Paper Discussion: 6a. A survey of secure middleware for the Internet of Things

[rebeccc]

• @searri, Rick Sear, Critical: Most Arduinos don't connect to the Internet, so how does the security model change? What bad things can be done with a non-connected device? How many of these other middlewares apply to devices which largely aren't online?

• @reesealanj, Reese Jones, Critical: Why are the security challenges of "Authentication" and "Access Control" separate, they seem to me as though they could be roughly conflated to be the same thing.

• @tuhinadasgupta, Tuhina Dasgupta, Critical: Not sure if this will be covered in the presentation but I hope the nuanced difference between some of the security challenges is explained.

• @Others, Gregor Peach, Comprehension: Why is attestation so hard?

• @RyanFisk2, Ryan Fisk, Comprehension: Is more secure middleware the best way to secure IoT? Wouldn't focusing on the devices themselves or the cloud infrastructure have more of an impact on IoT security?

Shared concerns/questions:

• Distinction between Auth and Access Control
• Attestation
• Is middleware the best way to secure the IoT?

Thanks for the questions, all, I'll make sure I address each as much as I can!

[searri]

Reviewer: Rick Sear Review Type: Critical

Problem being solved

Currently, the security model surrounding IoT is abstract and poorly understood. This survey seeks to provide a detailed list of existing tech and its security properties, as well as a concrete framework to analyze the security of IoT.

Important areas

This survey covers several middlewares in depth, and methodically analyzes a matrix consisting of the CIA+ security model against the 3 identified "theaters" of IoT security vulnerabilities.

Questions about the survey

• How does "edge computing" fit into the matrix introduced in Section 1? It's probably too abstract at this stage for a survey like this to take on, but it also has unique security challenges that need consideration.
• There's probably something I'm missing, but I'm confused about attestation (the paper makes this an important point in multiple places). In Section 2.4, where it's first explained, the paper says that an attestation process should validate that the firmware is unmodified before allowing access to a stored encryption key. Thing is, if I can modify the firmware, couldn't I also modify the attestation process so that it grants access for my wacky firmware? How do I know I can trust the attestation process?
• Section 5.2 lists a bunch of "non-secure" middlewares, the first being the Arduino middleware. That got me thinking: most Arduinos don't connect to the Internet, so how does the security model change? What bad things can be done with a non-connected device? How many of these other middlewares apply to devices which largely aren't online?

Critiques about the survey

• Section 4 lists out the security requirements the authors identified. I don't see the purpose of listing Anonymous Identities (3.3) separately from Summarization & Filtering (5), rather than a generic "Anonymity" section, especially since most existing middlewares fulfill neither of these requirements.
• I'm not sure I agree with the survey's strategy of listing out, in some detail, descriptions of specific pieces of software (Sections 5 and 6). These will probably change over time, and if I wanted to actually learn about one, I would just take the name and go to their official documentation and/or source code rather than reading this survey. Cutting out some of these time-dependent software descriptions could make the survey a lot more readable and usable from a "security analysis" perspective.

[reesealanj]

Reviewer: Reese Jones Review Type: Critical

Problems Being Solved:

The paper is a discussion of the current model of Security surrounding the IoT. In its current state, the model of discussing security of the Internet of Things is poor and does not do a good enough job of approaching security concerns across the domain. The authors propose a new framework by which security of the IoT can be more effectively discussed and analyzed.

Important Areas:

The important areas of discussion within the paper are the different security domains within the internet of things, as broken down into three areas: Hardware, Network, and Cloud/Server-Side. Within each of the areas, the authors discuss security concerns using the CIA+ model of threat assessment.

Questions:

• Why are the security challenges of "Authentication" and "Access Control" separate, they seem to me as though they could be roughly conflated to be the same thing.
• Within the list of non-secure technologies listed in the paper, how many of those are not connected to the internet? Also how would analysis of the connected devices that are secure change if they began to do some computing/work off the internet instead of offloading so much to the cloud.
• In section 8.2, the authors discuss wanting to bring together a single middleware that combines all the best practices they outlined, but how exactly could that be achieved being that there is such an expanse of technologies in the IoT space.

Critiques:

• The method listed for how the authors searched GitHub for Encryption and Arduino in section 2.2 seems like a very unscientific method for trying to look for current technologies. Is there something I missed where they discussed another method of researching this?
• I was confused as to why spoofing was not covered more in depth for the sections on the Network as I feel as though it is a point of contention for both the network and the Cloud/Server-Side portion of the domain.
• I felt as though the lack of discussion into the potential security challenges with Edge computing was a major downfall of the paper, especially considering that Edge Computing is so big within IoT and encompasses such a portion of the "Cloud" as we move forward.

[tuhinadasgupta]

Reviewer: Tuhina Dasgupta
Review Type: Critical

Problem: Security in IoT is a hotly discussed topic that is still misunderstood. This survey paper provides a detailed list of current security technologies and a framework through which to analyze the security of devices.

Important areas:
The paper covers several topics including middlewares, CIA+ model, as well as security concerns in the areas of HW, Network, and the Cloud. The paper also analyses several middlewares using the CIA+ model.

Questions:
-Why is Arduino middleware not secure though it's not connected to the internet? Are all middlewares still possible security concerns though they aren't true IoTs? -Not sure if this will be covered in the presentation but I hope the nuanced difference between some of the security challenges is explained (ie Authentication v Access Control)

Critiques: -Some of the security requirements could be combined which would make the paper shorter and more readable. -In Section 5,6 the sw doesn't need to be explained in such depth. I think it would have sufficed to direct the reader to external resources (documentation). -The security concerns in Edge COmouting were skipped over which seems like an oversight.

[Others]

Reviewer: Gregor Peach

Review Type: Comprehension

Problem:

This is a survey paper. It is doing an analysis of security problems/threats for IoT devices. It's specifically concerned with "middleware" which seems to mean just a sort of hardware or software suite used for IoT programming.

Contribution

Everyone is aware that IoT has security problems, but this paper really examines them in detail. They purpose a matrix of problems, with CIA+ (confidentiality, integrity, authentication, access control, non-repudiation) on one axis, and ABC (device, network, cloud) on the other. Each of the squares in the matrix represents a class of attacks that is more dangerous with IoT than with standard devices.

Then they go on to analyze many of the most commonly used middleware solutions, and evaluate whether or not they are secure on these 15 axises.

Questions

1) Isn't leaving off analysis of the "non-secured" systems kinda missing the point? Aren't these the ones that need the most analysis? 2) Why is attestation so hard? 3) Are some of this requirements very hard? It seems like 3 categories of attacks are left unanswered in table 2?

[RyanFisk2]

Reviewer: Ryan Fisk

Review Type: Comprehension

Problem being solved

As the internet of things continues to grow, securing new types of internet connected devices will be paramount to their successful use. Several publications have researched this, and this paper serves as a survey of other publications about the topic.

Contribution

The paper uses a matrix model to describe potential threats to IoT devices at all levels from the physical hardware to the cloud or server that controls them. The model is set up such that each level of the IoT system is analyzed for all of the CIA+ security practices with examples of security flaws for each cell. The paper then goes on to talk about a number of middleware devices for IoT and briefly talks about how each one could make the IoT more secure.

Questions

1) What level of the original matrix model would middleware fall under? The paper calls it software with that works between the applications and the operating system, but has no matrix section about software.

2) Is more secure middleware the best way to secure IoT? Wouldn't focusing on the devices themselves or the cloud infrastructure have more of an impact on IoT security?

3) Would securing middleware be a scalable solution to IoT security?