Security architecture for enterprise systems has been well-studied over time, with reference to several existing frameworks and guidelines. But thus far, there is not enough literature for IoT systems to understand the complete security requirements and to study different security models. To deep dive into the nature of security problems in IoT systems, it is important to understand the basic characteristics of IoT systems in comparison and in contrast with traditional enterprise IT infrastructure.
IoT system architecture models proposed till date are mainly evolved from enterprise system architecture with adaptation to inherent features of IoT devices. As such, they typically focus on the network and device perspectives of IoT systems. In our work, we focused on the critical activities performed in different parts of an IoT system which may influence or have significant impact on the security of the entire system. We designed and developed the Activity-Network-Things (ANT) centric security reference architecture to assist a modular understanding of the security requirements and commensurate control measures in IoT systems.
We expect our security reference architecture framework to initiate conversation and foster a common denominator for understanding IoT security requirements among practitioners and stakeholders in this space. This could potentially be a stepping-stone towards the development of IoT security industry ecosystem.