Internet of Things – Architecture © - 96 -
3.7 Trust, security, and privacy
IoT systems integrate in a seamless way physical objects, data, and computing
devices into a global network of information about “smart things”. In this
scenario, services act as bridges through which these “smart things” interact
with each other in an automated way and with as less human intervention as
possible. Towards our aim to provide a Reference Architecture for IoT systems,
it becomes thus mandatory to discuss potential security issues and define a
security model for our architecture. On the way to our goal we proceed as
follows: we identify a few separate classes of security properties that we deem
important for an IoT system and provide, for each class, tools and mechanisms
that serve as solid foundations upon which we can build complex solutions that
guarantee those properties.
Considering the multi-faceted entities that a IoT system is made of, we spot the
following necessary properties: Trust, Security, Privacy, and Reliability. In the
remainder of this chapter
We discuss these properties separately and delineate, for each of them, a
reference model within the framework of our architecture.
3.7.1 Trust
An important aspect of IoT systems is the fact that they deal with sensitive
information (e.g. patients‘ electronic health records). The entities and services
therein recurrently process, store, retrieve, and take decisions upon this type of
data. In this scenario, enforcing trust—compliance to an expected functional
behaviour— on all entities, protocols, and mechanisms an IoT system is made
of becomes a ―must‖.
Within this project, we focus on Trust at application-level. In particular, we aim
at defining a Trust Model that provides data integrity and confidentiality, and
endpoint authentication and non-repudiation between any two system-entities
that interact with each other.
Trust model mandatory aspects
Describing all possible trust-model archetypes is out of the scope of this
document. Nonetheless, we list hereafter a few and basic aspects that we
believe to be mandatory for defining a Trust Model for IoT systems:
The Trust-Model domains: In complex systems that include multi-
faceted entities, like, e.g., the IoT, a model that equally shapes the Trust
of all components is difficult, if not impossible, to define. For this reason,
various domains within the system should be determined, with every
domain defining a specific set of subjects to which certain aspects of the
trust model apply;