Скачать книгу

limited computational power. Further, the techniques normally used in conventional networks were designed for systems that contained powerful microprocessors and had high storage capacities (Hanna 2015). Existing security techniques must thus be adapted. Further, the large number of objects in an IoT environment makes it a difficult and onerous task to adapt existing security algorithms. For example, methods and algorithms for identification and controlling access to objects become more and more complex as the number of objects in the environment keeps increasing.

      As concerns user privacy, data can be collected in IoT systems without involving the users. In this context, this data feedback must be secured and the user’s privacy must be ensured during the collection, transmission, aggregation, storage, extraction and processing of the data. In order to meet these requirements, the appropriate mechanisms for data confidentiality, data authentication and data integrity must be included within the IoT, while respecting the needs of this kind of environment (ITU-T 2012).

      1.4.2. Security services in the IoT environment

      In order to ensure security in the IoT environment, various security services must be provided by applying mechanisms that are specific and adapted to the characteristics of this kind of environment.

      1.4.2.1. Identification and authentication in the IoT

      1.4.2.1.1. Definition

      Identification refers to establishing the identity of the user of a service. It is based on the principle of each user being individually assigned an identifier. Authentication follows identification and enables the user to prove their identity. The user should use an authenticator or a secret code, which only they know. Authentication does not give the right of access. It is the access control that guarantees this privilege if authentication has been successful (ITU-T 1991). Authentication mechanisms can offer several advantages to the IoT environment. Thus, through the identification and authentication mechanisms, the IoT environment takes into account robust devices that are able to reduce the risk of intrusion and avoid violations (Li 2017).

      1.4.2.1.2. Research projects

      Various research studies and projects have dealt with identification and authentication security services. BUTLER (uBiquitous, secUre inTernet-of-things with Location and contExt-awaReness) (CORDIS 2018), a European project funded by FP7 (October 2011–October 2014), studied the mechanisms of identification and authentication in the IoT environment. This project proposed a mechanism for managing the ownership of objects by the users. In this case, users possess connected objects. A user (the owner of an object) has an account with the Trust Manager, which is implemented on an authorization server. The user connects to the authorization server and registers a new resource (a new connected object). The resource must have a unique identifier (generally a URL) and identification information (resource security credentials). The user must then configure the resource with the resource security credentials and, thus, the identity of the user who possesses the object may be verified. Similarly, BUTLER offers a mechanism that makes it possible to identify objects to gateways using digital certificates that are managed by authorization servers (Sottile et al. 2014). There is also academic research that has studied identification and authentication in the IoT. According to the work described in Li (2017), the author highlights the importance of proposing an authentication protocol that makes it possible to relieve nodes (which are constrained in terms of their storage and computing capabilities) of the management of authentication and authorization.

      1.4.2.2. Access control in the IoT

      1.4.2.2.1.

Скачать книгу