IoT Security Model
Since the Internet of Things (IoT) is not a standard, there's no single standardized approach to security. There are multiple IoT reference models defined by various stakeholders including ITU-T, Cisco, Intel, IBM, Microsoft, Symantec, and others. Security is often considered in these reference models. This article looks at some of these security models.
An IoT security model can be seen in two perspectives: (a) In a layered architecture, there's a security layer that spans the entire stack, from the connectivity layer at the bottom to the application layer at the top. (b) In an end-to-end solution, security is implemented at all points, from end devices to network to cloud.
Models provide a formal framework to implement security and evaluate the maturity of those implementations.
Discussion
-
How is security addressed within the IoT Reference Model? For illustration, let's consider Cisco's reference model for security. It's a layered architecture with the lowest layers being device centric and the highest layers being more cloud centric. For control, information flows top to bottom. For monitoring, the flow is opposite. Security is considered at each layer. The lower layers focus on giving secure access to physical hardware while also providing a trusted environment for code execution. At higher layers, the focus is on identity management, authentication, analytics, and so on.
IBM's own model emphasizes the sensor gateway and IoT gateway where security is important. However, it too recognizes that security concerns the entire system. It identifies data security, device security, user security and application security.
Microsoft Azure divides the system into things (IoT devices), insights (data processing in the cloud), and action (business integration and machine learning). Security is a cross-cutting concerns across all three parts. We need secure provisioning of devices, secure connectivity, data protection during processing and storage, and secure user management.
-
How can I apply threat modelling to secure IoT systems? Threat modelling is an approach used in Microsoft Azure. In particular, they classify threats according to STRIDE (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege). A threat could fall under multiple categories at the same time.
When applied to IoT, the process involves modelling the application, enumerating threads, mitigating threats and validating the mitigations. Core elements of the threat model are processes, data stores, data flows, and external entities.
They also recommend partitioning the system into zones, each defined with its own data, authentication and authorization requirements. Typical zones include devices, field gateways, cloud gateways and services. Trust boundaries between zones are where STRIDE threats can occur. Focus must be on application features that are relevant to security and those that touch trust boundaries.
For instance, data going in an out of Azure IoT Hub or Event Hub must be protected at protocol level (eg. HTTP/MQTT/CoAP). At device level, read-only OS partition, signed OS image, strong authentication, memory encryption and Trusted Platform Module (TPM) are needed.
-
What is meant shared security model for IoT? The shared security model looks at IoT security from the perspective of stakeholders and their responsibilities. An IoT system has many components and interfaces. It can be secured only when everyone plays their part.
PTC ThingWorx, which is an IoT cloud platform, has identified the following:
- Product Vendor: Securely test, release, document and support software. Alert customers on vulnerabilities. Train employees on best practices.
- Technology Partners & Systems Integrators: Securely test, release, document and support extensions to the basic product.
- Public Cloud Providers: Provide all elements of cloud security including hardware, software, networking, and access control.
- Administrators: Manage identities and user privileges following the principle of least privilege. Scan networks for malware. Set script timeouts. Configure system in line with security policies.
- Users: Use strong passwords. Regularly update local clients and devices. Avoid navigating to suspicious sites.
- IT Organization: Meet regulatory requirements. Vet third-party software vendors. Train employees on product usage and best practices.
-
I've heard of the IoT trust model. What is it? The IoT trust model is inspired by how trust works in human relationships. When we trust someone, we're confident about their integrity, ability or character. The model asks if we can similarly trust IoT devices, services and data. The challenge with IoT is that a service may depend on a dozen others. Quantifying trust is not trivial, though Trust Network Analysis-Subjective Logic (TNA-SL) is one proposed method.
A trust model allows us to ask questions such as, "Can I rely on devices to defend against viruses? Can devices update themselves? If a device is compromised, do I take it offline or is there a service to do this? How are third parties using my data?"
Trust attributes become useful. A service may be marked as "child-safe". A piece of data may contain "GPS Location" or "Anonymized" attribute.
There's also a human-centric trust model that considers average users, not just system administrators. Users must find it easy to delegate access to devices and data, or determine who can be trusted and for what purposes.
Symantec takes the view that trust is established using cryptography, digital certificates and Certificate Authorities (CAs).
-
How can I evaluate the security maturity level of IoT systems? A maturity model can help determine if current implementations are secure enough. For example, for some IoT devices checking the diagnostic logs may be adequate. For others such as HVAC systems, real-time monitoring and control, and protection against malware are necessary. A maturity model provides a systematic approach to what should be protected, what measures are suitable and to what extent they should be applied.
The Security Maturity Model (SMM) proposed by the Industrial Internet Consortium (IIC) identifies five levels of maturity: Level0 (None), Level1 (Minimum), Level2 (Ad hoc), Level3 (Consistent), and Level4 (Formalized). It also looks at three scope levels: Level1 (General), Level2 (Industry specific), and Level3 (System specific).
At Level1 maturity, at least the goals are defined and basic measures are implemented. At Level2, use cases are identified. At Level3, best practices, standards, regulations and tools are included. At Level4, the entire process is defined. It's useful to note that,
Maturity is about effectiveness, not the arbitrary use of mechanisms.
Milestones
Køien publishes a paper titled Reflections on Trust in Devices: An Informal Survey of Human Trust in an Internet-of-Things Context. He notes that IoT devices are varied and often operate in hostile environments. Neither software nor hardware can be trusted completely. We therefore need security measures to mitigate risks.
Riahi et al. propose a systematic approach to IoT since traditional methods don't consider aspects unique to IoT. Their model considers four entities: persons, processes, intelligent objects, and the technological ecosystem. When these entities interact, there's tension among them. They consider the following tensions: identification/authentication, privacy, trust, safety, responsibility, reliability, and auto-immunity.
NXP proposes a secure distributed manufacturing model that looks at how NXP, OEMs and ODMs can play their part in securing the supply chain. For example, OEMs generate their own salt that even NXP doesn't know but NXP processors will protect this salt. The model aims to streamline security at the chip and device level. The model brings transparency and trustworthiness.
2018
2019
ITU-T publishes the Y.4460 Recommendation, which details an IoT reference model. In fact, it describes three models based on device capability: low processing and low/high connectivity, and high processing and high connectivity. Security is not given due consideration and it's covered in a small paragraph.
2020
The Industrial Internet Consortium (IIC) publishes two white papers describing what it calls the IoT Security Maturity Model (SMM). This is partly based on the Industrial Internet Security Framework (IISF) published by IIC in 2016. The SMM process is iterative and is based on Plan-Do-Check-Act (PDCA) cycle. The process starts with identifying a maturity target, assessing current level of maturity and working towards the target.
References
- Arabsorkhi, Abouzar, Mohammad Sayad Haghighi, and Roghayeh Ghorbanloo. 2016. "A conceptual trust model for the Internet of Things interactions." 8th International Symposium on Telecommunications (IST), IEEE, Septemer 26-28. doi: 10.1109/ISTEL.2016.7881789. Accessed 2021-06-23.
- Black, Rob. 2017. "A ‘common security model’ against typical hazards in the IoT." IoT Now, March 3. Accessed 2021-06-21.
- Byrne, Joseph, Ravi Malhotra, and Geoff Waters. 2017. "IoT Security—Silicon, Software, Manufacturing and Everything In Between." White paper, NXP. Accessed 2021-06-21.
- Carielli, Sandy, Matt Eble, Frederick Hirsch, Ekaterina Rudina, and Ron Zahav. 2020a. "IoT Security Maturity Model (SMM): Description and Intended Use." Version 1.2, White paper, Industrial Internet Consortium, May 5. Accessed 2021-06-24.
- Carielli, Sandy, Matt Eble, Frederick Hirsch, Ekaterina Rudina, and Ron Zahav. 2020b. "IoT Security Maturity Model (SMM): Practitioner’s Guide." Version 1.2, Technial report, Industrial Internet Consortium, May 5. Accessed 2021-06-24.
- Cisco. 2014. "The Internet of Things Reference Model." Draft White Paper, Cisco, June. Accessed 2021-06-23.
- IBM Corporation. 2021. "Internet of Things reference architecture." IBM Cloud - Architecture Center, IBM Corporation. Accessed 2021-06-23.
- ITU-T. 2019. "Y.4460: Architectural reference models of devices for Internet of things applications." ITU-T Recommendation, June. Accessed 2021-06-23.
- Intel. 2015. "Intel® IoT Platform: Architecture Specification." White paper, Intel, November. Accessed 2021-06-23.
- Køien, Geir M. 2011. "Reflections on Trust in Devices: An Informal Survey of Human Trust in an Internet-of-Things Context." Wireless Personal Communications, vol. 61, pp. 495-510. Accessed 2021-06-23.
- Maher, David. 2017. "A human-centric trust model for the Internet of Things." O'Reilly, April 25. Accessed 2021-06-23.
- Microsoft. 2021. "Microsoft Azure IoT Reference Architecture." v2.1.1, Microsoft, April 27. Accessed 2021-06-23.
- Microsoft Docs. 2018. "Internet of Things (IoT) security architecture." Azure, Microsoft, October 9. Accessed 2021-06-23.
- Osterman, Larry. 2007. "Threat Modeling Again, STRIDE." Blog, Microsoft, September 4. Accessed 2021-06-24.
- PTC. 2021. "ThingWorx Shared Security Model." ThingWorx v8.5.15, PTC. Accessed 2021-06-23.
- Riahi, Arbia, Yacine Challal, Enrico Natalizio, Zied Chtourou, and Abdelmadjid Bouabdallah. 2013. "A Systemic Approach for IoT Security." hal-00868362, DCOSS, pp.351-355. doi: 10.1109/DCOSS.2013.78. Accessed 2021-06-21.
- Rudina, Ekaterina. 2019. "Why it’s time to build a security maturity model for the Internet of Things." Blog, Kaspersky, November 27. Accessed 2021-06-21.
- Rudina, Ekaterina, and Evgeny Goncharov. 2019. "The internet of things security maturity model: a nudge for IoT cybersecurity." Kaspersky, August 14. Accessed 2021-06-24.
- Symantec. 2016. "An Internet of ThingsReference Architecture." White paper, Symantec, February. Accessed 2021-06-23.
- dos Santos, Marcela G., Darine Ameyed, Fabio Petrillo, Fehmi Jaafar, and Mohamed Cheriet. 2020. "Internet of Things Architectures: A Comparative Study." arXiv, v1, April 27. Accessed 2021-06-23.
- ioXt Alliance. 2018. "Inaugural ioXt Alliance Summit." ioXt Alliance. Accessed 2021-06-25.
- ioXt Alliance. 2019. "Southern California-based ioXt leads IoT security movement that’s going strong." ioXt Alliance, March 14. Accessed 2021-06-25.
- ioXt Alliance. 2020. "ioXt Pledge." ioXt Alliance, September 23. Accessed 2021-06-25.
Further Reading
- Rudina, Ekaterina, and Evgeny Goncharov. 2019. "The internet of things security maturity model: a nudge for IoT cybersecurity." Kaspersky, August 14. Accessed 2021-06-24.
- Maher, David. 2017. "A human-centric trust model for the Internet of Things." O'Reilly, April 25. Accessed 2021-06-23.
- Microsoft Docs. 2018. "Internet of Things (IoT) security architecture." Azure, Microsoft, October 9. Accessed 2021-06-23.
- Riahi, Arbia, Yacine Challal, Enrico Natalizio, Zied Chtourou, and Abdelmadjid Bouabdallah. 2013. "A Systemic Approach for IoT Security." hal-00868362, DCOSS, pp.351-355. doi: 10.1109/DCOSS.2013.78. Accessed 2021-06-21.
- ioXt Alliance. 2020. "ioXt Pledge." ioXt Alliance, September 23. Accessed 2021-06-25.
Article Stats
Cite As
See Also
- IoT Security
- Tools for IoT Security
- System-on-Chip Security
- Wi-Fi Security
- Network Security
- Cloud Security
Article Warnings
- Readability score of this article is below 50 (46.1). Use shorter sentences. Use simpler words.