The role of authentication in the IoT systems
Authors: Bratko D.V., Berezin V.S. | |
Published in issue: #1(42)/2020 | |
DOI: 10.18698/2541-8009-2020-1-570 | |
Category: Informatics, Computer Engineering and Control | Chapter: Methods and Systems of Information Protection, Information Security |
|
Keywords: Internet of things, authentication, Smart Home, threat model, security, information and communication technologies, automation, cloud platform |
|
Published: 30.01.2020 |
Currently, more and more opportunities are opening up for optimal resource management. A new technology — the Internet of things — allows one to measure and optimize processes that span many areas of human life. However, “smart” devices of the Internet of things are often attacked by cybercriminals. Thus, an analysis of the security of the Internet of things was carried out using the example of implementing a home automation system — Smart Home. In the framework of this problem, the threat model of each component of the system is considered and the logical form of a formalized representation of this threat model is given. Based on the identified vulnerabilities, measures have been developed aimed at enhancing the security of the Smart Home system. In the course of the analysis, it was found that in order to solve the problem, a reliable access and authentication system based on cryptography is necessary. In addition, the task of ensuring security should not be isolated from the authentication system; it requires a comprehensive solution.
References
[1] Chto takoe internet veshchey [What is Internet of things]. tadviser.ru: website (in Russ.). URL: http://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%A7%D1%82%D0%BE_%D1%82%D0%B0%D0%BA%D0%BE%D0%B5_%D0%B8%D0%BD%D1%82%D0%B5%D1%80%D0%BD%D0%B5%D1%82_%D0%B2%D0%B5%D1%89%D0%B5%D0%B9_%28Internet_of_Things%2C_IoT%29 (accessed: 20.08.2019).
[2] Kantyshev P. Internet veshchey otkryvaet kiberprestupnikam novoe pole deyatel’nosti [Internet of things opens new territory for cybercriminals]. vedomosti.ru: website (in Russ.). URL: https://www.vedomosti.ru/technology/articles/2016/02/29/631753-internet-veschei-otkrivaet-kiberprestupnikam-novoe-pole-deyatelnosti (accessed: 26.09.2019).
[3] Robachevskiy A.M. Smart and dangerous? Security problems of the Internet of things. Internet iznutri, 2017, no. 5 (in Russ.). URL: http://internetinside.ru/umnye-i-opasnye-voprosy-bezopasnosti-i/ (accessed: 20.08.2019).
[4] Sabanov A.G. Some features of authentication when accessing cloud services. Vestnik Nizhegorodskogo universiteta im. N.I. Lobachevskogo [Vestnik of Lobachevsky University of Nizhni Novgorod], 2013, no. 2(1), pp. 45–51(in Russ.).
[5] Grusho A.A., Zabezhaylo M.I., Smirnov D.V., et al About complex authentication. Sistemy i sredstva informatiki [Systems and Means of Informatics], 2017, vol. 27, no. 3, pp. 4–11. DOI: https://doi.org/10.14357/08696527170301 (in Russ.).
[6] Sabanov A.G. Assurance criteria to access claimant identification results. Elektrosvyaz’, 2019, no. 3, pp. 54–60 (in Russ.).
[7] Sabanov A.G. The method of authentication stringency level determination. Elektrosvyaz’, 2016, no. 8, pp. 56–61 (in Russ.).
[8] Sabanov A.G. User identification and e-authentication assurance levels forming. Elektrosvyaz’, 2015, no. 10, pp. 46–51 (in Russ.).
[9] Sabanov A.G. General analysis of international standards on identification and authentication. Part 1, 2. Zashchita informatsii. Insayd, 2016, no. 2, pp. 84–87, no. 3, pp. 70–73 (in Russ.).
[10] Ovchinnikov N.A., Misyurina K.V., Rudikova M.N., et al. “Smart home” formalized model of informational security. Aprobatsiya, 2016, no. 1(40), c. 49–51 (in Russ.).