Introduction SSR cic’ uk ane ceca Tai nceccie mesg and industry due to its wide range of applications aU MR tL eM Rela ees) oO ne RCo Lele SCT eee ale LeCO-ae Reogoee ae Role + Devices like RFID and sensor nodes most often have no access control functionality and can freely obtain information from each other PCr To ae eMart eee Utne ur ua Cee ech ecu ier ue eR uC rect g er oroie OLAIntroduction Siac gece ect MOC tie uee heel cane cane lu its benefits SCR USCC Rectan Cen une cere ne aL eset a eu ec te Cea toc acl ln Pana Cane Sa eeu een uel Che tc em Ceaser ace ome Cees hc ransuCu aku acuecies eu muelclicesSee eee? See eee co ek ee ec ty Ee eae ec! Ree ed Ce targeted system and all pecan tere Pee ay Retest eo ne emg Cs Pr Parc Beets Dee atc Sree een services which they are Prod For example unauthorized ren eee Dee aed authentic use Sos vet Sy Ce ee eae etd er Identity-based verification should be done before ou eee Seo Pon et etc ene Secure design of access rights, pee pene Erect) Prema fect ra ‘Access of shared resources over een tet resources, or data flow, and erence eee ae ay Et acne eee renee Ce ere ere) ets| { f | acedecneel eter ial Resistance ae ; ] | peo race oifiles Scalability Requirements Management Dre) et eUr ENTE NG eo emrliNg AdaptabilityDatabase) Bluetooth“ i ~f- | ACCESS CONTROL AUTHENTICATION NON-REPLDIATION DATA CONFIDENTIALITY DATA INTEGRITY AVAILABILITY Http Front En COMMUNICATION SECURITY in Internet of Things( Access Control * Provides authorized access to network resources See eee eee eSe ie ea hee tears Cn eng See au eC hi aie ei [ PMT aT ater] } * An identity establishment between communicating parties (devices) * Due to diversity of devices, and end users, there should be an attack resistant Pat ase nee une iucae doh Data Confidentiality ] * Protecting data from unauthorized disclosure and data tampering * Secure, lightweight, and efficient key exchange mechanism is required due to emruiden meleAvailability Cea aan aC Role iene re Rete OMe elL ae toll gay * Access control and availability problems are critical due to the wireless UE Keele Rell) Trust Management * Trust management, and trust-based access control are basic requirements Tm CoM Mele R come M columella d CPT les (ematical tte Bro oe Vell eRe met cmul ilu Secure Storage Crean amok Caen nnnary systemfemeaneas * Refers to the desire to maintain these security requirements even when the device falls into the hands of malicious parties, and can be physically or logically probed Eero j * loT system will consist of various devices of different capabilities, communication means, protocols and across different geographical locations SoCo nu ccm mcr ent acer + Dealing with such type of system, scalability is an important point in designing a security solution [Flexibility ree ear eg See nee Re eel type of environment to others with different type of risks and security threats * Also, users are likely to have different privacy profile depending on environment or with whom aM + Therefore, flexibility and adaptability are other important requirements for security solution in 1s fee) ee eeeIdentity Management for Devices SCAG eRe sank lata slet Terma. + Identity delegation, imprinting of identity in things, merging identities to ere Mu ie es clea acicn + Trust Management, Circles of Trust (loT belonging to different owners) + Identity and privacy SPN nlele la esou ui og ol + Secure attribute exchange, and selective disclosure of attributes inside loT.Secure Interactions in/with loT - Secure, and certified context information for things STORM Men men cle Rca cce evi sch Tm LE + Interaction of things in a Better-Than-Nothing Security (BTNS) environment Sete CMe TI Re eT ase eat Re ereRectul temic Me eel a ALE LaLeS ech resolution and indexing of things + Auditing of interactions with things Bree ent MTin Te Cel Time aii aSpeed Distributed Access Control and Privacy Se Cac aeRmetnencehG Cul MN Cuurn un sen Cun aT -o Reese ene ues cur aed terse) laa ears eT una aT + Privacy-aware policy-based authorization systems with deductive policies, Preece coin Sac eae sled valet eee Rane icnt nan Ole Se PTilualoe-ledelelUlec Maret lee l aR Colma lay 19 mete eR Un Cen CMM Ue armen CCTM TCC re tOmeich aaiccubee alten c ects policies.Secure Data Management and Exchange See mu Turin urucl secant a Beet Re Curae cuataa tr Ce Revs dee eeu] a ies Serre tn aut acc Rian Tet rer un cimtrce) make them understand the usage of their identities, and data by things Bea che stan ucunom crue Takum h tec ard soled - Secure storage, and deletion of audit data in a distributed loT environment.Privacy pata Rm Meee) 1kC eeelLeo) a o SOAR RS octets R RM eeu Racy Reel ani Seem eer mcg carter Pa ncee caecum nCan ee Cieccehimecciecucctt networks, loT users and devices have to access the digital world with wide range of protocols and methods. - Further, as ownership of these devices by tlie users does not exist, the issue CS Ae caucusSecurity Structure Se MOM Met) 9) (cool ae ale ee) (mL Se tM Ma eeu et mucus tees eR eure Cun ceime ukemi as Beer aun ease ck React eect sis structure with the combination of control and information. ere nea een een ei uc ues Reamer) Perea CMcCuNeut cca comarca ceri om - Furthermore, the solution for authentication and access control must be Else los resistant from the well-known attacks.Key Elements of loT Security - Threats are potential causes of an event that could breach security and etter eres areas Se eer meet crest ama usu cert ca Pera BICC hues Meret mole sek tes et) meee cerca: Maco er ace eran utr ET Cer eset a ooKey Elements of loT Security Seto ale MMMM celta ale nrele Cee-Lo (6 (km Tel eV ATL} * Enabling smart and intelligent behavior of networked objects Steen ins TPAC caterer ekems sac Saeco ec ela eR Cause) Seale erel gae Leo ad Ore Mem uel eee mum oe 4 Soa Re acolmael (Reel ea) 4 Carita * Data ownership.Identity Establishment eo lee alia me lalate lo CRG MMe ULNA a ae) eae ER-LULeainhe (edo) See etn Un eases eect tra ciate (devices) or entities Se Ce eta Rec ireitlm cl tule cc + Identity establishment is ensuring that the origin of an electronic document PMc ae ui) Salento RO eRe (LT ee esa eee eR elieIdentity Establishment - Before delivering any service, it is expected to verify digital identity of user Ceca cu eke eu AanUcui malta auc Tc SOC UC MUR ace ee Cu meu acura sy esa Mena Mare LON Me (ale ol Mello] co-ed enraged oR LRT Td SE Reet Maer Meuer cul ete nec Rca Cae ie Mca academe cura eucr ene cals Bre Ea ae Suu mCi aee icuCua crs cree cols inefficient for heterogeneous devices in ee noeIdentity Establishment SMa Cmts ee eee Renan restate ar ceee nel areca t-te OMe Amun mee neue mene itera ca ole Selig Tee ttt (ett Eo * ECC based mutual authentication protocol for loT using hash functions Serene eure rater h te atecun rte ut ein ccna rs Bee Oe ecu Cl sued mur ue emcee) Bee eens Can cece R loci ce Meme arnt PaaS h eek eeu aSIN are Teese Maracas) eMart e ty + Principles of access control determine who should be able to access what Sade MU aerate Ra tele Kacy PSO eee MAUR Tiare tesconut eat authenticated first - According to authentication, access rights can be modified to the individual Stet Wea Ue Me car Conte eae eeu Be cer CTR etn NR +Access Control SG er eau Re ara Mar Ci Cu acu ERC taunted secure access to resources must be deployed with distributed nature Sac A eceeeen Cn each Un cco on eur (RO MUMicuckeeuinad OMMen rete eMinaeks ceMdestel ccc Rol eres eu hue eens sesame racecar resource - Due to unbound number of devices & services, scalability and manageability eee anData and Message Security See ae Reese A Mega MacuccMult lia Cee eUC Ruch maken gracias cn murG ee TUR ete Rec cucu aurea an data integrity, but origin of authenticity is also important Seo incase au ec aan OL BRU Mole ean Ce OU eC ie ea Sa took LMU IU) - Communication confidentiality and privacy of localization and tracking data is highly sensitive in loT mixture.Data and Message Security - There should not be any way for an attacker to reveal identity or location OME ier Rustin aca BN eae nen use see RC Ceeat rae dese ged ea Cc eee cea Ce U RS auciauecuimamulsce cid ors ST ea eSe Saree Reeth eck Curds teil insertion, modification, or replays.Non-repudiation and Availability See TAN ORR masa Cue ee ole Si to-point communications Se PT ith) MUROR MUL Me lee lee e105) ee te auc k in SCC anes aCe ate irlecced NAMTEMMa Na Cour cimels receiver) is prevented from denying a transmitted message SM ee aac ac Ran caecum erst ralautssrcl sc}Non-repudiation and Availability + For example, you might send registered mail, so the recipient cannot deny ree ecm aurass once] Se Ae eas cl ae eee ee OR Ray Peas urea Sh eee a err yeT TENET SAC Ta el Tamika cil resource being accessible and usable upon demand by authorized system Sac ACR Tul reer ue el ea ken «rg re uteee ty nero amy aol L Lo Co}Security Model for loT Sear CC RM Mcucec hig tanker mata Tan ele er potentially deliver an input to address protection issues in the loT Beet erat en Cun Lun ete ana et ree Niue eel se Rs ci eu Re nd See Re UCC lnatat hla: m atest Ces mate ric acme OL are auray euCatat Rimcructtnme chorea tate Peat marcia eae Rtcccon clita mer emery (authorization), trust (reputation), privacy (respondent).Security Model for loTSecurity Model for loT Pet ea neta ee OR PUR amen Thats! suite of cryptographic algorithms SGN eRe CNS el aie eae Benes Ie Clu un GS ICO Tula ier enue ic areca EI ems cas Sees Eun Pe eS ntatete cNaeracculel sera na Pela Oslo Bela rae tee Bar| ead - This suite of algorithms is supplemented by a set of emerging asymmetric algorithms; known as Elliptic Curve Cryptography (ECC).Non-repudiation and Availability Bre TN RCuet ice) Rrcat) AuCiu Titus Maric cums ct ne ean eae emcs ic Beene et eat See eee ce cso ete systems and guarding against malicious actions ike Denial of Service (DoS) BacaPeay Pete Security Tero ot | oy Cea ah Ceres colo Der) and eer pati ESCsee eee Challenges for Secure loT Identity Deere F Toren Pes EreCeeRety See ere fiesta oe Caen Rota us . iret eer EE ———————sEnd-to-End Security Ba nome Reet muerte eee less ur Mr easels etc ai sonculs SNR ec ieee acu UC eeu teeter Coa came cuscmceecksaseciice hos eee ae cee Mechta acu eemcaRuiNm ureters tliat am OMe Rea 118Lightweight Cryptography Ue mate h mse ue coe ura medal Mere evens et ese ee CM Ree eee St RCo a Re SoReal os Eee MCrnclk cisco hc alee eee RM cucuara ene ken see] ae * Size (Circuit Size, RAM/ROM sizes), Sra mechs teh - Processing Speed (Throughput, Delay).Lightweight Cryptography erred Ors microprock Sever essor processor| eee) Perron Comm. Médule Crary Becryp cro ryLightweight Cryptography Tes ar Mauna CoC muss CRUE ly (asymmetric key) cryptographies Saeed Ren ec Neues ean Pleat + Public key cryptography uses a secret key in decryption and a public key Celle RCo ean ia ea toda) ee iar tee acd CM uk sl oy er Mee Simmel kes sicrel iN acasy le ae Sta) as more than 1,000 times that of the symmetric key cryptographyLightweight Cryptography Se acute ee sect Cumiau Ca tei a) hued ey irc h a Rak Cece cits Ste Ree RCE Un eee ence ane un at rer Ree Aca aap aeclan ael outs ee eeu Mean arid Cale aten 7 ice Rent alee dynamically with unspecified parties such as an inter-vehicle communication Pum etd tial cima seicl actuateConfidentiality Challenges in Designing IOT Applications uthenticetion Access Control fee Mobile Security Network Secure Security Middleware a Privacy Data Security