Enforcement of security policy rules for the Internet of Things

According to the European Union data protection legislation, privacy is a fundamental right that should be protected in the interaction of the citizen with the digital world. In the evolution of Internet towards new paradigms like Internet of Things (IoT), protection of privacy can be a challenging task because IoT connected objects can generate an enormous amount of data, some of which actually constitute personal data. In addition, it is difficult to control the flow of data when there is no user interface or adequate tools for the user. In this paper we describe an efficient solution to enforcement security policy rules that addresses this challenge, and takes a more general enterprise architecture approach for security and privacy engineering in IoT. This enforcement solution is based on a Model-based Security Toolkit named SecKit, and its integration with the MQ Telemetry Transport (MQTT) protocol layer, which is a widely adopted technology to enable the communication between IoT devices. In this paper, we describe the motivation and design of our enforcement solution, demonstrating its feasibility and the performance results in a case study.