A survey on IoT trust model frameworks

Funding for open Access charge: Universidad de Málaga / CBUA This work has been partially supported by the projects: BIGPrivDATA (UMA20-FEDERJA-082) from the FEDER Andaluc’ıa 2014-2020 Program. Moreover, we thank Huawei Technologies for their support

A Trust-by-Design Framework for the Internet of Things

The Internet of Things (IoT) is an environment where interconnected entities can interact and can be identifiable, usable, and controllable via the Internet. However, in order to interact among them, such IoT entities must trust each other. Trust is difficult to define because it concerns different aspects and is strongly dependent on the context. For this reason, a holistic approach allowing developers to consider and implement trust in the IoT is highly desirable. Nevertheless, trust is usually considered among different IoT entities only when they have to interact among them. In fact, without considering it during the whole System Developmente Life Cycle (SDLC) there is the possibility that security issues will be raised. In fact, without a clear conception of the possible threats during the development of the IoT entity, the lack of planning can be insufficient in order to protect the IoT entity. For this reason, we believe that it is fundamental to consider trust during the whole SDLC in order to carefully plan how an IoT entity will perform trust decisions and interact with the other IoT entities. To fulfill this goal, in this thesis work, we propose a trust-by-design framework for the IoT that is composed of a K-Model and several transversal activities. On the one hand, the K-Model covers the SDLC from the need phase to the utilization phase. On the other hand, the transversal activities will be implemented differently depending on the phases. A fundamental aspect that we implement in this framework is the relationship that trust has with other related domains such as security and privacy. Thus we will also consider such domains and their characteristics in order to develop a trusted IoT entity

A two-way trust management system for fog computing

International audienceFog computing is the next frontier of cloud computing since it can compute and store a massive amount of data generated by IoT devices near their sources. Indeed, transmitting all these data to the cloud will take up a huge amount of bandwidth. However, its features and flexibility of deployment make fog computing vulnerable to security and privacy attacks. The high-mobility support, dynamic environment, geographical distribution, location awareness, proximity to end users, and lack of redundancy are among these features that make the existing schemes not adequate to fog computing. Therefore, since trust management ensures security and privacy, we propose a two-way subjective logic-based trust management system that enables a service requester to verify whether a service provider can give reliable and secure services and lets the service provider check the trustworthiness of the service requester. Extensive evaluation of the system shows that the trust value of a node is accurate and converges in a very few trust computation cycles. The solution is also resilient to a large population of misbehaving nodes and it is able to thwart trust-based attacks successfully. Moreover, comparative analysis is made with different modification of the system and two baseline schemes, PeerTrust and EigenTrust. The comparison depicts that the two-way trust management proposals have lower overhead, allow a balanced load distribution, are effective in selecting the right service providers and are more accurate than the conventional one-way trust management systems