VALADARES, D. C. G.; http://lattes.cnpq.br/2071137340853439; VALADARES, Dalton Cézane Gomes.
Resumo:
The “Internet of Things” (IoT) is a term used, for the first time, in 1999, by Kevin Ashton,
when speaking about the possibility of a connection between physical devices and the Inter-
net. RFID (Radio Frequency Identification) was one of the main technologies used in that
time, allowing objects tracking and identification, among other applications. Since then, the
advances in many technologies, and the arising of many others, have enabled the cost low-
ering of devices and components, arousing, even more, the industry and academy interest
in exploring the many possibilities of IoT applications. As the use of these applications is continuously increasing, it becomes necessary for the most different scenarios to standardize architectures, communication protocols, and security mechanisms to ease the development of such solutions and improve the confidence of final users. The lack of standardization is still a challenge, and, in this sense, many companies and open source communities have proposed middleware, frameworks, and other kinds of solutions. However, there is no “de facto” standard, well defined and accepted, yet. Thus, companies and people interested in using such solutions have some concerns and doubts about which of them to choose or how to model a specific solution. These concerns are even greater when the application deals with sensitive data, such as Personal Identifiable Information (PII) or Personal Health Information (PHI), that demand protection and requires well-established security mechanisms. This work intends to provide a Trusted IoT Architecture (TIoTA) to implement secure IoT applications according to it. The proposed architecture considers authentication, authorization, cryptography, and Trusted Execution Environments (TEEs) to make this possible. A TEE is a technology provided by some modern processors that enable secure processing in a protected memory region. The TIoTA proposed is validated with a formal method (Coloured Petri Net) and an experiment that measures an implemented application’s performance. This application considers some FIWARE components for authentication and authorization, and some Intel Software Guard Extensions (SGX) applications, for protected processing. With the proposed architecture, good protection levels are achieved when considering integrity, confidentiality, privacy, authentication, authorization, and secure communication.
