AbstractsComputer Science

The Internet has quickly evolved from being merely a medium for accessing interlinked hypertext documents across computers to the mighty Internet of Things (IoT). The IoT is still in its infancy and is yielding impressive benefits through unprecedented associations of real world problems and technological solutions. This is impairing our ability to perceive novel vulnerabilities that the IoT presents. With the enormous amount of data and control that the cyber space would possess in the future, extending security and privacy solutions of the Internet, to the IoT might prove to be a catastrophic decision. Hence, it is best to rethink the security and privacy of the IoT. This thesis attempts to comprehensively recognize and analyze the vulnerable features of the IoT, which could be exploited to pose various forms of threats to the IoT ecosystem. The thesis also presents a threat taxonomy for the IoT. Three broad classes of threats have been established: System Security Threats, Privacy Threats, and Reflective Trust and Reputation Threats. Under each class, threats have been specialized based on relevant factors. The taxonomy is designed to create specialized threat spaces. This would refine threat recognition and safeguarding during the device and application design and deployment phases, and detection, isolation and containment of attacks during the operational phase. This thesis organizes the available and developing solutions to mitigate these threats, and discusses some directions of future works. Finally the thesis proposes the novel philosophy of Social Governance, which recognizes the service and device manufacturers, the policy makers, and the users of the devices and services, as the three pivotal drivers of a networked society. It endorses development of a new framework to facilitate the free flow of information among the drivers to foster an expeditious, organized and secure IoT development. The framework would optimize policy formulation, enforcement (through Hierarchical Distributed Policy Management System) and adherence (through Policy Compliant Smart Devices). Formulating comprehensive threat taxonomies for the IoT, like the one proposed in this thesis and designing an exclusive framework for the IoT to promote adequate information flow and effective implementation of security and privacy would contribute in building a robust networked society. L'Internet a rapidement évolué de sa position originale en tant que série de documents hypertextes interreliés entre ordinateurs vers un réseau comprenant une multitude d'appareils et d'objets communiquant à travers divers protocoles; l'Internet des Objets (idO). Encore sous sa phase de développement, cet idO prodigue des résultats impressionnants par son application de solutions technologiques à des problémes bien réels. Ces résultats masquent les vulnérabilités potentielles présentées par cet idO. Dans un futur proche, appliquer les méthodes de sécurité et de confidentialité courantes utilisées par l'Internet pour contrôler les quantités massives…