An approach to enhancing security and privacy of the Internet of Things with federated identity

  • Paul Zachary Fremantle

Student thesis: Doctoral Thesis


The Internet of Things (IoT) is the set of systems that enable sensors and actuators to be connected to the Internet. It is estimated that there are already more IoT devices than humans, and that by 2020 there will be 50 billion connected devices. A review of related literature outlines concerns regarding security and privacy of the IoT, demonstrating that IoT devices are creating the opportunity to infringe on security and privacy in numerous ways. One significant challenge is to manage the identity of IoT devices in an effective way. Many IoT systems are built using middleware systems. The main research question of this thesis is whether an improved model for IoT middleware systems — based around federated identity — can provide significant improvements to security and privacy while maintaining reasonable costs in terms of user experience and performance.
In a review of related work, a matrix of IoT threats is presented and from this a number of requirements are identified. A structured survey of literature around IoT middleware systems and platforms identifies 20 systems which are evaluated against those requirements. From this, a set of gaps in IoT middleware systems are identified.
This work addresses a number of these gaps in a novel approach for linking IoT devices to cloud and web systems. A proposed architecture supports an integrated set of privacy preserving controls based on federated identity and access management patterns. In particular, a model introduces device and user registration processes that are adapted to support constrained IoT devices. Federation and de-coupling of systems are incorporated to allow choice of where data is shared with the result that users can choose to avoid sharing data with systems that may infringe privacy. Users are automatically provisioned with a cloud service that manages their devices and data. Summarisation and filtering of data are incorporated to protect raw data and prevent fingerprinting attacks.
A formal model of the approach is presented and properties are proved mathematically, and these properties are used to inform a threat model of the system, which demonstrates benefits of the model in enhancing privacy and security.
The model is implemented in a prototype system and experimental results on this system are presented, including energy usage, cost, scalability and performance. The prototype demonstrates that the approach is both feasible and cost-effective. Performance data demonstrates that the impact on users of the approach is minimal and within norms for such systems. Finally, areas of further research are presented.
Date of AwardJul 2017
Original languageEnglish
SupervisorBenjamin Aziz (Supervisor)

Cite this