the develop-
operation/conflict between nodes [16]. Nodes are ment of IoT nodes and applications. To guar-
connected to each other and their interactions are antee a generic and efficient secure technological
represented by seven edges: trust, privacy, identi- ecosystem, the following aspects need to be con-
fication and access control, safety, reliability, auto sidered: (1) design and configuration of security
immunity and responsibility. In the following, we procedures, (2) identification and authorization of
will provide detailed definition of each of the tetra- involved entities, (3) precision of internal and ex-
hedron nodes and edges. The relevant research ternal security perimeters, and (4) protection of
issues will be presented in section 5. the physical environment. Practically, in a real im-
plementation of a technological ecosystem, many
3.1. Nodes issues have to be handled concerning communica-
3.1.1. Person tions infrastructures and protocols, system archi-
symbolizes the human resources and related se- tecture, implemented algorithms, access control
curity issues. As the IoT context is character- methods, etc. As data and commands may be re-
ized by its diversity and large-scaled structure, se- motely generated and handled, adequate interest
curity limitations and threats are more probable needs to be granted to communication choices.
and influenced by large numbers of persons. To
highlight the complexity of this node we should 3.2. Edges
be aware that involved persons include humans 3.2.1. Privacy
with different security background levels. This dif- depicts the edge between person and technolog-
fers according to their characters, manners, exper- ical ecosystem nodes and originates from the ne-
tise, knowledge, outlook, etc. [17]. According to cessity of protecting data related to humans. In
their roles, different types of human profiles are IoT, it is essential to fulfill privacy requirements
involved in IoT context such as consumers, end due to the omnipresence of intelligent objects, and
users, service or technology providers, etc. Con- the risk of technology mishandling by legitimate
trolled by their security and safety, we suggest
that persons, each from own perspective, have
to accomplish the tasks related to security rules 2 http://www.27000.org/
8 Arbia Riahi Sfar, et al.

Non-security tensions
Person
Security tensions

Identif.
/
Access Ctl
Privacy Safety

Int.
Object
Trust
Auto-immunity
Responsibility

Techno.
Process
EcoSys. Reliability

Fig. 2: Graphical illustration of IoT context according to its main elements (nodes) and their relationships (edges).

and/or illegitimate users. For example, we con- them easily using their identifiers. We can con-
sider a healthcare scenario where hospital employ- sider the example of vehicle control in an industry
ees need to access patient data for administrative chain where identifying connected devices (vehi-
purposes (statistics generation, patient registra- cles, products, etc.) permits their localization and
tion, billing, age, sex...) and are not allowed to tracking. Obviously, getting this type of informa-
know details about patient disease. In this situ- tion instantly can improve the global system func-
ation, privacy is about granting adequate access tioning and efficiency by immediate intervention
privileges to employees without divulging sensitive when needed. Identification affects many aspects
information. of the global IoT system including conception, ar-
chitecture, access rules, etc.
3.2.2. Trust
is the edge that links the intelligent object with 3.2.4. Reliability
the technological ecosystem. In smart environ- links process and technological ecosystem nodes
ments, IoT devices may perform various read- and depicts the probability of non-failure of the
ings (temperature, humidity, fire, pressure mea- system operation. In IoT, reliability can be con-
surements, etc.) to help decision making by ad- sidered in many cases such as handling unique
ministrators and instant reaction. This reflects and reliable addresses for entities, managing data
the necessity of trusting the involved device(s) to over the network, and effective use of intelligent
make the right assessment, and highlights the in- objects in various applications. In the systemic
teraction between entities by trusting what do and cognitive approach, we classify reliability as
they report and acting accordingly. Then, estab- a non-security edge as it is considered in the over-
lishing and managing trust in a huge number of all system designing. Although research efforts
objects in heterogeneous and large-scaled environ- in IoT reliability are still limited, we can list two
ments is a considerable challenge for researchers mains projects: NEBULA (A trustworthy, secure
and manufacturers. Trust management definition and evolvable Future Internet Architecture)3 and
and operations (establishing, updating, and revok- Soft Reliability Project4 .
ing credentials, keys and certificates) have to be
addressed as a key security issue in IoT. In our ap- 3.2.5. Safety
proach, trust establishment between objects and is largely about protecting persons and objects
persons is performed via technological ecosystems during a process execution. The software embed-
due to the involvement of human and non-human ded into autonomous objects may be the cause
entities in the global system. of a random or unpredictable behavior so it has
to be carefully checked to avoid disastrous con-
sequences for the whole system and the physical
3.2.3. Identification / Access control
stands for the edge between persons and intel-
ligent nodes, which emphasizes the mean to es- 3 http://www.nebula-fia.org/

tablish connections among entities, and retrieve 4 http://www.softreliability.org/


A Roadmap for Security Challenges in Internet of Things 9

environment. To explain the importance of safety sary to attribute responsibilities to right entities,
in IoT domain, we consider the example of digital and reactions may be taken accordingly.
cities where smart phones are more and more pow- In [16], systemic and cognitive approach is
erful tools that can be used as sensors. They must developed through identification of contextual
be capable to protect their internal and sensitive plans within the tetrahedron: safety plan, cyber-
information and can predict and prevent safety security plan, access plan, and security plan; and
issues through dedicated applications (eg. geo- edges between nodes are sorted accordingly. It is
positioning). Safety is also considered during the then put into evidence by shedding light on the se-
system design, with explains the limited related re- curity plan that involves the privacy, trust, iden-
search efforts. Three main projects may be listed: tification and access control edges. Each of the
E-Safety Project5 , e-Crime Wales6 , and Internet other plans of the tetrahedron (safety, access and
Safety Project7 . cyber-security planes) share one edge with the se-
curity plan. Thus, we suggest a by-design inclu-
3.2.6. Auto-immunity sion of security in the different aspects of IoT de-
concerns only intelligent objects as they may op- velopment.
erate in remote and/or hostile zones where risks
of physical attacks and other possible menaces be- 4. Case study: smart manufacturing
come probable (failure of communication media,
resource constraints, inadequate physical protec- To highlight the efficiency of the systemic and
tion, weakness of the trust management system, cognitive approach, we consider the case of smart
sporadic nature of connectivity, etc). In high manufacturing, where IoT applications are ex-
electromagnetic disturbance, the node function- pected to generate 1.2 to 3.7 trillion of economic
ing may be interrupted or even stopped. This in- value annually by 20258 . Concretely, IoT appli-
creases workload and battery consumption, which cations increase manufacturing productivity by
reduces service time of the wireless sensors. Also, providing a comprehensive view of the produc-
it is important to improve IoT system immunity tion chain and making instant adjustments. In
against electromagnetic interference to guarantee smart manufacturing scenario illustrated in figure
low probability of interception and low probability 3, nodes of the tetrahedron correspond to the fol-
of detection [18]. Auto-immunity deals with all of lowing actors during supply chain management
the aforementioned aspects and needs to be con- process:
sidered as a conception requirement of every IoT Process: smart manufacturing process in-
system rather than a security measure. This edge cludes supply chain management, efficient oper-
is considered at the conception phase by manufac- ation, predictive maintenance and inventory op-
turers of IoT devices to ensure a prevention tech- timization. Data collected from terminal equip-
nique for intelligent objects which may explain the ment, workers, vehicles, and other sensors are an-
limited related research efforts. Two main works alyzed to produce real-time models and control,
may be listed about artificial immunity-based se- and plan algorithms to coordinate between chain
curity [19], and immunity-based intrusion detec- components. Monitoring the status of production
tion technology [20]. equipment in real-time helps the increase of effi-
ciency and reliability, and improve overall perfor-
3.2.7. Responsibility mance.
links process to intelligent object nodes. Smart Person: to ensure the management of a large
devices may be autonomous and behave as ac- amount of heterogeneous data, manufacturing en-
tors in many cases. For example, persons may vironment involves several actors with different
grant a form of responsibility to these nodes to competences and expertise. Depending on their
perform a precise action as responsibility for risk interest, qualifications and ability to act in a re-
and vulnerabilities management of these products flective and autonomous way, persons needed in
[21]. We consider a smart refrigerator, which is smart manufacturing context may be engineers,
able to know the list of the stored aliments, and workers, managers, suppliers, consumers, tele-
autonomously order new products. This device be- operators (conferencing, maintenance, etc.).
comes responsible for product ordering which may Intelligent object: involved devices in smart
facilitate the task of its proprietor. But in case of manufacturing include physical components (me-
intentional or accidental dysfunction (bad prod- chanical, electrical pieces), intelligent components
ucts details, quantity problems, etc.), it is neces- (sensors, actuators, microprocessors, software, em-
bedded operating system) and connectivity com-
ponents (wireless connectivity, ports, antennas).
5 http://www.em-esafetyproject.co.uk/
6 http://www.ecrimewales.com/
7 http://www.internetsafetyproject.org/ 8 http://www2.itif.org/
10 Arbia Riahi Sfar, et al.

Non-security tensions
Engineers
Security tensions

Identif./Access Ctl Safety


of engineers/sensors of engineers during
in restricted areas
Privacy the chain process
of details about supply
chain process

Sensors
Trust Responsibility
between sensors liability of intelligent object
and engineers during the supply chain process
Auto-immunity
resistence to interference
and jamming Supply
Inf. & com. chain
tech. Reliability management
of collected information
by sensors during supply chain

Fig. 3: Actors (nodes) and interactions (edges) in IoT context during supply chain management.

Explosion of sensor technologies has made every lishment will depend on two factors: the ability of
manufacturing process and component a potential intelligent object to protect itself in hostile envi-
data source. For example, sensors may be used to ronments, and person’s ability to interrogate the
monitor humidity conditions during vehicle paint- node to see if it is still trustworthy.
ing, and enable real-time monitoring by adjusting Reliability: focuses on reliability of informa-
ventilation systems. tion collected and results reported by technolog-
Technological ecosystem: innovations pro- ical ecosystem during the manufacturing process.
vide many opportunities to develop new products This requires effective means of sensing, metrol-
and corporate models, multiply economic benefits ogy, calibration, signal processing, diagnostics,
and facilitate greater employee engagement. In anomaly detection, maintenance, etc. In addition,
smart manufacturing, examples of these ecosys- automatic, flexible and adaptive control mecha-
tems may concern control technologies (sensors, nisms need to be developed to obtain a higher de-
actuators), cognition-based intelligence (machin- gree of the overall system reliability.
ery, robots), human-machine interaction, continu- Safety: focuses on several operations such as
ous monitoring, energy technologies, information control, command, surveillance, communications,
and communication technologies, etc. intelligence, reconnaissance, etc. It aims to meet
Privacy: aims to reduce the risk of privacy the need for intelligent objects, ensure their whole
disclosure of sensitive data (financial, technical life cycle safety, and improve persons safety by
or personal details) when exchanged with techno- reducing injuries and fatalities during the man-
logical ecosystem (radio link). Data control tech- ufacturing process. In this context, IoT may
niques such as anonymization, encryption, aggre- be applied to devices and employees (RFID tags,
gation, integration and synchronization may be badges) to alert or even power off equipment if a
used to hide these data while providing essential physical attack occurs.
information usable for the relevant applications. Auto-immunity: deals with the way to protect
Identification / Access control: consist intelligent objects from physical attack in harsh
of controlling illegitimate intrusions of per- environments and providing sufficient resistance
sons/objects in restricted areas. It may concern with the ability to self-monitor and reporting. It
identification and localization of vehicles, mea- also focuses on better immunity of intelligent ob-
surement of humidity and temperature, tracking jects and communication channels towards inter-
of products, surveillance parameters management ference and jamming.
in sensitive areas, etc. Responsibility: handles liability of intelligent
Trust: concentrates on soft security (techno- object to perform a precise process. In manufac-
logical ecosystem) to establish mutual trust be- turing scenario, IoT devices must answer only au-
tween intelligent objects and persons, to create thorized reader’s request. If a strategic change
security guarantees and transparency. This leads occurs, the responsibility for monitoring would
the global system to make timely and trusted in- change automatically, and responsibilities are dis-
formation available where it is needed, when it is tributed across multiple intelligent objects to per-
needed, and to those who need it. Trust estab- form new processes. Consequently, it is the re-
A Roadmap for Security Challenges in Internet of Things 11

sponsibility of the whole system to maintain a pseudo random number generator functions, and
consistent task agenda by inserting missing ac- lightweight public key primitives. These tech-
tions, guaranteeing general domain knowledge and niques are generally combined to provide the re-
causality, and so on. quired level of privacy depending on the sensitiv-
ity of data, network settings, and application and
5. Roadmap overview of Security-related users requirements.
edges Access privacy emphasizes the manner how peo-
ple can access to personal information. It is impor-
In this section, we will survey security related tant to highlight the need for efficient policies and
edges: privacy, trust, identification and access con- mechanisms to manage different types of data and
trol, present the current state of the art and pro- fit various situations in IoT contexts. This group
pose possible research issues. may include blocking approaches, lightweight pro-
tocols and data sharing, and accessing techniques.
5.1. Privacy
Information privacy means that the user is able
Data privacy
to control when, how, and to what limit personal
important research results can be divided
information will be collected, used, and shared. It
into six categories: anonymization based tech-
can affect user confidence and people’s lives. In an
niques, block ciphers, stream ciphers, hash func-
IoT environment, connected systems may commu-
tions, lightweight pseudo-random number gener-
nicate with each other, transmit collected, treated
ator functions, and lightweight public key prim-
or control exchanged data. The capabilities of sys-
itives. Figure 4 represents the chronological
tem’s connections during various processes imply
progress of research efforts in this domain.
many security and privacy issues in the dynamic
world of IoT, regarding constraints of maintaining
the meaning of the handled information. Anonymization-based solutions
aim to guarantee data privacy-preservation and
5.1.1. State of the art and taxonomy include k-anonymity, l-diversity and t-closeness.
In ubiquitous computing systems, sensitive data K-anonymity focus on the manner how data hold-
can be stored in a distributed manner. It is impor- ers can issue their private data without any risk of
tant to set up an adequate control mechanism, to re-identification of data subjects. A formal protec-
control and manage data disclosure to third par- tion model for sensitive data ensures that informa-
ties according to information sensitivity. Privacy tion for each person cannot be differentiated from
for end-users is a very complex issue because it that belonging to a group of at least (k − 1) indi-
involves interactions with all of the different sys- viduals [24].
tem components, and it cuts across all the lay- The principle of k-anonymization consists of
ers of the systems structure. Obtaining and an- representing a database as a table with n rows
alyzing all these properties denotes a significant and m columns. Each row depicts an entry asso-
research challenge. Two comprehensive surveys ciated with a precise member of the population,
about challenges and opportunities in big privacy the entries are not necessarily unique. Columns
can be found in [22] and [23] where authors re- of the table correspond to various attributes of
viewed the milestones of research activities of big different members of the population. To accom-
data privacy, and debated the challenges and op- plish k-anonymity, two methods may be used: (1)
portunities from various perspectives. suppression, where some values of the attributes
To address a consistent roadmap overview for are replaced by an asterisk ’*’; and in one column,
the different research achievements and projects all or some values can be replaced by ’*’; and (2)
in IoT privacy concerns, we can distinguish two generalization, where personal values of attributes
main axes: data privacy and access privacy, as are replaced by values in a broader category (ex.
illustrated in figure 5. if the attribute ’age’ is considered, the value of ’21’
Data privacy must be considered throughout can be replaced by ’6 25’ expression).
different phases of data usage, including collection, In IoT environments, k-anonymity may be used
transmission, and storage. During data collection for intelligent objects localization to improve loca-
and transmission, we need to focus on network- tion privacy [25]. This can solve security problems
ing issues and technologies as RFID, WSN, and related to the use of a third party service for obfus-
mobile connectivity. In storage and processing cation, difficulty of managing several k-anonymity
phase at collection nodes, guaranteeing data con- groups for different queries, and infeasibility of us-
fidentiality and integrity, and implementing ade- ing global GPS coordinates indoor. Another pro-
quate security techniques must take place. Ef- posal is to use a tree based location privacy ap-
fective solutions include anonymization, block ci- proach against multi-precision continuous attacks,
phers, stream ciphers, hash functions, lightweight based on new location query approach supporting
12 Arbia Riahi Sfar, et al.

Fig. 4: Timeline of algorithms and research activities in IoT privacy.

K-anonymity

Anonymization based
(privacy preservation) L-diversity

T-closeness

Data privacy Conventional cryptography Block ciphers

Symmetric algorithms
Encryption based
Stream ciphers
Asymmetric algorithms
Lightweight primitives

Hash functions

IoT privacy solutions


Pseudo-random generators

kill command
Blocking approaches

Data collection locking and unlocking mechanisms

Access privacy Lightweight protocols

Data aggregation

Platform for Privacy Preferences (P3P)


Data sharing & management

Semantic web

Fig. 5: Projects and research activities in data privacy.

multi-precision queries [25]. A third use of the lisher ignores what the adversary knows about the
k-anonymity concept was the case of building an records. A formal foundation is given and followed
algorithm for data releasing based on fine-grained by an experimental evaluation and some practical
generalization [26]. directions of solution. In IoT, a possible applica-
tion of this mechanism can be found in healthcare
L-diversity, is proposed to overcome k- domain where data publication is needed without
anonymity vulnerability to homogeneity attack divulging sensitive information about individuals.
and background knowledge attack [27]. A.
Machanavajjhala et al. proposed a stronger defini- T-closeness, was proposed in [28] to surmount
tion through well-represented sensitive attributes limitations of k-anonymity and l-diversity related
to guarantee privacy even when the data pub- to attribute revelation. N. Li et al. proposal
A Roadmap for Security Challenges in Internet of Things 13

requires that distribution of sensitive attributes has been presented in [32], where M. Cazorla et
in any group should be close to their distribu- al. presented a broad comparison of all these
tion in the overall database. To highlight the algorithms in term of operation and performance.
value of this work, authors use real examples Some block ciphers are compared in table 2
and experiments. In [29], authors present a regarding to key sizes, block sizes, consumed
decomposition with (n-t) closeness, to maintain area measured in gate equivalents (GEs) , and
privacy in case of multiple sensitive attributes. technology values (µm) [49],[50],[51].
Their goal is to solve the problem of reducing
the amount of significant information that
may be extracted from the released data in
t-closeness case. In [30], a new proposal is Stream ciphers
presented based on post randomization method plain text is enciphered entirely with a pseudo-
(PRAM) for hiding discrete data, and on noise random key stream, generated with the same
addition for other cases. In IoT context, this length of plain text. Encryption operation con-
proposal may be used in many cases such as sists in XORing plain text and key stream. Al-
those where perturbative methods for privacy though this category of cryptographic primitives
are considerable, or in location-based services [30]. represent an alternative for block cipher, its use is
still limited due to the long initialization phase
needed before the first usage. This drawback
makes them unusable in some communication pro-
Blocks ciphers tocols. However, their main advantage is the sim-
in resource-constrained environments, commu- plicity of the implementation in hardware and the
nication of intelligent objects must overcome hard easiness of usage when the plain text size is un-
restrictions of energy, performances and efficiency. known.
In these scenarios, conventional cryptographic Contrarily to block ciphers, the number of
primitives are infeasible. A detailed survey is lightweight stream ciphers for constrained envi-
given in [31], where M. R. S. Abyaneh et al. pre- ronments is limited. The most important systems
sented the state-of-art of lightweight algorithms include hardware-oriented algorithms of the
and protocols for RFID systems. Block ciphers eStream project’s, namely Grain [52], Trivium
primitives constitute the most fundamental cat- [53], and MICKEY 2.0 [54]. Newer algorithms
egory of cryptographic algorithms. They trans- include WG-8 [55], Espresso [56], and A2U2 [57].
form a binary plain text of a fixed length into Enocoro v.2 [58] can be listed as a pseudo-random
a cipher text of the same length using a sym- number generator for use in a stream cipher. In
metric key. To ensure communication security, table 3 we report a quick comparison between
lightweight block ciphers are introduced in the end some algorithms in term of key size, consumed
of 1990s. Lightweight primitives are known for the area (GEs), and technology values (µm) [59],[51].
block size of input data chosen between 32 and 64
bits, the use of elementary operations like binary
XOR and binary AND, and the simplicity of the
key schedule [32]. Hash functions
Traditional cryptography schemes such as 3- are used for message integrity verification,
DES and AES, are still U.S. government standard digital signatures, and fingerprints. They fulfill
ciphers for non-classified data. Recently, the Na- the following requirements: (1) easy to compute,
tional Institute of Standards and Technology con- (2) collision resistant, (3) pre-image resistant
firmed this point of view in [33]. However, they (it should be difficult to calculate a message
do not fit well in IoT scenario due to their con- m, such that h = hash(m)); and (4) second
strained resources as energy and real time execu- pre-image resistant. In resource-constrained con-
tion, as explained and experimentally proved in texts, lightweight cryptographic hash functions
[34], through a comparison of estimated energy of are necessary to reduce hardware and energy
three different ciphers. consumption. According to their publication
Numerous research activities were accom- date, we can consider the following algorithms:
plished and led to plenty of block ciphers DM-Present, H-Present, C-present [60], SQUASH
primitives for IoT, including mCRYPTON [35], [61], Keccak [62], SHA1 [63], D,U,S-Quark [64],
HIGHT [36], SEA [37], DESXL [38], CLEFIA Armadillo-C [65], Photon [66], Spongent [67],
[39], PRESENT [40], KATAN, KTANTAN [41], Cube [68] and GLUON [69]. Some of these func-
PRINT Cipher [42], TEA/XTEA [42], Kasumi tions are compared in table 4 regarding to their
[43], LED [44], CLEFIA [39], KLEIN [45], Piccolo output size (bits), area (GEs) and technologies
[46], LBlock [47], Simon and Speck [48], etc. A (µm) [70].
comprehensive survey of lightweight algorithms
14 Arbia Riahi Sfar, et al.

Table 2: Block ciphers algorithms comparison.

Algorithm Key size [bits] Block size Area (GE) Technology value [µm]
[bits]
PRINTcipher 80 48 402 0.18
PRESENT 128 64 1570 0.18
DESXL 184 64 2168 0.18
HIGHT 128 64 3048 0.25
KATAN 80 64 1054 0.13
KTANTAN 80 64 684 0.13
LED 128 64 1265 0.18
KLEIN 64 64 1981 0.18
Piccolo 80 64 683 0.13
LBlock 80 64 1320 0.18
Comparison is based on key sizes, block sizes, consumed area measured in gate equivalents (GEs), and technology
values (µm). GEs is a measurement unit used to specify complexity of digital electronic circuits independently
from manufacturer and technology, and corresponds to a silicon area for a dedicated manufacturing technology.
Technology value refers to the level of semiconductor process technology and expresses the size of the finished
transistor and other components.

Table 3: Stream ciphers algorithms comparison.

Algorithm Key size [bits] Area (GE) Technology value [µm]


A2U2 56 284 0.13
Grain v1 80 1294 0.13
Trivium 80 2599 0.13
Mickey 80 3188 0.13
Comparison is based on key sizes, consumed area measured in gate equivalents (GEs) and technology values (µm).

Table 4: Hash functions comparison.

Algorithm Output size Area (GE) Technology value [µm]


[bits]
DM-PRESENT-80 64 0.18 1600
PHOTON-80/20/16 80 0.18 865
H-PRESENT-128 128 0.18 2330
U-Quark 128 0.18 1379
Armadillo-2B 128 0.18 4353
S-Quark 224 0.18 2296
D-Quark 160 0.18 1702
Keccak-f [200] 64 0.13 2520
SPONGENT-128 128 0.13 1060
SPONGENT-224 224 0.13 1728
SHA-1 160 0.13 5527
Cube 32 512 0.13 5988
Comparison is based on output sizes, consumed area measured in gate equivalents (GEs) and technology values
(µm).

Public key algorithms authentication, confidentiality, and key exchange.


involve a public key and a private key, and en- Their main advantage is the non-requirement of
sure security services as non-repudiation, integrity,
A Roadmap for Security Challenges in Internet of Things 15

Table 5: Asymmetric algorithms comparison.

Algorithm Area (GE) Technology value [µm]


BlueJay <3000 0.18
NTRU 3000 0.18
ECC 8104 0.18
HECC 14500 0.13
Comparison is based on consumed area measured in
gate equivalents (GEs) and technology values (m) .

Fig. 6: Timeline of algorithms and research activities in


access privacy.
any preceding secret’s exchange between the par-
ties. However, conventional public-key cryptog-
raphy algorithms such as RSA demand high pro- shift register. Limited by the use of a linear struc-
cessing capabilities and long keys to ensure a good ture, this PRNG was attacked in [75]. To pre-
level of security. RSA remains inappropriate for vent this attack, authors of [75] have designed a
constrained devices due to the requirement of op- PRNG using multiple primitive polynomials in-
erating on large numbers and long keys to realize stead of one in the LFSR. In [76], authors pro-
sufficient security. In addition, small computing posed a PRNG compliant to EPC C1 Gen2 stan-
devices will no longer able to deal with large key dard, called LAMED, suitable for low-cost RFID
size since key generation, encryption and decryp- tags and providing 32-bit and 16-bit random num-
tion operations are demanding high power con- bers. Other PRNGs were proposed in [77], [78]
sumption. and [79].
In IoT, alternative public-key cryptographic
schemes with shorter keys may be used like
ECC (Elliptic Curve Cryptography), HECC Access privacy
(Hyper-Elliptic Curve Cryptography) [71], NTRU As shown in figure 6, techniques and research
[72] (developed for RFID), and BlueJay [73]. activities in access privacy of data in the IoT in-
ECC and HECC use algebraic structure of elliptic clude blocking approaches, lightweight protocols,
curves over finite fields and offer better security. data sharing and management.
Thanks to their short key size, they constitute
an interesting choice for embedded environments
Blocking approaches
of IoT framework [71]. NTRU is a public key
algorithm based on polynomial algebra which at the phase of data collection, blocking tech-
consists in reducing polynomials with respect to niques are used to avoid privacy problems. Fre-
two different moduli. Thanks to its high speed quently, the intelligent object is carried by a per-
and simplicity of computation, it is convenient for son, which may represent his/her unique identi-
energy-constrained devices [72]. A recent ultra- fier, and may be attacked to extract movement
lightweight algorithm was proposed in [73], and information. In this case, to reduce the privacy
consists of a combination of symmetric encryp- risks, users can use the kill command of RFID
tion (Hummingbird-2), asymmetric encryption tags to force disabling operation [80],[81]. How-
(Passerine) and authentication code. Designed ever, in case of intelligent objects that need the
for RFIDs and WSNs, this algorithm may be tags to their functioning, this may not be possi-
a suitable solution for IoT. A brief comparison ble. One possible solution is the usage of locking
between some algorithms in terms of area (GEs) and unlocking mechanism for the tags. This is
and technologies (µm) is shown in table 5 [51]. efficient for flexible privacy rules, where only a
part of data is classified as private, instead of "the
all-or-nothing policy", used in the kill command
[82],[83],[84],[81].
PRNG (Pseudo-random number genera-
tors)
used to produce an unpredictable output se- Lightweight protocols
quence. Many solutions have been proposed to aim essentially to ensure identification and au-
generate on-board pseudo-random numbers to se- thentication. Additional properties may be in-
cure RFID and WSN systems protocols. In [74], cluded such as delegation and restriction, proof
authors proposed a 16-stages PRNG, a combina- of existence, and distance bounding [31]. These
tion of an oscillator output and a linear feedback protocols are detailed in section 5.3.
16 Arbia Riahi Sfar, et al.

Data sharing and management survey of trust mechanisms in MANETs. The


many research efforts have been made in data first definition of trust was proposed in [91], and
management and sharing in IoT context, they can focuses on reliability trust. Authors stated that
be found in [85], [86]. Regarding aggregation of "Trust is the subjective probability by which an
data collected by sensors, an important work can individual, A, expects that another individual, B,
be found in [87], where Y. Sang et al. propose a performs a given action on which its welfare de-
method for securing data aggregation to extend pends". They involved two main concepts: de-
the network lifetime, guaranteeing reliable data pendency and degree of trust (probability). The
collection from sensors, and addressing a solution main drawback of this definition is that trusting
for node failure and healing. In [88], L. Veltri et al. a person remains an insufficient reason to depend
proposed a protocol for secure data aggregation on him/her. A second definition was introduced
at pre-determined or unpredictable time applied in [92] about decision trust, and stipulates that
in both contexts of IoT and VANETs (Vehicular "Trust is the extent to which one party is willing
Ad hoc Networks). to depend on something or somebody in a given
situation with a feeling of relative security, even
5.1.2. Open research issues though negative consequences are possible". This
the large number of protocols and schemes definition is based on four concepts: dependency,
listed previously reflects the adequate efforts pro- reliability, utility, risk.
vided by researchers. However, we are still able to To highlight the role of trust in decision mech-
identify three main research axes in privacy field. anisms, a set of practical procedures, tools and
First, with the huge amount of data exchanged rules have to be considered: trust management. In
between IoT actors, it is interesting to implement [93], authors define this concept as follows: "Trust
applications for data minimization principle to re- Management is an approach to making decisions
duce the amount of personal data collected and about interacting with something or someone we
that need to be saved. Second, researchers can do not completely know, establishing whether we
focus on standardization of security and privacy should proceed with the interaction or not". It fo-
mechanisms in IoT, to meet the new schemes and cuses on trust establishing, updating and revoking
algorithms. Third, new mechanisms should be de- through the study of security policies, credentials
veloped to provide users with possibility of manag- and trust relationships.
ing their own privacy settings instead of expecting
IoT system to implement their requirements.
5.2.2. State of the art and taxonomy
5.2. Trust depending on the mechanisms of establishing
Establishing, negotiating, updating and revok- and evaluating trust between different nodes, two
ing trust among entities in IoT context is an es- main categories of trust management systems
sential task. The main difficulty to overcome is can be defined: deterministic trust, and non-
the engagement of unfamiliar and unpredictable deterministic trust. Deterministic trust includes
entities during trust mechanism. Due to their het- policy-based mechanisms and certificates systems.
erogeneous and irregular composition, it becomes Non-deterministic trust includes recommendation
necessary to define different evaluation of trust for based, reputation based systems, prediction based,
things, humans, and services. To guarantee suc- and social network based systems. Policy based
cess in a trust negotiation operation, credentials trust employs a series of policies to manage autho-
of involved parties must be exchanged and veri- rization and identify minimum trust levels. Cer-
fied; then mutual trust can be established. Con- tificates systems utilize public/private keys and
trarily to classic schemes where trust is built in digital signatures to decide whether to trust the
a centralized manner and prior trust relationships signer or not. They use a third party to issue and
are established, managing trust in dynamic and manage certificates (CA: Certification Authority),
distributed environment is a very challenging re- which is trusted both by the certificate owner and
search activity [89]. by the party relying upon it. Recommendation
based trust uses prior experiences to determine
5.2.1. Definition trust, and may use either explicit recommendation
in literature, many definitions of trust were pro- or transitive recommendation. Reputation based
posed according to different taxonomies. J. H. systems exploit consumer feedback to rate service
Cho et al. [90] detailed the concept of trust in provider. Prediction based trust is useful when
many disciplines as sociology, economics, philoso- there is no prior information, and involved enti-
phy, psychology, organizational management, au- ties are more likely to trust one another. Social
tonomic computing, and communications and net- network based trust builds trust communities, an
working. They distinguished trust, trustworthi- environment where members can share their opin-
ness and trust management, and gave a detailed ions, experiences, events, etc. without privacy and
A Roadmap for Security Challenges in Internet of Things 17

PolicyMaker

Policy-based REFEREE

KeyNote

Trust-Recommendation Model

XREP Reputation Protocol

Trust management systems Reputation-based P-Grid Trust Model

NICE Trust Inference Model

XenoTrust

Community-based Reputation

Social network-based Regret

NodeRanking

Fig. 7: Classification of trust management systems according to [94].

judgment problems. [95] proposed a survey of trust management sys-


Reputation based systems consider global repu- tems for the cloud computing. They detail the
tation of the entity and its experience while social- principal techniques and research activities that
network based systems are founded on subjective may be adapted to services in cloud environments.
concepts as friendship, honesty, social reputation They adopt a holistic vision of various trust man-
or recommendation. In [94], G. Suryanarayana agement techniques where they define four cate-
et al. proposed the first survey about trust gories: policy, recommendation, reputation, and
management in peer-to-peer applications. They prediction, as shown in table 6. Depending on
divide trust management techniques into three trust applications, research activities are divided
types: policy-based, reputation-based, and social into fives classes as shown in table 6: Peer to Peer
network-based. They surveyed related technolo- systems, GRID systems, service-oriented environ-
gies and approaches of nine different trust manage- ment, cloud environment and web application.
ment systems based on eleven comparison param- Researchers made a considerable effort to adapt
eters. The result of their survey is summarized in and propose new trust schemes to the severe con-
figure 7. straints of dynamic networks. For example, the
During the last decade, networks infrastruc- project uTRUSTit (Usable Trust in the Internet
tures and components have evolved to ensure flex- of Things)9 , applicable in smart home/office envi-
ible and on-demand services. Trust management ronment and e-voting infrastructure, aims to de-
concepts and techniques need to be adapted and velop a trust feedback toolkit and ameliorate trust
many research activities have been developed in relationship between users. In this project, trust
this direction. In [90], J. H. Cho et al. surveyed is defined differently: "A user’s confidence is an en-
trust management systems for Mobile Ad Hoc Net- tity’s reliability, including acceptance of vulnera-
works. They use a new taxonomy, where they bility in a potentially risky situation". The model
focus on the interactions between heterogeneous, of trust is based on a cognitive approach to de-
social, information, and cognitive communication fine and fulfill user requirements and preferences.
networks. They consider the limitations of these Trust is conceived as an internal status depending
networks in terms of resource consumption and on users preferences, comprehension and experi-
dynamic properties (topology, mobility, ubiquity, ence including reputation relationship.
etc). In their survey, they define the following pur- In [135], Glior and Wing defined a model of
poses to compare between different trust manage- trust for heterogeneous networks of humans and
ment systems: intrusion detection, authentication, computers, where they combined both computa-
access control, key management, and isolating mis- tional trust and behavioral trust concepts. They
behaving nodes.
Using a broader vision, T. H. Noor et al. in 9 www.utrustit.eu
18 Arbia Riahi Sfar, et al.

Table 6: Research activities related to trust management.

Trust category / Recommendation-


Policy-based Reputation-based Prediction-based
Environment based
[100] [101] [102]
P2P Systems [96] [97] [98] [99] [106] [107]
[103] [104] [105]
[109] [110] [111]
GRID systems [96] [108] [113] [114] [115]
[112]
[118] [120] [121]
Service Oriented [116] [117] [118] [119] [119] [124]
[122] [123]
[127] [128] [129]
Cloud environment [125] [126] [127] [128] [128] [130] [131]
[130] [131]
Web Applications [132] [133] - [134]

aim to strengthen computational trust methods scheme in these environments to build an efficient
using behavioral trust to face the increase of par- network.
ticipation of humans in modern networks (social
networks, on line games, economical services, etc.). 5.3. Identification / Authentication
Reliability of the provided services should take
into consideration the participation of the newly 5.3.1. Definition
added users. Authors state that trust establish- Identification is used for devices such as
ment must be done according to user’s preferences computers, servers, application gateways, RFID
and beliefs, and demonstrate how behavioral trust tags/readers, sensors, actuators, and more. They
is useful to establish solid trust relationship be- are associated with an identifier such as RFID tag
tween humans and computers. identifiers, IP address, URIs (Universal Resource
In [136], L. Atzori et al. introduced a new Identifier), hostname, etc. More precisely, three
paradigm for social network of intelligent objects categories of IoT identifiers can be differentiated:
based on a new paradigm of social relationships (1) Object Identifiers, used for physical or vir-
called Social IoT (SIoT). Similar to social net- tual objects, (2) Communication Identifiers, used
works for people, authors define social network to identify devices when they are communicating
of intelligent objects, which refers to social rela- with other devices, and (3) Application Identifiers,
tionships between objects. Inspired from research used for applications and services [138]. Authenti-
activities about trust in P2P networks, authors cation is the process of confirming entity’s identity
of [137] built a subjective model for trust man- using a login and additional information to sign
agement in SIoT. The basic rule for trust calcu- in, such as passwords, PIN, smart cards, digital
lation is based on node’s experience and reputa- certificates, biometrics, etc. It is used to prevent
tion among its common friends. To calculate trust unauthorized access to resources.
value, authors developed a feedback system, where
they merge trustworthiness and centrality of the 5.3.2. Literature Overview
involved nodes. according to credential elements, research activ-
ities can be divided into three main axes, as shown
5.2.3. Open research issues in figure 8 and figure 9: (1) cryptographic primi-
as we notice a need for a general and generic tives and ultra lightweight operations, (2) capabil-
theory for trust in heterogeneous networks where ities of EPCglobal Class-1 Generation 2; and (3)
humans and objects need to interact, it is inter- physical primitives [139]. The group of protocols
esting to solve foundation limitations in this field. based on cryptographic primitives includes hash
Also, understanding exact relationship between functions, MACs, PRNGs, stream ciphers, block
computational trust and behavioral trust in IoT ciphers, and public keys [140]. The group of proto-
seems to be a good issue. Moreover, trust updat- cols based on ultra lightweight operations includes
ing in changing network environments should be easy binary operations as XOR, AND, OR and
handled by researchers as involved parties may be rotations (also called minimalist cryptography),
exposed to external attacks or may face severe en- or NP-hard mathematical problems. The group
ergy conditions. Finally, although various mathe- of protocols based on EPCglobal Class-1 Genera-
matical models of trust were proposed, their appli- tion 2 capabilities aims to ensure authentication
cations in real networks are still limited. Conceiv- using the 16-bit CRC and 16-bit RNG of the stan-
ing and implementing trust mechanisms to protect dard. The last group is based on physical primi-
services/users/objects in changing infrastructures tives, which means the exploitation of electronic
is a good research direction. We believe that it is and physical properties of RFID tags to form an
interesting to integrate trust within access control authentication primitive [31].
A Roadmap for Security Challenges in Internet of Things 19

Minimalist cryptography
protocols

Lightweight cryptographic protocols


Protocols based on NP-hard
mathematical problems

Proof of existence protocols

Context-related physical
IoT identification solutions Distance bounding protocols
metrics based protocols

Tag ownership transfer protocol

Biometric based protocols

Fig. 8: Projects and research activities in identification - authentication.

Fig. 9: Timeline of algorithms and research activities in identification - authentication.

Lightweight cryptographic protocols ily. Protocols based on NP-hard mathematical


problems contain Hopper and Blum (HB) family
the proliferation of tiny embedded networks [31].
produced the need to develop efficient crypto-
graphic systems with limited resources consump-
tion (energy, memory, processing). The advent of Context-related physical metrics based protocols
IoT accentuates the problem of scarce resources ubiquity of IoT elements produces numerous in-
by adding the scalability issue. Current cryp- teractions to distinguish information about their
tographic algorithms require processing, memory existence, exact position, precise timing and num-
and energy capabilities that may simply not be ber/location of their neighbors. This category of
available in tiny and embedded objects. The emer- protocols is based on the notion of physical prim-
gence of a robust, resource-economical cryptogra- itives, that means the exploitation of electronic
phy, combined with advanced energy harvesting and physical properties of RFID tags to form an
techniques, is the solution to address this issue. authentication primitive [31]. It includes three
A number of research efforts have demonstrated types of protocols: proof of existence, distance
that elliptic curve cryptography provides robust bounding and tag ownership transfer protocols.
security while requiring fewer resources compared Proof of existence protocols is known for two
to classical asymmetric cryptography [141]. Re- main families: Yoking/grouping proof protocols
searchers have also shown that energy may in cer- [143] and ECC-based grouping proof protocols
tain circumstances be harvested from an environ- [144]. In Yoking/grouping proof protocols (devel-
ment of communicating objects (vibration, move- oped in 2004), the main goal is to unquestionably
ment...) [142]. Lightweight cryptographic pro- prove the physical presence of two or more RFID
tocols can be divided into two groups: minimal- tags at the same location using information gen-
ist cryptography and protocols based on NP-hard erated by one or more readers. This technique is
mathematical problems. Minimalist cryptography based on random numbers generated by the tags
includes Mutual Authentication Protocols (MAP) separately [143]. One year later, this proposal was
family (LMAP, EMAP, M2AP, etc.), and Strong generalized to grouping proofs using ECC cryptog-
Authentication and Strong Integrity (SASI) fam- raphy to permit the participation of many tags in
20 Arbia Riahi Sfar, et al.

the proof generation [144]. which resource (object) [148]. It assigns and ver-
Distance bounding protocols are used to avoid ifies the permission granted to a user allowing
relay attack, distance fraud and terrorist attack him/her (or not) to perform some operation on
by controlling the distance between any tag and some resource(s). When designing an access con-
reader. The process is accomplished in two phases: trol system for IoT environments, some functional
a slow phase and a fast phase [145]. parameters must be considered as delegation sup-
Tag ownership transfer protocol involves three port, access right revocation, granularity, scalabil-
entities: current/old owner, tag and new owner; ity, time efficiency, and security.
and is accomplished in two steps: authentication
phase and ownership transfer phase. Examples 5.4.2. State of the art and taxonomy
of this type of protocols contain those exploiting
in figure 11, we classify research activities in IoT
a Trusted Third Party (TTP) and decentralized
access control systems in a two-dimensional dia-
proposals without TTP [146].
gram. The most common form of these systems is
based on access control lists (ACLs), which consist
Biometric based protocols on assigning access rights to specific subjects. In
The lack of physical protection will encourage IoT, ACLs become very complex to manage due
attacks based on compromised physical objects to the increase of the number of subjects and re-
to access sensitive cryptographic data, leading to sources. Other access control model are proposed
privilege-escalation attacks. R. Greenstadt et al. to overcome the burden of basic ACLs systems as
suggested the use of an impregnation of objects shown in figure 10.
followed by continued biometric identification to Role Based Access Control (RBAC), proposed
protect objects [147]. Biometric identification can in [149], ensures authentication and access con-
be diverse, including fingerprints, retinal images, trol in IoT. In the authentication phase, authors
voice frequency, movement, facial recognition, etc. used elliptic curve cryptosystem with ephemeral
The aim is to implement enough natural recogni- private key for establishing a session key for a
tion of the object’s owner to overcome a lot of vul- user and an object. Then, they propose a global
nerabilities and prevent security attacks by unau- architecture for IoT and provide an approach to
thorized third parties. authenticate a specific user. Authors adopted the
RBAC model and make use of OpenID technology
5.3.3. Open research issues and trustable central entities for authentication
To contribute to identification development in purposes. In the same trend, OrBAC model is a
IoT, the following research directions may be generic and expressive access control model that
explored. First, it is important to address a extends the RBAC model. It expresses the secu-
global identification scheme to handle a large num- rity policy and enables distinction between an ab-
ber of object identification schemes. For exam- stract policy defining organizational requirements
ple, hierarchical naming scheme used in Internet and its real implementation in a given information
are inadequate for highly mobile environment as system. SmartOrBAC model distributes process-
IoT. In addition, industries employ proprietary ing costs between IoT devices with different levels
standards for identification, which aggravates the of energy limitations and addresses the collabora-
problem. Second, an infrastructure using non- tive aspect with a specific solution [150].
colliding unique addresses should be set up to take Credential Based Access Control (CBAC) so-
into consideration dynamic intelligent objects that lutions require user’s credentials to gain access
may appear and depart randomly from the net- to given resource or data. They can be divided
work, and choose between revealing and hiding into two families: Attribute Based Access Con-
their identities. To fulfill interoperability and co- trol (ABAC), and Capability Based Access Con-
operation requirements, this infrastructure must trol (CapBAC). In ABAC, a user must present
be capable to recover information related to a correct attributes to have access authorization.
specific device, according to privacy preferences. The most known attribute based access control
Third, methods of automatic discovery are neces- approach is Cipher text Policy Attribute Based
sary to organize global communications especially Encryption (CP-ABE) [151], but its voluminous
when devices, services and network topologies are overhead prevent its usage in IoT environments.
constantly changing. G. Bianchi et al. propose AGREE (Access con-
trol for GREEn wireless sensor networks), which
5.4. Access control implements Multi-authority CP-ABE scheme in
energy harvesting wireless sensor network [152].
5.4.1. Definition Authors exploit the surplus of energy, which can-
an access control system aims to control who not be stored in batteries, to compute parame-
(subject) can do what (operation or right) on ters with high requirements of computation re-
A Roadmap for Security Challenges in Internet of Things 21

research axes in access control field. First, authen-


tication and object credential management are of
vital importance to IoT, whose sheer size makes
implementing them a challenge. T. Polk et al. ar-
gue in [159] that, in addition to scalability issues,
the relationships between objects and users, some-
times complex, make credential management more
difficult. The diversity of user and object iden-
tification techniques is another technological ob-
stacle that requires detailed examination. Second,
the ubiquitousness of communicating objects facil-
itates the sharing of contents, entertainment, and
even resources. The ubiquitousness of networks
coupled with a highly dynamic, seamless mobility
of communicating objects will lead to share more,
and encourage the emergence of a new sharing vec-
Fig. 11: Timeline of algorithms and research activities in tor through nomadism. We believe that this shar-
access control. ing, driven by mobility and nomadism, will be a
prime target for security attacks that in their turn
will be encouraged and facilitated by the ubiqui-
sources. These parameters will be stored in the tousness of objects that are potential gateways to
cache memory of the sensor and will be retrieved private networks and data. Hence, it would be
when needed. In Capability Based Access Con- necessary to develop effective solutions for peace-
trol (CapBAC) schemes, a capability is defined as ful secure sharing through adequate access control
a "token, ticket, or key that gives the processor mechanisms supporting mobility. We should con-
permission to access an entity or object in a com- sider the ubiquitousness of communicating objects
puter system" [153]. It is communicable, unforge- and their mobility (transfer of security context)
able token of authority, and refers to a value that to design peer-to-peer sharing systems, which are
uniquely references an object along with an asso- secure, efficient and equitable, while supporting
ciated set of access rights. By virtue of its posses- mobility.
sion by a process that uses the referenced object,
the capability token grants a process the capabil-
ity to interact with an object in certain ways [148]. 6. Standardization activities in IoT secu-
CapBAC approach offers benefits in terms of rity
distributed management, support for delegation, Many industries are now engaged in IoT tech-
traceability of the access, authentication chains nologies due to the increasing number of inter-
to extend scalability and support of standard cer- device communications. A single customer may
tificates based on ECC. Many CapBAC solutions target simultaneously products of different areas
were proposed for IoT context as IACAC [154], (health, smart grids, fitness, transportation, etc.).
CCAAC [155], CCAAC [155], IECAC [156], Cap- Then, manufacturers of IoT devices and applica-
BAC [148], and Distributed CapBAC [157]. tions, need to handle unique security features that
Trust Based Access Control (TBAC) is an IoT components have to face once they are con-
outcome-based approach for risk modeling, using nected to each other. To fulfill this challenge, reg-
explicit costs and benefits to model relation be- ulators and interoperability bodies must develop
tween risk and privilege. In [158], authors pro- security standards to speed up IoT evolution et
posed a Fuzzy Trust Based Access Control (FT- minimize costs as illustrated in figure 12. In this
BAC) approach for the IoT. The level of access section we present the major actors of the stan-
control from device i to device j is directly pro- dardization efforts for IoT security and their rele-
portional to the trust device i is holding for device vant activities.
j. The trust value is related to three components:
experience "EX", knowledge "KN" and recommen- 6.1. Actors
dation "RC". The number of IoT security standardization
Finally, context aware access control solutions bodies has augmented in the last few years. They
consider the context to decide whether an entity is provided considerable efforts leading to numerous
allowed or not to access a resource or some data. standardization activities. The issued standards
are either achieved by a single organization (ETSI,
5.4.3. Open research issues IEEE, IETF, etc.), or result from the collabora-
Technical details provided in the previous sub- tion of different organizations (oneM2M, IoT-A,
subsection lead to the definition of the following etc.) as explained below.
22 Arbia Riahi Sfar, et al.

Access control list

Role based
Attribute based CP-ABE (AGREE)

Credential based
IACAC
Capability based

IoT@Work project

Access Control solutions


Location aware

Context-aware Motion detection

Distance bounding

Trust based FTBAC

Fig. 10: Classification of access control systems.

OneM2M10 confidentiality, integrity protection, privacy pro-


is the global standards initiative for M2M com- tection, security audit and anti-virus. Specific se-
munications and IoT. Many standardization orga- curity capabilities depend on application require-
nizations are assembled to generate many speci- ments such as mobile payment.
fications for a common M2M Service Layer. The
main results of oneM2M efforts activities are listed 3GPP/3GPP2 (3rd Generation Partnership
below. Project)12
is a collaborative project between six SDOs
ITU-IoTGSI (ITU-Global Standards Initiative on (ARIB, ATIS, CCSA, ETSI, TTA, TTC), that
the Internet of Things)11 are concentrated on developing technical reports
aims to unify research activities related to IoT and specifications for cellular technologies such
within ITU-T. It focuses on definitions, overviews, as 3.9G (LTE) and 4G (LTE-Advanced) and
requirements, architecture and work plan for de- mobile network-based M2M. IoT standardization
ploying IoT. In this trend, ITU-T collaborated efforts within 3GPP/3GPP2 can be classified
with other Standards Developing Organizations into two categories: mobile networks designed
(SDOs) to publish many recommendations in IoT for human-to-human or human-to-machine inter-
field. This is valuable for service providers to pro- actions (GSM, 3G, 4G, etc.), and Machine-to-
pose and improve services in this area. In prac- Machine interactions (also called Machine Type
tice, many recommendations were approved in the Communications (MTC)). First, with the explo-
Y series which deal with global information in- sion of the number of connected devices, LTE
frastructure, Internet protocol aspects and next- (Long Term Evolution) seems to be the main con-
generation networks. More precisely, recommen- nectivity technology in IoT context. The con-
dations that are directly related to IoT are Y.2060 vergence of IoT and 3GPP LTE network is of
(Overview of Internet of Things) and Y.2061 (Re- interest. Then, standard interfaces need to be
quirements for support of machine-oriented com- defined to fulfill interoperability needs. A self-
munication applications in the NGN environment) organizing network (SON) for LTE of 3GPP is a
where a reference model of 4-layers is proposed good proposal that other NGN standards should
for IoT architecture. Security questions are di- follow. Regarding security concerns, LTE applies
vided into two types: generic security capabilities specific security functions for data transmission.
and specific security capabilities. Generic secu- It focuses on signaling protection, user plane pro-
rity capabilities are independent of applications tection, network domain security, authentication
and include authorization, authentication, data and key agreement. The authentication procedure
can be ensured either by the operator of the net-
work, or by base stations in the case of mutual
10 http://www.onem2m.org
11 http://www.itu.int/en/ITU-

T/gsi/iot/Pages/default.aspx 12 http://www.3gpp.org/
A Roadmap for Security Challenges in Internet of Things 23

authentication or using authentication keys / dig- devices and services in smart home including gate-
ital certificates. Thus, considerable efforts were ways and networks. It published technical require-
provided to deal with security questions; 3GPP is- ments for home gateways including QoS, and soft-
sued two technical specifications series, namely 33 ware modularity. In the security area, HGI dis-
series (Security aspects) and 35 series(Security al- cussed many aspects including security manage-
gorithms). They include several documents defin- ment procedures, firewall policy, key management,
ing various aspects of LTE security aspects in- WLAN security and authentication mechanisms.
cluding architecture, Network Domain Security, In practice, many specifications were interested in
IP network layer security, authentication Frame- the aforementioned security questions such as HGI
work, Inter-Domain Trust Establishment, Appli- Guideline Paper, HGI-RD048 (HG requirements
cation Security, MVPN Access to Home, etc. Sec- for HGI open platform 2.0) and HGI-GD006-R2
ond, 3GPP standardization activities on mobile (HGI guideline paper IMS Enabled HG).
network-based M2M are known as "Machine Type
Communications (MTC)". They focus on the opti- Type 1 partners Technical Specifications and Tech-
mization of access and core network infrastructure, nical Reports
permitting effective providing of M2M services. OneM2M has established two types of partners:
Many specifications covering use cases, service re- type 1 and type 2. The second type involves a
quirements, a functional architecture for MTC ap- limited number of organizations and plays a key
plication were released and approved. Further, role in the dissemination of standards. The first
3GPP discussed secure telecommunication func- type includes many Standards Development Or-
tions in MTC including authorization, authentica- ganizations (SDO) and plays an important role in
tion, identification, access control, confidentiality technical specifications and technical reports pub-
and privacy. These features were debated in many lishing. In IoT context, many efforts were pro-
Technical Reports such as TR 23.887 and 23.888. vided within M2M communication and oneM2M
framework to propose a general framework, tech-
nical requirements and security requirements for
BBF (BroadBand Forum)13
IoT. Also, a special interest was given to seman-
consists of a huge number of service providers, tic web best practices where guidelines for do-
vendors, consultants, academic institutes and test main knowledge interoperability to build the Se-
labs. Its main roles are related to engineering mantic Web of Things were proposed. In secu-
solutions to provide adequate broadband deploy- rity context, considerable contribution can be no-
ments. Within its M2M activities, BBF aims ticed regarding security and privacy aspects in-
to enable, among others, services in the Smart cluding authentication, encryption and integrity
Home to manage growing ecosystem of M2M/IoT. verification. More details are related to authoriza-
It made an important action in network architec- tion, access control, confidentiality, authentica-
tures with the release of a set of technical reports, tion, identification, trust and integrity verification
and by defining its own TR-069 protocol suite and can be found in oneM2M-TS-0003 (oneM2M Secu-
data models for home network management. It rity Solutions) and oneM2M-TR-0008 (oneM2M-
is worth to mention that TR-069 protocol is de- TR-0008-Security).
signed to function on secure transport protocols
such as secure HTTP transport over TLS to en- ETSI (European Telecommunications Standards
sure data confidentiality. Moreover, in its various Institute)15
TRs and TSs, BBF discussed protection against defines two main technical committees: ETSI
MAC address spoofing and DoS attacks, protec- M2M and ETSI ITS (Intelligent Transport Sys-
tion against broadcast / multicast storms, ARP tems). ETSI M2M focuses on services, func-
processing and IP spoofing prevention to avoid tional requirements, interfaces and architecture of
malicious attackers. M2M solutions, divided into five domains, namely:
smart grids, health, connected consumers, trans-
HGI (Home Gateway Initiative)14 portation, and smart cities. Security aspects de-
aims to develop smart home ecosystem, and bated by ETSI M2M technical committee are re-
publish requirements and test plans for home gate- lated to authentication, integrity, confidentiality,
ways and wireless/wireline home networks. It im- trust management and access control (eg. TS-
proves applications, and facilitates connections of 102690, TR-118-508). ETSI ITS debates all types
home gateway middleware and communicating de- of vehicular communications. In security context,
vices. The HGI issued technical requirements for ETSI ITS discusses confidentiality, integrity, avail-
ability, accountability and authenticity (eg. TR-
102-893).
13 www.broadband-forum.org
14 http://www.homegatewayinitiative.org/ 15 http://www.etsi.org
24 Arbia Riahi Sfar, et al.

IEEE (Institute of Electrical and Electronics En- cations, called CoRE (Constrained RESTful Envi-
gineers)16 ronment) which applies the same securty features
launched the P-2413 standardization project, as HTTP over TLS (RFC2818).
which aims to build an architectural framework
for IoT. The standard intends to supply a quadru- IoT-A (Internet of Things - Architecture)18
ple trust feature (protection, security, privacy, and proposes an architectural reference model for
safety). Besides, IEEE contributed in Smart Grid IoT context, made up of a suite of key building
(SG) field development, and issued important re- blocks. The main objective is to assist providers
lated standards (eg. IEEE-2030, IEEE 1711 and and researchers when they have to make their
IEEE 1686-2007) where different security features technical choices. Thus, IoT-A gives design di-
are discussed including specific serial security, safe- rectives with simulation and prototyping options.
guards, audit mechanisms, access control, data Many security features are deeply debated in this
recovery, etc. Besides, we can list many other model and are related to authorization, authenti-
standards issued by IEEE, not directly linked to cation, identification, key management, trust man-
IoT but can be used or adapted to answer its re- agement.
quirements such as IEEE-802.15.4 (ZigBee) and
IEEE 802.16p (IEEE Standard for Air Interface 6.2. Open research issues
for Broadband Wireless Access Systems). The Although considerable efforts were provided in
first example is known as a Low Rate Personal IoT security domain, we can still propose many
Area Network and includes a set of security func- issues to be addressed. First, security of IoT end-
tions located in the datalink level, namely access points is crucial since we deal with a huge number
control, integrity verification, data confidentiality of intelligent objects. Then, efficient authentica-
and protection against replay attacks. The sec- tion standards need to be proposed and have to
ond example aims to enhance the support of M2M take into consideration names unifying, encoding,
applications through the management of informa- profiles and privileges, explicit trust relationship,
tion exchange between a subscriber station and a time-stamping protocol, etc. Second, a consider-
server in the core network (through a base station) able interest should be granted to IoT ecosystems.
or between subscriber station without any human A huge data ecosystem registry is needed to fa-
interaction. Security of this standard lies in sup- cilitate tracking of all parties which may touch
porting integrity and authentication of M2M de- security of IoT system components during their
vices; integrity and privacy of M2M application life-cycle. Finally, IoT interactions need to be de-
traffic; device validity check; and enabling a flexi- bated among IoT security concerns. A security
ble security suite to meet the requirements of the incident and event management repository is use-
M2M application. ful to study IoT logs for predictive, real-time, and
historical analysis.
IETF (Internet Engineering Task Force)17
is interested in semantic web, social networks
and RESTful services. First, it contributed to
the IPv6 supporting by limited-energy devices
in 6LowWPAN-IPv6 protocol (IPv6 over Low-
Power Wireless Personal Area Networks). This
protocol adopts the same security features as
IEEE 802.15.4 and IPv6. Second, IEEE issued
the Constrained Application Protocol (CoAP) for
resource-constrained devices to facilitate transla-
tion to HTTP for integration purpose with web
application. Regarding security aspects, this
protocol discusses authentication, integrity, con-
fidentiality and protection against replay attacks.
Third, IETF developed RPL (IPv6 Routing Pro-
tocol for Low-Power and Lossy Networks) proto-
col in RFC6550. Security of this protocol adopts
three modes (unsecured mode, pre-installed mode
and authenticated mode. Fourth, IETF proposed
an integrated web services for M2M and IoT appli-

16 http://www.ieee.org
17 http://www.ietf.org 18 http://www.iot-a.eu
A Roadmap for Security Challenges in Internet of Things 25

Rec. 2060
Rec. 2066
GSI SERIES Y
Rec. 2067
ITU Rec. 2069

JCA
33 Series
Security aspects
3G and beyond / GSM

35 Series
3GPP/3GPP2 Security algorithms
Liaison relationships
(ARIB, ATIS, CCSA,
organizations
ETSI, TTA, TTC)

Machine Type TR 23.887


Communications (MTC) TR 23.888

TR 069
TR 101
BBF (Broadband Forum Broadband wireline
TR 134
for wireline networks) solutions
TR 291
oneM2M
TR 300

HGI-RD039
HGI-RD048
HGI
HGI-GD006-R2
HGI guideline paper

IoT security
standardization
TR-M2M-0002
activities
TR-M2M-0006
Type 1 partners TR-M2M-0009
(ARIB, ATIS, CCSA, ETSI, oneM2M-TS-0001
TIA, TTA, TTC) oneM2M-TS-0003
oneM2MâTSâ0004
oneM2M-TR-0008

ETSI-TR-103167
ETSI-TS-102690
ETSI TC M2M ETSI-TS-102689
ETSI-TS-102921
ETSI-TR-118508

ETSI-EN-302665
TC ITS
ETSI-TR-102893

P2413 Standard for an Architectural


IEEE
Framework for the IoT (in progress)

IEEE 802.11
IEEE 802.15.4/4e
IoT related standards
IEEE 802.16p
IEEE 1609.2 /3

rfc-4919
IETF Protocols 6LoWPANs
rfc-4944

rfc-7252
CoAP
rfc-7390

RPL rfc-6550

CORE rfc-6690

IOT-A Architectural Reference Model for the IoT

Fig. 12: Standardization in IoT.


A Roadmap for Security Challenges in Internet of Things 26

user-centric security, and a cognitive, systemic ap-


Toward a cognitive and systemic proach to securing the IoT.
approach for IoT security
An urgent prerequisite for securing IoT is the
development of efficient security mechanisms for
tiny embedded networks with scarce resources.
Current developments in wireless sensor and ac-
Security
Context-aware security
tuator networks, RFID technology, mobile com-
Evolution
puting and so forth, demonstrate the resource
scarcity of the devices and technologies that will
Adaptive security
be part of IoT. Consequently, much research work
is being devoted to developing efficient, robust
Network security
and low-consumption cryptography for tiny em-
Data security bedded computing and secure protocols for low-
power lossy networks. It is essential to adapt
Processing Communication Perception Action Autonomy and/or design related and equally important sub-
Evolution of object capacities systems such as key management, authentication
(a) Evolution of security requirements mechanisms, credential management and so on.
The ubiquitous nature of IoT raises legitimate
Cognitive and systemic IoT security questions about the privacy of persons, and how
to cope with the heterogeneity of user and ap-
10. Responsibility and liability enforcement
09. Trust models for the cloud of things
plication requirements in terms of security ser-
08. Autoimmunity vices. This requires the development of adap-
07. Identification, authentication and credentials managements tive, context-aware and user-centric security solu-
tions. This diversity in terms of security require-
Adaptive, context-aware security ments can be addressed via an adaptive, context-
aware management of security profiles and poli-
06. Secure sharing in mobile ubiquitous environments
05. Adaptive security profile and policy management
cies. The ubiquity of objects encourages content
04. User centric, context-aware privacy sharing which, in turn, means paying special at-
tention to security and privacy in a dynamic and
heterogeneous environment.
Security for tiny embedded networks
Just as objects are autonomous to perceive and
03. Secure protocols for low power lossy networks act on their environment, IoT security should
02. Scalalble and efficient key management evolve towards greater autonomy in detecting
01. Energy efficient cryptography
threats and reacting to attacks, through a cog-
nitive, systemic approach. This evolution relates
(b) Research axes for IoT security and privacy
to the autoimmunity of intelligent objects so as
to prevent and contain attacks in a potentially
Fig. 13: Evolution of security requirements and research
axes for IoT security and privacy.
hostile environment. Adequate trust models will
be required to guarantee the smooth and peace-
ful evolution of objects in a large, heterogeneous
7. Discussion technological ecosystem. Autonomous object ac-
tions require responsibility management and lia-
IoT enables objects to become active partic- bility enforcement when detecting threats and re-
ipants. They become able to recognize events acting to attacks. Finally, most attacks can be pre-
and changes in their environment, and react more vented through a strong identification and recog-
or less autonomously without human intervention. nition of object owners.
Computer networks, instead of just being net-
works of calculators that process data, will become
intelligent networks capable of sensing, perceiving 8. Conclusion
and recognizing, acting and reacting, and will con-
tinue to evolve towards more autonomy. IoT is a new disruptive technology that will
As illustrated in figure 13, in parallel with the bring about an evolution in usage and in the sur-
increasing autonomy of objects to perceive and act rounding technological ecosystem. In this paper
on the environment, IoT security should move to- we have shown that this major evolution will cre-
wards a greater autonomy in perceiving threats ate its own security and privacy challenges. Most
and reacting to attacks, based on a cognitive, sys- of these challenges result from the inherent vulner-
temic approach. We summarize three IoT se- abilities of IoT objects and the tight coupling of
curity research axes: efficient security for tiny the physical world to the virtual world through
embedded networks, adaptive, context-aware and intelligent objects. This tight interaction high-
A Roadmap for Security Challenges in Internet of Things 27

lights a systemic dimension to IoT security that [14] J. Pescatore, G. Shpantzer, Securing the internet of
we proposed to use as a roadmap overview in this things survey, InfoSec Reading Room.
[15] D. Gil, A. Ferrandez, H. Mora-Mora, J. Peral, Inter-
work. We have then surveyed security related in- net of things: A review of surveys based on context
teractions and solutions: Privacy, Trust, Identifi- aware intelligent services, Sensors 16 (7) (2016) 1069.
cation and Access Control. In addition to high- doi:10.3390/s16071069.
lighting scientific and technological locks we have URL http://www.mdpi.com/1424-8220/16/7/1069
[16] A. Riahi, E. Natalizio, Y. Challal, N. Mitton, A. Iera,
shed some light on the main standardization ac- A systemic and cognitive approach for IoT security,
tivities and the open issues. We have shown that in: International Conference on Computing, Net-
the evolution of objects towards greater autonomy working and Communications (ICNC 2014), Hon-
intensifies the issues of security and privacy. Fi- olulu, United States, 2014, invited Paper.
[17] L. Kiely, T. V. Benzel, Systemic security manage-
nally, we have concluded that objects autonomy to ment, IEEE Security and Privacy 4 (6) (2006) 74–77.
perceive and act on their environment will cause [18] R. publishers (Ed.), Principles of Inductive Near
IoT security to move towards greater perceptive Field Communications for Internet of Things, 2011.
[19] C. Liu, Y. Zhang, Z. Cai, J. Yang, L. Peng, Artifi-
and actional autonomy based on a cognitive and
cial immunity-based security response model for the
systemic approach. internet of things., JCP 8 (12) (2013) 3111–3118.
[20] C. Liu, J. Yang, R. Chen, Y. Zhang, J. Zeng, Re-
search on immunity-based intrusion detection tech-
References nology for the internet of things., in: Y. Ding,
H. Wang, N. Xiong, K. Hao, L. Wang (Eds.), ICNC,
IEEE, 2011, pp. 212–216.
[1] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, [21] J. Pescatore, Securing the internet of things survey:
Internet of things (iot): A vision, architectural ele- A sans analyst survey, Tech. rep., SANS Institute
ments, and future directions, Future Gener. Comput. (January 2014).
Syst. 29 (7) (2013) 1645–1660. [22] S. Yu, M. Liu, W. Dou, X. Liu, S. Zhou, Net-
[2] H. Sundmaeker, P. Guillemin, P. Friess, S. Woelffle working for big data: A survey, IEEE Commu-
(Eds.), Vision and Challenges for Realising the Inter- nications Surveys Tutorials 19 (1) (2017) 531–549.
net of Things, 2010. doi:10.1109/COMST.2016.2610963.
[3] B. Zhu, A. Joseph, S. Sastry, A taxonomy of cyber [23] S. Yu, Big privacy: Challenges and op-
attacks on scada systems, in: Proceedings of the 2011 portunities of privacy study in the age of
International Conference on Internet of Things and big data, IEEE Access 4 (2016) 2751–2763.
4th International Conference on Cyber, Physical and doi:10.1109/ACCESS.2016.2577036.
Social Computing, ITHINGSCPSCOM ’11, IEEE [24] L. Sweeney, k-anonymity: A model for protecting pri-
Computer Society, Washington, DC, USA, 2011, pp. vacy, International Journal of Uncertainty, Fuzziness
380–388. and Knowledge-Based Systems 10 (5) (2002) 557–
[4] Y. Challal, Securite de l’internet des objets : vers une 570.
approche cognitive et systemique, Hdr, Universite de [25] W. Liu, B. Fang, L. Yin, X. Yu, A tree based lo-
Technologie de Compiegne (2012). cation privacy approach against multi-precision con-
[5] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou, tinuous attacks in the internet of things, Journal of
A. Bouabdallah, A systemic approach for iot secu- Information and Computational Science 9 (7) (2012)
rity, in: DCOSS, IEEE, 2013, pp. 351–355. 1807Ű1819.
[6] L. Atzori, A. Iera, G. Morabito, The internet of [26] Y. Xu, X. Qin, Z. Yang, Y. Yang, C. Huang, An
things: A survey, Comput. Netw. 54 (15) (2010) algorithm of k-anonymity for data releasing based on
2787–2805. fine-grained generalization, Journal of Information
[7] D. Miorandi, S. Sicari, F. De Pellegrini, I. Chlam- and Computational Science JICS 9 (11) (2012) 3071–
tac, Survey internet of things: Vision, applications 3080.
and research challenges, Ad Hoc Netw. 10 (7) (2012) [27] A. Machanavajjhala, D. Kifer, J. Gehrke, M. Venki-
1497–1516. tasubramaniam, L-diversity: Privacy beyond k-
[8] C. C. Aggarwal, N. Ashish, A. P. Sheth, The inter- anonymity, ACM Transactions on Knowledge Discov-
net of things: A survey from the data-centric per- ery from Data TKDD 1 (1) (2007) 146.
spective, in: C. C. Aggarwal (Ed.), Managing and [28] N. Li, T. Li, S. Venkatasubramanian, t-Closeness:
Mining Sensor Data, Springer, 2013, pp. 383–428. Privacy Beyond k-Anonymity and l-Diversity, in:
[9] O. Said, Accurate performance evaluation of internet 23rd International Conference on Data Engineering
multicast architectures: Hierarchical and fully dis- (ICDE 2007), IEEE, 2007, pp. 106–115.
tributed vs. service-centric, TIIS 7 (9) (2013) 2194– [29] M. V. R. NarasimhaRao, J.S.VenuGopalkrisna, R. V.
2212. Murthy, C. R. Ramesh, Closeness: privacy mea-
[10] C. Perera, A. B. Zaslavsky, P. Christen, D. Geor- sure for data publishing using multiple sensitive at-
gakopoulos, Context aware computing for the inter- tributes, International Journal of Engineering Sci-
net of things: A survey, CoRR abs/1305.0982. ence and Advanced Technology 2 (2) (2012) 278–284.
[11] O. Vermesan, P. Friess, P. Guillemin, S. Gusmeroli, [30] D. Rebollo-Monedero, J. Forn, J. Domingo-Ferrer,
H. Sundmaeker, A. Bassi, I. S. Jubert, M. Mazura, From t-closeness-like privacy to postrandomization
M. Harrison, M. Eisenhauer, P. Doody, Internet of via information theory, IEEE Trans. Knowl. Data
things strategic research roadmap, Tech. rep., IERC Eng. 22 (11) (2010) 1623–1636.
Cluster SRA (2011). [31] M. R. S. Abyaneh, Security analysis of lightweight
[12] J. Granjal, E. Monteiro, J. Silva, Security for the in- schemes for rfid systems, Tech. rep., dissertation
ternet of things: A survey of existing protocols and for the degree of philosophiae doctor, university of
open research issues, Communications Surveys Tuto- bergen Norway (2012).
rials, IEEE PP (99) (2015) 1–1. [32] M. Cazorla, K. Marquet, M. Minier, Survey and
[13] S. Sicari, A. Rizzardi, L. A. Grieco, A. Coen-Porisini, benchmark of lightweight block ciphers for wireless
Security, privacy and trust in internet of things: The sensor networks, in: P. Samarati (Ed.), SECRYPT,
road ahead, Computer Networks 76 (2015) 146–164.
A Roadmap for Security Challenges in Internet of Things 28

SciTePress, 2013, pp. 543–548. [47] W. Wu, L. Z. 0012, Lblock: A lightweight block ci-
[33] K. A. McKay, L. Bassham, M. S. Turan, N. Mouha, pher, in: J. Lopez, G. Tsudik (Eds.), ACNS, Vol.
Report on lightweight cryptography, draft nistir 6715 of Lecture Notes in Computer Science, 2011,
8114, Tech. rep., National Institute of Standards and pp. 327–344.
Technology (August 2016). [48] R. Beaulieu, D. Shors, J. Smith, S. Treatman-
[34] D. Kim, J.-Y. Choi, J.-E. Hong, Evaluating Clark, B. Weeks, L. Wingers, Simon and speck:
energy efficiency of internet of things software Block ciphers for the internet of things, Cryptology
architecture based on reusable software com- ePrint Archive, Report 2015/585, http://eprint.
ponents, International Journal of Distributed iacr.org/2015/585 (2015).
Sensor Networks 13 (1) (2017) 1550147716682738. [49] Q. Chai, G. Gong, A cryptanalysis of hummingbird-
doi:10.1177/1550147716682738. 2: The differential sequence analysis, IACR Cryptol-
URL http://dx.doi.org/10.1177/ ogy ePrint Archive 2012 (2012) 233.
1550147716682738 [50] D. Lee, D.-C. Kim, D. Kwon, H. Kim, Efficient hard-
[35] C. H. Lim, T. Korkishko, mcrypton - a lightweight ware implementation of the lightweight block encryp-
block cipher for security of low-cost rfid tags and sen- tion algorithm lea, Sensors 14 (1) (2014) 975–994.
sors, in: J. Song, T. Kwon, M. Yung (Eds.), WISA, doi:10.3390/s140100975.
Vol. 3786 of Lecture Notes in Computer Science, URL http://www.mdpi.com/1424-8220/14/1/975
Springer, 2005, pp. 243–258. [51] A. K. Manjulata, Survey on lightweight primitives
[36] D. Hong, J. Sung, S. Hong, J. Lim, S. Lee, B. Koo, and protocols for rfid in wireless sensor networks, In-
C. Lee, D. Chang, J. Lee, K. Jeong, H. Kim, J. Kim, ternational Journal of Communication Networks and
S. Chee, Hight: A new block cipher suitable for low- Information Security (IJCNIS) 6 (1) (2014) 29–43.
resource device, in: L. Goubin, M. Matsui (Eds.), [52] M. Hell, T. Johansson, W. Meier, Grain: a stream
Cryptographic Hardware and Embedded Systems - cipher for constrained environments, IJWMC 2 (1)
CHES 2006, 8th International Workshop, Yokohama, (2007) 86–93.
Japan, October 10-13, 2006, Proceedings, Vol. 4249 [53] C. D. Canniere, B. Preneel, Trivium specifications,
of Lecture Notes in Computer Science, Springer, eSTREAM, ECRYPT Stream Cipher Project.
2006, pp. 46–59. [54] P. Kitsos, N. Sklavos, M. Parousi, A. N. Skodras,
[37] F. Mace, F.-X. Standaert, J.-J. Quisquater, Asic im- A comparative study of hardware architectures for
plementations of the block cipher sea for constrained lightweight block ciphers, Computers and Electrical
applications, in: Proceedings of the Third Interna- Engineering 38 (1) (2012) 148–160.
tional Conference on RFID Security - RFIDSec 2007, [55] X. Fan, K. Mandal, G. Gong, WG-8: A Lightweight
2007, pp. 103–114. Stream Cipher for Resource-Constrained Smart De-
[38] G. Leander, C. Paar, A. Poschmann, K. Schramm, vices, Springer Berlin Heidelberg, Berlin, Heidelberg,
New lightweight des variants, in: A. Biryukov (Ed.), 2013, pp. 617–632. doi:10.1007/978-3-642-37949-
FSE, Vol. 4593 of Lecture Notes in Computer Sci- 9_54.
ence, Springer, 2007, pp. 196–210. [56] E. Dubrova, M. Hell, Espresso: A stream ci-
[39] T. Shirai, K. Shibutani, T. Akishita, S. Moriai, pher for 5g wireless communication systems,
T. Iwata, The 128-bit blockcipher clefia (extended Cryptography and Communications (2015) 1–
abstract), in: A. Biryukov (Ed.), FSE, Vol. 4593 of 17doi:10.1007/s12095-015-0173-2.
Lecture Notes in Computer Science, Springer, 2007, URL http://dx.doi.org/10.1007/
pp. 181–195. s12095-015-0173-2
[40] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, [57] M. David, D. C. Ranasinghe, T. Larsen, A2u2:
A. Poschmann, M. J. B. Robshaw, Y. Seurin, A stream cipher for printed electronics rfid tags,
C. Vikkelsoe, Present: An ultra-lightweight block ci- in: IEEE International Conference on RFID (IEEE
pher, in: P. Paillier, I. Verbauwhede (Eds.), CHES, RFID 2011), Orlando, Florida, USA, 2011.
Vol. 4727 of Lecture Notes in Computer Science, [58] D. Watanabe, T. Owada, K. Okamoto, Y. Igarashi,
Springer, 2007, pp. 450–466. T. Kaneko, Update on enocoro stream cipher, in:
[41] C. D. Cannire, O. Dunkelman, M. Knezevic, Katan ISITA, IEEE, 2010, pp. 778–783.
and ktantan - a family of small and efficient [59] C. Manifavas, G. Hatzivasilis, K. Fysarakis,
hardware-oriented block ciphers, in: C. Clavier, K. Rantos, Lightweight cryptography for embedded
K. Gaj (Eds.), CHES, Vol. 5747 of Lecture Notes systems - a comparative analysis, in: DPM/SETOP,
in Computer Science, Springer, 2009, pp. 272–288. 2013, pp. 333–349.
[42] G. N. Khan, J. Yu, F. Yuan, Xtea based secure au- [60] A. Bogdanov, G. Leander, C. Paar, A. Poschmann,
thentication protocol for rfid systems., in: H. Wang, M. J. B. Robshaw, Y. Seurin, Hash functions and
J. Li, G. N. Rouskas, X. Zhou (Eds.), ICCCN, IEEE, rfid tags: Mind the gap, in: E. Oswald, P. Rohatgi
2011, pp. 1–6. (Eds.), CHES, Vol. 5154 of Lecture Notes in Com-
[43] 3rd Generation Partnership Project, Specification of puter Science, Springer, 2008, pp. 283–299.
the 3GPP Confidentiality and Integrity Algorithms [61] A. Shamir, Squash - a new mac with provable secu-
- Document 2: KASUMI Specification (Release 6), rity properties for highly constrained devices such as
Tech. Rep. 3GPP TS 35.202 V6.1.0 (2005-09) (2005). rfid tags, in: K. Nyberg (Ed.), FSE, Vol. 5086 of Lec-
[44] J. G. 0001, T. Peyrin, A. Poschmann, M. J. B. Rob- ture Notes in Computer Science, Springer, 2008, pp.
shaw, The led block cipher, in: B. Preneel, T. Takagi 144–157.
(Eds.), CHES, Vol. 6917 of Lecture Notes in Com- [62] E. B. Kavun, T. Yalin, A lightweight implementation
puter Science, Springer, 2011, pp. 326–341. of keccak hash function for radio-frequency identifi-
[45] Z. Gong, S. Nikova, Y. W. Law, Klein: A new fam- cation applications, in: S. B. O. Yalcin (Ed.), RFID-
ily of lightweight block ciphers, in: A. Juels, C. Paar Sec, Vol. 6370 of Lecture Notes in Computer Science,
(Eds.), RFIDSec, Vol. 7055 of Lecture Notes in Com- Springer, 2010, pp. 258–269.
puter Science, Springer, 2011, pp. 1–18. [63] M. O’Neill, M. J. B. Robshaw, Low-cost digital signa-
[46] K. Shibutani, T. Isobe, H. Hiwatari, A. Mitsuda, ture architecture suitable for radio frequency identifi-
T. Akishita, T. Shirai, Piccolo: An ultra-lightweight cation tags, IET Computers and Digital Techniques
blockcipher, in: B. Preneel, T. Takagi (Eds.), CHES, 4 (1) (2010) 14–26.
Vol. 6917 of Lecture Notes in Computer Science, [64] J.-P. Aumasson, L. Henzen, W. Meier, M. Naya-
Springer, 2011, pp. 342–357. Plasencia, Quark: A lightweight hash, in: S. Man-
A Roadmap for Security Challenges in Internet of Things 29

gard, F.-X. Standaert (Eds.), CHES, Vol. 6225 of 978-3-642-14992-4\_4


Lecture Notes in Computer Science, Springer, 2010, [80] A. Juels, R. L. Rivest, M. Szydlo, The blocker tag:
pp. 1–15. Selective blocking of rfid tags for consumer privacy,
[65] S. Badel, N. Dagtekin, J. Nakahara, K. Ouafi, in: 8th ACM Conference on Computer and Commu-
N. Reffe, P. Sepehrdad, P. Susil, S. Vaudenay, Ar- nications Security, ACM Press, 2003, pp. 103–111.
madillo: A multi-purpose cryptographic primitive [81] S. Ahson, M. Ilyas, RFID Handbook: Applications,
dedicated to hardware, in: CHES, 2010, pp. 398– Technology, Security, and Privacy, CRC Press, 2008.
412. [82] A. Juels, J. G. Brainard, Soft blocking: flexible
[66] J. Guo, T. Peyrin, A. Poschmann, The photon family blocker tags on the cheap, in: V. Atluri, P. F. Syver-
of lightweight hash functions, in: P. Rogaway (Ed.), son, S. D. C. di Vimercati (Eds.), WPES, ACM,
CRYPTO, Vol. 6841 of Lecture Notes in Computer 2004, pp. 1–7.
Science, Springer, 2011, pp. 222–239. [83] M. Langheinrich, A survey of RFID privacy ap-
[67] A. Bogdanov, M. Knezevic, G. Leander, D. Toz, proaches, Personal and Ubiquitous Computing 13 (6)
K. Varici, I. Verbauwhede, spongent: A lightweight (2009) 413–421.
hash function, in: B. Preneel, T. Takagi (Eds.), [84] S. L. Garfinkel, A. Juels, R. Pappu, Rfid privacy: An
CHES, Vol. 6917 of Lecture Notes in Computer Sci- overview of problems and proposed solutions, IEEE
ence, Springer, 2011, pp. 312–325. Security and Privacy 3 (3) (2005) 34–43.
[68] D. Bernstein, Cubehash: a simple hash function. [85] M. Abu-Elkheir, M. Hayajneh, N. A. Ali, Data man-
URL http://cubehash.cr.yp.to/ agement for the internet of things: Design primitives
[69] T. P. Berger, J. D’Hayer, K. Marquet, M. Minier, and solution, Sensors 13 (11) (2013) 15582–15612.
G. T. 0002, The gluon family: A lightweight hash [86] Y. Zhang, L. Yang, J. Chen, RFID and Sensor Net-
function family based on fcsrs, in: A. Mitrokotsa, works: Architectures, Protocols, Security, and Inte-
S. Vaudenay (Eds.), AFRICACRYPT, Vol. 7374 of grations, Wireless Networks and Mobile Communi-
Lecture Notes in Computer Science, Springer, 2012, cations, Taylor and Francis, 2010.
pp. 306–323. [87] Y. Sang, H. Shen, Y. Inoguchi, Y. Tan, N. Xiong, Se-
[70] X. Guo, P. Schaumont, The Technology Depen- cure data aggregation in wireless sensor networks: A
dence of Lightweight Hash Implementation Cost, in: survey, in: Seventh International Conference on Par-
ECRYPT Workshop on Lightweight Cryptography allel and Distributed Computing, Applications and
(LC2011), 2011. Technologies (PDCAT 2006), 4-7 December 2006,
[71] J. Fan, L. Batina, I. Verbauwhede, Hecc goes em- Taipei, Taiwan, IEEE Computer Society, 2006, pp.
bedded: An area-efficient implementation of hecc, in: 315–320.
R. M. Avanzi, L. Keliher, F. Sica (Eds.), Selected Ar- [88] L. Veltri, S. Cirani, S. Busanelli, G. Ferrari, A novel
eas in Cryptography, Vol. 5381 of Lecture Notes in batch-based group key management protocol applied
Computer Science, Springer, 2008, pp. 387–400. to the internet of things, Ad Hoc Networks 11 (8)
[72] J. Hoffstein, J. Pipher, J. H. Silverman, Ntru: A ring- (2013) 2724–2737.
based public key cryptosystem, in: Lecture Notes in [89] J. van den Hoven (Chair Ethics Subgroup IoT Ex-
Computer Science, Springer-Verlag, 1998, pp. 267– pert Group), Fact sheet ethics subgroup iot, ver-
288. sion 4.0, Tech. rep., Delft University of Technology
[73] M.-J. O. Saarinen, The bluejay ultra-lightweight hy- (2012).
brid cryptosystem, in: IEEE Symposium on Secu- [90] J. H. Cho, A. Swami, I. Chen, A survey on trust man-
rity and Privacy Workshops, IEEE Computer Soci- agement for mobile ad hoc networks, IEEE Commu-
ety, 2012, pp. 27–32. nications Surveys and Tutorials 13 (4) (2011) 562–
[74] W. Che, H. Deng, W. Tan, J. Wang, A Random 583.
Number Generator for Application in RFID Tags, [91] D. Gambetta, Can We Trust Trust?, Trust: Making
Springer Berlin Heidelberg, 2008, Ch. 16, pp. 279– and Breaking Cooperative Relations, electronic edi-
287. tion, Department of Sociology, University of Oxford
[75] J. Melia-Segui, J. Garcia-Alfaro, J. Herrera- (2000) 213–237.
Joancomarti, Analysis and Improvement of a Pseudo- [92] D. H. Mcknight, N. L. Chervany, The meanings of
random Number Generator for EPC Gen2 Tags, in: trust, Tech. rep. (1996).
1st International Workshop on Lightweight Cryptog- [93] S. Etalle, J. den Hartog, S. Marsh, Trust and pun-
raphy for Resource-Constrained Devices – WLC’10, ishment, in: F. Davide (Ed.), Autonomics, Vol. 302
Lecture Notes in Computer Science, Springer, Tener- of ACM International Conference Proceeding Series,
ife, Canary Islands, Spain, 2010. ACM, 2007, p. 5.
[76] P. Peris-Lopez, J. C. H. Castro, J. M. Estvez- [94] G. Suryanarayana, R. N. Taylor, A survey of trust
Tapiador, A. Ribagorda, Lamed - a prng for epc class- management and resource discovery technologies
1 generation-2 rfid specification, Computer Stan- in peer-to-peer applications, tech. rep. uci-isr-04-6,
dards and Interfaces 31 (1) (2009) 88–97. Tech. rep., The University of California, Irvine, Cal-
[77] W. Che, H. Deng, W. Tan, J. Wang, A Random ifornia, USA (2004).
Number Generator for Application in RFID Tags, [95] T. H. Noor, Q. Z. Sheng, S. Zeadally, J. Yu, Trust
Springer Berlin Heidelberg, Berlin, Heidelberg, 2008, management of services in cloud environments: Ob-
pp. 279–287. doi:10.1007/978-3-540-71641-9_16. stacles and solutions, ACM Comput. Surv. 46 (1)
URL http://dx.doi.org/10.1007/ (2013) 12.
978-3-540-71641-9\_16 [96] S. Song, K. Hwang, Y.-K. Kwok, Trusted grid com-
[78] K. Mandal, X. Fan, G. Gong, Warbler: A lightweight puting with security binding and trust integration, J.
pseudorandom number generator for EPC C1 Gen2 Grid Comput. 3 (1-2) (2005) 53–73.
passive RFID tags, International Journal of RFID [97] R. Chen, W. Yeager, Poblano a distributed trust
Security and Cryptography 2 (1) (2013) 82–91. model for peer-to-peer networks, Springer.
[79] J. Melia-Segui, J. Garcia-Alfaro, J. Herrera- [98] B. Bhargava, A. B. Can, B. Bhargava, Sort: A
Joancomarti, Analysis and Improvement of a self-organizing trust model for peer-to-peer systems
Pseudorandom Number Generator for EPC Gen2 (2006).
Tags, Springer Berlin Heidelberg, Berlin, Heidelberg, [99] Y. Wang, V. Varadharajan, Role-based recommen-
2010, pp. 34–46. doi:10.1007/978-3-642-14992-4_4. dation and trust evaluation, in: CEC/EEE, IEEE
URL http://dx.doi.org/10.1007/ Computer Society, 2007, pp. 278–288.
A Roadmap for Security Challenges in Internet of Things 30

[100] E. Damiani, S. D. C. di Vimercati, S. Paraboschi, ence, Springer, 2009, pp. 275–289.


P. Samarati, F. Violante, A reputation-based ap- [120] W. Conner, A. Iyengar, T. A. Mikalsen, I. Rouvel-
proach for choosing reliable resources in peer-to-peer lou, K. Nahrstedt, A trust management framework
networks, in: V. Atluri (Ed.), ACM Conference for service-oriented environments., in: J. Quemada,
on Computer and Communications Security, ACM, G. Len, Y. S. Maarek, W. Nejdl (Eds.), WWW,
2002, pp. 207–216. ACM, 2009, pp. 891–900.
[101] S. D. Kamvar, M. T. Schlosser, H. Garcia-Molina, [121] Z. Malik, A. Bouguettaya, Rater credibility assess-
The eigentrust algorithm for reputation management ment in web services interactions., World Wide Web
in p2p networks, in: Proceedings of the Twelfth In- 12 (1) (2009) 3–25.
ternational World Wide Web Conference, 2003. [122] Z. Malik, A. Bouguettaya, Rateweb: Reputation
[102] L. Xiong, L. Liu, Peertrust: Supporting reputation- assessment for trust establishment among web ser-
based trust for peer-to-peer electronic communities, vices., VLDB J. 18 (4) (2009) 885–911.
IEEE Transactions on Knowledge and Data Engi- [123] Z. Malik, A. Bouguettaya, Reputation bootstrapping
neering 16 (7) (2004) 843–857. for trust establishment among web services., IEEE
[103] R. Aringhieri, Assessing efficiency of trust manage- Internet Computing 13 (1) (2009) 40–47.
ment in peer-to-peer systems, in: WETICE, IEEE [124] F. Skopik, D. Schall, S. Dustdar, Trustworthy inter-
Computer Society, 2005, pp. 368–374. action balancing in mixed service-oriented systems.,
[104] M. Srivatsa, L. Liu, Securing decentralized reputa- in: S. Y. Shin, S. Ossowski, M. Schumacher, M. J.
tion management using trustguard, J. Parallel Dis- Palakal, C.-C. Hung (Eds.), SAC, ACM, 2010, pp.
trib. Comput. 66 (9) (2006) 1217–1232. 799–806.
[105] R. Zhou, K. Hwang, Trust overlay networks for [125] N. Santos, K. P. Gummadi, R. Rodrigues, Towards
global reputation aggregation in p2p grid computing, Trusted Cloud Computing, in: HOTCLOUD, 2009.
in: IPDPS, IEEE, 2006. [126] J. Yao, S. Chen, C. Wang, D. Levy, J. Zic, Account-
[106] X. Liu, A. Datta, A trust prediction approach cap- ability as a service for the cloud., in: IEEE SCC,
turing agents dynamic behavior, in: T. Walsh (Ed.), IEEE Computer Society, 2010, pp. 81–88.
IJCAI, IJCAI/AAAI, 2011, pp. 2147–2152. [127] F. J. Krautheim, D. S. Phatak, A. T. Sherman, In-
[107] Y. Aytas, H. Ferhatosmanoglu, zgr Ulusoy, Link rec- troducing the trusted virtual environment module:
ommendation in p2p social networks (2012). A new mechanism for rooting trust in cloud comput-
[108] P. Domingues, B. Sousa, L. M. Silva, Sabotage- ing., in: A. Acquisti, S. W. Smith, A.-R. Sadeghi
tolerance and trust management in desktop grid com- (Eds.), TRUST, Vol. 6101 of Lecture Notes in Com-
puting, Future Generation Comp. Syst. 23 (7) (2007) puter Science, Springer, 2010, pp. 211–227.
904–912. [128] S. M. Habib, S. Ries, M. Muhlhauser, Towards a
[109] F. Azzedin, M. Maheswaran, Integrating trust into trust management system for cloud computing, in:
grid resource management systems, in: ICPP, IEEE Proceedings of the 2011IEEE 10th International Con-
Computer Society, 2002, pp. 47–54. ference on Trust, Security and Privacy in Computing
[110] F. Azzedin, M. Maheswaran, Towards trust-aware and Communications, TRUSTCOM ’11, IEEE Com-
resource management in grid computing systems, in: puter Society, Washington, DC, USA, 2011, pp. 933–
CCGRID, IEEE Computer Society, 2002, pp. 452– 939. doi:10.1109/TrustCom.2011.129.
457. [129] P. D. Manuel, S. T. Selvi, M. I. A.-E. Barr, Trust
[111] F. Azzedin, M. Maheswaran, A trust brokering sys- management system for grid and cloud resources, in:
tem and its application to resource management in International Conference on Advanced Computing,
public-resource grids, in: IPDPS, IEEE Computer 2009. doi:10.1109/ICADVC.2009.5378187.
Society, 2004. [130] T. H. Noor, Q. Z. Sheng, Credibility-based trust
[112] C. Lin, V. Varadharajan, Y. W. 0002, V. Pruthi, management for services in cloud environments., in:
Enhancing grid security with trust management, in: G. Kappel, Z. Maamar, H. R. M. Nezhad (Eds.), IC-
IEEE SCC, IEEE Computer Society, 2004, pp. 303– SOC, Vol. 7084 of Lecture Notes in Computer Sci-
310. ence, Springer, 2011, pp. 328–343.
[113] H. Kim, H. Lee, W. Kim, Y. Kim, A trust evaluation [131] T. H. Noor, Q. Z. Sheng, Trust as a service: A frame-
model for qos guarantee in cloud systems, Interna- work for trust management in cloud environments.,
tional Journal of Grid and Distributed Computing in: WISE, Vol. 6997 of Lecture Notes in Computer
3 (1) (2010) 1–10. Science, Springer, 2011, pp. 314–321.
[114] K. Ramachandran, H. Lutfiyya, M. Perry, Decen- [132] S. D. C. di Vimercati, S. Foresti, S. Jajodia, S. Para-
tralized resource availability prediction for a desktop boschi, G. Psaila, P. Samarati, Integrating trust man-
grid, in: CCGRID, IEEE, 2010, pp. 643–648. agement and access control in data-intensive web ap-
[115] Anjali, S. Khurana, M. Sharma, Efficient grid re- plications., TWEB 6 (2) (2012) 6.
source selection based on performance measures, In- [133] C. E. Briguez, F. M. Sagui, M. Capobianco, A. G.
ternational Journal of Computing Science and Com- Maguitman, System Architecture for Trust-Based
munication Technologies - TECHNIA 4 (2). News Recommenders on the Web, in: XVII Work-
[116] H. Skogsrud, B. Benatallah, F. Casati, F. Toumani, shop de Agentes y Sistemas Inteligentes - CACIC
Managing impacts of security protocol changes in 2011: XVII Congreso Argentino de Ciencias de la
service-oriented applications., in: ICSE, IEEE Com- Computación, La Plata, Buenos Aires, Argentina,
puter Society, 2007, pp. 468–477. 2011.
[117] H. Skogsrud, H. R. M. Nezhad, B. Benatallah, [134] K. Zolfaghar, A. Aghaie, A syntactical approach for
F. Casati, Modeling trust negotiation for web ser- interpersonal trust prediction in social web appli-
vices., IEEE Computer 42 (2) (2009) 54–61. cations: Combining contextual and structural data,
[118] S. Park, L. Liu, C. Pu, M. Srivatsa, J. Zhang, Re- Knowl.-Based Syst. 26 (2012) 93–102.
silient trust management for web service integration., [135] V. D. Gligor, J. M. Wing, Towards a theory of trust
in: ICWS, IEEE Computer Society, 2005, pp. 499– in networks of humans and computers, in: B. Chris-
506. tianson, B. Crispo, J. A. Malcolm, F. Stajano (Eds.),
[119] F. Skopik, D. Schall, S. Dustdar, Start trusting Security Protocols Workshop, Vol. 7114 of Lecture
strangers? bootstrapping and prediction of trust., Notes in Computer Science, Springer, 2011, pp. 223–
in: G. Vossen, D. D. E. Long, J. X. Yu (Eds.), 242.
WISE, Vol. 5802 of Lecture Notes in Computer Sci- [136] L. Atzori, A. Iera, G. Morabito, Siot: Giving a social
A Roadmap for Security Challenges in Internet of Things 31

structure to the internet of things, IEEE Communi- policy attribute-based encryption, in: Proceedings
cations Letters 15 (11) (2011) 1193–1195. of the 2007 IEEE Symposium on Security and Pri-
[137] M. Nitti, R. Girau, L. Atzori, A. Iera, G. Morabito, vacy, IEEE Computer Society, 2007, pp. 321–334.
A subjective model for trustworthiness evaluation in [152] G. Bianchi, A. T. Capossele, C. Petrioli, D. Spenza,
the social internet of things, in: PIMRC, IEEE, 2012, Agree: exploiting energy harvesting to support data-
pp. 18–23. centric access control in {WSNs}, Ad Hoc Networks
[138] C. Pastrone, D. Rotondi, A. Skarmeta, H. Sund- 11 (8) (2013) 2625 – 2636.
maeker, O. Vermesan, S. Ziegler, P. T. Kirstein, [153] J. B. Dennis, E. C. Van Horn, Program-
S. Varakliotis, A. Al-Hezmi, Z. Xueli, L. Yang, T. Ye, ming semantics for multiprogrammed computa-
X. Pengfei, W. Dongya, Z. Xu, M. Wenjing, Internet tions, Commun. ACM 9 (3) (1966) 143–155.
of things, eu-china joint white paper on internet-of- doi:10.1145/365230.365252.
things identification, Tech. rep., European Research URL http://doi.acm.org/10.1145/365230.365252
Cluster on the Internet of Things (November 2014). [154] N. R. P. Parikshit N. Mahalle, Bayu Anggorojati,
[139] P. Peris-Lopez, J. C. H. Castro, J. M. Estvez- R. Prasad, Identity authentication and capability
Tapiador, A. Ribagorda, An ultra light authentica- based access control (iacac) for the internet of things,
tion protocol resistant to passive attacks under the Journal of Cyber Security and Mobility 1 (4) (2013)
gen-2 specification, J. Inf. Sci. Eng. 25 (1) (2009) 309–348.
33–57. [155] B. Anggorojati, P. Mahalle, N. Prasad, R. Prasad,
[140] J. Miao, L. Wang, Rapid identification authentica- Capability-based access control delegation model on
tion protocol for mobile nodes in internet of things the federated iot network, in: Wireless Personal Mul-
with privacy protection, JNW 7 (7) (2012) 1099– timedia Communications (WPMC), 2012 15th Inter-
1105. national Symposium on, 2012, pp. 604–608.
[141] N. P. S. Ian F. Blake, Gadiel Seroussi, Advances in [156] N. R. P. Parikshit N. Mahalle, Bayu Anggorojati,
Elliptic Curve Cryptography, London Mathematical R. Prasad, Identity establishment and capability
Society Lecture Note Series, Springer, 2005. based access control (iecac) scheme for internet of
[142] S. B. Tom J. Kamierski, Energy Harvesting Systems: things, in: Wireless Personal Multimedia Commu-
Principles, Modeling and Applications, Springer, nications (WPMC), 2012 15th International Sympo-
2010. sium on, 2012, pp. 187–191.
[143] D. N. Duc, J. Kim, K. Kim, Scalable grouping-proof [157] L. H.-R. Jose, J. J. Antonio, M. Leandro, F. S. Anto-
protocol for rfid tags, in: Proceedings of the Sym- nio, Distributed capability-based access control for
posium on Cryptography and Information Security, the internet of things, Journal of Internet Services
Takamatsu, Japan, 2010. and Information Security (JISIS) 3 (3-4) (2013) 1–
[144] W.-T. Ko, S.-Y. Chiou, E.-H. Lu, H. K.-C. Chang, A 16.
privacy-preserving grouping proof protocol based on [158] P. Mahalle, P. Thakre, N. Prasad, R. Prasad, A
ecc with untraceability for rfid, Applied Mathematics fuzzy approach to trust based access control in inter-
3 (4) (2012) 336–341. net of things, in: Wireless Communications, Vehic-
[145] G. P. Hancke, Design of a secure distance-bounding ular Technology, Information Theory and Aerospace
channel for rfid, J. Network and Computer Applica- Electronic Systems (VITAE), 2013 3rd International
tions 34 (3) (2011) 877–887. Conference on, 2013, pp. 1–5.
[146] A. Fernndez-Mir, R. Trujillo-Rasua, J. Castell-Roca, [159] S. T. Tim Polk, Security challenges for the internet
J. Domingo-Ferrer, A scalable rfid authentication of things, in: Workshop on Interconnecting Smart
protocol supporting ownership transfer and con- Objects with the Internet, 2011.
trolled delegation, in: A. Juels, C. Paar (Eds.),
RFID. Security and Privacy - 7th International
Workshop, RFIDSec 2011, Amherst, USA, June 26-
28, 2011, Revised Selected Papers, Vol. 7055 of Lec-
ture Notes in Computer Science, Springer, 2011, pp.
147–162.
[147] J. B. Rachel Greenstadt, Cognitive security for per-
sonal devices, in: ACM Workshop on Artificial Intel-
ligence and Security, ACM Conference on Computer
and Communications Security, ACM, 2008, pp. 27–
30.
[148] S. Gusmeroli, S. Piccione, D. Rotondi, A capability-
based security approach to manage access control in
the internet of things, Mathematical and Computer
Modelling 58 (5Ű6) (2013) 1189 – 1205, the Mea-
surement of Undesirable Outputs: Models Develop-
ment and Empirical Analyses and Advances in mo-
bile, ubiquitous and cognitive computing.
[149] J. Liu, Y. Xiao, C. P. Chen, Internet of things’ au-
thentication and access control, Int. J. Secur. Netw.
7 (4) (2012) 228–241.
[150] I. Bouij-Pasquier, A. A. Ouahman, A. A. E. Kalam,
M. O. de Montfort, Smartorbac security and privacy
in the internet of things, in: 12th IEEE/ACS
International Conference of Computer Systems
and Applications, AICCSA 2015, Marrakech,
Morocco, November 17-20, 2015, 2015, pp. 1–8.
doi:10.1109/AICCSA.2015.7507098.
URL http://dx.doi.org/10.1109/AICCSA.2015.
7507098
[151] J. Bethencourt, A. Sahai, B. Waters, Ciphertext-

You might also like