Abstract
Internet of Things (IoT) provides a huge business value for customers, organizations, and governments due to the developments of so many applications in different sectors like energy and healthcare. Nevertheless, as a new emerging technology, IoT faces several security concerns that are more challenging than conventional Internet because of its limited resources as well as its complex ecosystem. Toward this end, we first highlight IoT security challenges and briefly discuss its security goals like confidentiality and integrity. Second, we discuss the most common attacks against IoT, along with their violated security goals. We also review the existing frameworks of security and privacy guidelines for IoT and illustrate their shortcomings. Third, we propose a novel framework for securing IoT objects, the key objective of which is to assign different Security Level Certificates (SLCs) for IoT objects based on their hardware capabilities and protection measures. Objects with SLCs, therefore, will be able to communicate with each other or with the Internet in a secure manner. The proposed framework is composed of five main phases. In phase 1, we classify IoT assets into four components: (i) physical objects, (ii) protocols, (iii) data at rest, and (iv) software, which includes operating systems, middlewares, and applications. We also classify IoT objects into five categories based on their hardware capabilities. In phase 2, we propose security and privacy guidelines for previously mentioned IoT assets, along with their protection measures. In phase 3, we classify protection measures into five SLCs, and then we assign different SLCs for IoT objects. In phase 4: we develop a communication plan between objects based on their SLCs. In phase 5, we propose a four-step method to seamlessly integrate our objects with legacy objects ( objects are not developed according to our framework). Fourth, the feasibility and application of this framework are illustrated using smart homes as a case study. Finally, we investigate how our framework would lessen several attacks and threats against IoT like routing attacks and physical damage. We also provide qualitative arguments to show that this framework could be utilized to solve some of IoT security challenges such as tight resource constrains. Moreover, we discuss the shortcomings of our suggested framework.