1 september 2023 presenterar doktoranden Kazi Masum Sadique sitt pågående arbete med titeln ”Securing IoT using Decentralized Trust, Privacy and Identity Management – An artefact for security, trust, privacy and identity management of IoT”. Seminariet genomförs på Institutionen för data- och systemvetenskap (DSV) vid Stockholms universitet.

Respondent: Kazi Masum Sadique, DSV
Opponent: Ding Jianguo, Blekinge tekniska högskola, Karlskrona
Huvudhandledare: Rahim Rahmani, DSV
Handledare: Paul Johannesson, DSV
Närmast berörda professor: Oliver Popov, DSV

Kontakta Kazi Masum Sadique

Sammanfattning på engelska

The Internet of Things (IoT) is a multidisciplinary area where technology meets people to enrich the quality of living with an improved working environment and efficient productivity. As the number of IoT devices increases, many new technology areas are being integrated with IoT. IoT devices mainly connect and collaborate with the central cloud servers for data management. The IoT paradigm is built upon the Internet and accesses different layers of Internet architectures. IoT devices are at the access layer of the Internet, and cloud servers are located at the top layer. The innovative use cases of IoT applications drive the requirement for quick decision-making as near to the source of information. IoT devices need to be authenticated near the source for rapid request processing.

Trustworthy interaction and secure communication between different entities of an IoT paradigm are crucial. A centralized cloud-based implementation of IoT solutions can be problematic for ensuring trustworthy and authenticated interactions where quicker decision-making is involved. Also, privacy leakage possibilities increase with cloud-based solutions as it involves multiparty interactions, which introduce more complexity to ensure data privacy. Traditional security models are unsuitable for IoT due to IoT application and service heterogeneity. There is no generic model for IoT data security and user data privacy, with trustworthy collaboration and identity management near the source.

This thesis focused on creating a generic state-of-the-art artefact for IoT security by using a decentralized trust, user data privacy, and localized identity management for heterogeneous IoT devices and services. The main contributions of this thesis include: a novel decentralized model for secure and reliable interaction between components of the IoT paradigm, which is complemented by a novel decentralized trust management model, a novel edge gateway-based privacy enhancement scheme, and a new decentralized identity management model with new authentication and authorization mechanism for IoT devices where access to new resources is granted locally, and activities are recorded with context information. The proposed models are generic and can be easily adapted to real-life IoT use cases with minor amendments.