IoT Security Vision
“Trust in the source of the data (collected the right capta) and that it was reliably captured, transmitted and not tampered with (else skeptics will challenge the result, or worse, wrong actions will be taken).” … We will develop new understandings of how IoT can improve the connected experience of our stakeholders and how IoT can be used to protect against cybersecurity threats.
[Data61 Science Vision H1, p. 6]
The IoT is a networking paradigm that connects the physical world with the cyber world through a large number of embedded small sensors, actuators, and low-power wireless networks. Example IoT applications include home automation, precision agriculture, smart health, smart city, and smart manufacturing. However, these applications also bring huge risks, since compromised IoT data may have serious impacts, such as causing harm to patients and leading to a citywide blackout. A widely applicable information security model is the CIA triad, standing for Confidentiality, Integrity and Availability – three key principles that should be guaranteed in any kind of secure system. However, the IoT security triad includes Authentication, Integrity and Confidentiality. Though Confidentiality and Integrity principles in IoT introduce many new challenges, they were not the first order priority areas of DSS. Our focus is on the Authentication principle of IoT seecurity. Pivoted to device authentication, some of the key research questions DSS aims to address are:
Q1: How to authenticate heterogeneous sources (constrained IoT devices) under a future proof ubiquitous and dynamic deployment model operating in a variety of networks?
The challenge is to develop new lightweight authentication protocols, which can efficiently run over large-scale deployment of small IoT devices under centralised, hybrid and fully-distributed application scenarios, in either controlled or hostile environments. The non-intrusive authentication protocols need to be designed by taking into account the dynamic nature of the deployment, heterogeneous network environments, capture resistance and quantum resistance. DSS leverages the applied cryptography capability developed in cloud security in order to develop a lightweight public-key encryption scheme and design a mutual authentication protocol.
Q2: How to achieve end-to-end data stream security in the IoT environment?
IoT applications in risk-critical domains need near-real-time stream data processing. The key problem is how to ensure online end-to-end security (e.g., confidentiality, integrity, and authenticity) of data streams for such applications without having negative impacts on the latency and bandwidth. Existing data security solutions cannot be applied in such applications as they cannot deal with data streams with high-volume and high-velocity data in real time. Traditionally, end-to-end data security means the secure communication between sensors and cloud, cloud and user applications. In the IoT environment, most of the data produced will never be transmitted to the cloud, but rather be consumed at the edge of the network in the stream form. DSS further investigates the developed lightweight cryptographic methods and uses a levelled approach in designing novel end-to-end data security to address this challenge.
Q3: How to develop methods to identify, upgrade and protect IoT devices so that they can be trusted?
This challenge includes the identification of IoT devices for security enforcement, and to dynamically update the IoT device firmware to ensure up-to-date software for trusted operation. This challenge is addressed by further investigating the developed authentication methods to support dynamic device to device authentication without involvement of the third party, and how such authentication protocol can be exploited to upgrade firmware in IoT devices. We further look into the intrusion detection systems that can be deployed in a resource constrained and hugely diverse environment to protect IoT devices. This might require applying a brownfield development approach to security designs: the security mechanisms must be able to co-exist with potentially insecure devices and software users have already deployed and will deploy in the IoT applications. DSS aims to develop appropriate methods to facilitate the trustworthiness of IoT devices.