Page 142 - Kaleidoscope Academic Conference Proceedings 2021

P. 142

2021 ITU Kaleidoscope Academic Conference

implemented to ensure the security protection of the intranet. application package are verified by applying a protection
With the function of security audit, it can keep and audit the signature.
operation status, records, user behavior and configuration
information of the terminal. Different security risks of the Connection security of IoT-domotics devices. Protect
IoT-domotics devices should be set authority division, network port security, disable port forwarding or close port
according to the authority division to develop access control when not needed. The WiFi automatic connection function
strategy. of an IoT-domotics device is turned off by default. Use the
corresponding technology to ensure the security of RFID
Support for device authentication. The authentication communication between reader and tag. Strengthen the
function of an IoT-domotics gateway for IoT-domotics security of pairing and connection. When pairing, add a key
devices should be designed and implemented to prevent verification link. when connecting, use mutual
unauthorized devices from accessing the network. Establish authentication to ensure the connection security.
a strict identity authentication mechanism and access control
function. Filtering function for unknown protocol. Block the Data transmission security. Through the establishment of a
abnormal access of known protocols. Encryption and secure channel between IoT-domotics devices and the
integrity protection of authentication data to prevent replay communication networks, the reliability guarantee
attacks. mechanism of information transmission is established.
Strengthen data transmission encryption operation. On the
Protection of network. Establish a virus and network basis of eliminating plaintext transmission, further
intrusion prevention mechanism, such as deployment of strengthen data filtering, authentication and other encryption
firewall software, anti-virus software, intrusion prevention operations to ensure the correctness of data transmission.
software. Provide a network intrusion alarm function, and
timely remind IoT-domotics users of security prevention and Enhance the security of hardware. The same as the
treatment. hardware security measures in IoT-domotics gateway
security.
Enhance the security of hardware. Use or develop security
chips to prevent vulnerabilities such as Meltdown and 4.2.4 Security controls for networks
Spectre. The processor system adds a safe boot mechanism
to prevent the boot program from being tampered with or Secure communication protocol. The communication
interrupted. Close unnecessary physical debugging protocol needs to meet the security requirements of the IoT-
interfaces or increase interface access control permissions. domotics system in terms of transmission rate, coverage,
Hide chip information to increase the difficulty of security, power consumption and compatibility. Use a high
identifying sensitive chips and components. intensity encryption algorithm, key exchange technology and
device certification to enhance the security of the protocol.
4.2.3 Security controls for IoT-domotics devices and
physical entities 4.3 Privacy controls

Security protection based on devices classification. 4.3.1 Privacy controls for service subsystems
Classified security protection measures should be
implemented for IoT-domotics devices according to Inform users of privacy policy. When IoT-domotics users
hardware resources and processing capacity. In addition, it is register and log in for the first time, pop-up windows,
necessary to establish corresponding security measures hyperlinks and other obvious ways are used to remind users
according to the hardware performance and business to read the privacy policy. Tell how PII is collected, stored,
category of IoT-domotics devices. used, transmitted, shared and destroyed. Provide full
autonomy, for example, have the option to agree and
Security of device firmware. The same as the firmware disagree with the selection.
security measures in IoT-domotics gateway security.
Transmission security of private data. Privacy encryption
Web service security of devices. Verify the user input technology should be used to enhance the security of PII in
parameters (controllable data) to prevent the risk of the process of transmission.
command injection. The service program strictly certifies
and verifies the input data set. Turn off unnecessary services 4.3.2 Privacy controls for IoT-domotics gateway
and ports, such as telnet and ftp services.
Enhance the privacy protection of firmware. The IoT-
Security of application. For the source code of the domotics gateway vulnerabilities should be detected and
application, the necessary security protection, such as reinforced and upgraded. The security measures
confusion processing, tamper proof, white box encryption implemented may include: Perform necessary vulnerability
and other measures are taken. For important resource files detection before the IoT-domotics gateway leaves the factory,
stored locally, select secure encryption algorithm for repair the remaining vulnerabilities and backdoors. Encrypt
encryption and integrity protection, to prevent theft and the firmware upgrade package.
tampering. The integrity and source validity of the

– 80 –

137 138 139 140 141 142 143 144 145 146 147