Operational Security Mechanisms in IoT Environment

Operational Security Mechanisms in IoT Environment
Slide Note
Embed
Share

Lead OdinS and contributors aim to develop protocols for infrastructure monitoring and data handling compliance. They focus on fine-grained access control, data minimization, and attribute-based encryption for enhanced security. The project integrates privacy-preserving solutions and access control mechanisms to protect against threats and ensure secure communications.

  • Security
  • IoT
  • Data Handling
  • Privacy
  • Access Control
hond_lla
hond_lla Follow

Uploaded on Mar 17, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Plug-N-Harvest WP3 - TASK 3.4: OPERATIONAL SECURITY MECHANISMS ORGANIZATION: ODIN SOLUTIONS/ODINS PRESENTER(S): ANTONIO SKARMETA MEETING: KICKOFF MEETING, AACHEN, 21-22 SEPTEMBER 2017 PLUG-N-HARVEST ID: 768735 - H2020-EU.2.1.5.2. March 17, 2025 1

  2. Task 3.4 Operational Security Mechanisms Lead OdinS Contributors: CERTH, SIEMENS, ETRA Develop protocols attest and monitor the infrastructure and correct handling of data according to the given policy. Defining fine-grained access control for privacysensitive data, providing tools for allow a user-centric approach, allowing user the access policy Integration of data minimization techniques to control de level and exposition of certain attributes and/or data generated by smart devices will be envisaged. Attribute-based encryption (ABE) schemes for fine-grained access control without a lengthy user authorization process and its integration with minimal disclosure technologies How content-centric security can be applied to data and information to provide end-to-end security, but in such a way that it minimises the exposure of such data PLUG-N-HARVEST ID: 768735 - H2020-EU.2.1.5.2. 2

  3. Main Security and Privacy aspects Protect infrastructure elements for possible threats: Securre communications and Access control mechanism integration with the ADBE and IMCS/OEMS solutions Integrated authorization mechanism XACML Policies based to specify privacy policies on structural models describing both users and applications properties; a distributed access control model based on capabilities tokens will be provided to manage the authorization access; Privacy preserving solutions a privacy-preserving identity management solution to be linked with the IdM framework a privacy preserving group communication solution based on CP-ABE. PLUG-N-HARVEST ID: 768735 - H2020-EU.2.1.5.2. 3

  4. IoT at glance Data s producer to be sent through intermediate nodes until they are received by consumers Platform Producers data The challenge is to guarantee S&P between producer(s) and consumer(s) Gateway Producers data Producers data Device Producer Consumer

  5. The problem To guarantee producer-to-consumer (end-to-end) S&P, so the crypto approach must take into account: Performance: to be accommodated (even) in devices with resource constraints IETF RFC 7228: Terminology for Constrained-Node Networks It is not about to fit crypto in constrained devices at any price: For example, how often will be required a certain crypto algorithm to be performed?

  6. Addressing IoT Security and Privacy challenges Architectural Challenges IoT under constant (r)evolution the consequence is a fragmented landscape of solutions and technologies Need for defining architectures abstracting from underlying technologies Increasing interest from different standardization organizations AIOTI WG03 High Level Architecture (HLA) IEEE (P2413) Standard for an Architectural Framework for the IoT oneM2M Functional Architecture ITU-T (Y.2060) Overview of the Internet of Things ITU-T (SG20) IoT and its applications including Smart cities and communities IoT-A Recent European iniatives (SENSEI, BUTLER, ) addressing specific use case or scenarios based on architectures at different abstraction levels Security and Privacy are not considered as first-class components

  7. Addressing IoT Security and Privacy challenges Technical Challenges From Privacy Support of privacy directives (GDPR) and Privacy By Design (PbD) principles From Security Extension for identity management schemes to smart objects Support for minimal or selective PII disclosure Fine-grained delegation-based access control and simplified key management User control on data sharing or outsourcing of PII Preservation of security properties on resource-constrained devices (E2E security) Scalability Flexibility Interoperability

  8. Flexible and Lightweight Authorization for IoT Motivation Current approaches, (e.g. OAuth 2.0), mainly focused on Web scenarios and bearer tokens lack Proof-of-Possession (PoP) mechanisms Solution: Distributed Capability-Based Access Control (DCapBAC) Foundations SPKI Certificate Theory binding access rights to a public key ZBAC, Policy Machine from NIST Design Authorization token following a similar semantics to JSON Web Tokens (JWTs), but: Including access rights as <action, resource> pairs associated to a cryptographic key Conditions to be verified by the enforcer Use of technologies for IoT (e.g. CoAP, DTLS, ECC) Integration with XACML and PoP mechanisms for privacy-preserving purposes

  9. Access Control in the IoT Motivation Lack of inclusive approaches going beyond authorization covering authentication, identity management or group management aspects Direct access vs Platform-based access Infrastructure Consumer Platform Producer Consumer

  10. Flexible and LightweightAuthorization for IoT DCapBAC extended scenario (client initiated) Infrastructure Authorization Service Policy 4. Get Policies 1. Define Policies Resource Owner Administration Point (PAP) 3. Evaluate Access Capability Manager Policy Decision Point (PDP) 5. Policy Evaluation 6. PERMIT Decision 7. DCapBAC 2. Request Token Token 8. DCapBAC Token + proof 9. Evaluate Token and proof Resource Server (Producer) Client (Consumer) 10. Resource Authentication Credential

  11. Integration with dynamic and privacy-preserving aspects Motivation Use of the public key within the token prevents C s privacy to be preserved Need for PoP mechanisms that support minimal disclosure Solution Use of partial identities as a subset of attributes from the whole identity Binding privileges to a partial identity Access rights of DCapBAC tokens associated to a partial identity (or pseudonym) Instantiation through different cryptographic schemes (based on challenge-response) IBE: the key is associated to the pseudonym within the token CP-ABE: key s attributes to satisfy the partial identity Anonymous credentials (Idemix): based on a proof derived from the anonymous credential

  12. Security and Privacy Framework for the IoT Infrastructure Security 4.6. authz token Operation Performing tasks for which it was manufactured Pair operation vs Group operation KEM Authorization 6.1. owner identity 4.7. authz token 4.5. complete/ partial identity verified 4.4. partial identity verification IdM Authentication - Operation-Pair - Operation-Group 4.3. complete/partial identity Pair operation Enabled by authorization credentials obtained through the infrastructure Instantiation based on DCapBAC tokens and privacy-preserving proof of possession Smart Object (Consumer) Smart Object (Producer) Security Security 4.8. complete/partial identity IdM Authentication Authentication IdM 4.9. partial identity verification 4.2. partial identity 4.10. complete 4.2. complete identity identity KEM KEM 4.1. context 5.4. group 5.1. group data key key 5.3 outsourced encrypted data 5.2. context data Context Manager Group Manager Group Manager Context Manager Group operation Instantiation based on CP-ABE 4.11. authz token context data context data 4.14. 4.13. 4.12. authz token T&R Authorization Authorization T&R 4.16. producer T&R score 4.15. consumer T&&R score

  13. Use Case 24/02/2017 FINAL REVIEW

Related


The IoT World Forum Standardized Architecture Overview

The IoT World Forum Standardized Architecture Overview

zaniyah
Tektronix Technologies- Internet of Things (IOT) Across UAE

Tektronix Technologies- Internet of Things (IOT) Across UAE

Syed4
DoS Detection for IoT Networks Using Machine Learning: Study Overview

DoS Detection for IoT Networks Using Machine Learning: Study Overview

aqua
Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

Discover the power of IoT with Orangeinfomedia.ca - the leading IoT services com

orangeinfomedia
IoT Privacy and Security in Addis Ababa Workshop 2019

IoT Privacy and Security in Addis Ababa Workshop 2019

kye
IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

IoT Platforms Design Methodology by Dr. Snehlata Barde - Overview

joah
IoT Security Standards and Protocols

IoT Security Standards and Protocols

pandora
Enhancing Railways Operations with IoT Smart Sensors

Enhancing Railways Operations with IoT Smart Sensors

kans455
IoT Data Analytics Architecture for Real-World Use Cases

IoT Data Analytics Architecture for Real-World Use Cases

ksatt
Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

Security Concerns and Future Challenges of Internet Connected Devices in Budva, Montenegro

cyru_4
Smart IoT Lock for Convenient Home Access

Smart IoT Lock for Convenient Home Access

jas_sa
Faster 5G-IoT Interworking Solution and Market Outlook

Faster 5G-IoT Interworking Solution and Market Outlook

ado_zec
Internet of Things (IoT) in Vocational Education

Internet of Things (IoT) in Vocational Education

bro_g
Revolutionizing Energy Conservation with Cloud Computing and IoT

Revolutionizing Energy Conservation with Cloud Computing and IoT

truslow_c
Secure IoT Application Lifecycle Overview

Secure IoT Application Lifecycle Overview

viko563
IoT Value Roadmap and Key Use Cases Across Business Functions

IoT Value Roadmap and Key Use Cases Across Business Functions

ola_b
Overview of IoT Development in Brazil

Overview of IoT Development in Brazil

mbusa
IoT Platform Design Methodology and Specifications

IoT Platform Design Methodology and Specifications

lril
IoIST Data Analytics Platform for IoT Sensor Data

IoIST Data Analytics Platform for IoT Sensor Data

ria_sta
Tanzania IoT Awareness Initiative

Tanzania IoT Awareness Initiative

jorams
A Framework for Measurability of Security

A Framework for Measurability of Security

vreeland_j
IoT/M2M Standards & Regulatory Work

IoT/M2M Standards & Regulatory Work

mruy

More Related Content