Unit No: 6 Trust Management in IoT

What is Trust for IoT? 1. Need for a trust framework to enable the users of the system to have confidence that the information and services being exchanged can indeed be relied upon. 2. The trust framework needs to be able to deal with humans and machines as users, i.e. it needs to convey trust to humans and needs to be robust enough to be used by machines without denial of service.

Requirement of Trust Lightweight Public Key Infrastructures (LPKI)

Lightweight key management systems Quality of Information Decentralised and self-configuring systems

Trust Negotiation Access Control

Trust and Identity Trust is primary design element at every layer of IoT architecture.

Risk of privacy violation,omnipresent network, and reliability are the main challenge for trust in IoT. Hence IoT applications and networks should be trustworthy. In order to be trusted, IoT must provide methods for secure and reliable communication between the devices which should be authenticated.

Trust Assertions Trust in identity authentication is established in IoT by following assertionsThe entity performing assertion is presented with information that only the entity being authenticated is able to provide. This information is referred to as proof of possession (PoP) of identity. The authenticating entity establishes trust in this process through a secure verification of the presented proof.

Research challenges in Trust and Identity Trustworthiness of IdM Schemes

Robust trust/IdM Privacy aware trust/IdM

Resource constraint nature of IoT

Identity Management Identity Management requires an integrated and often complex infrastructure where all involved entities must be trusted for specific purposes depending on their role. Without the effective IdM, and access control, the benefits of ubiquitous networks will be limited. For example, in ubiquitous healthcare if access control and IdM is not guaranteed, it can lead to leakage of medical data.

Identity Management Devices, identities, and the interaction of the devices are the three major components of IoT. Identities are the windows through which users interact with their devices, and consume services in today’s world.

Before any service is delivered, it is customary to verify the digital identity of an entity. In IoT, this concept of identity extends to devices.

Identity Management Once a trust relationship is established between the two devices after communicating, and collaborating for a certain time, it will help in influencing the future behaviors of their interactions. When devices trust each other, they prefer to share services, and resources for a certain extent.

Trust Management For eg:, how a user can attach device available publicly to his/her personal space of device for a short time? How can he/she trust this device? How will this device access his/her personal information? These issues can be addressed with fuzzy-based trust calculation for IoT.

This contribution uses the calculated value of trust related to the three parameters as: Experience (EX), Knowledge (KN), and Recommendation (RC) by capturing their vagueness.

Trust Management The trust management was first coined by Blaze in 1996 as a coherent framework for the study of security policies, security credentials, and trust relationships. The mechanism that deals with the evaluation, collection, and propagation of trust is referred to as trust management. Designing a trust management model to provide trust in IoT is an important step towards achieving the privacy and security in distributed, decentralized and mobile space.

Trust Management Trust management allows the computation and analysis of trust among devices to make suitable decisions to establish efficient and reliable communication among devices. Trust management results into functional system in which an access request is accompanied by set of credentials which together consists of proof as to why access should be allowed

Types of Trust There are three types of trust viz: Interpersonal trust represents entity-based, and context specific trust. Structural trust represents a system within which the trust exists. Dispositional trust represents a trust which is independent of entity, and context

Trust management life cycle There are different trust management approaches and generic trust management life cycle is shown in the Figure. Trust management model comprises of four phases of trust calculations as: Negotiation – Trust establishment between new devices Collection – Collecting trust scores of individual device in IoT Evaluation – Deals with the trust evaluation based on some fuzzy, or non-fuzzy rules, and some evaluation policies Propagation – Transfer of trust score to other devices, and in turn delegating other details like access rights etc.

Trust management life cycle

Figure 1: Trust Management Life Cycle

Trust management life cycle Different ways to infer trust Probabilistic method Bayesian method Inference method

Probabilistic and bayesian methods are based on principle of uncertainty and needs strong methods of proof to claim that the proposed solution would work with trust management along with authentication and access control.

Identity Trust Paradigms Main paradigms for identity trust are as follows: Third Party approach Public key infrastructure Attribute certificates

Third Party Approach In local identity model, object identity is used in repository/registry of every network. In such models shared secret used for building trust is different for different systems to avoid compromise.

This increases the complexity of system due to management of multiple secrets. Identity is local for local scope in which it is identified and this results into complex system and lack of scalability.

Third Party Approach Due to this limitation of local IdM model, third party approach of identity and trust management has emerged. In third party approach, single entity (Eg: cloud, host, network) is designed as trusted by all stakeholders in the network such as users, computing agents, and applications. Entity details at third party include identity information of all the stakeholders. Trust is based on shared secrets between every entity and the third party identity establishment services.

Applications of third party approach Kerberos

Key distribution centre (KDC)

Identity establishment models based on third party approach Implicit Identity Establishment: Mutual identity establishments of entities to each other via trusted third party. Cryptographic approach is used with the help of shared secret and third party.

Explicit Identity Establishment: Third party authentication service is invoked for authentication explicitly.

Problems with third party approach Loss of control Trust management scheme is located at third party and underlined network has to rely on third party for security and privacy.

Lack of trust Trusting on third party requires assumption that the third party will perform or act as it is expected. Additional monitoring or auditing capabilities would require being in place to increase the trust level.

Multi-tenancy As a single third party are associated with multiple networks for providing trust, these networks can have multiple goals which could be conflicting. Some degree of separation between these networks would be useful.

Public key infrastructure A public key infrastructure (PKI) is a set of hardware, software, people, policies, and

procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. A public key infrastructure (PKI) supports the distribution and identification of public encryption keys, enabling users and computers to both securely exchange data over networks such as the Internet and verify the identity of the other party.

Public key infrastructure It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred.

Public key infrastructure A PKI consists of:

A certificate authority (CA) that stores, issues and signs the digital certificates A registration authority which verifies the identity of entities requesting their digital certificates to be stored at the CA A central directory—i.e., a secure location in which to store and index keys A certificate management system A certificate policy

Public key infrastructure

Public key infrastructure PKI is an arrangement that binds public keys with respective identities of entities (like persons and organizations). The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision. The PKI role that assures valid and correct registration is called registration authority (RA). An RA is responsible for accepting requests for digital certificates and authenticating the entity making the request.

In a Microsoft PKI, a registration authority is usually called a subordinate CA. An entity must be uniquely identifiable within each CA domain on the basis of information about that entity. A third-party validation authority (VA) can provide this entity information on behalf of the CA.

Attribute certificate An attribute certificate, or authorization certificate (AC) is a digital document containing attributes associated to the holder by the issuer. When the associated attributes are mainly used for authorization purpose, AC is called authorization certificate. AC is standardized in X.509. The authorization certificate works in conjunction with a public key certificate (PKC). While the PKC is issued by a certificate authority (CA) and is used as a proof of identity of its holder like a passport, the authorization certificate is issued by an attribute authority (AA) and is used to characterize or entitle its holder like a visa. Because identity information seldom changes and has a long validity time while attribute information frequently changes or has a short validity time, separate certificates with different security rigours, validity times and issuers are necessary.

X.509 X.509 is an important standard for a public key infrastructure (PKI) to manage digital certificates and public-key encryption and a key part of the Transport Layer Security protocol used to secure web and email communication.

Difference between AC and PKC Attribute certificate

Public key certificate

Issued by Attribute Authority

Issued by Certificate Authority

Contains no public keys

contains public keys

contains set of attributes of its holder

contains set of attributes of its holder

Validity period of AC is less

More than lifetime of AC

Dynamic in nature and constantly subject to change

unchanged and valid for long period of time

eg- Capability token

eg -X.509

Contents of a typical attribute certificate Version: the version of the certificate. Holder: the holder of the certificate. Issuer: the issuer of the certificate. Signature algorithm: the algorithm by which the certificate is signed. Serial number: the unique issuance number given by the issuer.

Validity period: the validity period of the certificate. Attributes: the attributes associated to the certificate holder. Signature value: the signature of the issuer over the whole data above.

Access Control in IoT IoT is a megatrend in both industrial and consumer products.

Identity management and authentication are essential enablers for access control, and to control access you must to be able to identify your users and devices. Access control lets only authorized users to access a resource, such as a file, IoT device, sensor or URL. All modern operating systems limit access to the file system based on the user. For instance, the superuser has wider access to files and system resources than regular users.

Access Control in IoT In the IoT context, access control is needed to make sure that only trusted parties can update device software, access sensor data or command the actuators to perform an operation. Access control helps to solve data ownership issues and enables new business models such as Sensors As a Service, where you might for instance sell temperature sensor data to customers. Access control enables companies to share IoT device data selectively with technology vendors to allow both predictive maintenance and protection of the sensitive data.

Access Control in IoT IoT presents a unique set of access control challenges due to low power requirements of IoT devices, low bandwidth between IoT devices and the Internet, distributed nature of the system, ad-hoc networks, and the potential for extremely large number of IoT devices. This means that standard authorization models, such as Access Control List (ACL), Role Based Access Control (RBAC), Attribute Based Access Control (ABAC) and similar capability-based systems must be analyzed in depth before applying them to the Internet of Things.

Simplistic cloud pictures of access control architectures.

Access Control in IoT Two ways to implement access control for IoT. In a distributed architecture, an access control server grants access tokens to users, who use them to access the IoT devices directly. In a centralized architecture, the user accesses only cloud-based servers that authorize the request and relay data between the user and the IoT devices.

All access control models can be implemented using either a distributed or centralized architecture. Most distributed architectures lend principles from the capability-based access control models.

Web of trust models In cryptography, a web of trust is a concept used in PGP to establish the authenticity of the binding between a public key and its owner. Its decentralized trust model is an alternative to the centralized trust model of a public key infrastructure (PKI), which relies exclusively on a certificate authority. As with computer networks, there are many independent webs of trust, and any user (through their identity certificate) can be a part of, and a link between, multiple webs. There are various problems in trusted exchange of public keys in public key cryptography. WoT is a good approach where entity holds the responsibility for identifying and authenticating each other and than swap their respective keys.

Web of trust models In PKI entities are identified and authenticated by trusted CA.

Instead of communicating entities themselves involved in exchanging keys, entities obtain keys from one or more CAs in the form of digital certificates. PGP(Pretty Good Policy) is the trust model based on WoT developed as an email encryption program. PGP uses public key encryption for the distribution of secret encryption keys.

Web of trust models Trust scheme used in PGP is known as PGP WoT which is based on the discretionary trust of individuals without the concept of authoritative entity that certifies public keys in PGP. An entity generates a public-private key pair that binds to unique identifier like email address and distribute to other entities or key distribution services. Each entity maintains a set of public keys of other entities which are trustworthy.

Web of trust models Trust in PGP model is not transitive which means that A trusts B as an introducer and in turn B trusts C does not always establish that A trusts C. A signs B implies “A has some level of trust in the authenticity of B” If there is a chain of trust from a key that I trust(my key) to a key that I dont know anything about, some sense of trust can be established. WoT is a directed graph of trust relationships.

Web of trust models The PGP Web of trust can be modeled by a directed graph G = (N,E) where the set of nodes N represents the collection of entities participating in a PGP WoT and E is the set of edges and edge e belongs to E from entity A to entity B represents the fact that A trusts the public key of B.

Security Mechanisms: Mechanisms for exchange of security constructs in context of web or ioT are: Web services security Secure assertion markup language Trust

Web Service Architecture

Web services security Web service security(WSS) is an extension to SOAP to apply security to web service

The protocol specifies how integrity and confidentiality can be enforced on messages and allows the communication of various security token formats, such as Security Assertion Markup Language (SAML), Kerberos, and X.509. Its main focus is the use of XML Signature and XML Encryption to provide end-to-end security. There are three specific security issues with web services: Confidentiality Authentication Network Security

WS- Security Mechanisms WS-Security describes three main mechanisms:

How to sign SOAP messages to assure integrity. How to encrypt SOAP messages to assure confidentiality.

How to attach security tokens to ascertain the sender's identity.

Web services security The specification allows a variety of signature formats, encryption algorithms and multiple trust domains, and is open to various security token models, such as: X.509 certificates, Kerberos tickets, User ID/Password credentials, SAML Assertions, and custom-defined tokens.

SAML Approach Extension of IdM to multiple security domain is referred as federated IdM. It includes autonomous internal networks, external networks and third party applications and services. The objective of federated IdM is to provide sharing of digital identities so that objects can be authenticated a single time and can access applications and services across multiple security domains in the context of IoT.

As IoT is distributed in nature, no centralized control is possible, federated IdM is the need of Iot. Identity provider, service provider and users are the key entities in federated IdM.

SAML Approach For eg: IoT device may log onto own corporate intranet and will be authenticated to perform authorized activities and access appropriate services on the underlined corporate intranet. The same IoT device is then able to access health benefits of the user from external healthcare service provider without having to re-authenticate.

Functions of federated IdM Providing agreement, standards and technologies for identity portability.

Exchange of identity attributes across multiple security domains Entitlements of multiple devices/users across multiple domains and applications Providing SSO Identity mapping across multiple security domains

SAML Approach ● Federated IdM uses number of standards for secure identity exchange across multiple security domains. ● One IoT network or organization issues some security ticket for access which can be processed by communicating networks.

● Also in identity federation the tickets have to be defined in terms of contents and format and providing some rules for exchanging security tickets.

SAML Approach Key standard in federated IdM is SAML which defines the exchange of security information between communicating partners. SAML is basically intended for expressing trust and identity constructs. SAML is an XML standard for exchanging authentication and authorization data between entities. SAML is a product of OASIS security services technical committee.

SAML Approach SAML is built upon following standards Extensible Markup language (XML) XML Schema XML Signature XML Encryption Hypertext Transfer Protocol (HTTP)

SOAP

SAML Specifications Assertions (XML)

Protocols(XML+Processing rules) Bindings (HTTP, SOAP)

Profiles(= Protocols + Bindings)

SAML Components Assertions: Authentication, Attribute and Authorization information

Protocol : Request and Response elements for packaging assertions Bindings: How SAML protocols map onto standard messaging or communication protocols Profile: How SAML protocols, bindings and assertions combine to support a defined use case

SAML components

Fuzzy Approach for trust In uncertain enviornments like IoT, fuzzy approach for trust calculation is more appropriate to quantify and evaluate device behaviour, and in turn access control rules. The trust management system should address the questions like kind of authorization device A has on device B. Mamdani-type fuzzy rule-based model deals with linguistic values of KN, EX and RC where vagueness is associated. The output of this model is represented by a fuzzy set

Thank You http://www.pavanjaiswal.com

Unit 6 Trust Management in IoT.pdf

There was a problem previewing this document. Retrying... Download. Connect more apps... Unit 6 Trust M ... ent in IoT.pdf. Unit 6 Trust Ma ... ment in IoT.pdf.
Download PDF
449KB Sizes 1 Downloads 180 Views
Report

Recommend Documents

Trust Management and Trust Negotiation in an ...
and a digital signature from the issuer. Every attribute certificate contains an attribute named subject; the other attribute-value pairs provide information about the ...
Trust Management and Trust Negotiation in an ...
trust management and trust negotiation systems such as RT [9], Cassandra [2], and ... pkfile denotes the name of a file containing a public-key certificate. ctv is the name of ... or a view of certtable (s). privilege type is an SQL privilege type. g
UNIT 6 APRT - eGyanKosh
conducting refresher courses on fire fighting rescue services. During Ninth ... kliders and winches, and (13) type certification ofaircraft DGCA also coordinates all.
UNIT 6 | Celebrations - encarnara
ljlt'litllfln'l have bt't'l'tcould I be] better - they played great music, and everyone danced until 3.00! By the ... There may is a solution to this problem. -T“."L".-) qu.
Math 6+ Unit 6 Overview.pdf
Whoops! There was a problem loading more pages. Whoops! There was a problem previewing this document. Retrying... Download. Connect more apps.
Unit 6 Review.pdf
A sledgehammer is used to drive a wedge into a log to split it. When the wedge is driven 0.2 m into. the log, the log is separated by a distance of 5 cm. A force of 19000 N is needed to split the log and the. sledgehammer exerts a force of 9800 N. a.
Unit 6 Grammar Past tense
verbs. Be – Past Tense. Be - Past Tense Negative. Subject + Verb. Subject + Verb + not. Singular. Plural. Singular. Plural. I was. We were. I was not. We were not.
Unit 6 Grammar Past tense
not in school last week because their family visited Australia. 4. The girls' mother ______ furious because they were playing rowdily. 5. My teachers. very satisfied with my results. 6. Florence and her brother ... The basic form of a verb changes to
UNIT 6 APRT
standards of airworthiness and grant of certificates of air worthiness to civil aircrafts registered in India ...... 7.7.1 The Mechanics of Registration ! I. 7.7.2 Alteration ...
Unit 6 Embedded Android.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item.
SC-UNIT-6.pdf
'le"1ufred, colnhan "lF&e BanJ 'TNr. amPtf$eg c}re uged Sc)ch atrotnl/tn?^f .... E^. ob- hv br,Zs a-'F. Page 3 of 12. Main menu. Displaying SC-UNIT-6.pdf. Page 1 ...
Math 6 Unit 4 Overview.pdf
Finding the Least Common Multiple. Finding the Greatest Common Factor. Multiplication Facts (0-12). This unit builds to the following future skills and. concepts: Solving Formulas. Distributive Property. Converting Fractions, Decimals, and Percent. A
IADIS Conference Template - Research Unit 6
consuming applications), the sensitiveness to packet delays (latency and jitter) .... represents the multimedia server, the proxy which is located at the edge of the .... Wireless Network Measurement: This module is responsible of monitoring the ...
Math 6+ Unit 13 Overview.pdf
the context in which the data was gathered. d. Relating the choice of measures of center and variability to. the shape of the data distribution and the context in ...
Unit 6 16th century.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Unit 6 16th ...
Autoregression Models for Trust Management in ...
... them from the network. Trust is one's degree of belief about the future behavior of ... security in network services and given an overall definition in [2]. After that ...
Unit 6 Embedded Android.pdf
Page 2 of 60. Contents. Porting Linux. Linux and real time. Kernel preemption. Creating real time processes. Embedded Android bootloader.
Math 6 Unit 11 Overview.pdf
If you have feedback or suggestions on improvement, please feel free to contact [email protected]. Page 2 of 2. Math 6 Unit 11 Overview.pdf. Math 6 Unit ...
EM4 Unit 6 Study Guide.pdf
Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. EM4 Unit 6 Study Guide.pdf. EM4 Unit 6 Study Guide.pdf. Open.
Unit 6 Chemistry Vocabulary.pdf
Proton. Reactant. Reactivity. Subscript. Valence electron. Page 1 of 1. Unit 6 Chemistry Vocabulary.pdf. Unit 6 Chemistry Vocabulary.pdf. Open. Extract.
IADIS Conference Template - Research Unit 6
Research Academic Computer Technology Institute and Computer ... Cross layer adaptation, Multimedia transmission, Wireless and Mobile Networking. 1.
UNIT 6 TE S.OF PA
various aspects of export import documentation, the electronic data interchange system and ... In this method, the payment is made eitlier at tlie time of acceptance of the ..... There was an absence of signatures of witnesses, when required, ...
Math 6+ Unit 3 Overview.pdf
Page 1 of 1. Math 6+ Unit 3 Overview.pdf. Math 6+ Unit 3 Overview.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying Math 6+ Unit 3 Overview.pdf.
Math 6 Unit 7 Overview.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Math 6 Unit 7 ...