Table 9 Detail of IoT security requirements
IoT security requirements | Description/detail |
|---|---|
It is about giving or denying limited access to the data, resources and applications within the system. It is the procedure of allowing, denying, and restricting access to entities | |
Defines the rights or privileges given to the users based upon the identity to access the system. It verifies and differentiates the identities of users or entities that are entitled for accessing the data or system resources | |
Access control [65] | Access will be granted or denied to the network assets based on security and business requirements related to security |
Network monitoring [62] | It is the procedure of detecting and reporting anomalies and DoS attacks in IoT network |
According to trustworthiness security property any untrusted and malicious data can come from trusted node or sensor. Trustworthiness is described by privacy and security features | |
Data and services of network must be used by legitimate user must be available to them | |
Secure routing [73] | It is procedure of mitigating the impacts of routing attacks, alteration, and packet dropping during the routing operation |
Theft resistance [75] | It is detecting of removing IoT devices in network |
Intrusion detection [76] | Software or hardware systems which monitor the events occurring in network or computer system and make analysis of such events to analysing them for symbols of problems related to security |
Anti-DoS/DDoS [77] | It is the attack which attempts to make the services or resources unavailable or partially inaccessible for using. This security feature is protecting such attacks which forfeits the system resources fully or partially |
Confidentiality[66] | Protection of user’s privacy and hiding data from illegal user or entity |
Integrity [67] | Integrity is about keeping the sensitive data away from modification and destruction. Data must be in complete, correct and reliable form |
Privacy [78] | It is the ability or rights to manage information itself. It means protecting information from the public exposure |
Encryption | A step-wise procedure to convert the message in unreadable format |