Towards a systematic survey of industrial IoT security requirements

2019 ◽  
Author(s):  
Koen Tange ◽  
Michele De Donno ◽  
Xenofon Fafoutis ◽  
Nicola Dragoni
Keyword(s):  
Security Requirements ◽  
Iot Security ◽  
Systematic Survey ◽  
Industrial Iot

Industrial IoT Security Concept with Extended ISO/IEC/IEEE 21450 TEDS

2020 ◽  
Author(s):  
Tobias Mitterer ◽  
Leander B. Hormann ◽  
Hans-Peter Bernhard ◽  
Peter Priller ◽  
Hubert Zangl
Keyword(s):  
Iot Security ◽  
Industrial Iot

scholarly journals Identity and Access Management Resilience against Intentional Risk for Blockchain-Based IOT Platforms

Electronics ◽  
2021 ◽  
Vol 10 (4) ◽  
pp. 378
Author(s):  
Alberto Partida ◽  
Regino Criado ◽  
Miguel Romance
Keyword(s):  
Security Requirements ◽  
Access Management ◽  
Iot Security ◽  
Complex Network Theory ◽  
Scale Free ◽  
Blockchain Technology ◽  
Technology Transfers ◽  
Iot Platforms ◽  
Market Capitalisation ◽  
Security Incidents

Some Internet of Things (IoT) platforms use blockchain to transport data. The value proposition of IoT is the connection to the Internet of a myriad of devices that provide and exchange data to improve people’s lives and add value to industries. The blockchain technology transfers data and value in an immutable and decentralised fashion. Security, composed of both non-intentional and intentional risk management, is a fundamental design requirement for both IoT and blockchain. We study how blockchain answers some of the IoT security requirements with a focus on intentional risk. The review of a sample of security incidents impacting public blockchains confirm that identity and access management (IAM) is a key security requirement to build resilience against intentional risk. This fact is also applicable to IoT solutions built on a blockchain. We compare the two IoT platforms based on public permissionless distributed ledgers with the highest market capitalisation: IOTA, run on an alternative to a blockchain, which is a directed acyclic graph (DAG); and IoTeX, its contender, built on a blockchain. Our objective is to discover how we can create IAM resilience against intentional risk in these IoT platforms. For that, we turn to complex network theory: a tool to describe and compare systems with many participants. We conclude that IoTeX and possibly IOTA transaction networks are scale-free. As both platforms are vulnerable to attacks, they require resilience against intentional risk. In the case of IoTeX, DIoTA provides a resilient IAM solution. Furthermore, we suggest that resilience against intentional risk requires an IAM concept that transcends a single blockchain. Only with the interplay of edge and global ledgers can we obtain data integrity in a multi-vendor and multi-purpose IoT network.

An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software-Defined Security

2020 ◽  
Vol 7 (10) ◽  
pp. 10250-10276
Author(s):  
Waseem Iqbal ◽  
Haider Abbas ◽  
Mahmoud Daneshmand ◽  
Bilal Rauf ◽  
Yawar Abbas Bangash
Keyword(s):  
Security Requirements ◽  
Iot Security ◽  
Depth Analysis

scholarly journals Security-Aware Data Offloading and Resource Allocation For MEC Systems: A Deep Reinforcement Learning

2021 ◽  
Author(s):  
Ibrahim Elgendy ◽  
Ammar Muthanna ◽  
Mohammad Hammoudeh ◽  
Hadil Ahmed Shaiba ◽  
Devrim Unal ◽  
...  
Keyword(s):  
Resource Allocation ◽  
Large Scale ◽  
Optimal Solution ◽  
Security Requirements ◽  
Optimization Approach ◽  
Shared Resources ◽  
Data Offloading ◽  
Daily Lives ◽  
Industrial Iot ◽  
Iot Devices

The Internet of Things (IoT) is permeating our daily lives where it can provide data collection tools and important measurement to inform our decisions. In addition, they are continually generating massive amounts of data and exchanging essential messages over networks for further analysis. The promise of low communication latency, security enhancement and the efficient utilization of bandwidth leads to the new shift change from Mobile Cloud Computing (MCC) towards Mobile Edge Computing (MEC). In this study, we propose an advanced deep reinforcement resource allocation and securityaware data offloading model that considers the computation and radio resources of industrial IoT devices to guarantee that shared resources between multiple users are utilized in an efficient way. This model is formulated as an optimization problem with the goal of decreasing the consumption of energy and computation delay. This type of problem is NP-hard, due to the curseof-dimensionality challenge, thus, a deep learning optimization approach is presented to find an optimal solution. Additionally, an AES-based cryptographic approach is implemented as a security layer to satisfy data security requirements. Experimental evaluation results show that the proposed model can reduce offloading overhead by up to 13.2% and 64.7% in comparison with full offloading and local execution while scaling well for large-scale devices.

scholarly journals IoT Security-Quality-Metrics Method and Its Conformity with Emerging Guidelines

IoT ◽  
2021 ◽  
Vol 2 (4) ◽  
pp. 761-785
Author(s):  
Kosuke Ito ◽  
Shuji Morisaki ◽  
Atsuhiro Goto
Keyword(s):  
Product Liability ◽  
Quality Metrics ◽  
Security Requirements ◽  
Universal Method ◽  
Iot Security ◽  
Quality Metric ◽  
Software Vulnerabilities ◽  
Certification Programs ◽  
Iot Devices ◽  
Security Standards

This study proposes a security-quality-metrics method tailored for the Internet of things (IoT) and evaluates conformity of the proposed approach with pertinent cybersecurity regulations and guidelines for IoT. Cybersecurity incidents involving IoT devices have recently come to light; consequently, IoT security correspondence has become a necessity. The ISO 25000 series is used for software; however, the concept of security as a quality factor has not been applied to IoT devices. Because software vulnerabilities were not the device vendors’ responsibility as product liability, most vendors did not consider the security capability of IoT devices as part of their quality control. Furthermore, an appropriate IoT security-quality metric for vendors does not exist; instead, vendors have to set their security standards, which lack consistency and are difficult to justify by themselves. To address this problem, the authors propose a universal method for specifying IoT security-quality metrics on a globally accepted scale, inspired by the goal/question/metric (GQM) method. The method enables vendors to verify their products to conform to the requirements of existing baselines and certification programs and to help vendors to tailor their quality requirements to meet the given security requirements. The IoT users would also be able to use these metrics to verify the security quality of IoT devices.

scholarly journals A Secure and Efficient ECC-Based Scheme for Edge Computing and Internet of Things

Sensors ◽  
2020 ◽  
Vol 20 (21) ◽  
pp. 6158 ◽  
Author(s):  
Hisham AlMajed ◽  
Ahmad AlMogren
Keyword(s):  
Internet Of Things ◽  
Elliptic Curve ◽  
Security Requirements ◽  
Performance Measurements ◽  
Plain Text ◽  
Asymmetric Cryptography ◽  
Industrial Iot ◽  
Constrained Environments ◽  
Special Area ◽  
And Performance

Recent growth in the Internet of Things (IoT) has raised security concerns over the confidentiality of data exchanged between IoT devices and the edge. Many IoT systems adopt asymmetric cryptography to secure their data and communications. A drawback of asymmetric cryptography is the sizeable computation and space requirements. However, elliptic curve cryptography (ECC) is widely used in constrained environments for asymmetric cryptography due its superiority in generating a powerful encryption mechanism with small key sizes. ECC increases device performance and lowers power consumption, meaning it is suitable for diverse applications ranging from the IoT to wireless sensor network (WSN) devices. To ensure the confidentiality and security of data and communications, it is necessary to implement ECC robustly. A special area of focus in this regard is the mapping phase. This study’s objective was to propose a tested and trusted scheme that offers authenticated encryption (AE) via enhancing the mapping phase of a plain text to an elliptic curve to resist several encryption attacks such as Chosen Plaintext Attack (CPA) and Chosen Ciphertext Attack (CCA). The proposed scheme also undertakes evaluation and analysis related to security requirements for specific encryption attributes. Finally, results from a comparison of the proposed scheme and other schemes are presented, evaluating each one’s security characteristics and performance measurements. Our scheme is efficient in a way that makes so suitable to the IoT, and in particular to the Industrial IoT and the new Urbanization where the demands for services are huge.

Blockchain as a mean to secure Internet of Things ecosystems – a systematic literature review

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Mazen El-Masri ◽  
Eiman Mutwali Abdelmageed Hussain
Keyword(s):  
Internet Of Things ◽  
Literature Review ◽  
Language Processing ◽  
Systematic Literature Review ◽  
Relevant Literature ◽  
Security Requirements ◽  
Security Threats ◽  
Iot Security ◽  
Content Type ◽  
Blockchain Technology

PurposeBlockchain is evolving to become a platform for securing Internet of things (IoT) ecosystems. Still, challenges remain. The purpose of this literature review is to highlight the applicability of blockchain as a medium to secure IoT ecosystems. A two-dimensional framework anchored on (1) IoT layers and (2) security goals is used to organize the existent IoT security threats and their corresponding countermeasures identified in the reviewed literature. The framework helped in mapping the IoT security threats with the inherent features of blockchain and accentuate their prominence to IoT security.Design/methodology/approachAn approach integrating computerized natural language processing (NLP) with a systematic literature review methodology was adopted. A large corpus of 2,303 titles and abstracts of blockchain articles was programmatically analyzed in order to identify the relevant literature. The identified literature was subjected to a systematic review guided by a well-established method in IS research.FindingsThe literature evidently highlights the prominence of blockchain as a mean to IoT security due to the distinctive features it encompasses. The authors’ investigation revealed that numerous existent threats are better addressed with blockchain than conventional mechanisms. Nevertheless, blockchain consumes resources such as electricity, time, bandwidth and disk space at a rate that is not yet easily accessible to common IoT ecosystems.Research limitations/implicationsResults suggest that a configurational approach that aligns IoT security requirements with the resource requirements of different blockchain features is necessary in order to realize the proper balance between security, efficiency and feasibility.Practical implicationsPractitioners can make use of the classified lists of convention security mechanisms and the IoT threats they address. The framework can help underline the countermeasures that best achieve their security goals. Practitioners can also use the framework to identify the most important features to seek for in a blockchain technology that can help them achieve their security goals.Originality/valueThis study proposes a novel framework that can help classify IoT threats based on the IoT layer impacted and the security goal at risk. Moreover, it applies a combined man-machine approach to systematically analyze the literature.

Sign in / Sign up

Export Citation Format

Share Document