Societal Model for Securing Internet of Things

Article Sidebar

PDF
Published: Jun 15, 2016
Keywords:
-

Main Article Content

Hiroshi TSUNODA
Tohoku Institute of Technology 35-1, Yagiyama Kasumi-cho, Taihaku-ku, Sendai-shi, Miyagi, 982–8577 JAPAN
Glenn Mansfield KEENI
Cyber Solutions Inc. ICR Bldg, 6-6-3, Minami Yoshinari, Aoba-ku, Sendai-shi, Miyagi, 989–3204 JAPAN

Abstract

From transportation to home and health care, In- ternet of Things (IoT) has penetrated almost every sphere of society. In the IoT concept, devices communicate auto­ nomously to provide services. A significant aspect of IoTs that makes it stand apart from present day networked devices and applications is a) the very large number of devices, produced by diverse makers and used by an even more diverse group of users; b) the applications residing and functioning in what were very private sanctums of life e.g. the car, home and the people themselves. Despite the fact that these devices require high level security, there has not been enough discussion on the security aspects of IoTs. In this paper, we propose a simple security model for IoT, the societal model. The basic concept of the model is borrowed from our human society. In the societal model, members play an important role in maintaining the security for the group. An IoT network mimics a society. IoT devices are members. Behavior of each member generally follows the group’s norms. Abnormal behavior evokes some reaction which includes rejection and/or notification to appropriate authorities. This paper investigates the requirements for realizing secure IoT networks based on the societal model.


 

Article Details

Issue
Vol. 4 No. 1 (2016): January - June
Section
Research Article

 Article Accepting Policy

              The editorial board of Thai-Nichi Institute of Technology is pleased to receive articles from lecturers and experts in the fields of business administration, languages, engineering and technology written in Thai or English. The academic work submitted for publication must not be published in any other publication before and must not be under consideration of other journal submissions.  Therefore, those interested in participating in the dissemination of work and knowledge can submit their article to the editorial board for further submission to the screening committee to consider publishing in the journal. The articles that can be published include solely research articles. Interested persons can prepare their articles by reviewing recommendations for article authors.

             Copyright infringement is solely the responsibility of the author(s) of the article.  Articles that have been published must be screened and reviewed for quality from qualified experts approved by the editorial board.

               The text that appears within each article published in this research journal is a personal opinion of each author, nothing related to Thai-Nichi Institute of Technology, and other faculty members in the institution in any way.  Responsibilities and accuracy for the content of each article are owned by each author. If there is any mistake, each author will be responsible for his/her own article(s).

              The editorial board reserves the right not to bring any content, views or comments of articles in the Journal of Thai-Nichi Institute of Technology to publish before receiving permission from the authorized author(s) in writing.  The published work is the copyright of the Journal of Thai-Nichi Institute of Technology.

 

References

A. L. Edward, “Cyber Physical Systems: Design Challenges,” in 2008 11th IEEE International Symposium on Object and Component-Oriented Real-Time Distributed Computing (ISORC), Orlando, FL, USA, 2008, pp. 363–369.

STAMFORD Conn, “Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020,” newsroom, 2013. [Online]. Available: https://www.gartner.com/newsroom/id/2636073.

M. James, C. Michael, B. Peter, W. Jonathan, D. Richard, B. Jacques, and A. Dan, “Unlocking the potential of the Internet of Things,” McKinsey Global Institute, 2015.

G. Alan, “Can you trust your fridge?,” IEEE Spectrum, vol. 52, no. 3, pp. 50 - 56, 2015.

Internet society, “The Internet of Things (IoT): An Overview,” internet society, 2015. [Online]. Available: https://www.internetso-ciety.org/sites/default/files/ISOC-IoT-Overview-20151221-en.pdf.

Open Web Application Security Project (OWASP), “Top 10 IoT Vulnerabilities (2014),” 2015. [Online]. Available: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014).

Hewlett packard enterprise, “Internet of things research study,” 2015. [Online]. Available: https://www8.hp.com/h20195/V2/GetPDF. aspx/4AA5-4759ENW.pdf.

P. P. Yin Minn, S. Shogo, Y. Katsunari, and M. Tsutomu, “IoTPOT: Analysing the Rise of IoT Compromises,” presented at the 9th USENIX Workshop on Offensive Technologies (WOOT 15), Wash-ington, D.C., 2015.

G. Andy, “This Gadget Hacks GM Cars to Locate, Unlock, and Start Them (UPDATED),” Wired, 2015. [Online]. Available: https://www. wired.com/2015/07/gadget-hacks-gm-cars-locate-unlock-start/.

G. Andy, “Hackers Remotely Kill a Jeep on the Highway-With Me in It,” Wired, 2015. [Online]. Available: https://www.wired. com/2015/07/hackers-remotely-kill-jeep-highway/.

H. Troy, “Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs,” 2016. [Online]. Available: https://www.troyhunt.com/controlling-vehicle-features-of-nissan/.

R. Jerome, “Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA System,” 2011. [Online]. Available: https://media.blackhat.com/bh-us-11/Radcliffe/BH_US_11_Radcliffe_ Hacking_Medical_Devices_WP.pdf.

K. Stamatis, “Stuxnet worm impact on industrial cyber-physical system security,” in IECON 2011 - 37th Annual Conference on IEEE Industrial Electronics Society, Crown Conference Centre Melbourne, Vic, Australia, 2011, pp. 4490–4494.

P. Jose, “Scary questions in Ukraine energy grid hack,” CNN Money, 2016. [Online]. Available: https://money.cnn.com/2016/01/18/ technology/ukraine-hack-russia/.

C. Bormann, K. Hartke, and Z. Shelby, “The Constrained Applica¬tion Protocol (CoAP),” RFC 7252, 2014. [Online]. Available: https:// tools.ietf.org/html/rfc7252.

International Business Machines Corporation (IBM) and Eurotech, “MQTT V3.1 Protocol Specification,” 2010. [Online]. Available: https://public.dhe.ibm.com/software/dw/webservices/ws-mqtt/mqtt¬v3r1.html.

R. Gerhards, “The Syslog Protocol,” RFC 5424, 2009. [Online]. Available: https://tools.ietf.org/html/rfc5424.

IETF Datatracker, “Security Issues in Network Event Logging (syslog),” 2016. [Online]. Available: https://datatracker.ietf.org/wg/syslog/charter/.

F. Miao, Y. Ma, Huawei Technologies, J. Salowey, and Cisco Systems, Inc., “Transport Layer Security (TLS) Transport Mapping for Sys¬log,” RFC 5425, 2009. [Online]. Available: https://tools.ietf.org/ html/rfc5425.

A. Okmianski and Cisco Systems, Inc., “Transmission of Syslog Messages over UDP,” RFC 5426, 2009. [Online]. Available: https:// tools.ietf.org/html/rfc5426.

J. Salowey, Cisco Systems, Inc., T. Petch, Engineering Networks Ltd, R. Gerhards, H. Feng, and Huaweisymantec Technologies, “Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog,” RFC 6012, 2010. [Online]. Available: https://tools.ietf. org/html/rfc

J. Kelsey, NIST, J. Callas, PGP Corporation, A. Clem, and Cisco Systems, “Signed Syslog Messages,” RFC 5848, 2010. [Online]. Available: https://tools.ietf.org/html/rfc5848.

G. Keeni and Cyber Solutions Inc., “Textual Conventions for Syslog Management,” RFC 5427, 2009. [Online]. Available: https://tools. ietf.org/html/rfc5427.