TY - GEN
T1 - Enhancing the Reliability of IoT Data Marketplaces through Security Validation of IoT Devices
AU - Na, Yoonjong
AU - Joo, Yejin
AU - Lee, Heejo
AU - Zhao, Xiangchen
AU - Sajan, Kurian Karyakulam
AU - Ramachandran, Gowri
AU - Krishnamachari, Bhaskar
N1 - Funding Information:
ACKNOWLEDGMENT This work is supported by Institute of Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government(MSIT) (No.2019-0-01697, Development of Automated VulnerabilityDiscovery Technologies for Blockchain Platform Security and No.2019-0-01343, Regional strategic industry convergence security core talent training business) and the USC Viterbi Center for Cyber-Physical Systems and the Internet of Things (CCI).
Publisher Copyright:
© 2020 IEEE.
PY - 2020/5
Y1 - 2020/5
N2 - IoT data marketplaces are being developed to help cities and communities create large scale IoT applications. Such data marketplaces let the IoT device owners sell their data to the application developers. Following this application development model, the application developers need not deploy their own IoT devices when developing IoT applications; instead, they can buy data from a data marketplace. In a marketplace-based IoT application, the application developers are making critical business and operation decisions using the data produced by seller's IoT devices. Under these circumstances, it is crucial to verify and validate the security of IoT devices.In this paper, we assess the security of IoT data marketplaces. In particular, we discuss what kind of vulnerabilities exist in IoT data marketplaces using the well-known STRIDE model, and present a security assessment and certification framework for IoT data marketplaces to help the device owners to examine the security vulnerabilities of their devices. Most importantly, our solution certifies the IoT devices when they connect to the data marketplace, which helps the application developers to make an informed decision when buying and consuming data from a data marketplace. To demonstrate the effectiveness of the proposed approach, we have developed a proof-of-concept using I3 (Intelligent IoT Integrator), which is an open-source IoT data marketplace developed at the University of Southern California, and IoTcube, which is a vulnerability detection toolkit developed by researchers at Korea University. Through this work, we show that it is possible to increase the reliability of a IoT data marketplace while not damaging the convenience of the users.
AB - IoT data marketplaces are being developed to help cities and communities create large scale IoT applications. Such data marketplaces let the IoT device owners sell their data to the application developers. Following this application development model, the application developers need not deploy their own IoT devices when developing IoT applications; instead, they can buy data from a data marketplace. In a marketplace-based IoT application, the application developers are making critical business and operation decisions using the data produced by seller's IoT devices. Under these circumstances, it is crucial to verify and validate the security of IoT devices.In this paper, we assess the security of IoT data marketplaces. In particular, we discuss what kind of vulnerabilities exist in IoT data marketplaces using the well-known STRIDE model, and present a security assessment and certification framework for IoT data marketplaces to help the device owners to examine the security vulnerabilities of their devices. Most importantly, our solution certifies the IoT devices when they connect to the data marketplace, which helps the application developers to make an informed decision when buying and consuming data from a data marketplace. To demonstrate the effectiveness of the proposed approach, we have developed a proof-of-concept using I3 (Intelligent IoT Integrator), which is an open-source IoT data marketplace developed at the University of Southern California, and IoTcube, which is a vulnerability detection toolkit developed by researchers at Korea University. Through this work, we show that it is possible to increase the reliability of a IoT data marketplace while not damaging the convenience of the users.
KW - IoT
KW - data marketplace
KW - security
UR - http://www.scopus.com/inward/record.url?scp=85091792249&partnerID=8YFLogxK
U2 - 10.1109/DCOSS49796.2020.00050
DO - 10.1109/DCOSS49796.2020.00050
M3 - Conference contribution
AN - SCOPUS:85091792249
T3 - Proceedings - 16th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2020
SP - 265
EP - 272
BT - Proceedings - 16th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2020
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 16th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2020
Y2 - 15 June 2020 through 17 June 2020
ER -