Читать книгу Service Level Management in Emerging Environments - Nader Mbarek - Страница 27

The confidentiality service offers protection against non-authorized entities analyzing traffic and against data flows being divulged. Data encryption is the most appropriate mechanism to ensure this security service. Encryption can be carried out using a symmetric system (with a secret key) or an asymmetric system (public key). Symmetric encryption involves knowing the secret key that allows encryption and decryption. For asymmetric encryption, the knowledge of the public encryption key by all entities does not imply knowledge of the private key for decryption. Apart from encryption mechanisms, there must be a key management mechanism in order to exchange keys between the communicating entities (ITU-T 1991).

In an IoT environment, there are several points that must be taken into consideration when using the confidentiality service, especially during the key exchange process for encryption. First of all, extensibility is an important characteristic that must be considered, as there is a high number of connected objects. In fact, the number of entities that can be involved in the key exchange process may be limited by using conventional systems. Second, new entities may be involved after the initial key exchange. Thus, new objects may be integrated into the IoT environment after the initiation of the services. Scalability is another important characteristic that must be taken into consideration. Indeed, when new entities are involved in the key exchange process in the IoT, the volume of cryptographic data to be stored on the objects becomes greater, while IoT objects are subject to restrictions in terms of data storage and processing abilities (Abdemeziem 2016).