Secure Synthesis of IoT via Readers-Writers Flow Model
Abstract
Internet of Things (IoT) is a game changer for the connected society. Safe and reliable operation of IoT connected devices is of paramount importance and thus, security and privacy is a foundational enabler for IoT. In this paper, we arrive at a synthesis methodology for the IoT and demonstrate how information flow among the connected devices using a three tier architecture enables us to assess the required security and privacy of the IoT based on the given security and privacy capabilities of the components. Our methodology uses a recent information security model called RWFM (Readers-Writers Flow Model) and shows how flexible approaches of synthesis of IoT through frameworks like Django can be integrated to realize the security/privacy requirements of the IoT. We demonstrate how the methodology concretely enables us to derive the constraints to be satisfied by the underlying components and enabled communications. A case study of a healthcare IoT implementation is discussed to illustrate the advantages of the methodology.
Keywords
Secure IoT Information-flow control PrivacyNotes
Acknowledgement
The work was done as part of Information Security Research and Development Centre (ISRDC) at IIT Bombay, funded by MEITY, Government of India.
References
- 1.Arias, O., Wurm, J., Hoang, K., Jin, Y.: Privacy and security in internet of things and wearable devices. IEEE Trans. Multi-Scale Comput. Syst. 1(2), 99–109 (2015)CrossRefGoogle Scholar
- 2.Atzori, L., Iera, A., Morabito, G.: The internet of things: a survey. Comput. Netw. 54(15), 2787–2805 (2010). http://www.sciencedirect.com/science/article/pii/S1389128610001568 CrossRefMATHGoogle Scholar
- 3.Bell, D., La Padula, L.: Secure computer systems: unified exposition and multics interpretation. Technical report ESD-TR-75-306, MTR-2997, MITRE, Bedford, Mass (1975)Google Scholar
- 4.Bi, Z., Xu, L.D., Wang, C.: Internet of things for enterprise systems of modern manufacturing. IEEE Trans. Industr. Inf. 10(2), 1537–1546 (2014)CrossRefGoogle Scholar
- 5.Bohli, J.M., Skarmeta, A., Moreno, M.V., Garca, D., Langendrfer, P.: Smartie project: secure IoT data management for smart cities. In: 2015 International Conference on Recent Advances in Internet of Things (RIoT), pp. 1–6, April 2015Google Scholar
- 6.Collier, S.E.: The emerging enernet: convergence of the smart grid with the internet of things. In: 2015 IEEE Rural Electric Power Conference (REPC), pp. 65–68, April 2015Google Scholar
- 7.Dlodlo, N.: Adopting the internet of things technologies in environmental management in South Africa. In: 2nd International Conference on Environment Science and Engineering (ICESE 2012), pp. 45–55. IACSIT Press (2012)Google Scholar
- 8.Evans, D.: The internet of things: how the next evolution of the internet is changing everything. CISCO White Pap. 1, 1–11 (2011)Google Scholar
- 9.Ferraiolo, D., Kuhn, R.: Role-based access controls. In: 15th NIST-NCSC National Computer Security Conference, pp. 554–563 (1992)Google Scholar
- 10.Intel: Security in the internet of things, January 2015Google Scholar
- 11.Jara, A.J., Bocchi, Y., Genoud, D.: Determining human dynamics through the internet of things. In: 2013 IEEE/WIC/ACM International Joint Conferences on Web Intelligence (WI) and Intelligent Agent Technologies (IAT), vol. 3, pp. 109–113, November 2013Google Scholar
- 12.Biba, K.: Integrity considerations for secure computer systems. Technical report ESD-TR-76-372, MITRE, Bedford, Mass (1976)Google Scholar
- 13.Narendra Kumar, N.V., Shyamasundar, R.K.: Realizing purpose-based privacy policies succinctly via information-flow labels. In: 2014 IEEE Fourth International Conference on Big Data and Cloud Computing, BDCloud 2014, Sydney, Australia, December 3–5, 2014, pp. 753–760. IEEE (2014). https://doi.org/10.1109/BDCloud.2014.89
- 14.Narendra Kumar, N.V., Shyamasundar, R.K.: POSTER: dynamic labelling for analyzing security protocols. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, October 12–6, 2015, pp. 1665–1667. ACM (2015). http://doi.acm.org/10.1145/2810103.2810113
- 15.Narendra Kumar, N.V., Shyamasundar, R.K.: Analyzing protocol security through information-flow control. In: Krishnan, P., Radha Krishna, P., Parida, L. (eds.) ICDCIT 2017. LNCS, vol. 10109, pp. 159–171. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-50472-8_13 CrossRefGoogle Scholar
- 16.Pang, Z., Chen, Q., Tian, J., Zheng, L., Dubrova, E.: Ecosystem analysis in the design of open platform-based in-home healthcare terminals towards the internet-of-things. In: 2013 15th International Conference on Advanced Communication Technology (ICACT), pp. 529–534, January 2013Google Scholar
- 17.Radomirovic, S.: Towards a model for security and privacy in the internet of things. In: 1st International Workshop on the Security of the Internet of Things (SecIoT 2010), Tokyo, Japan, December 2010Google Scholar
- 18.Ramos, J.L.H., Jara, A.J., Marin, L., Skarmeta-Gómez, A.F.: DCapBAC: embedding authorization logic into smart things through ECC optimizations. Int. J. Comput. Math. 93(2), 345–366 (2016). https://doi.org/10.1080/00207160.2014.915316 CrossRefMATHGoogle Scholar
- 19.Rghioui, A., L’aarje, A., Elouaai, F., Bouhorma, M.: The internet of things for healthcare monitoring: security review and proposed solution. In: 2014 Third IEEE International Colloquium in Information Science and Technology (CIST), pp. 384–389, October 2014Google Scholar
- 20.Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in distributed internet of things. Comput. Netw. 57(10), 2266–2279 (2013). https://doi.org/10.1016/j.comnet.2012.12.018 CrossRefGoogle Scholar
- 21.Sangani, K.: The heat is on. Eng. Technol. 9(7), 49–51 (2014)CrossRefGoogle Scholar
- 22.Schmid, S., Bourchas, T., Mangold, S., Gross, T.R.: Linux light bulbs: enabling internet protocol connectivity for light bulb networks. In: Proceedings of the 2nd International Workshop on Visible Light Communications Systems, VLCS 2015, pp. 3–8. ACM, New York (2015). http://doi.acm.org/10.1145/2801073.2801074
- 23.Shelby, Z., Hartke, K., Bormann, C.: RFC 7252: The Constrained Application Protocol (CoAP). IETF RFC Publication (2014)Google Scholar
- 24.Singh, J., Pasquier, T.F.J.M., Bacon, J.: Securing tags to control information flows within the internet of things. In: 2015 International Conference on Recent Advances in Internet of Things (RIoT), pp. 1–6, April 2015Google Scholar
- 25.Tarouco, L.M.R., Bertholdo, L.M., Granville, L.Z., Arbiza, L.M.R., Carbone, F., Marotta, M., de Santanna, J.J.C.: Internet of things in healthcare: interoperatibility and security issues. In: 2012 IEEE International Conference on Communications (ICC), pp. 6121–6125, June 2012Google Scholar
- 26.Yun, M., Yuxin, B.: Research on the architecture and key technology of internet of things (IoT) applied on smart grid. In: 2010 International Conference on Advances in Energy Engineering (ICAEE), pp. 69–72, June 2010Google Scholar