IoTSec:Y1 Suggestions Research Council
From its-wiki.no
Revision as of 22:50, 21 November 2016 by Josef.Noll (Talk | contribs)
Security in IoT for Smart Grids | |||||||
---|---|---|---|---|---|---|---|
|
IoTSec recommendations for future research
High-level recommendations and more detailed research specific challenges as identified by IoTSec (Nov2016)
- Privacy labelling: We have identified privacy labelling as a potential for making privacy work into a commercially viable alternative for companies that put more privacy into their products, apps, services. These can be seen for privacy the same as the energy labels for electronic equipment. - see: IoTSec:Privacy_Label
- Regulations and policies: Pilot-based developments of regulations, allowance to fail, answering the need for quick developments.
- User-involvement: Research should be directed more towards the society, towards people. Incorporate citizens in projects, give them power to participate. E.g. high-frequency reading from smart meters
- Early design: Use of fast prototyping and visualisation as a tool for reducing research cost. When ideas are tested in early stage, critical mistakes may be avoided, thus saving resources.
Research specific challenges
- Complexity due to the concurrency and distributed nature of IoT systems
- Context-centric computation, since the IoT devices, e.g., in the Smart Home, must be aware of the humans. Includes also concepts for privacy-aware cloud computing, e.g. fog/edge computing
- Lack of semantics, since IoT systems would produce large amounts of data, need semantic information in order to become usable.
- Models vs. programs: Analysis and evaluation for agile prototyping based on executable models and semantic-based tools, as and evolution from programming and their low-level tools.
- Semantics for Security and Privacy: Semantic technologies and ontologies are need to establish a unified terminology for fields of privacy and security. This would provide machine-readable data and would allow development of more automated tools.
- Edge and fog computing for privacy
- Measurable security and privacy: A novel concept being in conflict with some purist researchers in security. Though, part of day-to-day business in companies, often entitled as "risk analysis". We see a lack of automated tools and methodologies to help in measuring such important “unmeasurable” aspects like security, privacy, or robustness, which are essential in evaluating smart infrastructures.
- Metrics for translating (functional and non-functional) security into measurable units, e.g. AES 2048 = 85(?) (scale: 0...100)