Cited By
View all- Kolevski DMichael K(2024)Edge Computing and IoT Data Breaches: Security, Privacy, Trust, and RegulationIEEE Technology and Society Magazine10.1109/MTS.2024.337260543:1(22-32)Online publication date: Mar-2024
IoT solution information security certification conceptual framework: IoT solution information securityOn improving the transparency and accountability of IoT Solutions through an Open World perspective
Article No.: 47, Pages 1 - 9
Abstract
The rapid growth of Internet of Things (IoT) solutions development and the rise of agile development utilization, combined with the so-called “low touch economy” and the recent discussions on privacy and data protection brought several demands related to Information Security. Despite the existence of several efforts – either academic or not – focused on the definition and implementation strategies for certification of Information Security models designed for Information Technology and Communications (ICT) solutions, these aren't widely adopted. In addition, there are significant differences between typical IoT solutions and ICT solutions as traditionally presented, which ends up demanding different certification strategies. Continuous and more dynamic certification models (using cutting edge technologies such as blockchain, self-regulation, analytics, and artificial intelligence) are demanded in this context. This work discusses more effective forms of certification, using innovative edge concepts and technologies, at first aiming to identify a set of inhibiting factors, offenders, challenges or issues that need to be addressed correctly when developing an effective large-scale security certification model.
References
[1]
R. Roman, P. Najera and J. Lopez. 2011. Securing the Internet of Things. In Computer, vol. 44, no. 09, pp. 51-58.
[2]
General requirements for the competence of testing and calibration laboratories. 2006. ISO/IEC 17025, International Organization for Standardization/International Electrotechnical Committee, Geneva.
[3]
Information technology — Security techniques — Evaluation criteria for IT security — Part 1: Introduction and general model, ISO/IEC 15408-1:2009, International Organization for Standardization/International Electrotechnical Committee, Geneva, 2009.
[4]
C. Preschern. 2012. Catalog of security tactics linked to common criteria requirements. In Proceedings of the 19th Conference on Pattern Languages of Programs, page 7. The Hillside Group,
[5]
FIPS PUB 140-2: Security Requirements for Cryptographic Modules. NIST. July 26, 2007.
[6]
Wyk, K.R. & McGraw, G. 2005. Bridging the Gap between Software Development and Information Security. In Security & Privacy, IEEE. 3. 75- 79. 10.1109/MSP.2005.118.
[7]
Joanna Cecilia da Silva Santos, Katy Tarrit, and Mehdi Mirakhorli. 2017. A Catalog of Security Architecture Weaknesses. 220-223. 10.1109/ICSAW.2017.25.
[8]
IoT Security Foundation. 2019. IoT Security Reference Architecture for the Healthcare, Retrieved May 07, 2021 from: https://www.iotsecurityfoundation.org/wp-content/uploads/2019/05/IoT-Security-Reference-Architecture-For-The-Healthcare-Industry.pdf
[9]
IoT Security Foundation. 2018. IoT Security Compliance Framework, Retrieved May 07, 2021 from: https://www.iotsecurityfoundation.org/wp-content/uploads/2019/03/Best-Practice-Guides-Release-1.2.1.pdf
[10]
MCTIC. 2018. Documento de referência do plano nacional de internet das coisas IoT.BR. Retrieved May 07, 2021 from: http://otd.cpqd.com.br/otd/wp-content/uploads/2018/12/Cartilha-PLANO-NACIONALDE-INTERNET-DAS-COISAS_192x245_WEB.pdf
[11]
Câmara IoT. 2016. Identificação dos tópicos de relevância para a viabilização da Internet das Coisas no Brasil. Retrieved May 07, 2021 from: http://www.abinee.org.br/informac/arquivos/aiot.pdf
[12]
BNDES e MCTIC, Internet das Coisas: um plano de ação para o Brasil, Relatório Final do Estudo - Produto 9a, 2018. Retrieved May 07, 2021 from http://www.mctic.gov.br/mctic/export/sites/institucional/inovacao/paginas/politicasDigitais/arquivos/estudo_iot/fase_3/produto-9A-relatorio-final-estudo-de-iot.pdf
[13]
Inmetro. Brazilian National Institute of Metrology, Standardization and Industrial Quality. Retrieved May 07, 2021 from https://www.gov.br/inmetro/
[14]
NIST. National Institute of Standards and Technology. Retrieved May 07, 2021 from https://www.nist.gov.
[15]
IEEE. Institute of Electrical and Electronics Engineers. Retrieved May 07, 2021 from https://www.ieee.org.
[16]
IoTSF, IoT Security Foundation. Retrieved May 07, 2021 from https://www.iotsecurityfoundation.org.
[17]
PCI Security Standards Council. Retrieved May 07, 2021 from https://pt.pcisecuritystandards.org.
[18]
Sazzadur Rahaman, Gang Wang, and Danfeng (Daphne) Yao. 2019. Security Certification in Payment Card Industry: Testbeds, Measurements, and Recommendations. In Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security(CCS '19). Association for Computing Machinery, New York, NY, USA, 481–498.
[19]
Kang, S.; Kim, S. 2017. How to Obtain Common Criteria Certification of Smart TV for Home IoT Security and Reliability. In Symmetry 2017, 9, 233. https://doi.org/10.3390/sym9100233.
[20]
R. Neisse, J. L. Hernández-Ramos, S. N. Matheu, G. Baldini and A. Skarmeta. 2019. Toward a Blockchain-based Platform to Manage Cybersecurity Certification of IoT devices, In IEEE Conference on Standards for Communications and Networking (CSCN), 2019, pp. 1-6.
[21]
Renata Araujo. 2017. Information Systems and the Open World. In: I GranDSI-BR - GrandResearch Challenges in Information Systems in Brazil 2016-2026. Special Committee on Information Systems (CE-SI): BrazilianComputer Society (SBC), pp. 42–51
[22]
Recommendation ITU-T Y.2060, Overview of the Internet of things, Retrieved May 07, 2021 from http://www.itu.int/rec/T-REC-Y.2060
[23]
JEON, Jonghong; IN, Minkyo; LEE, Seungyun. Considerations on Standardization of WoT. W3C's Web of Things Workshop.
[24]
Bax, Marcello. (2014). Design science: filosofia da pesquisa em ciência da informação e tecnologia. In. XV Encontro Nacional de Pesquisa em Ciência da Informação – ENANCIB 2014. 42. 3883-3903.
Index Terms
- IoT solution information security certification conceptual framework: IoT solution information securityOn improving the transparency and accountability of IoT Solutions through an Open World perspective
Index terms have been assigned to the content through auto-classification.
Recommendations
IoT Security: Ongoing Challenges and Research Opportunities
SOCA '14: Proceedings of the 2014 IEEE 7th International Conference on Service-Oriented Computing and ApplicationsThe Internet of Things (IoT) opens opportunities for wearable devices, home appliances, and software to share and communicate information on the Internet. Given that the shared data contains a large amount of private information, preserving information ...
Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework
ICC '16: Proceedings of the International Conference on Internet of things and Cloud ComputingThe Internet of things (IoT) refers to every object, which is connected over a network with the ability to transfer data. Users perceive this interaction and connection as useful in their daily life. However any improperly designed and configured ...
Integrating security activities into the software development life cycle and the software quality assurance process
Security concerns should be an integral part of the entire planning, development, and operation of a computer application. Inadequacies in the design and operation of computer applications are very frequent source of security vulnerabilities associated ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
June 2021
453 pages
ISBN:9781450384919
DOI:10.1145/3466933
Copyright © 2021 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 08 July 2021
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Funding Sources
Conference
SBSI '21
Acceptance Rates
Overall Acceptance Rate 181 of 557 submissions, 32%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 568Total Downloads
- Downloads (Last 12 months)124
- Downloads (Last 6 weeks)17
Reflects downloads up to 09 Jan 2025
Other Metrics
Citations
Cited By
View all- Kolevski DMichael K(2024)Edge Computing and IoT Data Breaches: Security, Privacy, Trust, and RegulationIEEE Technology and Society Magazine10.1109/MTS.2024.337260543:1(22-32)Online publication date: Mar-2024
View Options
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML FormatLogin options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in