A Novel Zero-Trust Framework to Secure IoT Communications

Abstract

The phenomenal growth of the Internet of Things (IoT) has highlighted the security and privacy concerns associated with these devices. The research literature on the security architectures of IoT makes evident that we need to define and formalize a framework to secure the communications among these devices. To do so, it is important to focus on a zero-trust framework that will work on the principle premise of ``trust no one, verify everyone'' for every request and response. In this thesis, we emphasize the need for such a framework and propose a zero-trust communication model that addresses security and privacy concerns of devices with no operating system or with a real-time operating system. The framework provides an end-to-end security framework for users and devices to communicate with each other privately. A common concern is how to implement high-end encryption algorithm within the limited resources of an IoT device. We demonstrated that by offloading the data and process heavy operation like audit management to the gateway we were able to overcome this limitation. We built a temperature and humidity sensor and were able to implement the framework and successfully evaluate and document its efficient operations. We defined four areas for evaluation and validation, namely, security of communications, memory utilization of the device, response time of operations, and cost of its implementation, and for each, we defined a threshold to evaluate and validate our findings. The results are satisfactory and are documented.