Internet of Things (IoT) Security Reference Architecture
Security architecture for enterprise systems has been well-studied over time, with reference to several existing frameworks and guidelines. But thus far, there is not enough literature for IoT systems to understand the complete security requirements and to study different security models. To deep dive into the nature of security problems in IoT systems, it is important to understand the basic characteristics of IoT systems in comparison and in contrast with traditional enterprise IT infrastructure.
IoT system architecture models proposed till date are mainly evolved from enterprise system architecture with adaptation to inherent features of IoT devices. As such, they typically focus on the network and device perspectives of IoT systems. In our work, we focused on the critical activities performed in different parts of an IoT system which may influence or have significant impact on the security of the entire system. We designed and developed the Activity-Network-Things (ANT) centric security reference architecture to assist a modular understanding of the security requirements and commensurate control measures in IoT systems.
We expect our security reference architecture framework to initiate conversation and foster a common denominator for understanding IoT security requirements among practitioners and stakeholders in this space. This could potentially be a stepping-stone towards the development of IoT security industry ecosystem.
- Professionals who focus on application systems and business logic design can make use of this security reference to tailor security recommendations.
- Manufacturers of IoT devices who lack access to security expertise can use the reference architecture to design the security features for devices.
- Government agencies or business organisations who have responsibilities related to designing and integration of IoT systems.
- IoT developers who want to design, develop and deploy secure IoT products and systems. Examples of developers include solution architects, programmers, manufacturers and system integrators etc.
- IoT service providers who need to roll-out, configure, operate, maintain and de-commission IoT systems securely. Examples of providers include network operators, platform providers, data analysts and service delivery managers etc.
- Users who want to procure or engage in interactions with IoT systems. For system interactions, IoT users can be either human or software agents.
- Discussion on security challenges for the deployment of large scale IoT applications like in smart cities;
- Discussion on methodologies for performing risk analysis based on standard practices;
- Discussion on the fundamental perspectives in designing security reference architectures;
- Identification of generic “critical activities” in IoT systems based on Activity-centric view;
- Design of generic IoT security reference architecture in line with standards and best practices;
- Categorization of High-Medium-Low security levels for appropriate control measures in IoT;
- Guidelines to tailor security recommendations based on impacts identified through risk assessment;
Zero Trust Principle: The distributed, open and porous nature of IoT fabric does not allow valid assumptions to be made on the operating environment of IoT systems. As such, the zero-trust principle becomes a key tenet in securing IoT applications. The proposed IoT security reference architecture design is therefore based on an Open system model with security features being driven by the underlying principle of zero trust.
Activity-centric view: Represents the context of system components important to understand for end-to end security implementation and helps in identification of nodes vis-à-vis activities where sensitive IoT application data are stored and processed.
IoT systems cannot depend on constant system integrity of individual connected devices to ensure the ongoing integrity of the whole system. Individual devices might be compromised but the system should still function properly, if the number of compromised devices is within a predetermined threshold. It is thus important to identify areas of the system which, if compromised, will lead to negative impacts on the entire system.
For brevity, we define such areas as “critical nodes” (and activities performed on these nodes are referred to as “critical activities”) of the system and recommend special attention to the protection of the proper functioning of these nodes and activities.
Network-centric view: Represents a communication framework of the IoT system. This view helps in the risk assessment and supplements information pertinent to the identification of critical activities.
Things-centric view: Represents the features of the physical things used in the IoT system. This view helps in understanding the inherent features of the heterogeneous things which helps to understand the capabilities in terms of security implementation. This view also supplements information pertinent to the critical nodes.
Resources
Click here to download the Internet of Things (IoT) Security Reference Architecture Full Report