TanusanRajmohan ASystematicLiteratureReviewofSecurityPatternsandArchitecturesforIoT

Master of Informatics

Programming and System Architecture The Faculty of Mathematics and Natural Sciences

University of Oslo

A Systematic Literature Review of

Security Patterns and Architectures for IoT

by

Tanusan Rajmohan

[email protected]

Under the supervision of:

Phu N

&

Ketil S

2020

i

“In theory, theory and practice are the same. In practice, they are not.”

- Albert Einstein

iii

Abstract

With the number of devices connected to the internet increasing rapidly, we have entered an immense computerized uprising of the Internet of Things (IoT) era. The popularity of IoT systems and devices makes the security for IoT of paramount im- portance. We have systematically recognized and dissected 22 papers published for patterns and architectures for IoT security (and privacy) from more than thou- sands of candidate papers. Security patterns comprise of domain-independent time- proven security knowledge and expertise. The questions surrounding the applica- bility of security patterns and architectures for developing secure IoT devices and systems remain. This thesis aims to draw a research landscape of patterns and ar- chitectures for IoT security by conducting a systematic literature review. For data extraction and comparison of the studies in this area, we have created a taxonomy of key aspects for IoT, security patterns, and architectures. The results from this re- search reveal a rise in the number of publications tending to security patterns and architectures in the last two years. Within this rise, we see that most patterns and architectures are applicable for most IoT systems and devices, while some contribu- tions are domain-specific. However, there are gaps in this research area that discour- ages the utilization of patterns for IoT security and privacy. We elaborate on these gaps, how and when to use these types of solutions. Lastly, we discuss the conse- quences and impacts on this domain, followed by our suggestions towards future research.

v

Acknowledgements

I want to take this opportunity to express my eternal gratitude to everyone who has supported me, not only through the course of this thesis but during my academic pursuit.

Firstly, I would like to acknowledge my second supervisor, Ketil Stølen, for his valu- able comments and teachings that inspired me to pursue this fascinating topic. I am also grateful for the help provided by SINTEF, especially from Nicolas Ferry, who has provided useful guidance and feedback through this thesis and in my pursuit to publish academic papers.

Secondly, I am deeply grateful to my main supervisor, Phu H. Nguyen, for not only guiding me through this thesis but also by motivating and providing me with the opportunity to publish academic papers. This thesis would not have been possible without his guidance and direction.

Finally, a special thanks to my loving friends and family who have given their sup- port and motivated me through this master’s degree. Thank you for reminding me to aim high and follow through.

Tanusan Rajmohan

Oslo, June 2020

vii

Contents

Abstract iii

Acknowledgements v

List of Figures xi

List of Tables xiii

List of Acronyms xv

1 Introduction 1

1.1 Introduction . . . 1

1.1.1 The Importance of IoT . . . 2

1.1.2 The Importance of Security for IoT . . . 4

1.1.3 The Importance of Privacy for IoT . . . 4

1.2 Motivation . . . 5

1.2.1 The Necessity of Security . . . 6

1.3 Goals . . . 8

1.4 Proposed Research Roadmap . . . 9

1.4.1 Publications . . . 9

1.5 Thesis Structure . . . 10

2 Background 11 2.1 Technologies . . . 11

2.1.1 Internet of Things . . . 11

2.1.2 Cyber-Physical Systems . . . 12

2.1.3 Web of Things . . . 12

2.1.4 IoT vs CPS vs WoT . . . 12

2.2 Security . . . 12

2.2.1 Confidentiality . . . 13

2.2.2 Integrity . . . 13

2.2.3 Availability . . . 14

2.2.4 Authentication . . . 14

2.2.5 Authorization . . . 14

2.2.6 OWASP Top Ten IoT (2018) . . . 15

2.2.7 AIOTI Working Groups . . . 16

2.3 Privacy . . . 17

2.3.1 OWASP Top Ten Privacy Risks (2014) . . . 17

2.4 Design Methods . . . 19

2.4.1 Design Pattern . . . 19

2.4.2 Security Pattern . . . 19

2.4.3 Privacy Pattern . . . 20

2.4.4 Security Architecture . . . 20

2.4.5 Framework . . . 20

2.5 Review Methods . . . 21

2.5.1 Systematic Mapping Study . . . 21

2.5.2 Systematic Literature Review . . . 21

3 Related Work 23 3.1 Secondary Studies for IoT . . . 23

3.2 Secondary Studies for IoT Architectures . . . 23

3.3 Secondary Studies for IoT Patterns . . . 23

3.4 Secondary Studies for Iot Security . . . 24

4 Research Methodology 27 4.1 Review Protocol . . . 27

4.1.1 Research Questions . . . 27

4.1.2 Inclusion Criteria . . . 28

4.1.3 Exclusion Criteria . . . 29

4.1.4 Search Strategy . . . 29

4.1.5 Taxonomy of the Research Area . . . 31

4.2 Taxonomy of the Research Area . . . 31

4.2.1 Categorization of Security Pattern / Architecture Research . . . 31

4.2.2 Design Pattern . . . 31

4.2.3 Domain Specificity . . . 32

4.2.4 IoT Architecture . . . 32

4.2.5 Security Concerns . . . 33

5 Results 35 5.1 High-Level Statistics (RQ1) . . . 35

5.1.1 Growth in IoT Security Interest . . . 35

5.1.2 Publication Venue and Domain Specification . . . 36

5.1.3 Author Affiliation and Security . . . 38

5.2 Low-Level Details (RQ2) . . . 40

5.2.1 Paper Contributions . . . 40

5.2.2 Security First . . . 41

5.2.3 Security Patterns and Architectures for General and Specific IoT Domain Cases . . . 45

5.2.4 Security Pattern and Architecture Implementations, and Ex- amples . . . 47

5.3 Gaps and Limitations (RQ3) . . . 50

5.3.1 IoT Security Pattern and Architecture Limitations . . . 50

5.3.2 Open Issues . . . 53

5.3.3 Evaluating Against OWASP Top Ten . . . 57

5.4 Discussion . . . 61

5.4.1 Trends . . . 62

5.4.2 Details . . . 63

5.4.3 Gaps . . . 64

5.5 Threats to Validity . . . 65

5.5.1 Search Process . . . 65

5.5.2 Primary Study Selection . . . 65

6 Conclusions and Future Work 67 6.1 Conclusions . . . 67

ix

6.2 Future Work . . . 68

6.2.1 Testing . . . 68

6.2.2 Adapting Security Patterns to IoT . . . 68

6.2.3 Research Collaboration . . . 68

6.2.4 Privacy . . . 69

Bibliography 71

xi

List of Figures

1.1 The growth in the Internet of Things [4] . . . 2

1.2 A world map of connected smart devices [13] . . . 3

1.3 Top Governance Issues with the IoT, data source: ISACA [26] . . . 7

4.1 Overview of the search and selection steps . . . 30

4.2 A High Level Look at the World Forum Reference Model [82] . . . 33

5.1 Overview of the growth of IoT security pattern and architecture papers 36 5.2 Percentage of venue publications . . . 36

5.3 Domains each primary paper cover . . . 37

5.4 Author affiliation statistic . . . 38

5.5 Distribution of contributions . . . 41

5.6 Security and its sub groups of specification . . . 42

5.7 Distribution of security considerations per contribution . . . 43

5.8 Distribution of domain specificity . . . 45

5.9 Distribution of specific domains . . . 46

5.10 Statistics over use and test cases . . . 48

5.11 Statistics of illustration demography . . . 48

5.12 Detailed look at contributions structuring their patterns according to our structure (Section 4.2.2) . . . 49

5.13 Security and connectivity of IoT devices [107] . . . 52

5.14 Open issues per occurrence in the primary studies . . . 57 5.15 Frequency of IoT security pattern and architecture publications per year 62

xiii

List of Tables

2.1 Source: OWASP Internet of Things (IoT) Project [42] . . . 15

2.2 Source: Top ten Privacy Risks 2014 [48] . . . 18

5.1 Overview of the primary IoT security pattern and architecture studies (sorted by year of publication) . . . 39

5.2 Detailed list of paper considerations . . . 44

5.3 List of limitations accumulated . . . 50

5.4 List of open issues accumulated . . . 53

5.5 List of issues compared to the OWASP top ten . . . 58

xv

List of Acronyms

AIOTI Alliance for the Internet of Things Innovation.

CPS Cyber-Physical Systems.

DB Database.

DDoS Distributed Denial of Service.

DNI Director of National Intelligence.

ETSI European Telecommunications Standards Institute.

GDPR General Data Protection Regulation.

IEEE Institute of Electrical and Electronics Engineers.

IETF Internet Engineering Task Force.

IoT Internet of Things.

ISO International Organization for Standardization.

NCTA The Internet and Television Association.

NIST National Institute of Standards and Technology.

NSF National Science Foundation.

OWASP Open Web Application Security Project.

RQ Research Questions.

SE Software Engineering.

SLR Systematic Literature Review.

SMS Systematic Mapping Study.

WG Working Groups.

WoT Web of Things.

1

Chapter 1

Introduction

This chapter introduces the topic of this thesis in Section1.1by elaborating on the importance of IoT, security, and privacy. Section 1.2 gives the motivation for our work on the topic of security patterns and architectures for IoT. Then, in Section 1.3, we detail the main goals of this thesis. After the goals we define the research roadmap of our research in Section1.4. Finally, Section1.5gives the structure of the main content of this thesis.

1.1 Introduction

The Internet of Things (IoT) is becoming increasingly popular. We see that every

"thing" is getting smarter and more connected, from smartphones, smart cars, smart energy grids, and smart cities. Both Gartner [1] and GSMA [2] predicted the usage of IoT systems and sensors to reach more than 20 billion devices by 2020. This estimate of devices has surpassed, according to Safeatlast [3], who claim that 26.66 billion IoT devices were active in 2019. Safeatlast also predicts that by 2025, around 75 billion IoT devices in the world [3]. While NCTA claims that the amount of IoT devices in 2019 were 42.1 billion, and in 2020 it will increase to approximately 50.1 billion (Fig.

1.1) [4]. These estimates include smartphones, vehicles, appliances, and industrial equipment. IoT systems can be classified as systems of systems in which physical systems (a.k.a., "things") and cyber systems are combined and connected via means of communication. IEEE Standards Association defines an IoT system as "a system of entities (including cyber-physical devices, information resources, and people) that exchange information and interact with the physical world by sensing, processing information, and actuating" [5].

IoT is a concept dating back to the early 1980s when the concept of sensors and intel- ligence was introduced. This idea of IoT gained momentum slowly and grew even faster when the term "Internet of Things" was introduced by the British Technology pioneer Kevin Ashton [6]. As Ashton describes in his publication, this was the era of websites, and he was one of the few people who thought that "creating a vast open network of sensors to gather data about the things in the real world automatically"

[6]. With his presentation, he helped kick off the era of IoT, which now represents technology that can have relevance in several applications in different fields, for ex- ample, hospitals, factories, cars, and wearables. Another intriguing application area is the concept of Smart City and Smart Home.

Due to this vast increase in devices and usage areas, it is important to ensure that these devices and systems are secure. According to Leukertet al.[7] there are several risks to IoT such as security, trust, privacy and identity management. We try to dive it into several of these risks by looking at security patterns and security architectures to find reusable solutions for specific problems that can mitigate the mentioned risks.

This thesis serves as a review of existing papers on security patterns and architec- tures for IoT system and device security primarily, but also privacy. We argue the motivation for this thesis in the following sections by explaining the importance of IoT, security, and privacy. We have three goals for conducting this Systematic Liter- ature Review (SLR):

• Reduce large amounts of information into comprehensible units.

• Aggregate critical information for potential decision-making.

• Spread awareness to move from knowledge discovery to possible implemen- tation and usage.

FIGURE1.1: The growth in the Internet of Things [4]

1.1.1 The Importance of IoT

To elaborate on the importance of IoT, we have chosen a set of examples to illustrate cases where IoT systems or devices are being used regularly. These examples are both from commercial and industrial environments. Commercial IoT systems and devices can be everything from cell phones, coffee makers, washing machines, head- phones, lamps, wearable devices, and almost anything else one can imagine. The chances of a device being an IoT system are pretty low, now that most of the products created can connect to the internet. These types of devices are called smart devices,

1.1. Introduction 3 which "are considered objects capable of communication and computation, which range from simple sensor nodes to home appliances and smartphones" [8]. Some of the most used smart devices today are Amazon’s Echo, Google Home, Philips hue, Nests various devices, and August Smart Lock Pro [9]. The trend for creating smart devices for commercial use will keep increasing as the consumers want a "simpler"

everyday life.

We have three prominent examples from the industrial sector: DHL’s IoT Tracking and Monitoring system, Cisco’s Connected Factory, and ProGlove’s Smart Glove.

DHL’s IoT system tracks everything from vehicle behavior to packages to environ- mental sensors in the warehouse. All of these tracking mechanisms are used in com- bination to make the process safe and more efficient [10]. Cisco’s Connected Factory has taken on the challenge of creating a connected factory. An important reason for the success of the factory is undoubtedly the usage of IoT. They control the factory machines and systems with remote monitoring and access, which is successful with the help of sensors and communication between them [11]. ProGlove’s Smart Glove is the world’s first smart glove for industrial workers [12]. They combine IoT and wearables in one device to keep industrial workers safer and more efficient at their jobs. The actual gloves’ purpose is to meet the safety conditions of an industrial environment along with real-time visual and haptic feedback, wireless connectivity, and gesture sensing.

IoT systems are also widely used in other industries like aerospace, agriculture, au- tomotive, energy systems, healthcare, manufacturing, military, transportation, and oil & gas. As knowledge grows, so does the market for IoT systems within the in- dustry. With this growth, it is also essential to keep these systems secure and that privacy is focused on, especially for consumer products.

FIGURE1.2: A world map of connected smart devices [13]

1.1.2 The Importance of Security for IoT

With this increase of "things", security is becoming one of the important topics around IoT and technology in general. Despite enormous potential, the heterogeneous na- ture of IoT brings up great challenges that must be addressed to realize the potential of the IoT fully. Gartner has conducted surveys invariably showing that "security is the most significant area of technical concern for organizations deploying IoT sys- tems" [14].

As the importance of IoT security enlarges, so does the importance of knowledge and understanding of these IoT systems and devices. It is why organizations as Alliance for the Internet of Things Innovation (AIOTI) aid with understanding and gaining knowledge around IoT [15]. AIOTI and their contribution is further elab- orated in Section 2.2.7. Another organization that contributes to understanding IoT, especially IoT security is the Open Web Application Security Project (OWASP).

OWASP has created a list over the top ten vulnerabilities specifically for IoT, which was released in 2018. In this guidance, they offer advice and considerations that the manufacturers should consider when building an IoT product, how the developers build secure applications/software, and how they can purchase secure IoT products.

This guidance is built in correspondence with the top ten vulnerabilities list detailed in Table 2.1 (Section 2.2.6).

In addition to general issues regarding IoT we have seen numerous attacks on IoT devices. Even devices we did not consider, and in most of these cases, hackers used the devices as an opening to acquiring the main systems. Using an IoT device as an opening is something that happened to a casino where some hackers managed to steal data from the casino by hacking a fish tank connected to the internet so that the tank could be remotely monitored, automatically adjust temperature and salinity, and automate feedings [16]. Another example is a simple coffee machine that communicates through the internet. According to the security firmAvast, there are possible vulnerabilities in these machines that can let hackers gain identity and bank details through the coffee machine [17].

According to CISOMAG, there have been several attacks on IoT devices, and they have now made a list of their top ten incidents to illustrate that all the devices being used almost daily are not as safe as one might expect [18]. There are also other facts and statistics provided by EveryCloud, where they have listed several facts about cybersecurity for the 21st-century [19]. This list further proves that security should be a focal point in this growth and highly technological world. Security is an important aspect now more than ever since almost every daily task requires or functions with a device or system that interacts through the internet.

1.1.3 The Importance of Privacy for IoT

As the OWASP mentions, there are also privacy issues, which is a part that can be associated when talking about security. To achieve privacy, one would most likely implement security features, which is why privacy can be associated with secu- rity. As the OWASP list illustrates in Table 2.1, one of the most occurring problems isinsufficient privacy protection (I6). This topic is a much-debated topic that gets a

1.2. Motivation 5 great number of media attention. There have been several incidents where IoT have been involved. Either in a criminal case as an entry point or some form of surveil- lance/spying incident. E.g., the users of IoT systems or devices feel they are being watched, and there have been concerns that the device can be used to spy on others.

Alternatively, information/conversations can be observed by unauthorized users, which is one of the reasons we can see high profiled IT aware people often cover their webcam and microphone. The concerns around privacy would decrease if the security is improved and that the user has more control over the data in their devices.

Due to the vast area of privacy, it is not easy to cover all aspects, but knowledge and time can minimize these risks.

Additionally, OWASP has created a top ten list for common Privacy Risks created in 2014. The list is still relevant because many of these risks still occur today and can be applicable for IoT systems and devices. This list is further detailed in Section 2.3.1. We consider this list a guideline for the most common privacy issues and their impact and likelihood. In addition to this list (Table 2.2), there have been real-life scenarios of privacy breaches that reveal the importance of privacy and this list that can help mitigate common issues. Most of these privacy incidents that have been covered by the media revolve around surveillance/spying. We have such a case described below.

Privacy incidents are something that becomes highly noticeable in the media due to how such an attack leaves an impact on the victims. FOX6 News reported such an incident were a family in Milwaukee felt violated. They were a family that had installed various smart devices into their home, such as a camera, doorbell, and thermostat in 2018. These systems had been compromised when the family noticed that their thermostat was living its own life by adjusting the temperature higher than what is comfortable. The family also heard voices coming from their smart camera, so they unplugged the devices and tried to change the passwords on the devices and their network ID [20]. This issue was mitigated, even though it was a security issue within the devices, it breached privacy as well. The users of the devices are being monitored and controlled by unauthorized users, which is an example that security impacts and can control privacy.

1.2 Motivation

IoT is a growing topic widely used by computer scientists, enterprises, and ordinary citizens with little or no IT background. IoT is used for entertainment, academic, and industrial purposes. One of the main factors is that IoT potentially can reduce costs and enable new business models. IoT is one of the most-researched emerging markets globally, and with the help of Cloud Services, APIs, and other software, this market will only continue to grow. According to Forbes, they predict that by 2020, Discrete Manufacturing, Transportation & Logistics, and Utility industries expected to spend $40B each on IoT platforms, systems, and services [21]. With this type of technology and rapid growth, it is also essential to consider the security and privacy aspects. The relationships will be different, and we need to study the relationships between people-people, device-device, but also people-device now. Since the IoT is a large network of connected "things" and includes humans, there will be security and privacy issues and positive breakthroughs for the scientific and consumer world.

According to Consumer News and Business Channel (CNBC), a massive cyberat- tack was sophisticated and highly distributed. This attack involved millions of IP addresses and the malware known as Mirai. Mirai is an IoT specific malware that utilizes regular usernames and passwords to access IoT gadgets. For instance, IP cameras, screens, and loggers running Linux may have default credentials such as

"admin" and "password," permitting the malware to gain the system access effort- lessly, install itself, and afterward transform the IoT gadget into a bot. The single IoT device itself is not as dangerous, but the combination of millions of devices allows the collection of bots, also known as a botnet. The Mirai botnet has performed sev- eral Distributed Denial of Service (DDoS) attacks significant networks and servers throughout the past years. One observable attack happened on October 21st, 2016, when the Mirai botnet attacked Dyn, an organization that gives domain name ser- vices to significant organizations including Netflix, GitHub, Twitter, and Reddit [22].

Another application area for IoT, which has gotten much attention following the gaining popularity of IoT, is medical implants. Luckily, no attack has yet occurred by harnessing medical implants; however, in 2017, the FDA recalled near a large portion of a million pacemakers in fear that they could be compromised. The de- vices already used in patients was not recalled, as such a procedure is dangerous, but instead, a firmware update was applied remotely by the medical staff to evade a compromised device [23]. Nearly all healthcare organizations use IoT in some form, and their intuitive tracking and time-saving abilities can save lives and money. Re- mote instruments, such as insulin pumps, pacemakers, and heart monitors, have been seen as unquestionably more vulnerable to hacking than laptops or phones due to inadequate built-in risk prevention tools, and since legacy network monitor- ing systems are not typically able to track their behaviors easily [24].

1.2.1 The Necessity of Security

Since IoT is a relatively new technology used by both industrial users and con- sumers, there are more casualties compared to if these IoT systems served for re- search purposes. Because of the substantial growth in devices, this results in an exponential growth of data. Most IoT systems now either transport, store, or gives some information. This information can be everything from anonymous and identi- fiable to personal data, which is one of several reasons why securing IoT is challeng- ing. Other reasons like the number of gadgets and devices turning to smart devices and manufacturers rapidly roll out new products. The rapid production can indicate that security has a low priority, especially when the focus is on time-to-market and return-on-investment metrics. Lack of awareness between users and businesses is also a significant obstacle for security, mostly because of the convenience and cost- saving benefits of IoT technology.

After all, the IoT technology promises more functionality and freedom for businesses such as transportation, logistics, and healthcare sectors. One can also find this tech- nology in private houses, such as chatbots, cars, houses, suppliances, and much more. According to Chairman and CEO of IBM, 20% of the world’s data is search- able, which means that 80% of the data is sitting on private servers, and most of them are probably in businesses [25]. Even though private actors operate most of these servers, the information at risk is not just corporate sensitive information. Many of

1.2. Motivation 7 these servers contain sensitive personal data of consumers, which can jeopardize the customers without them knowing.

The evolution of IoT also brings with it governance issues that ISACA has cate- gorized into nine categories to define the top governance issues for IoT devices.

The different categories are Increased security threats, Data privacy, Identity/access management, Attacks against connected devices, Compliance requirements, Own- ership of technologies/data outside IT, Third-party requests for data, Other There are not any. The percentage of how much each category corresponds to is stated in Fig. 1.3 [26].

Devices like commercial drones are today used for sectors like agriculture, military, and construction, due to their access to real-time data and their adaptive applica- tions. Non-commercial users have also taken an interest in this market, whereas they use drones for personal needs and pleasure. If one of these consumer drones are unsecured, a hacker can access them, and install malware to gain sensitive per- sonal or business data, for instance, pictures and video in this case. This scenario can happen to other IoT systems as well, especially for devices that are for consumers.

The consumer does not anticipate this aspect, and it should be up to the "creator" to reflect on security when developing and not just time-to-market.

FIGURE1.3: Top Governance Issues with the IoT, data source: ISACA [26]

Businesses that create IoT systems cannot stop IoT attacks from happening, but they can be proactive and mitigate threats related to network security and protection of valuable data and IT systems. Some of the challenges the IoT world are facing today areInsufficient testing and updating, concerning the growth and demand of devices.

Brute-forcing and the issue of default passwords, because the factory uses default pass- words on their devices, which makes their devices more comfortable to target.Cost over qualityis an issue that also affects these systems, and also SCADA systems.Lazy consumers, because security is not one of the important priorities for the consumer, it is to some extent why computers have automatic updates. Consumers only need the device to work and do not expect as much about the underlying information. Data security and privacy concerns (web, cloud, mobile), data is constantly being collected, transmitted, stored, and processed by the help of IoT systems, and these devices might not have the ideal security concerning privacy and data security. This data can also be used by corporations that created the device, by either selling the infor- mation or using it to create AIs. The challenges mentioned here can be referenced back to the OWASP top ten challenges from Section 1.1.2 and Section 1.1.3.

1.3 Goals

The goal of this project is to review already existing security (and privacy) patterns and architectures for IoT systematically, thus creating a systematic review of pat- terns and architectures. The patterns and architectures we focus on here are design patterns and architectures concerning the security (and privacy) of the typical Smart Home devices like IP cameras, smart locks, and other house appliance sensors. To achieve this goal, we used a research method called Systematic Literature Review, which helped us to solve our overall goal with the help of some Research Questions (RQ) and some milestones. The RQs of this thesis are crystallized into three research questions. These questions serve as guiding principles during the research and the SLR.

The Research Questions for this thesis are as following:

RQ1: What are the research publication statistics on patterns and architecture for IoT security (and privacy)?

This question can help us to understand the global landscape of security and privacy patterns and architectures for IoT.

RQ2: What are the technical details of these security patterns and architectures that we should highlight?

We decompose this central research question into more detailed research ques- tions. To advance the current security pattern and architecture for IoT, we need to know its existing structure and how they cover security.

RQ3:What are the "gaps" to make security patterns and architectures more applicable for IoT context?

After identifying the current limitations and open issues, new security patterns and architectures for IoT can be created to tackle them.

1.4. Proposed Research Roadmap 9

1.4 Proposed Research Roadmap

To answer RQ1, we need to do at least a survey on the state of the art security pat- terns and architectures for IoT. Typically, a survey can be conducted by checking the related work that is notable in the field of security patterns and architectures. More than a typical survey, we propose to conduct our review in a systematic manner, which brings forth a Systematic Literature Review of security patterns and archi- tectures for IoT. An SLR is more than an ordinary study since it has a predefined review protocol with clear selection criteria, assessment measures, and a systematic procedure of extracting, synthesizing, and analyzing information to answer the re- search questions. We follow the standard guideline for conducting SLRs in Software Engineering by Kitchenhamet al.[27]

To answer RQ2 and RQ3, we conduct our research in two main parts. One part con- siders the low-level details in terms of data extraction to see what contributions we have to map the distribution between them. Following this, we want to see which contributions cover various security and privacy issues in terms of how their contri- bution protects confidentiality, integrity, availability, authentication, authorization, and privacy. We would like to see the distribution between these concerns to see what issue is less prioritized in these security patterns and architectures for IoT. In this extraction, we want to see how domain-specific these contributions are so that we can illustrate which domain uses or requires this type of contribution and how easy it is to understand, implement or further develop the security patterns and ar- chitectures.

The other part considers an analysis of the previous part regarding details to find and elaborate on possible gaps in these existing security patterns and architecture contributions. We want to highlight the current limitations of these studies to see what they lack so that future research can look into these aspects and possible users of these contributions are aware of the limits of the contributions. We want to display the open issues from these contributions to explain that there are still areas that need to be researched to fill the "gap" to make security patterns and architectures safer, more applicable, and robust.

1.4.1 Publications

Our main contribution is this thesis, which gives a more extensive and in-depth un- derstanding of our published paper on a Systematic Mapping Study (SMS) of pat- terns and architectures for IoT security [28]. This paper was accepted and published by the IoTBDS 2020¹. The panel from IoTBDS 2020 has also invited us to elaborate on this SMS study in a journal version. We additionally got a Systematic Literature Review (SLR) paper on the research landscape of patterns and architectures for IoT security accepted by the Euromicro SEAA 2020², which will be published later this year. These papers have similar sections to this thesis,e.g. some of the background, the search protocol, and parts of the taxonomy. However, the analysis and docu- mentation in this thesis is further elaborated and more in-depth but builds upon the SMS paper. The SMS paper provides a mapping of the domain and is used to set the

15th International Conference on Internet of Things, Big Data, and Security

2Euromicro Conference on Software Engineering and Advanced Applications

landscape of patterns and architectures for IoT security. The SLR paper builds on the SMS paper, with further research into specific papers and stricter criteria to provide a more accurate analysis. The SLR paper has some different research questions from this thesis to highlight other aspects. However, it can be considered a short version of this thesis.

1.5 Thesis Structure

The remainder of this thesis is structured as follows.

Chapter 2 contains the background information related to this thesis, where core concepts are introduced and explained. Background information is presented to fully understand the project, where IoT, security patterns and architectures are in focus. This chapter explains the theory behind the terms and illustrates some of them with examples.

Chapter 3thoroughly presents the relevant related work in this domain. In addition to giving a summary of the papers and differentiating them from our work. We try to explain how or if the related papers contribute to our work.

Chapter 4represents the design of this thesis, as well as the methodology used to obtain relevant information and to structure it in an organized manner. We explain how we obtained the data, analyze it, and which parameters contribute to the data extraction.

Chapter 5presents our results and analysis in such a way that it answers the RQs and their sub-RQs. We discuss some aspects of the result and provide the threats to validity to illustrate the trustworthiness and meaningfulness of our work.

Finally, Chapter 6 summarises this thesis with concluding remarks based on the previous chapters and provide potential avenues for future work.

11

Chapter 2

Background

This chapter introduces the literature used in this research. First, we introduce the theory of the technologies in Section 2.1. To connect this thesis, we present some important terms regarding the topic and the research questions. The first term is security in Section2.2, which elaborates further into information security and its subsections. Following, we have privacy in Section2.3, and its subsections. Further we elaborate on our design methods in Section2.4, to highlight what types of meth- ods we will search for and analyze. Finally, we introduce the review methods used for this thesis and relating work in Section2.5.

2.1 Technologies

In this section, we discuss the different technologies used in this paper, the main technologies Internet of Things in Section2.1.1, followed by other relevant technolo- gies to widen the scope. These technologies are Cyber-Physical Systems in Section 2.1.2and Web of Things in Section 2.1.3. We discuss these technologies and their differences, as well as similarities.

2.1.1 Internet of Things

Internet of Things (IoT) is a term that grows increasingly in terms of usage in work, consumer, and personal environments. Internet of Things (IoT) is a concept that can impact the way we live and how we work. The IoT involves growing the inter- net and its connectivity beyond regular devices, such as laptops, tablets, desktops, smartphones, and game devices. IoT expands to any range of traditionally "dumb"

or non-internet-enabled physical devices and everyday objects, such as a toaster, fridge, or a car. Such devices with technology can communicate and interact over the internet, like electric cars nowadays. These devices can also be remotely moni- tored and controlled. An official definition from IEEE was also provided in the first Section 1 in this thesis. Oxford dictionaries have another example of an official defi- nition of IoT: "The interconnection via the Internet of computing devices embedded in everyday objects, enabling them to send and receive data" [29].

"if one thing can prevent the Internet of things from transforming the way we live and work, it will be a breakdown in security" [29]

2.1.2 Cyber-Physical Systems

According to the National Science Foundation (NSF), the term Cyber-Physical Sys- tems (CPS) refers to "the tight conjoining of and coordination between computa- tional and physical resources" [30]. It can be considered a mechanism that is con- trolled/monitored by computer-based algorithms. When NSF talks about the rela- tion between computational and physical resources, we can relate to an example like the internet and its users. In these systems, the physical and software components are profoundly entwined [30]. Examples of CPS include smart grid, autonomous automobile systems, medical monitoring, process control systems, robotics systems, and automatic pilot avionics [31].

2.1.3 Web of Things

The Web of Things (WoT) is a computing concept that details a future where ev- eryday objects fully integrate with the web. The precondition for WoT is that the

"things" need to have computer systems embedded so that they can communicate with the web. WoT would let the smart devices to communicate with each other using existing Web standards [32]. Some of the standards that they use are REST, HTTP, JSON for web, JSON-LD, Microdata for the semantic web, WebSockets for the real-time web, and OAuth or social networks for social Web [33].

2.1.4 IoT vs CPS vs WoT

In this thesis we focus on IoT, but also include Cyber-Physical Systems (CPS), as well as Web of Things (WoT). These two topics are fairly similar to IoT, CPS shares the same basic architecture as IoT, however, CPS presents a higher combination and coordination between physical and computational elements [34]. Both CPS and IoT are networked systems that are likely to involve physical sensing and embedded de- vices; for example, they both incorporate the aspects of physical and digital worlds.

One can say that CPS has a vertical architecture, while IoT has a horizontal architec- ture, connecting a massive number of devices [35]. WoT, however, adds or provides an Application layer that simplifies the creation of IoT applications. This simplifi- cation is similar to what the Web (Application Layer) is to the Internet (Network Layer) [33].

2.2 Security

Security, in general, is the protection of various assets in information technology. Se- curity means the defense of digital information and IT assets against external and internal, malicious, and accidental threats. This type of defense includes preven- tion, detection, and response to threats by using software tools, security policies, and IT services while physical security defends hardware, software, networks, and data from physical actions. Such as intrusion, tampering, and other events that can damage an organization. Physical security also includes natural disasters. A typical example of a physical attack is an attacker gaining entry and using, for example, a USB stick to copy, tamper, or inject malware directly to the system [36]. A way to define it is to say that information security is designed to protect theconfidentiality,

2.2. Security 13 integrity, and availabilityof computer system data. Usually, from those with mali- cious intentions. Information security, therefore, often refers to theCIA triad, where each objective serves its purpose. In addition to the CIA triad, we specify thatau- thenticationandauthorizationis an important part of security especially in the context of IoT. We elaborate on all these terms in the following Sections.

2.2.1 Confidentiality

Confidentiality can roughly be compared to privacy because confidentiality means preventing unauthorized disclosure of data. An official definition is from Interna- tional Organization for Standardization (ISO) is that "confidentiality is the property that information is not made available or disclosed to unauthorized individuals, en- tities, or processes" [37]. Measurements are taken to ensure confidentiality is created to prevent sensitive information from reaching the wrong people while making sure that the authorized people can. Data encryption is a common method for ensuring confidentiality. Confidentiality can be divided intosecrecy(protecting business data), privacy(protecting personal data) andanonymity(hide who is engaging in what ac- tions).

An example of the methods used to ensure confidentiality is an account number or routing number when banking online. User identifications and passwords are the standard way to authenticate a user, which now has lead to two-factor authentica- tion. Two-factor authentication has become the norm in today’s society of authen- tication, but there are other options to use, such as biometric verification, security tokens, key fobs, or soft tokens.

2.2.2 Integrity

Integrity means preventing unauthorized modification or destruction of data. It also involves continuing the consistency, accuracy, and trustworthiness of data over its entire life-cycle. Data should not change in transit, and some steps ensure that any unauthorized people cannot change the data. In basic terms, it means that the in- formation is accurate and consistent unless authorized changes happen. Integrity within IT can have two different types of specification:

• Data integrity: The property that data has not been altered or destroyed in an unauthorized manner. [38]

• System Integrity: The property of safeguarding the accuracy and complete- ness of assets. [39]

An example of integrity might be in the bank context. If we look at financial records, it is a type of information the bank wants to be unchanged by any authorized en- tities. Any changes might lead to issues regarding accuracy, consistency, and the value of the information.

2.2.3 Availability

Availability means, ensuring that the resources (i.e., services and data) are accessible and usable upon demand by authorized entities. According to ISO, integrity is "The property of being accessible and usable upon demand by an authorized entity" [37].

The ideal way to ensure availability is to maintain all hardware, repair the hardware immediately when needed, and to maintain the software. The information should be available when and where it is rightly needed.

An example of availability could be something from the governmental context if the government generates an online press release or a new statement, rule, or an- nouncement of some sort. They would want this information to be available at all times because it is generally for public consumption. To ensure the availability of their information, governments need to ensure that their websites and systems have minimal or insignificant downtime. Creating and using back-ups help to ensure the availability of public information.

2.2.4 Authentication

Authentication is a procedure that utilizes the confirmation that a claimed attribute of an entity is correct. To authenticate is to check that a trademark or attribute that presents an impression of being genuine is, in fact, genuine. The term was also de- fined by in an Internet Engineering Task Force (IETF) standard calledSite Security Handbookfrom 1997 and has the code RFC2196. The RFC2196 states that "Authen- tication is the process used to identify a user" [40]. The Director of National Intel- ligence (DNI) has a more elaborate definition that says, "The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data" [41], but the essence is the same.

An example of authentication might within the context of collecting a package. In this scenario, a person needs to verify that he is the one he claims to be with an ID to retrieve his package. The person will not receive his package without any form of ID, because the worker has strict rules not to present the package unless the person can be verified.

2.2.5 Authorization

Authorization is a procedure of determining access rights/benefits to assets, identi- fied with information security and computer security in general, and to access con- trol specifically. The IETF has also defined authorization; they define it as "the pro- cess of granting privileges to processes and, ultimately, users" [40]. The DNIs defi- nition of authorization is similar. DNI states that authorization is "Access privileges granted to a user, program, or process or the act of granting those privileges" [41].

2.2. Security 15 An example of authorization can also be in a bank scenario. For instance, any client of a bank can create and utilize an identity (e.g., date of birth) to sign into that bank’s online service. However, the bank’s authorization policy must guarantee that only the individual can access their account once their identity is verified.

2.2.6 OWASP Top Ten IoT (2018)

The OWASP Internet of Things Project is designed to help manufacturers, develop- ers, and consumers better understand the security issues associated with the IoT, and to empower users in any way to make better security decisions when building, deploying, or assessing IoT technologies [42]. The OWASP has also made security guidance for manufacturers, developers, and consumers [43].

TABLE2.1: Source: OWASP Internet of Things (IoT) Project [42]

No. Title Description

I1 Weak, Guessable, or Hardcoded Pass- words

Use of easily bruteforced, publicly available, or un- changeable credentials, including backdoors in firmware or client software that grants unauthorized access to de- ployed systems.

I2 Insecure Network Services Unneeded or insecure network services running on the device itself, especially those exposed to the internet, that compromise the confidentiality, integrity/authenticity, or availability of information or allow unauthorized re- mote control.

I3 Insecure Ecosystem Interfaces Insecure web, backend API, cloud, or mobile inter- faces in the ecosystem outside of the device that al- lows compromise of the device or its related compo- nents. Common issues include a lack of authentica- tion/authorization, lacking or weak encryption, and a lack of input and output filtering.

I4 Lack of Secure Update Mechanism Lack of ability to securely update the device. This in- cludes lack of firmware validation on device, lack of secure delivery (un-encrypted in transit), lack of anti- rollback mechanisms, and lack of notifications of security changes due to updates.

I5 Use of Insecure or Outdated Compo- nents

Use of deprecated or insecure software compo- nents/libraries that could allow the device to be compromised. This includes insecure customization of operating system platforms, and the use of third-party software or hardware components from a compromised supply chain.

I6 Insufficient Privacy Protection User’s personal information stored on the device or in the ecosystem that is used insecurely, improperly, or without permission.

I7 Insecure Data Transfer and Storage Lack of encryption or access control of sensitive data anywhere within the ecosystem, including at rest, in transit, or during processing.

I8 Lack of Device Management Lack of security support on devices deployed in produc- tion, including asset management, update management, secure decommissioning, systems monitoring, and re- sponse capabilities.

I9 Insecure Default Settings Devices or systems shipped with insecure default set- tings or lack the ability to make the system more secure by restricting operators from modifying configurations.

I10 Lack of Physical Hardening Lack of physical hardening measures, allowing potential attackers to gain sensitive information that can help in a future remote attack or take local control of the device.

2.2.7 AIOTI Working Groups

Alliance for the Internet of Things Innovation (AIOTI) is an organization that helps with understanding and knowledge around IoT [15]. Within the AIOTI, there are approximately 13 Working Groups (WG), specifically for IoT domains. The Euro- pean Commission initiated AIOTI in order to develop and support the dialogue and interaction among various players in Europe in the IoT domain. Their overall goal is to create a dynamic European IoT ecosystem to unleash the potentials of the IoT. The different WG aim to focus and improve in their respective areas. These WGs work both directly and indirectly on security, we have listed the WGs that can impact and improve security for IoT the most.

• WG 3: IoT Standardization- This WG aims to identify, and make recommen- dations to address existing IoT standards.

• WG 5: Smart Living Environment for Ageing well- This WG aims to support vulnerable people, such, as, but not restricted to elderly or disabled people to stay active, independent and out of institutional care settings.

• WG 6: Smart Farming and Food Security - This WG refers to IoT scenar- ios/use cases that allow monitoring and control of the plant and animal prod- ucts life cycle "from farm to fork".

• WG 8: Smart Cities- This WG works towards enhancing performance, safety and wellbeing in a city with the help of IoT solutions. It also aims to use IoT solutions to reduce costs and resource consumption, and to engage more effec- tively and actively with its citizens.

• WG9: Smart Mobility - This WG refers to IoT solutions that allow help the mobility, examples on topic are traffic management, road infrastructure, and road tolling.

• WG10: Smart Water Management- This WG refers to IoT solutions that im- prove water management efficiency by monitoring and controlling surface wa- ter retention and flooding.

• WG11: Smart Manufacturing- This WG refers to IoT solutions that combines information, technology and human ingenuity to improve development and applications of manufacturing intelligence.

• WG12: Smart Energy- This WG refers to IoT solutions that allow performance optimisation of their energy asset portfolios.

• WG13: Smart Buildings and Architecture - This WG works with IoT tech- nologies and solutions deployed in buildings and districts of buildings. Their goal is to improve the life of the occupant with the help of smart devices.

Source: Alliance for Internet of Things Innovation [15].

2.3. Privacy 17

2.3 Privacy

One of the first definitions of privacy was "the right to be let alone" written by Samuel Warren and Louis Brandeis in their law review article in 1890 [44]. This article is widely viewed as the first publication in the United States to advocate the right to privacy and is said to one of the most influential essays in the history of American Law [45]. Privacy is a term that has multiple meanings depending on the domain of usage. There are various definitions; for example, the Oxford dictionary defines privacy as "a state in which one is not observed or disturbed by other people.

The state of being free from public attention" [46].

We want to look into and is more specific towards IoT, and information technology is another term, information privacy, also known as data privacy or data protection.

One of the more concise descriptions of Information privacy is "the relationship be- tween collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them" [47]. While a more in- formal definition is that information privacy is the privacy of personal information to personal data stored on computers, this includes collecting and maintenance of the information and data.

2.3.1 OWASP Top Ten Privacy Risks (2014)

The OWASP Top ten Privacy Risks Project provides a list of the top ten privacy risks related to web applications and their countermeasures. It covers innovative and hierarchical viewpoints that emphasis on real-life risks, not only legal issues. This list also aids the developers, web application providers, and now IoT system cre- ators. The list utilizes the Organisation for Economic Co-operation and Develop- ment (OECD) Privacy Guidelines as a framework [48]. The list (Table 2.2) below also provides a column for frequency and impact to indicate how frequent the vul- nerability can happen as well as how high or low the impact from the attacks can be.

TABLE2.2: Source: Top ten Privacy Risks 2014 [48]

No. Title Frequency Impact Description

P1 Web Applica- tion Vulnerabil- ities

High Very high Vulnerability is a key problem in any sys- tem that guards or operates on sensitive user data. Failure to suitably design and imple- ment an application, detect a problem or promptly apply a fix (patch) is likely to re- sult in a privacy breach. This risk also en- compasses the OWASP Top 10 List of web application vulnerabilities and the risks re- sulting from them.

P2 Operator-sided Data Leakage

High Very high Failure to prevent the leakage of any infor- mation containing or related to user data, or the data itself, to any unauthorized party resulting in loss of data confidentiality. In- troduced either due to intentional malicious breach or unintentional mistake e.g. caused by insufficient access management controls, insecure storage, duplication of data or a lack of awareness.

P3 Insufficient Data Breach Response

High Very high Not informing the affected persons (data subjects) about a possible breach or data leak, resulting either from intentional or un- intentional events; failure to remedy the sit- uation by fixing the cause; not attempting to limit the leaks.

P4 Insufficient Deletion of Personal Data

Very high High Failure to effectively and/or timely delete personal data after termination of the spec- ified purpose or upon request.

P5 Non-

transparent Policies, Terms and Conditions

Very high High Not providing sufficient information to de- scribing how data is processed, such as its collection, storage, and processing. Failure to make this information easily-accessible and understandable for non-lawyers.

P6 Collection of data not required for the primary purpose

Very high High Collecting descriptive, demographic or any other user-related data that are not needed for the purposes of the system. Applies also to data for which the user did not provide consent.

P7 Sharing of Data with Third Party

High High Providing user data to any third-party, with- out obtaining the user’s consent. Sharing re- sults either due to transfer or exchanging for a monetary compensation or otherwise due to inappropriate use of third-party resources included in the web site like widgets (e.g.

maps, social networks buttons), analytics or web bugs (e.g. beacons).

P8 Outdated per- sonal data

High Very high The use of outdated, incorrect or bogus user data. Failure to update or correct the data.

P9 Missing or

insufficient Ses- sion Expiration

Medium Very high Failure to effectively enforce session termi- nation. May result in collection of addi- tional user-data without the user’s consent or awareness.

P10 Insecure Data Transfer

Medium Very high Failure to provide data transfers over en- crypted and secured channels, excluding the possibility of data leakage. Failure of enforc- ing mechanisms limiting the leak surface, e.g. allowing to infer any user data out of the mechanics of Web application operation.

2.4. Design Methods 19

2.4 Design Methods

Design methods consist of the type of structure we will be focusing on in this thesis, namely design pattern in Section2.4.1, security pattern in Section2.4.2and privacy pattern in Section2.4.3. We then elaborate on the other type of contribution in our scope, security architecture in Section2.4.4 and its sub-part framework in Section 2.4.5.

2.4.1 Design Pattern

A design pattern is a reusable solution to a commonly occurring problem in soft- ware design. A pattern is usually general so that it can be reused, and it is a proven solution to solve a design problem [49]. A design pattern is not a finished imple- mentation that can be directly used, but more a strategy or a template for solving a problem that can serve in many different situations. According to Gammaet al.

[50], they defined patterns as design patterns based on: "... descriptions of commu- nicating objects and classes that are customized to solve a general design problem in a particular context" [50]. The benefit of using design patterns are various. For starters, these patterns help to solve common design problems through a proven approach. There is proper documentation on patterns, which makes it easy to un- derstand the patterns. It might help shorten the overall development time because using a pattern is more time-saving than coming up with a new solution. It might reduce errors and mistakes since they are already proven solutions.

2.4.2 Security Pattern

Security pattern is a term that can be compared to design patterns, but this term is more specific towards security issues related to software engineering. One can ar- gue that Security patterns are Design patterns just for the security aspect. Security patterns make it easier to achieve goals in the domain of security. All the classi- cal design patterns have different classification regarding some information security goals. The design patterns help to achieve goals related to confidentiality, integrity, and availability. To achieve more specific security goals, we can also create new pat- terns or reconstruct old patterns. Books and catalogs of security patterns, such as [51], [52], [53], and [54] should be useful for users to unravel security challenges by utilizing time-proven security knowledge and expertise.

Schumacheret al. [51] gave a definition of security patterns. This definition states that "A security pattern describes a particular recurring security problem that arises in specific contexts, and presents a well-proven generic solution. The solution con- sists of a set of interacting roles that can be arranged into multiple concrete design structures, as well as a process to create one particular such structure" [51]. Michaela Bunke gave security patterns to another property in the EuroPLoP ’14, where he stated: "Security patterns describe ideal practices to handle recurring security prob- lems" [55]. Bunke later came with a new term that he and his coworker called the software-security pattern. Bunkeet al. [56] defines this term as the following:

"Software-security patterns mostly describe how to structure parts of the software to ensure security requirements" [56]. As we see, there are several definitions of

what security patterns are from different sources. However, to keep it simple, we use the basic definition, which is that a security pattern is a standard solution that is proven and that can be applied to achieve goals within the security domain.

2.4.3 Privacy Pattern

Privacy patterns are design solutions for a common reoccurring privacy problem. As Security patterns, Privacy patterns can be looked at as Design patterns just for the privacy aspect. It is a way to translate "privacy-by-design" [57] into viable guidance for software engineering.

Schumacher presents the standard criteria for privacy patterns in his paper. He identifies PROTECTION AGAINST COOKIES and PSEUDONYMOUS EMAIL [58].

PROTECTION AGAINST COOKIES portrays how a client can arrange their web customer to control how and when treats are set and utilized. PSEUDONYMOUS EMAIL describes how web clients can send email without uncovering their online personality. By digging for designs in this style, the examples uncovered will fun- damentally be client-centered. That is, they inherently provide answers for issues looked by clients of security hardware and software.

2.4.4 Security Architecture

National Institute of Standards and Technology (NIST) describes security architec- ture as "the design artifact that describes how the security controls (security counter- measures) are positioned, and how they relate to the overall information technology architecture. These controls serve the purpose of maintaining the system’s quality attributes: confidentiality, integrity, availability, accountability, and assurance ser- vices" [59]. This description is what the Open Security Architecture organization defines IT security architecture as, while Techopedia defines security architecture as

"a unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply se- curity controls. The design process is generally reproducible" [60]. Techopedia also define some key attributes of security architecture, which are:

• the relationship between different components and how they depend on each other.

• the determination of controls based on risk assessment, ethical practice, fi- nances, and legal matters.

• the standardization of controls.

2.4.5 Framework

NIST describes a framework as "A layered structure indicating what significant pro- grams can or should be built and how they would interrelate. Some computer sys- tem frameworks also include actual programs, specify programming interfaces, or offer programming tools for using the frameworks. A framework may be for a set of functions within a system and how they interrelate, the layers of operating systems,

2.5. Review Methods 21 the layers of application subsystems, or how communication should be standard- ized at some level of a network. A framework is generally more comprehensive than a protocol and more prescriptive than a structure" [61].

While other references specify framework into domains such as software frame- work, security framework, or enterprise framework, Techopedia defines software framework as "a concrete or conceptual platform where common code with generic functionality can be selectively specialized or overridden by developers or users.

Frameworks take the form of libraries, where a well-defined application program in- terface (API) is reusable anywhere within the software under development" [62]. We look at frameworks as a pre-built general or special purpose architecture designed to be extended, which is why we would say that the architecture is the design of a structure. In contrast, a framework is the architecture foundation. Therefore, we include a framework as a "sub-part" of the architecture and suggest that framework solutions are similar to an architecture solution.

2.5 Review Methods

The review methods consist of the method we will be using in this thesis, SLR in Section2.5.2, and the method this work is built upon, SMS in Section2.5.1.

2.5.1 Systematic Mapping Study

Systematic Mapping Study (SMS) is used to structure and map a research area. It can be considered a type of secondary research [63]. Kitchenhamet al.[64] describes SMS as "a study that reviews all the primary studies relating to a specific research question to integrate/synthesize evidence related to a specific research question."

More specifically, an SMS offers "a broad review of primary studies in a specific topic area that aims to identify what evidence is available on the topic" [64].

2.5.2 Systematic Literature Review

A Systematic Literature Review (SLR) is a defined and methodical way of identify- ing, assessing, and analyzing published primary studies to investigate a specific re- search question [65]. A systematic review provides a better overview and identifies gaps, structure, and patterns of existing research. It can help to improve the research domain as well as demonstrate why this research is proper or not as useful as one might claim. The well-known guidelines for conducting SLR in software engineer- ing are provided by Kitchenham, which are the guidelines followed through this thesis. The SLR has different features that contribute to the review. These features also differentiate SLR from a conventional expert literature review. One of these features is a review protocol that specifies the research question(s) and the methods that are a part of the review. Therefore a pre-defined protocol is necessary to reduce the possibility of researcher bias [27]. It includes a defined search strategy, explicit inclusion, and exclusion criteria, as well as a taxonomy to specify the information to be obtained from the primary studies.

23

Chapter 3

Related Work

This chapter presents the related work by highlighting each paper that is relevant to the work we conducted. The papers have similarities that we address, and we try to differentiate them from the research in this thesis. The papers are divided into sections regarding their topic such as secondary studies for IoT in Section3.1, IoT architectures in Section3.2, IoT pattern in Section3.3, and IoT security in Section3.4.

3.1 Secondary Studies for IoT

Nguyen et al. [66]–[68] has multiple papers that contribute to mapping and re- viewing of IoT, especially within deployment and orchestration. These papers con- tributed to this thesis by providing a structured and systematic way of identifying and reviewing primary studies. They also explain solutions within the deployment and orchestration phase, which highlighted phases where security can play a sig- nificant role. The main drawback of [66]–[68] is that they did not cover security.

As a result, some papers and solutions might not have been reviewed and possibly missed.

3.2 Secondary Studies for IoT Architectures

For architecture we found one paper from Gillet al.[69] who did a SLR on IoT archi- tectural concerns. They identified IoT architectural challenges and relevant solutions where security and privacy was one of their concerns. This paper contributed to the security architecture part of our study by providing relevant information regarding the security issues related to architecture. However, since it consisted of general ar- chitectural concerns as well, it did not focus as much on security as we did in this thesis. The papers they reviewed did not apply to our review due to our selection criteria, but gave indications of security concerns within IoT architecture.

3.3 Secondary Studies for IoT Patterns

For IoT patterns, we found four papers that contribute in their ways. These papers reveal multiple patterns in their study and catalog them to analyze and discuss the various patterns further. We found that three of the papers ([70]–[72]) had security aspects to their paper and the patterns they analyzed.