KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Feasibility of Societal Model for Securing Internet of Things

  • Received : 2017.10.15
  • Accepted : 2018.02.20
  • Published : 2018.08.31
Download PDF
⟨ Previous Next ⟩

Abstract

In the Internet of Things (IoT) concept, devices communicate autonomously with applications in the Internet. A significant aspect of IoT that makes it stand apart from present-day networked devices and applications is a) the very large number of devices, produced by diverse makers and used by an even more diverse group of users; b) the applications residing and functioning in what were very private sanctums of life e.g. the car, home, and the people themselves. Since these diverse devices require high-level security, an operational model for an IoT system is required, which has built-in security. We have proposed the societal model as a simple operational model. The basic concept of the model is borrowed from human society - there will be infants, the weak and the handicapped who need to be protected by guardians. This natural security mechanism works very well for IoT networks which seem to have inherently weak security mechanisms. In this paper, we discuss the requirements of the societal model and examine its feasibility by doing a proof-of-concept implementation.

Keywords

References

  1. Hiroshi Tsunoda and Glenn Mansfield Keeni, "Feasibility of societal model for securing Internet of Things," in Proc. of 13th International Wireless Communications and Mobile Computing Conference (IWCMC2017), pages 541-546, Valencia, 2017.
  2. Sabrina Sicari, Alessandra Rizzardi, Luigi Alfredo Grieco, and Alberto Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer Networks, 76:146-164, 2015. https://doi.org/10.1016/j.comnet.2014.11.008
  3. Sye Loong Keoh, Sandeep S. Kumar, and Hannes Tschofenig, "Securing the internet of things: A standardization perspective," IEEE Internet of Things Journal, 1(3):265-275, 2014. https://doi.org/10.1109/JIOT.2014.2323395
  4. Mandeep Khera, "Think Like a Hacker," Journal of Diabetes Science and Technology, 11(2):207-212, 2017. https://doi.org/10.1177/1932296816677576
  5. Andy Greenberg, "This Gadget Hacks GM Cars to Locate, Unlock, and Start Them (UPDATED)," 2015, .
  6. Troy Hunt, "Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs," , 2016.
  7. Nan Zhang, Soteris Demetriou, Xianghang Mi, Wenrui Diao, Kan Yuan, Peiyuan Zong, Feng Qian, XiaoFeng Wang, Kai Chen, Yuan Tian, Carl A. Gunter, Kehuan Zhang, Patrick Tague, and Yue-Hsun Lin, "Understanding IoT Security Through the Data Crystal Ball: Where we are Now and Where we are Going to Be," 2017. Available online arXiv:1703.09809.
  8. Ahmad-Reza Sadeghi, Chrstian Wachsmann, and Michael Waidner, "Security and privacy challenges in industrial Internet of Things," in Proc. of 52nd ACM/EDAC/IEEE Design Automation Conference (DAC), pages 1-6, June 2015.
  9. Lorena Cazorla, Cristina Alcaraz, and Javier Lopez, "Cyber Stealth Attacks in Critical Information Infrastructures," IEEE Systems Journal, pages 1-15, 2016.
  10. David De Cremer, Bang Nguyen, and Lyndon Simkin, "The integrity challenge of the Internet-of-Things (IoT): on understanding its dark side," Journal of Marketing Management, 33(1-2):145-158, 2017. https://doi.org/10.1080/0267257X.2016.1247517
  11. DANIEL CID, "Large CCTV Botnet Leveraged in DDoS Attacks," 2016.
  12. DANIEL CID, "IoT Home Router Botnet Leveraged in Large DDoS Attack," 2016.
  13. Pierluigi Paganini, "150,000 IoT Devices behind the 1Tbps DDoS attack on OVH," 2016.
  14. Roger Hallman, Josiah Bryan, Geancarlo Palavicini, Joseph Divita, and Jose Romero-Mariona, "IoDDoS The Internet of Distributed Denial of Sevice Attacks A Case Study of the Mirai Malware and IoT - Based Botnets," in Proc. of the 2nd International Conference on Internet of Things, Big Data and Security , April, 2017.
  15. Yin Minn Pa Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, and Christian Rossow, "IoTPOT: Analysing the Rise of IoT Compromises," in Proc. Of 9th USENIX Workshop on Offensive Technologies (WOOT 15). USENIX Association, 2015.
  16. Hypponen Mikko and Linus Nyman, "The Internet of (Vulnerable) Things: On Hypponen's Law, Security Engineering, and IoT Legislation," Technology Innovation Management Review, 7(4):5-11, 2017.
  17. Bruce Schneier, "IoT Security: What's Plan B?" IEEE Security & Privacy, 15(5):96, 2017.
  18. Hiroshi Tsunoda and Glenn Mansfield Keeni, "Societal Model for Securing Internet of Things," in Proc. of International Conference on Business and Industrial Research, pages 220-225. Thai-Nichi Institute of Technology, 2016.
  19. Ke Xu, Yi Qu, and Kun Yang, "A Tutorial on the Internet of Things: From a Heterogeneous Network Integration Perspective," IEEE Network, 30(2):102-108, 2016. https://doi.org/10.1109/MNET.2016.7437031
  20. OWASP. OWASP Internet of Things Project. .
  21. Internet of things research study 2015 Report. Technical report, Hewlett Packard Enterprise, 2015. .
  22. Ari Keranen and Bormann Carsten, "Internet of Things: Standards and Guidance from the IETF," IETF Journal, 11(3), 2016.
  23. Zhengguo Sheng, Shusen Yang, Yifan Yu, Athanasios Vasilakos, Julie McCann, and Kin Leung, "A Survey on the IETF Protocol Suite for the Internet of Things: Standards, Challenges, and Opportunities," IEEE Wireless Communications, 20(6):91-98, 2013. https://doi.org/10.1109/MWC.2013.6704479
  24. Giulio Peretti, Vishwas. Lakkundi, and Michele Zorzi, "BlinkToSCoAP: An End-to-end Security Framework for the Internet of Things," in Proc. of 7th International Conference on Communication Systems and Networks (COMSNETS'15), pages 1-6, 2015.
  25. ShahidRaza, Tómas Helgason, Panos Papadimitratos, and ThiemoVoig, "Securesense: End-to-end Secure Communication Architecture for the Cloud-connected Internet of Things," Future Generation Computer Systems, 77:40-51, 2017. https://doi.org/10.1016/j.future.2017.06.008
  26. Cristina Alcaraz, Pablo Najera, Javier Lopez, and Rodrigo Roman, "Wireless Sensor Networks and the Internet of Things: Do We Need a Complete Integration?" in Proc. of 1st International Workshop on the Security of the Internet of Things (SecIoT10), 2010.
  27. Alan Grau, "Can You Trust Your Fridge?" IEEE Spectrum, 52(3):51-56, 2015.
  28. Riccardo Cavallari, Flavia Martelli, Ramona. Rosini, Chiara Buratti, and Roberto Verdone, "A Survey on Wireless Body Area Networks: Technologies and Design Challenges," IEEE Communications Surveys and Tutorials, 16(3):1635-1657, 2014. https://doi.org/10.1109/SURV.2014.012214.00007
  29. Prosanta Gope and Tzonelih Hwang, "BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body Sensor Network," IEEE Sensors Journal, 16(5):1368-1376, 2016. https://doi.org/10.1109/JSEN.2015.2502401
  30. Mohammad Abdur Razzaque, Marija Milojevic-Jevric, Andrei. Palade, and Siobhan Clarke, "Middleware for Internet of Things: A Survey," IEEE Internet of Things Journal, 3(1):70-95, 2016. https://doi.org/10.1109/JIOT.2015.2498900
  31. Ramo Tiago Tiburski, Leonardo Albernaz Amaral, Everton De Matos, and Fabiano Hessel, "The Importance of a Standard Security Architecture for SOA-based IoT Middleware," IEEE Communications Magazine, 53(12):20-26, 2015. https://doi.org/10.1109/MCOM.2015.7355580
  32. Pawani Porambage, An Braeken, Pardeep Kumar, Andrei Gurtov, and Mika Ylianttila, "Proxy-based End-to-end Key Establishment Protocol for the Internet of Things," in Proc. of IEEE International Conference on Communication Workshop (ICCW'15), pages 2677-2682, June 2015.
  33. Tobias Markmann, Thomas C. Schmidt, and Matthias Wahlisch, "Federated End-to-End Authentication for the Constrained Internet of Things Using IBC and ECC," SIGCOMM Computer Commununication Review, 45(4):603-604, 2015. https://doi.org/10.1145/2829988.2790021
  34. Martin Henze, Lars Hermerschmidt, Daniel Kerpen, Roger Huling, Bernhard Rumpe, and Klaus Wehrle, "A Comprehensive Approach to Privacy in the Cloud-based Internet of Things," Future Generation Computer Systems, 56:701-718, 2016. https://doi.org/10.1016/j.future.2015.09.016
  35. A. K. Simpson, F. Roesner, and T. Kohno, "Securing Vulnerable Home IoT Devices with an In-hub Security Manager," The First International Workshop on Pervasive Smart Living Spaces (PerLS 2017) - in conjunction with IEEE PerCom 2017, 2017.
  36. Hsing-Chung Chen, Ilsun You, Chien-Erh Weng, Chia-Hsin Cheng, and Yung-Fa Huang, "A Security Gateway Application for End-to-End M2M Communications," Computer Standards and Interfaces, 44:85-93, 2016. https://doi.org/10.1016/j.csi.2015.09.001
  37. Rodrigo Roman and Javier Lopez, "Integrating Wireless Sensor Networks and the Internet: a Security Analysis," Internet Research, 19(2):246-259, 2009. https://doi.org/10.1108/10662240910952373
  38. Zach Shelby, Klaus Hartke, and Carsten Bormann, "The Constrained Application Protocol (CoAP)," RFC 7252, 2014.
  39. Andrew Banks and Gupta Rahul, "MQTT Version 3.1.1 Plus Errata 01," , 2015.
  40. Maria Ganzha, Marcin Paprzycki, Wieslaw Pawlowski, Pawel Szmeja, and Katarzyna Wasielewska, "Towards Common Vocabulary for IoT Ecosystems-preliminary Considerations," Intelligent Information and Database Systems, pages 35-45, 2017.
  41. Frank Stajano and Ross Anderson, "The Resurrecting Duckling: Security Issues for Ubiquitous Computing," Computer, 35(4):supl22-supl26, 4 2002.
  42. Bruno Bogaz Zarpelo, Rodrigo Sanches Miani, Cludio Toshio Kawakani, and Sean Carlisto de Alvarenga, "A Survey of Intrusion Detection in Internet of Things," Journal of Network and Computer Applications, 84:25-37, 2017. https://doi.org/10.1016/j.jnca.2017.02.009
  43. Jeffrey Case, Russ Mundy, David Partain, and Bob Stewart, "Introduction and Applicability Statements for Internet-Standard Management Framework," RFC 3410, 2002.
  44. Keith McCloghrie, Jrgen Schonwalder, David T Perkins, and Keith McCloghrie, "Structure of Management Information Version 2 (SMIv2)," RFC 2578, 1999.
  45. Jeffrey D. Case, Mark Fedor, Martin L. Schoffstall, and James Davin, "Simple Network Management Protocol (SNMP)," RFC 1157, 5 1990.
  46. Randy Presuhn, "Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)" RFC 3416, 2002.
  47. Uri Blumenthal and Bert Wijnen, "User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)," RFC 3414, 2002.
  48. Bert Wijnen, Randy Presuhn, and Keith McCloghrie, "View-based Access Control Model (VACM) for the Simple Network Management Protocol (SNMP)," RFC 3415, 2002.
  49. Net-SNMP.
  50. Tut:Extending snmpd using perl.
  51. Dale Francisco, Bert Wijnen, Mark Ellison, and Michael Daniele, "Agent Extensibility (AgentX) Protocol Version 1," RFC 2741, 2000.
  52. Phillips, "Wireless and smart lighting by Phillips - Meet Hue,"
  53. Phillips, "Phillips hue API - Phillips Hue API,"
  54. Kai Simon, Cornelius Moucha, and Jorg Keller, "Contactless Vulnerability Analysis using Google and Shodan," Journal of Universal Computer Science, vol. 23, no. 4, 2017.
  55. Will Arthur, David Challener, "A Practical Guide to TPM 2.0: Using the Trusted Platform Module in the New Age of Security," APress, ISBN 978-1-4302-6583-2, 2015.
  56. Karen Seo and Stephen Kent, "Security Architecture for the Internet Protocol," RFC 4301, 2005.
  57. SORACOM, "SORACOM Overview"
  58. Shanhe Yi, Cheng Li, and Qun Li, "A Survey of Fog Computing: Concepts, Applications and Issues," in Proc. of the 2015 Workshop on Mobile Big Data, Mobidata '15, pages 37-42, 2015.
  59. Glenn Mansfield, Sandeep Karakala, Takeo Saito, and Norio Shiratori, "High Resolution Traffic Measurement," in Proc. of Workshop on Passive And Active Measurements on the Internet (PAM2001), pages 67-73, 2001.
  60. Glenn Mansfield, "The Managed Object Aggregation MIB," RFC 4498, 2006.