Multi-Layered IoT System Design Towards End-to-End Secure Communication

An increasing amount of sensory data, often of confidential nature, is exchanged day by day: from the sensor and actuator layers over smart gateways to the business logic and analytics level. Robust yet efficient security measures play an essential role in this interaction. However, the complexity of securely connecting different building blocks of a distributed, multi-layered systems is considerable. Security methodologies are often applied at a late stage of system development, posing problems such as inappropriate security levels, performance issues, and longer time-to-market cycles. Addressing possible security properties already in the design phase of a security-critical system helps to mitigate these problems. In this paper, we discuss a distributed, multi-layered IoT data collection system that enables data aggregation and exchange from the embedded level up to different cloud instances while supporting end-to-end secured communication. The system was designed in the course of a case study where we used a design-space-exploration tool for identifying secure processes in regard to key management and distribution. Based on our analysis results, a distributed proof of concept was developed. Subsequently, the most critical processes of the individual layers were evaluated regarding security and execution speed.