Abstract
Physical objects are getting connected to the Internet at an exceptional rate, making the idea of the Internet of Things (IoT) a reality. The IoT ecosystem is evident everywhere in the form of smart homes, health care systems, wearables, connected vehicles, and industries. This has given rise to risks associated with the privacy and security of systems. Security issues and cyber attacks on IoT devices may potentially hinder the growth of IoT products due to deficiencies in the architecture. To counter these issues, we need to implement privacy and security right from the building blocks of IoT. The IoT architecture has evolved over the years, improving the stack of architecture with new solutions such as scalability, management, interoperability, and extensibility. This emphasizes the need to standardize and organize the IoT reference architecture in federation with privacy and security concerns. In this study, we examine and analyze 12 existing IoT reference architectures to identify their shortcomings on the basis of the requirements addressed in the standards. We propose an architecture, the privacy-federated IoT security reference architecture (PF-IoT-SRA), which interprets all the involved privacy metrics and counters major threats and attacks in the IoT communication environment. It is a step toward the standardization of the domain architecture. We effectively validate our proposed reference architecture using the architecture trade-off analysis method (ATAM), an industry-recognized scenario-based approach.
摘要
各种物体正以惊人速度连接到互联网, 使物联网概念成为现实。物联网生态系统正以智能家居、医疗保健系统、可穿戴设备、联网车辆和多种产业形式普及, 由此增加了与系统隐私和安全相关的风险。架构缺陷带来的物联网设备安全问题和网络攻击可能阻碍物联网产品的发展。解决这些问题, 需在物联网构建块中设置隐私和安全权限。多年来, 物联网架构不断演变, 通过可测量性、管理、互操作性和可扩展性等新方案改进了架构。为此, 亟需结合隐私和安全考量, 对物联网参考架构进行标准化和有效管理。本文检查了12个现有物联网参考架构, 对照标准中的要求, 分析各自不足之处。基于此, 提出一种新的架构, 即结合隐私的物联网安全参考架构(PF-IoT-SRA), 其诠释了物联网通信环境中所有隐私指标, 可以对抗主要威胁和攻击。这是朝着领域架构标准化迈出的一步。我们使用架构权衡分析法(ATAM)——一种行业认可的基于场景的方法——验证了所提参考架构的有效性。
This is a preview of subscription content, log in via an institution to check access.
References
Alaba FA, Othman M, Hashem IAT, et al., 2017. Internet of Things security: a survey. J Netw Comput Appl, 88:10–28. https://doi.org/10.1016/j.jnca.2017.04.002
Al-Fuqaha A, Guizani M, Mohammadi M, et al., 2015. Internet of Things a survey on enabling technologies, protocols, and applications. IEEE Commun Surv Tutor, 17(4):2347–2376. https://doi.org/10.1109/COMST.2015.2444095
Al-Qaseemi SA, Almulhim HA, Almulhim MF, et al., 2016. IoT architecture challenges and issues: lack of standardization. Future Technologies Conf, p.731–738. https://doi.org/10.1109/FTC.2016.7821686
Alshohoumi F, Sarrab M, AlHamadani A, et al., 2019. Systematic review of existing IoT architectures security and privacy issues and concerns. Int J Adv Comput Sci Appl, 10(7):232–251. https://doi.org/10.14569/IJACSA.2019.0100733
Bassi A, Bauer M, Fiedler M, et al., 2013. Enabling Things to Talk. Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-642-40403-0
Cisco, 2014. Internet of Things Reference Model. https://www.cisco.com [Accessed on Aug. 10, 2021].
Chen KJ, Zhang S, Li ZK, et al., 2018. Internet-of-Things security and vulnerabilities: taxonomy, challenges, and practice. J Hardw Syst Secur, 2(2):97–110. https://doi.org/10.1007/s41635-017-0029-7
Chen LM, Nugent CD, Wang H, 2012. A knowledge-driven approach to activity recognition in smart homes. IEEE Trans Knowl Data Eng, 24(6):961–974. https://doi.org/10.1109/TKDE.2011.51
Chen SZ, Xu H, Liu DK, et al., 2014. A vision of IoT: applications, challenges, and opportunities with China perspective. IEEE Int Things J, 1(4):349–359. https://doi.org/10.1109/JIOT.2014.2337336
Dhelim S, Ning HS, Farha F, et al., 2021. IoT-enabled social relationships meet artificial social intelligence. IEEE Int Things J, 8(24):17817–17828. https://doi.org/10.1109/JIOT.2021.3081556
Domanska J, Gelenbe E, Czachorski T, et al., 2018. Research and innovation action for the security of the Internet of Things: the SerIoT project. 1st Int ISCIS Security Workshop, p.101–118. https://doi.org/10.1007/978-3-319-95189-8_10
dos Santos MG, Ameyed D, Petrillo F, et al., 2020. Internet of Things architectures: a comparative study. https://arxiv.org/abs/2004.12936
Fallmann S, Chen LM, 2019. Computational sleep behavior analysis: a survey. IEEE Access, 7:142421–142440. https://doi.org/10.1109/ACCESS.2019.2944801
Farha F, Ning HS, Ali K, et al., 2021. SRAM-PUF-based entities authentication scheme for resource-constrained IoT devices. IEEE Int Things J, 8(7):5904–5913. https://doi.org/10.1109/JIOT.2020.3032518
Fremantle P, 2015. A Reference Architecture for the Internet of Things. WSO2 White Paper 02-04.
Frustaci M, Pace P, Aloi G, et al., 2018. Evaluating critical security issues of the IoT world: present and future challenges. IEEE Int Things J, 5(4):2483–2495. https://doi.org/10.1109/JIOT.2017.2767291
Gerber A, Kansal S, 2017. Simplify the Development of Your IoT Solutions with IoT Architectures. https://www.ibm.com/developerworks/library/iot-lp201-iot-architectures/index.html [Accessed on Mar. 22, 2021].
Hu PF, Ning HS, Chen LM, et al., 2019. An open Internet of Things system architecture based on software-defined device. IEEE Int Things J, 6(2):2583–2592. https://doi.org/10.1109/JIOT.2018.2872028
Iqbal W, Abbas H, Daneshmand M, et al., 2020. An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE Int Things J, 7(10):10250–10276. https://doi.org/10.1109/JIOT.2020.2997651
ISO/IEC, 2014. Study Report on IoT Reference Architectures/Frameworks. Kate Grant AHG, SWG5, JTC1.
Javed B, Iqbal MW, Abbas H, 2017. Internet of Things (IoT) design considerations for developers and manufacturers. IEEE Int Conf on Communications Workshops, p.834–839. https://doi.org/10.1109/ICCW.2017.7962762
Karale A, 2021. The challenges of IoT addressing security, ethics, privacy, and laws. Int Things, 15:100420. https://doi.org/10.1016/j.iot.2021.100420
Kraijak S, Tuwanut P, 2015. A survey on IoT architectures, protocols, applications, security, privacy, real-world implementation and future trends. 11th Int Conf on Wireless Communications, Networking and Mobile Computing, p.1–6. https://doi.org/10.1049/cp.2015.0714
Li C, Palanisamy B, 2019. Privacy in Internet of Things: from principles to technologies. IEEE Int Things J, 6(1):488–505. https://doi.org/10.1109/JIOT.2018.2864168
McKinney D, 2015. Intel IoT Platform Architecture Specification White Paper.
Microsoft, 2018. Microsoft Azure IoT Reference Architecture V 2.1 26/09/2018. https://download.microsoft.com/Microsoft_Azure_IoT_Reference_Architecture [Accessed on June 10, 2021].
Mongo, 2019. IoT Reference Architecture. https://www.mongodb.com/collateral/iot-reference-architecture [Accessed on June 10, 2021].
O’Donnell L, 2019. Researchers Allege ‘Systemic’ Privacy, Security Flaws in Popular IoT Devices. https://threatpost.com/researchers-allegesystemic-privacy-security-flaws-in-popular-iotdevices/141244 [Accessed on Mar. 17, 2021].
Okeyo G, Chen LM, Wang H, et al., 2011. Ontology-based learning framework for activity assistance in an adaptive smart home. In: Chen LM, Nugent CD, Biswas J, et al. (Eds.), Activity Recognition in Pervasive Intelligent Environments. Atlantis Press, Paris, France, p.237–263. https://doi.org/10.2991/978-94-91216-05-3_11
Pan QQ, Wu J, Bashir AK, et al., 2022. Joint protection of energy security and information privacy for energy harvesting: an incentive federated learning approach. IEEE Trans Ind Inform, 18(5):3473–3483. https://doi.org/10.1109/TII.2021.3105492
Pierleoni P, Concetti R, Belli A, et al., 2019. Amazon, Google and Microsoft solutions for IoT: architectures and a performance comparison. IEEE Access, 8:5455–5470. https://doi.org/10.1109/ACCESS.2019.2961511
Psychoula I, Singh D, Chen LM, et al., 2018a. Users’ privacy concerns in IoT based applications. IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (Smart-World/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), p.1887–1894. https://doi.org/10.1109/SmartWorld.2018.00317
Psychoula I, Merdivan E, Singh D, et al., 2018b. A deep learning approach for privacy preservation in assisted living. IEEE Int Conf on Pervasive Computing and Communications Workshops, p.710–715. https://doi.org/10.1109/PERCOMW.2018.8480247
Psychoula I, Chen LM, Yao XX, et al., 2019. A privacy aware architecture for IoT enabled systems. IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (Smart-World/SCALCOM/UIC/ATC/CBDCom/IOP/SCI), p.178–183. https://doi.org/10.1109/SmartWorld-UIC-ATC-SCALCOM-IOP-SCI.2019.00073
Psychoula I, Chen LM, Amft O, 2020. Privacy risk awareness in wearables and the Internet of Things. IEEE Perv Comput, 19(3):60–66. https://doi.org/10.1109/MPRV.2020.2997616
Solapure SS, Kenchannavar H, 2016. Internet of Things: a survey related to various recent architectures and platforms available. Int Conf on Advances in Computing, Communications and Informatics, p.2296–2301. https://doi.org/10.1109/ICACCI.2016.7732395
Torkaman A, Seyyedi MA, 2016. Analyzing IoT reference architecture models. Int J Comput Sci Softw Eng, 5(8):154.
Yao XX, Farha F, Li RY, et al., 2021. Security and privacy issues of physical objects in the IoT: challenges and opportunities. Dig Commun Netw, 7(3):373–384. https://doi.org/10.1016/j.dcan.2020.09.001
Zhou W, Jia Y, Peng AN, et al., 2019. The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Int Things J, 6(2):1606–1616. https://doi.org/10.1109/JIOT.2018.2847733
Author information
Authors and Affiliations
Corresponding author
Additional information
Contributors
Musab KAMAL and Imran RASHID initiated the idea. Musab KAMAL, Imran RASHID, and Waseem IQBAL drafted the paper. Muhammad Haroon SIDDIQUI, Sohaib KHAN, and Ijaz AHMAD revised and finalized the paper.
Compliance with ethics guidelines
Musab KAMAL, Imran RASHID, Waseem IQBAL, Muhammad Haroon SIDDIQUI, Sohaib KHAN, and Ijaz AHMAD declare that they have no conflict of interest.
List of supplementary materials
Fig. S1 Intel IoT reference architecture
Fig. S2 Microsoft Azure IoT reference architecture
Fig. S3 MongoDB IoT reference architecture
Fig. S4 IBM IoT reference architecture
Fig. S5 SerIoT reference architecture
Fig. S6 Cisco IoT reference architecture
Fig. S7 IoT ARM view
Fig. S8 IoT ARM functional view
Fig. S9 KSG IoT reference architecture
Electronic Supplementary Material
Rights and permissions
About this article
Cite this article
Kamal, M., Rashid, I., Iqbal, W. et al. Privacy and security federated reference architecture for Internet of Things. Front Inform Technol Electron Eng 24, 481–508 (2023). https://doi.org/10.1631/FITEE.2200368
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1631/FITEE.2200368
Key words
- Architecturally significant requirement (ASR)
- Architecture trade-off analysis method (ATAM)
- Internet architecture board
- Internet of Things (IoT)
- Privacy enhancing technologies
- Privacy validation chain