Paper Discussion 2a. A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications

[grahamschock]

@AkinoriKahata Akinori Kahata, Comprehensive: Priorities and characteristics in service function? @AkinoriKahata Akinori Kahata, Comprehensive: general main challenge for cyber security? @searri Rick Sear, Comprehensive: different types of middleware? @searri Rick Sear, Comprehensive: are iot infrastructures too ambitious? @samfrey99 Sam Frey, Comprehensive: is iot architecture scalable? @samfrey99 Sam Frey, Comprehensive: tipping point for small iot systems? @albero94 Alvaro Albero, Comprehensive: CPS connected to cloud? @albero94 Alvaro Albero, Comprehensive: What do we need to develop IOT infrastructure? @hjaensch7 Henry Jaensch, Comprehensive: WHY is edge better than cloud? @hjaensch7 Henry Jaensch, Comprehensive: privacy on the edge? @ericwendt Eric Wendt, Critical: Middleware and service layer? @ericwendt Eric Wendt, Critical: Man in the middle and encryption? @nikorev Niko Reveliotis, Real world of attacks? @nikorev Niko Reveliotis, Is IoT scalable?

[AkinoriKahata]

Reviewer: Akinori Kahata Review Type: Comprehensive

1. Problem being solved. This survey tries to show the comprehensive architecture of IoT, and also explain required technologies, security and privacy concern, application; in contrast, many other pieces of research about IoT focus on some specific aspect of IoT application. Different from CPSs, the author points out that the significant property of IoT is the interconnectivity of a wide variety of things, and it should be based on the architecture of IoT. From this point of view, the paper examines the challenges and solutions.

2. most important area. Firstly, it is introduced that the service-oriented architecture, which is developed from three-layer architecture. After that, the author analyzes security and privacy features by analyzing what the threats of IoT are and shows possible countermeasures for security and privacy issue. In addition, the paper explains the Edge/fog technologies, enabling massive interconnective IoT systems to provide appropriate services for each customer.

3. questions about the survey.

   • What is the main challenge of cybersecurity for IoT systems, especially in terms of interconnectivity? It looks mainly at general threats of cybersecurity.
   • Resource distribution is interesting, but how to determine the satisfaction function? I think it can not be simple resource functions, but we consider the characteristics and priorities of each service.
   • From the comprehensive survey, what is the most significant challenge to implement IoT effectively?

[searri]

Reviewer: Rick Sear Review Type: Comprehension

Problem being solved

This paper is a review of lots of important IoT-related issues. Mainly, they propose a 4-layer model to clarify the relationship between CPS and IoT, as well as the flow of information. Using this model, many other issues can be discussed with precision.

Important areas

This paper touches on a lot of key areas: the "architectural" models to visualize CPS, examples of actual implementations in each layer of the model, an extensive review of the security principles and risks associated with each layer, discussion of practical ways to integrate edge devices into CPS, and finally lofty applications for a well-run CPS.

Questions about the survey

• Section 4C discusses "Middleware". While I understand that middleware is there to create an abstraction for programming, I don't understand the breakdown of the different types of middleware. What exactly is more pervasive about "pervasive middleware" than other middleares? Are these classifications necessary?
• Section 5B1a talks about the security risk of someone physically tampering with or replacing a node, but their propsed solution seems to be reactive only: "detect malicious nodes". Isn't also worth our time to investigate secure ways of building nodes so they can't be tampered with (i.e. a more active approach)? Maybe this is less effective -- not sure.
• Section 7 discusses applications of edge-enhanced IoT tech, notably the idea of "smart cities". Given the numerous security concerns listed in previous sections, is this a realistic expectation? Can we ever address all the security risks enough to manage the logistics of an entire city?

[samfrey99]

Reviewer: Sam Frey Review Type: Comprehension

Problem being solved: This paper outline IoT software with four layers: Perception, Network, Application, and Service-Oriented. With this layered approach, the authors explain security and interconnectivity issues within the IoT domain at each level and offer a finer-grained analysis of of the inner workings of an IoT device. The paper then continues into an analysis of edge computing and potential widespread use cases for IoT.

Important areas: The models outlined in Section 3 of the paper are elaborated on throughout most of the rest of the paper. These models could potentially have a lasting impact on the IoT software development lifecycle as its industry continues to expand.

Questions:

• Could the defined ordering of layers become too constrained as IoT systems continue to advance? A broader process view may be more versatile. Being only a few months removed from OS, my first thought is a mirco-kernel with a dedicated process for each proposed layer.

• In Section 6, the paper mentions the challenge of managing communication with an edge infrastructure on resource limited IoT devices. How might the layered approach to IoT help remedy this issue?

• Is there a way to determine how many edge nodes would be required to make building the edge infrastructure worth the performance increase over communicating directly with the cloud?

[albero94]

Reviewer: Alvaro Albero Review Type: Comprehension

Problem being solved Edge computing is surging as an enabler of IoT applications. In order to develop edge computing infrastructure, the architecture, techniques and issues of IoT have to be studied first.

Importat areas This paper conducts a survey on architecture, enabling technologies and issues of IoT systems. It differentiates between CPS and IoT systems. It also explores the integration of Edge computing and IoT as well as it provides some example applications to show how edge based IoT systems are implemented in the real word.

Questions

• Based on this differentiation of CPS and IoT, a system that it’s not interconnected between other systems, just the vertical three layers, even if it is including cloud, is not IoT?
• There is a long list of security challenges in IoT systems. Which of these security challenges are solved by using edge computing? Which new challenges arise?
• In section seven the authors talk about different applications of IoT such as smart grid, smart transportation and smart cities. How far current technologies are from being able to implement each of these applications? What are the missing pieces to develop them?

[hjaensch7]

Reviewer: Henry Jaensch

Review Type: Comprehension Review

Problem Being Solved

This paper provides a survey of technologies surrounding IoT and cyber physical systems. It provides a useful layered model for understanding how the technologies interact to form these systems. There is apparent confusion about the difference between cyber physical systems and IoT systems this paper helps to eliminate that.

Main Contributions

This papers primary contribution is in the use of the layer system. By breaking out the technologies and problems into layers it helps to ground the conversation with appropriate context.

Questions

1. Why is the quality of the edge greater than cloud? At one point the edge is described as having a higher quality of data than the cloud. This is somewhat more nuanced though. How is the paper defining quality of a network. The edge will have a higher speed but as soon as you need data from the cloud the speed of the edge becomes limited.

2. Privacy is supposedly helped by the edge. Does physical proximity to my data make me feel more comfortable about it? If a large company owns the cloud and the edge nodes what is the difference between my data being on a local edge and in the cloud from a privacy perspective?

3. What is the opportunity cost in terms of risk when sending private data around and through the edge? The more instances data passes through a network the greater the risk of snooping. Is sending my data into the edge then through the edge into the cloud safer than just one trip to the cloud?

[ericwendt]

Reviewer: Eric Wendt Review Type: Critical

Problem Solved The issue this paper addresses is the IoT as a whole and the problems that need to be tackled to have a secure, seamless, and effective experience. This paper overviews many of the security issues associated with IoT devices and edge computing, as well as power management and communication protocols. This paper also dives into the different layers of IoT stacks.

Contributions

• One of the best contributions to this paper is its overview of transmission methods. This includes a discussion about the perception and networking layer. Without going into extensive detail, the reader can get a basic understanding of how these technologies work, as well as advantages/disadvantages.

• Another contribution to this survey is it’s scan of possible vulnerabilities in potential IoT devices. There is quite the list of things to consider, and it serves well to have them in one place.

• The last and least exciting contribution this paper makes is the discussion of the distinction between IoT and CPS. Personally, I had never heard about CPS before this paper, and they could’ve shortened this passage slightly, but for the sake of semantics this distinction doesn’t hurt anyone.

Critiques

• One critique of this paper is its use of the term ‘middleware.’ As far as I can tell, the paper gives a very rudimentary description of what it’s used for, but goes into so little depth that the concept is intangible to grasp. An example here was very much needed.

• Another critique is that almost every issue the paper brings up provides a bogus hypothetical solution like “To defend against sybil attacks, secure identification and authentication mechanisms need to be developed for IoT systems.” Well? Obviously, and easier said than done. Cleary if it’s a bottlenecking problem, we’re going to want to solve it, so why even bother saying that?

• My last critique is that this paper can’t decide if it wants to be a survey or not. We get a few equations near the end seemingly for no reason other than to look scientific. I am not seriously going to look to these for advice on how to measure satisfaction, as I’m positive there are better materials/research papers dedicated to this that would be much more effective.

Questions:

• More about middleware?
• Do most malicious code injection attacks happen remotely, or on-site?
• How do man in the middle attacks deal with encryption?

Pretty sure I misunderstood what type of review I needed for today, but I still needed one, so have yourself a critical.

[nikorev]

Reviewer: Niko Reveliotis Review Type: Comprehension

Problem Being Solved

• This paper is a survey of the current status of expanding IoT into the area of fog/edge computing. They split the paper into sections that discuss IoT's growing links with the cyberphsical realm and the requirements + implications (both positively and negatively) of this modern development.

Main Contributions

• Specifying the difference between IoT and CPS (cyber physical systems) while giving a diagram (Fig. 1) to display the location of IoT in regards to integrating our physical world. They further explain this diagram as IoT having 3 categories/layers: perception, network, and application. The main takeaway from this section is that they describe a concise way to define IoT systems under these three categories, and how from these categories we can draw the connection to cyber physical systems within the connections between other IoT devices in the network/communication layer.
  • Within each of these layers they break up the sections into subsections
    • Perception: RFID, Wireless Sensor Networks, Others
    • Network: IEEE 802.14.4, 6LoWPAN, ZigBee, Z-Wave, MQTT, CoAP, XMPP, DDS, AMQP, Others
    • Service: Interface, Service Management, Middleware, Resource Management and Sharing
  • For sake of length, generally speaking the paper discusses these emerging techniques to improving each of the "layers" of IoT devices (both in terms of communication and security)
• This layered approach is also given to analyzing the security of these devices, giving an easily understandable way to break up types of attacks.
• Finally they discuss the future of IoT devices in applications within larger projects such as smart cities, and how the interactivity and security of these systems will be critical to their success.

Three Questions

1. The paper very briefly discussed sinkhole attacks, are there any real-world examples of a widescale sinkhole attack within IoT?
2. Would expanding to edge computing only exacerbate the security risks we already have with protecting our information systems? Many of the issues outlined by the paper seemed to apply to information systems in general too. Wouldn't having multiple nodes (or more targets) be much more difficult to manage?
3. The paper briefly described node capture attacks, but didn't go into preventing them. Are there techniques that already manage protecting edge nodes using something like redundancy between the devices?

[Others]

Reviewer: Gregor Peach Review Type: Comprehension

Problem Being Solved

Internet of things systems have challenging problems that are different from the problems that typical software or CPS applications have faced previously. This paper analyzes that problems that are arising, and how they need to be tackled. This is a survey paper, so the focus is more diffused than specific.

Main Contribution

This is an analysis of how we should think about security on these systems. They contribute the following: 1) Difference Between CPS and IoT: kinda getting into the kinda issues we talked about in class 2) Devision of the system into layers of security 3) Suggest security model for each layer

Questions

1) What are the main next steps for each layer? 2) What's the deal with transparency to the user? How do we know what systems are following these recommendations? 3) Was confused by the math in the fog/edge computing section. What does it mean?

[reesealanj]

Reviewer: Reese Jones Review Type: Comprehension

Problem Being Solved:

• The paper discusses the expanding Internet of Things and how that expansion is assisted by edge computing. The paper also discusses a layered description of the relationship between Cyber Physical Systems and the Internet of Things.

Important Areas:

• The paper spends a fair bit of time discussing "architecture" of visualizations of Cyber Physical Systems and how each proposed layer of security is broken down and composed. The security layers are a majority of the substance of the paper that stood out as key information.

Questions:

1. How exactly does the edge help with privacy? I don't understand the connection between the locality of my information and how that makes me more private. It almost feels as though it puts a target on my data that can be more specific than it could be without the use of the Edge?
2. Middleware? I understand it generally, but I'd like to know more about the distinctions between different types of Middleware.
3. Is there an agreed upon formula for working with the edge in such a way to maintain the effectiveness of the edge while not outpacing the cost of creating the infrastructure.