Abstract
The design of the Internet of Things (IoT) system is a complex process, not only in terms of the balance between resource consumption and extensive functionality but also in the context of security. As various technical devices are now widespread and have access to all kinds of critical information, they become one of the main targets for attackers. Consequently, it is vital to consider the IT security aspect during the development of any system. A practical way to do it is to use security patterns. There are many different patterns that can address particular problems, but not all of them are suitable due to the wide range of requirements in such systems. In this paper, we present a systematic collection and categorisation of IoT-applicable security patterns and analyse gaps in recent research works related to security. We provide a catalogue of 61 patterns organised in a top-down approach that follows the World Forum’s IoT Architecture Reference Model, this collection is able to play an important role in the future development of secure IoT solutions.
This work has been partially funded by the Bavarian Ministry of Science within the framework of the research cluster “ForDaySec: Security in everyday digitalisation”, as well as, by the German Federal Ministry of Education and Research, as part of the Project “6G-RIC: The 6G Research and Innovation Cluster” (project number 825026).
E. Geloczi and F. Klement—Contributed equally to this work and share first authorship.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ali, I., Asif, M.: Applying security patterns for authorization of users in IoT based applications. In: 2018 International Conference on Engineering and Emerging Technologies (ICEET), February 2018, pp. 1–5 (2018)
Fernández, E.B., Astudillo, H., Orellana, C.: A pattern for a secure IoT thing. In: 26th European Conference on Pattern Languages of Programs, EuroPLoP 2021. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3489449.3489988
Ciria, J.C., Domínguez, E., Escario, I., Francés, A., Lapeña, M.J., Zapata, M.A.: The history-based authentication pattern. In: Proceedings of the 19th European Conference on Pattern Languages of Programs, EuroPLoP 2014. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2721956.2721960
El Hakim, A.: Internet of Things (IoT) system architecture and technologies, white paper, March 2018. https://doi.org/10.13140/RG.2.2.17046.19521
Fernandez, E.B., Ballesteros, J., Desouza-Doucet, A.C., Larrondo-Petrie, M.M.: Security patterns for physical access control systems. In: Barker, S., Ahn, G.J. (eds.) Data and Applications Security XXI, July 2007, vol. 4602, pp. 259–274 (2007)
Fernández, E., Fernandez, E., Yoshioka, N., Washizaki, H.: Abstract and IoT security segmentation patterns, January 2020
Fernández, E., Yoshioka, N., Washizaki, H.: Secure distributed publish/subscribe (p/s) pattern for IoT, February 2020
Fernández, E.B.: A pattern for a secure cloud-based IoT architecture. In: Proceedings of the 27th Conference on Pattern Languages of Programs, PLoP 2020. The Hillside Group, USA (2020)
Fysarakis, K., Spanoudakis, G., Petroulakis, N., Soultatos, O., Bröring, A., Marktscheffel, T.: Architectural patterns for secure IoT orchestrations. In: 2019 Global IoT Summit (GIoTS), pp. 1–6 (2019). https://doi.org/10.1109/GIOTS.2019.8766425
Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security patterns repository, version 1.0 (2006)
Kitchenham, B., Charters, S.: Guidelines for Performing Systematic Literature Reviews in Software Engineering, Technical Report EBSE 2007-001, Keele University and Durham University Joint Report (2007)
Lee, W.T., Law, P.J.: A case study in applying security design patterns for IoT software system. In: 2017 International Conference on Applied System Innovation (ICASI), May 2017, pp. 1162–1165 (2017)
Moreno, J., Fernandez, E.B., Fernandez-Medina, E., Serrano, M.A.: BlockBD: a security pattern to incorporate blockchain in big data ecosystems. In: Proceedings of the 24th European Conference on Pattern Languages of Programs, EuroPLop 2019. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3361149.3361166
Muñoz, A., Fernandez, E.B.: TPM, a pattern for an architecture for trusted computing. In: Proceedings of the European Conference on Pattern Languages of Programs 2020, EuroPLoP 2020, Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3424771.3424781
Muccini, H., Moghaddam, M.T.: IoT architectural styles. In: Cuesta, C.E., Garlan, D., Pérez, J. (eds.) ECSA 2018. LNCS, vol. 11048, pp. 68–85. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00761-4_5
Orellana, C., Fernandez, E.B., Astudillo, H.: A pattern for a secure sensor node. In: Proceedings of the 27th Conference on Pattern Languages of Programs, PLoP 2020. The Hillside Group, USA (2020)
OWASP: IoT top 10. https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf
Papoutsakis, M., Fysarakis, K., Spanoudakis, G., Ioannidis, S., Koloutsou, K.: Towards a collection of security and privacy patterns. Appl. Sci. 11, 1396 (2021). https://doi.org/10.3390/app11041396
Papoutsakis, M., Fysarakis, K., Spanoudakis, G., Ioannidis, S., Koloutsou, K.: Towards a collection of security and privacy patterns. Appl. Sci. 11(4) (2021). https://www.mdpi.com/2076-3417/11/4/1396
Qanbari, S., et al.: IoT design patterns: computational constructs to design, build and engineer edge applications. In: 2016 IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI), pp. 277–282 (2016). https://doi.org/10.1109/IoTDI.2015.18
Rajmohan, T., Nguyen, P., Ferry, N.: A systematic mapping of patterns and architectures for IoT security, March 2020
Rajmohan, T., Nguyen, P., Ferry, N.: A decade of research on patterns and architectures for IoT security. Cybersecurity 5, 2 (2022). https://doi.org/10.1186/s42400-021-00104-7
Rajmohan, T., Nguyen, P.H., Ferry, N.: Research landscape of patterns and architectures for IoT security: a systematic review. In: 2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 463–470 (2020). https://doi.org/10.1109/SEAA51224.2020.00079
Reinfurt, L., Breitenbücher, U., Falkenthal, M., Fremantle, P., Leymann, F.: Internet of Things security patterns. In: Proceedings of the 24th Conference on Pattern Languages of Programs, PLoP 2017. The Hillside Group, USA (2017)
Reinfurt, L., Falkenthal, M., Breitenbücher, U., Leymann, F.: Applying IoT patterns to smart factory systems. In: Proceedings of the 11th Advanced Summer School on Service Oriented Computing, pp. 1–10. IBM Research Division (2017)
Samonas, S., Coss, D.: The CIA strikes back: redefining confidentiality, integrity and availability in security. J. Inf. Syst. Secur. 10(3), 21–45 (2014)
Schuß, M., Iber, J., Dobaj, J., Kreiner, C., Boano, C.A., Römer, K.: IoT device security the hard(ware) way. In: Proceedings of the 23rd European Conference on Pattern Languages of Programs, EuroPLoP 2018, Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3282308.3282329
Seitz, A., Thiele, F., Bruegge, B.: Fogxy: an architectural pattern for fog computing. In: Proceedings of the 23rd European Conference on Pattern Languages of Programs, EuroPLoP 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3282308.3282342
Sinnhofer, A.D., Oppermann, F.J., Potzmader, K., Orthacker, C., Steger, C., Kreiner, C.: Patterns to establish a secure communication channel. In: Proceedings of the 21st European Conference on Pattern Languages of Programs, EuroPlop 2016. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/3011784.3011797
Syed, M.H., Fernandez, E.B., Ilyas, M.: A pattern for fog computing. In: Proceedings of the 10th Travelling Conference on Pattern Languages of Programs, VikingPLoP 2016, Association for Computing Machinery, New York (2016). https://doi.org/10.1145/3022636.3022649
Tkaczyk, R., et al.: Cataloging design patterns for internet of things artifact integration. In: 2018 IEEE International Conference on Communications Workshops (ICC Workshops), pp. 1–6 (2018)
Ur-Rehman, O., Zivic, N.: Secure design patterns for security in smart metering systems. In: 2015 IEEE European Modelling Symposium (EMS), pp. 278–283 (2015)
Washizaki, H., Ogata, S., Hazeyama, A., Okubo, T., Fernandez, E.B., Yoshioka, N.: Landscape of architecture and design patterns for IoT systems. IEEE IoT J. 7(10), 10091–10101 (2020). https://doi.org/10.1109/JIOT.2020.3003528
Washizaki, H., et al.: Landscape of IoT patterns. In: 2019 IEEE/ACM 1st International Workshop on Software Engineering Research & Practices for the Internet of Things (SERP4IoT), pp. 57–60 (2019). https://doi.org/10.1109/SERP4IoT.2019.00017
Wedyan, F., Abufakher, S.: Impact of design patterns on software quality: a systematic literature review. IET Softw. 14(1), 1–17 (2020). https://doi.org/10.1049/iet-sen.2018.5446. https://ietresearch.onlinelibrary.wiley.com/doi/abs/10.1049/iet-sen.2018.5446
Wohlin, C., Prikladniki, R.: Systematic literature reviews in software engineering. Inf. Softw. Technol. 55, 919–920 (2013). https://doi.org/10.1016/j.infsof.2013.02.002
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Geloczi, E., Klement, F., Gründinger, E., Katzenbeisser, S. (2023). Secure Stitch: Unveiling the Fabric of Security Patterns for the Internet of Things. In: Rios, R., Posegga, J. (eds) Security and Trust Management. STM 2023. Lecture Notes in Computer Science, vol 14336. Springer, Cham. https://doi.org/10.1007/978-3-031-47198-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-031-47198-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47197-1
Online ISBN: 978-3-031-47198-8
eBook Packages: Computer ScienceComputer Science (R0)