Skip to main content

Table 3 IoT security & privacy patterns from the primary studies

From: A decade of research on patterns and architectures for IoT security

Scope affect Pattern name Focus Pattern properties Paper #
Intent Problem Solution Notes
AD Personal data store P Users should be able to keep control over their personal data User may lose control over their data when submitting it to a server Only store personal data on a personal device   Pape and Rannenberg (2019)
AD Data isolation at different entities P Make it harder to profile users Data or usage information is stored in one place Data or usage information are distributed among several entities such that all of the entities can only see a part of the data   Pape and Rannenberg (2019)
AD Decoupling content and location information visibility P Protect the users’ locations Users normally access the services provided by the nearest fog node Vertically clustering the fog nodes   Pape and Rannenberg (2019)
AD Added noise measurement obfuscation P Avoid revealing personal user information over time such as personal habits Providers can aggregate usage information to deduce further information about users Add some noise to the measurements that cancels itself in the long term The usefulness of the data is reduced Pape and Rannenberg (2019)
AD Aggregation of data P Prevent the leakage of further information because of the aggregation of data The usage information aggregated over time may reveal further information Aggregation by a trustworthy provider or by the users themselves, or use a homomorphic encryption (e.g., Paillier 1999)   Pape and Rannenberg (2019)
AD Aggregation gateway P Avoid revealing personal information about the users (e.g., personal habits) over time When a service provider needs a continuous measurement and adding noise is not acceptable Use homomorphic encryption (e.g. Paillier 1999) and a trusted third party aggregating the measurements of multiple users   Pape and Rannenberg (2019)
AD Single point of contact P Provide a specialised privacy management Distributed storage, distributed service providers make it difficult to manage privacy The cloud computing service can manage and coordinate the storage on different fog nodes by issuing security tokens, authenticate local domain users as an Identity Service Provider, certify attributes as an Attribute Provider, and accept external claims as a Relying Party   Pape and Rannenberg (2019)
AA The Recipes approach and SPDI patterns S, P The generation (and adaptation) of orchestrations in ways that are guaranteed to satisfy required SPDI properties Adding new devices to an IoT/IIoT environment with manually designing composite services is time-consuming and error-prone, but also unfeasible Different and heterogeneous orchestration models required for IoT and IIoT applications that are guaranteed to satisfy required SPDI properties   Fysarakis et al. (2019)
S Distributed denial of service in IoT Av Misuse Pattern: An attacker intends to make a target unavailable by flooding its resources with a large volume of traffic using IoT devices How to flood the target with messages from IoT devices to consume all its bandwidth and/or resources making it unavailable for its legitimate users Use vulnerable IoT devices to create an attack network of infected devices (also called zombies or bots) that can be used to direct huge volumes of data towards a target, performing a DDoS attack on the victim   Syed et al. (2018)
AA Trusted orchestration management (TOM) I, AuthN To manage security (identity, origin, non-repudiation) in distributed autonomous clusters It is challenging to ensure the identity of hardware devices and software applications, the origin and integrity of data and the contractual nature of orchestration An architecture pattern based on blockchain   Pahl et al. (2018)
S Hardware IoT security C, I, AuthN To allow even constrained devices to utilize state-of-the-art cryptographic functions How to ensure that a IoT device can securely communicate through the Internet by allowing the upgrade the device’s cryptographic functions independent from its micro-controller Use exchangeable cryptographic co-processors to secure IoT devices   Schuß et al. (2018)
S Secure logger C, Ac To record and encrypt server events (Lee and Law 2017), or to securely maintain log on the gateway (Ur-Rehman and Zivic 2015) Attackers can discover sensitive information through system logs (Dougherty et al. 2009) The data is logged in a secure format, typically by encrypting the data (Dougherty et al. 2009)   Lee and Law (2017); Ur-Rehman and Zivic (2015)
S Secure directory I, AuthZ To ensure that attackers cannot manipulate the files used during the execution of a program Attackers can manipulate files used during the execution of a program First, utilize the pathname canonicalizaiton pattern to insure the file is valid. If the file is valid then check that it is secure (Dougherty et al. 2009)   Lee and Law (2017)
S Secure adapter pattern AuthN, AuthZ To verify the authorization of an IoT device before saving its data to database (Lee and Law 2017) Improper saving of sensor data Convert the interface of an existing class into a more convenient interface, while preserving the security of the adapted entities (Fernandez-Buglioni 2013) A Specific application of the pattern Lee and Law (2017)
S Exception manager pattern Av To process all the exception in data communication with mobile phone The system has a security exception while sending data to mobile phone application The Security Exception Manager will wrap the exception A specific application of the pattern Lee and Law (2017)
S Input validation pattern C, I, Av To ensure all the data input by user is valid and without any malicious text SQL injection and overflow attacks Receive the user data and pass the data to InputValidation for validating correctness of the user data A specific application of the pattern Lee and Law (2017)
AA Secure remote readout C, I, P A remote entity (e.g., a utility) needs to know the status of commodity consumption on regular basis Measurements from the gateway to the remote entity need to be transmitted securely. The gateway uses cryptographic mechanisms with the help of a dedicated hardware (Security Module). The security module provides cryptographic functionalities, such as, en-/decryption, digital signatures, key generation and secure key storage   Ur-Rehman and Zivic (2015)
AD Key manager C To perform the task of key management securely NA NA This pattern is only mentioned Ur-Rehman and Zivic (2015)
AD Wakeup service A To react to the connection establishment from the remote readout center for pull readout operation NA NA This pattern is only mentioned Ur-Rehman and Zivic (2015)
AD Transport layer security C, I For the transport layer security (TLS) operations NA NA This pattern is only mentioned Ur-Rehman and Zivic (2015)
  1. * AA, App arch; AD, App design; S, system
  2. NA, not available
  3. \(^{\mathrm {\#}}\)The paper number is referenced from Table 1
  4. C, confidentiality; I, integrity; Av, availability; Ac, accountability; AuthN, authentication; AuthZ, authorization; P, privacy; SPDI, security, privacy, dependability and interoperability