A Trust Management System for the IoT domain

TL;DR

This paper proposes a trust management system for IoT that uses a trust- and risk-based approach, considering user behavior and relationships to enhance security in dynamic, large-scale environments.

Contribution

It introduces a novel trust computation method that incorporates risk factors and user-to-device trust propagation for IoT security.

Findings

Effective trust assessment considering behavior and risk

Propagation of user trust to device level

Enhanced security in IoT environments

Abstract

In modern internet-scale computing, interaction between a large number of parties that are not known a-priori is predominant, with each party functioning both as a provider and consumer of services and information. In such an environment, traditional access control mechanisms face considerable limitations, since granting appropriate authorizations to each distinct party is infeasible both due to the high number of grantees and the dynamic nature of interactions. Trust management has emerged as a solution to this issue, offering aids towards the automated verification of actions against security policies. In this paper, we present a trust- and risk-based approach to security, which considers status, behavior and associated risk aspects in the trust computation process, while additionally it captures user-to-user trust relationships which are propagated to the device level, through user-to-device ownership links.