Full Text:   <5035>

Summary:  <224>

Suppl. Mater.: 

CLC number: TP393

On-line Access: 2023-05-06

Received: 2022-08-31

Revision Accepted: 2023-05-06

Crosschecked: 2022-12-13

Cited: 0

Clicked: 1386

Citations:  Bibtex RefMan EndNote GB/T7714

 ORCID:

Waseem IQBAL

https://orcid.org/0000-0002-3616-2621

-   Go to

Article info.
Open peer comments

Frontiers of Information Technology & Electronic Engineering  2023 Vol.24 No.4 P.481-508

http://doi.org/10.1631/FITEE.2200368


Privacy and security federated reference architecture for Internet of Things


Author(s):  Musab KAMAL, Imran RASHID, Waseem IQBAL, Muhammad Haroon SIDDIQUI, Sohaib KHAN, Ijaz AHMAD

Affiliation(s):  Department of Information Security, National University of Sciences and Technology, Islamabad 44000, Pakistan; more

Corresponding email(s):   waseem.iqbal@mcs.edu.pk

Key Words:  Architecturally significant requirement (ASR), Architecture trade-off analysis method (ATAM), Internet architecture board, Internet of Things (IoT), Privacy enhancing technologies, Privacy validation chain


Share this article to: More |Next Article >>>

Musab KAMAL, Imran RASHID, Waseem IQBAL, Muhammad Haroon SIDDIQUI, Sohaib KHAN, Ijaz AHMAD. Privacy and security federated reference architecture for Internet of Things[J]. Frontiers of Information Technology & Electronic Engineering, 2023, 24(4): 481-508.

@article{title="Privacy and security federated reference architecture for Internet of Things",
author="Musab KAMAL, Imran RASHID, Waseem IQBAL, Muhammad Haroon SIDDIQUI, Sohaib KHAN, Ijaz AHMAD",
journal="Frontiers of Information Technology & Electronic Engineering",
volume="24",
number="4",
pages="481-508",
year="2023",
publisher="Zhejiang University Press & Springer",
doi="10.1631/FITEE.2200368"
}

%0 Journal Article
%T Privacy and security federated reference architecture for Internet of Things
%A Musab KAMAL
%A Imran RASHID
%A Waseem IQBAL
%A Muhammad Haroon SIDDIQUI
%A Sohaib KHAN
%A Ijaz AHMAD
%J Frontiers of Information Technology & Electronic Engineering
%V 24
%N 4
%P 481-508
%@ 2095-9184
%D 2023
%I Zhejiang University Press & Springer
%DOI 10.1631/FITEE.2200368

TY - JOUR
T1 - Privacy and security federated reference architecture for Internet of Things
A1 - Musab KAMAL
A1 - Imran RASHID
A1 - Waseem IQBAL
A1 - Muhammad Haroon SIDDIQUI
A1 - Sohaib KHAN
A1 - Ijaz AHMAD
J0 - Frontiers of Information Technology & Electronic Engineering
VL - 24
IS - 4
SP - 481
EP - 508
%@ 2095-9184
Y1 - 2023
PB - Zhejiang University Press & Springer
ER -
DOI - 10.1631/FITEE.2200368


Abstract: 
Physical objects are getting connected to the Internet at an exceptional rate, making the idea of the internet of Things (IoT) a reality. The IoT ecosystem is evident everywhere in the form of smart homes, health care systems, wearables, connected vehicles, and industries. This has given rise to risks associated with the privacy and security of systems. Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture. To counter these issues, we need to implement privacy and security right from the building blocks of IoT. The IoT architecture has evolved over the years, improving the stack of architecture with new solutions such as scalability, management, interoperability, and extensibility. This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns. In this study, we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards. We propose an architecture, the privacy-federated IoT security reference architecture (PF-IoT-SRA), which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment. It is a step toward the standardization of the domain architecture. We effectively validate our proposed reference architecture using the architecture trade-off analysis method (ATAM), an industry-recognized scenario-based approach.

物联网隐私与安全联合参考架构

Musab KAMAL1, Imran RASHID1, Waseem IQBAL1, Muhammad Haroon SIDDIQUI1,
Sohaib KHAN1, Ijaz AHMAD2
1国立科技大学信息安全系,巴基斯坦伊斯兰堡,44000
2马甲大学学院信息技术系,阿曼马斯喀特,112
摘要:各种物体正以惊人速度连接到互联网,使物联网概念成为现实。物联网生态系统正以智能家居、医疗保健系统、可穿戴设备、联网车辆和多种产业形式普及,由此增加了与系统隐私和安全相关的风险。架构缺陷带来的物联网设备安全问题和网络攻击可能阻碍物联网产品的发展。解决这些问题,需在物联网构建块中设置隐私和安全权限。多年来,物联网架构不断演变,通过可测量性、管理、互操作性和可扩展性等新方案改进了架构。为此,亟需结合隐私和安全考量,对物联网参考架构进行标准化和有效管理。本文检查了12个现有物联网参考架构,对照标准中的要求,分析各自不足之处。基于此,提出一种新的架构,即结合隐私的物联网安全参考架构(PF-IoT-SRA),其诠释了物联网通信环境中所有隐私指标,可以对抗主要威胁和攻击。这是朝着领域架构标准化迈出的一步。我们使用架构权衡分析法(ATAM)--一种行业认可的基于场景的方法--验证了所提参考架构的有效性。

关键词:架构上重要的需求(ASR);架构权衡分析法(ATAM);互联网架构板;物联网;隐私增强技术;隐私验证链

Darkslateblue:Affiliate; Royal Blue:Author; Turquoise:Article

Reference

[1]Alaba FA, Othman M, Hashem IAT, et al., 2017. Internet of Things security: a survey. J Netw Comput Appl, 88:10-28.

[2]Al-Fuqaha A, Guizani M, Mohammadi M, et al., 2015. Internet of Things: a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor, 17(4):2347-2376.

[3]Al-Qaseemi SA, Almulhim HA, Almulhim MF, et al., 2016. IoT architecture challenges and issues: lack of standardization. Future Technologies Conf, p.731-738.

[4]Alshohoumi F, Sarrab M, AlHamadani A, et al., 2019. Systematic review of existing IoT architectures security and privacy issues and concerns. Int J Adv Comput Sci Appl, 10(7):232-251.

[5]Bassi A, Bauer M, Fiedler M, et al., 2013. Enabling Things to Talk. Springer Berlin Heidelberg.

[6]Cisco, 2014. Internet of Things Reference Model. https://www.cisco.com [Accessed on Aug. 10, 2021].

[7]Chen KJ, Zhang S, Li ZK, et al., 2018. Internet-of-Things security and vulnerabilities: taxonomy, challenges, and practice. J Hardw Syst Secur, 2(2):97-110.

[8]Chen LM, Nugent CD, Wang H, 2012. A knowledge-driven approach to activity recognition in smart homes. IEEE Trans Knowl Data Eng, 24(6):961-974.

[9]Chen SZ, Xu H, Liu DK, et al., 2014. A vision of IoT: applications, challenges, and opportunities with China perspective. IEEE Int Things J, 1(4):349-359.

[10]Dhelim S, Ning HS, Farha F, et al., 2021. IoT-enabled social relationships meet artificial social intelligence. IEEE Int Things J, 8(24):17817-17828.

[11]Domanska J, Gelenbe E, Czachorski T, et al., 2018. Research and innovation action for the security of the Internet of Things: the SerIoT project. 1st Int ISCIS Security Workshop, p.101-118.

[12]dos Santos MG, Ameyed D, Petrillo F, et al., 2020. Internet of Things architectures: a comparative study. https://arxiv.org/abs/2004.12936

[13]Fallmann S, Chen LM, 2019. Computational sleep behavior analysis: a survey. IEEE Access, 7:142421-142440.

[14]Farha F, Ning HS, Ali K, et al., 2021. SRAM-PUF-based entities authentication scheme for resource-constrained IoT devices. IEEE Int Things J, 8(7):5904-5913.

[15]Fremantle P, 2015. A Reference Architecture for the Internet of Things. WSO2 White Paper 02-04.

[16]Frustaci M, Pace P, Aloi G, et al., 2018. Evaluating critical security issues of the IoT world: present and future challenges. IEEE Int Things J, 5(4):2483-2495.

[17]Gerber A, Kansal S, 2017. Simplify the Development of Your IoT Solutions with IoT Architectures. https://www.ibm.com/developerworks/library/iot-lp201-iot-architectures/index.html [Accessed on Mar. 22, 2021].

[18]Hu PF, Ning HS, Chen LM, et al., 2019. An open Internet of Things system architecture based on software-defined device. IEEE Int Things J, 6(2):2583-2592.

[19]Iqbal W, Abbas H, Daneshmand M, et al., 2020. An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE Int Things J, 7(10):10250-10276.

[20]ISO/IEC, 2014. Study Report on IoT Reference Architectures/Frameworks. Kate Grant AHG, SWG5, JTC1.

[21]Javed B, Iqbal MW, Abbas H, 2017. Internet of Things (IoT) design considerations for developers and manufacturers. IEEE Int Conf on Communications Workshops, p.834-839.

[22]Karale A, 2021. The challenges of IoT addressing security, ethics, privacy, and laws. Int Things, 15:100420.

[23]Kraijak S, Tuwanut P, 2015. A survey on IoT architectures, protocols, applications, security, privacy, real-world implementation and future trends. 11th Int Conf on Wireless Communications, Networking and Mobile Computing, p.1-6.

[24]Li C, Palanisamy B, 2019. Privacy in Internet of Things: from principles to technologies. IEEE Int Things J, 6(1):488-505.

[25]McKinney D, 2015. Intel IoT Platform Architecture Specification White Paper.

[26]Microsoft, 2018. Microsoft Azure IoT Reference Architecture V 2.1 26/09/2018. https://download.microsoft.com/Microsoft_Azure_IoT_Reference_Architecture [Accessed on June 10, 2021].

[27]Mongo, 2019. IoT Reference Architecture. https://www.mongodb.com/collateral/iot-reference-architecture [Accessed on June 10, 2021].

[28]O’Donnell L, 2019. Researchers Allege ‘Systemic’ Privacy, Security Flaws in Popular IoT Devices. https://threatpost.com/researchers-allegesystemic-privacy-security-flaws-in-popular-iotdevices/141244 [Accessed on Mar. 17, 2021].

[29]Okeyo G, Chen LM, Wang H, et al., 2011. Ontology-based learning framework for activity assistance in an adaptive smart home. In: Chen LM, Nugent CD, Biswas J, et al. (Eds.), Activity Recognition in Pervasive Intelligent Environments. Atlantis Press, Paris, France, p.237-263.

[30]Pan QQ, Wu J, Bashir AK, et al., 2022. Joint protection of energy security and information privacy for energy harvesting: an incentive federated learning approach. IEEE Trans Ind Inform, 18(5):3473-3483.

[31]Pierleoni P, Concetti R, Belli A, et al., 2019. Amazon, Google and Microsoft solutions for IoT: architectures and a performance comparison. IEEE Access, 8:5455-5470.

[32]Psychoula I, Singh D, Chen LM, et al., 2018a. Users’ privacy concerns in IoT based applications. IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), p.1887-1894.

[33]Psychoula I, Merdivan E, Singh D, et al., 2018b. A deep learning approach for privacy preservation in assisted living. IEEE Int Conf on Pervasive Computing and Communications Workshops, p.710-715.

[34]Psychoula I, Chen LM, Yao XX, et al., 2019. A privacy aware architecture for IoT enabled systems. IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), p.178-183.

[35]Psychoula I, Chen LM, Amft O, 2020. Privacy risk awareness in wearables and the Internet of Things. IEEE Perv Comput, 19(3):60-66.

[36]Solapure SS, Kenchannavar H, 2016. Internet of Things: a survey related to various recent architectures and platforms available. Int Conf on Advances in Computing, Communications and Informatics, p.2296-2301.

[37]Torkaman A, Seyyedi MA, 2016. Analyzing IoT reference architecture models. Int J Comput Sci Softw Eng, 5(8):154.

[38]Yao XX, Farha F, Li RY, et al., 2021. Security and privacy issues of physical objects in the IoT: challenges and opportunities. Dig Commun Netw, 7(3):373-384.

[39]Zhou W, Jia Y, Peng AN, et al., 2019. The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Int Things J, 6(2):1606-1616.

Open peer comments: Debate/Discuss/Question/Opinion

<1>

Please provide your name, email address and a comment





Journal of Zhejiang University-SCIENCE, 38 Zheda Road, Hangzhou 310027, China
Tel: +86-571-87952783; E-mail: cjzhang@zju.edu.cn
Copyright © 2000 - 2024 Journal of Zhejiang University-SCIENCE