In a review of related work, a matrix of IoT threats is presented and from this a number of requirements are identified. A structured survey of literature around IoT middleware systems and platforms identifies 20 systems which are evaluated against those requirements. From this, a set of gaps in IoT middleware systems are identified.
This work addresses a number of these gaps in a novel approach for linking IoT devices to cloud and web systems. A proposed architecture supports an integrated set of privacy preserving controls based on federated identity and access management patterns. In particular, a model introduces device and user registration processes that are adapted to support constrained IoT devices. Federation and de-coupling of systems are incorporated to allow choice of where data is shared with the result that users can choose to avoid sharing data with systems that may infringe privacy. Users are automatically provisioned with a cloud service that manages their devices and data. Summarisation and filtering of data are incorporated to protect raw data and prevent fingerprinting attacks.
A formal model of the approach is presented and properties are proved mathematically, and these properties are used to inform a threat model of the system, which demonstrates benefits of the model in enhancing privacy and security.
The model is implemented in a prototype system and experimental results on this system are presented, including energy usage, cost, scalability and performance. The prototype demonstrates that the approach is both feasible and cost-effective. Performance data demonstrates that the impact on users of the approach is minimal and within norms for such systems. Finally, areas of further research are presented.
|Date of Award||Jul 2017|
|Supervisor||Benjamin Aziz (Supervisor)|