Standardisation and Certification of the ‘Internet of Things’

  title={Standardisation and Certification of the ‘Internet of Things’},
  author={Ross J. Anderson and {\'E}ireann Leverett and Richard Clayton},
We are grateful to the European Commission, and in particular Gianmarco Baldini of the EC Research Centre, for commissioning the research that underpins this paper, and for permission to publish an abridged account of our findings. We are also grateful to Mike Ellims and Graeme Jenkinson for feedback on vehicle software, as well as to Robert Watson and other colleagues in the Cambridge security group for discussions of security sustainability. 

A Responsible Internet to Increase Trust in the Digital World

The novel notion of a responsible Internet is proposed, which provides higher degrees of trust and sovereignty for critical service providers and all kinds of other users by improving the transparency, accountability, and controllability of the Internet at the network-level.

Secure Decentralised Deployment of LoRaWAN Sensors

This paper will address the deployment and re-keying of LoRaWAN devices, by detailing a procedure which uses a smartphone’s camera flash to transfer the necessary credentials, and choosing smartphones as a transfer mechanism.

Optimization of Cloud Connectivity Using a Smart-Home Gateway

It is demonstrated that an intelligent approach deployed within a smart home gateway, which would continuously reevaluate and reassign Cloud-bound traffic to a momentarily optimal destination, could bring significant benefits to individual users in terms of quality and reliability of the provided Cloud service.

SPIN : a User-centric Security Extension for In-home Networks

The contribution of the work is the design of the SPIN system and a first implementation that enables users to block traffic from their IoT devices for privacy protection purposes.

Protecting Home Networks From Insecure IoT Devices

We present our ongoing work on SPIN, a muchneeded open source measurement platform that enables researchers and other users to easily analyze the security features of devices in the "Internet of

Exploring Security Economics in IoT Standardization Efforts

A case study is presented that investigates disclosed insecurities of the popular IoT standard ZigBee, and general lessons about security economics are derived, ranging from the definition of a precise security model to the enforcement of an update policy.

An Ethics Framework for Research into Heterogeneous Systems

This paper proposes a comprehensive conceptual-modelling approach to help researchers systematically identify, consider and respond to challenges in ethics and law when conducting research and development of heterogeneous systems, and proposes a six-layered model that addresses these concerns.

Burden or Benefit: Do Standards Work for IoT SMEs?

The paper addresses both the benefits and barriers SMEs encounter in using standards and participating in standards development processes, especially as this pertains to SMEs innovating in IoT.

Sustainable Security & Safety: Challenges and Opportunities

This paper argues that long term sustainable security & safety requires anticipating the unforeseeable and preparing systems for threats not known today, and identifies several design principles that could address these challenges and serve as building blocks for achieving this vision.

Superspreaders: Quantifying the Role of IoT Manufacturers in Device Infections

The influx of insecure IoT devices into the consumer market can only be stemmed if manufacturers adopt more secure practices. It is unlikely that this will happen without government involvement.



Security Economics and Critical National Infrastructure

The problems, and the state of play, of industrial control systems operate in a different world from systems previously studied by security economists; they find the same issues (lock-in, externalities, asymmetric information and so on) but in different forms.

Measuring the Cost of Cybercrime

The figures suggest that the UK should spend less in anticipation of cybercrime and more in response – that is, on the prosaic business of hunting down cyber-criminals and throwing them in jail.

Who Controls the off Switch?

The combination of commands that will cause meters to interrupt the supply, of applets and software upgrades that run in the meters, and of cryptographic keys that are used to authenticate these commands and software changes, create a new strategic vulnerability, which is discussed in this paper.

What Is Computer Security?

  • M. Bishop
  • Computer Science, Political Science
    IEEE Secur. Priv.
  • 2003
This column tries to place cybersecurity in perspective, because it is, of course, central to countries, organizations, and even home users now and in the future.

Might Governments Clean-Up Malware?

A role for government in subsidising the cost of clean-up of end-user computers that have become infected with malware is proposed and it is shown that the cost to the tax payer of a government scheme could be less than a dollar per person per year; well in line with other public health initiatives.

Benjamin's sale of goods

The sixth edition of this classic text on Sale of Goods law has been thoroughly updated to include wide-ranging developments in both commercial and consumer law. The latest developments in this broad

Auto Safety Regulation: An Analysis of Market Failure

Although a number of studies have shown seat belts to be highly effective in the prevention of death and injuries, they are used by less than 20% of automobile occupants. This low utilization has led

Protocol Composition Logic (PCL)

How Certification Systems Fail: Lessons from the Ware Report

The 1970 Security Controls for Computer Systems report, which helped shape computer systems' standard evaluation criteria, can shed light on current certification systems' shortcomings.

The benefits of formalising design guidelines: a case study on the predictability of drug infusion pumps

A demonstration is presented of how automated reasoning tools can be used to check the predictability of a user interface using higher-order logic and the Symbolic Analysis Laboratory to automatically verify predictability on real interactive number entry systems of two commercial drug infusion pumps.