Skip to main content
SpringerLink
Log in

Secure Stitch: Unveiling the Fabric of Security Patterns for the Internet of Things

  • Conference paper
  • First Online:
Security and Trust Management (STM 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14336))

Included in the following conference series:

  • 143 Accesses

Abstract

The design of the Internet of Things (IoT) system is a complex process, not only in terms of the balance between resource consumption and extensive functionality but also in the context of security. As various technical devices are now widespread and have access to all kinds of critical information, they become one of the main targets for attackers. Consequently, it is vital to consider the IT security aspect during the development of any system. A practical way to do it is to use security patterns. There are many different patterns that can address particular problems, but not all of them are suitable due to the wide range of requirements in such systems. In this paper, we present a systematic collection and categorisation of IoT-applicable security patterns and analyse gaps in recent research works related to security. We provide a catalogue of 61 patterns organised in a top-down approach that follows the World Forum’s IoT Architecture Reference Model, this collection is able to play an important role in the future development of secure IoT solutions.

This work has been partially funded by the Bavarian Ministry of Science within the framework of the research cluster “ForDaySec: Security in everyday digitalisation”, as well as, by the German Federal Ministry of Education and Research, as part of the Project “6G-RIC: The 6G Research and Innovation Cluster” (project number 825026).

E. Geloczi and F. Klement—Contributed equally to this work and share first authorship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ali, I., Asif, M.: Applying security patterns for authorization of users in IoT based applications. In: 2018 International Conference on Engineering and Emerging Technologies (ICEET), February 2018, pp. 1–5 (2018)

    Google Scholar 

  2. Fernández, E.B., Astudillo, H., Orellana, C.: A pattern for a secure IoT thing. In: 26th European Conference on Pattern Languages of Programs, EuroPLoP 2021. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3489449.3489988

  3. Ciria, J.C., Domínguez, E., Escario, I., Francés, A., Lapeña, M.J., Zapata, M.A.: The history-based authentication pattern. In: Proceedings of the 19th European Conference on Pattern Languages of Programs, EuroPLoP 2014. Association for Computing Machinery, New York (2014). https://doi.org/10.1145/2721956.2721960

  4. El Hakim, A.: Internet of Things (IoT) system architecture and technologies, white paper, March 2018. https://doi.org/10.13140/RG.2.2.17046.19521

  5. Fernandez, E.B., Ballesteros, J., Desouza-Doucet, A.C., Larrondo-Petrie, M.M.: Security patterns for physical access control systems. In: Barker, S., Ahn, G.J. (eds.) Data and Applications Security XXI, July 2007, vol. 4602, pp. 259–274 (2007)

    Google Scholar 

  6. Fernández, E., Fernandez, E., Yoshioka, N., Washizaki, H.: Abstract and IoT security segmentation patterns, January 2020

    Google Scholar 

  7. Fernández, E., Yoshioka, N., Washizaki, H.: Secure distributed publish/subscribe (p/s) pattern for IoT, February 2020

    Google Scholar 

  8. Fernández, E.B.: A pattern for a secure cloud-based IoT architecture. In: Proceedings of the 27th Conference on Pattern Languages of Programs, PLoP 2020. The Hillside Group, USA (2020)

    Google Scholar 

  9. Fysarakis, K., Spanoudakis, G., Petroulakis, N., Soultatos, O., Bröring, A., Marktscheffel, T.: Architectural patterns for secure IoT orchestrations. In: 2019 Global IoT Summit (GIoTS), pp. 1–6 (2019). https://doi.org/10.1109/GIOTS.2019.8766425

  10. Kienzle, D.M., Elder, M.C., Tyree, D., Edwards-Hewitt, J.: Security patterns repository, version 1.0 (2006)

    Google Scholar 

  11. Kitchenham, B., Charters, S.: Guidelines for Performing Systematic Literature Reviews in Software Engineering, Technical Report EBSE 2007-001, Keele University and Durham University Joint Report (2007)

    Google Scholar 

  12. Lee, W.T., Law, P.J.: A case study in applying security design patterns for IoT software system. In: 2017 International Conference on Applied System Innovation (ICASI), May 2017, pp. 1162–1165 (2017)

    Google Scholar 

  13. Moreno, J., Fernandez, E.B., Fernandez-Medina, E., Serrano, M.A.: BlockBD: a security pattern to incorporate blockchain in big data ecosystems. In: Proceedings of the 24th European Conference on Pattern Languages of Programs, EuroPLop 2019. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3361149.3361166

  14. Muñoz, A., Fernandez, E.B.: TPM, a pattern for an architecture for trusted computing. In: Proceedings of the European Conference on Pattern Languages of Programs 2020, EuroPLoP 2020, Association for Computing Machinery, New York (2020). https://doi.org/10.1145/3424771.3424781

  15. Muccini, H., Moghaddam, M.T.: IoT architectural styles. In: Cuesta, C.E., Garlan, D., Pérez, J. (eds.) ECSA 2018. LNCS, vol. 11048, pp. 68–85. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-00761-4_5

    Chapter  Google Scholar 

  16. Orellana, C., Fernandez, E.B., Astudillo, H.: A pattern for a secure sensor node. In: Proceedings of the 27th Conference on Pattern Languages of Programs, PLoP 2020. The Hillside Group, USA (2020)

    Google Scholar 

  17. OWASP: IoT top 10. https://owasp.org/www-pdf-archive/OWASP-IoT-Top-10-2018-final.pdf

  18. Papoutsakis, M., Fysarakis, K., Spanoudakis, G., Ioannidis, S., Koloutsou, K.: Towards a collection of security and privacy patterns. Appl. Sci. 11, 1396 (2021). https://doi.org/10.3390/app11041396

    Article  Google Scholar 

  19. Papoutsakis, M., Fysarakis, K., Spanoudakis, G., Ioannidis, S., Koloutsou, K.: Towards a collection of security and privacy patterns. Appl. Sci. 11(4) (2021). https://www.mdpi.com/2076-3417/11/4/1396

  20. Qanbari, S., et al.: IoT design patterns: computational constructs to design, build and engineer edge applications. In: 2016 IEEE First International Conference on Internet-of-Things Design and Implementation (IoTDI), pp. 277–282 (2016). https://doi.org/10.1109/IoTDI.2015.18

  21. Rajmohan, T., Nguyen, P., Ferry, N.: A systematic mapping of patterns and architectures for IoT security, March 2020

    Google Scholar 

  22. Rajmohan, T., Nguyen, P., Ferry, N.: A decade of research on patterns and architectures for IoT security. Cybersecurity 5, 2 (2022). https://doi.org/10.1186/s42400-021-00104-7

    Article  Google Scholar 

  23. Rajmohan, T., Nguyen, P.H., Ferry, N.: Research landscape of patterns and architectures for IoT security: a systematic review. In: 2020 46th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pp. 463–470 (2020). https://doi.org/10.1109/SEAA51224.2020.00079

  24. Reinfurt, L., Breitenbücher, U., Falkenthal, M., Fremantle, P., Leymann, F.: Internet of Things security patterns. In: Proceedings of the 24th Conference on Pattern Languages of Programs, PLoP 2017. The Hillside Group, USA (2017)

    Google Scholar 

  25. Reinfurt, L., Falkenthal, M., Breitenbücher, U., Leymann, F.: Applying IoT patterns to smart factory systems. In: Proceedings of the 11th Advanced Summer School on Service Oriented Computing, pp. 1–10. IBM Research Division (2017)

    Google Scholar 

  26. Samonas, S., Coss, D.: The CIA strikes back: redefining confidentiality, integrity and availability in security. J. Inf. Syst. Secur. 10(3), 21–45 (2014)

    Google Scholar 

  27. Schuß, M., Iber, J., Dobaj, J., Kreiner, C., Boano, C.A., Römer, K.: IoT device security the hard(ware) way. In: Proceedings of the 23rd European Conference on Pattern Languages of Programs, EuroPLoP 2018, Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3282308.3282329

  28. Seitz, A., Thiele, F., Bruegge, B.: Fogxy: an architectural pattern for fog computing. In: Proceedings of the 23rd European Conference on Pattern Languages of Programs, EuroPLoP 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3282308.3282342

  29. Sinnhofer, A.D., Oppermann, F.J., Potzmader, K., Orthacker, C., Steger, C., Kreiner, C.: Patterns to establish a secure communication channel. In: Proceedings of the 21st European Conference on Pattern Languages of Programs, EuroPlop 2016. Association for Computing Machinery, New York (2016). https://doi.org/10.1145/3011784.3011797

  30. Syed, M.H., Fernandez, E.B., Ilyas, M.: A pattern for fog computing. In: Proceedings of the 10th Travelling Conference on Pattern Languages of Programs, VikingPLoP 2016, Association for Computing Machinery, New York (2016). https://doi.org/10.1145/3022636.3022649

  31. Tkaczyk, R., et al.: Cataloging design patterns for internet of things artifact integration. In: 2018 IEEE International Conference on Communications Workshops (ICC Workshops), pp. 1–6 (2018)

    Google Scholar 

  32. Ur-Rehman, O., Zivic, N.: Secure design patterns for security in smart metering systems. In: 2015 IEEE European Modelling Symposium (EMS), pp. 278–283 (2015)

    Google Scholar 

  33. Washizaki, H., Ogata, S., Hazeyama, A., Okubo, T., Fernandez, E.B., Yoshioka, N.: Landscape of architecture and design patterns for IoT systems. IEEE IoT J. 7(10), 10091–10101 (2020). https://doi.org/10.1109/JIOT.2020.3003528

    Article  Google Scholar 

  34. Washizaki, H., et al.: Landscape of IoT patterns. In: 2019 IEEE/ACM 1st International Workshop on Software Engineering Research & Practices for the Internet of Things (SERP4IoT), pp. 57–60 (2019). https://doi.org/10.1109/SERP4IoT.2019.00017

  35. Wedyan, F., Abufakher, S.: Impact of design patterns on software quality: a systematic literature review. IET Softw. 14(1), 1–17 (2020). https://doi.org/10.1049/iet-sen.2018.5446. https://ietresearch.onlinelibrary.wiley.com/doi/abs/10.1049/iet-sen.2018.5446

  36. Wohlin, C., Prikladniki, R.: Systematic literature reviews in software engineering. Inf. Softw. Technol. 55, 919–920 (2013). https://doi.org/10.1016/j.infsof.2013.02.002

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Passau, Innstraße 43, 94032, Passau, Germany

    Emiliia Geloczi, Felix Klement, Eva Gründinger & Stefan Katzenbeisser

Authors
  1. Emiliia Geloczi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Felix Klement
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eva Gründinger
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Stefan Katzenbeisser
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Emiliia Geloczi or Felix Klement .

Editor information

Editors and Affiliations

  1. University of Malaga, Málaga, Spain

    Ruben Rios

  2. University of Passau, Passau, Germany

    Joachim Posegga

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Geloczi, E., Klement, F., Gründinger, E., Katzenbeisser, S. (2023). Secure Stitch: Unveiling the Fabric of Security Patterns for the Internet of Things. In: Rios, R., Posegga, J. (eds) Security and Trust Management. STM 2023. Lecture Notes in Computer Science, vol 14336. Springer, Cham. https://doi.org/10.1007/978-3-031-47198-8_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-47198-8_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-47197-1

  • Online ISBN: 978-3-031-47198-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation