Abstract
Internet of Things (IoT) devices are becoming ubiquitous, and may be arranged to form formal or ad hoc Command and Control (C2) networks. Such networks typically do not have a mechanism to facilitate the sharing of either data or control inputs. This paper examines this problem in the context of IoT devices operating within C2 systems which do not have a trusted relationship with each other. We propose a solution which we call syndication, to provide a controlled mechanism to share data between C2 systems of devices without a fully trusted relationship. This paper builds upon previous work which established a lightweight protocol for secure C2 operations within the IoT. Using the proposed approach enables not only sharing of data but also permits the external controller to submit moderated requests for actions to be performed. The paper concludes by examining how this approach could also be adopted to provide secure guest access to connected systems in a domestic or commercial context.
Highlights
The growth in the Internet of Things (IoT) over the last five years has been substantial and has lead to a growing awareness of the security and privacy concerns that apply to the IoT [1].Our previous work introduced [2] and described [3] the Secure Remote Update Protocol (SRUP), which established a mechanism for secure C2 oriented messaging for theIoT, built on top of the widely used Message Queuing Telemetry Transport (MQTT) protocol [4]
This paper introduces a new concept to SRUP which we call syndication; a technique which provides a mechanism to permit the moderated sharing of data and federated C2 operations between systems which do not have a trusted relationship with each other
Given the increase in utilization of IoT devices, the need to facilitate sharing of data between discrete C2 networks is important in order to provide dynamic cooperation between the operators of deployed services, especially in the context of future smart cities where standing networks of sensors or other devices may need augmentation with additional capabilities provided by third-parties during times of emergency or crisis
Summary
The growth in the IoT over the last five years has been substantial and has lead to a growing awareness of the security and privacy concerns that apply to the IoT [1]. Our previous work introduced [2] and described [3] the Secure Remote Update Protocol (SRUP), which established a mechanism for secure C2 oriented messaging for the. The requirement to connect IoT devices together in an C2 is not new [11], much previous work relating to integrating systems has focused on integrating disparate sources into a unified C2 network [12]. Our approach is in contrast to other work, which has explored mechanisms for privacy-preserving data sharing, such as identity-based encryption [14], and socialrelationships based discovery of IoT services [15].
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have