Recommendations for improvements to Saeed’s thesis
– Research question 1: I would suggest to make this more focused. You should find one domain, e.g. construction companies with specific IoT type of devices/applications and for that domain find specific vulnerabilities and suggest specific characteristics/configuration of a gateway to mitigate these threats. You should not simply repeat what you will find in the literature, the gateway configuration/design should be your own work, based on the specific setup of the domain you will select. Certainly you will rely on past knowledge, but you need to be more specific on the mitigation measures, citing existing knowledge where appropriate. That is why you need to first figure out the most important threats of the specific domain so that you can tailor make your gateway for that scenario.
– Research question 2: Again here, you should take the specific domain that you have selected and analyse the barriers of adoption of a security culture in IoT projects for that specific domain.
One idea how to organise your work to make it more focused and to include the element of originality/own contribution is to formulate a framework. This framework could, for example, provide guidelines to someone to perform the risk assessment and requirements analysis in a certain setup, choose solutions based on the analysis, etc. The framework would be something that will have a process / life cycle so that users can apply it.
It is not clear what the objective of this questionnaire is, whereas some questions are too vague or general. I would suggest to redo the questionnaire with the following suggested things to consider:
+ I suggest that the questionnaire should be target at IT proffessionals involved in the specific IoT domain you have selected for your 2 research questions. Given the specific domain, try to derive the following information from them: a) what vulnerabilities/threats they foresee for their setup, b) what security measures they have taken to deal with those vulnerabilities/threats, c) what problems did they have in setting up their IoT projects, d) what barriers did they face, e) how they overcame those barriers
+ There should be more critical discussion on the results of the questionnaire
+ You should provide information like the characteristics of the participants, what is their relationship with IoT (not only duration but are they personal end users (e.g. they own a wearable) or they have implemented corporate projects, or are they providers of IoT solutions?), how the survey was conducted (online survey, over the phone, interviews, focus groups), who conducted the survey, was additional information (explanations) provided to the responders, etc.
– A proof reading of the report needs to be done before submission, as there are several spelling, grammar mistakes.
A few Additional Minor Issues
– Acronyms need to be either included in a separate section all together or explained in the text
+ Page 26 PAN
+ Page 27 CoAP, MQTT, XMPP
+ Page 20: “According to an article of IETF journal…” You need to reference that journal, not the paper that references that journal.
+ Page 22: “An article in IETF journal…” You need to reference that journal, not the paper that references that journal.
+ Should include references for Bluetooth, Zigbee, Z-Wave, 6LoWPAN
+ Page 27 should include references for CoAP, MQTT, XMPP
+ Pages 57-58 should include references for IEEE 802.15.4