Introduction
SSR cic’ uk ane ceca Tai nceccie mesg
and industry due to its wide range of applications
aU MR tL eM Rela ees) oO ne RCo Lele
SCT eee ale LeCO-ae Reogoee ae Role
+ Devices like RFID and sensor nodes most often have no access control
functionality and can freely obtain information from each other
PCr To ae eMart eee Utne ur ua
Cee ech ecu ier ue eR uC rect g er oroie OLAIntroduction
Siac gece ect MOC tie uee heel cane cane lu
its benefits
SCR USCC Rectan Cen une cere ne aL
eset a eu ec te Cea toc acl ln
Pana Cane
Sa eeu een uel Che tc em Ceaser ace ome
Cees hc ransuCu aku acuecies eu muelclicesSee eee?
See eee co ek
ee ec ty
Ee eae ec!
Ree ed
Ce
targeted system and all
pecan tere
Pee ay
Retest eo ne
emg
Cs
Pr
Parc
Beets
Dee atc
Sree een
services which they are
Prod
For example unauthorized
ren
eee
Dee aed
authentic use
Sos
vet
Sy
Ce ee eae etd
er
Identity-based verification should be done before
ou eee
Seo
Pon et etc
ene
Secure design of access rights,
pee
pene Erect)
Prema
fect ra
‘Access of shared resources over
een tet
resources, or data flow, and
erence
eee ae ay
Et acne eee renee
Ce ere ere)
ets| { f |
acedecneel eter ial
Resistance
ae ; ] |
peo race oifiles Scalability
Requirements Management
Dre) et eUr
ENTE NG
eo emrliNg AdaptabilityDatabase)
Bluetooth“
i ~f- |
ACCESS CONTROL
AUTHENTICATION
NON-REPLDIATION
DATA CONFIDENTIALITY
DATA INTEGRITY
AVAILABILITY
Http Front
En
COMMUNICATION SECURITY
in
Internet of Things( Access Control
* Provides authorized access to network resources
See eee eee eSe ie ea hee tears Cn eng
See au eC hi aie ei
[ PMT aT ater] }
* An identity establishment between communicating parties (devices)
* Due to diversity of devices, and end users, there should be an attack resistant
Pat ase nee une iucae doh
Data Confidentiality ]
* Protecting data from unauthorized disclosure and data tampering
* Secure, lightweight, and efficient key exchange mechanism is required due to
emruiden meleAvailability
Cea aan aC Role iene re Rete OMe elL ae toll gay
* Access control and availability problems are critical due to the wireless
UE Keele Rell)
Trust Management
* Trust management, and trust-based access control are basic requirements
Tm CoM Mele R come M columella d
CPT les (ematical tte Bro oe Vell eRe met cmul ilu
Secure Storage
Crean amok Caen nnnary
systemfemeaneas
* Refers to the desire to maintain these security requirements even when the device falls into the
hands of malicious parties, and can be physically or logically probed
Eero j
* loT system will consist of various devices of different capabilities, communication means,
protocols and across different geographical locations
SoCo nu ccm mcr ent acer
+ Dealing with such type of system, scalability is an important point in designing a security solution
[Flexibility ree
ear eg See nee Re eel
type of environment to others with different type of risks and security threats
* Also, users are likely to have different privacy profile depending on environment or with whom
aM
+ Therefore, flexibility and adaptability are other important requirements for security solution in
1s
fee) ee eeeIdentity Management for Devices
SCAG eRe sank lata slet Terma.
+ Identity delegation, imprinting of identity in things, merging identities to
ere Mu ie es clea acicn
+ Trust Management, Circles of Trust (loT belonging to different owners)
+ Identity and privacy
SPN nlele la esou ui og ol
+ Secure attribute exchange, and selective disclosure of attributes inside loT.Secure Interactions in/with loT
- Secure, and certified context information for things
STORM Men men cle Rca cce evi sch Tm LE
+ Interaction of things in a Better-Than-Nothing Security (BTNS) environment
Sete CMe TI Re eT ase eat Re ereRectul temic Me eel a ALE LaLeS ech
resolution and indexing of things
+ Auditing of interactions with things
Bree ent MTin Te Cel Time aii aSpeed
Distributed Access Control and Privacy
Se Cac aeRmetnencehG Cul MN Cuurn un sen Cun aT -o
Reese ene ues cur aed terse) laa ears eT una aT
+ Privacy-aware policy-based authorization systems with deductive policies,
Preece coin
Sac eae sled valet eee Rane icnt nan Ole
Se PTilualoe-ledelelUlec Maret lee l aR Colma lay 19
mete eR Un Cen CMM Ue armen
CCTM TCC re tOmeich aaiccubee alten c ects
policies.Secure Data Management and Exchange
See mu Turin urucl secant a
Beet Re Curae cuataa tr Ce Revs dee eeu] a
ies
Serre tn aut acc Rian Tet rer un cimtrce)
make them understand the usage of their identities, and data by things
Bea che stan ucunom crue Takum h tec
ard soled
- Secure storage, and deletion of audit data in a distributed loT environment.Privacy
pata Rm Meee) 1kC eeelLeo) a o
SOAR RS octets R RM eeu Racy Reel ani
Seem eer mcg carter
Pa ncee caecum nCan ee Cieccehimecciecucctt
networks, loT users and devices have to access the digital world with wide
range of protocols and methods.
- Further, as ownership of these devices by tlie users does not exist, the issue
CS Ae caucusSecurity Structure
Se MOM Met) 9) (cool ae ale ee) (mL
Se tM Ma eeu et mucus tees
eR eure Cun ceime ukemi as
Beer aun ease ck React eect sis
structure with the combination of control and information.
ere nea een een ei uc ues Reamer)
Perea CMcCuNeut cca comarca ceri om
- Furthermore, the solution for authentication and access control must be
Else los resistant from the well-known attacks.Key Elements of loT Security
- Threats are potential causes of an event that could breach security and
etter eres areas
Se eer meet crest ama usu cert ca
Pera
BICC hues Meret mole sek tes et)
meee cerca: Maco er ace eran utr
ET Cer eset a ooKey Elements of loT Security
Seto ale MMMM celta ale nrele Cee-Lo (6 (km Tel eV ATL}
* Enabling smart and intelligent behavior of networked objects
Steen ins TPAC caterer ekems sac
Saeco ec ela eR Cause)
Seale erel gae Leo ad
Ore Mem uel eee mum oe 4
Soa Re acolmael (Reel ea) 4 Carita
* Data ownership.Identity Establishment
eo lee alia me lalate lo CRG MMe ULNA a ae)
eae ER-LULeainhe (edo)
See etn Un eases eect tra ciate
(devices) or entities
Se Ce eta Rec ireitlm cl tule cc
+ Identity establishment is ensuring that the origin of an electronic document
PMc ae ui)
Salento RO eRe (LT
ee esa eee eR elieIdentity Establishment
- Before delivering any service, it is expected to verify digital identity of user
Ceca cu eke eu AanUcui malta auc Tc
SOC UC MUR ace ee Cu meu acura sy
esa Mena Mare LON Me (ale ol Mello] co-ed
enraged oR LRT Td
SE Reet Maer Meuer cul ete nec Rca
Cae ie Mca academe cura eucr ene cals
Bre Ea ae Suu mCi aee icuCua crs cree cols
inefficient for heterogeneous devices in ee
noeIdentity Establishment
SMa Cmts ee eee Renan restate ar ceee nel areca t-te
OMe Amun mee neue mene itera ca
ole Selig Tee ttt (ett Eo
* ECC based mutual authentication protocol for loT using hash functions
Serene eure rater h te atecun rte ut ein ccna rs
Bee Oe ecu Cl sued mur ue emcee)
Bee eens Can cece R loci ce Meme arnt
PaaS h eek eeu aSIN are Teese Maracas) eMart e ty
+ Principles of access control determine who should be able to access what
Sade MU aerate Ra tele Kacy
PSO eee MAUR Tiare tesconut eat
authenticated first
- According to authentication, access rights can be modified to the individual
Stet Wea Ue Me car Conte eae eeu Be cer
CTR etn NR
+Access Control
SG er eau Re ara Mar Ci Cu acu ERC taunted
secure access to resources must be deployed with distributed nature
Sac A eceeeen Cn each Un cco on eur
(RO MUMicuckeeuinad OMMen rete eMinaeks ceMdestel ccc
Rol eres eu hue eens sesame racecar
resource
- Due to unbound number of devices & services, scalability and manageability
eee anData and Message Security
See ae Reese A Mega MacuccMult lia
Cee eUC Ruch maken gracias cn murG
ee TUR ete Rec cucu aurea an
data integrity, but origin of authenticity is also important
Seo incase au ec aan OL
BRU Mole ean Ce OU eC ie ea Sa
took LMU IU)
- Communication confidentiality and privacy of localization and tracking data is
highly sensitive in loT mixture.Data and Message Security
- There should not be any way for an attacker to reveal identity or location
OME ier Rustin aca
BN eae nen use see RC Ceeat rae dese ged ea Cc
eee cea Ce U RS auciauecuimamulsce cid ors
ST ea eSe Saree Reeth eck Curds teil
insertion, modification, or replays.Non-repudiation and Availability
See TAN ORR masa Cue ee ole Si
to-point communications
Se PT ith) MUROR MUL Me lee lee e105)
ee te auc k in
SCC anes aCe ate irlecced NAMTEMMa Na Cour cimels
receiver) is prevented from denying a transmitted message
SM ee aac ac Ran caecum erst
ralautssrcl sc}Non-repudiation and Availability
+ For example, you might send registered mail, so the recipient cannot deny
ree ecm aurass once]
Se Ae eas cl ae eee ee OR Ray
Peas urea
Sh eee a err yeT TENET SAC Ta el Tamika cil
resource being accessible and usable upon demand by authorized system
Sac ACR Tul reer ue el ea ken «rg re uteee ty
nero amy aol L Lo
Co}Security Model for loT
Sear CC RM Mcucec hig tanker mata Tan ele er
potentially deliver an input to address protection issues in the loT
Beet erat en Cun Lun ete ana
et ree Niue eel se Rs ci eu Re nd
See Re UCC lnatat hla: m atest
Ces mate ric acme OL
are auray euCatat Rimcructtnme chorea tate
Peat marcia eae Rtcccon clita mer emery
(authorization), trust (reputation), privacy (respondent).Security Model for
loTSecurity Model for loT
Pet ea neta ee OR PUR amen Thats!
suite of cryptographic algorithms
SGN eRe CNS el aie eae
Benes Ie Clu un GS ICO Tula ier enue ic areca
EI ems cas
Sees Eun Pe eS ntatete cNaeracculel sera na
Pela Oslo Bela rae tee Bar| ead
- This suite of algorithms is supplemented by a set of emerging asymmetric
algorithms; known as Elliptic Curve Cryptography (ECC).Non-repudiation and Availability
Bre TN RCuet ice) Rrcat) AuCiu Titus Maric cums ct
ne ean eae emcs ic
Beene et eat See eee ce cso ete
systems and guarding against malicious actions ike Denial of Service (DoS)
BacaPeay
Pete
Security
Tero ot
| oy
Cea
ah
Ceres
colo Der)
and eer
pati
ESCsee eee
Challenges for Secure loT
Identity
Deere F
Toren Pes EreCeeRety
See ere fiesta oe Caen Rota
us . iret
eer
EE ———————sEnd-to-End Security
Ba nome Reet muerte eee less ur Mr easels
etc ai sonculs
SNR ec ieee acu UC eeu teeter Coa
came cuscmceecksaseciice hos
eee ae cee Mechta acu eemcaRuiNm ureters
tliat am OMe Rea 118Lightweight Cryptography
Ue mate h mse ue coe ura medal Mere
evens
et ese ee CM Ree eee St RCo a Re SoReal os
Eee MCrnclk cisco hc
alee eee RM cucuara ene ken see] ae
* Size (Circuit Size, RAM/ROM sizes),
Sra mechs teh
- Processing Speed (Throughput, Delay).Lightweight Cryptography
erred
Ors
microprock Sever
essor processor|
eee) Perron
Comm.
Médule
Crary Becryp
cro ryLightweight Cryptography
Tes ar Mauna CoC muss CRUE ly
(asymmetric key) cryptographies
Saeed Ren ec Neues ean
Pleat
+ Public key cryptography uses a secret key in decryption and a public key
Celle RCo ean ia ea toda)
ee iar tee acd CM uk sl oy
er Mee Simmel kes sicrel iN acasy le ae Sta)
as more than 1,000 times that of the symmetric key cryptographyLightweight Cryptography
Se acute ee sect Cumiau Ca tei a)
hued ey irc h a Rak Cece cits
Ste Ree RCE Un eee ence ane un at rer Ree
Aca aap aeclan ael outs
ee eeu Mean arid Cale aten 7 ice Rent alee
dynamically with unspecified parties such as an inter-vehicle communication
Pum etd tial cima seicl actuateConfidentiality
Challenges in Designing
IOT Applications uthenticetion
Access Control
fee
Mobile Security
Network Secure
Security Middleware
a
Privacy Data Security