Open albero94 opened 4 years ago
Reviewer: Akinori Kahata Review type: Comprehensive
Reviewer: Pat Cody Review Type: Comprehensive
The IoT is constantly growing, with huge numbers of devices being projected to be on the IoT in coming years. Many of these devices, however, are rushed to market and have security flaws. There is a growing need for systems to secure the IoT.
This paper analyzes a variety of new technologies and how they could be applied to IoT security. The blockchain could be used as a way to securely log IoT application, and to verify sensor readings. Software-defined networks could be used to enhance security and network management. The paper also discusses improving risk assesment and threat modeling for IoT security flaws.
Reviewer: Sam Frey Review Type: Critical
Problem: The number of IoT devices is expected to reach 1 trillion by 2030, but these devices are often rushed to market with security flaws that could compromise the privacy of the user. Security must become a priority in the development of future devices.
Main Contributions: The authors explore many ways to improve IoT security such as a permission-based blockchain implementation, improved identity verification and authentication, and improved network reliability. They also propose a threat assessment framework to better define the the security issues facing IoT devices.
Questions:
Critiques:
Reviewer: Andrew Nguyen Review Type: Critical
Problem: IOT is constantly growing and with new facets, applications, and interpretations. As a result, there is a concern as to how secure these new devices are and what are the solutions to patch these security holes efficiently. New technologies like blockchain and software defined networks propose new security solutions.
Main Contributions: The paper begins with a discussion and ideas to provoke thoughts of the trade offs between IOT and the environment it is in. For example, it may greatly benefit the economy and lifestyles of various people, but the security and behind-the-scenes concerns of IOT can't be overlooked. It then discusses possible solutions such as Blockchain, sensor data, and network reliabilities
Questions:
Critiques: Shortly after talking about the remote attestation, the paper jumps into a lot of protocols and functions that were not previously explained or mentioned making it difficult to follow along and understand what exactly what the authors are trying to say since it goes to 0 to 100 fast. Next, I think overall the paper was written well to cover the various themes and topics of IOT security and its application globally/remotely. I would have liked to see a more fleshed out blockchain portion and more details regarding it. Although it was alright to follow along for the most part, I still am left with a sense of no resounding conclusion for how the security can be really put into this. So, it seems that the paper brushes on a few topics but doesn't spend enough time to really dive into them and fully tell what it wants to tell. As a result, the different themes were more 30%-60% fleshed out.
IoT security is an ever growing problem as new devices are used more frequently and store more sensitive information. Research into securing IoT devices and networks has yielded some progress, however there are still many security risks that need to be addressed.
This paper examines some of the major security concerns with IoT devices and analyzes some of the proposed solutions for those problems. The authors also discuss the ways in which new technology could be used for IoT security, such as using blockchain for behavior logging or authentication. They also look at multiple levels of an IoT system, including sensor fusion and networking between devices.
1) Despite the security problems, could edge computing be a solution to the attestation problem?
2) Would using approximate byzantine algorithms for sensor fusion as the paper suggests cause more security problems by being less accurate?
3) Could the blockchain methods the paper suggests be used for sensor fusion?
1) The paper goes very in depth with solutions to most of the problems they present with IoT security except in the section about scalable authentication. The analysis in the section is more of a proposal for security policies in IoT systems.
2) I'm not sure why the paper went from talking about sensor fusion to networking multiple IoT devices. There are security problems on the devices themselves and the paper seems to jump over those.
As the scope of IoT continues to grow and even more devices, especially embedded devices, are being connected to the internet. Security, especially authentication, attestation, and threat detection/modeling.
This paper explored the current methods for handling these things and analyzed the viability of each of them in a distributed IoT environment. In addition to this they further discussed the use of blockchain and software defined networks and the multiple ways in which these may be leveraged to increase security across the Internet of Things.
1 - In section VII-C they proposed the idea of dynamic attack taxonomy which would evolve as IoT evolves. How would this work? It seems difficult to know how the environment is going to change, and seems like the IoT environment changing is how we are in the position we are in now.
2 - In regard to the first two attestation techniques they mentioned, would it be feasible to combine both lightweight security architectures with program code written to ROM to prevent the code itself from being changed, and a monitoring service to analyze the control flow to further increase security?
3 - In the Authentication section they outlined what a secure authentication scheme would consist of, but didn't really conclude any existing schemes which would be effective. Are there any existing authentication methods for IoT devices which fit this bill?
@AkinoriKahata Akinori Kahata, comprehensive:
@pcodes Pat Cody, comprehensive:
@samfrey99 Sam Frey, critical:
@anguyen0204 Andrew Nguyen, critical
@RyanFisk2 Ryan Fisk, critical
Shared concerns/questions: