The challenge of secure development of IoT applications in an accelerated market
El reto del desarrollo seguro de aplicaciones IoT en un mercado acelerado
Main Article Content
Un sistema de Internet de las cosas (IoT) comprende dispositivos, aplicaciones y servicios que se integran para soportar procesos organizacionales. Los desarrolladores IoT se enfrentan a dos tipos de retos: los tecnológicos y los de seguridad; sumado a esto, un mercado cambiante y altamente competitivo. El panorama de la seguridad en IoT refleja un reto para la ciberseguridad, porque se deben gestionar y controlar una variedad de amenazas cibernéticas y vectores de ataque que pueden ser usadas por los cibercriminales para comprometer infraestructuras tecnológicas. La seguridad es un requisito de calidad de los sistemas IoT, y como tal, debe ser atendida desde en las fases de diseño y desarrollo. Este artículo aborda el reto del desarrollo seguro de dispositivos y aplicaciones IoT en un mercado que exige desarrollo y actualizaciones de forma ágiles, y presenta dos alternativas propuestas en la literatura para gestionar el desarrollo seguro con la filosofía del desarrollo ágil. De igual forma, invita a orientar esfuerzos de investigación, desarrollo tecnológico y formativo en temas relacionados con la implementación de la ciberseguridad en el desarrollo seguro de aplicaciones IoT.
Downloads
Article Details
J. Rueda and J. Talavera Portocarrero, “Similitudes y diferencias entre Redes de Sensores Inalámbricas e Internet de las Cosas: Hacia una postura clarificadora,” Rev. Colomb. Comput., vol. 18, no. 2, pp. 58–74, 2017.
J. Tully et al., “The Internet of Things and Related Definitions,” 2012.
J. S. Rueda-Rueda, J. A. Manrique, and J. D. Cabrera Cruz, “Internet de las Cosas en las Instituciones de Educación Superior,” in Congreso Internacional en Innovación y Apropiación de las Tecnologías de la Información y las Comunicaciones – CIINATIC 2017, 2017, pp. 1–5.
E. Borgia, “The internet of things vision: Key features, applications and open issues,” Comput. Commun., vol. 54, pp. 1–31, 2014.
I. Lee and K. Lee, “The Internet of Things (IoT): Applications, investments, and challenges for enterprises,” Bus. Horiz., vol. 58, no. 4, pp. 431–440, 2015.
L. Da Xu, W. He, and S. Li, “Internet of things in industries: A survey,” IEEE Trans. Ind. Informatics, vol. 10, no. 4, pp. 2233–2243, 2014.
D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac, “Internet of things: Vision, applications and research challenges,” Ad Hoc Networks, vol. 10, no. 7, pp. 1497–1516, 2012.
S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead,” Comput. Networks, vol. 76, pp. 146–164, 2015.
S. Supriya and S. Padaki, “Data Security and Privacy Challenges in Adopting Solutions for IOT,” in 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2016, pp. 410–415.
S. M. Riazul Islam, Daehan Kwak, M. Humaun Kabir, M. Hossain, and Kyung-Sup Kwak, “The Internet of Things for Health Care: A Comprehensive Survey,” IEEE Access, vol. 3, pp. 678–708, 2015.
K. Zhang, J. Ni, K. Yang, X. Liang, J. Ren, and X. S. Shen, “Security and Privacy in Smart City Applications: Challenges and Solutions,” IEEE Commun. Mag., vol. 55, no. 1, pp. 122–129, Jan. 2017.
A. S. Elmaghraby and M. M. Losavio, “Cyber security challenges in Smart Cities: Safety, security and privacy,” J. Adv. Res., vol. 5, no. 4, pp. 491–497, Jul. 2014.
A.-R. Sadeghi, C. Wachsmann, and M. Waidner, “Security and privacy challenges in industrial internet of things,” in Proceedings of the 52nd Annual Design Automation Conference on DAC ’15, 2015, pp. 1–6.
F. Dalipi and S. Y. Yayilgan, “Security and Privacy Considerations for IoT Application on Smart Grids: Survey and Research Challenges,” in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), 2016, pp. 63–68.
C. Lee, L. Zappaterra, Kwanghee Choi, and Hyeong-Ah Choi, “Securing smart home: Technologies, security challenges, and security requirements,” in 2014 IEEE Conference on Communications and Network Security, 2014, pp. 67–72.
A. D. Thierer, “The Internet of Things & Wearable Technology: Addressing Privacy & Security Concerns Without Derailing Innovation,” SSRN Electron. J., 2014.
J. S. Rueda-Rueda, “Framework conceptual de ciberseguridad para aplicaciones de Internet de las cosas,” Universidad Autónoma de Bucaramanga, 2018.
R. Shirey, “Internet Security Glossary, Version 2.” 2007.
C. Cimpanu, “Problems Reappear for IoT Device Owners with Discovery of New DDoS Trojan.” 2016.
Malware Must Die, “MMD-0058-2016 - Linux/NyaDrop a linux MIPS IoT bad news.” 2016.
K. S. Subramani, A. Antonopoulos, A. Nosratinia, and Y. Makris, “Hardware Induced Security & Privacy Vulnerabilities in the Internet of Things.” 2016.
CNSS, “National Information Assurance (IA) Glossary.” Committee on National Security Systems, 2010.
S. Pastrana, J. Rodriguez-Canseco, and A. Calleja, “ArduWorm: A Functional Malware Targeting Arduino Devices.”
K. Hayashi, “IoT Worm Used to Mine Cryptocurrency.” 2014.
S. Edwards and I. Profetis, “Hajime: Analysis of a decentralized internet worm for IoT devices.” 2016.
CyberX, “Radiation IoT Cyber Security Campaign.” 2016.
Trend Micro, “Trend Micro Glossary: Ransomware.” 2015.
S. Cobb, “RoT: Ransomware of Things.” 2017.
S. Cobb, “Jackware: When connected cars meet ransomware.” 2016.
U. Schrott, “Austrian hotel experiences ‘ransomware of things attack.’” 2017.
RSA, “2016: Current State of Cybercrime.” 2016.
E. Caltum and O. Segal, “Exploitation of IoT devices for Launching Mass-Scale Attack Campaigns.” 2016.
Symantec, “2019 Internet Security Threat Report,” 2019.
C. Miller and C. Valasek, “Remote Exploitation of an Unaltered Passenger Vehicle,” 2015.
R. Currie, “Developments in Car Hacking,” SANS Inst. InfoSec Read. Room, pp. 1–34, 2016.
S. Lee and S. Kim, “Hacking, surveilling, and deceiving victims on Smart TV,” 2013.
T. Fox-Brewster, “How Hacked Cameras Are Helping Launch The Biggest Attacks The Internet Has Ever Seen.” Forbes, 2016.
S. Gibbs, “Hackers can hijack Wi-Fi Hello Barbie to spy on your children.” The Guardian, 2015.
A. Wang, “‘I’m in your baby’s room’: A hacker took over a baby monitor and broadcast threats, parents say,” The Washington Post, 2018. [Online]. Available: https://www.washingtonpost.com/technology/2018/12/20/nest-cam-baby-monitor-hacked-kidnap-threat-came-device-parents-say/.
J. Leyden, “One Ring to pwn them all: IoT doorbell can reveal your Wi-Fi key.” The Register, 2016.
Hewlett Packard Enterprise, “Internet Of things research study.” 2015.
ForeScout Technologies, “IoT Enterprise Risk Report,” 2016.
Avast, “Avast Smart Home Security Report 2019,” 2019.
Beyond Security, “Security Testing the Internet of Things: Dynamic testing (Fuzzing) for IoT security,” 2018. [Online]. Available: https://www.beyondsecurity.com/blog/security-testing-the-internet-of-things-iot.
Deloitte, “Legacy and Fielded Medical Device Risks Pose Greatest Cybersecurity Challenge to Connected Device Ecosystem,” Press releases, 2017. [Online]. Available: https://www2.deloitte.com/us/en/pages/about-deloitte/articles/press-releases/legacy-fielded-medical-devices-pose-greatest-cybersecurity-challenge-to-IoT-device-ecosystem.html?id=us:2el:3pr:meddevsec:awa:adv:081517.
ESET Latinoamérica, “ESET Security Report. Latinoamérica 2018.,” 2018.
C. Point, “Cyber Attack Trends Analysis. Key Insights to Gear up for in 2019,” 2019.
K. Adams, Non-functional Requirements in Systems Analysis and Design. Springer, 2015.
NIST, “ISO/IEC 25010:2011 - Systems and software engineering Systems and software Quality Requirements and Evaluation (SQuaRE) System and software quality models.” 2011.
L. Chung, B. A. Nixon, E. Yu, and J. Mylopoulos, Non-functional Requirements in Software Engineering. Springer Science & Business Media, 2012.
R. R. Maiti and F. J. Mitropoulos, “Prioritizing Non-Functional Requirements in Agile Software Engineering,” in Proceedings of the SouthEast Conference, 2017, pp. 212–214.
S. N. Mahalank, K. B. Malagund, and R. M. Banakar, “Non Functional Requirement Analysis in IoT based smart traffic management system,” in 2016 International Conference on Computing Communication Control and automation (ICCUBEA), 2016, pp. 1–6.
F. Brooks, “No Silver Bullet: Essence and Accidents of Software Engineering,” IEEE Comput., vol. 20, no. 4, pp. 10–19, 1987.
A. M. Davis, Software Requirements: Objects, Functions and States. Prentice-Hall, Inc, 1993.
K. Beck and Otros, “Manifiesto por el Desarrollo Ágil de Software,” agilemanifesto.org, 2001. [Online]. Available: https://agilemanifesto.org/iso/es/manifesto.html.
K. Beck and Otros, “Principios del Manifiesto Ágil,” agilemanifesto.org, 2001. [Online]. Available: https://agilemanifesto.org/iso/es/principles.html.
B. Sullivan, “Announcing SDL for Agile Development Methodologies,” Microsoft, 2009. [Online]. Available: https://www.microsoft.com/security/blog/2009/11/10/announcing-sdl-for-agile-development-methodologies/.
Microsoft, “Microsoft Security Development Lifecycle (SDL),” microsoft.com, 2019. [Online]. Available: https://www.microsoft.com/en-us/securityengineering/sdl/.
Microsoft, “Microsoft Security Development Lifecyble. Version 4.1a.,” 2009.
SAFECode, “Practical security stories and security tasks for agile development environments,” 2012.
ENISA, “Baseline Security Recommendations for IoT,” 2017.