CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Securing IoT Using Decentralized Trust Privacy and Identity Management
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.ORCID iD: 0000-0002-9423-6270
2024 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

The Internet of Things (IoT) is a multidisciplinary area where technology meets people, enriching their quality of life with an improved working environment and efficient productivity. As the number of IoT devices increases, many new technology areas are being integrated with the IoT. IoT devices mainly connect and collaborate with central cloud servers for data management. The IoT paradigm is built upon the Internet and accesses different layers of Internet architectures. IoT devices are at the access layer of the Internet, and cloud servers are located at the top layer. The innovative use cases of IoT applications drive the requirement for quick decision-making that occurs as close to the source of information as possible. IoT devices need to be authenticated near the source for rapid request processing. Trustworthy interaction and secure communication between different entities of an IoT paradigm are crucial. A centralized cloud-based implementation of IoT solutions can be problematic for ensuring trustworthy and authenticated interactions in which quicker decision-making is involved. Additionally, privacy leakage possibilities increase with cloud-based solutions, as they involve multiparty interactions, introducing more complexity into ensuring data privacy. Due to IoT application and service heterogeneity, traditional security models are unsuitable for the IoT. There is no generic model for IoT data security and user data privacy that can facilitate trustworthy collaboration and identity management near the source.

The thesis focuses on creating a generic state-of-the-art artefact for IoT security, utilizing decentralized trust, user data privacy, and localized identity management for heterogeneous IoT devices and services. The main contributions of this thesis include a novel decentralized model for secure and reliable interaction between components of the IoT paradigm, complemented by a decentralized trust management model, an edge gateway-based privacy enhancement scheme, and a decentralized identity management model with new authentication and authorization mechanisms for IoT devices where access to new resources is granted locally, and activities are recorded with context information. The proposed models are generic and can be easily adapted to real-life IoT use cases with minor amendments.

Place, publisher, year, edition, pages
Stockholm: Department of Computer and Systems Sciences, Stockholm University , 2024. , p. 64
Series
Report Series / Department of Computer & Systems Sciences, ISSN 1101-8526 ; 24-006
Keywords [en]
Internet of Things (IoT), Decentralized Architecture, Distributed Ledger Technology, Edge Computing, Fog Computing, Security, Trust, Privacy, Identity management
National Category
Computer Engineering Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-227207ISBN: 978-91-8014-701-9 (print)ISBN: 978-91-8014-702-6 (electronic)OAI: oai:DiVA.org:su-227207DiVA, id: diva2:1842680
Public defence
2024-04-30, Lilla hörsalen, NOD-huset, Borgarfjordsgatan 12, Kista, 13:00 (English)
Opponent
Supervisors
Available from: 2024-04-05 Created: 2024-03-05 Last updated: 2024-03-27Bibliographically approved
List of papers
1. Towards Security on Internet of Things: Applications and Challenges in Technology
Open this publication in new window or tab >>Towards Security on Internet of Things: Applications and Challenges in Technology
2018 (English)In: Procedia Computer Science, E-ISSN 1877-0509, Vol. 141, p. 199-206Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) paradigm refers to the network of physical objects or "things" embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with servers, centralized systems, and/or other connected devices based on a variety of communication infrastructures. IoT data collected from different sensors, nodes and collectors are transferred to the cloud over the internet. IoT devices are used by consumers, healthcare, businesses as well as by the governments. It is being forecast that 31 billion IoT devices will be deployed all over the world by the year 2020. As the use of IoT devices is increasing every moment several IoT vulnerabilities are introduced. The results and analysis indicate that massive deployment of IoT with an integration of new technologies are introducing new security challenges in IoT paradigm. In this paper, IoT security challenges and open issues are discussed which provides a ground for future research.

Keywords
Internet-of-Things, IoT security challenges, Trust in IoT, IoT data privacy, Distributed intelligence, Blockchain 5G wireless technology, Software defined network (SDN), Network function virtualization (NFV), Machine learning
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-162342 (URN)10.1016/j.procs.2018.10.168 (DOI)000471261700025 ()
Conference
The 9th International Conference on Emerging Ubiquitous Systems and Pervasive Networks (EUSPN 2018), Leuven, Belgium, November 5-8, 2018
Available from: 2018-11-26 Created: 2018-11-26 Last updated: 2024-03-05Bibliographically approved
2. Fog Computing based Trust Solutions for Internet of Things (IoT): A Systematic Literature Review
Open this publication in new window or tab >>Fog Computing based Trust Solutions for Internet of Things (IoT): A Systematic Literature Review
2020 (English)In: 2020 International Conference on Computer Science, Engineering and Applications (ICCSEA), IEEE conference proceedings, 2020, p. 1-6Conference paper, Published paper (Refereed)
Abstract [en]

Scientific research is performed based on real life problems. Reproducibility of research result is one of the curtail criteria for any scientific research. Proper documentation about research methodology allows fellow researcher to reproduce the results and to further extend of the research findings. Fog computing-based solution enhances quality of IoT solutions by making a bridge between cloud layer and end devices of IoT paradigm. Also fog computing can also increase security and trust in IoT by processing data at the fog layer which is closer to the source of data where it is produced. But fog computing-based trust solutions for Internet of Things (IoT) is a new trend. Fog computing can be considered as engineering discipline. IoT itself covers many aspects of human life; we can call IoT as a social science research area. In this paper, authors have discussed about different scientific research approaches used in fog computing based trust management in IoT researches.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2020
Keywords
Internet of Things (IoT), Fog Computing, Trust, Qualitative Research, Quantitative Research, Validity, Reliability
National Category
Computer Sciences
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-184116 (URN)10.1109/ICCSEA49143.2020.9132861 (DOI)978-1-7281-5830-3 (ISBN)
Conference
2020 International Conference on Computer Science, Engineering and Applications (ICCSEA), Gunupur, India, 13-14 March, 2020
Available from: 2020-08-13 Created: 2020-08-13 Last updated: 2024-03-05Bibliographically approved
3. IMSC-EIoTD: Identity Management and Secure Communication for Edge IoT Devices
Open this publication in new window or tab >>IMSC-EIoTD: Identity Management and Secure Communication for Edge IoT Devices
2020 (English)In: Sensors, E-ISSN 1424-8220, Vol. 20, no 22, article id 6546Article in journal (Refereed) Published
Abstract [en]

The Internet of things (IoT) will accommodate several billions of devices to the Internet to enhance human society as well as to improve the quality of living. A huge number of sensors, actuators, gateways, servers, and related end-user applications will be connected to the Internet. All these entities require identities to communicate with each other. The communicating devices may have mobility and currently, the only main identity solution is IP based identity management which is not suitable for the authentication and authorization of the heterogeneous IoT devices. Sometimes devices and applications need to communicate in real-time to make decisions within very short times. Most of the recently proposed solutions for identity management are cloud-based. Those cloud-based identity management solutions are not feasible for heterogeneous IoT devices. In this paper, we have proposed an edge-fog based decentralized identity management and authentication solution for IoT devices (IoTD) and edge IoT gateways (EIoTG). We have also presented a secure communication protocol for communication between edge IoT devices and edge IoT gateways. The proposed security protocols are verified using Scyther formal verification tool, which is a popular tool for automated verification of security protocols. The proposed model is specified using the PROMELA language. SPIN model checker is used to confirm the specification of the proposed model. The results show different message flows without any error.

Keywords
IoT, identity management, IoT security, authentication, authorization, edge computing, fog computing, decentralized, trust, context-aware computing, trusted computing platform
National Category
Computer Engineering
Research subject
Computer and Systems Sciences; Information Systems Security
Identifiers
urn:nbn:se:su:diva-195114 (URN)10.3390/s20226546 (DOI)000594583600001 ()
Available from: 2021-08-04 Created: 2021-08-04 Last updated: 2024-03-05Bibliographically approved
4. Dynamic and Decentralized Trust Management for the Internet of Things (IoT) Paradigm
Open this publication in new window or tab >>Dynamic and Decentralized Trust Management for the Internet of Things (IoT) Paradigm
2021 (English)In: Proceedings of the 12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020) / [ed] Ajith Abraham; Yukio Ohsawa; Niketa Gandhi; M.A. Jabbar; Abdelkrim Haqiq; Seán McLoone; Biju Issac, Cham: Springer, 2021, p. 1017-1026Conference paper, Published paper (Refereed)
Abstract [en]

Trust is an invisible behavior of any entity. An entity could be a living being or a cyber-physical system. The Internet of Things (IoT) is a connected network of smart objects or things where trusted relationships are crucial. Trust in an entity can increase or decrease based on different parameters and properties of the specific entity. Trusted relationships can dynamically reach based on contextual data collected over time. The heterogeneous behavior of IoT devices makes trust measurement more difficult. The massive deployment of IoT devices and related innovative IoT applications leads to exploring new trust management frameworks for the IoT paradigm. Emerging IoT applications need to trust entities deployed by third-party providers. Innovative external IoT applications need to be dynamically trusted by the IoT devices and IoT gateways. Dynamic trust achievement is a complex process when an entity is new within the network. In this article, we have defined the trust management for IoT and discussed the need for trusted architecture for dynamic IoT infrastructure, and elaborated the requirements of trust management policies. We have also heightened the need for decentralized architecture for trust management for the Internet of Things (IoT). A new edge-centric multi-agent-based dynamic and decentralized trust management model is proposed and simulated to solve the aforementioned issues. The results of this work are useful for further research in the field of trust management for IoT. 

Place, publisher, year, edition, pages
Cham: Springer, 2021
Series
Advances in Intelligent Systems and Computing, ISSN 2194-5357, E-ISSN 2194-5365 ; 1383
Keywords
Trust Management, Internet of Things (IoT), DynamicTrust, Decentralized Architecture, Properties of Trust
National Category
Computer Engineering
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-200472 (URN)10.1007/978-3-030-73689-7_96 (DOI)978-3-030-73688-0 (ISBN)978-3-030-73689-7 (ISBN)
Conference
12th International Conference on Soft Computing and Pattern Recognition (SoCPaR 2020), online, December 15-18, 2020
Available from: 2022-01-05 Created: 2022-01-05 Last updated: 2024-03-05Bibliographically approved
5. Enhancing Data Privacy in the Internet of Things (IoT) using Edge Computing
Open this publication in new window or tab >>Enhancing Data Privacy in the Internet of Things (IoT) using Edge Computing
2020 (English)In: Trends in Computational Intelligence, Security and Internet of Things: Third International Conference, ICCISIoT 2020, Tripura, India, December 29-30, 2020, Proceedings / [ed] Nirmalya Kar; Ashim Saha; Suman Deb, Cham: Springer, 2020, p. 231-243Conference paper, Published paper (Refereed)
Abstract [en]

The vast deployment of the Internet of Things (IoT) is improving human life standards every day. These IoT applications are producing a huge amount of data from the environment where it is deployed. The collected data are mostly including end-user private data or industrial data which are transmit-ted over the internet to the cloud devices for storing, processing, and sharing with the connected applications. Recent IoT data privacy related researches are mostly focused on data privacy within a particular location of the network or at a particular device but none has pointed and listed all the places where the end-user or industrial data privacy risks exist. In this work, we have addressed both technical and management aspects for the enhancement of the privacy of IoT data. We have identified and listed the places where IoT data privacy risks exist, followed by our proposed model for data privacy enhancement in the inter-net of things (IoT) and listed ten suggestions for avoiding data privacy leakage and for IoT data privacy enhancement. The results of this work should be useful for both academic researchers and stakeholders from the industry while designing and implementing new IoT solutions for the enhancement of human society.

Place, publisher, year, edition, pages
Cham: Springer, 2020
Series
Communications in Computer and Information Science, ISSN 1865-0929, E-ISSN 1865-0937 ; 1358
Keywords
Internet of Things (IoT), Edge Computing, Identity Privacy, Location Privacy, Cloud Computing, IoT Data Privacy
National Category
Computer Engineering
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-188934 (URN)10.1007/978-3-030-66763-4_20 (DOI)978-3-030-66763-4 (ISBN)978-3-030-66762-7 (ISBN)
Conference
Third International Conference, ICCISIoT 2020, Tripura, India, December 29-30, 2020
Available from: 2021-01-14 Created: 2021-01-14 Last updated: 2024-03-05Bibliographically approved
6. Layered Architecture for End-to-end Security, Trust, and Privacy for the Internet of Things
Open this publication in new window or tab >>Layered Architecture for End-to-end Security, Trust, and Privacy for the Internet of Things
2021 (English)In: Intelligent Computing and Innovation on Data Science: Proceedings of ICTIDS 2021 / [ed] Sheng-Lung Peng; Sun-Yuan Hsieh; Suseendran Gopalakrishnan; Balaganesh Duraisamy, Springer Nature , 2021, p. 289-298Conference paper, Published paper (Refereed)
Abstract [en]

The Internet of Things (IoT) paradigm consists of smart sensor objects and their related applications. All these intelligent sensors communicate and transfer data via the internet. Though communication between IoT devices and other network components is mostly performed over traditional Internet infrastructure, this process is still much more complex and different from a conventional client-server communication process. In general, both parties are authenticated and authorized via a centralized identity and authorization management server in a traditional client-server or peer-to-peer communication network architecture. But in an IoT infrastructure, the IoT devices, gateways, end-user applications need to be authenticated dynamically during or before the communication processes begin. Another issue in the communication process is secure communication between components of the IoT paradigm. Due to the heterogeneous behavior and dynamic communication between IoT devices, it is hard to define a standard way to secure communication between IoT infrastructure and cloud computing components. A new seven layers of IoT communication architecture is proposed to address the above-mentioned issues, where data communication and processing are done in a decentralized and distributed manner.

Place, publisher, year, edition, pages
Springer Nature, 2021
Series
Lecture Notes in Networks and Systems, ISSN 2367-3370, E-ISSN 2367-3389 ; 248
Keywords
Internet of Things (IoT), Distributed Architecture, Decentralized Architecture, IoT Security, Authentication, Authorization, Trust, Privacy
National Category
Computer Engineering
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-200619 (URN)10.1007/978-981-16-3153-5_32 (DOI)978-981-16-3153-5 (ISBN)978-981-16-3152-8 (ISBN)
Conference
2nd I ternational Conference on Technology Innovation and Data Scienses-2021, February 19-20, 2021, Petaling Jaya, Malaysia,
Available from: 2022-01-08 Created: 2022-01-08 Last updated: 2024-03-05Bibliographically approved
7. DIdM-EIoTD: Distributed Identity Management for Edge Internet of Things (IoT) Devices
Open this publication in new window or tab >>DIdM-EIoTD: Distributed Identity Management for Edge Internet of Things (IoT) Devices
2023 (English)In: Sensors, E-ISSN 1424-8220, Vol. 23, no 8, article id 4046Article in journal (Refereed) Published
Abstract [en]

The Internet of Things (IoT) paradigm aims to enhance human society and living standards with the vast deployment of smart and autonomous devices, which requires seamless collaboration. The number of connected devices increases daily, introducing identity management requirements for edge IoT devices. Due to IoT devices’ heterogeneity and resource-constrained configuration, traditional identity management systems are not feasible. As a result, identity management for IoT devices is still an open issue. Distributed Ledger Technology (DLT) and blockchain-based security solutions are becoming popular in different application domains. This paper presents a novel DLT-based distributed identity management architecture for edge IoT devices. The model can be adapted with any IoT solution for secure and trustworthy communication between devices. We have comprehensively reviewed popular consensus mechanisms used in DLT implementations and their connection to IoT research, specifically identity management for Edge IoT devices. Our proposed location-based identity management model is generic, distributed, and decentralized. The proposed model is verified using the Scyther formal verification tool for security performance measurement. SPIN model checker is employed for different state verification of our proposed model. The open-source simulation tool FobSim is used for fog and edge/user layer DTL deployment performance analysis. The results and discussion section represents how our proposed decentralized identity management solution should enhance user data privacy and secure and trustworthy communication in IoT.

Keywords
Distributed Ledger Technology (DLT), blockchain, Internet of Things (IoT), identity management, identity authentication, authorization, security, trust, privacy, scalability
National Category
Computer Engineering
Research subject
Computer and Systems Sciences
Identifiers
urn:nbn:se:su:diva-216827 (URN)10.3390/s23084046 (DOI)
Available from: 2023-05-02 Created: 2023-05-02 Last updated: 2024-03-05Bibliographically approved

Open Access in DiVA

Securing IoT Using Decentralized Trust Privacy and Identity Management(5501 kB)174 downloads
File information
File name FULLTEXT03.pdfFile size 5501 kBChecksum SHA-512
4f23377d7e5326f9b936ae91885cd1c3b80750a8bbf4a25f15b66909becf186381ba004424d132ec2a7939ec673fc84d5653e8e73eb9315c986a989eca969630
Type fulltextMimetype application/pdf

Authority records

Sadique, Kazi Masum

Search in DiVA

By author/editor
Sadique, Kazi Masum
By organisation
Department of Computer and Systems Sciences
Computer EngineeringComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 174 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 1015 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf