A Trust-by-Design Framework for the Internet of Things

Abstract

The Internet of Things (IoT) is an environment where interconnected entities can interact and can be identifiable, usable, and controllable via the Internet. However, in order to interact among them, such IoT entities must trust each other. Trust is difficult to define because it concerns different aspects and is strongly dependent on the context. For this reason, a holistic approach allowing developers to consider and implement trust in the IoT is highly desirable. Nevertheless, trust is usually considered among different IoT entities only when they have to interact among them. In fact, without considering it during the whole System Developmente Life Cycle (SDLC) there is the possibility that security issues will be raised. In fact, without a clear conception of the possible threats during the development of the IoT entity, the lack of planning can be insufficient in order to protect the IoT entity. For this reason, we believe that it is fundamental to consider trust during the whole SDLC in order to carefully plan how an IoT entity will perform trust decisions and interact with the other IoT entities. To fulfill this goal, in this thesis work, we propose a trust-by-design framework for the IoT that is composed of a K-Model and several transversal activities. On the one hand, the K-Model covers the SDLC from the need phase to the utilization phase. On the other hand, the transversal activities will be implemented differently depending on the phases. A fundamental aspect that we implement in this framework is the relationship that trust has with other related domains such as security and privacy. Thus we will also consider such domains and their characteristics in order to develop a trusted IoT entity.