Security management model for IoT devices based on international standards
Introduction: The research was conducted with the support of the Universidad del Cauca, the Institución Universitaria Colegio Mayor del Cauca, and the Universidad de Antioquia during the year 2023.
Problem: The rapid increase in IoT devices has created a gap in terms of security, as many devices lack adequate protection mechanisms, exposing them to critical vulnerabilities such as weak authentication, unencrypted data transmission, and lack of update management.
Objective: To design a security management model for IoT devices based on international standards that mitigates risks associated with specific vulnerabilities and provides clear guidelines for implementing effective protection measures.
Methodology: The methodology included a systematic literature review, classification of standards, and development of the model at three levels: device security, network security, and security management.
Results: The results highlight the importance of encryption, network segmentation, and regulatory compliance to strengthen security in IoT environments
Conclusion: The developed security management model significantly improves the protection of IoT devices, providing an effective structure based on international standards. Additionally, future developments are proposed, such as integrating artificial intelligence and enhancing user awareness campaigns.
Originality: The model's approach integrates international standards with specific practical measures to address critical IoT vulnerabilities, standing out as an advancement in the field of IoT cybersecurity.
Limitations: The model was tested in a controlled environment and may require adjustments for broader or specific contexts. Additionally, practical implementation may depend on technical and human resources that not all organizations possess.
How to Cite
License
Copyright (c) 2025 Ingeniería Solidaria
This work is licensed under a Creative Commons Attribution 4.0 International License.
Cession of rights and ethical commitment
As the author of the article, I declare that is an original unpublished work exclusively created by me, that it has not been submitted for simultaneous evaluation by another publication and that there is no impediment of any kind for concession of the rights provided for in this contract.
In this sense, I am committed to await the result of the evaluation by the journal Ingeniería Solidaría before considering its submission to another medium; in case the response by that publication is positive, additionally, I am committed to respond for any action involving claims, plagiarism or any other kind of claim that could be made by third parties.
At the same time, as the author or co-author, I declare that I am completely in agreement with the conditions presented in this work and that I cede all patrimonial rights, in other words, regarding reproduction, public communication, distribution, dissemination, transformation, making it available and all forms of exploitation of the work using any medium or procedure, during the term of the legal protection of the work and in every country in the world, to the Universidad Cooperativa de Colombia Press.
[1] I. Lee and K. Lee, “The Internet of Things (IoT): Applications, investments, and challenges for enterprises,” Business Horizons, vol. 58, no. 4, pp. 431–440, 2015
[2] R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed Internet of Things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013
[3] M. Abomhara and G. M. Koien, “Security and privacy in the Internet of Things: Current status and open issues,” in Proc. Int. Conf. Privacy and Security in Mobile Systems (PRISMS), 2014, pp. 1–8
[4] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015
[5] Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the Internet of Things: Perspectives and challenges,” Wireless Networks, vol. 20, no. 8, pp. 2481–2501, 2014
[6] R. H. Weber, “Internet of Things – New security and privacy challenges,” Computer Law & Security Review, vol. 26, no. 1, pp. 23–30, 2010
[7] S. Babar, A. Stango, N. Prasad, J. Sen, and R. Prasad, “Proposed embedded security framework for Internet of Things (IoT),” in Proc. IEEE Consumer Communications and Networking Conference (CCNC), 2011, pp. 1–4
[8] Z. Zhang, M. C. Cho, and C. W. Wang, “IoT security: Ongoing challenges and research opportunities,” in Proc. IEEE 7th Int. Conf. Service-Oriented Computing and Applications (SOCA), 2014, pp. 230–234
[9] ISO/IEC 27001:2013 - Information security management, pp. 13–24
[10] NIST SP 800-183 - Network of Things, pp. 20–22
[11] ETSI EN 303 645 V2.1.1 - Cyber Security for Consumer Internet of Things: Baseline Requirements, Jun. 2020, pp. 13–24
[12] A. Garcia-Morchon, S. Kumar, R. Struik, S. Keoh, and N. Heusse, “Security Considerations in the IP-based Internet of Things,” IETF Internet Draft, 2013, pp. 9–37. [Online]. Available: https://datatracker.ietf.org/doc/html/draft-garcia-core-security
[13] M. M. Hossain, M. Fotouhi, and R. Hasan, “Towards an analysis of security issues, challenges, and open problems in the Internet of Things,” in Proc. IEEE World Congress on Services, 2015, pp. 21–28
[14] D. Singh, G. Tripathi, and A. J. Jara, “A survey of Internet-of-Things: Future vision, architecture, challenges and services,” in Proc. IEEE World Forum on Internet of Things (WF-IoT), 2014, pp. 287–292
[15] M. Ammar, G. Russello, and B. Crispo, “Internet of Things: A survey on the security of IoT frameworks,” Journal of Information Security and Applications, vol. 38, pp. 8–27, 2018
[16] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016
[17] P. Rizvi, G. Cremer, and C. Bossuet, “Secure element for IoT: Performance and energy consumption analysis,” in Proc. IEEE Int. System-on-Chip Conference (SOCC), 2016, pp. 323–328
[18] M. Jensen, N. Gruschka, R. Herkenhöner, and N. Luttenberger, “SOA and web services: New technologies, new standards – New attacks,” in Proc. 5th European Conf. Web Services (ECOWS’07), 2007, pp. 35–44
[19] J. Burke et al., “Participatory sensing,” Center for Embedded Network Sensing, pp. 1–5, 2006
[20] M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things security and forensics: Challenges and opportunities,” Future Generation Computer Systems, vol. 78, pp. 544–546, 2018
[21] R. Roman, P. Najera, and J. Lopez, “Securing the Internet of Things,” Computer, vol. 44, no. 9, pp. 51–58, 2011
[22] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of Things (IoT): A vision, architectural elements, and future directions,” Future Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, 2013
