Description:
The Internet of Things (IoT) increasingly appears to be the next great technology revolution. It is expected to impact everything from healthcare delivery, to how food is produced, to how we work, to all forms of transportation and communication, and to virtually all forms of automation. With that said, IoT will impact everyone, and in multiple ways.
With a technology revolution of such large impact on society, it is imperative that IoT-based systems can be trusted. This means that they should exhibit secure, reliable, and private behaviors, as well as many other attributes associated with quality [2, 4]. Privacy is particularly important because IoT-based systems will likely spin off huge amounts of data as a result of sensing and surveillance [1, 3, 4]. Therefore, techniques, tools, and methods to mitigate the numerous ‘trust’ challenges are needed before these automated IoT-based networks manage much of daily life.
Therefore, innovative research is needed to aid in answering the following question: “how can a network be trusted that was built based on the core principles of IoT?” These core principles include computing power, sensing, communication protocols and bandwidth between devices and objects, and actuation affecting the external systems that the IoT networks will control. The approaches sought could include testing techniques, formal methods, certification of devices, auditing and logging during operational usage, certification of networks, analysis of networks of things, and any other approach that addresses the question.
The goal of this subtopic is to facilitate the security, reliability, and privacy of clusters of networked IoT devices (NoTs) by securely auditing and logging their internal and external operations and data interactions in a scalable manner. The presence of an auditing system that can operate independently of any IoT vendor will foster IoT vendor interoperability and will steer technologies toward standards that will enable auditing for both security and reliability of IoT systems. Furthermore, it will offer end-users with operational transparency and will empower them to identify components that can be used together thus improving utility of the IoT systems. Another advantage of auditing and logging is that they offer the ability to increase reliability and resilience without requiring major changes to architectures of NoTs. Moreover, in the future, NIST envisions NoT platforms where individual devices and sensors become the enabling platform for third-party applications to offer services in the form of an application. Having a common auditing system for the system operations will help identify and address reliability and security issues. NIST is interested specifically in applications for home automation, building access control, personal health, and NoT use cases that are deployed as part of monitoring and control of functionality in critical infrastructures.
Phase I expected results:
Proof of concept using a simple network of IoT sensors, devices, and applications in one or two use cases showing how the innovation can produce a secure audit log of the overall IoT network operations. Also, show a system design of a functional prototype that can provide continuous reliable performance, log immutability, and protocol and device scalability.
Phase II expected results:
A full-scale prototype utility that can be applied to a more complex network of IoT sensors, devices, applications for multiple use cases and for different vertical markets (e.g., healthcare, transportation, agriculture, etc.), a user’s manual for the innovation, and experimental results from applying the prototype should be produced.
NIST may be available for consultation, input, and discussions.
