Security requirements in tradable IoT ecosystems
Juva, Heikki (2018-08-13)
Security requirements in tradable IoT ecosystems
Juva, Heikki
(13.08.2018)
Tätä artikkelia/julkaisua ei ole tallennettu UTUPubiin. Julkaisun tiedoissa voi kuitenkin olla linkki toisaalle tallennettuun artikkeliin / julkaisuun.
Turun yliopisto
Tiivistelmä
The development and popularity of networked devices has been vast enough in the recent decade, that separate field has emerged for embedded networked devices. This field of Internet of Things, or IoT, consists of relatively simple devices operating in the same network. Interoperation of these devices results in large networks of sensors and actuators, that are modularized and easily utilized to perform variety of tasks.
Security in IoT devices has formed into important segment by itself, as researchers have publicly disclosed flaws in implementations of IoT networks, as well as in practices of how companies design these generally low-cost IoT devices. These manufacturers are now forced to change their ways of thinking. This is comparable and also partly overlapping phenomena with the automotive industry being forced to adopt more secure designs, after public disclosure of serious security faults detected in their products. As the number of IoT devices is rapidly increasing and more consumer grade devices are supplied with varying levels of IoT functionality, the topic of security in IoT devices seems to be only getting ever more important.
This thesis proposes the safeguards required in tradable IoT ecosystems, and similar systems where connected and tradable devices have intrinsic value. This thesis presents the security requirements on these systems, as well as presents the design and implementation of cryptographic safeguards that apply to those requirements. These safeguards are then analyzed using industry standards, proving the quality of the presented methods.
The resulting specification of an IoT ecosystem can be applied to general IoT ecosystem, and it is especially applicable to systems where the devices are changing ownership or holdership either via trading or by other means. The specification is intended to be published in public domain, to inspire discourse and critique on the subject. As a long-term plan, the hope is to iterate this design into widely accepted IoT security specification.
Security in IoT devices has formed into important segment by itself, as researchers have publicly disclosed flaws in implementations of IoT networks, as well as in practices of how companies design these generally low-cost IoT devices. These manufacturers are now forced to change their ways of thinking. This is comparable and also partly overlapping phenomena with the automotive industry being forced to adopt more secure designs, after public disclosure of serious security faults detected in their products. As the number of IoT devices is rapidly increasing and more consumer grade devices are supplied with varying levels of IoT functionality, the topic of security in IoT devices seems to be only getting ever more important.
This thesis proposes the safeguards required in tradable IoT ecosystems, and similar systems where connected and tradable devices have intrinsic value. This thesis presents the security requirements on these systems, as well as presents the design and implementation of cryptographic safeguards that apply to those requirements. These safeguards are then analyzed using industry standards, proving the quality of the presented methods.
The resulting specification of an IoT ecosystem can be applied to general IoT ecosystem, and it is especially applicable to systems where the devices are changing ownership or holdership either via trading or by other means. The specification is intended to be published in public domain, to inspire discourse and critique on the subject. As a long-term plan, the hope is to iterate this design into widely accepted IoT security specification.