Miklas Njor

Security and Privacy in the Internet of Things

Abstract: The aim of this review report is to gain a broad understanding of privacy and security in IoT and the problems and open issues concerning this area.

Introduction

Internet of Things (IoT) use mainly Wireless Sensor Networks (WSN) or Radio Frequency IDentification (RFID) to communicate and connect to the outside physical world. IoT, and WSN and RFID technologies are regarded by many researchers as insecure and still partly in the development stages. The key challenges for making IoT more widespread is adding better security between the layers of the IoT devices, and when communicating with the outside world.

The security aspect will help in dealing with the privacy aspect which is equally important, since users have to be able to trust that the data the IoT device collects, are not leaked to unauthorised parties. IoT is built upon the idea of the Internet, however IoT is a more challenging area to secure than the Internet, since IoT devices have limited resources.

mind map about mobile
A mind map of the central idea where thinking about mobile isn't just “thinking about mobile devices” but also technologies, ideas and approaches. What difference does mobile make to user experience? How do we deal with interfaces which aren't any longer about screens? What are the privacy implications of crowd sensing?
© Mike https://flic.kr/p/8RU8QS

Literature Review

We have searched for literature using Malmö University's Summon and Google Scholar. The search terms used are IoT“, “Internet of Things“, “privacy“, “security”, “survey”, “state of the art either as single terms or in combination. We have accessed and read abstracts of some hundred papers, downloaded about 30 papers of which we find seven papers to be relevant to our aim of getting an overview of the domain of security and privacy in IoT, and where it is heading. Thus our focus for the chosen papers are on surveys, reviews and state of the art.

Results

Here we present and discuss the papers we find relevant to privacy and security in IoT.

Internet of Things Architecture and Security

A discussion and review of the current research on security requirements of IoT based on the four layers of the IoT technology (Perceptual, Network, Support and Application Layer) is presented by Suo, Wan, Zou, & Liu [1]. The authors highlight security in IoT as more challenging than security on Internet, since it is difficult to verify that devices have been breached, and that the research community should pay more attention to confidentiality, integrity and authenticity of data.

There are four levels of an IoT application:

Below we describe each layer, their security features and security requirements using definitions by Suo, Wan, Zou, & Liu [1].

The Perceptual Layer

The Network Layer

Panel: The Internet of Things Revolution – Functional, Usable, Wearable (AppsWorld London Notes) Notes from the AppsWorld Europe 2013 panel “The Internet of Things Revolution – Functional, Usable, Wearable” with Tamara Roukaerts, Saverio Romeo, Paul Lee, Ben Moir and Mike Barlow.
© Mike Barlow https://flic.kr/p/8RU8QS

The Support Layer

The Application Layer

Activate the world (or: what “mobile” really means)

Using two case studies of smart homes and medical implants, Kermani, Zhang, Raghunathan, & Jha [2] methodically highlight the problematic areas of embedded systems, how they can be exploited, and further describe possible solutions and workarounds for better hardware and software security for IoT devices.

IoT challenges and opportunities

RFID Chip

A good historical background of Internet of Things and definition of “thing” is discussed by Agrawal & Das [3], where the authors explain the underlying technologies (WSN and RFID) and pick at the security and privacy concerns and problems of these technologies, as well as the interoperability issues of trust and heterogeneous sources communicating. The authors list many challenges and opportunities for Internet of Things. We acknowledge that the elements are highly connected, however we choose to only highlight and comment on challenges and opportunities of security and privacy in IoT.

Security and privacy challenges

Cryptography is the practice and study of techniques for secure communication in the presence of third parties. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering.

The challenges regarding security and privacy highlighted by [3] are:

Security and privacy opportunities

The opportunities regarding security and privacy highlighted by [3] are:

Internet of Things and standardisation

Carrying four RFIDs

The security perspective of IoT from a standardisation point of view, is argued by Keoh, Kumar & Tschofenig [4], methodically mapping problems facing IoT security to how they can be – and in many ways already are – solved by standardisation. They highlight the efforts of the Internet Engineering Task Force to standardise security within the IoT. Although slightly biased towards their own achievements, they thoroughly examine, evaluate and analyse many problems and levels of security. The also conclude by adding perspectives to Moore's and the problem of many new devices' high power consumption.

Internet of Things contrasted to Internet

The analysis of the security aspects of each layer in IoT objects, their cross layer issues with heterogeneous integration and the security aspects of IoT is addressed by Jing, Vasilakos, Wan, Lu & Qiu [5], contrasting these issues to how they are dealt with on the Internet. The authors thoroughly go into details with all aspects of the pros and cons of each layer‘s security problems with clear references, contrasting their findings with other internet protocols, namely:

Internet of Things and Privacy

Iot and the concept of Connected

The aim of the note by Mashhadi, Kawsar & Acer [6] is to start a discussion within the HDI and IoT communities to better understand and reflect on the issues of who owns the data created and produced in the IoT environment, and find relevant models to allow users to give permission and control over when and how they share information. The authors do not critically reflect on who owns the data, but indirectly take the stance that the data produced by users is owned by users, not directly backing up this position by any arguments or references. It is just assumes, even thought the title of the paper is “Human Data Interaction in IoT: The Ownership Aspect”.

However they argued that IoT devices collect data from and about people. The authors argue the pros and cons, through many examples, of using secure multi-party computations (SMC) for enforcing and protecting users' privacy in the IoT domain. The author concludes that the main obstacles are immature technology, but does not touch on another important aspect, namely that IoT devices do not necessarily have the computational powers to carry out computations. The authors provide a to solve the problems they define, and discuss possible side effects of their solutions, including illustrating the overlapping application domains vs. data sensitivity.

Internet of Things and the Future Internet of Things

A pile of RFID Rings

Khan, Khan, Zaheer, & Khan [7] take a perspective view of privacy and security in IoT and Future IoT (FIoT), contrasting it with where it currently is. The authors summarise and categorise several key challenges for IoT and point to government bodies currently working to solve these problems.

The authors also point out not only interoperability issues, but also findability of devices, since IoT devices need not only be aware of their surroundings, but also surrounding devices, which they might need to communicate with to accomplish task or to collect data from. However it is difficult to deploy awareness measures and authentication logic in these rudimentary IoT devices to allow socialising.

Discussion

In this paper we have briefly looked at the security and privacy issues facing Internet of Things. We have described the four layers of IoT devices and mapped their security challenges. We find that IoT is still in a development stage with security challenges that need to be ironed out before the vision of truly smart devices and mass adoption of the technologies can succeed. Security and privacy are hampered by devices with little power to deal with the complex tasks of encryption and authentication.

It seems that most research base their ideas of the Internet and World Wide Web, where in fact, as many point out, the Internet of Things domain is more complex, since IoT devices are highly autonomous units with little power to make authentication or encryption. We have touched on another need for security, namely privacy of the collected data, so unauthorised third parties cannot gain access to the device and scrape the data for unauthorised use. This is however also a challenge for IoT, since devices are meant to communicate with the outside world and with each other. The question still remains open, as to who and how communication should be controlled.

References

No tags for this post.
Exit mobile version