IoT Security Reference Architecture, IoT Security Foundation
ABSTRACT
“IoT Security Reference Architecture”
IoT systems are generally characterized as large-scale complex distributed systems without a clear notion of network perimeter between the system components, which results in very different threat environments of traditional enterprise systems. To better understand the security requirements and to study the security models for IoT systems, there is a need to study the basic characteristics of IoT systems in comparison and in contrast with traditional enterprise IT systems. We studied the IoT Security Reference Architecture by adopting the approach to first identify the distinctive features of IoT systems, and recommended the “zero trust” principle as the key tenet for governing security architecture design of IoT systems as very little security assumption can be made on the operating environment of IoT infrastructures. We then proposed an Activity-Network-Things (ANT) centric security reference architecture which is based on the three architectural perspectives in studying IoT systems namely Device, Internet and Semantic. The proposed IoT security reference architecture is flexible enough to include mechanisms that allow IoT system designers and integrators to choose organization-specific and application-specific considerations when determining security impacts, hence the strength and assurance levels of the required security controls. The IoT Security Reference Architecture aims to enable security professionals and stakeholders in comprehending, selecting and implementing security controls for diversified IoT applications.
Speaker: Professor Lam Kwok Yan, Director, Nanyang Technopreneurship Center and Professor, School of Computer Science and Engineering, Nanyang Technological University
The 6th Annual Internet of Things Security Foundation Conference was a four-day virtual event that took place between Tuesday 1st and Friday 4th December 2020. The Annual IoTSF Conference has built a loyal global following from the IoT stakeholder communities and is renowned for delivering high quality conference programmes.
The era of IoT describes the world as it transforms to be ever-digital and increasingly connected. Along with the power of digital comes the reciprocal cyber threat, and we continue to witness an increasing number of attacks enabled by products that lack protection against well-known exploits, have been badly configured or suffer from poor maintenance. This causes businesses to be hesitant, concerns governments, increases the likelihood of regulation and ultimately frustrates markets.
Vendors must build secure, purchasers must buy secure, and users must be secure: to be without security in a digital world is not an option. Society and industry need to fight back as no one should design, buy, or use a connected product, service or system that lacks fit-for-purpose security. Yet there are no ‘one-size fits all’ security solutions – they are dependent on the application. Most of the attacks we see today can be effectively defended against, many by relatively simple measures. Organisations need to be informed, the solutions presented, choices made, and those choices need to be in keeping with their business context.
The 2020 IoT Security Foundation Virtual Conference aims to illuminate and educate delegates with an update on the threat landscape, standards & regulation, best practice, next-practice and the latest developments in IoT cyber security. The IoTSF Conference features talks by leading cyber security experts, training workshops and track sessions for executives, developers, engineers, managers and security professionals.
The conference have a senior and expert level line up of speakers and more information can be found on the dedicated conference website: https://iotsfconference.com