Page 141 - Kaleidoscope Academic Conference Proceedings 2021

P. 141

Connecting physical and virtual worlds

Table 2 — Security and privacy controls of IoT-domotics Security of data storage. The security of data storage
should be considered when data such as IoT-domotics
IoT- business and user data are stored in a service subsystem.
domotics Security controls Privacy controls Adopt different security storage mechanisms according to
Entities the data degree of secrets. Support the security storage of the
 Monitoring and prewarning key, for example, store the key in the encryption machine.
 Security of web application Provide data integrity protection, provide an integrity
Service  Security of data storage  Inform users of detection mechanism for sensitive data. Provide a data
Sub-  User authentication privacy policy backup and recovery function.
 Transmission
systems  Application authentication security of private data
 Device authentication User authentication. In the IoT-domotics scenario, family
 Access control members will use the same device to access services. So
build an IoT-domotics user identification system and assign
 Firmware security  Enhance the privacy a unique identity which is necessary. Provide a weak
 Security management for protection of firmware password periodic detection function, and a password
IoT-domotics devices  Enhanced WiFi transmission process needs encryption. Password reset and
 Support for device management function retrieve operations should strictly check the identity
Gateway
authentication  Provide privacy relationship before and after the request.
 Protection of network management tools
 Enhance the security of  Provide hardware Application authentication. The identity authentication
hardware privacy protection function of an application accessing a service subsystem
 Security protection based on platform and services needs to be designed and implemented.
devices classification  Transparency of PII Each application is assigned a unique identity. The
legitimacy of the access application is authenticated, and the
 Security of device firmware in data life cycle authenticated legitimate application can perform subsequent
 Web service security of
Devices devices  Privacy protection service calls. In the process of application authentication, it
and  Security of application of applications is forbidden to transfer the key in plaintext or after
Physical  Connection security of IoT-  Privacy security of transformation with a weak algorithm to prevent the key
Entities device connection from being pushed out in reverse.
domotics devices
 Data transmission security  Enhance the privacy Device authentication. The authentication function of IoT-
protection of hardware
 Enhance the security of domotics devices accessing a service subsystem platform
hardware and services needs to be designed and implemented. Each
 Privacy security of IoT-domotics device is assigned a unique device key, which
 Secure communication is bound to the IoT-domotics device ID, and key
Networks transmission in
protocol management functions such as key generation, distribution,
network storage and update are realized. The legitimacy of the access
device is authenticated, and the authenticated legitimate
4.2 Security controls device can perform the subsequent service.

4.2.1 Security controls for service subsystems Access control. The service subsystem should design and
implement a fine-grained authority management mechanism.
Monitoring and prewarning. Design monitoring and According to different applications, different business access
prewarning mechanism, through the collection and analysis rights are granted. Different business access rights are
of threat information of IoT-domotics devices and systems. granted according to different device types.
Establish a unified management platform for collection,
analysis and control, and establish a notification and 4.2.2 Security controls for IoT-domotics gateway
prewarning mechanism for all kinds of security emergencies
that may occur. Set up technical and management team to Firmware security. In the process of firmware upgrade, the
manage and analyze the monitored information. function of an encrypted transmission and authentication
request is added, and the encrypted key is protected. Hide the
Security of web application. Set up security baseline, pin and model information of the chip, disable the debug
formulate security specifications against tampering and interface, and open the corresponding permissions. Set the
Trojan horse, and put forward monitoring, protection and read protection of the main control chip to prevent the
disposal mechanisms and requirements. Carry out regular firmware from being extracted. Add a safe start-up
inspections with the help of automatic inspection tools and a mechanism to prevent the start-up program from being
check list. Web protection measures such as setting firewalls tampered with or interrupted.
are adopted, and web threat scanning, source code evaluation
and penetration testing are carried out irregularly to find Security management for IoT-domotics devices. The
system vulnerabilities, and update the system in time. security management function of an IoT-domotics gateway
for IoT-domotics devices should be designed and

– 79 –

136 137 138 139 140 141 142 143 144 145 146