College of Computer and Information Sciences
The Internet of Things (IoT) is envisaged to be a large-scale, massively heterogeneous ecosystem of devices with varying purposes and capabilities. While architectures and frameworks have focused on functionality and performance, security is a critical aspect that must be integrated into system design. This work proposes a method of risk assessment of devices using both trust models and static capability profiles to determine the level of risk each device poses. By combining the concepts of trust and secure device fingerprinting, security mechanisms can be more efficiently allocated across networked IoT devices. Simultaneously, devices can be allowed a greater degree of functionality while ensuring system availability and security. This paper describes the integration of risk assessment into a prototype IoT network. The purpose of this prototype is to explore whether finer-grained security policies based on risk can adequately protect the network while also allowing for efficiency and system functionality to a greater extent than traditional security protocols permit. Furthermore, we demonstrate how identification, trust, and risk can be synthesized to provide a finer degree of control over system security.
J. Hemmes, J. Dressler, and S. Fulton. Trust Models and Risk in the Internet of Things. Proceedings of the SAI Future of Information and Communications Conference (FICC), Vancouver, Canada, April 2021.