(DC S.13) transmission channel
between device and
application is secured
(DC S.14)Communication FC,
Network
Communication FC
and Key Exchange
and Management FC
(DC S.15) (Section
3.7.2)
Cryptographic
protocols ensuring
confidentiality,
integrity,
authentication of
subjects (DC S.16)Communication
channel between two
subjects is secured
(DC S.17)End-to-end security
protocol to ensure
wireless
communication
security (DC S.18)Secure peripheral
networks (link layer
security, secure
routing)Link-layer encryption
and authentication,
multipath routing (DC
S.19)No impactIntegration of secure
routing protocols in the
Network
Communication
component (DC S.20)
Table 24 : Tactics and corresponding Design Choices for Security.Subject Authentication
For subject authentication two options are presented here. The first is the
authentication over an encrypted channel while the other one is a crypto-based
authentication solution over an open channel. The former uses the IoT-A
Authentication FC (Section 3.7.2) while for the ladder a peer-to-peer
communication is realised over an insecure channel.
Use access policies
The tactic of using access policies is a crucial aspect in IoT. Two main
functional principles can be distinguished. The policy-based service access
uses access control mechanisms to manage to access to information. Therefore
the information must be managed accordingly so that it supports the used
mechanism. This option can be realised by using the IoT-A Authorisation FC
component (Section 3.7.2). The other possibility is to grant unrestricted access
to services. This should be only done in those cases in which data security is
not relevant.
Secure communication infrastructure
Securing the communication infrastructure focuses on delivering a secure and
robust environment for the transmission of critical data. This can be obtained by
using end-to-end or hop-to-hop encryption. In both cases the information
transmission channel in which the information flow from a device to an
application through an IoT service happens is completely secured. The end-to-
end encryption uses therefore the IoT-A End to End Communication FC and
Key Exchange and Management FC. Furthermore the Network Communication
FC, which takes care of enabling communication between networks through
Locators (addressing) and ID Resolution, is necessary (Section 3.7.2). For the
hop-to-hop encryption the only difference is the usage of the IoT-A Hop To Hop