Security and Privacy in the Internet of

Things :

Antonio F. Skarmeta

<skarmeta@um.es>

University of Murcia (UMU)

SPAIN

2

Motivation Motivation

• Security and privacy concerns were always there… – … but we need to move from an enterprise-centric, to user-

centric approaches to smart object-centric solutions

– IoT testbeds are not labs, but cities involving citizens and their devices!

• The data sharing paradox in IoT - To share or not to share, this is NOT the question… – People want/like/need to share (Facebook, Twitter,…)

– … the question is how, what, why and under which circumstances!

3

Motivation Motivation

• The data sharing paradox in IoT - To share or not to share, this is NOT the question… – I want to share my energy consumption, but not if I am at home!

– Who owns the information on a Smart City? Citizens? City Council?

• Need for cross and multidisciplinary approaches: – Involvement of citizens is crucial Smart Cities are for them!

– Able to address the lifecycle of Smart Objects

– Security and privacy are cross Operational concerns do not matter if smart objects were given fake credentials!

4

Motivation: Moving towards an user’s

environment connected Internet

Servers & PCs Internet

Humans & People Internet

Smart objects Internet

Extend Identity to Things

Right delegation

Add things temporarily to their personal space

Current Internet

evolving towards a

global network of

interconnected smart

objects affecting our

everyday lives Development of

wireless

communications

accelerating this

trend

Unprecedented

economic and social

opportunities for

companies and

people

5

Extend IdM to Virtual IDs in IoT and

Users

5

Best of two worlds

• Block the link between

partial ID to entity

privacy

• Maximize capability of

partial ID to support

functions & operations

functionality

Digital ID designate Identity Entity refer to

make sense of it

Used partial ID Ideal target: no link

INTERNET

?

Construct / Concept

Full IdM Identity

Passport idea

Virtual Identity*

Partial Identity

filter

filter

Partial Digital ID

Real Passport

* e.g. role based

6

Trust relationships vs. SN links

Person

A

Person

C

Person

B

Access to devices is assigned trust levels (bubbles). These trust levels are expressed as additional qualifiers in the social

network relationship of a person. In this example Trust level A also encompasses devices/ data providers under trust level B.

Ownership encompasses personal access to devices and data providers.

IoT

device

Ownership level

(full access)

IoT

devices

DP 1 DP 2 DP n

Ownership level

(full access)

DP 1 DP 2 DP 3 DP 4

IoT

devices

DP 1 DP 2 DP n

Trust

level A Trust

level B

Is-a-friend Is-a-friend

7

Virtual Identities in IoT

8

Infrastructure for Identity and IoT

• Real need exists for a suitable infrastructure to be in place:

– IoT Addressing: an IoT address refers to an identifier of a smart

object and/or its virtual representation.

– IoT Naming: it refers to mechanisms and techniques for assigning

names to objects and supporting their resolution/mapping to IoT

addresses.

– IoT Discovery: it refers to the process of locating and retrieving IoT

resources in the scope of a large and complex space of smart

objects.

• The attributes managed and associated to an identifier can

be exploited by an identity management system:

– Restricting the access to attributes to authorized smart objects.

– Anonymous credential provisioning and partial identity management

based on the attributes that are registered.

– Generation of authorization credentials to enable M2M secure

communications, based on attributes to make access control

decisions.

9

The lifecycle of a device in the

Internet of Things

• Let start from the beginning!!!

10

Trust, Security and Privacy

challenges

• Requirements from Security

– Lightweight design and efficient implementation of security

mechanisms and cryptographic algorithms

– Secure implementations in hardware and/or software

– Interoperable and scalable security mechanisms

• Requirements from Privacy

– Need for considering privacy in earlier stages (privacy-by design)

– Scenarios managing particularly sensitive information, access

control mechanisms are essential

– Mechanisms supporting minimal or selective disclosure of PII

– Requirements from Trust

– From privacy by design to trustworthy by design

– Dynamic Trust Management

11

Operational challenges in Security

• Standard security and access control mechanisms are used over the

Internet today

– These proposals often based on heavy primitives, difficult application on

resource-constrained devices

– Unlike current Internet, smart objects are working in harsh and uncontrolled

environments, prone to attacks and misuse and being controlled by non-

expert users

– Control on information sharing in IoT sharing requires advanced privacy-

preserving IdM techniques

• Requirements from Management

– Scenarios with millions of heterogeneous devices can not be managed by

centralized and out-of-band approaches self-management techniques

should be supported

– It includes the application of scalable mechanisms for bootstrapping,

configuration, upgrading and key management

12

Integral Security and Privacy Framework Integral Security and Privacy

Framework (Operation)

• Based on lightweight and flexible security approaches to make

them available even for M2M constrained environments (CE):

‒ IETF ACE, DICE WGs focused on security for CE

‒ Use of the Constrained Application Protocol (CoAP - RFC 7252) as

an application protocol

‒ Use of Datagram Transport Layer Security (DTLS) (RFC 6347) based

on ECC Raw Public Keys for authentication

‒ Use of the Distributed Capability-Based Access Control (DCapBAC)

approach for authorization

13

Integral Security and Privacy Framework Integral Security and Privacy

Framework (Operation)

• Use of advanced and flexible cryptographic schemes enabling

secure group communications:

‒ Based on certificateless public key cryptography (CP-ABE)

‒ CP-ABE keys obtained during the registration associated to smart

object’s attributes

• Additional use of partial identities for minimal PII disclosure

integration Proof-of-Possession (PoP) based on anonymous

credentials systems (e.g. Idemix) with DCapBAC tokens

14

• Trust Framework 1. Policies for trust in heterogeneous environment: definition of policies that include technical,

organization and business aspects. Auditing and enforcement schemes for policies

2. Trusted environment on the device: device integrity, using TPM, PKI and eID systems.

Bootstrapping trust on the device, related functions and protocols

3. Service integrity (ensuring trusted and reliable operations): CA, reputation system as

complementary schemes. Methods for the development of trusted services – integrity by design.

Disaster recovery, graceful recovery from failure

4. Data lifecycle management: access control, secure storage revision management and collaborative

schemes and proof of termination.

• Security and Trustworthiness

1. Transparent of the trust and accountability: Security audit and Service integrity

2. Vision from the user on interaction with the trust.

• Transversal Approach 1. the educational and training actions seems to be disperse over subsection that could be more

clearly related. Curricula and training programs

2. multidisciplinary research in security. It is important to introduce some reference to the

collaboration between disciplines to take into account the different perspectives.

Conclusion: Security Challenges in a

fully connected World

15

Thanks

Antonio F. Skarmeta

<skarmeta@um.es>

University of Murcia (UMU)

SPAIN