Description
Book SynopsisPresents an Cyber-Assurance approach to the Internet of Things (IoT)
This book discusses the cyber-assurance needs of the IoT environment, highlighting key information assurance (IA) IoT issues and identifying the associated security implications. Through contributions from cyber-assurance, IA, information security and IoT industry practitioners and experts, the text covers fundamental and advanced concepts necessary to grasp current IA issues, challenges, and solutions for the IoT. The future trends in IoT infrastructures, architectures and applications are also examined. Other topics discussed include the IA protection of IoT systems and information being stored, processed or transmitted from unauthorized access or modification of machine-2-machine (M2M) devices, radio-frequency identification (RFID) networks, wireless sensor networks, smart grids, and supervisory control and data acquisition (SCADA) systems. The book also discusses IA measures necessary to detect, p
Table of Contents
List of Figures xiii
List of Tables xvii
Foreword xix
Preface xxix
Acknowledgments xxxiii
Contributors xxxv
Acronyms xli
Introduction xlvii
Part I Embedded Design Security 1
1 Certified Security by Design for the Internet of Things 3
Shiu-Kai Chin
1.1 Introduction 3
1.2 Lessons from the Microelectronics Revolution 3
1.3 Certified Security by Design 5
1.4 Chapter Outline 9
1.5 An Access-Control Logic 9
1.6 An Introduction to HOL 17
1.7 The Access-Control Logic in HOL 25
1.8 Cryptographic Components and Their Models in Higher-Order Logic 30
1.9 Cryptographic Hash Functions 33
1.10 Asymmetric-Key Cryptography 33
1.11 Digital Signatures 36
1.12 Adding Security to State Machines 38
1.13 A Networked Thermostat Certified Secure by Design 49
1.14 Thermostat Use Cases 52
1.15 Security Contexts for the Server and Thermostat 56
1.16 Top-Level Thermostat Secure-State Machine 58
1.17 Refined Thermostat Secure-State Machine 67
1.18 Equivalence of Top-Level and Refined Secure-State Machines 81
1.19 Conclusions 84
Appendix 86
References 99
2 Cyber-assurance Through Embedded Security for The Internet of Things 101
Tyson T. Brooks and Joon Park
2.1 Introduction 101
2.2 Cyber-Security and Cyber-Assurance 106
2.3 Recognition, Fortification, Re-Establishment, Survivability 108
2.4 Conclusion 120
References 122
3 A Secure Update Mechanism for Internet of Things Devices 129
Martin Goldberg
3.1 Introduction 129
3.2 Importance of IOT Security 130
3.3 Applying the Defense In-Depth Strategy for Updating 131
3.4 A Standards Approach 132
3.5 Conclusion 134
References 135
Part II Trust Impact 137
4 Security and Trust Management for the Internet of Things: An Rfid and Sensor Network Perspective 139
M. Bala Krishna
4.1 Introduction 139
4.2 Security and Trust in the Internet of Things 142
4.3 Radio Frequency Identification: Evolution and Approaches 147
4.4 Security and Trust in Wireless Sensor Networks 151
4.5 Applications of Internet of Things and RFID in Real-Time Environment 156
4.6 Future Research Directions and Conclusion 158
References 159
5 THE IMPACT OF IoT DEVICES ON NETWORK TRUST Boundaries 163
Nicole Newmeyer
5.1 Introduction 163
5.2 Trust Boundaries 164
5.3 Risk Decisions and Conclusion 173
References 174
Part III Wearable Automation Provenance 175
6 WEARABLE IoT COMPUTING: INTERFACE, EMOTIONS, Wearer’s Culture, and Security/privacy Concerns 177
Robert McCloud, Martha Lerski, Joon Park, and Tyson T. Brooks
6.1 Introduction 177
6.2 Data Accuracy in Wearable Computing 178
6.3 Interface and Culture 178
6.4 Emotion and Privacy 179
6.5 Privacy Protection Policies for Wearable Devices 181
6.6 Privacy/Security Concerns About Wearable Devices 182
6.7 Expectations About Future Wearable Devices 183
References 184
7 ON VULNERABILITIES OF IoT-BASED Consumer-oriented Closed-loop Control Automation Systems 187
Martin Murillo
7.1 Introduction 187
7.2 Industrial Control Systems and Home Automation Control 189
7.3 Vulnerability Identification 193
7.4 Modeling and Simulation of Basic Attacks to Control Loops and Service Providers 198
7.5 Illustrating Various Attacks Through a Basic Home Heating System Model 200
7.6 A Glimpse of Possible Economic Consequences of Addressed Attacks 203
7.7 Discussion and Conclusion 205
References 206
8 Big Data Complex Event Processing for Internet Of Things Provenance: Benefits for Audit, Forensics, and Safety 209
Mark Underwood
8.1 Overview of Complex Event Processing 209
8.2 The Need: IoT Security Challenges in Audit, Forensics, and Safety 211
8.3 Challenges to CEP Adoption in IoT Settings 213
8.4 CEP and IoT Security Visualization 215
8.5 Summary 217
8.6 Conclusion 219
References 220
Part IV Cloud Artificial Intelligence Cyber-physical Systems 225
9 a Steady-state Framework for Assessing Security Mechanisms in a Cloud-of-things Architecture 227
Tyson T. Brooks and Lee McKnight
Variable Nomenclature 227
9.1 Introduction 228
9.2 Background 229
9.3 Establishing a Framework for CoT Analysis 232
9.4 The CoT Steady-State Framework 238
9.5 Conclusion 244
References 245
10 An Artificial Intelligence Perspective on Ensuring Cyber-assurance for the Internet Of Things 249
Utku Köse
10.1 Introduction 249
10.2 AI-Related Cyber-Assurance Research for the IoT 250
10.3 Multidisciplinary Intelligence Enabling Opportunities with Ai 252
10.4 Future Research on AI-Based Cyber-Assurance for IoT 254
10.5 Conclusion 255
References 255
11 Perceived Threat Modeling for Cyber-physical Systems 257
Christopher Leberknight
11.1 Introduction 257
11.2 Overview of Physical Security 259
11.3 Relevance to Grounded Theory 261
11.4 Theoretical Model Construction 262
11.5 Experiment 263
11.6 Results 267
11.7 Discussion 275
11.8 Future Research 276
11.9 Conclusion 278
References 279
Appendices
A List of Ieee Internet of Things Standards 283
B Glossary 319
C Csbd Thermostat Report 333
D Csbd Access-control Logic Report 415
Bibliography 433
Index 457
