SDPM: a secure smart device provisioning and monitoring service architecture for smart network infrastructure

The Internet of Things (IoT) are becoming a prevalent part of our society offering operational flexibility and convenience. However, insecure provisioning makes the IoT devices susceptible to various cyberattacks. For instance, mal-provisioned devices may leak sensitive information allowing the attackers to eavesdrop or disrupt communication infrastructures. Furthermore, compromised devices can act as zombies to intensify the scale of the attack. Hence, we need secure device provisioning services which can counteract such attacks and adverse circumstances. This article proposes a secure smart device provisioning and monitoring service architecture (SDPM) for smart network infrastructures, such as IoT-enabled smart home or office and Industrial IoT infrastructures. Our architecture allows the provisioning of devices in such a way that the malicious devices can be controlled and their activities using a dynamic policy-based approach. SDPM introduces an IoT device ontology for device registration and authentication and uses the ontology to construct device category and service-specific policies. SDPM provides a fine granular pre and post condition-based policies to provision securely the IoT devices and control their runtime operations. Furthermore, SDPM utilizes the digital twin concept, to monitor dynamically the security status of IoT devices at runtime. The policies associated with a device's twin enables the SDPM to automate security capabilities, such as device firmware updating and patching for security vulnerabilities.