Presents a Cyber-Assurance approach to the Internet of Things (IoT)
Discusses current research and emerging trends in IA theory, applications, architecture and information security in the IoT based on theoretical aspects and studies of practical applications
Aids readers in understanding how to design and build cyber-assurance into the IoT
Exposes engineers and designers to new strategies and emerging standards, and promotes active development of cyber-assurance
Covers challenging issues as well as potential solutions, encouraging discussion and debate amongst those in the field
Cyber-Assurance for the Internet of Things is written for researchers and professionals working in the field of wireless technologies, information security architecture, and security system design. This book will also serve as a reference for professors and students involved in IA and IoT networking.
Tyson T. Brooks is an Adjunct Professor in the School of Information Studies at Syracuse University; he also works with the Center for Information and Systems Assurance and Trust (CISAT) at Syracuse University, and is an information security technologist and science-practitioner. Dr. Brooks is the founder/Editor-in-Chief of the International Journal of Internet of Things and Cyber-Assurance, an associate editor for the Journal of Enterprise Architecture, the International Journal of Cloud Computing and Services Science, and the International Journal of Information and Network Security.
Table of Contents
LIST OF FIGURES xiii
LIST OF TABLES xvii
FOREWORD xix
PREFACE xxix
ACKNOWLEDGMENTS xxxiii
CONTRIBUTORS xxxv
ACRONYMS xli
INTRODUCTION xlvii
PART I EMBEDDED DESIGN SECURITY 1
1 CERTIFIED SECURITY BY DESIGN FOR THE INTERNET OF THINGS 3
Shiu-Kai Chin
1.1 Introduction / 3
1.2 Lessons from the Microelectronics Revolution / 3
1.3 Certified Security by Design / 5
1.4 Chapter Outline / 9
1.5 An Access-Control Logic / 9
1.6 An Introduction to HOL / 17
1.7 The Access-Control Logic in HOL / 25
1.8 Cryptographic Components and Their Models in Higher-Order Logic / 30
1.9 Cryptographic Hash Functions / 33
1.10 Asymmetric-Key Cryptography / 33
1.11 Digital Signatures / 36
1.12 Adding Security to State Machines / 38
1.13 A Networked Thermostat Certified Secure by Design / 49
1.14 Thermostat Use Cases / 52
1.15 Security Contexts for the Server and Thermostat / 56
1.16 Top-Level Thermostat Secure-State Machine / 58
1.17 Refined Thermostat Secure-State Machine / 67
1.18 Equivalence of Top-Level and Refined Secure-State Machines / 81
1.19 Conclusions / 84
Appendix / 86
References / 99
2 CYBER-ASSURANCE THROUGH EMBEDDED SECURITY FOR THE INTERNET OF THINGS 101
Tyson T. Brooks and Joon Park
2.1 Introduction / 101
2.2 Cyber-Security and Cyber-Assurance / 106
2.3 Recognition, Fortification, Re-Establishment, Survivability / 108
2.4 Conclusion / 120
References / 122
3 A SECURE UPDATE MECHANISM FOR INTERNET OF THINGS DEVICES 129
Martin Goldberg
3.1 Introduction / 129
3.2 Importance of IOT Security / 130
3.3 Applying the Defense In-Depth Strategy for Updating / 131
3.4 A Standards Approach / 132
3.5 Conclusion / 134
References / 135
PART II TRUST IMPACT 137
4 SECURITY AND TRUST MANAGEMENT FOR THE INTERNET OF THINGS: AN RFID AND SENSOR NETWORK PERSPECTIVE 139
M. Bala Krishna
4.1 Introduction / 139
4.2 Security and Trust in the Internet of Things / 142
4.3 Radio Frequency Identification: Evolution and Approaches / 147
4.4 Security and Trust in Wireless Sensor Networks / 151
4.5 Applications of Internet of Things and RFID in Real-Time Environment / 156
4.6 Future Research Directions and Conclusion / 158
References / 159
5 THE IMPACT OF IoT DEVICES ON NETWORK TRUST BOUNDARIES 163
Nicole Newmeyer
5.1 Introduction / 163
5.2 Trust Boundaries / 164
5.3 Risk Decisions and Conclusion / 173
References / 174
PART III WEARABLE AUTOMATION PROVENANCE 175
6 WEARABLE IoT COMPUTING: INTERFACE, EMOTIONS, WEARER’S CULTURE, AND SECURITY/PRIVACY CONCERNS 177
Robert McCloud, Martha Lerski, Joon Park, and Tyson T. Brooks
6.1 Introduction / 177
6.2 Data Accuracy in Wearable Computing / 178
6.3 Interface and Culture / 178
6.4 Emotion and Privacy / 179
6.5 Privacy Protection Policies for Wearable Devices / 181
6.6 Privacy/Security Concerns About Wearable Devices / 182
6.7 Expectations About Future Wearable Devices / 183
References / 184
7 ON VULNERABILITIES OF IoT-BASED CONSUMER-ORIENTED CLOSED-LOOP CONTROL AUTOMATION SYSTEMS 187
Martin Murillo
7.1 Introduction / 187
7.2 Industrial Control Systems and Home Automation Control / 189
7.3 Vulnerability Identification / 193
7.4 Modeling and Simulation of Basic Attacks to Control Loops and Service Providers / 198
7.5 Illustrating Various Attacks Through a Basic Home Heating System Model / 200
7.6 A Glimpse of Possible Economic Consequences of Addressed Attacks / 203
7.7 Discussion and Conclusion / 205
References / 206
8 BIG DATA COMPLEX EVENT PROCESSING FOR INTERNET OF THINGS PROVENANCE: BENEFITS FOR AUDIT, FORENSICS, AND SAFETY 209
Mark Underwood
8.1 Overview of Complex Event Processing / 209
8.2 The Need: IoT Security Challenges in Audit, Forensics, and Safety / 211
8.3 Challenges to CEP Adoption in IoT Settings / 213
8.4 CEP and IoT Security Visualization / 215
8.5 Summary / 217
8.6 Conclusion / 219
References / 220
PART IV CLOUD ARTIFICIAL INTELLIGENCE CYBER-PHYSICAL SYSTEMS 225
9 A STEADY-STATE FRAMEWORK FOR ASSESSING SECURITY MECHANISMS IN A CLOUD-OF-THINGS ARCHITECTURE 227
Tyson T. Brooks and Lee McKnight
Variable Nomenclature / 227
9.1 Introduction / 228
9.2 Background / 229
9.3 Establishing a Framework for CoT Analysis / 232
9.4 The CoT Steady-State Framework / 238
9.5 Conclusion / 244
References / 245
10 AN ARTIFICIAL INTELLIGENCE PERSPECTIVE ON ENSURING CYBER-ASSURANCE FOR THE INTERNET OF THINGS 249
Utku Köse
10.1 Introduction / 249
10.2 AI-Related Cyber-Assurance Research for the IoT / 250
10.3 Multidisciplinary Intelligence Enabling Opportunities with AI / 252
10.4 Future Research on AI-Based Cyber-Assurance for IoT / 254
10.5 Conclusion / 255
References / 255
11 PERCEIVED THREAT MODELING FOR CYBER-PHYSICAL SYSTEMS 257
Christopher Leberknight
11.1 Introduction / 257
11.2 Overview of Physical Security / 259
11.3 Relevance to Grounded Theory / 261
11.4 Theoretical Model Construction / 262
11.5 Experiment / 263
11.6 Results / 267
11.7 Discussion / 275
11.8 Future Research / 276
11.9 Conclusion / 278
References / 279
APPENDICES
A LIST OF IEEE INTERNET OF THINGS STANDARDS 283
B GLOSSARY 319
C CSBD THERMOSTAT REPORT 333
D CSBD ACCESS-CONTROL LOGIC REPORT 415
BIBLIOGRAPHY 433
INDEX 457