2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob) (2014)
Oct. 8, 2014 to Oct. 10, 2014
Ricardo Neisse , European Commission Joint Research Centre, Ispra, Italy
Gary Steri , European Commission Joint Research Centre, Ispra, Italy
Gianmarco Baldini , European Commission Joint Research Centre, Ispra, Italy
According to the European Union data protection legislation, privacy is a fundamental right that should be protected in the interaction of the citizen with the digital world. In the evolution of Internet towards new paradigms like Internet of Things (IoT), protection of privacy can be a challenging task because IoT connected objects can generate an enormous amount of data, some of which actually constitute personal data. In addition, it is difficult to control the flow of data when there is no user interface or adequate tools for the user. In this paper we describe an efficient solution to enforcement security policy rules that addresses this challenge, and takes a more general enterprise architecture approach for security and privacy engineering in IoT. This enforcement solution is based on a Model-based Security Toolkit named SecKit, and its integration with the MQ Telemetry Transport (MQTT) protocol layer, which is a widely adopted technology to enable the communication between IoT devices. In this paper, we describe the motivation and design of our enforcement solution, demonstrating its feasibility and the performance results in a case study.
Context, Authentication, Internet of Things, Data privacy, Authorization
R. Neisse, G. Steri and G. Baldini, "Enforcement of security policy rules for the Internet of Things," 2014 IEEE 10th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)(WIMOB), Larnaca, Cyprus, 2014, pp. 165-172.