Security And Trust Management In Internet Of Things

Abstract—Internet of Things (IoT) is an emerging research field in networking domain and applied to almost all the applications that can change the people lives as smart. Moreover, in some use cases large volume of sensitive data could be generated. The number of security threats related to Infrastructure, platform and application of IoT has been increased over the last few years. So, it is necessary to apply proper security solutions which ensure privacy and confidentiality of data. To address the secure and reliable communication, various trust-based solutions were introduced. Most of the nodes in IoT system are heterogeneous and limited storage space. Most of the existing trust-based solutions could not able to achieve this requirement. This article provides a detailed review of the security challenges and trust management techniques adopted for IoT to secure data in a cloud environment.

Keywords— Internet of Things; Security; Trust; Threats;

INTRODUCTION

This Internet of things (IoT) is currently drawing much attention, and its first real usages are occurring in real-world scenarios. The two disparate physical and virtual worlds are combined by the term IoT. An ecosystem which interconnects huge number of machine type devices (MTDs), mundane objects, tablets, people, smartphones with an internet is termed as Internet of Things (IoT). This prevalent ecosystem delivers various services such as drone-based services, innovative applications, smart grid features, and new healthcare applications. However, reliable wireless infrastructure is required for the effective delivery of IoT services, which can able to communicate with the heterogeneous [3] environment. In the field of IoT, entities are entirely different from the general communication network in the aspect of deployment environment and their characteristics. IoT would be the significant part in the economy of the globe rather than the internet. Along with the basic principles of IoT concepts, authorization, integrity, authentication, availability, confidentiality, and privacy of the information should be equipped.

PROBLEM STATEMENT

Security is a very important aspect as well as a challenge for implementing IoT solutions. The inappropriate access control and privacy are the main issues in the top list. It is necessary to maintain proper authorization, because these devices are open networks in which any device can communicate at any time [4]. With the adoption of new technologies, the IoT environment has become complex, and privacy issues have become more complicated. Because of the terminal equipment, miniatured devices, platform, smart application and other factors of IoT, the security concerns are rising. Moreover, with an existing concept like firewall, authentication protocols and key chain pair might not offer a proper solution in the IoT context. From the aspect of security and technology, the access control of tiny sensor devices in IoT has become critical one [6]. Hence, the access control system design can able to address major issues in IoT by providing solutions to eradicate the threat which causes data privacy and user security.

SECURITY ISSUES IN IOT

The role of wireless infrastructure in IoT applications is expected to become more prominent with the deployment of mobile nodes and sensor devices. The sensor networks are being open to the internet connectivity, hence it becomes more vulnerable to attackers from anywhere in the world. The important challenges due to various technologies that drive and move forward the IoT into next level are discussed here. Through the study of existing available resources, it has been clearly stated that IoT devices and users are severely affected by various security threats. Major security issues in IoT are the insecure network services, insecure web interface, insecure mobile interface, insecure cloud interface, insufficient authentication, insufficient authorization and lack of security configuration. The number of security threats directly relate to IoT devices has increased over the last years. It shows that attacks take place at different levels in the infrastructures and throughout the whole process involved in IoT ecosystem. The major attacks and their impacts are summarized. Hence it leads to a serious requirement for analyzing different security challenges in the IoT network. Therefore, to overcome different security threats in the IoT network, the trust-based mechanism is developed hence the next section provides a detailed review of existing trust-based security mechanism adopted in IoT.

TRUST MANAGEMENT

A. Trust

The behavior of the node or data is classified as good or bad based on the trust value. A trustor and a trustee are the two entities involved in a trust relationship, and for mutual benefits, they rely on each other. The relationship of trust resides in the context such as the trust environment, purpose of the trust, and the risk of trust.

1. Direct Trust: Direct trust is based on experiences or observations, direct interactions between the two entities that are trustor node and the trustee node.
2. Indirect Trust: In indirect trust, there are no past interactions or experiences for the trustor and the trustee. In such a scenario, based on the recommendations and opinion of the other nodes trust is built. Indirect trust can be established if a subject node cannot directly observe the communication behaviours of the object node.
3. Recommended Trust: Recommended trust calculates filtered reliable recommendations. The third-party recommendations are not reliable. Therefore, an effective solutions need to be addressed to detect and filter unreliable recommentations

B. Trust Management

Trust management scheme provides majority solutions in IoT for user information security and privacy, for the process of data fusion and data mining and for the qualified data services with intelligence. Whereas reputation is a measure to assess the trust level which is put into an entity which is derived from the experiences or knowledge (direct or indirect) on earlier interactions of entities. Most of the existing work calculates the trust value based on node behavior. In the wireless multi hop environment, cooperation among neighbor nodes are important. The various applications of trust-based solution for wireless environment are data aggregation, routing, node selection, localization and malicious attacker detection. Based on the management scheme, trust models can be classified into centralized and distributed. In the distributed approaches all the participating nodes can able to calculate their trust values. The base station or any server is used to calculate the trust value for all nodes in the centralized approach. This approach may not be suitable for all applications because this management consumes more energy. In the IoT context, both distributed and centralized approaches can be used in different level. For device communication and user access control system we can apply distributed and centralized approach respectively.

C. Applications

The major applications of the trust model are user/device access control, secure routing, cluster head selection, malicious node detection David presented a lightweight trust-based routing framework called as SecTrust. The trust value is calculated based on past successful interactions of the IoT device communication. Based on the trustworthiness routing attackers are isolated from the network. Zeeshan presented a resilient routing mechanism for low power and lossy network using trust. Each node in the network computes trust value using trust metrics like belief, disbelief and uncertainty. Bader presented a cluster head selection scheme for IoT enabled sensor network by using trust value. Only the trusted nodes were selected as cluster head. The trust value is computed based on successful interaction. The forgetting factor is used to assign different weight value for old entries in the history. Access control system allows accessing resources like IoT device, sensor or URL file only for authorized users. The standard authorization models must be analyzed in depth before applying them to the Internet of Things. Mahalle presented Trust Based Access Control (FTBAC) using the fuzzy approach based on identity management using trust level.

D. Challenges in Trust and Reputation system

Trust and reputation system face some of the challenges such as heterogeneity, scalability, infrastructure, identity, integrity, and network resources.

• Trust, and reputation systems must consider the challenge of heterogeneity because the future internet will exhibit high heterogeneity levels (web-enabled, digital virtual, cyber-physical etc. )
• The second challenge is scalability, to stay fully functional, the trust and reputation system must scale with the growth in the number of devices.
• Trust and reputation systems must consider this third challenge of infrastructure because to collect information. Entities need others to interact with them and they must be able to find them within the network.
• Both, challenges and the opportunity to improve security are offered by identity management in IoT. The underlying mechanism and identity of things are not the same, and it is the most important aspect of this challenge.
• The prevention of unauthorized modification to hardware and software is ensured by the concept of integrity. Authorized or unauthorized personnel do not unauthorized modification to data, and that data is internally and externally consistent.
• The last challenge is exhibited from connections of various things and different network capabilities. This means that bandwidth, availability, and the latency difference must be considered especially if certain aspects of the interactions are critical in a time.

E. Comparision Analysis

To design efficient trust-based security solution, the following set of points needed to be considered:

• Trust model should be lightweight and easy to implement.
• Trustworthiness of the nodes should be continuously updated.
• If the numbers of interactions between the nodes are increased, the trust value can able to achieve good level of accuracy.
• For the recommendation approaches, we need to select proper filtering and aggregation models to remove unwanted recommendation.
• Trust model should consider different attacks.

CONCLUSION

To protect the data in an IoT network, trust management scheme has been widely used and hence this review examines the trust management scheme for securing data in the IoT in different aspects. The review reveals that even though the trust management scheme provides a significant advantage for various threats yet, it requires some effective modification.