Security Challenges and Approaches in Internet of Things (eBook)

Sridipta Misra is a software engineer at Ericsson Canada. Currently working with the Authentication and Digital Identity development unit of Ericsson, he is engaged in research and development of security in cellular mobile computing systems. He completed his Master of Science degree from the School of Computer Science, at McGill University, Canada. As part of his thesis research, he investigated the security and privacy issues in the Internet of Things. Muthucumaru Maheswaran is an associate professor in the School of Computer Science and the Department of Electrical and Computer Engineering at McGill University. He received a PhD in Electrical and Computer Engineering from Purdue University in 1998. He is carrying out research in the areas of cloud computing, Internet of Things, and social computing. In particular, he is interested in various aspects including security, privacy, and governance of Internet-scale distributed systems. He has published more than 120 papers and supervised the completion of 7 PhD students and more than 35 MSc thesis students in research projects in the above areas. Salman Hashmi is researcher in the Networks Lab in the School of Computer Science. He received a BSc degree in Electrical Engineering from McGill University. His research interests are in security and privacy of Internet of Things.

Contents 6
1 Introduction 8
2 System Model for the Internet of Things 11
2.1 The Concept of the ``Internet of Things'' 11
2.2 Evolution of the Networks 12
2.3 Vision of the Internet of Things 15
2.3.1 Large Scale Ubiquitous and Pervasive Connectivity 15
2.3.2 Context-Aware Computing 16
2.3.3 Seamless Connectivity and Interoperability 16
2.3.4 Network Neutrality 17
2.4 Applications of the Internet of Things 17
2.5 Challenges 20
3 Vulnerable Features and Threats 24
3.1 Vulnerable Features of the Internet of Things 24
3.2 Threat Taxonomy 29
3.2.1 Definition of Threat 29
3.2.2 Proposed Taxonomy 30
3.2.3 System Security Threats 30
3.2.4 Privacy Threats 37
3.2.5 Reflective Trust and Reputation Threats 41
4 Securing the Internet of Things 44
4.1 Making the IoT More Secure and Private 44
4.1.1 Protocol and Network Security 45
4.1.2 Data and Privacy 47
4.1.3 Identity Management 49
4.1.4 Trust Management 51
4.1.5 Fault Tolerance 51
4.2 Standardization 52
4.3 Governance 53
4.4 Social Awareness 55
5 Social Governance 57
5.1 Evolution of Network Management and Social Governance 57
5.2 The Framework 58
5.2.1 The Hierarchical Distributed Policy Management System 59
5.2.2 Policy Compliant Smart Devices 61
5.2.3 HDPMS and PCSDs in Action 63
5.2.4 Communications in HDPMS-PCSDs Setup 67
5.2.5 Policy Resolution in the HDPMS 71
5.2.6 Local Consent Polling Mechanism 72
5.2.7 Trusted Computing Base in the IoT 73
5.2.8 Social Governance for Policy Makers 74
5.2.9 Social Governance for Innovators/Manufacturers 76
5.2.10 Social Governance for Users 77
5.3 Example of Utility 78
6 Case Studies of Selected IoT Deployments 80
6.1 Connected Vehicles 80
6.1.1 Significance of Connected Vehicles 81
6.1.2 Background on Vehicular Networks 82
6.1.3 Attacks Classification with Selected Countermeasures 84
6.2 eHealth 86
6.2.1 Security and Privacy Significance 87
6.2.2 Risks, Vulnerabilities, and Threats Classification 89
6.2.3 Security Requirements and Attack Scenarios 91
6.2.4 Selected eHealth Security Models 93
6.3 The Smart Grid 95
6.3.1 Selected Cases of Security Incidents 95
6.3.2 Further Reading 97
7 Conclusions and Future Work 98
7.1 Conclusions 98
7.2 Future Work 99
References 100