Skip to main content
SpringerLink
Log in

Securing the Internet of Things

  • Chapter
  • First Online:
Smart Cards, Tokens, Security and Applications

Abstract

The Internet of Things (IoT) is an umbrella term used to describe the rapidly growing population of smart and/or embedded digital devices that can leverage, monitor and control systems and components in the physical world. In order to understand the need to safely maximise the many potential benefits of these important technology developments, this chapter describes the security challenges that they bring and how these challenges arise. Based on past experiences of security in IT and Industrial Control Systems , as well as the special characteristics of the IoT, the author identifies the need for security work by those working on IoT systems in the three key areas as follows:

  • Establishing mechanisms to determine a firm’s direction and stance for both security and privacy risk/leadership to inform its IoT deployment and use.

  • Making sure that a robust risk assessment and security framework is held up against proposed IoT designs/deployments.

  • Developing a clear position on whether to use open versus closed IoT systems , whilst recognising that the purpose of many IoT systems will expand and evolve substantially over time.

In this chapter, the means for addressing these three challenges are combined into a proposed overall decision-making framework for developing an IoT security strategy.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 89.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    May 2016.

References

  1. Cisco Systems, Inc, Available: http://ioeassessment.cisco.com/learn/ioe-faq, 28 September 2015, [Online], [Accessed 28 September 2015].

  2. ITU-T, Available: http://www.itu.int/rec/T-REC-Y.2060-201206-I, 15 June 2012, [Online], [Accessed 28 September 2015].

  3. Gartner, Available: http://www.gartner.com/newsroom/id/2905717, [Online].

  4. Cisco Internet Business Solutions Group (IBSG), D Evans, “The Internet of Things—How the Next Evolution of the Internet Is Changing Everything”, Cisco IBSG, 2011.

    Google Scholar 

  5. C. Miller and C. Valadek, “Remote Exploitation of an Unaltered Passenger Vehicle”, 10 8 2015, Available: www.illmatics.com/Remote%20Car%20Hacking.pdf, [Online], [Accessed 17 October 2015].

  6. OWASP, “OWASP Internet of Things Project”, 2014, [Online], Available: https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project, [Accessed 30 4 2016].

  7. S. Peisert, J. Margulies, E. Byres, P. Dorey, D. Peterson and Z. Tudor, “Control Systems Security from the Front Lines”, Security & Privacy, vol. 12, no. 6, pp. 55–58, 2014.

    Google Scholar 

  8. M. Ersue, D. Romascanu and J. Schoenwaelder, “Management of Networks with Constrained Devices:”, May 2015, [Online], Available: https://tools.ietf.org/html/rfc7547, [Accessed 29 September 2015].

  9. E. Dockterman, “Robot Kills Man at Volkswagen Plant,” Time Life, 1 July 2015, [Online], Available: http://time.com/3944181/robot-kills-man-volkswagen-plant/, [Accessed 17 October 2015].

  10. J. Edwards, “Ford Exec: ‘We Know Everyone Who Breaks The Law’ Thanks To Our GPS In Your Car”, Business Insider, 8 January 2014.

    Google Scholar 

  11. Auto Alliance & Global Automakers, “Consumer Privacy Protection Principles for Vehicle Technologies and Services”, 12 November 2014, [Online], Available: https://www.globalautomakers.org/system/files/document/attachments/Global%27s%20and%20the%20Alliance%27s%20FTC%20Letter%20Committment%20and%20Privacy%20Principles%20%282%29.pdf, [Accessed 29 September 2015].

  12. T. Danielson, “Samsung explains why its SmartTV records private conversations (+video)”, The Christian Science Monitor, 9 February 2015.

    Google Scholar 

  13. Cloud Security Alliance, “Security Guidance for Early Adopters of the Internet of Things (IoT)”, April 2015, [Online], Available: https://downloads.cloudsecurityalliance.org/whitepapers/Security_Guidance_for_Early_Adopters_of_the_Internet_of_Things.pdf, [Accessed 29 September 2015].

  14. F. daCosta and B. Henderson, Rethinking the Internet of Things: A Scalable Approach to Connecting Everything, Apress, 2014.

    Google Scholar 

  15. F. Swiderski and W. Snyder, Threat Modelling, Redmond: Microsoft Professional, 2004.

    Google Scholar 

  16. GSM Association, “GSMA IOT Guidelines Complete Document Set”, February 2016, [Online], Available: http://www.gsma.com/connectedliving/gsma-iot-security-guidelines-complete-document-set/.

  17. Trusted Computing Group, “Guidance for Security IoT Using TCG Technology”, 14 9 2015, [Online], Available: http://www.trustedcomputinggroup.org/wp-content/uploads/TCG_Guidance_for_Securing_IoT_1_0r21-1.pdf, [Accessed 30 4 2016].

  18. J. Voss, “Primitives and Elements of Internet of Things (IoT) Trustworthiness”, February 2016, [Online], Available: http://csrc.nist.gov/publications/drafts/nistir-8063/nistir_8063_draft.pdf, [Accessed 30 4 2016].

  19. K. Finley, “Nest Hub Shutdown”, Wired.com, 4 5 2016, [Online], Available: http://www.wired.com/2016/04/nests-hub-shutdown-proves-youre-crazy-buy-internet-things/, [Accessed 30 4 2016].

  20. Hewlett Packard Enterprise, “Internet of Things Research Study 2015”, [Online], Available: http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-4759ENW.pdf [Accessed 30 4 2016]

Download references

Acknowledgements

The author wishes to thank Professor Keith Mayes of Royal Holloway, University of London, as well as David Moschella and Adrian Seccombe of the Leading Edge Forum for their help in developing some of these ideas.

Author information

Authors and Affiliations

  1. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Paul Dorey

Authors
  1. Paul Dorey
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Paul Dorey .

Editor information

Editors and Affiliations

  1. Director of the Information Security Group, Head of the School of Mathematics and Information Security, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Keith Mayes

  2. Smart Card Centre, Information Security Group, Royal Holloway, University of London, Egham, Surrey, United Kingdom

    Konstantinos Markantonakis

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Dorey, P. (2017). Securing the Internet of Things. In: Mayes, K., Markantonakis, K. (eds) Smart Cards, Tokens, Security and Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-50500-8_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-50500-8_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-50498-8

  • Online ISBN: 978-3-319-50500-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation