Security, privacy and trust in Internet of Things: The road ahead

S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini
2015 Computer Networks  
Internet of Things (IoT) is characterized by heterogeneous technologies, which concur to the provisioning of innovative services in various application domains. In this scenario, the satisfaction of security and privacy requirements plays a fundamental role. Such requirements include data confidentiality and authentication, access control within the IoT network, privacy and trust among users and things, and the enforcement of security and privacy policies. Traditional security countermeasures
more » ... nnot be directly applied to IoT technologies due to the different standards and communication stacks involved. Moreover, the high number of interconnected devices arises scalability issues; therefore a flexible infrastructure is needed able to deal with security threats in such a dynamic environment. In this survey we present the main research challenges and the existing solutions in the field of IoT security, identifying open issues, and suggesting some hints for future research. combines cross-platform communications with encryption, signature, and authentication, in order to improve IoT applications development capabilities by establishing a secure communication system among different things. In [19] it is introduced the first fully implemented twoway authentication security scheme for IoT, based on existing Internet standards, specifically the Datagram Transport Layer Security (DTLS) protocol, which is placed between transport and application layer. This scheme is based on RSA and it is designed for IPv6 over Low power Wireless Personal Area Networks (6LoWPANs) [3] . The extensive evaluation, based on real IoT systems, shows that such an architecture provides message integrity, confidentiality, and authenticity with enough affordable energy, end-to-end latency, and memory overhead. As regards confidentiality and integrity, in [20] it is analyzed how existing key management systems could be applied to the IoT context. It is possible to classify the Key Management System (KMS) protocols in four major categories: key pool framework, mathematical framework, negotiation framework, and public key framework. In [20] the authors argue that most of the KMS protocols are not suitable for IoT. In fact, key pool ones suffer insufficient connectivity; mathematical ones make use of the deployment knowledge to optimize the construction of their data structures, but such an approach cannot be used in IoT since client and server nodes are usually located in different physical locations; combinatorics-based KMS protocols suffer both connectivity and scalability/authentication; negotiation ones make use of the wireless channel and its inherent features to negotiate a common key, however they cannot be suitable for IoT because client and server nodes usually belong to different networks and they should route the information through the Internet in order to be able to talk with each other. Hence, the KMS protocols which might be suitable for some IoT scenarios are the Blom [21] and the polynomial schema [22] , whose computational overhead is quite low in comparison to a Public Key Cryptography (PKC) operations (i.e., public key framework). However for such schemes, several countermeasures are required in order to manage device authentication and face man-in-the-middle attacks. For example, [23,24] present a framework for IoT based on Public Key Infrastructure (PKI). A more practical approach, as [25] , proposes a transmission model with signature-encryption schemes, which addresses IoT security requirements (i.e., anonymity, trustworthy and attack-resistance) by means of Object Naming Service (ONS) queries. Root-ONS can authenticate the identities and platform creditability of Local ONS servers (L-ONS) by a Trusted Authentication Server (TAS), and the TAS gives a temporary certificate to validated L-ONS, which can apply for inquiry services many times with the certificate in the validated time. A security ONS query service with anonymous authentication provides credentials only to authorized and trusted L-ONS, preventing the illegal ONS to enquire information from things. In the transmission process, Remote Information Server of Things (R-TIS) wraps the information of things into multiple encryption layers with the routing node's public key. The
doi:10.1016/j.comnet.2014.11.008 fatcat:nk2nml75efgkrj2soewtdpgvv4