IoT Domain Application Taxonomy And Their Security Requirements

IoT technologies can be applied in a variety of domains. However, it is impossible to envisage all potential IoT applications. In order to consider the match be- tween the application domain-specific requirements and the avail- able access control technologies, the previous (S&PP) dimensions shall be analyzed, among which are:

• Confidentiality and integrity
• Reliability and Availability
• Privacy
• Usability

In the following, those dimensions will be used for consider- ing the specific requirements of the three identified application do- main categories: Personal and home. In this field, IoT comes up with relevant ser- vices that improve our daily life style: In fact, the more physical objects and smart devices join the IOT realm, the more prevail- ing the impact and assets that IOT adds to our daily lives become. New and endless services can emerge to address society challenges and help people make better decisions. Healthcare applications like telehealth or telecare, or smart home applications are only some of the examples. The requirements for Personal and home domain applications are summarized in the following: Integrity and confi- dentiality are of great importance in such applications. In fact, IoT- related healthcare and home automation solutions, are expected to be closer by nature to user intimacy, and therefore their adop- tion depends on the level of their confidentiality and integrity.

For example, Wearable computing devices MBAN: whereby the de- vices or sensors actively monitor the human body’s vital signs (e. g. , heartbeat, temperature and blood pressure) are dealing with very sensitive and private data. Therefore, any tentative of falsifying or disclosing patients data may cause fatal damages such as incorrect diagnosis or even death. Restricted access to the control of home devices and appliances are also necessary requirements. The need of reliability and availability depends on the type of the service provided. Indeed, In case of wellness services, occasional unavail- ability and/or failure may be tolerated. But, when the monitoring is a part of prevention, diagnosis, or treatment service, high-level of reliability and availability is critically required to ensure any ur- gent intervention in case of emergency. Then, efficient and Real- time data acquisition, event ordering, synchronization, and rapid response in emergency circumstances are crucial. As of privacy, users are directly and highly involved in such kind of applications since their personal data are considered as the fuel of all health- care applications.

Therefore, users have to take advantage of the available information/features that humans and their motion cap- tures. As a result, access control model that are targeting this type of application are highly required to be user driven and privacy preserving. Usability: Healthcare and smart home services are ex- pected to be used by the non-expert users. Since users may not be familiar with inner workings of security mechanisms, it is im- portant that the system from user perspective be characterized as simple, transparent and inconspicuous. Therefore, preferred access control models are those which reduce user effort in system ad- ministration and facilitate more autonomous establishment of se- curity context.