Achieving a secure and usable Internet of Things (IoT) is a daunting task, as it is necessary to protect the interactions between humans, machines, and possibly millions of heterogeneous constrained devices over the Internet. The main purpose of our workshop will be to address the most important security research issues that must be solved in order to achieve such goal.
One of the first research issues that will be addressed in this workshop is the definition of the emerging risks and vulnerabilities that will affect the future IoT scenarios and applications. There have been various researchers and agencies (such as ENISA) that have studied particular scenarios in order to uncover some of these risks, but more research is still necessary to discover and analyze the factors that will affect all actors and elements of the IoT.
One research issue that has been particularly highlighted in the literature is privacy and data ownership. We must protect the privacy of the users of the IoT, as the IoT may become an omnipresent, intangible entity that will surround users during their entire lives. At the same time, we must also study how their personal data could be disclosed and used by authorized parties. This is tightly associated with the issue of identifying, authenticating and authorizing entities, as the information and services produced by the IoT should only be accessed by those elements (e.g. human beings, machines, things) that are allowed to do so.
Another issue that must be carefully considered is the security of the underlying primitives and protocols that will be used in the IoT. As some devices will be very constrained in terms of memory and computational capabilities, we will address the development of efficient cryptographic primitives. These primitives must provide services such as encryption, hashing and digital signatures using as few resources as possible. The limitations of the devices and the highly distributed nature of the IoT also influence over the protocol and network security, thus we will address how the different protocols of the network stack (e.g. 6LoWPAN) should be protected in order to create a secure and robust communication channel. Finally, as web services will surely become one essential part of the IoT, we will address how the security of web services should be achieved in a heterogeneous environment where limited machines collaborate with each other.
This workshop also considers that the IoT will be surely targeted by malicious adversaries, whose main goal will be to disrupt its services or to obtain profit. Consequently, we will address how the existence of intrusion detection and survivability mechanisms is necessary for the development of self-learning, self-repairing resilient networks. We will also address how these networks can make use of context-aware security to adapt its security mechanisms and its own structure to the existence of failures and attackers. Note that the development of models for trust management and secure collaboration are also necessary in order to allow the cooperation between entities.
As the IoT will be composed of different entities coexisting in heterogeneous infrastructures, we will address the integration and interoperability issues that will be raised whenever these entities try to collaborate with each other. Finally, from a legal perspective, it is necessary to address the different legal challenges and governance issues that will surround the IoT, such as the possible existence of provisions prohibiting or restricting the use of mechanisms of the Internet of Things, rules on IT-security-legislation, and others.