Blockchain-enhanced Roots-of-Trust

Establishing a root-of-trust is a key early step in establishing trust throughout the lifecycle of a device, notably by attesting the running software. A key technique is to use hardware security in the form of specialised modules or hardware functions such as TPMs. However, even if a device supports such features, other steps exist that can compromise the overall trust model between devices being manufactured until decommissioning. In this paper, we discuss how blockchains, and smart contracts in particular, can be used to harden the overall security management both in the case of existing hardware enhanced security or when only software attestation is possible

Review of Networking and Tangible Security Techniques for Domestic IoT Devices and Initial Ideas

The number of connected devices including Internet of Things (IoTs) on the Internet is growing fast. According to recent Gartner research, the estimated number of IoT devices is 5.8 billion in 2020 (Gartner, 2019). The countries that are leading the way to IoT deployment include North America, Western Europe and China (Kandaswamy and Furlonger, 2018). By 2024, the number of Machine-2-Machine (M2M) connections between these devices are expected to reach 27 billion in 2024 (Kandaswamy and Furlonger, 2018). This growth in M2M connectivity is expected to result from wide range of application areas such as smart cities, smart infrastructure, smart energy among many others (Hassija et al., 2019).This wide spread of IoTs has sparked significant research interest to understand various implications (Airehrour et al., 2016; Neshenko et al., 2019; Hassija et al., 2019). IoTs enable the integration between many objects in our daily life (Aazam et al., 2016; Alaba et al., 2017) such as sensors, objects, wearable devices and other types of machines. IoT devices are capable of communicating directly with one another and sharing data without direct human intervention (Crabtree et al., 2018). These “things” could be any traditional objects such as home appliance (e.g. microwave, fridge) or tiny sensor (e.g. humidity or health sensors). The devices are capable of constant collections of various sensitive and personal data about many aspect of our lives due to its pervasive deployment (Ren et al., 2019).This paper provides an overview of the literature relating to securing IoT with an emphasis on usability from a user perspective as well as approaches to securing access to these devices over the Internet. Although IoT deployment occurs in various settings, i.e. industrial IoT deployment, we mainly focus in this paper on private residential home deployment (i.e. consumer IoTs). We assume that in such settings, users are mostly not experts in security IoT or the underlying networking principles.This paper is organized as follows: section II discusses various protocols and networking security tools (e.g. firewall and Virtual Private Network (VPN)). Section II-D discusses various approaches to simplify cyber-security by using user-centred approaches. In section III, we present a number of existing including enterprise-grade solutions that could be adopted to secure remote access to IoT devices in domestic settings

Defining the Behavior of IoT Devices through the MUD Standard: Review, Challenges, and Research Directions

With the strong development of the Internet of Things (IoT), the definition of IoT devices' intended behavior is key for an effective detection of potential cybersecurity attacks and threats in an increasingly connected environment. In 2019, the Manufacturer Usage Description (MUD) was standardized within the IETF as a data model and architecture for defining, obtaining and deploying MUD files, which describe the network behavioral profiles of IoT devices. While it has attracted a strong interest from academia, industry, and Standards Developing Organizations (SDOs), MUD is not yet widely deployed in real-world scenarios. In this work, we analyze the current research landscape around this standard, and describe some of the main challenges to be considered in the coming years to foster its adoption and deployment. Based on the literature analysis and our own experience in this area, we further describe potential research directions exploiting the MUD standard to encourage the development of secure IoT-enabled scenarios

Holistic security 4.0

The future computer climate will represent an ever more aligned world of integrating technologies, affecting consumer, business and industry sectors. The vision was first outlined in the Industry 4.0 conception. The elements which comprise smart systems or embedded devices have been investigated to determine the technological climate. The emerging technologies revolve around core concepts, and specifically in this project, the uses of Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Everything (IoE). The application of bare metal and logical technology qualities are put under the microscope to provide an effective blue print of the technological field. The systems and governance surrounding smart systems are also examined. Such an approach helps to explain the beneficial or negative elements of smart devices. Consequently, this ensures a comprehensive review of standards, laws, policy and guidance to enable security and cybersecurity of the 4.0 systems