使用零信任和区块链保护物联网设备

IF 2 4区管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Organizational Computing and Electronic Commerce Pub Date : 2020-11-17 DOI:10.1080/10919392.2020.1831870

Suparna Dhar, I. Bose

{"title":"使用零信任和区块链保护物联网设备","authors":"Suparna Dhar, I. Bose","doi":"10.1080/10919392.2020.1831870","DOIUrl":null,"url":null,"abstract":"ABSTRACT The benefits ushered through the use of IoT come with its share of security concerns. IoT networks are heterogeneous and existing network security tools and controls are inadequate for them. The IoT devices and the data transmitted to and from these devices remain exposed to a multitude of threats. In this paper, we review the security concerns involved in the implementation of IoT and propose a framework for security of IoT devices based on Zero Trust and blockchain. A risk-based segmentation of IoT network increases the homogeneity of IoT device attributes and communication protocols. Zero Trust extends the perimeter of trust beyond the IT/OT network. Blockchain improves the device identification and access control capabilities of the IoT network. We support the conceptual framework with a case study on the implementation of IoT security using Zero Trust and blockchain. We provide a risk-scoring method and a five-point recommendation for management of IoT security. Our proposed IoT security framework will help implementors of IoT to overcome existing security concerns and will benefit academic researchers and practitioners alike.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"31 1","pages":"18 - 34"},"PeriodicalIF":2.0000,"publicationDate":"2020-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10919392.2020.1831870","citationCount":"30","resultStr":"{\"title\":\"Securing IoT Devices Using Zero Trust and Blockchain\",\"authors\":\"Suparna Dhar, I. Bose\",\"doi\":\"10.1080/10919392.2020.1831870\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"ABSTRACT The benefits ushered through the use of IoT come with its share of security concerns. IoT networks are heterogeneous and existing network security tools and controls are inadequate for them. The IoT devices and the data transmitted to and from these devices remain exposed to a multitude of threats. In this paper, we review the security concerns involved in the implementation of IoT and propose a framework for security of IoT devices based on Zero Trust and blockchain. A risk-based segmentation of IoT network increases the homogeneity of IoT device attributes and communication protocols. Zero Trust extends the perimeter of trust beyond the IT/OT network. Blockchain improves the device identification and access control capabilities of the IoT network. We support the conceptual framework with a case study on the implementation of IoT security using Zero Trust and blockchain. We provide a risk-scoring method and a five-point recommendation for management of IoT security. Our proposed IoT security framework will help implementors of IoT to overcome existing security concerns and will benefit academic researchers and practitioners alike.\",\"PeriodicalId\":54777,\"journal\":{\"name\":\"Journal of Organizational Computing and Electronic Commerce\",\"volume\":\"31 1\",\"pages\":\"18 - 34\"},\"PeriodicalIF\":2.0000,\"publicationDate\":\"2020-11-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.1080/10919392.2020.1831870\",\"citationCount\":\"30\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Journal of Organizational Computing and Electronic Commerce\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1080/10919392.2020.1831870\",\"RegionNum\":4,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2020.1831870","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 30

摘要

使用物联网带来的好处伴随着安全问题。物联网网络是异构的，现有的网络安全工具和控制措施不足以满足它们的需求。物联网设备和从这些设备传输的数据仍然暴露在多种威胁之下。在本文中，我们回顾了物联网实施中涉及的安全问题，并提出了一个基于零信任和区块链的物联网设备安全框架。基于风险的物联网网络分段增加了物联网设备属性和通信协议的同质性。零信任将信任的边界扩展到IT/OT网络之外。区块链提升了物联网网络的设备识别和接入控制能力。我们通过使用零信任和区块链实现物联网安全的案例研究来支持概念框架。我们为物联网安全管理提供了一种风险评分方法和五点建议。我们提出的物联网安全框架将帮助物联网实施者克服现有的安全问题，并将使学术研究人员和从业人员受益。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Securing IoT Devices Using Zero Trust and Blockchain

ABSTRACT The benefits ushered through the use of IoT come with its share of security concerns. IoT networks are heterogeneous and existing network security tools and controls are inadequate for them. The IoT devices and the data transmitted to and from these devices remain exposed to a multitude of threats. In this paper, we review the security concerns involved in the implementation of IoT and propose a framework for security of IoT devices based on Zero Trust and blockchain. A risk-based segmentation of IoT network increases the homogeneity of IoT device attributes and communication protocols. Zero Trust extends the perimeter of trust beyond the IT/OT network. Blockchain improves the device identification and access control capabilities of the IoT network. We support the conceptual framework with a case study on the implementation of IoT security using Zero Trust and blockchain. We provide a risk-scoring method and a five-point recommendation for management of IoT security. Our proposed IoT security framework will help implementors of IoT to overcome existing security concerns and will benefit academic researchers and practitioners alike.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Journal of Organizational Computing and Electronic Commerce 工程技术-计算机：跨学科应用

CiteScore

5.80

自引率

17.20%

发文量

审稿时长

>12 weeks

期刊介绍： The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.