Security requirements for the Internet of Things: a systematic approach

There has been a tremendous growth in the number of smart devices and their applications (e.g., smart sensors, wearable devices, smart phones, smart cars, etc.) in use in our everyday lives. This is accompanied by a new form of interconnection between the physical and digital worlds, commonly known as the Internet of Things (IoT). This is a paradigm shift, where anything and everything can be interconnected via a communication medium. In such systems, security is a prime concern and protecting the resources (e.g., applications and services) from unauthorized access needs appropriately designed security and privacy solutions. Building secure systems for the IoT can only be achieved through a thorough understanding of the particular needs of such systems. The state of the art is lacking a systematic analysis of the security requirements for the IoT. Motivated by this, in this paper, we present a systematic approach to understand the security requirements for the IoT, which will help designing secure IoT systems for the future. In developing these requirements, we provide different scenarios and outline potential threats and attacks within the IoT. Based on the characteristics of the IoT, we group the possible threats and attacks into five areas, namely communications, device/services, users, mobility and integration of resources. We then examine the existing security requirements for IoT presented in the literature and detail our approach for security requirements for the IoT. We argue that by adhering to the proposed requirements, an IoT system can be designed securely by achieving much of the promised benefits of scalability, usability, connectivity, and flexibility in a practical and comprehensive manner.