On the features and challenges of security and privacy in distributed internet of things C. Anurag Varma achdc@mst.edu CpE 6510 3/24/2016
Outline Introduction IoT (Internet of Things) A distributed IoT Security and Privacy in IoT Conclusions
Introduction Internet of Things - A worldwide network of interconnected entities Eg: WSN, Mobiles, Cloud, Cars etc. Open a communication channel with other entities Two types of IoT Centralized Acquire information from entities and stored in Cloud Distributed Various platforms collaborate with each other like a P2P network
Distributed IoT and its taxonamy Edge Intelligence - Location of the intelligence and the provisioning of services at the edge of the network Collaboration - Collaboration between diverse entities in order to achieve a common goal Multiple entities collaborate with each other and appear as single system
Centralized IoT Networks are passive provide data All data is retrieved by single central entity and provides to consumers If users want to use IoT services they have to connect using this Centralized server Central entity Single server of cluster of machines is a cloud
Collaborative IoT Intelligence of network still Centralized Various entities generate or exchange data creating new services or modifying old services
Connected Intranet of Things Process information and also provide it to local entitites and central entities Even if central entities fail, local entities will work
Distributed IoT All the entities have the ability to retrieve, process, combine and provide information and services to other entities Collaborate with each other and with other IoT architectures
Analysis of IoT features Openness Flexible enough to allow 3 rd parties to develop new applications Viability business model and vendor lock in Reliability Assure certain level of availability and performance to specific needs Scalability Able to support or handle more data and devices Interoperability Interact with each other, service and semantic interoperability Data Management Where data should be stored and which data?
Analysis of Distributed IoT Superior scalability, Infrastructure complexity and limited vendor lock-in Data Management can be done only when it is needed Availability depends on number of resources invested in maintaining IoT Failure in one system doesn t affect the whole as in case of Centralized IoT
Security Issues in IoT Protocol and Network Security Identity Management Privacy Trust and Governance Fault Tolerance
Attacker models and Threats DoS Exhaust resources and bandwidth, jamming the channels in wireless Physical Damage Instead of trying to break a heavy encrypted system they just break it and cause loss of data Eavesdropping Listen to communication channels, Insider attackers gain access to infrastructure and monitor it Node Capture Extract information from things by taking it Controlling If a thing is in attackers control, he can use it for malicious purposes Users misconfiguration
Identity and Authentication How to authenticate the users to create a trustable service In Centralized IoT, central server takes this responsibility In Distributed IoT, no single point of authentication Promising approaches: 2 factor authentication Using social media accounts Use local identity providers and create a circle od trust with external resource providers
Access Controls Who is accessing what and is he allowed to? Centralized IoT data is managed by central entity, it implements the access control policies Distributed IoT multiple enforcement policies Promising approaches: Use of RBAC Authenticate themselves in the first position and then access must be granted
Protocol and Network Security Secure communication channel for credentials and certificates Distributed IoT key management becomes a problem Negotiate cryptographic algorithms, protection mechanisms as constrained devices might not be able to implement certain configurations Adaptability criticality of data Promising approaches: Support for existing protocols Local group should manage credentials If two servers know each other well known use symmetric encryption for exchange
Privacy Distributed IoT has benefits since every entity has command over the data it generated and processed Centralized IoT central server makes the decision to make the data available or not Promising approaches: User centric access control policies Study of privacy preserving data mining algorithms Incoming and Outgoing item must be scanned for rogue and malicious software that threatens privacy of the user
Trust and Governance Centralized IoT Which data is reliable and fresh, reads all data from entities and provides to other services Distributed IoT Who can give me robust and timely service, need to consider multiple devices for data Limit countries that access data in Distributed IoT for governance Promising approaches: Patterns of information signed and owned by a group User trusts this group he can access data and ratings from other users
Fault Tolerance Centralized IoT Points out other links if one link fails Distributed IoT Need to discover mechanism for one link to another Promising approaches: Create a model of surroundings to identify links For detection of bogus data uses of IDS which focus on insider threats but not consider external entities Centralized IoT uses existing clustering mechanisms to detect intrusions
Summary
Conclusions Addresses different security and privacy issues in IoT Centralized and Distributed IoT can coexist for a full fledged IoT
Ref: [RZL2013] Rodrigo Roman, Jianying Zhou, and Javier Lopez, On the features and challenges of security and privacy in distributed internet of things, Computer Networks, Volume 57, Issue 10, pp. 2266 2279, July 2013 Thanks Any Questions?