A Case for IoT Security Assurance

  • Claudio A. ArdagnaEmail author
  • Ernesto Damiani
  • Julian Schütte
  • Philipp Stephanow
Part of the Internet of Things book series (ITTCC)


Today the proliferation of ubiquitous devices interacting with the external environment and connected by means of wired/wireless communication technologies points to the definition of a new vision of ICT called Internet of Things (IoT). In IoT, sensors and actuators, possibly embedded in more powerful devices, such as smartphones, interact with the surrounding environment. They collect information and supply it across networks to platforms where IoT applications are built. IoT services are then made available to final customers through these platforms. Needless to say, IoT scenario revolutionizes the concept of security, which becomes even more critical than before. Security protection must consider millions of devices that are under control of external entities, freshness and integrity of data that are produced by the latter devices, and heterogeneous environments and contexts that co-exist in the same IoT environment. These aspects make the need of a systematic way of assessing the quality and security of IoT systems evident, introducing the need of rethinking existing assurance methods to fit the IoT-based services. In this chapter, we discuss and analyze challenges in the design and development of assurance methods in IoT, focusing on traditional CIA properties, and provide a first process for the development of continuous assurance methods for IoT services. We also design a conceptual framework for IoT security assurance evaluation.


Assurance Methods Continued Confidence Constrained Application Protocol (CoAP) Local Authority Model Security Testing Techniques 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



This work was partly supported by the program “piano sostegno alla ricerca 2015-17” funded by Università degli Studi di Milano.


  1. 1.
    Ezra Caltum and Ory Segal. SSHowDowN: Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns. Accessed 11 Oct 2016.
  2. 2.
    US-CERT/NIST. CVE-2004-1653. 2004. Aug, 2004. Accessed 11 2016.
  3. 3.
    Sadeghi, Ahmad-Reza, Christian Wachsmann, and Michael Waidner. 2015. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd Annual Design Automation Conference (DAC), 54. ACM.Google Scholar
  4. 4.
    Abomhara, Mohamed and Geir M Køien. 2014. Security and privacy in the Internet of Things: Current status and open issues. In International Conference on Privacy and Security in Mobile Systems (PRISMS), 1–8. IEEE.Google Scholar
  5. 5.
    Zhang, Zhi-Kai, Michael Cheng Yi Cho, Chia-Wei Wang, Chia-Wei Hsu, Chong-Kuan Chen, and Shiuhpyng Shieh. 2014. IoT security: ongoing challenges and research opportunities. In 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, 230–234. IEEE.Google Scholar
  6. 6.
    Sato, Hiroyuki, Atsushi Kanai, Shigeaki Tanimoto, and Toru Kobayashi. 2016. Establishing trust in the emerging era of IoT. In 2016 IEEE Symposium on Service-Oriented System Engineering (SOSE), 398–406. IEEE.Google Scholar
  7. 7.
    Zhao, Kai, and Lina Ge. 2013. A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on, 663–667. IEEE.Google Scholar
  8. 8.
    Bagci, Ibrahim Ethem, Mohammad Reza Pourmirza, Shahid Raza, Utz Roedig, and Thiemo Voigt. 2012. Codo: Confidential data storage for wireless sensor networks. In 9th International Conference on Mobile Ad-Hoc and Sensor Systems (MASS), 1–6. IEEE.Google Scholar
  9. 9.
    Raza, Shahid, Hossein Shafagh, Kasun Hewage, René Hummen, and Thiemo Voigt. 2013. Lithe: Lightweight secure CoAP for the internet of things. IEEE Sensors Journal 13(10): 3711–3720.Google Scholar
  10. 10.
    Dofe, Jaya, Jonathan Frey, and Qiaoyan Yu. 2016. Hardware security assurance in emerging IoT applications. In International Symposium on Circuits and Systems (ISCAS), 2050–2053. IEEE.Google Scholar
  11. 11.
    Raza, Shahid, Linus Wallgren, and Thiemo Voigt. 2013. SVELTE: Real-time intrusion detection in the Internet of Things. Ad hoc networks 11(8): 2661–2674.Google Scholar
  12. 12.
    Raza, Shahid, Simon Duquennoy, Joel Höglund, Utz Roedig, and Thiemo Voigt. 2014. Secure communication for the Internet of Things—a comparison of link-layer security and IPsec for 6LoWPAN. Security and Communication Networks 7(12): 2654–2668.Google Scholar
  13. 13.
    Lee, Jun-Ya, Wei-Cheng Lin, and Yu-Hung Huang. 2014. A lightweight authentication protocol for internet of things. In 2014 International Symposium on Next-Generation Electronics (ISNE), 1–2. IEEE.Google Scholar
  14. 14.
    Park, Haemin, Dongwon Seo, Heejo Lee, and Adrian Perrig. 2012. SMATT: Smart meter attestation using multiple target selection and copy-proof memory. In Computer Science and its Applications, 875–887. Springer.Google Scholar
  15. 15.
    Ardagna, Claudio Agostino, Rasool Asal, Ernesto Damiani, and Quang Hieu Vu. 2015. From security to assurance in the cloud: A survey. ACM Computing Surveys (CSUR), 48(1): 2:1–2:50.Google Scholar
  16. 16.
    ISO/IEC JTC 1. 2014. Information Technology. Internet of things (iot). preliminary report.Google Scholar
  17. 17.
    B. Leukert et al. IoT 2020: Smart and secure IoT platform. IEC 2016.
  18. 18.
    Minerva, Roberto, Abyi Biru, and Domenico Rotondi. 2015. Towards a Definition of the Internet of Things (IoT). Torino, Italy: IEEE Internet Initiative.Google Scholar
  19. 19.
    Weiser, Mark. 1991. The computer for the twenty-first century. Scientific American, 6675.Google Scholar
  20. 20.
    Ala Al Fuqaha, Mohsen Guizani, Mehdi Mohammadi, Mohammed Aledhari, and Moussa Ayyash. 2015. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys and Tutorials 17(4): 2347–2376.Google Scholar
  21. 21.
    IATAC and DACS. 2007. Software security assurance: State of the art report (SOAR).
  22. 22.
    Beznosov, Konstantin, and Philippe Kruchten. 2004. Towards agile security assurance. In Proceedings of the 2004 workshop on New security paradigms, 47–54, ACM.Google Scholar
  23. 23.
    Misra, Sridipta, Muthucumaru Maheswaran, and Salman Hashmi. 2017. Security challenges and approaches in internet of things. Springer International Publishing.Google Scholar
  24. 24.
    Mahalle, Parikshit Narendra, and Poonam N. Railkar. 2015. Identity management for internet of things. River Publishers Series in Communications.Google Scholar
  25. 25.
    Shelby, Zach, Klaus Hartke, and Carsten Bormann. 2014. The constrained application protocol (CoAP). Technical report.Google Scholar
  26. 26.
    Montenegro, Gabriel, Nandakishore Kushalnagar, Jonathan Hui, and David Culler. 2007. Transmission of IPv6 packets over IEEE 802.15. 4 networks. Technical report.Google Scholar
  27. 27.
    Stephen Kent and Seo, Karen. 2005. Security architecture for the internet protocol. Technical report.Google Scholar
  28. 28.
    Bhatnagar, Neerja, and Ethan L. Miller. 2007. Designing a secure reliable file system for sensor networks. In Proceedings of the 2007 ACM workshop on Storage security and survivability, 19–24. ACM.Google Scholar
  29. 29.
    Wei Ren, Yi Ren, and Hui Zhang. 2008. Hybrids: A scheme for secure distributed data storage in wsns. In IEEE/IFIP International Conference on Embedded and Ubiquitous Computing, 2008. EUC’08, vol. 2, 318–323. IEEE.Google Scholar
  30. 30.
    Ericsson. 2016. Bootstrapping security-the key to internet of things access authentication and data integrity. Ericsson White paper, 284 23-3284.
  31. 31.
    Doug, J. 2011. Tygar. Adversarial machine learning. IEEE Internet Computing 15(5): 4.Google Scholar
  32. 32.
    Huang, Ling, Anthony D. Joseph, Blaine Nelson, Benjamin IP Rubinstein, and J.D. Tygar. 2011. Adversarial machine learning. In Proceedings of the 4th ACM workshop on security and artificial intelligence, 43–58. ACM.Google Scholar
  33. 33.
    Liu, Chang, Chi Yang, Xuyun Zhang, and Jinjun Chen. 2015. External integrity verification for outsourced big data in cloud and iot. Future generation computer systems, 49(C): 58–67.Google Scholar
  34. 34.
    Newe, Thomas, Muzaffar Rao, Daniel Toal, Gerard Dooly, Edin Omerdic, and Avijit Mathur. 2017. Efficient and high speed fpga bump in the wire implementation for data integrity and confidentiality services in the iot. In Postolache, Octavian Adrian, Subhas Chandra Mukhopadhyay, Krishanthi P. Jayasundera, and Akshya K. Swain (eds.). Sensors for everyday life: Healthcare settings, 259–285. Springer International Publishing.Google Scholar
  35. 35.
    Gaurav, Kumar, Pravin Goyal, Vartika Agrawal, and Shwetha Lakshman Rao. 2015. Iot transaction security. In Proceedings of the 5th International Conference on the Internet of Things (IoT 2015).Google Scholar
  36. 36.
    Yick, Jennifer, Biswanath Mukherjee, and Dipak Ghosal. 2008. Wireless sensor network survey. Computer Networks 52(12): 2292–2330.Google Scholar
  37. 37.
    Tanenbaum, Andrew S., and Maarten Van Steen. 2007. Distributed systems. Prentice-Hall.Google Scholar
  38. 38.
    National Institute of Standards and Technology (NIST). 2013. Security and privacy controls for federal information systems and organizations. Special Publication 800: 53.Google Scholar
  39. 39.
    International Organization for Standardization (ISO). 2016. ISO/IEC 27001:2013 Information technology–Security techniques–Information security management systems–Requirements. Accessed 10 2016.

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  • Claudio A. Ardagna
    • 1
    Email author
  • Ernesto Damiani
    • 2
  • Julian Schütte
    • 3
  • Philipp Stephanow
    • 3
  1. 1.Dipartimento di InformaticaUniversità Degli Studi di MilanoMilanoItaly
  2. 2.Etisalat British Telecom Innovation CenterKhalifa University of Science, Technology and ResearchAbu DhabiUAE
  3. 3.Fraunhofer Institute for Applied and Integrated SecurityGarching Near MunichGermany

Personalised recommendations