Hey Nathan, Thanks for giving a look to the document. On Sat, Nov 19, 2016 at 12:54 AM, Heldt-Sheller, Nathan < nathan.heldt-sheller at intel.com> wrote:
> Hello, welcome and thanks for sharing your paper! Some interesting data > points in there? may I ask where the vulnerabilities data points come from > (e.g. 90% of devices with PII, etc.)? > > > Yeah sure, its my mistake that I forgot to add the reference to the document. I will update that on the same as soon as possible. Meanwhile, I dig the data that you are asking from a research paper. https://www.researchgate.net/publication/297728761 which happens to collect data from a research study by Hewlett Packard on IoT. Other data is also collected from https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project For your reading, there is some useful information on the IoTivity security > code and design on the IoTivity wiki (https://wiki.iotivity.org/), which > you may find interesting. > > The security architecture for IoTivity is based on the Open Connectivity > Framework (OCF) Security Specification developed by the OCF Security Work > Group. The most recent released specifications can be found on the > openconnectivity.org website. Note that the specifications are available > to members only, but a basic membership does get you read-only access. If > you?re interested in the architecture behind the IoTivity Security Layer, > take a look there. > > Indeed, I have kindof skimmed the iotivity wiki and also of Alljoyn's. But as you said, I am definitely going to go through the openconnectivity security specifications. I see they are available for free. https://openconnectivity.org/specs/OIC_Security_Specification_v1.1.0.pdf Is this the same document that you are suggeting or is there a differnet hidden complete version ?? I will surely get back to you after giving a thorough read to the documentations above. > > > If after reading through the IoTivity documentation and code, and perhaps > joining OCF and reading the Security Specification 1.1.0, you think you > would like to contribute further, please circle back to this (or the OCF > Security WG) mailing list. > > Surely. > Thanks, > Nathan Heldt-Sheller > > Intel Corp. > > > > *From:* iotivity-dev-bounces at lists.iotivity.org [mailto: > iotivity-dev-bounces at lists.iotivity.org] *On Behalf Of *saurabh shandilya > *Sent:* Friday, November 18, 2016 4:45 AM > *To:* iotivity-dev at lists.iotivity.org > *Subject:* [dev] IoT security design/framework > > > > Hey all, > I am glad joining Iotivity mailing list. :) > > I just joined Iotivity after a doing pretty much research on the topic of > IoT. As of now, I am still trying to understand the whole Iotivity > architecture. I and my friend have been developing thoughts on this for > quite a time now, specially after the famous IoT attacks recently. Thus we > came up with a IoT security design framework. > > I would like to request you people to kindly give a look the the design > and proposed framework and I sincerely hope that I may be able to polish > the idea and make it usable. My vision is that with such a framework or > its improvisations the security threat to IoT devices can be minimized. > > Really looking forward for your feedback. I am hoping that if at all > possible, we can contribute for the same. > > The link for the website : https://grim-skull-10311.herokuapp.com/ > It is quite buggy as of now. > > But the whitepaper and the presentation are seperately at Github too. > https://github.com/tightiot/iotsecure > > > > > Regards, > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.iotivity.org/pipermail/iotivity-dev/attachments/20161119/37d0d4b8/attachment.html>
