Internet of Things security and privacy: Design methods and optimization

Recent advances in information and communication technologies and embedded systems have given rise to a new disruptive technology: the Internet of Things (IoT). This major development will lead to major changes in usage and to a transformation of the technological ecosystem in all its complexity. IoT will allow people and objects in the physical world as well as data and virtual environments to interact with each other so as to create smart environments such as smart transport systems, smart cities, smart health, smart energy, etc., as part of a prosperous digital society. IoT is likely to improve the quality of people’s lives, create new markets and new jobs, increase economic growth and be an impetus for competition. However, IoT raises important questions and introduces new challenges for the security of systems and processes and the privacy of individuals. Some IoT applications are tightly linked to sensitive infrastructures and strategic services such as the distribution of water and electricity and the surveillance of assets. Other applications handle sensitive information about people, such as their location and movements, or their health and purchasing preferences. Confidence in and acceptance of IoT will depend on the protection it provides to people’s privacy and the levels of security it guarantees to systems and processes. IoT will enable objects to become active participants: these objects will be able to recognize events and changes in their environment and to sense and react autonomously without human intervention. Introducing objects into the control processes makes IoT security very difficult to address. Indeed, the Internet of Things is a complex system in which people interact with the technological ecosystem based on smart objects through complex processes. The interactions of these four IoT components: persons, intelligent objects, technological ecosystem, and processes highlight a systemic and cognitive dimension to the security of IoT. The interaction of people with the technological ecosystem requires the protection of their privacy. Similarly, their interaction with control processes requires to guaranteeing their safety. Processes must ensure their reliability and realize the objectives for which they are designed. The move towards a greater autonomy for objects will bring the security of technologies and processes and the privacy of individuals into sharper focus. Furthermore, in parallel with the increasing autonomy of objects to perceive and act on the environment, IoT security should move towards a greater autonomy in perceiving threats and reacting to attacks. The purpose of this special issue is to study and evaluate architectures and solutions that ensure Internet of Things Security and Privacy. The special issue consists of 7 papers proposing solutions for securing Internet of Things, providing efficient privacy and confidentiality in spite of the ubiquitous nature of IoT and the constrained resources and capacities: Paper ‘‘OSCAR: Object Security Architecture for the Internet of Things’’ proposes an architecture for end-toend security in the Internet of Things. It is based on the concept of object security that relates security with the application payload. The architecture includes Authorization Servers that provide clients with Access Secrets that enable them to request resources from constrained CoAP nodes. The results show that OSCAR outperforms a security scheme based on DTLS when the number of nodes increases. OSCAR also results in low energy consumption and latency. The paper ‘‘Survey on Secure Communication Protocols for the Internet of Things’’ presents security challenges in IoT and surveys security protocols for IoT. Then, authors discuss suitability of proposed solutions to IoT context and constraints. In ‘‘Providing Destructive Privacy and Scalability in RFID Systems Using PUFs’’, authors propose a scalable authentication protocol for RFID systems. The solution utilizes Physically Unclonable Functions (PUFs) as a secure storage to keep secrets of the tag in order to achieve higher level of privacy with constant identification time. It provides destructive privacy according to the Vaudenay’s privacy and security