and ensure that the information collected and commands received by the objects are legitimate. Verifying the integrity of data involves two processes, one involving the sender and the other the recipient. The entity that is transmitting the data adds verification information (like the Block Check Character or a cryptographic check value such as a hash value) based on the data transmitted. The recipient generates the same verification information based on the data received and compares this information with the information received in order to determine whether or not the data were modified during transmission in the IoT environment (ITU-T 1991).
The integrity of objects is necessary as the nodes in the IoT may be deployed in an unreliable environment and may be physically attacked to modify the software codes in the objects, for example. This second integrity service in the IoT enables the detection and prevention of any modification to the operating system and the configuration of the objects. The integrity of objects also makes it possible to lock and eliminate non-compliant devices. To implement this type of integrity, a digital fingerprint for the object in question is used to compare data effectively available on the object with the data that should be available.
1.4.2.4.2. Research projects
Various European research projects have studied the security service ensuring both types of integrity, that of data as well as of objects, in an IoT environment. SMARTIE, for instance, takes into account several architectures for the implementation of the integrity service in an IoT environment. It uses Linux’s kernel integrity measurement architecture (Pokric et al. 2015) to verify the integrity of objects. It additionally takes the support of integrity verification mechanisms present on smart cards, while taking inspiration from the Integrity Measurement Architecture (IMA). SMARTIE thus offers a node-attestation component that makes it possible to verify the integrity of the node by testing the hashing for the list of software and files that have been executed on that node. The node attestation component consists of a Remote Attestation mechanism between IoT objects and the remote central unit that is responsible for measuring the integrity of the objects. Remote attestation allows the remote party – the gateway or server responsible for verifying the integrity of the objects – to inspect the state of a device or an IoT object at any given moment. The remote party may request the hashing of the list of software or files and is able to verify whether the records provided by the device have been falsified by comparing the hashing received with the hashing that was calculated. The node-attestation component developed in SMARTIE makes it possible to provide a practical solution, which is a compromise between the hardware solution and the software-based approaches by using the IMA module and the architecture for integrity measurement that is present in the Linux kernel (SMARTIE 2014a; Pokric et al. 2015). The IMA module measures the integrity of the binary code before the kernel proceeds to loading the code into memory to be run. The measurement result is recorded and sent to the IMASC service (Integrity Management Architecture using a Smart Card). The IMASC system transmits the result to the smart card, where it is timestamped and signed so that there can be no subsequent manipulation of the entry. In addition, the smart card preserves a record with the hash value. For remote attestation, the verifying party can inspect the state of a remote device at any time by requesting the hashing and verifying the signatures. During a remote attestation request, the IMASC service interacts with the smart card and with the remote party in order to provide the proof of attestation. Further, various libraries have been designed for IoT objects in order to carry out the hash functions. For example, we have “Cryptosuite” (Knight 2010), which is a library for Arduino that supports different hashing algorithms such as SHA-1, SHA-256, HMAC-SHA-1 and HMAC-SHA-256.
1.4.2.5. Non-repudiation in the IoT
1.4.2.5.1. Definition
The non-repudiation service ensures that one party cannot deny its involvement in exchanges. This service can take one or two of the forms described below: the first form is non-repudiation with proof of origin, where the recipient receives proof of the origin of the data. This proof may be a digital signature using asymmetric encryption applied to the result of the hashing of the data exchanged. The second form is non-repudiation with proof of the data delivery, where the sender receives this proof in the form of an acknowledgment, for example (ITU-T 1991). The non-repudiation security service is necessary in the IoT to provide proof of data transmission through objects and also as a proof of the dispatch of any order by users of IoT services. This may fit into the framework of an audit that will allow the tracking and recording in trace files of all events that took place in an IoT environment.
1.4.2.5.2. Research projects
The first form of non-repudiation (i.e. with proof of origin) is based on mechanisms that are used to guarantee integrity, such as the data signature.
Consequently, the adaptation of non-repudiation mechanisms to an IoT environment may borrow from the adaptation of integrity services in the IoT. Non-repudiation was guaranteed in SMARTIE by the implementation of a signature for the list of software and operating systems of objects in order to verify the identity of the hashing issuer (see section 1.4.2.4.2).
1.4.2.6. Availability in the IoT
1.4.2.6.1. Definition
Availability refers to the possibility of on-demand access and use of resources by an authorized entity, following authentication and access control. Availability is a security service. Indeed, a service that becomes unavailable after a Denial of Service (DoS)-type attack, for instance, is an unsecured service and may be compromised at any time (Mosenia and Jha 2017). Availability in the IoT is essential to provide an Internet-enabled environment that is completely operational. In the context of the IoT, this service integrates both the availability of devices (that is, objects and gateways), allowing for uninterrupted data collection, and also the availability of IoT services offered to users. This second type of availability is determined by the configuration of the IoT environment, resulting in the need to make appropriate choices for management and administration protocols and for protection against DoS attacks (DDoS: Distributed DoS). Services offered in the IoT must be constantly available while taking into account the critical nature of some of these services (Mosenia and Jha 2017). In this context, availability round-the-clock, 365 days a year, is required for critical IoT services, such as certain applications in the field of e-health.
1.4.2.6.2. Research projects
In accordance with recommendations made by the GSMA (Global System for Mobile Communications Association), a commercial organization that represents the interest of 800 mobile operators around the world, availability was brought to the fore, while indicating that nodes must be capable of continuous communication with each other, with users and with back-end services (GSMA 2016). The European iCore project ((Internet Connected Objects for Reconfigurable Ecosystem) (Menoret 2012), funded by FP7 (October 2011–October 2014), defines the security requirements that must be taken into consideration in a framework concerning the IoT. The framework, called the “Open Cognitive framework” takes into account three levels: Virtual Objects (VO), which offers a virtual representation of objects; Composite Virtual Objects (CVO), which represents the fusions of several VOs; and the user level. This framework makes it possible to ensure that objects are re-used in these services, thus allowing a certain redundancy in order to improve availability. Similarly, the fusion of some VO through the CVOs ensures better availability. A semantic description of object capabilities allows this reutilization. The iCore project also puts forth recommendations to be respected in different practical use cases in the IoT. Thus, the report (Menore 2012) emphasizes the idea of providing mechanisms to protect information infrastructure against DoS threats and to implement the mechanisms required to support the recovery of service after a failure.
The research described in Nagara et al.
