Internet of Things Architecture

(Elliott) #1

Internet of Things – Architecture © - 102 -


 It shall not be possible to infer the subject‘s identity by
aggregating/reasoning over information available at various sources;

 Information gained for a specific purpose shall not be used for another
purpose. E.g., the bank issuing a credit card should not use a given
client‘s purchase information (logged so to keep track of that client‘s
account) to send him advertising on goods similar to his purchaces.

To provide the above properties the IoT-A privacy model relies on the following
functional components: Authentication component, Trust and Reputation
component.


Table 3 below (excerpt from the IoT-A Threat Analysis) briefly summarizes how
these components mitigate some of the privacy threats to privacy, further
discussed in The Risk Analysis performed in IoT-A (see Section 5.2.9).


Threat Result Mitigation


Identity spoofing


User‘s identity is
spoofed

Robust user authentication procedure
preventing man-in-the-middle attacks, with
proper credentials-management policy
provided by an Authentication component.
User is involved in
transactions with a
malicious peer

Trustworthy discovery / resolution / lookup
system. Trustworthiness of the entire system
is guaranteed through its security components
(especially Authentication and Trust and
Reputation) as well as its global robustness
(security by design).

Information
Disclosure


Attacker gains
knowledge of user‘s
private parameters

The Identity Management component
enforces a robust pseudonymity scheme that
ensures anonymity and unlinkability.
Attacker gains
knowledge of user's
location

User's location can be hidden through reliance
on pseudonyms provided by Identity
Management.

Table 3 : Example of Privacy threats mitigation within IoT-A

Central to the Privacy Model is the Identity Management Functional
Component. A description of this FC is provided in deliverable 4.2 [Gruschka
2012].

Free download pdf