Internet of Things – Architecture © - 98 -
3.7.2 Security
Now that we have discussed the fundamental aspects that will be included in
our Trust Model, in this section we provide a generic overview of the Security
reference model in our architecture.
Our Security reference model is made of three layers: the Service Security
layer, the Communication Security layer and the Application Security layer. The
former, described in details in D4.2 [Gruschka 2012], includes the following
components: Authorization, Identity Management, Trust and Reputation,
Authentication, and key exchange and management. In the remaining of this
section we detail the two last layers.
3.7.2.1 Communication security
IoT systems are heterogeneous. Not only because of the variety of the entities
involved (data, machines, sensors, RFID, and so on), but also because they
include Devices with various capabilities in terms of communication and
processing. Therefore, a Communication Security Model must not only consider
the hetereogenity of the system, but it also should guarantee a balance
between security features, bandwidth, power supply and processing capabilities
[Rossi 2012].
Here we work under the assumption that the IoT device space can be divided
into two main categories: constrained networks (NTU) and unconstrained
networks (NTC) (See Networks and communication entities, Chapter 2 of D3.3
in [Rossi 2012]). The domain of constrained devices contains a great
heterogeneity of communication technologies (and related security solutions)
and this poses a great problem in designing a model encompassing all of them.
Examples for such communication technologies can be found in [Rossi
2012]).
To mitigate the aforementioned heterogeneities we could provide a
Communication Security Model with a high degree of abstraction. However, it
would be useless, as it would lack the specifics needed in the moment of
implementing a specific IoT architecture. As in the Communication Model (see
Section 3.6), we address the problem by introducing profiles that group
heterogeneous Devices into groups characterised by given specifications.