Research Articles

Security management model for IoT devices based on international standards

Vol. 21 No. 1 (2025)
Published: 20-01-2025
Katerine Marceles Villalba
Edwin Javier Collazos Sandoval
Siler Amador Donado

Introduction:  The research was conducted with the support of the Universidad del Cauca, the Institución Universitaria Colegio Mayor del Cauca, and the Universidad de Antioquia during the year 2023.

Problem: The rapid increase in IoT devices has created a gap in terms of security, as many devices lack adequate protection mechanisms, exposing them to critical vulnerabilities such as weak authentication, unencrypted data transmission, and lack of update management.

Objective: To design a security management model for IoT devices based on international standards that mitigates risks associated with specific vulnerabilities and provides clear guidelines for implementing effective protection measures.

Methodology: The methodology included a systematic literature review, classification of standards, and development of the model at three levels: device security, network security, and security management.

Results: The results highlight the importance of encryption, network segmentation, and regulatory compliance to strengthen security in IoT environments

Conclusion: The developed security management model significantly improves the protection of IoT devices, providing an effective structure based on international standards. Additionally, future developments are proposed, such as integrating artificial intelligence and enhancing user awareness campaigns.

Originality: The model's approach integrates international standards with specific practical measures to address critical IoT vulnerabilities, standing out as an advancement in the field of IoT cybersecurity.

Limitations: The model was tested in a controlled environment and may require adjustments for broader or specific contexts. Additionally, practical implementation may depend on technical and human resources that not all organizations possess.

Keywords: Array, Array, Array, Array, Array

How to Cite

[1]
K. Marceles Villalba, E. J. Collazos Sandoval, and S. Amador Donado, “Security management model for IoT devices based on international standards”, ing. Solidar, vol. 21, no. 1, pp. 1–14, Jan. 2025, doi: 10.16925/2357-6014.2025.01.06.

[1] I. Lee and K. Lee, “The Internet of Things (IoT): Applications, investments, and challenges for enterprises,” Business Horizons, vol. 58, no. 4, pp. 431–440, 2015 DOI: https://doi.org/10.1016/j.bushor.2015.03.008

[2] R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed Internet of Things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013 DOI: https://doi.org/10.1016/j.comnet.2012.12.018

[3] M. Abomhara and G. M. Koien, “Security and privacy in the Internet of Things: Current status and open issues,” in Proc. Int. Conf. Privacy and Security in Mobile Systems (PRISMS), 2014, pp. 1–8 DOI: https://doi.org/10.1109/PRISMS.2014.6970594

[4] S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead,” Computer Networks, vol. 76, pp. 146–164, 2015 DOI: https://doi.org/10.1016/j.comnet.2014.11.008

[5] Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, “Security of the Internet of Things: Perspectives and challenges,” Wireless Networks, vol. 20, no. 8, pp. 2481–2501, 2014 DOI: https://doi.org/10.1007/s11276-014-0761-7

[6] R. H. Weber, “Internet of Things – New security and privacy challenges,” Computer Law & Security Review, vol. 26, no. 1, pp. 23–30, 2010 DOI: https://doi.org/10.1016/j.clsr.2009.11.008

[7] S. Babar, A. Stango, N. Prasad, J. Sen, and R. Prasad, “Proposed embedded security framework for Internet of Things (IoT),” in Proc. IEEE Consumer Communications and Networking Conference (CCNC), 2011, pp. 1–4 DOI: https://doi.org/10.1109/WIRELESSVITAE.2011.5940923

[8] Z. Zhang, M. C. Cho, and C. W. Wang, “IoT security: Ongoing challenges and research opportunities,” in Proc. IEEE 7th Int. Conf. Service-Oriented Computing and Applications (SOCA), 2014, pp. 230–234 DOI: https://doi.org/10.1109/SOCA.2014.58

[9] ISO/IEC 27001:2013 - Information security management, pp. 13–24

[10] NIST SP 800-183 - Network of Things, pp. 20–22

[11] ETSI EN 303 645 V2.1.1 - Cyber Security for Consumer Internet of Things: Baseline Requirements, Jun. 2020, pp. 13–24

[12] A. Garcia-Morchon, S. Kumar, R. Struik, S. Keoh, and N. Heusse, “Security Considerations in the IP-based Internet of Things,” IETF Internet Draft, 2013, pp. 9–37. [Online]. Available: https://datatracker.ietf.org/doc/html/draft-garcia-core-security

[13] M. M. Hossain, M. Fotouhi, and R. Hasan, “Towards an analysis of security issues, challenges, and open problems in the Internet of Things,” in Proc. IEEE World Congress on Services, 2015, pp. 21–28 DOI: https://doi.org/10.1109/SERVICES.2015.12

[14] D. Singh, G. Tripathi, and A. J. Jara, “A survey of Internet-of-Things: Future vision, architecture, challenges and services,” in Proc. IEEE World Forum on Internet of Things (WF-IoT), 2014, pp. 287–292 DOI: https://doi.org/10.1109/WF-IoT.2014.6803174

[15] M. Ammar, G. Russello, and B. Crispo, “Internet of Things: A survey on the security of IoT frameworks,” Journal of Information Security and Applications, vol. 38, pp. 8–27, 2018 DOI: https://doi.org/10.1016/j.jisa.2017.11.002

[16] K. Christidis and M. Devetsikiotis, “Blockchains and smart contracts for the Internet of Things,” IEEE Access, vol. 4, pp. 2292–2303, 2016 DOI: https://doi.org/10.1109/ACCESS.2016.2566339

[17] P. Rizvi, G. Cremer, and C. Bossuet, “Secure element for IoT: Performance and energy consumption analysis,” in Proc. IEEE Int. System-on-Chip Conference (SOCC), 2016, pp. 323–328

[18] M. Jensen, N. Gruschka, R. Herkenhöner, and N. Luttenberger, “SOA and web services: New technologies, new standards – New attacks,” in Proc. 5th European Conf. Web Services (ECOWS’07), 2007, pp. 35–44 DOI: https://doi.org/10.1109/ECOWS.2007.9

[19] J. Burke et al., “Participatory sensing,” Center for Embedded Network Sensing, pp. 1–5, 2006

[20] M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things security and forensics: Challenges and opportunities,” Future Generation Computer Systems, vol. 78, pp. 544–546, 2018 DOI: https://doi.org/10.1016/j.future.2017.07.060

[21] R. Roman, P. Najera, and J. Lopez, “Securing the Internet of Things,” Computer, vol. 44, no. 9, pp. 51–58, 2011 DOI: https://doi.org/10.1109/MC.2011.291

[22] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of Things (IoT): A vision, architectural elements, and future directions,” Future Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, 2013 DOI: https://doi.org/10.1016/j.future.2013.01.010

MÉTRICAS
ARTICLE VIEWS: 226
PDF VIEWS: 293