Recent developments in the cloud technologies have motivated the migration of distributed large systems, specifically the Internet of Things to the cloud architecture. Since Internet of Things consist of a vast network and variety of objects, the cloud platform proves to be an ideal option. It is essential for the proper functioning of the Internet of Things to be able to share data among the system processes. The biggest problem faced during the transition of the IoTs to the cloud is the security of data especially while data sharing within the cloud and among its tenants. Information Flow Control mechanisms are one of the many solutions to enable a controlled sharing of data.Integration of Information Flow Control Systems to the existing architecture requires various levels of re-engineering efforts. Moreover, most of the Information Flow Control systems focus on data flow within the cloud and neglect the security and integrity of data while it is being transferred to the cloud from various devices. This research focuses on securing the entire process of data migration to cloud from devices while the in-cloud data flow is monitored by the Information Flow Control policies specified by the users. We have developed a prototype for the proposed model, and results are evaluated on the basis of energy consumption and execution time. As proposed model provides security services such as privacy, integrity, and authentication, hence it takes more execution time and consumes more energy as compared with the existing model. KEYWORDS cloud computing, information flow control, IoT, privacy, security 1 INTRODUCTION Internet of Things (IoTs) is the emerging technology that connects numerous smart devices to form a larger system. The interconnected components communicate continuously like a single entity. The resulting systems of IoTs are the smart cities, smart homes, smart grids, intelligent health, transportation facilities, and smart metering. 1 The smart devices in IoTs are equipped with sensors and actuators and provide remote controlled access. The IoTs is based on a widespread network of devices all over the world. 2 For IoTs to function, the system requires intercommunication of processes, storage, and sharing of information. The aforesaid objectives can be achieved by connecting all IoTs devices to a single platform such as cloud. 3 Currently, a major area of research is on the integration of IoTs with cloud computing. The integration of IoTs with the cloud provides a solution to most of the issues of the existing IoTs architecture such as (a) the application can be deployed in a matter of minutes, (b) the device becomes independent of location, (c) information can be shared with a variety of audience who has permission to access the resource anytime and anywhere, and (d) data sharing among the tenants is easy. 4,5The integration of IoTs with cloud raises some other concerns. 4 The existing issues are providing secure communications, identification, and manipulation of sensitive data, provider-based security against...
The vulnerabilities in deployed IoT devices are a threat to critical infrastructure and user privacy. There is ample ongoing research and efforts to produce devices that are secure-by-design. However, these efforts are still far from translation into actual deployments. To address this, worldwide efforts towards IoT device and software certification have accelerated as a potential solution, including UK's IoT assurance program, EU Cybersecurity Act and the US executive order 14028. In EU, the Cybersecurity Act was launched in 2019 which initiated the European cybersecurity certification framework for Internet and Communications Technology (ICT). The heterogeneity of the IoT landscape with devices ranging from industrial to consumer, makes it challenging to incorporate IoT devices in the certification framework or introduce a European cybersecurity certification scheme solely for IoT. This paper analyses the cybersecurity certification prospects for IoT devices and also places article 54 of the EU Cybersecurity Act in an international perspective. We conducted a comparative study of existing IoT certification schemes to identify potential gaps and extract requirements of a candidate IoT device security certification scheme. We also propose an approach that can be used as a template to instantiate an EU cybersecurity certification scheme for IoT devices. In the proposed template, we identify IoT-critical elements from the article 54 of the Cybersecurity Act. We also evaluate the proposed template using the ENISA qualification system for cybersecurity certification schemes and show its qualification on all criteria.
Trusted execution environments (TEEs) are on the rise in devices all around us ranging from large-scale cloud-based solutions to resource-constrained embedded devices. With the introduction of ARM TrustZone-M, hardware-assisted trusted execution is now supported in IoT nodes. TrustZone-M provides isolated execution of security-critical operations and sensitive data-generating peripherals. However, TrustZone-M, like all other TEEs, does not provide a mechanism to monitor operations in the trusted areas of the device and software in the secure areas of an IoT device has access to the entire secure and nonsecure software stack. This is crucial due to the diversity of device manufacturers and component suppliers in the market, which manifests trust issues, especially when third-party peripherals are incorporated into a TEE. Compromised TEEs can be misused for industrial espionage, data exfiltration through system backdoors, and illegal data sharing. It is of utmost importance here that system peripheral behaviour in terms of resource access is in accordance with their intended usage that is specified during integration. We propose TEE-Watchdog, a lightweight framework that establishes MPU protections for secure system peripherals in TrustZone-enabled low-end IoT devices. TEE-Watchdog ensures blocking unauthorized peripheral accesses and logging of application misbehaviour running in the TEE based on a manifest file. We define lightweight specifications and structure for the application manifest file enlisting permissions for critical system peripherals using concise binary object representation (CBOR). We implement and evaluate TEE-Watchdog using a Musca-A2 test chipboard. Our microbenchmark evaluations on CPU time and RAM usage demonstrated the practicality of TEE-Watchdog. Securing the system peripherals using TEE-Watchdog protections induced a 1.4% overhead on the latency of peripheral accesses, which was 61 microseconds on our test board. Our optimized CBOR-encoded manifest file template also showed a decrease in manifest file size by 40% as compared to the standard file formats, e.g., JSON.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.