Table 3 IoT security & privacy patterns from the primary studies
From: A decade of research on patterns and architectures for IoT security
Scope affect | Pattern name | Focus | Pattern properties | Paper # | |||
|---|---|---|---|---|---|---|---|
Intent | Problem | Solution | Notes | ||||
AD | Personal data store | P | Users should be able to keep control over their personal data | User may lose control over their data when submitting it to a server | Only store personal data on a personal device | Â | Pape and Rannenberg (2019) |
AD | Data isolation at different entities | P | Make it harder to profile users | Data or usage information is stored in one place | Data or usage information are distributed among several entities such that all of the entities can only see a part of the data | Â | Pape and Rannenberg (2019) |
AD | Decoupling content and location information visibility | P | Protect the users’ locations | Users normally access the services provided by the nearest fog node | Vertically clustering the fog nodes |  | Pape and Rannenberg (2019) |
AD | Added noise measurement obfuscation | P | Avoid revealing personal user information over time such as personal habits | Providers can aggregate usage information to deduce further information about users | Add some noise to the measurements that cancels itself in the long term | The usefulness of the data is reduced | Pape and Rannenberg (2019) |
AD | Aggregation of data | P | Prevent the leakage of further information because of the aggregation of data | The usage information aggregated over time may reveal further information | Aggregation by a trustworthy provider or by the users themselves, or use a homomorphic encryption (e.g., Paillier 1999) | Â | Pape and Rannenberg (2019) |
AD | Aggregation gateway | P | Avoid revealing personal information about the users (e.g., personal habits) over time | When a service provider needs a continuous measurement and adding noise is not acceptable | Use homomorphic encryption (e.g. Paillier 1999) and a trusted third party aggregating the measurements of multiple users | Â | Pape and Rannenberg (2019) |
AD | Single point of contact | P | Provide a specialised privacy management | Distributed storage, distributed service providers make it difficult to manage privacy | The cloud computing service can manage and coordinate the storage on different fog nodes by issuing security tokens, authenticate local domain users as an Identity Service Provider, certify attributes as an Attribute Provider, and accept external claims as a Relying Party | Â | Pape and Rannenberg (2019) |
AA | The Recipes approach and SPDI patterns | S, P | The generation (and adaptation) of orchestrations in ways that are guaranteed to satisfy required SPDI properties | Adding new devices to an IoT/IIoT environment with manually designing composite services is time-consuming and error-prone, but also unfeasible | Different and heterogeneous orchestration models required for IoT and IIoT applications that are guaranteed to satisfy required SPDI properties |  | Fysarakis et al. (2019) |
S | Distributed denial of service in IoT | Av | Misuse Pattern: An attacker intends to make a target unavailable by flooding its resources with a large volume of traffic using IoT devices | How to flood the target with messages from IoT devices to consume all its bandwidth and/or resources making it unavailable for its legitimate users | Use vulnerable IoT devices to create an attack network of infected devices (also called zombies or bots) that can be used to direct huge volumes of data towards a target, performing a DDoS attack on the victim |  | Syed et al. (2018) |
AA | Trusted orchestration management (TOM) | I, AuthN | To manage security (identity, origin, non-repudiation) in distributed autonomous clusters | It is challenging to ensure the identity of hardware devices and software applications, the origin and integrity of data and the contractual nature of orchestration | An architecture pattern based on blockchain |  | Pahl et al. (2018) |
S | Hardware IoT security | C, I, AuthN | To allow even constrained devices to utilize state-of-the-art cryptographic functions | How to ensure that a IoT device can securely communicate through the Internet by allowing the upgrade the device’s cryptographic functions independent from its micro-controller | Use exchangeable cryptographic co-processors to secure IoT devices |  | Schuß et al. (2018) |
S | Secure logger | C, Ac | To record and encrypt server events (Lee and Law 2017), or to securely maintain log on the gateway (Ur-Rehman and Zivic 2015) | Attackers can discover sensitive information through system logs (Dougherty et al. 2009) | The data is logged in a secure format, typically by encrypting the data (Dougherty et al. 2009) |  | |
S | Secure directory | I, AuthZ | To ensure that attackers cannot manipulate the files used during the execution of a program | Attackers can manipulate files used during the execution of a program | First, utilize the pathname canonicalizaiton pattern to insure the file is valid. If the file is valid then check that it is secure (Dougherty et al. 2009) |  | Lee and Law (2017) |
S | Secure adapter pattern | AuthN, AuthZ | To verify the authorization of an IoT device before saving its data to database (Lee and Law 2017) | Improper saving of sensor data | Convert the interface of an existing class into a more convenient interface, while preserving the security of the adapted entities (Fernandez-Buglioni 2013) | A Specific application of the pattern | Lee and Law (2017) |
S | Exception manager pattern | Av | To process all the exception in data communication with mobile phone | The system has a security exception while sending data to mobile phone application | The Security Exception Manager will wrap the exception | A specific application of the pattern | Lee and Law (2017) |
S | Input validation pattern | C, I, Av | To ensure all the data input by user is valid and without any malicious text | SQL injection and overflow attacks | Receive the user data and pass the data to InputValidation for validating correctness of the user data | A specific application of the pattern | Lee and Law (2017) |
AA | Secure remote readout | C, I, P | A remote entity (e.g., a utility) needs to know the status of commodity consumption on regular basis | Measurements from the gateway to the remote entity need to be transmitted securely. | The gateway uses cryptographic mechanisms with the help of a dedicated hardware (Security Module). The security module provides cryptographic functionalities, such as, en-/decryption, digital signatures, key generation and secure key storage | Â | Ur-Rehman and Zivic (2015) |
AD | Key manager | C | To perform the task of key management securely | NA | NA | This pattern is only mentioned | Ur-Rehman and Zivic (2015) |
AD | Wakeup service | A | To react to the connection establishment from the remote readout center for pull readout operation | NA | NA | This pattern is only mentioned | Ur-Rehman and Zivic (2015) |
AD | Transport layer security | C, I | For the transport layer security (TLS) operations | NA | NA | This pattern is only mentioned | Ur-Rehman and Zivic (2015) |