Security certification and labelling in Internet of Things

In recent years, the security and privacy aspects of IoT has received considerable attention from the industry and research communities. Because IoT will be more pervasive in the everyday life of the citizens and it may be used in safety related applications (e.g., road transportation), IoT security threats may be more damaging than conventional Internet security threats. Because of processing and memory constraints, the provision of security functions could be quite challenging in IoT. In addition, IoT devices must operate in a dynamic environment in terms of communication interfaces and fast upgrade cycle (e.g., patching), which imposes severe requirements to designer and developers in terms of security. Privacy aspects are also relevant because of the large amount of data collected by IoT sensors. The security certification of IoT devices is an important element to support the development and deployment of IoT systems and trusted applications. The objective of this paper is to investigate the security certification of IoT taking in consideration the current security certification frameworks and standards and the related limitations identified by the industry and research communities. This paper proposes a new approach for security certification in IoT, which addresses the identified limitations and links formal models to testing and certification

BALDINI Gianmarco;  SKARMETA Antonio;  FOURNERET Elizabeta;  NEISSE Ricardo;  LEGEARD Bruno;  LE GALLE Franck; 

2017-04-06

IEEE

JRC102989

978-1-5090-4130-5,   

http://ieeexplore.ieee.org/document/7845514/,    https://publications.jrc.ec.europa.eu/repository/handle/JRC102989,   

10.1109/WF-IoT.2016.7845514,