A NEW METHODOLOGY TO IMPLEMENT SECURITY IN A SYSTEM BASED ON INTERNET OF THINGS

Abstract

The usability and popularity of the phenomenon of Internet of Things (IoT) is growing day by day. It is estimated that there will be billions of devices which will be inter-connected and working with each other using this concept. It has wide range of applications both industrial as well as residential. As the number of devices using this concept grows rapidly, security risks also grow with the same pace. This is because the network involved in it has different resource constraints and behaviour than that of the well-established networks like Internet network, WSN’s, etc. So, security principles and concepts applicable to existing networks may not be directly applicable to these devices because of the constraints involved in IoT devices. Some of the constraints include having limited computational power, tight memory, limited energy budget, limited communication bandwidth being mobile and having heterogeneous architectures. Personal data privacy, financial investments, safety hazards and human-life risks are some of the major stakes in IoT due to its working with everyday objects and human beings. More and more software vulnerabilities get exploited by attackers and other insane people. Then huge costs need to be spent to mitigate the problems that occur due to security issues. Hence in this thesis, a new design methodology is proposed based on Security Engineering Framework [3] which considers security requirements to be a part the design decisions in the development life cycle. The inferred decisions can be used to mitigate security risks and can be easily adapted during each stage of software development to improve overall security and maintenance costs of the system.