Challenge-response trust assessment model for personal space IoT

© 2016 IEEE. Internet of Things (IoT) embraces the interconnection of identifiable devices that are capable of providing services through their cooperation. The cooperation among devices in such an IoT environment often requires reliable and trusted participating members in order to provide useful services to the end user. Consequently, an IoT environment or space needs to evaluate the trust levels of all devices in contact before admitting them as members of the space. Existing trust evaluation models are based on resources such as historical observations or recommendations information to evaluate the trust level of a device. However, these methods fail if there is no existing trust resource. This paper introduces a specific IoT environment called personal space IoT and proposes a novel trust evaluation model that performs a challenge-response trust assessment to evaluate the trust level of a device before allowing it to participate in the space. This novel challenge-response trust assessment model does not require the historical observation or previous encounter with the device or any existing trusted recommendation. The proposed challenge-response trust assessment model provides a reliable trust resource that can be used along with other resources such as direct trust, recommendation trust to get a comprehensive trust opinion on a specific device. It can also be considered as a new method for evaluating the trust value on a device

Initial trust establishment for personal space IoT systems

University of Technology Sydney. Faculty of Engineering and Information Technology.Internet of Things (IoT) is becoming a reality with innovative applications, and IoT platforms have been developed to transfer technologies from research to business solutions. With IoT applications, we have greater control over personal devices and achieve more insights into the resource consumption habits; business processes can be streamlined; people are also better connected to each other. Despite the benefits derived from the IoT systems, users are concerned about the trustworthiness of their collected data and offered services. Security controls can prevent user’s data from being compromised during transmission, storage or unauthorized access, but do not provide a guarantee against the misbehaved devices that report incorrect information and poor services or avoid conducting a common task. Establishing trust relationship among devices and continuously monitoring their trust is the key to guarantee a reliable IoT system and hence mitigate user’s concerns. In this dissertation, we propose and investigate a novel initial trust establishment architecture for personal space IoT systems. In the initial trust establishment architecture, we propose a trust evidence generation module based on a challenge-response mechanism to generate the trust evidence relying on the device’s responses to the challenges, a trust knowledge assessment module to obtain the knowledge about the device from the generated trust evidence, and a trust evaluation scheme to quantify the initial trust level of the devices. We design and investigate a challenge-response information design to determine feasible designs of the challenge-response mechanism that ensure meaningful and related trust knowledge about the device’s trustworthiness captured from the challenge-response operations. A new trust-aware communication protocol is designed and implemented by incorporating the proposed initial trust establishment architecture into existing Bluetooth Low Energy (BLE) protocol to demonstrate the feasibility and efficiency of the proposed initial trust establishment architecture in practice. In this work, we first study building blocks and possible architectures of the IoT and analyze key requirements of an IoT system. Based on the analysis, we identify the critical role of the initial trust establishment model and the challenges of establishing initial trust in IoT systems due to the lack of knowledge for the trust assessment to work. To address the challenges, we propose a novel initial trust establishment architecture that can generate trust evidence for assessing the initial trust level of new devices by conducting challenge-response operations within a limited time window before they are admitted to the system. We propose three new initial trust establishment models based on the proposed architecture. An implicit relationship between the responses and the challenges is assumed for the system to judge the initial trustworthiness of the devices. The first model assesses the initial trust value based on a probability associated with the device’s behavior captured from the challenge-response process. The second model investigates the initial trust value based on a binary outcome set, and the third model quantifies the initial trust level based on a multiple-component outcome set from the challenge-response process. Subsequently, we propose the challenge-response information design where the challenge-response process is investigated and designed to determine the information space of the challenger’s view on its environment so that the challenge can invite relevant responses from the target environment. Based on the design of the challenge-response mechanism, the system can capture meaningful trust knowledge about the devices from challenge-response operations at their admission phase. We finally design and implement the initial trust-aware BLE protocol which incorporates the proposed initial trust establishment architecture into the existing BLE protocol. The simulation results show the efficiency, feasibility, and dependability of using initial trust-aware BLE protocol for building a trustworthy personal space IoT systems. The novelty of this research lies in assessing the devices’ initial trust level within a limited time window, before their admission to the personal space IoT system, without requiring prior experience or recommendations. The major contribution of this thesis is that it helps the IoT business solution providers to build secure and trustworthy IoT systems by admitting dependable devices, monitoring the trust of admitted devices, detecting maligned devices, and building long-term trust among. As a result, it mitigates the user’s concerns about the trustworthiness of IoT systems and encourages broader adoption of IoT applications

Initial trust establishment for personal space IoT systems

© 2017 IEEE. Increasingly, trust has played a crucial role in the security of an IoT system from its inception to the end of its lifecycle. A device has to earn some level of trust even before it is authenticated for admission to the system. Furthermore, once the device is admitted to the system, it may behave maliciously over time; hence its behavior must be evaluated constantly in the form of trust to ensure the integrity of the system. Currently, no mechanism exists to establish an initial trust on a device, without prior knowledge, before its admission to an IoT system. Even when trust is applicable, trust evaluation models require direct/indirect observations over time, historical data on past encounters, or third party recommendations. However, this type of past data is not available in the first encounter between the system and the device. The question is how to establish whether a device can be trusted to a level that merits further evaluation for admission into a mobile and dynamic IoT system when it encounters the system for the first time? This paper addresses this challenge by proposing a challenge-response method and a trust assessment model to establish, without prior knowledge, the initial trust that a device places on another in a mobile and dynamic environment called personal space IoT. The initial trust is established before further interaction can take place and under the assumption that only a limited window of time is available for the trust assessment. The paper describes and evaluates the proposed model theoretically and by simulation. It also describes a practical scheme for realizing the proposed solution

The future of Cybersecurity in Italy: Strategic focus area

This volume has been created as a continuation of the previous one, with the aim of outlining a set of focus areas and actions that the Italian Nation research community considers essential. The book touches many aspects of cyber security, ranging from the definition of the infrastructure and controls needed to organize cyberdefence to the actions and technologies to be developed to be better protected, from the identification of the main technologies to be defended to the proposal of a set of horizontal actions for training, awareness raising, and risk management

Designing the Health-related Internet of Things: Ethical Principles and Guidelines

The conjunction of wireless computing, ubiquitous Internet access, and the miniaturisation of sensors have opened the door for technological applications that can monitor health and well-being outside of formal healthcare systems. The health-related Internet of Things (H-IoT) increasingly plays a key role in health management by providing real-time tele-monitoring of patients, testing of treatments, actuation of medical devices, and fitness and well-being monitoring. Given its numerous applications and proposed benefits, adoption by medical and social care institutions and consumers may be rapid. However, a host of ethical concerns are also raised that must be addressed. The inherent sensitivity of health-related data being generated and latent risks of Internet-enabled devices pose serious challenges. Users, already in a vulnerable position as patients, face a seemingly impossible task to retain control over their data due to the scale, scope and complexity of systems that create, aggregate, and analyse personal health data. In response, the H-IoT must be designed to be technologically robust and scientifically reliable, while also remaining ethically responsible, trustworthy, and respectful of user rights and interests. To assist developers of the H-IoT, this paper describes nine principles and nine guidelines for ethical design of H-IoT devices and data protocols

In Things We Trust? Towards trustability in the Internet of Things

This essay discusses the main privacy, security and trustability issues with the Internet of Things

Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

Internet of robotic things : converging sensing/actuating, hypoconnectivity, artificial intelligence and IoT Platforms

The Internet of Things (IoT) concept is evolving rapidly and influencing newdevelopments in various application domains, such as the Internet of MobileThings (IoMT), Autonomous Internet of Things (A-IoT), Autonomous Systemof Things (ASoT), Internet of Autonomous Things (IoAT), Internetof Things Clouds (IoT-C) and the Internet of Robotic Things (IoRT) etc.that are progressing/advancing by using IoT technology. The IoT influencerepresents new development and deployment challenges in different areassuch as seamless platform integration, context based cognitive network integration,new mobile sensor/actuator network paradigms, things identification(addressing, naming in IoT) and dynamic things discoverability and manyothers. The IoRT represents new convergence challenges and their need to be addressed, in one side the programmability and the communication ofmultiple heterogeneous mobile/autonomous/robotic things for cooperating,their coordination, configuration, exchange of information, security, safetyand protection. Developments in IoT heterogeneous parallel processing/communication and dynamic systems based on parallelism and concurrencyrequire new ideas for integrating the intelligent “devices”, collaborativerobots (COBOTS), into IoT applications. Dynamic maintainability, selfhealing,self-repair of resources, changing resource state, (re-) configurationand context based IoT systems for service implementation and integrationwith IoT network service composition are of paramount importance whennew “cognitive devices” are becoming active participants in IoT applications.This chapter aims to be an overview of the IoRT concept, technologies,architectures and applications and to provide a comprehensive coverage offuture challenges, developments and applications