Secured Novel Lightweight IoT End Device Architecture using Confidentiality, Integrity, Authenticity & Availability based tight security approach

2021 ◽  
Vol 12 (10) ◽  
Author(s):  
Prateek Mishra, Et. al.
Keyword(s):  
Software Security ◽  
External World ◽  
Wearable Devices ◽  
Security Requirements ◽  
Security Enhancement ◽  
Device Architecture ◽  
Security Algorithm ◽  
Attack Surface ◽  
Tight Security ◽  
Secure Architecture

IoT end devices essential security parameters are Confidentiality, Integrity, Authenticity and Availability(CIAA).              Breach of any of these security parameters means compromise with security thus collapsing the device. Even      partial breach in      security refers to loop holes in security hence unsecure IoT end device. Due to wearable nature of IoT end devices implementing security and maintaining lightweight is a challenge. Conventional security algorithms incur memory and               processing overheads in wearable IoT end devices therefore lightweight security algorithms is compulsory. The existing architectures merely consider security enhancement using conventional  security algorithm without  focusing on lightweight            therefore this paper analyzes existing IoT end device architectures and concludes that all are overarchitectured. Due to over-          architecture the components of existing architectures are more visible to the external world and invites more attacks hence unsecured. On the   other hand lightweight IoT end device resources ensure less complexity hence      less internal bugs, less attack surface area, less visibility to external world thus more secure. Mandatory security requirements in wearable IoT end devices are still an extensive research issue. Therefore this paper     focuses on mandatory boot process security requirements, software security requirements and security requirements during        communication. Our proposed architecture is implemented over ESP32 microcontroller with the application of Arduino IDE.         Lightweight secured internet of things (SIT) algorithm was implemented for lightweight CIAA due to light security requirements      in wearable devices. Finally this paper compares the latest lightweight and secure architecture with the proposed lightweight and secure architecture and concludes that proposed architecture is robust in terms of lightweight and security.

A Tagging Approach to Extract Security Requirements in Non-Traditional Software Development Processes

2014 ◽  
Vol 5 (4) ◽  
pp. 31-47 ◽  
Author(s):  
Annette Tetmeyer ◽  
Daniel Hein ◽  
Hossein Saiedian
Keyword(s):  
Software Development ◽  
Software Security ◽  
Security Requirements ◽  
Software Systems ◽  
Small Organizations ◽  
Pos Tagging ◽  
Part Of Speech ◽  
Security Requirements Engineering ◽  
Development Processes

While software security has become an expectation, stakeholders often have difficulty expressing such expectations. Elaborate (and expensive) frameworks to identify, analyze, validate and incorporate security requirements for large software systems (and organizations) have been proposed, however, small organizations working within short development lifecycles and minimal resources cannot justify such frameworks and often need a light and practical approach to security requirements engineering that can be easily integrated into their existing development processes. This work presents an approach for eliciting, analyzing, prioritizing and developing security requirements which can be integrated into existing software development lifecycles for small organizations. The approach is based on identifying candidate security goals using part of speech (POS) tagging, categorizing security goals based on canonical security definitions, and understanding the stakeholder goals to develop preliminary security requirements and to prioritize them. It uses a case study to validate the feasibility and effectiveness of the proposed approach.

Where to Integrate Security Practices on DevOps Platform

2016 ◽  
Vol 7 (4) ◽  
pp. 39-50 ◽  
Author(s):  
Hasan Yasar ◽  
Kiriakos Kontostathis
Keyword(s):  
Software Security ◽  
Rapid Development ◽  
Software Developers ◽  
Proactive Approach ◽  
Development Lifecycle ◽  
Security Practices ◽  
Programming Effort ◽  
Attack Surface ◽  
Negative Feelings ◽  
Reliable Software

“Software security” often evokes negative feelings amongst software developers because this term is associated with additional programming effort, uncertainty and road blocker activity on rapid development and release cycles. The Secure DevOps movement attempts to combat the toxic environment surrounding software security by shifting the paradigm from following rules and guidelines to creatively determining solutions for tough security problems (Taschner, 2015). Secure software should be focused on a proactive approach that limits the attack surface and produces reliable software. Secure DevOps developers want their software to bend but not break, which means the software absorbs attacks and continues to function. The burgeoning concepts of DevOps include a number of concepts that can be applied to increase the security of developed applications. Applying these and other DevOps principles can have a big impact on creating an environment that is resilient and secure. Specifically, this paper clearly explains how to address security concerns in the early stages of the development lifecycle and leverage that knowledge throughout the SDLC.

scholarly journals Framework for Testing the Security of Application Software at Design Phase

2019 ◽  
Vol 8 (11) ◽  
pp. 4039-4049
Keyword(s):  
Software Development ◽  
Initial Level ◽  
Software Security ◽  
System Security ◽  
Security Requirements ◽  
Security Level ◽  
Application Software ◽  
Design Phase ◽  
Security Testing ◽  
Security Breaches

Software security testing is essential to reveal the weaknesses in the security of the system. The security level of the software must be assessed properly and timely so that the security breaches can be prevented to occur otherwise they harm the system. Security testing during designing the software will be advantageous to reduce the rework and expenses required if it will be found insecure after the implementation. Security testing can be achieved efficiently through proper framework at the early stages of software development. Security can be checked at the initial level by taking inputs at the requirement phase and design phase so that loopholes can be found and the propagation of vulnerabilities can be prevented. At requirement phase security requirements can be filtered and then at the next phase designing artifacts can be inspected for security errors. A metric is designed which will grade the software under test and state that whether the system is secured at the proper level or not. In this paper a framework is proposed which is based on metric and the validation of the metric is done through the Weyuker’s property.

Measuring Security

2021 ◽  
pp. 1303-1330
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

Measuring Security

2018 ◽  
Vol 10 (1) ◽  
pp. 28-53
Author(s):  
Shruti Jaiswal ◽  
Daya Gupta
Keyword(s):  
Software Development ◽  
Security Requirements ◽  
Clear Understanding ◽  
Security Testing ◽  
Security Issues ◽  
Development Lifecycle ◽  
Software Development Lifecycle ◽  
Security Algorithm ◽  
Environment Parameters ◽  
Design And Testing

The researchers have been focusing on embedding security from the early phases of software development lifecycle. They have researched and innovated a field of Security Engineering where security concerns are embedded during requirement, design, and testing phases of software development. Efforts were made in developing methods, methodologies, and tools to handle security issues. Various methods are present in the literature for eliciting, analyzing and prioritizing the security requirements. During the design phase based on prioritized requirements, environment parameters and attribute a suitable security algorithm mainly cryptography algorithms are identified. Then a question arises how to test the effectiveness of chosen algorithm? Therefore, as an answer to the issue in this paper, a process for Security Testing is presented that evaluates the selected security algorithms. Evaluation is done by generating the test scenarios for functionalities using sequence diagram representing the threats at vulnerable points. Then, checking the mitigation of potential threats at identified vulnerable points. A security index is generated which shows the effectiveness of deployed/ chosen security algorithm. The process ends with the generation of a test report depicting the testing summary. For a clear understanding of the process, the proposal is illustrated with a case study of the cloud storage as a service model.

Sign in / Sign up

Export Citation Format

Share Document