CLIPS: Customized Levels of IoT Privacy and Security

Krishna Kavi

Internet of Things (IoT) refers to systems that can be attached to the Internet and thus can be accessed and controlled remotely. Such devices are essential for creating ”smart things”like smart homes, smart grids, etc. IoT devices have achieved unprecedented success. It offers an interconnected network where devices (in the consumer space) can all communicate with each other. However, many IoT devices only add security features as an afterthought. This has been a contributing factor in many of the recently reported attacks and warnings of potential attacks such as taking control of autonomous cars. Many IoT devices are compact and feature limited computing resources, which often limits their ability to perform complex operations such as encryption or other security and privacy checks. With capabilities of devices in IoT varying greatly, a one-size-fits-all approach to security can prove to be inadequate. We firmly believe that safety and privacy should both be easy to use, present little inconvenience for users of non-critical systems, yet be as strong as possible to minimize breaches for critical systems. In this paper, we propose a novel architecture that caters to device specific security policies in IoT environments with varying levels of functionalities and criticality of services they offer. This would ensure that the best possible security profiles for IoT are enforced. We use a smart home environment to illustrate the architecture.

University of North Texas