The Internet of Things (IoT) and Its Design Patterns - Paper Example

Keywords: Internet of Things, data management, Access Control Data Models, End-to-end Encryption, Datagram Transport Layer Security, Asymmetric/Public-key Cryptography, Device Management

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

INTRODUCTION

The Internet of Things (IoT) is a networking model where interconnected, smart devices such as vehicles, buildings, and physical devices continuously generate data and convey it over the Internet. Most of the IoT schemes are geared towards manufacturing affordable and energy-efficient hardware for these Things, and the communication technologies that avail Things interconnectivity. Mainly, these Things include subsystems and individual physical and virtual entities. IoT strives to provide a standard stage for developing supportive services and software applications that control the power of resources available through the individual devices and any subsystems designed to manage the devices mentioned above remotely. Notably, at the center of these resources is the information that can be availed through the combination of the data generated in real-time and data stored in permanent stores. This information can facilitate the realization of innovative and different applications, enable the delivery of value-added services, and avail a vital source for trend analysis and strategic opportunities.

Data management refers to the architectures, procedures, and practices for appropriate management of information lifecycle requirements of an individual system. Regarding IoT, data management acts as a layer between the objects and devices creating the data and the applications accessing the information for analysis and services. Notably, one can arrange the devices into subsystems with independent governance and internal hierarchical management. The functionality and data availed by these subsystems to the IoT depend on the level of privacy needed by the subsystem owners. Besides, IoT poses security and confidentiality risks despite its anticipated positive impact especially for sectors that manage highly personalized data, for example, healthcare providers. The biggest safety hazard of IoT originates from its most significant benefit, namely, the connection of physical devices to a global network. Therefore, the growing need for secure processing, sharing and analyzing data deems it necessary to use efficient database management systems to aid in creating new builds and managing applications. Therefore, this paper seeks to explore the available patterns that manage data collection and distribution in IoT applications securely.

IOT DESIGN PATTERNS

Various designs are available to help in the management of collection and distribution of data in IoT applications. However, these patterns vary regarding their level of abstraction. As mentioned above, the paper focuses on those patterns related to IoT security. They include:

Access Control Data Models

The Access Control Data model shows the relationships between the access control tables. An access control policy comprises a member group, a resource group, and an action group. It can contain a relationship or a connection group optionally. These models allow only authorized users to access a data store, for example, a file, sensor, URL, or an IoT device. Notably, in the IoT context, access control is required to ensure that only trusted parties can update device software, command the actuators to perform an operation or access sensor data. Therefore, access controls enable organizations to share IoT device data with technology vendors to allow predictive maintenance and protection of sensitive information. There are two ways to implement access control for IoT. In a distributive architecture, a server gives access tokens to users that they use to access the IoT devices directly. In a centralized architecture, users access cloud-based servers only that authorize their requests and relay data between the users and the IoT devices. Nevertheless, it is essential to analyze IoT implementations in the light of the standard access control models to design an architecture that works best for a given organization.

End-to-end Encryption

Note that, every IoT device is an endpoint, which means that everyone is a potential entry point for hackers. Worse, many of these devices are linked to mission-critical equipment, for instance, telemedicine monitors in patient homes, or switches to an electricity utility substation. Such roles make IoT devices attractive and tempting targets for terrorists and others who seek to wreak havoc with a single attack. Additionally, others leverage the IoT to steal credit data and corporate secrets. These threats are expensive to businesses and countries, and the costs continue to rise with advancement in technology. Therefore, securing IoT starts with understanding the need for a fundamentally different set of tools and strategies because the current SSL is not sufficient.

End-to-end encryption is a data management pattern aimed at protecting against IoT-enabled breaches. Notably, this model maximizes protection despite whether the data exist in a public or private cloud, on an IoT endpoint or while in transit. Encrypting data also complements the traditional focus on network security. Furthermore, even when the initial line of defense such as a firewall fails, the information remains protected. However, corporate should build this model around the next-generation technologies, which are less resource-intensive. Such solutions include those that encrypt and compress data in real time in a single pass at the byte level.

Datagram Transport Layer Security (DTLS)

The IP-based IoT refers to the interaction of smart devices enabling new applications employing IP protocols. Security and privacy are vital for such an environment. Notably, because of mobility, resource constraints, new communication channels, and limited bandwidth, it is essential to adapt existing security solutions. The major role of security architecture is to avail network access control to the smart devices. The devices are authenticated and given network access through a pre-shared key (PSK) based security handshake protocol, a solution based on DTLS. The devices can derive session and group keys through the traditional secure channels and the distributed operational and safety parameters. Mainly, the DTLS architecture facilitates a smooth interaction and interoperability with the Internet because of the extensive application of transport layer security. Nevertheless, this model requires further optimizations because it exhibits performance constraints, which limit its deployment in some network topologies.

Asymmetric/Public-key Cryptography

The Asymmetric cryptography combines the end-to-end encryption and DTLS models by using public and private keys to encrypt and decrypt data in IoT. The keys are large numbers paired together but are different (asymmetric). The public key can be shared with everyone, but the private key is kept secret. Either of the keys is used to encrypt the data while the different key is used to decrypt the message. Many protocols such as TLS rely on this pattern for encryption and digital signature operations. Additionally, it is used in software programs that need to create a secure connection aver an insecure network such as the Internet.

Device Management

Once an IoT device is installed, there is a continuous need for bug fixes and software updates. Some devices fail and need to be repaired or replaced, and each time this happens, there is a need to minimize downtime. This is to keep up customer satisfaction and to protect the companys revenue stream. Mainly, any IoT system addresses four key categories of device management, namely, provisioning and authentication, configuration and control, monitoring and diagnostics, and software updates and maintenance. Regarding security, device authentication securely establishes the identity of the device to ensure that it is trustworthy. Mainly, that it is running trusted software and that it is working on behalf of a trusted user.

Conclusion

To conclude, technological advancement continues to link more devices including vehicles, phones, electric grids, and homes to the internet through the Internet of Things applications. Notably, with the increasing connectivity of these devices, security issues are on the rise. Therefore, there is a need to secure the information shared and stored in these devices to ensure hackers and terrorists have no access to critical data they can use to harm individuals, companies and countries. Key data management patterns that secure IoT devices include Access Control Data Models, End-to-end Encryption, Datagram Transport Layer Security, Asymmetric/Public-key Cryptography, and Device Management.