Integrated Security for IoT: Methodologies and Certification for Collaborative Smart Devices

The Internet of Things (IoT) encompasses technologies that include devices with computational capabilities, software, and other components that connect and exchange data over the internet or other network systems. This thesis explores the security challenges IoT devices face throughout their lifecycle and demonstrates how these can be effectively managed using the Security-by-Contract (\SxC) paradigm through a Usage Control System (UCS). The UCS employed in this research uses a distributed architecture with a Distributed Hash Table (DHT) and focuses on deployment in home environments, specifically on lightweight systems such as a Raspberry Pi with 8 GB of RAM. This approach aims to address security issues by integrating robust access control mechanisms within constrained devices, enhancing IoT device security in everyday settings. The introduction outlines the research motivations, particularly the transformative role of IoT in smart homes and associated security challenges, such as authorization and access control. It discusses difficulties in enforcing these policies, especially for resource-constrained devices, and highlights the core contributions of the research. Chapter 2 provides a comprehensive review of current access control paradigms, including UCS, as well as insights into the SIFIS-Home project and Security-by-Contract theory. Chapter 3 covers the methodology for testing the UCS in a home setting using a distributed architecture with a DHT, describing procedures for testing and integration and supported by code snippets. The goal is to test system performance, usability, and security, verifying if the proposed implementations can enhance security on lightweight platforms. In Chapter 4, the experimental setup and results are presented with an in-depth analysis, highlighting their practical implications. A critical assessment considers the impact and relevance of the findings in addressing identified challenges. An additional chapter presents the development of a PiCamera control application as a practical illustration of access control mechanisms in managing video streaming within a secure smart home. The chapter explores integrating access controls into video stream management, emphasizing security and appropriate access to sensitive data. The final chapter summarizes the conclusions, reflecting on the study’s outcomes and consolidating key findings.