A comparative analysis of scalable and context-aware trust management approaches for internet of things

© Springer International Publishing Switzerland 2015. The Internet of Things - IoT - is a new paradigm in technology that allows most physical ‘things’ to contact each other. Trust between IoT devices is a critical factor. Trust in the IoT environment can be modeled using various approaches, such as confidence level and reputation parameters. Furthermore, trust is an important element in engineering reliable and scalable networks. In this paper, we survey scalable and context-aware trust management for IoT from three perspectives. First, we present an overview of the IoT and the importance of trust in relation to it, and then we provide an in-depth trust/reliable management protocol for the IoT and evaluate comparable trust management protocols. We also investigate a scalable solution for trust management in the IoT and provide a comparative evaluation of existing trust solutions. We then pre-sent a context-aware assessment for the IoT and compare the different trust solutions. Lastly, we give a full comparative analysis of trust/reliability management in the IoT. Our results are drawn from this comparative analysis, and directions for future research are outlined

Probabilistic yoking proofs for large scale IoT systems

Yoking (or grouping) proofs were introduced in 2004 as a security construction for RFID applications in which it is needed to build an evidence that several objects have been scanned simultaneously or, at least, within a short time. Such protocols were designed for scenarios where only a few tags (typically just two) are involved, so issues such as preventing an object from abandoning the proof right after being interrogated simply do not make sense. The idea, however, is very interesting for many Internet of Things (IoT) applications where a potentially large population of objects must be grouped together. In this paper we address this issue by presenting the notion of Probabilistic Yoking Proofs (PYP) and introducing three main criteria to assess their performance: cost, security, and fairness. Our proposal combines the message structure found in classical grouping proof constructions with an iterative Poisson sampling process where the probability of each object being sampled varies over time. We introduce a number of mechanisms to apply fluctuations to each object's sampling probability and present different sampling strategies. Our experimental results confirm that most strategies achieve good security and fairness levels while keeping the overall protocol cost down. (C) 2015 Elsevier B.V. All rights reserved.This work was supported by the MINECO Grant TIN2013 46469 R (SPINY: Security and Privacy in the Internet of You)

Trace malicious source to guarantee cyber security for mass monitor critical infrastructure

The proposed traceback scheme does not take into account the trust of node which leads to the low effectiveness. A trust-aware probability marking (TAPM) traceback scheme is proposed to locate malicious source quickly. In TAPM scheme, the node is marked with difference marking probability according to its trust which is deduced by trust evaluation. The high marking probability for low trust node can locate malicious source quickly, and the low marking probability for high trust node can reduce the number of marking to improve the network lifetime, so the security and the network lifetime can be improved in TAPM scheme

Scalable RFID security framework and protocol supporting Internet of Things

Radio-frequency identification (RFID) is seen as one of the requirements for the implementation of the Internet-of-Things (IoT). However, an RFID system has to be equipped with a holistic security framework for a secure and scalable operation. Although much work has been done to provide privacy and anonymity, little focus has been given to performance, scalability and customizability issues to support robust implementation of IoT. Also, existing protocols suffer from a number of deficiencies such as insecure or inefficient identification techniques, throughput delay and inadaptability. In this paper, we propose a novel identification technique based on a hybrid approach (group-based approach and collaborative approach) and security check handoff (SCH) for RFID systems with mobility. The proposed protocol provides customizability and adaptability as well as ensuring the secure and scalable deployment of an RFID system to support a robust distributed structure such as the IoT. The protocol has an extra fold of protection against malware using an incorporated malware detection technique. We evaluated the protocol using a randomness battery test and the results show that the protocol offers better security, scalability and customizability than the existing protocols. © 2014 Elsevier B.V. All rights reserved

Scalable RFID security framework and protocol supporting Internet of Things

Radio-frequency identification (RFID) is seen as one of the requirements for the implementation of the Internet-of-Things (IoT). However, an RFID system has to be equipped with a holistic security framework for a secure and scalable operation. Although much work has been done to provide privacy and anonymity, little focus has been given to performance, scalability and customizability issues to support robust implementation of IoT. Also, existing protocols suffer from a number of deficiencies such as insecure or inefficient identification techniques, throughput delay and inadaptability. In this paper, we propose a novel identification technique based on a hybrid approach (group-based approach and collaborative approach) and security check handoff (SCH) for RFID systems with mobility. The proposed protocol provides customizability and adaptability as well as ensuring the secure and scalable deployment of an RFID system to support a robust distributed structure such as the IoT. The protocol has an extra fold of protection against malware using an incorporated malware detection technique. We evaluated the protocol using a randomness battery test and the results show that the protocol offers better security, scalability and customizability than the existing protocols. © 2014 Elsevier B.V. All rights reserved

«Internet of Things -RFID και προσωπικά δεδομένα : θέματα ασφαλείας και απορρήτου στο διαδίκτυο των πραγμάτων (IoT)»

Διπλωματική εργασία--Πανεπιστήμιο Μακεδονίας, Θεσσαλονίκη, 2019.Η παρούσα διπλωματική εργασία αποτελεί μια μελέτη του Διαδικτύου των Πραγμάτων (IoT), εστιάζοντας στους τομείς εφαρμογής του ,στις νέες ψηφιακές τεχνολογίες και ειδικότερα στα θέματα ασφαλείας και προστασίας προσωπικών δεδομένων που προκύπτουν κατά τη διάρκεια της επέκτασής του. Το Διαδίκτυο των πραγμάτων έχει αλλάξει ραγδαία την καθημερινότητα των ανθρώπων χάριν των ωφελειών που προσφέρουν οι ΙοΤ συσκευές στους διαφόρους τομείς της ζωής τους. Με τη διασύνδεση εκατομμυρίων συσκευών και αντικειμένων στο Διαδίκτυο , στέλνονται και λαμβάνονται χιλιάδες δεδομένα διευκολύνοντας έτσι την επικοινωνία μεταξύ ανθρώπων και συσκευών. Αυτό φυσικά εκτός από οφέλη κρύβει και κινδύνους καθώς η αύξηση των διασυνδεδεμένων συσκευών σε συνδυασμό με τα κενά ασφαλείας που μπορεί να υπάρχουν, δίνουν περισσότερες ευκαιρίες ώστε να πραγματοποιηθούν επιθέσεις και να διαρρεύσουν δεδομένα. Δυστυχώς σε πολλές από τις συσκευές του Διαδικτύου των Πραγμάτων δεν έχουν ληφθεί τα κατάλληλα μέτρα προστασίας ,όπως η κρυπτογράφηση, εξαιτίας της αδυναμίας τους να χρησιμοποιήσουν νέα πρωτόκολλα ασφαλείας ή εξαιτίας των ελλείψεων τους από τους κατασκευαστές τους. Παράλληλα δημιουργούνται και άλλα ζητήματα ως προς την διασφάλιση των Προσωπικών Δεδομένων. Πολλοί χρήστες δεν γνωρίζουν ότι συλλέγονται δεδομένα τους ή ακόμη δεν έχουν δώσει τη συγκατάθεσή τους για την επεξεργασία τους. Πολλά από τα δεδομένα που συλλέγουν οι αισθητήρες μπορούν να εντοπίσουν τους χρήστες και ακόμη και να καταρτίσουν ένα προφίλ για αυτούς. Αυτό συνεπάγεται τη συνεχή παραβίαση του απορρήτου, με αποτέλεσμα να χάνεται κάθε έννοια ιδιωτικότητας. Για την αντιμετώπιση όλων αυτών των κινδύνων απαραίτητη είναι η αναγκαιότητα υιοθέτησης μηχανισμών ασφαλείας. Παράλληλα η Ευρωπαϊκή Νομοθεσία έχει μεριμνήσει για την ασφαλή συλλογή και επεξεργασία προσωπικών δεδομένων στο διαδίκτυο των πραγμάτων. Ως εκ τούτου αντικείμενο αυτής της εργασίας είναι η εισαγωγή στον κόσμο του Διαδικτύου των Πραγμάτων και σε θέματα ασφαλείας και απόρρητου που προκύπτουν ως προς την επεξεργασία προσωπικών δεδομένων. Αρχικά γίνεται μία παρουσίαση των συστημάτων και της έννοιας του Διαδικτύου των Πραγμάτων συνδέοντάς το ταυτόχρονα με τις νέες Ψηφιακές Τεχνολογίες. Εν συνεχεία γίνεται μία εκτενής περιγραφή της τεχνολογίας του ΙοΤ και των RFID συστημάτων, ενώ ακολούθως προβάλλονται οι διάφοροι κίνδυνοι που προκύπτουν στο ΙοΤ. Η επόμενη ενότητα αφορά τις τεχνικές ασφαλείας που μπορούν να εφαρμοστούν στο Διαδίκτυο των Πραγμάτων καθώς και όλα τα απαραίτητα μέτρα για τη διασφάλιση των Προσωπικών Δεδομένων από επιθέσεις . Παράλληλα στο 7ο κεφάλαιο της εργασίας γίνεται μία συγκριτική μελέτη για τη διασφάλιση των προσωπικών δεδομένων σε τέσσερις Έξυπνες Ευρωπαϊκές πόλεις (Smart Cities). Κατόπιν, το 8ο κεφάλαιο εστιάζει στα προβλήματα προστασίας που προκύπτουν από την επεξεργασία προσωπικών δεδομένων στα συστήματα του διαδικτύου των πραγμάτων και τέλος, το τελευταίο κεφάλαιο δίνει έμφαση στη σημαντικότητα των αρχών της Ευρωπαϊκής νομοθεσίας για την προστασία των προσωπικών δεδομένων, μέσω του Γενικού Κανονισμού Προστασίας Δεδομένων 2016/679, της γνωμοδότησης 8/2014 καθώς και λοιπών Ευρωπαϊκών οδηγιών και νόμων

Organisational factors in RFID adoption, implementation, and benefits

This study investigates the impact of organisational and technological factors within pre-adoption, implementation, and post-implementation phases of RFID system deployment. In the pre-adoption phase, the study examines factors that drive and hinder organisations’ decision to adopt RFID. In the implementation phase, the study investigates the impact of organisational factors (business size, strength of culture, and business process re-engineering) on influencing the implementation processes of RFID. In the post-implementation phase, the study investigates how the benefits derived from RFID implementation interact with organisational factors (business size, strength of culture, and business process re-engineering) and RFID-related factors (product unit level of tagging, RFID implementation stage, and organisational pedigree in RFID). This study was motivated by the lack of (i) an advisory framework which considers quantifiable firm characteristics and the costs and benefits of implementing RFID, in yielding advice to guide decisions on RFID adoption, and (ii) a framework that covers the complete processes of RFID project deployment (from adoption decision to benefits derived) in yielding advice to guide decisions on RFID adoption. This study is achieved using a two-phase research approach: questionnaire survey of organisations that have adopted or plan to adopt RFID and case studies of organisations that have integrated RFID into their business processes. In addition, a thorough review of existing literature on RFID in different industrial settings was conducted. The key findings from the study indicate that RFID adoption is driven by factors from technological, organisational and environmental contexts and that the adoption, implementation and benefits of RFID are influenced by organisational culture strength, business size, and BPR. It was found that strong cultures, organisational size and BPR are all positively correlated with RFID adoption decisions, implementation and benefits. Potential contribution towards the existing body of knowledge is through highlighting the significance of organisational culture strength, business size, and BPR in providing a platform in which RFID will be accepted and implemented successfully to achieve maximum derivable benefits