Zusammenfassung
Der Artikel gibt einen Überblick über Best-Practice-Standards zur Authentifizierung von IoT (Internet of Things) Zugängen. Es wird aufgezeigt, dass clientseitige Authentifizierung gegenüber einer herkömmlichen Authentifizierung und Blockchain-basierten Ansätzen das höchste Potential für sichere Prozessautomatisierung bei hoher Interaktionsfrequenz bietet.
Ein neuartiges Konzept des clientseitigen automatisierten Zugangsmanagements auf Basis von TLS (transport layer security), welches sich im Agriculture Segment seit über einem Jahr bewährt hat, wird vorgestellt. Gegenüber derzeitig eingesetzten Authentifizierungsverfahren bietet es den Vorteil höherer Sicherheit bei gleichzeitig automatisierter Anmeldung jeglicher Endgeräte auf dem IoT-Server. Aufgrund dieser Potentiale eignet sich der dargestellte Authentifizierungsstandard zukünftig als allgemeines branchenübergreifendes Zugangssystem für IoT-Anwendungen.
Abstract
The article gives an overview of best practice standards for IoT (Internet of things) access authentication. It is shown that client-side authentication offers the highest potential for secure process automation at high interaction frequency compared to default authentication and blockchain-based-approaches.
A novel concept of client-side automated access management using the TLS (transport layer security) standard, which has proven in the agriculture segment for over a year, is presented. Compared to established authentication methods, it offers the advantage of higher security with simultaneous automated login of multiple end devices on the IoT server. Due to these potentials, the presented new authentication standard is suitable as a general cross-industry access concept for IoT applications.
This is a preview of subscription content, log in via an institution to check access.
Literatur
Amann B, Vallentin M, Hall S, Sommer R (2012) Revisiting SSL: a large-scale study of the internet’s most trusted protocol. Tech. rep., TR-12-015, ICSI Dec. 2012
Angelova N, Kiryakova G, Yordanova L (2017) The great impact of internet of things on business. Trakia J Sci 15(1):406–412
Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805
Badra M, Hajjeh I (2006) Key-exchange authentication using shared secrets. Computer 39(3):58–66
Bagheri N, Safkhani M, Peris-Lopez P, Tapiador JE (2014) Weaknesses in a new ultralightweight RFID authentication protocol with permutation—RAPP. Secur Commun Netw 7(6):945–949
Biddle R, Van Oorschot PC, Patrick AS, Sobey J, Whalen T (2009) Browser interfaces and extended validation SSL certificates: an empirical study. In: Proceedings of the 2009 ACM workshop on Cloud computing security, S 19–30
BMWi (Bundesministerium für Wirtschaft und Energie) (2019) Das Projekt GAIA‑X. https://www.bmwi.de/Redaktion/DE/Publikationen/Digitale-Welt/das-projekt-gaia-x.pdf?__blob=publicationFile&v=24. Zugegriffen: 8. Juni 2020
BMWi (Bundesministerium für Wirtschaft und Energie) (2020) GAIA‑X. https://www.bmwi.de/Redaktion/DE/Dossier/gaia-x.html. Zugegriffen: 8. Juni 2020
Brewster C, Roussaki I, Kalatzis N, Doolin K, Ellis K (2017) IoT in agriculture: designing a Europe-wide large-scale pilot. IEEE Commun Mag 55(9):26–33
Camps-Mur D, Garcia-Villegas E, Lopez-Aguilera E, Loureiro P, Lambert P, Raissinia A (2015) Enabling always on service discovery: Wifi neighbor awareness networking. Ieee Wirel Commun 22(2):118–125
Chadwick DW (2002) Internet X. 509 public key infrastructure operational protocols. LDAPv3
Chung T, Liu Y, Choffnes D, Levin D, Maggs BM, Mislove A, Wilson C (2016) Measuring and applying invalid SSL certificates: the silent majority. In: Proceedings of the 2016 Internet Measurement Conference, S 527–541
Churchill L (2020) IoT Onboarding: the challenges businesses face—and the solutions, tech see, intelligent visual assistance. https://techsee.me/blog/iot-onboarding/. Zugegriffen: 3. Apr. 2020
Cooper D, Santesson S, Farrell S, Boeyen S, Housley R, Polk WT (2008) Internet X. 509 public key infrastructure certificate and certificate revocation list (CRL) profile. RFC, Bd. 5280, S 1–151
Czernik A (2016) Authentisierung, Authentifizierung und Autorisierung, Datenschutzbeauftragter-Info. https://www.datenschutzbeauftragter-info.de/authentisierung-authentifizierung-und-autorisierung/. Zugegriffen: 3. Apr. 2020
Erguler I (2015) A potential weakness in RFID-based Internet-of-things systems. Pervasive Mob Comput 20:115–126
Farrell S, Kahan J (2005) Using the XML key management specification (and breaking x. 509 rules as you go). In: IFIP International Conference on Communications and Multimedia Security. Springer, Berlin, Heidelberg, S 348–357
Ferrández-Pastor FJ, García-Chamizo JM, Nieto-Hidalgo M, Mora-Pascual J, Mora-Martínez J (2016) Developing ubiquitous sensor network platform using internet of things: application in precision agriculture. Sensors 16(7):1141
Fischer K, Geßner J (2012) Security architecture elements for IoT enabled automation networks. Proceedings of 2012 IEEE 17th International Conference on Emerging Technologies & Factory Automation (ETFA 2012), Krakow, 2012, pp. 1–8, https://doi.org/10.1109/ETFA.2012.6489651
Gansemer S, Sell J, Schulz S, Horster B, Horster-Möller T, Rusch C, Eren E et al (2014) Machine-to-machine communication for process optimization in agriculture. In: 2014 2nd International Symposium on Wireless Systems within the Conferences on Intelligent Data Acquisition and Advanced Computing Systems. Offenburg, 2014. IEEE, S 48–54. https://doi.org/10.1109/IDAACS-SWS.2014.6954622
Georgiev M, Iyengar S, Jana S, Anubhai R, Boneh D, Shmatikov V (2012) The most dangerous code in the world: validating SSL certificates in non-browser software. In: Proceedings of the 2012 ACM conference on Computer and communications security, S 38–49
Gupta H (2019) Onboarding and software update architecture for IoT devices. Masterthesis
Han R, Gramoli V, Xu X (2018) Evaluating Blockchains for IoT. In: 2018 9th IFIP international conference on new technologies, mobility and security, Paris, 2018. IEEE, 1–5. https://doi.org/10.1109/NTMS.2018.8328736
Johnsson K (2017) Was ist Client-authentifizierung, und warum brauche ich sie? Beitrag vom 23.02.2016 in Global Sign blog. https://www.globalsign.com/de-de/blog/einfuehrung-client-authentifizierung/. Zugegriffen: 4. Apr. 2020
Khor JH, Sidorov M (2018) Weakness of ultra-lightweight mutual authentication protocol for IoT devices using RFlD tags. In: 2018 Eighth International Conference on Information Science and Technology ICIST. Cordoba, 2018. IEEE, 91–97. https://doi.org/10.1109/ICIST.2018.8426178
Koutanov E (2020) Effective Kafka. A hand-on guide to building robust and scalable event-driven applications with code examples in Java
Lee JY, Lin WC, Huang YH (2014) A lightweight authentication protocol for internet of things. In: Proceedings of the 2014 IEEE International Symposium on Next-Generation Electronics Kwei-Shan, Taiwan, 7–10 May 2014, S 1–2
Leng K, Bi Y, Jing L, Fu HC, Van Nieuwenhuyse I (2018) Research on agricultural supply chain system with double chain architecture based on blockchain technology. Future Gener Comput Syst 86:641–649
Li S, Da Xu L, Zhao S (2015) The internet of things: a survey. Inf Syst Front 17(2):243–259
Lu RJ, Liu ZG, Zheng XH (2006) United Authentication Platform Based on HTTPS Tunnel Technology. Appl Res Comp 2006(12):168–170
Luber S, Schmitz P (2017) Was ist TLS?, Security Insider, Beitrag vm 28.12.2017. https://www.security-insider.de/was-ist-tls-transport-layer-security-a-673066/. Zugegriffen: 5. Apr. 2020
Mayer CP (2009) Security and privacy challenges in the internet of things. In: Electronic Communications of the EASST, Bd. 17
Mendez DM, Papapanagiotou I, Yang B (2017) Internet of things: Survey on security and privacy. arXiv preprint arXiv:1707.01879
Miettinen M, van Oorschot PC, Sadeghi AR (2018) Baseline functionality for security and control of commodity IoT devices and domain-controlled device lifecycle management. arXiv preprint arXiv:1808.03071
Mohanraj I, Ashokumar K, Naren J (2016) Field monitoring and automation using IOT in agriculture domain. Procedia Comput Sci 93:931–939
Nash E, Korduan P, Bill R (2009) Applications of open geospatial web services in precision agriculture: a review. Precis Agric 10(6):546
Ojha T, Misra S, Raghuwanshi NS (2015) Wireless sensor networks for agriculture: the state-of-the-art in practice and future challenges. Comput Electron Agric 118:66–84
Oksanen T, Linkolehto R, Seilonen I (2016) Adapting an industrial automation protocol to remote monitoring of mobile agricultural machinery: a combine harvester with IoT. IFAC-PapersOnLine 49(16):127–131
Ouaddah A, Elkalam AA, Ouahman AA (2017) Towards a novel privacy-preserving access control model based on blockchain technology in IoT. In: Europe and MENA cooperation advances in information and communication technologies. Springer, Cham, S 523–533
Patil VC, Al-Gaadi KA, Biradar DP, Rangaswamy M (2012) Internet of things (Iot) and cloud computing for agriculture: an overview. In: Proceedings of agro-informatics and precision agriculture AIPA 2012, India, S 292–296
Pešić S, Radovanović M, Ivanović M, Tošić M, Iković O, Bošković D (2019a) Hyperledger fabric blockchain as a service for the IoT: proof of concept. In: 9th International Conference on Model and Data Engineering, MEDI 2019, Toulouse, France, 2019. Lecture notes in computer science, Bd 11815. Springer, S 172
Pešić S, Radovanović M, Ivanović M, Tošić M, Iković O, Bošković D (2019b) Hyperledger fabric blockchain as a service for the IoT: proof of concept. In: International Conference on Model and Data Engineering. Springer, Cham, S 172–183
Porambage P, Schmitt C, Kumar P, Gurtov A, Ylianttila M (2014) Two-phase authentication protocol for wireless sensor networks in distributed IoT applications. In: 2014 IEEE Wireless Communications and Networking Conference WCNC, Istanbul, 2014, IEEE, S 2728–2733
Potamitis I, Eliopoulos P, Rigakis I (2017) Automated remote insect surveillance at a global scale and the internet of things. Robotics 6(3):19
Saloni S, Hegde A (2016) WiFi-aware as a connectivity solution for IoT pairing IoT with WiFi aware technology: enabling new proximity based services. In: 2016 International Conference on Internet of Things and Applications IOTA, Pune, India, 2016, IEEE, S 137–142
Schiller K (2020) Was ist Blockchain? – Definition, Blockchain-Welt, Beitrag vom 12.02.2020. https://blockchainwelt.de/blockchain-was-ist-das/. Zugegriffen: 3. Apr. 2020
Schmeh K (2016) Kryptografie: Verfahren, Protokolle, Infrastrukturen. dpunkt.verlag, Heidelberg
Shacham H, Boneh D (2001) Improving SSL handshake performance via batching. In: Cryptographers’ track at the RSA Conference. Springer, Berlin, Heidelberg, S 28–43
Shen J, Chang S, Shen J, Liu Q, Sun X (2018) A lightweight multi-layer authentication protocol for wireless body area networks. Future Gener Comput Syst 78:956–963
Shenoy J, Pingle Y (2016) IOT in agriculture. In: 2016 3rd International Conference on Computing for Sustainable Global Development INDIACom, New Delhi, 2016. IEEE, S 1456–1458
Shi X, An X, Zhao Q, Liu H, Xia L, Sun X, Guo Y (2019) State-of-the-art internet of things in protected agriculture. Sensors 19(8):1833
Shin S, Kobara K (2016) A security framework for MQTT. In: 2016 IEEE Conference on Communications and Network Security CNS, S 432–436
Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, privacy and trust in Internet of things: the road ahead. Comput Netw 76:146–164
Sodiya AS, Folorunso O, Komolafe PB, Ogunderu OP (2011) Preventing authentication systems from keylogging attack. J Inf Priv Secur 7(2):3–27
Soltani R, Nguyen UT, An A (2018) A new approach to client onboarding using self-sovereign identity and distributed ledger. Paper presented at the 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Halifax, NS, Canada, 2018. IEEE, S 1129–1136. https://doi.org/10.1109/Cybermatics_2018.2018.00205
Sonare S, Mishra A, Verma A (2012) An authentication mechanism based on Client-Server architecture for accessing Cloud Computing. Int J Emerging Technol Adv Eng 2(7):2250–2459
Stočes M, Vaněk J, Masner J, Pavlík J (2016) Internet of things (iot) in agriculture-selected aspects. Agris On-line Pap Econ Inform 8(665-2016-45107):83–88
Sukhwani H, Martínez JM, Chang X, Trivedi KS, Rindos A (2017) Performance modeling of pbft consensus process for permissioned blockchain network (hyperledger fabric). In: 2017 IEEE 36th Symposium on Reliable Distributed Systems SRDS. Hong Kong. IEEE, S 253–255
Tasca P, Tessone CJ (2017) Taxonomy of blockchain technologies. Principles of identification and classification. arXiv preprint arXiv:1708.04872
Wagner D, Schneier B (1996) Analysis of the SSL 3.0 protocol. In: The Second USENIX Workshop on Electronic Commerce Proceedings, Bd. 1, No. 1, S 29–40
Weber RH (2009) Internet of things—need for a new legal environment? Comput Law Secur Rev 25(6):522–527
Weber RH (2010) Internet of things—new security and privacy challenges. Comput Law Secur Rev 26(1):23–30
Weißbach M, Taing N, Wutzler M, Springer T, Schill A, Clarke S (2016) Decentralized coordination of dynamic software updates in the Internet of Things. In: 2016 IEEE 3rdWorld Forum on Internet of Things WF-IoT, S 171–176
Woodbury C, Botz P (2004) Experts’ guide to OS/400 & I5/OS security. System iNetwork, 29th Street Press
Yewale AJ (2018) Study of Blockchain-as-a-Service Systems with a Case Study of Hyperledger Fabric Implementation on Kubernetes
Zhao K, Ge L (2013) A survey on the internet of things security. Paper presented at the 2013 Ninth International Conference on Computational Intelligence and Security, S. 663–667
Zyskind G, Nathan O, Pentland A (2015) Decentralizing Privacy: Using Blockchain to Protect Personal Data. Paper presented at the 2015 IEEE Security and Privacy Workshops, S 180–184
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Barenkamp, M. IoT Security Best Practices. HMD 58, 400–424 (2021). https://doi.org/10.1365/s40702-020-00637-4
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1365/s40702-020-00637-4
Schlüsselwörter
- IoT
- IIoT
- Industrial Internet of Things
- Projektplanung
- Industrie 4.0
- best practices
- Sicherheit
- Authentifizierung