Secure Synthesis of IoT via Readers-Writers Flow Model

  • Shashank Khobragade
  • N. V. Narendra Kumar
  • R. K. Shyamasundar
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10722)

Abstract

Internet of Things (IoT) is a game changer for the connected society. Safe and reliable operation of IoT connected devices is of paramount importance and thus, security and privacy is a foundational enabler for IoT. In this paper, we arrive at a synthesis methodology for the IoT and demonstrate how information flow among the connected devices using a three tier architecture enables us to assess the required security and privacy of the IoT based on the given security and privacy capabilities of the components. Our methodology uses a recent information security model called RWFM (Readers-Writers Flow Model) and shows how flexible approaches of synthesis of IoT through frameworks like Django can be integrated to realize the security/privacy requirements of the IoT. We demonstrate how the methodology concretely enables us to derive the constraints to be satisfied by the underlying components and enabled communications. A case study of a healthcare IoT implementation is discussed to illustrate the advantages of the methodology.

Keywords

Secure IoT Information-flow control Privacy 
This is a preview of subscription content, log in to check access

Notes

Acknowledgement

The work was done as part of Information Security Research and Development Centre (ISRDC) at IIT Bombay, funded by MEITY, Government of India.

References

  1. 1.
    Arias, O., Wurm, J., Hoang, K., Jin, Y.: Privacy and security in internet of things and wearable devices. IEEE Trans. Multi-Scale Comput. Syst. 1(2), 99–109 (2015)CrossRefGoogle Scholar
  2. 2.
    Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010). http://www.sciencedirect.com/science/article/pii/S1389128610001568 CrossRefMATHGoogle Scholar
  3. 3.
    Bell, D., La Padula, L.: Secure computer systems: unified exposition and multics interpretation. Technical report ESD-TR-75-306, MTR-2997, MITRE, Bedford, Mass (1975)Google Scholar
  4. 4.
    Bi, Z., Xu, L.D., Wang, C.: Internet of things for enterprise systems of modern manufacturing. IEEE Trans. Industr. Inf. 10(2), 1537–1546 (2014)CrossRefGoogle Scholar
  5. 5.
    Bohli, J.M., Skarmeta, A., Moreno, M.V., Garca, D., Langendrfer, P.: Smartie project: secure IoT data management for smart cities. In: 2015 International Conference on Recent Advances in Internet of Things (RIoT), pp. 1–6, April 2015Google Scholar
  6. 6.
    Collier, S.E.: The emerging enernet: convergence of the smart grid with the internet of things. In: 2015 IEEE Rural Electric Power Conference (REPC), pp. 65–68, April 2015Google Scholar
  7. 7.
    Dlodlo, N.: Adopting the internet of things technologies in environmental management in South Africa. In: 2nd International Conference on Environment Science and Engineering (ICESE 2012), pp. 45–55. IACSIT Press (2012)Google Scholar
  8. 8.
    Evans, D.: The internet of things: how the next evolution of the internet is changing everything. CISCO White Pap. 1, 1–11 (2011)Google Scholar
  9. 9.
    Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
  10. 10.
    Intel: Security in the internet of things, January 2015Google Scholar
  11. 11.
    Jara, A.J., Bocchi, Y., Genoud, D.: Determining human dynamics through the internet of things. In: 2013 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT), vol. 3, pp. 109–113, November 2013Google Scholar
  12. 12.
    Biba, K.: Integrity considerations for secure computer systems. Technical report ESD-TR-76-372, MITRE, Bedford, Mass (1976)Google Scholar
  13. 13.
    Narendra Kumar, N.V., Shyamasundar, R.K.: Realizing purpose-based privacy policies succinctly via information-flow labels. In: 2014 IEEE Fourth International Conference on Big Data and Cloud Computing, BDCloud 2014, Sydney, Australia, December 3–5, 2014, pp. 753–760. IEEE (2014).  https://doi.org/10.1109/BDCloud.2014.89
  14. 14.
    Narendra Kumar, N.V., Shyamasundar, R.K.: POSTER: dynamic labelling for analyzing security protocols. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12–6, 2015, pp. 1665–1667. ACM (2015). http://doi.acm.org/10.1145/2810103.2810113
  15. 15.
    Narendra Kumar, N.V., Shyamasundar, R.K.: Analyzing protocol security through information-flow control. In: Krishnan, P., Radha Krishna, P., Parida, L. (eds.) ICDCIT 2017. LNCS, vol. 10109, pp. 159–171. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-50472-8_13 CrossRefGoogle Scholar
  16. 16.
    Pang, Z., Chen, Q., Tian, J., Zheng, L., Dubrova, E.: Ecosystem analysis in the design of open platform-based in-home healthcare terminals towards the internet-of-things. In: 2013 15th International Conference on Advanced Communication Technology (ICACT), pp. 529–534, January 2013Google Scholar
  17. 17.
    Radomirovic, S.: Towards a model for security and privacy in the internet of things. In: 1st International Workshop on the Security of the Internet of Things (SecIoT 2010), Tokyo, Japan, December 2010Google Scholar
  18. 18.
    Ramos, J.L.H., Jara, A.J., Marin, L., Skarmeta-Gómez, A.F.: DCapBAC: embedding authorization logic into smart things through ECC optimizations. Int. J. Comput. Math. 93(2), 345–366 (2016).  https://doi.org/10.1080/00207160.2014.915316 CrossRefMATHGoogle Scholar
  19. 19.
    Rghioui, A., L’aarje, A., Elouaai, F., Bouhorma, M.: The internet of things for healthcare monitoring: security review and proposed solution. In: 2014 Third IEEE International Colloquium in Information Science and Technology (CIST), pp. 384–389, October 2014Google Scholar
  20. 20.
    Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57(10), 2266–2279 (2013).  https://doi.org/10.1016/j.comnet.2012.12.018 CrossRefGoogle Scholar
  21. 21.
    Sangani, K.: The heat is on. Eng. Technol. 9(7), 49–51 (2014)CrossRefGoogle Scholar
  22. 22.
    Schmid, S., Bourchas, T., Mangold, S., Gross, T.R.: Linux light bulbs: enabling internet protocol connectivity for light bulb networks. In: Proceedings of the 2nd International Workshop on Visible Light Communications Systems, VLCS 2015, pp. 3–8. ACM, New York (2015). http://doi.acm.org/10.1145/2801073.2801074
  23. 23.
    Shelby, Z., Hartke, K., Bormann, C.: RFC 7252: The Constrained Application Protocol (CoAP). IETF RFC Publication (2014)Google Scholar
  24. 24.
    Singh, J., Pasquier, T.F.J.M., Bacon, J.: Securing tags to control information flows within the internet of things. In: 2015 International Conference on Recent Advances in Internet of Things (RIoT), pp. 1–6, April 2015Google Scholar
  25. 25.
    Tarouco, L.M.R., Bertholdo, L.M., Granville, L.Z., Arbiza, L.M.R., Carbone, F., Marotta, M., de Santanna, J.J.C.: Internet of things in healthcare: interoperatibility and security issues. In: 2012 IEEE International Conference on Communications (ICC), pp. 6121–6125, June 2012Google Scholar
  26. 26.
    Yun, M., Yuxin, B.: Research on the architecture and key technology of internet of things (IoT) applied on smart grid. In: 2010 International Conference on Advances in Energy Engineering (ICAEE), pp. 69–72, June 2010Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  • Shashank Khobragade
    • 1
  • N. V. Narendra Kumar
    • 2
  • R. K. Shyamasundar
    • 1
  1. 1.Department of Computer Science and EngineeringIndian Institute of Technology BombayMumbaiIndia
  2. 2.Centre for Payment SystemsIDRBTHyderabadIndia

Personalised recommendations