NIST Releases New IoT Security Model

Published on August 10, 2016

Archived Notice

This article has been archived and may contain broken links, photos and out-of-date information. If you have any questions, please Contact Us.

In a short time, the Internet of Things (IoT) has grown from a vision of the future to a realized sector of the tech industry. Thousands of established organizations have or are working to develop IoT connected devices. Gartner, Inc. estimates that this year, 6.4 billion connected things will be in use worldwide, with 5.5 million new things getting connected every day. While the growth of the IoT and its associated technologies is exciting, security continues to be a major concern. One of the biggest challenges facing the IoT is how to adequately protect data. In response to its rapid development, the National Institute of Standards and Technology (NIST) released a new set of IoT security guidelines.

NIST acknowledges that the IoT is beneficial but it is necessary to identify and understand the science behind it. The guidelines are meant to offer an “underlying and foundational science to IoT based on a belief that IoT involves sensing, computing, communication, and actuation.” The document identifies a model that expresses how the IoT behaves, and explains that it is one type of a Network of Things (NoT) with the following five core primitives:

  • Sensor
  • Aggregator
  • Communication Channel
  • External Utility
  • Decision Trigger

Security and reliability are top concerns for all five of the core primitives, which belong to most distributed systems. The model also identifies six elements that are “key players in trusting NoTs”:

  • Environment
  • Cost
  • Geographic Location
  • Owner
  • Device_ID
  • Snapshots

In essence, the primitives are the building blocks of the IoT and the elements are the “less tangible trust factors” impacting NoTs. “The five primitives along with the context offered by the six elements form a design catalog for those persons and organizations interested in exploring and implementing current and future IoT based technology.” The document lists additional considerations and offers use case scenarios that more quickly provide recommendations and guidance concerning a NoT’s trustworthiness.

Download the full document, here.