Internet of Things (IoT) is a rapidly growing industry currently being integrated into both consumer and industrial environments on a wide scale. While the technology is available and deployment has a low barrier of entry in future applications, proper security frameworks are still at infancy stage and are being developed to fit varied implementations and device architectures. Further, the need for edge centric mechanisms are critical to offer security in real time smart connected applications with minimal or negligible overhead. In this paper, we propose a novel approach of data security by using multiple device shadows (aka digital twins) for a single physical object. These twins are paramount to separate data among different virtual objects based on tags assigned on-the-fly, and are used to limit access to different data points by authorized users/applications only. The novelty of the proposed architecture resides in the attachment of dynamic tags to key-value pairs reported by physical devices in the system. We further examine the advantages of tagging data in a digital twin system, and the performance impacts of the proposed data separation scheme. The proposed solution is deployed at the edge, supporting low latency and real time security mechanisms with minimal overhead, and is light-weight as reflected by captured performance metrics.
翻译:互联网(IoT)是一个迅速增长的产业,目前正在大规模地融入消费者和工业环境;虽然技术已经具备,而且部署对未来应用的进入障碍较低,但适当的安全框架仍处于初级阶段,正在开发,以适应各种实施和装置结构;此外,需要以边缘为中心的机制对于实时智能连接应用程序提供安全至关重要,其管理费用极少或微不足道;在本文件中,我们提议对单一物理物体使用多种设备阴影(aka 数字双胞胎),以新的方法实现数据安全;这些双胞胎对于根据在飞行上分配的标签将不同虚拟物体的数据分开至关重要,并用于限制授权用户/应用程序对不同数据点的进入;拟议结构的新颖之处在于将动态标签附加在系统物理设备所报告的关键价值对对配对上;我们进一步研究数字双对系统中标记数据的优点,以及拟议数据分离办法的性能影响;拟议解决办法部署在边缘,支持低密度和实时安全机制,其最低的顶部/应用程序仅用于限制使用。