HIPSTER Project - State of the Art:Technical Report

Health IoT (HIoT) software offers thorny and complex security, privacy and safeguarding (SPS) problems and requirements, with huge potential impact. The HIPSTER project aims to help development teams in the Small-to-Medium Enterprise community, incorporating background information from cyber threat and risk intelligence to create a cost-effective intervention to support decision making around such threats and requirements. This report outlines the approach we plan to use and explores the academic ‘state of the art’ literature around the project. It concludes that the areas of novelty for the project are in finding ways to make risk data meaningful and palatable for software development teams; and in finding objective sources of such security and privacy information for this domain. To support readers in using the literature referenced, all citations and bibliography entries in this document have hyperlinks to the corresponding sources

A Lightweight Attribute-Based Access Control System for IoT.

The evolution of the Internet of things (IoT) has made a significant impact on our daily and professional life. Home and office automation are now even easier with the implementation of IoT. Multiple sensors are connected to monitor the production line, or to control an unmanned environment is now a reality. Sensors are now smart enough to sense an environment and also communicate over the Internet. That is why, implementing an IoT system within the production line, hospitals, office space, or at home could be beneficial as a human can interact over the Internet at any time to know the environment. 61% of International Data Corporation (IDC) surveyed organizations are actively pursuing IoT initiatives, and 6.8% of the average IT budgets is also being allocated to IoT initiatives. However, the security risks are still unknown, and 34% of respondents pointed out that data safety is their primary concern [1]. IoT sensors are being open to the users with portable/mobile devices. These mobile devices have enough computational power and make it di cult to track down who is using the data or resources. That is why this research focuses on proposing a dynamic access control system for portable devices in IoT environment. The proposed architecture evaluates user context information from mobile devices and calculates trust value by matching with de ned policies to mitigate IoT risks. The cloud application acts as a trust module or gatekeeper that provides the authorization access to READ, WRITE, and control the IoT sensor. The goal of this thesis is to offer an access control system that is dynamic, flexible, and lightweight. This proposed access control architecture can secure IoT sensors as well as protect sensor data. A prototype of the working model of the cloud, mobile application, and sensors is developed to prove the concept and evaluated against automated generated web requests to measure the response time and performance overhead. The results show that the proposed system requires less interaction time than the state-of-the-art methods