Security and IoT in IEEE Standards

| Cherry Tom

Security elements have been included in numerous IEEE standards and standards projects over many years. If one searches the IEEE standards status report[1] by entering “security,” and views the project scope, purpose and/or abstract, multiple references to security can be seen. These standards and standards projects cover topics as diverse as vehicle communications, smart grid technologies, personal health devices, networking, mobile devices, and storage devices. All these and more could conceivably be part of the Internet of Things (IoT). A number of these standards were developed before the term “Internet of Things” became widely used.

IoT Architecture

IEEE has a specific initiative (one of IEEE’s important, multi-disciplinary, cross-platform Initiatives) for the Internet of Things (IoT). The IEEE IoT website includes a link for educational resources such as webinars, other videos, and podcasts. The link to the IEEE-SA  IoT website is for standards and related information. In particular, the project IEEE P2413 , Standard for an Architectural Framework for the Internet of Things (IoT), has a subworking group focused on Quadruple Trust i.e. “Protection, Security, Privacy and Safety”. This involves a holistic end-to-end approach, including development of a threat model for IoT.[2] This considers the various vertical applications for IoT and documentation of architecture needs to address the threat model. The participants in IEEE P2413 include representatives from major corporations involved in IoT from regions around the world and provide expertise in all aspects of IoT including security and compliance. To involve startup companies, IEEE-SA hosts a number of events where the companies can present their projects for evaluation as well as learn about the IEEE’s activities in IoT.

The following are examples of IEEE standards and projects related to security and IoT.

Cryptography

Devices and sensors/actuators

Networking for IoT

Infrastructure systems (note – intranets may incorporate IoT while not necessarily connected to the public internet.)

Other Considerations

It should be noted that IEEE P2413 includes in its definition for properties of the “thing” in the Internet of Things, virtual properties such as might be derived from big data analysis. The IEEE Big Data Initiative includes standards development as a key focus area. Privacy and security remains a concern for Big Data.

While not official IEEE standards, the documents “Building Code for Medical Device Software Security”, and “Avoiding the Top 10 Software Security Design Flaws” provide guidance for software designers including those involved in software for IoT. They were developed as part of the IEEE Cybersecurity Initiative.

In addition to IEEE, other organizations are also involved in standards for IoT and security. Another article “IoT Interoperability Requires Security”  includes along with IEEE, descriptions of the work in several of these organizations.

 

[1] http://standards.ieee.org/develop/project/status.html

[2] http://grouper.ieee.org/groups/2413/Intro-to-IEEE-P2413.pdf

[3] http://standards.ieee.org/findstds/standard/21450-2010.html

[4] http://standards.ieee.org/findstds/standard/2410-2015.html

[5] http://standards.ieee.org/findstds/standard/802.1AE-2006.html

[6] http://smartgrid.ieee.org/resources/standards


 

Cherry TomCherry Tom

Emerging Technologies Intelligence Manager, IEEE Standards Association

 

c.tom@ieee.org

 

Cherry Tom is Emerging Technologies Intelligence Manager for the IEEE Standards Association. In her role, she is seeking to establish IEEE communities in emerging technologies for standards and/or standards related projects. This involves collaboration with experts from other parts of IEEE, notably Technical Activities and IEEE societies, as well as organizations outside of IEEE including corporations, universities, government agencies, and consortia. Among current topics of interest are Big Data and Artificial Intelligence. Prior to joining IEEE, she worked for a large telecommunications company and a wireless startup where she managed standards and regulatory strategies, and participation in US and global standards developing organizations.