Abstract
IoT data marketplaces are being developed to help cities and communities create large scale IoT applications. Such data marketplaces let the IoT device owners sell their data to the application developers. Following this application development model, the application developers need not deploy their own IoT devices when developing IoT applications; instead, they can buy data from a data marketplace. In a marketplace-based IoT application, the application developers are making critical business and operation decisions using the data produced by seller's IoT devices. Under these circumstances, it is crucial to verify and validate the security of IoT devices.In this paper, we assess the security of IoT data marketplaces. In particular, we discuss what kind of vulnerabilities exist in IoT data marketplaces using the well-known STRIDE model, and present a security assessment and certification framework for IoT data marketplaces to help the device owners to examine the security vulnerabilities of their devices. Most importantly, our solution certifies the IoT devices when they connect to the data marketplace, which helps the application developers to make an informed decision when buying and consuming data from a data marketplace. To demonstrate the effectiveness of the proposed approach, we have developed a proof-of-concept using I3 (Intelligent IoT Integrator), which is an open-source IoT data marketplace developed at the University of Southern California, and IoTcube, which is a vulnerability detection toolkit developed by researchers at Korea University. Through this work, we show that it is possible to increase the reliability of a IoT data marketplace while not damaging the convenience of the users.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 16th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2020 |
| Publisher | Institute of Electrical and Electronics Engineers Inc. |
| Pages | 265-272 |
| Number of pages | 8 |
| ISBN (Electronic) | 9781728143514 |
| DOIs | |
| Publication status | Published - 2020 May |
| Event | 16th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2020 - Virtual, Online, United States Duration: 2020 Jun 15 → 2020 Jun 17 |
Publication series
| Name | Proceedings - 16th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2020 |
|---|
Conference
| Conference | 16th Annual International Conference on Distributed Computing in Sensor Systems, DCOSS 2020 |
|---|---|
| Country/Territory | United States |
| City | Virtual, Online |
| Period | 20/6/15 → 20/6/17 |
Bibliographical note
Funding Information:ACKNOWLEDGMENT This work is supported by Institute of Information & communications Technology Planning & Evaluation(IITP) grant funded by the Korea government(MSIT) (No.2019-0-01697, Development of Automated VulnerabilityDiscovery Technologies for Blockchain Platform Security and No.2019-0-01343, Regional strategic industry convergence security core talent training business) and the USC Viterbi Center for Cyber-Physical Systems and the Internet of Things (CCI).
Publisher Copyright:
© 2020 IEEE.
Keywords
- IoT
- data marketplace
- security
ASJC Scopus subject areas
- Computer Networks and Communications
- Hardware and Architecture
- Information Systems and Management
- Instrumentation