NIST Sets the Stage for Addressing Trustworthiness in the Internet of Things

Mid February 2016, the Commerce Department’s National Institute of Standards and Technology (NIST) released a draft of NISTIR 8063, Primitives and Elements of Internet of Things (IoT) Trustworthiness. The document presents five primitives and six elements that form a design catalogue capable of supporting trustworthiness. These primitives are described as the building blocks of building blocks and include: sensor, aggregator, communication channel, eUtility (external utility), and decision trigger. The draft acknowledges the simplified presentation of the concepts and relationships, noting that it may reduce complexities associated with elaborate system models. Six elements are proposed: environment, cost, geographic location, owner, Device_ID, and snapshot. These elements, described as “less tangible trust factors,” play a major role in determining the level of trust a specific network of things can provide.

According to the draft, since “no simple, actionable, and universally-accepted definition for IoT exists, the model and vocabulary proposed [in the reasearch] reveals underlying foundations of the IoT, i.e., they expose the ingredients that can express how the IoT behaves, without defining IoT. This offers insights into issues specific to trust.”

The research is aims to nurture a better understanding of IoT, even in the absence of an actionable and universally accepted definition of IoT. The work NIST has done still offers some value despite some lack of agreement on terminology meanings because it targets fundamental behaviors of IoT.  In the exploration of the performance components of IoT, the research raises a number of questions for further investigation. Ultimately, the work concludes that “a composability science is necessary before we can deploy [Networks of Things], with trust. Primitives appear to offer that science and that beginning point.” The model presented in the draft hold promise for application to use cases, ontologies, formalisms, and other methods to specific IoT projects. Comments are due March 17, 2016.