Читать книгу The New Advanced Society - Группа авторов - Страница 53

The concept of Internet of Things (IoT), for the first time was proposed in 1999 by Auto-ID laboratory of the Massachusetts Institute of Technology (MIT). IoT extensively uses Machine to Human (M2H) as well as Machine to Machine (M2M) communication models. Various Dedicated Short-Range Communication (DSC) techniques have enabled interconnection of sensors, receivers, actuators and associated computational nodes for IoT devices for exchanging the acquired data. Since inception, IoT has been continuously growing as a technological ecosystem. It is also noticed that IoT devices are generally constrained from high availability of resources point of view. It is observed that the interconnected systems comprise of a huge number of sensing devices which have less memory coupled with smaller processing capability as well as their firmware or driver software are seldom updated. Usually, they are also deployed at physically unsecured, even at public places and left unattended for prolonged duration. Hence there is a definite requirement to secure IoT infrastructure as well as the network. A principal factor in securing an IoT infrastructure is envisaged regarding device identity and mechanisms to authenticate them in the ecosystem. Well known and existing authentication mechanisms require sufficient computing requirement which are generally not possible by the IoT devices. Associated problems such as issues related to authentication, security, data privacy of the IoT devices are increasing with passage of time. In general, huge volume of data is acquired by various sensors and other IoT devices in the IoT system. Such data, if at all saved using a centrally controlled mechanism or under the supervision of a single Trusted Third Party (TTP) administrator, may lead to the data security and privacy issues. To securely control and manage issues of IoT, classical protection mechanisms like cryptographic means and secured communication protocols are insufficient. In order to tackle these problems, there is a requirement of efficient mechanism having distributed storage, thereby avoiding a central point of failure or control. The mechanism should also facilitate secured authentication and access control having capability of sustaining security related attacks on the system.

Similarly, another evolving area, Cloud computing, is also making its presence felt in almost all technical ecosystems. This is also emerging as a vital processing nodal system for IoT. Accordingly, an efficient and robust cloud IoT identity management framework merits its development due to its definite relevance. Due to the above mentioned concepts, systematic analysis with visualization of associated risks with various elements of IoT for identity management is of paramount importance. Visualizing its importance, some research by academia and related developments have been initiated by industries in this regard.

The organization of the rest of the chapter is as follows: Section 3.2 provides details on Internet of Things (IoT) Security. Section 3.3 discusses details on IoT Cloud and Identity related aspects. Section 3.4 elaborates related Developments for Securing IoT for better Identity and Access management. A Distributed Ledger based solution for Identity and Access Management (IAM) security of IoT Cloud is covered in Section 3.5 and Section 3.6 concludes the chapter.