April 16, 2021
One of the major barriers to adopting IoT in a smart city context is the security of the huge data generated by the IoT applications. As the number of devices grows exponentially as a part of different applications communicating through various protocols, the smart city becomes a source of huge amounts of heterogeneous big data. Out of these huge data, some data (traffic data) may be used for the immediate (real-time) application while other types of data (social media) may not be used for an immediate application but can be fully used to formulate new policy or to understand the trend when analysed by AI (Artificial Intelligence) and ML (Machine Learning). By visualization and simulation of events and modelling new use case scenarios, processing (an efficient use, mashing and correlation) of heterogeneous data not only enhance the quality of service offered to end-users but also prevent accidents and enhance preparedness regarding disaster management.
For example, if an accident occurs, it will be reported to the management infrastructure (centre) through traffic information. Then, the management centre sends the nearest police cars (having the lower task priorities according to their transmitted information) and requests for ambulances. The centre not only sends accident warnings to car drivers in the accident area through car’s Human Machine Interfaces (HMI) and road advertisement boards but also recommends the journey modifications to cars going through the accident area.
It can also modify traffic flows and lights to facilitate ambulances’ tasks.
Data processing challenges
Although centralised in decision making, Cloud-based solutions, store, visualize and process the large heterogeneous data collected from large scale infrastructure to make timely inferences to meet the majority of today's smart city applications. But, due to the current infrastructure scalability evolution, Cloud-based solutions may not be capable to meet future requirements of real-time smart city applications. In that context, the physical distance between data collection and its processing can be a stumbling block.
To address this aforementioned challenge, Fog-based computing and Edge computing solutions can be explored, as they store and process the data at the source or nearby the source. In the fog based solution, storage and applications are distributed in the most logical and efficient locations between the data source and the cloud, while in Edge computing solution data process at the periphery of the network or as close as possible to the data source.
Date security-related challenges
Data security issues can be summarized as
Cryptographic techniques are the best solutions to address security needs (Data confidentiality, integrity and authentication), High data security need can be solved by Data encryption algorithms which are divided into two categories:
1. Public-key encryption algorithms
It is difficult to implement public-key encryption algorithms, which consume more resource, on some IoT objects such as RFID tags, which have limited power and energy resources.
2 Symmetric encryption algorithms
Suitable for IoT devices, symmetric algorithms are widely used in smart city context but the symmetric key exchange protocols of such cryptosystems are too complex, which limit infrastructure scalability and can create confidentiality problem for shared keys.
As the security risk is increased with the exponential rise in IoT objects, if one of the keys is compromised, all system communications are compromised. To address this issue, the IoT system can be divided into multiple groups and a different symmetric key is used within each group. However, the risk transfer from the system to the group and if one key is compromised, the communications with the group are also compromised.
To address this problem public-key encryption algorithms can be employed. In this solution, each object owns a pair of public and private keys. Each object keeps its private key, while the base station stores the public keys of all objects. The public-key encryption algorithms suitable for IoT include: Rabin’s Scheme, NtruEncrypt and Elliptic Curve Cryptography (ECC). Although ECC offers good scalability without complex key management protocol, the application of these algorithms to the IoT environment is under investigation and do not universally apply to all types of objects especially RFID tags, where the problem of limited resources remains a challenging issue.
As a base station that owns public keys cannot authenticate the genuineness of the objects, the public key encryption solution suffers from trust issues.
Key management plays a vital role in the implementation of various security solutions.
Key management has following multiple steps
An important component of the key management cycle is a key distribution which includes secure transmission and distribution to legitimate users of (1) public keys and shared secrets in the case of asymmetric cryptography, and (2) secret keys in the case of symmetric cryptography.
Using symmetric key management and public keys may be designed for WSN (Wireless Sensor Network) but may not suitable for all types of objects.
Trust management mechanisms in IoT context
As the network relies on the cooperation of all nodes, the vulnerability of a single node can have serious repercussions on the entire network. If an attacker succeeds to compromise or add one or multiple objects in the network, the attacker can provide fake or erroneous information, which can subsequently affect the cooperation of nodes, data treatment and the result provided to the final user. Thus, the credibility of every single node is key to ensuring accurate and reliable network service delivery. Current trust management schemes only verify data consistency and validity, but cannot guarantee objects’ authentication and may not completely adaptable to the IoT context.
More research is needed to develop lightweight key management techniques and protocols that are specifically well suited for IoT scenarios and their application in the future.
Several leading IoT company across the world (including SLS) are working to find out the lasting solution of data security to implement IoT on a massive scale in a smart city context.