Cyber-Assurance for the Internet of Things

Presents an Cyber-Assurance approach to the Internet of Things (IoT)

This book discusses the cyber-assurance needs of the IoT environment, highlighting key information assurance (IA) IoT issues and identifying the associated security implications. Through contributions from cyber-assurance, IA, information security and IoT industry practitioners and experts, the text covers fundamental and advanced concepts necessary to grasp current IA issues, challenges, and solutions for the IoT. The future trends in IoT infrastructures, architectures and applications are also examined. Other topics discussed include the IA protection of IoT systems and information being stored, processed or transmitted from unauthorized access or modification of machine-2-machine (M2M) devices, radio-frequency identification (RFID) networks, wireless sensor networks, smart grids, and supervisory control and data acquisition (SCADA) systems. The book also discusses IA measures necessary to detect, protect, and defend IoT information and networks/systems to ensure their availability, integrity, authentication, confidentially, and non-repudiation.

• Discusses current research and emerging trends in IA theory, applications, architecture and information security in the IoT based on theoretical aspects and studies of practical applications

• Aids readers in understanding how to design and build cyber-assurance into the IoT

• Exposes engineers and designers to new strategies and emerging standards, and promotes active development of cyber-assurance

• Covers challenging issues as well as potential solutions, encouraging discussion and debate amongst those in the field

Cyber-Assurance for the Internet of Things is written for researchers and professionals working in the field of wireless technologies, information security architecture, and security system design. This book will also serve as a reference for professors and students involved in IA and IoT networking.
Tyson T. Brooks is an Adjunct Professor in the School of Information Studies at Syracuse University; he also works with the Center for Information and Systems Assurance and Trust (CISAT) at Syracuse University, and is an information security technologist and science-practitioner. Dr. Brooks is the founder/Editor-in-Chief of the International Journal of Internet of Things and Cyber-Assurance, an associate editor for the Journal of Enterprise Architecture, the International Journal of Cloud Computing and Services Science, and the International Journal of Information and Network Security.

Autorentext

Tyson T. Brooks is an Adjunct Professor in the School of Information Studies at Syracuse University; he also works with the Center for Information and Systems Assurance and Trust (CISAT) at Syracuse University, and is an information security technologist and science-practitioner. Dr. Brooks is the founder/Editor-in-Chief of the International Journal of Internet of Things and Cyber-Assurance, an associate editor for the Journal of Enterprise Architecture, the International Journal of Cloud Computing and Services Science, and the International Journal of Information and Network Security.

Zusammenfassung

Presents an Cyber-Assurance approach to the Internet of Things (IoT)

This book discusses the cyber-assurance needs of the IoT environment, highlighting key information assurance (IA) IoT issues and identifying the associated security implications. Through contributions from cyber-assurance, IA, information security and IoT industry practitioners and experts, the text covers fundamental and advanced concepts necessary to grasp current IA issues, challenges, and solutions for the IoT. The future trends in IoT infrastructures, architectures and applications are also examined. Other topics discussed include the IA protection of IoT systems and information being stored, processed or transmitted from unauthorized access or modification of machine-2-machine (M2M) devices, radio-frequency identification (RFID) networks, wireless sensor networks, smart grids, and supervisory control and data acquisition (SCADA) systems. The book also discusses IA measures necessary to detect, protect, and defend IoT information and networks/systems to ensure their availability, integrity, authentication, confidentially, and non-repudiation.

• Discusses current research and emerging trends in IA theory, applications, architecture and information security in the IoT based on theoretical aspects and studies of practical applications
• Aids readers in understanding how to design and build cyber-assurance into the IoT
• Exposes engineers and designers to new strategies and emerging standards, and promotes active development of cyber-assurance
• Covers challenging issues as well as potential solutions, encouraging discussion and debate amongst those in the field
  Cyber-Assurance for the Internet of Things is written for researchers and professionals working in the field of wireless technologies, information security architecture, and security system design. This book will also serve as a reference for professors and students involved in IA and IoT networking. Tyson T. Brooks is an Adjunct Professor in the School of Information Studies at Syracuse University; he also works with the Center for Information and Systems Assurance and Trust (CISAT) at Syracuse University, and is an information security technologist and science-practitioner. Dr. Brooks is the founder/Editor-in-Chief of the International Journal of Internet of Things and Cyber-Assurance, an associate editor for the Journal of Enterprise Architecture, the International Journal of Cloud Computing and Services Science, and the International Journal of Information and Network Security.

Inhalt

List of Figures xiii

List of Tables xvii

Foreword xix

Preface xxix

Acknowledgments xxxiii

Contributors xxxv

Acronyms xli

Introduction xlvii

Part I Embedded Design Security 1

**1 Certified Security by Design for the Internet of Things 3
Shiu-Kai Chin

1.1 Introduction 3

1.2 Lessons from the Microelectronics Revolution 3

1.3 Certified Security by Design 5

1.4 Chapter Outline 9

1.5 An Access-Control Logic 9

1.6 An Introduction to HOL 17

1.7 The Access-Control Logic in HOL 25

1.8 Cryptographic Components and Their Models in Higher-Order Logic 30

1.9 Cryptographic Hash Functions 33

1.10 Asymmetric-Key Cryptography 33

1.11 Digital Signatures 36

1.12 Adding Security to State Machines 38

1.13 A Networked Thermostat Certified Secure by Design 49

1.14 Thermostat Use Cases 52

1.15 Security Contexts for the Server and Thermostat 56

1.16 Top-Level Thermostat Secure-State Machine 58

1.17 Refined Thermostat Secure-State Machine 67

1.18 Equivalence of Top-Level and Refined Secure-State Machines 81

1.19 Conclusions 84

Appendix 86

References 99

**2 Cyber-assurance Through Embedded Security for The Internet of Things 101
Tyson T. Brooks and Joon Park

2.1 Introduction 101

2.2 Cyber-Security and Cyber-Assurance 106

2.3 Recognition, Fortification, Re-Establishment, Survivability 108

2.4 Conclusion 120

References 122

**3 A Secure Update Mechanism for Internet of Things Devices 129
Martin Goldberg

3.1 Introduction 129

3.2 Importance of IOT Security 130

3.3 Applying the Defense In-Depth Strategy for Updating 131

3.4 A Standards Approach 132

3.5 Conclusion 134

References 135

Part II Trust Impact 137

**4 Security and Trust Management for the Internet of Things: An Rfid and Sensor Network Perspective 139
M. Bala Krishna

4.1 Introduction 139

4.2 Security and Trust in the Internet of Things 142

4.3 Radio Frequency Identification: Evolution and Approaches 147

4.4 Security and Trust in Wireless Sensor Networks 151

4.5 Applications of Internet of Things and RFID…