A Unified Federated Security Framework for IoT

Security Challenges

Abstract— Recently, Internet of Things (IoT) has attracted a lot of attention because of its wide range of applications in multiple
domains communicating across different layers. The IoT consists of three layers, namely physical, network, and application layer.
This paper discusses security attacks and countermeasure for each IoT layer. The study reviews various state-of-the-art IoT
security frameworks and proposes a unified IoT network security framework called “Unified Federated Security Framework”. The
proposed framework relies on fuzzy cognitive maps for modeling and evaluating trust relationships between the entities in
federated identity management systems. The unified federated security framework proposed in this study provides complete
security features for IoT network. It also provides a proper classification of all attacks and captures the various threats in order to
develop and implement better countermeasures.

Keywords— Attacks, Framework, IoT, Privacy, Trust

I. INTRODUCTION
The Internet of Things (IoT) enables different devices (or objects) to communicate with each other by injecting powerful
codes into the devices [1]. IoT comprises of physical objects such as sensors, actuators, mobile phones and Radio Frequency
Identification (RFID) tags, which have the capability to sense, monitor, communicate and exchange data with each other to
perform different tasks around a specified location [2]. IoT provides an interconnection of various types devices over possibly
vast heterogeneous networks so that the devices can communicate directly with each other without human intervention [3]. The
growth and development of smart devices have made IoT gained attention from various research groups, system developers,
and industries leading to the proposal and development of many kinds of service applications. The rapidly increasing demand
for large-scale deployment of IoT devices creates a major security concern.
Security is one of the critical features of any communication network. The nature of wireless networks makes them more
susceptible to security attacks. The constrains (for example, limited processing power) inherent in IoT devices limit their ability
to defend themselves against attacks. Security is one of the critical aspects of any communication network and earlier attacks
targeted wired networks. Technological advances make it affordable and easier to build wireless networks resulting in
widespread attacks against wireless systems [4]. The lack of unified security framework is a major challenge in an IoT
environment [4, 5]. It is necessary to overcome the challenge of securing IoT architecture/framework in order to ensure a full
adoption of IoT [6]. Currently, there is no universally accepted IoT framework, making IoT devices vulnerable to attacks and
threats. Hence, security represents a significant challenge that needs adequate attention before IoT can be fully embraced. This
paper presents detailed state-of-the-art IoT security frameworks and attack countermeasures for IoT network. It also proposes a
unified security framework which is based on “User identification” for IoT network called unified federated security
framework. This rest of the paper is organized as follows. Section 2 discusses the state-of-the-art IoT attacks frameworks.
Section 3 presents the proposed unified security framework for IoT, while Section 4 is the conclusion of the study.
II. STATE OF THE ART IOT SECURITY FRAMEWORK
Researchers have proposed frameworks that support various IoT constrained-devices based on identity certificate
management, single sign-on, federated identity and user-centric framework. Each framework has its own limitation in terms of
functionality and performance. Most of the existing frameworks focus on developing a separate attack framework for physical,
network and application layers of the IoT. For example, [7, 8] introduced Public Key Infrastructure and Pretty Good Privacy
(PGP), both using identity certificate management. However, the frameworks do not support functions like single sign-on,
federated identity, user-centric and device security. Similarly, [9] introduced Kerberos using single sign-on, but the framework
does not support other functions like identity certificate management, federated identity, user-centric and device security. The
Liberty Alliance framework introduced by [10] possesses functional features such as single sign-on, federated identity and
user-centric, but does not support functions like identity certificate management and device security. Note that among all the
existing frameworks, there is no framework for device security.
Furthermore, [11] proposed a security framework for smart cities that comprises of Black Networks and Key Management
System (KMS) that handles vulnerabilities and attacks at the IoT application layer. The framework provides confidentiality,
integrity, privacy and efficient key distribution. It also provides security procedures that minimizes the vulnerabilities at the
application layer of IoT network. However, the framework cannot provide robust security for smart city IoT devices because it
is susceptible to side channel attacks, cryptanalysis attacks, denial of service (DoS) attack and malicious scripts.
Similarly, [12] proposed a novel SDN-based security framework for IoT physical layer that uses border controllers, which
secures voice over IP (VoIP) infrastructures while providing interworking between incompatible signaling messages and media
flows among IoT devices. The framework interconnects heterogeneous IoT devices from different domains, improve the
security of each domain, and allocate security instructions without compromising the security of any domain. However, the
challenge with use of border controllers is on how to secure traffic (wanted and unwanted). Moreover, data forging, side
channel attacks, traffic diversion, traffic sniffing, DoS, identity spoofing, firmware exploitations are possible attacks associated
with SDN, which leads to major problems, such as packet delay/loss and distributed denial of service (DDoS) attack.

XXX-X-XXXX-XXXX-X/XX/$XX.00 ©20XX IEEE

 Vucinic´ et al. [6] proposed a middleware framework known as Object Security Framework (OSCAR), with constrained
application protocol (CoAP). The framework aims to provide End-to-End (E2E) security at the IoT network layer. The
approach supports multicasting, asynchronous data communication and caching. It addresses security and authorization
problems in E2E, while securing full data integrity with the plain Datagram Transport Layer Security (DTLS) approach. In
beacon-enabled 802.15.4 (that is, the technical standard which defines the operation of low-rate wireless personal area
networks (LR-WPANs)), failure in the node that serves as a PAN coordinator affects intermittent transmission of beacons in
the network. Also, [13] discussed different IoT security challenges that exist in the three-layer system framework, and
developed a solution to tackle this security threat. The authors also identified security challenges in every layer of the IoT
framework.
The existing security frameworks target a particular layer of the network without providing complete security features for
the entire IoT network. The absence of a unified IoT security framework makes IoT communication technologies, such as
WSN, RFID, WiFi and 4G and 5G, prone to different attacks [14]. It also makes data in communication channel vulnerable to
threats like eavesdropping, MitM and counterfeiting attacks [15]. This paper attempts to present a federated unified security
framework that provides complete security features for IoT network. It also provides a proper classification of all attacks and
captures the various threats in order to develop and implement better countermeasures.
III. PROPOSED UNIFIED SECURITY FRAMEWORK FOR IOT
This section presents a conceptual unified federated security framework for IoT. The proposed framework is a security
architecture for protecting IoT devices/systems from attacks and threats at different layers of the network. The proposed
framework is based on “User identification”. Figure 1 shows the proposed unified federated security framework for the three
layers of IoT network, based on device identity.

Fig. 1: Proposed Unified Federated Security Framework for IoT Network

The proposed federated identity-based framework enables users at one IoT layer (security layer) to access resources in
another security layer without requiring another round of enrolment or authentication. The framework uses Fuzzy cognitive
maps (FCMs) to establish trust among the three IoT layers. FCMs have proved to be a convenient, simple, and powerful
qualitative technique for modeling and computing trust in complex and dynamical systems [16].
In our proposal, users register their credentials with the authentication server at the physical layer, while the other layers
trust the assertions of the server. The federated identity is a common approach used in web security for securing system
workflow, because of its ability to manage user’s identity from various security domains on web. However, in the context of
IoT, the federated identity concept for unified IoT security has not been explored [17]. The federated identity provider creates,
maintains, and manages device identity information while providing authentication services to relying layers and applications
within the network. We explore the concept in IoT network, mainly because the system workflow frequently involves a user
(device) that is legitimate in one domain to be authenticated in other domains as well.
It should be noted that the federated identity framework IoT in different from web-based [18, 19]. The communication
among identities (nodes) in IoT is in the form of device-to-device (D2D) communication while in the web-based system, it is
known as person’s identity [20]. A detail communication process in the proposed framework is presented in Figure 2.
 Fig. 2: Federated Identity Management Process

The computation of trust at different layers is based on fuzzy weighted digraph. It consists of a set (X 1 , X 2, . . . , Xn) of n
interconnected nodes representing variable of communicating nodes of the modeled system for IoT network such as inputs,
outputs, states, events, and signed weighted arcs which describe the casual relationships between these nodes and
interconnect them. However, the value of each node is computed from the influence of other nodes to the specified node by
applying the calculation rule in Eq. (1).

( )
n
Y ( t +1 )
i =V Y + (t)
i ∑ Y (jt )∗W ji ( 1 )
j=1 J ≠i

( t +1 ) (t )
where, Y i is the value of communicating nodes Xi at time step t + 1. Y i is the value of communicating nodes Xi at time step
t. W ji is theweight of the edge that interconnects the layers. It is a given value on the interval [−1, 1] to indicate three possible
types of relationship among the layers. V is the threshold or activation function for converting the output of each computation
to the range [0, 1] or [−1, 1].
IV. CONCLUSION
Research in IoT has attracted much interest in the past decade with a great potential to transform human lives and activities.
Currently, there is limited research on IoT network security, thereby making the dream of achieving a unified security
framework for IoT unrealistic. Hence, it is imperative to address security challenges in IoT, with the goal of achieving a unified
security framework. The unified federated security framework proposed in this study provides complete security features for
IoT network. It also provides a proper classification of all attacks and captures the various threats in order to develop and
implement better countermeasures.
REFERENCES
[1] J. Deogirikar, and A. Vidhate, "Security attacks in IoT: a survey," 2017 International Conference on IoT in Social, Mobile, Analytics and Cloud, I-
SMAC 2017, Coimbatore, India, 2017, pp. 32–37.
[2] Z. Yan, P. Zhang, and A.V. Vasilakos, "A survey on trust management for internet of things," Journal of Network and Computer Applications, vol. 42,
pp. 120–134, June 2014.
[3] M. Hossain, S.M.R. Islam, F. Ali, K.S. Kwak and R. Hasan, "An internet of things-based health prescription assistant and its security system design.
Future Generation Computer Systems, vol. 82, pp. 422–439, May 2018.
[4] N. Namvar, W. Saad, N. Bahadori, and B. Kelley, "Jamming in the internet of things: a game-theoretic perspective," 2016 IEEE Global
Communications Conference, Washington, USA, 2016, pp.
[5] Q. Jing, A.V. Vasilakos, J. Wan, J. Lu and D. Qiu, "security of the internet of things: perspectives and challenges," Wireless Networks, vol. 20, pp.
2481–2501, June 2014.
[6] M. Vučinić, B. Tourancheau, F. Rousseau, A. Duda, L. Damon and R. Guizzetti, "OSCAR: object security architecture for the internet of things," Ad
Hoc Networks, vol. 32, pp. 3–16, September 2015.
[7] G. Huston, G. Michaelson and S. Kent, "Resource certification - a public key infrastructure for IP addresses and AS’s. 2009 IEEE Globecom
Workshops, Honolulu, Hawai, 2009, pp. 1-6.
[8] T. Guneysu and T. Oder, "Towards lightweight identity-based encryption for the post-quantum-secure internet of things. 2017 18th International
Symposium on Quality Electronic Design (ISQED), Santa Clara, CA, USA, 2017, pp. 319–324.
[9] B.C. Neuman, and T. Ts’o, "Kerberos: "an authentication service for computer networks. IEEE Communications Magazine, vol. 32, pp. 33-38,
September 2014.
[10] M.I. Chehab, and A.E. Abdallah, "Architectures for identity management," 11th International Conference for Internet Technology and Secured
Transactions, Barcelona, Spain, 2016, pp. 1–8.
[11] S. Chakrabarty, D.W. Engels and S. Member, "A Secure IoT Architecture for Smart Cities," 13th IEEE Annual Consumer Communications and
Networking Conference, Las Vegas, NV, USA, 2016, pp. 812-813.
[12] O. Flauzac, C. Gonzalez and F. Nolot, "New security architecture for IoT network," Procedia Computer Science, vol. 52, pp. 1028–1033 2015.
[13] K. Zhao and L. Ge, "A survey on the internet of things security," 9th International Conference on Computational Intelligence and Security, Venue,
2013, pp. 663–667.
[14] J. Zenkert, M. Dornh, C. Weber, C. Ngoukam and M. Fathi, "Big data analytics in smart mobility: modeling and analysis of the aarhus smart city
dataset, 2018 IEEE Industrial Cyber-Physical Systems (ICPS) St. Petersburg, Russia, 2018, pp. 363–368.
[15] A. A. Fadele, M. Othman, I. Abaker, T. Hashem, I. Yaqoob, M. Imran, and M. Shoaib, "A novel countermeasure technique for reactive jamming attack
in internet of things," Multimedia Tools and Applications, vol. 78, pp. 29899-29920, November 2018.
[16] K. Bendiab, S. Shiaeles, S. Boucherkha and B. Ghita, "FCMDT : a novel fuzzy cognitive maps dynamic trust model for cloud federated," Computers
and Security, vol. 86, pp. 270–290, September 2019.
[17] B. Anggorojati, P. N. Mahalle, N. R. Prasad and R. Prasad, "Capability-based access control delegation model on the federated IoT network," IEEE
Transactions on Mobile Computing, vol. 5, no. 3, pp. 604–608, March 2014
[18] Y. Liu, H. Wang, T. Li, P. Li, and J. Ling, "Attribute-based handshake protocol for mobile healthcare social networks," Future Generation Computer
Systems, vol. 86, pp. 873–880, December 2016.
[19] H. Yi, and Z. Nie, "Side-channel security analysis of UOV signature for cloud-based internet of things," Future Generation Computer Systems, vol. 86,
pp. 704–708, May 2018.
[20] G. Sun, D. Liao, S. Bu, H. Yu, Z. Sun, and V. Chang, "The efficient framework and algorithm for provisioning evolving VDC in federated data centers,
Future Generation Computer Systems, vol. 73, pp. 79–89, August 2017.