The Internet of Things (IoT) is the network of physical devices, vehicles, home appliances and other items embedded with electronics, software, sensors, actuators, and connectivity which enables these objects to connect and exchange data. Nowadays the IoT is regarded as one of the major forces driving innovation and considered a key enabler of human progress. However, both the industry and academia, recognize its immaturity in terms of security.
Coming July, a research team from IT in Covilhã will start working on project SECURIoTESIGN - Towards the assurance of SECURity by dESIGN of the Internet of Things. The project main focus will be to ensure that appropriate security technology is correctly integrated in the design and development of IoT devices and solutions. Pedro Inácio, the project coordinator, explained that “the main goal is to advance the state of the art with regard to how security engineering is employed for IoT systems, as well as the associated documentation, and if security check mechanisms are integrated in IOT systems”.
There are several methods for security engineering and many mechanisms, controls and protocols available for the most diverse technologies and paradigms. However (probably influenced by the pressure to reach the market) many systems are developed without guaranteeing security. This modus operandi leads to security being implemented a priori by means of patches, configurations or replacement of equipment. “This problem is even more striking in many IoT´s application domains and systems”, says Pedro Inácio.
This project seeks to trace part of the path that establishes knowledge and methods for designing IoT construction-safe systems, providing the means to facilitate the application of such knowledge and methods. In this sense SECURIoTESIGN will deliver a comprehensive framework of (prototyped) tools for computer assisted identification of security requirements, attack and system modeling, test specification, mapping of requirements and technology, generation of high quality documentation and auditing.