Semiotics: An Approach to Model Security Scenarios for IoT-Based Agriculture Software

Julio Ariel Hurtado; Leandro Antonelli; Santiago López; Adriana Gómez; Juliana Delle Ville; Giuliana Maltempo; Frey Giovanny Zambrano; Andrés Solis; Marta Cecilia Camacho; Miguel Solinas; Gladys Kaplan; Freddy Muñoz

doi:10.22430/22565337.2923

Julio Ariel Hurtado Universidad del Cauca, Colombia https://orcid.org/0000-0002-2508-0962
Leandro Antonelli Universidad Nacional de La Plata, Argentina https://orcid.org/0000-0003-1388-0337
Santiago López Universidad del Cauca, Colombia https://orcid.org/0000-0002-8588-8365
Adriana Gómez Universidad Tecnológica de Pereira, Colombia https://orcid.org/0009-0008-5686-6408
Juliana Delle Ville Universidad Nacional de La Plata, Argentina https://orcid.org/0009-0007-7888-7544
Giuliana Maltempo Universidad Nacional de La Plata, Argentina https://orcid.org/0009-0005-7441-5828
Frey Giovanny Zambrano Universidad del Cauca, Colombia https://orcid.org/0009-0007-9629-4072
Andrés Solis Corporación Universitaria Comfacauca, Colombia https://orcid.org/0000-0003-3342-0776
Marta Cecilia Camacho Institución Universitaria Colegio Mayor del Cauca, Colombia https://orcid.org/0000-0003-1973-3063
Miguel Solinas Universidad Nacional de Córdoba, Colombia https://orcid.org/0000-0002-7550-1067
Gladys Kaplan Universidad Nacional de La Matanza, Argentina https://orcid.org/0000-0003-1800-7342
Freddy Muñoz Fundación Universitaria de Popayán, Colombia https://orcid.org/0000-0002-8172-0530

DOI: https://doi.org/10.22430/22565337.2923

Palabras clave: IoT, Escenario de Calidad, Requerimientos de IoT, Agricultura Inteligente, Industria 4.0, Sistemas Inteligentes

Resumen Autores/as Referencias bibliográficas Cómo citar Descargas

Resumen

La agricultura es una actividad humana vital que contribuye al desarrollo sostenible. Hace unas décadas, el sector agrícola introdujo el Internet de las Cosas (IoT), desempeñando un papel relevante en la agricultura de precisión e inteligente. Los desarrollos IoT en agricultura requieren colaboración entre múltiples dispositivos, lo que incrementa su vulnerabilidad, debido principalmente a la falta de seguridad integrada por restricciones del contexto. Otras amenazas a estos dispositivos conciernen el almacenamiento y procesamiento de datos conectados a servidores periféricos o en nube. Para garantizar que las soluciones IoT cumplen los requisitos funcionales y no funcionales, especialmente los de seguridad, las empresas de software deberían adoptar un enfoque centrado en la seguridad para su especificación de requerimientos de software. El objetivo del artículo consistió en proponer un método ligero para especificar escenarios de seguridad integrando los puntos de vista de requisitos y arquitectura en el contexto del IoT en soluciones agrícolas. El método comprende cuatro actividades: (i) crear escenarios de buen uso, (ii) crear escenarios de uso incorrecto, (iii) traducir el escenario anterior en escenario de seguridad aplicando reglas y (iv) refinar el escenario de seguridad resultante. También se describe un prototipo de herramienta que utiliza el algoritmo propuesto para ayudar a reforzar el escenario de uso incorrecto basado en el escenario de uso correcto, dando al experto la posibilidad de completar la información para el análisis y posterior derivación del escenario de seguridad. Por último, se proporciona una evaluación preliminar del método propuesto. Los resultados de mostraron que el enfoque propuesto permite a los ingenieros de software definir y analizar escenarios de seguridad en los contextos de IoT y agricultura con buenos resultados. La encuesta, aplicada a cinco expertos en seguridad, encontró que el método de escenario de seguridad propuesto es generalmente útil, pero necesita mejoras en diferentes áreas.

Biografía del autor/a

Julio Ariel Hurtado, Universidad del Cauca, Colombia

Universidad del Cauca, Popayán-Colombia, ahurtado@unicauca.edu.co

Leandro Antonelli, Universidad Nacional de La Plata, Argentina

Universidad Nacional de La Plata, Buenos Aires-Argentina, lanto@lifia.info.unlp.edu.ar

Santiago López, Universidad del Cauca, Colombia

Universidad del Cauca, Popayán-Colombia, Fundación Universitaria de Popayán, Popayán-Colombia, santiagolopez94@unicauca.edu.co

Adriana Gómez, Universidad Tecnológica de Pereira, Colombia

Universidad Tecnológica de Pereira, Pereira-Colombia, adrianagomezr@utp.edu.co

Juliana Delle Ville, Universidad Nacional de La Plata, Argentina

Universidad Nacional de La Plata, Buenos Aires-Argentina, jdelleville@lifia.info.unlp.edu.ar

Giuliana Maltempo, Universidad Nacional de La Plata, Argentina

Universidad Nacional de La Plata, Buenos Aires-Argentina, gmaltempo@lifia.info.unlp.edu.ar

Frey Giovanny Zambrano, Universidad del Cauca, Colombia

Universidad del Cauca, Popayán-Colombia, freyzambrano@unicauca.edu.co

Andrés Solis, Corporación Universitaria Comfacauca, Colombia

Corporación Universitaria Comfacauca, Popayán-Colombia, Universidad del Cauca, Popayán-Colombia, asolis@unicomfacauca.edu.co

Marta Cecilia Camacho, Institución Universitaria Colegio Mayor del Cauca, Colombia

Institución Universitaria Colegio Mayor del Cauca, Popayán-Colombia, cecamacho@unimayor.edu.co

Miguel Solinas, Universidad Nacional de Córdoba, Colombia

Universidad Nacional de Córdoba, Córdoba-Argentina, miguel.solinas@unc.edu.ar

Gladys Kaplan, Universidad Nacional de La Matanza, Argentina

Universidad Nacional de La Matanza, San Justo-Argentina, gladyskaplan@gmail.com

Freddy Muñoz, Fundación Universitaria de Popayán, Colombia

Fundación Universitaria de Popayán, Popayán-Colombia, lfreddyms@gmail.com

Referencias bibliográficas

ITU-T. “Overview of internet of things.” 2012. [Online]. Available: https://www.itu.int/rec/T-REC-Y.2060/en

K. Ojo-Gonzalez, and B. Bonilla-Morales, “Requerimientos no funcionales para sistemas basados en el internet de las cosas (IoT): Una revisión,” I+D Tecnológico, vol. 17, no. 2, Jul. 2021. https://doi.org/10.33412/idt.v17.2.3303

Berkeley CPS Publications. “Cyber-Physical Systems (CPS).” Berkeley.edu. Accessed: Sep. 20, 2023. [Online]. Available: https://ptolemy.berkeley.edu/projects/cps/

P. Shankar, B. Morkos, D. Yadav, and J. D. Summers, “Towards the formalization of non-functional requirements in conceptual design,” Res. Eng. Des., vol. 31, no. 4, pp. 449–469, Oct. 2020. https://doi.org/10.1007/s00163-020-00345-6

E. Serna M., and A. Serna A., “Process and progress of requirement formalization in software engineering,” Ingeniare, Rev. Chil. Ing., vol. 28, no. 3, pp. 411–423, Sep. 2020. https://doi.org/10.4067/S0718-33052020000300411

U. Ahmed, “A review on khowledge management in requirements engineering,” in International Conference on Engineering and Emerging Technologies (ICEET), Lahore, Pakistan, 2018, pp. 1-5. https://doi.org/10.1109/ICEET1.2018.8338650

C. Potts, “Using schematic scenarios to understand user needs,” in Proceedings of the conference on Designing interactive systems processes, practices, methods, & techniques - DIS ’95, New York, Aug. 1995, pp. 247–256. https://doi.org/10.1145/225434.225462

J. Patton, and P. Economy, User Story Mapping: Discover the Whole Story, Build the Right Product, 1st Ed. Sebastopol, CA, United States of America: O’Reilly Media, 2014.

J. R. Price, Write a Use Case: Gathering Requirements that Users Understand, The Communication Circle, 2020.

J. M. Carroll, “Five reasons for scenario-based design,” in Proceedings of the 32nd Annual Hawaii International Conference on Systems Sciences. 1999. HICSS-32. Abstracts and CD-ROM of Full Papers, Maui, HI, USA, Jan. 1999, pp. 11. https://doi.org/10.1109/hicss.1999.772890

S. Hofer, and H. Schwentner, Domain Storytelling: A Collaborative, Visual, and Agile Way to Build Domain-Driven Software (Addison-Wesley Signature Series (Vernon)), 1st Ed. Massachusetts, United States Of America: Addison-Wesley Professional, 2021.

S. Pal, M. Hitchens, T. Rabehaja, and S. Mukhopadhyay, “Security requirements for the internet of things: A systematic approach,” Sensors, vol. 20, no. 20, p. 5897, Oct. 2020. https://doi.org/10.3390/s20205897

S. Myagmar, A. J. Lee, and W. Yurcik, “Threat Modeling as a Basis for Security Requirements,” ResearchGate, Aug. 2005. [Online]. Available: https://www.researchgate.net/publication/228634178_Threat_Modeling_as_a_Basis_for_Security_Requirements

B. Schneier, “Cryptography Is Harder than It Looks,” IEEE Secur. Priv., vol. 14, no. 1, pp. 87–88, Jan.-Feb. 2016. https://doi.org/10.1109/MSP.2016.7

T. Martin, D. Geneiatakis, I. Kounelis, S. Kerckhof, and I. N. Fovino, “Towards a formal lot security model,” Symmetry, vol. 12, no. 8, p. 1305, Aug. 2020. https://doi.org/10.3390/sym12081305

M. Dhanaraju, P. Chenniappan, K. Ramalingam, S. Pazhanivelan, and R. Kaliaperumal, “Smart Farming: Internet of Things (IoT)-Based Sustainable Agriculture,” Agriculture, vol. 12, no. 10, p. 1745, Oct. 2022. https://doi.org/10.3390/agriculture12101745

N. Khan, R. L. Ray, G. R. Sargani, M. Ihtisham, M. Khayyam, and S. Ismail, “Current progress and future prospects of agriculture technology: Gateway to sustainable agriculture,” Sustainability, vol. 13, no. 9, p. 4883, Apr. 2021. https://doi.org/10.3390/su13094883

D. C. Rose, R. Wheeler, M. Winter, M. Lobley, and C. Charlotte-Anne, “Agriculture 4.0: Making it work for people, production, and the planet,” Land use policy, vol. 100, p. 104933, Jan. 2021. https://doi.org/10.1016/j.landusepol.2020.104933

S. El-Gendy, and M. A. Azer, “Security Framework for Internet of Things (IoT),” in 2020 15th International Conference on Computer Engineering and Systems (ICCES), Cairo, Egypt, 2020, pp. 1-6. https://doi.org/10.1109/ICCES51560.2020.9334589

A. Rettore de Araujo Zanella, E. da Silva, and L. C. Pessoa Albini, “Security challenges to smart agriculture: Current state, key issues, and future directions,” Array, vol. 8, p. 100048, Dec. 2020. https://doi.org/10.1016/j.array.2020.100048

A. Yazdinejad et al., “A review on security of smart farming and precision agriculture: Security aspects, attacks, threats and countermeasures,” Applied Sciences, vol. 11, no. 16, Aug. 2021. https://doi.org/10.3390/app11167518

K. Demestichas, N. Peppes, and T. Alexakis, “Survey on Security Threats in Agricultural IoT and Smart Farming,” sensors, vol. 20, no. 22, p. 6458, Nov. 2020. https://doi.org/10.3390/s20226458

J. C. Sampaio Do Prado Leite, G. D. S. Hadad, J. H. Doorn, and G. N. Kaplan, “A scenario construction process,” Requir. Eng., vol. 5, no. 1, pp. 38–61, Jul. 2000. https://doi.org/10.1007/pl00010342

S. Khamaiseh, and D. Xu, “Software security testing via misuse case modeling,” in 2017 IEEE 15th Intl Conf on Dependable, Autonomic and Secure Computing, 15th Intl Conf on Pervasive Intelligence and Computing, 3rd Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress, Orlando, FL, USA, 2017, pp. 534-541. https://doi.org/10.1109/DASC-PICom-DataCom-CyberSciTec.2017.98

X. T. Nguyen, H. T. Tran, H. Baraki, and K. Geihs, “Frasad: A Framework for Model-driven IoT Application Development Xuan,” in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT), Milan, Italy, 2015, pp. 387-392. https://doi.org/10.1109/WF-IoT.2015.7389085

B. Karaduman, S. Mustafiz, and M. Challenger, “FTG+PM for the Model-Driven Development of Wireless Sensor Network based IoT Systems,” in 2021 ACM/IEEE International Conference on Model Driven Engineering Languages and Systems Companion (MODELS-C), Fukuoka, Japan, 2021, pp. 306-316. https://doi.org/10.1109/MODELS-C53483.2021.00052

H. Cardenas, R. Zimmerman, A. R. Viesca, M. Al Lail, and A. J. Perez, "Formal UML-based Modeling and Analysis for Securing Location-based IoT Applications," in 2022 IEEE 19th International Conference on Mobile Ad Hoc and Smart Systems (MASS), Denver, CO, USA, 2022, pp. 722-723. https://doi.org/10.1109/MASS56207.2022.00109

K. Slovenec, M. Vuković, D. Salopek, and M. Mikuc, "Securing IoT Services Based on Security Requirement Categories," in 2022 International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Split, Croatia, 2022, pp. 1-6. https://doi.org/10.23919/SoftCOM55329.2022.9911319

S. Sotoudeh, S. Hashemi, and H. G. Garakani, Security Framework of IoT-Based Smart Home," in 2020 10th International Symposium on Telecommunications (IST), Tehran, Iran, 2020, pp. 251-256. https://doi.org/10.1109/IST50524.2020.9345886

W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, and Y. A. Bangash, “An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software-Defined Security,” IEEE Internet Things J., vol. 7, no. 10, pp. 10250–10276, Oct. 2020. https://doi.org/10.1109/JIOT.2020.2997651

Ö. Özkaya, and B. Örs, "Model based node design methodology for secure IoT applications," in 2018 26th Signal Processing and Communications Applications Conference (SIU), Izmir, Turkey, 2018, pp. 1-4. https://doi.org/10.1109/SIU.2018.8404490

R. M. Carvalho, "Dealing with Conflicts Between Non-functional Requirements of UbiComp and IoT Applications," in 2017 IEEE 25th International Requirements Engineering Conference (RE), Lisbon, Portugal, 2017, pp. 544-549. https://doi.org/10.1109/RE.2017.51

F. Kammuller, J. C. Augusto, and S. Jones, “Security and privacy requirements engineering for human centric IoT systems using eFRIEND and Isabelle,” in 2017 IEEE 15th International Conference on Software Engineering Research, Management and Applications (SERA), London, UK, 2017, pp. 401-406. https://doi.org/10.1109/SERA.2017.7965758

M. Gupta, M. Abdelsalam, S. Khorsandroo, and S. Mittal, “Security and Privacy in Smart Farming: Challenges and Opportunities,” IEEE Access, vol. 8, pp. 34564–34584, Feb. 2020. https://doi.org/10.1109/ACCESS.2020.2975142

F. Davis, “User Acceptance of Information Systems: Technology acceptance model (TAM),” University of Michigan, Ann Arbor, Michigan. [Online]. Available: https://deepblue.lib.umich.edu/bitstream/handle/2027.42/35547/b1409190.0001.001.pdf?seque

N. Marangunić, and A. Granić, “Technology acceptance model: a literature review from 1986 to 2013,” Univers. Access Inf. Soc., vol. 14, pp. 81–95, Mar. 2015. https://doi.org/10.1007/s10209-014-0348-1

Python. (1995). Netherlands. Accessed: Sep. 20, 2023. [Online]. Available: https://www.python.org/

Spacy. Industrial-Strength Natural Language Processing. (2016). Accessed: Sep. 20, 2023. [Online]. Available: https://spacy.io/

S. Loria. Textblob (Python). (2023). Accessed: Sep. 23, 2023. [Online]. Available: https://pypi.org/project/textblob/

S. Aurangzeb, M. Aleem, M. Azhar Iqbal, and M. Arshad Islam, “Ransomware: A Survey and Trends,” Journal of Information Assurance and Security, vol. 12, Jun. 2017. https://www.researchgate.net/publication/317380115_Ransomware_A_Survey_and_Trends

S. G. Abbas et al., “Identifying and mitigating phishing attack threats in IoT use cases using a threat modelling approach,” Sensors, vol. 21, no. 14, p. 4816, Jul. 2021. https://doi.org/10.3390/s21144816

L. Chang, “A Proactive Approach to Detect IoT Based Flooding Attacks by Using Software Defined Networks and Manufacturer Usage Descriptions,” M.S thesis, Arizona State University Tempe Campus, EE. UU. 2018. [Online]. Available: https://core.ac.uk/download/pdf/161995314.pdf

J. Liu, Y. Xiao, and C. L. P. Chen, "Authentication and Access Control in the Internet of Things," in 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 2012, pp. 588-592. https://doi.org/10.1109/ICDCSW.2012.23

Q. M. Ashraf, and M. H. Habaebi, “Autonomic schemes for threat mitigation in Internet of Things,” J. Netw. Comput. Appl., vol. 49, pp. 112–127, 2015. https://doi.org/10.1016/j.jnca.2014.11.011

J. Deogirikar, and A. Vidhate, “Security attacks in IoT: A survey,” in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), Palladam, India, 2017, pp. 32-37. https://doi.org/10.1109/I-SMAC.2017.8058363

Decisioning, “The second workshop on Collaboration in knowledge discovery and decision making.” unicauca.edu.co. Accessed: Sep. 23, 2023. [Online]. Available: https://www.unicauca.edu.co/versionP/eventos/conversatorio/decisioning-2023-second-workshop-collaboration-knowledge-discovery-and-decision-making

Cómo citar

[1]

J. A. Hurtado, «Semiótica: un enfoque para modelar escenarios de seguridad para software de agricultura basado en IoT», TecnoL., vol. 27, n.º 59, p. e2923, abr. 2024.

Descargar cita

Descargas

Los datos de descargas todavía no están disponibles.

Semiótica: un enfoque para modelar escenarios de seguridad para software de agricultura basado en IoT

Resumen

Biografía del autor/a

Referencias bibliográficas

Descargas

Métricas

Idioma

Enviar un artículo

contacto

stadistics