Iot Security Privacy PDF
Iot Security Privacy PDF
Iot Security Privacy PDF
ABSTRACT
This paper introduces Internet of Things (IoTs), which offers
capabilities to identify and connect worldwide physical objects
into a unified system. As a part of IoTs, serious concerns are
raised over access of personal information pertaining to device
and individual privacy. This survey summarizes the security
threats and privacy concerns of IoT..
Keywords
Internet of Things (IoT); Threats; Security ; Privacy .
1. INTRODUCTION
With the rapid development of Internet technology and
communications technology, our lives are gradually led into an
imaginary space of virtual world. People can chat, work,
shopping, keeps pets and plants in the virtual world provided by
the network. However, human beings live in a real world,
human activities cannot be fully implemented through the
Fig. 1 Definition of Internet of Things [1].
services in the imaginary space. It is the limitation of imaginary
space that restricts the development of Internet to provide better
For example, through RFID, laser scanners, global writing
services. To remove these constraints, a new technology is
system, infrared sensors and other information sensing devices
required to integrate imaginary space and real-world on a same
are connected to any object for communication services and
platform which is called as Internet of Things (IoTs). Based on
data exchange. At last, to reach the smart devices to be tracked,
a large number of low-cost sensors and wireless
located, and monitored and to handle the network functions, to
communication, the sensor network technology puts forward
make the IT infrastructure and physical infrastructure
new demands to the Internet technology. It will bring huge
consolidation IoT is the most needed one.
changes to the future society, change our way of life and
business models. 2.2. Evolution
Apart from benefits of IoTs, there are several security and Before the investigation of the IoTs in depth, it is worthwhile
privacy concerns at different layers viz; Front end, Back end to look at the evolution of the Internet. As shown in Fig. 2, in
and Network. In this paper, the survey is in several security and the late 1960s, communication between two computers was
privacy concerns related to Internet of Things (IoTs) by made possible through a computer network. In the early 1980s,
defining some open challenges. Then, discussion on some the TCP/IP stack was introduced. Then, commercial use of the
applications of IoTs in real world. Internet started in the late 1980s. Later, the World Wide Web
(WWW) became available in 1991 which made the Internet
Rest of the paper is organized as follows: Section 2 gives an more popular and stimulate the rapid growth. Then, mobile
overview, background and real life applications of IoTs. devices connected to the Internet and formed the mobile-
Security and privacy concerns in IoTs are discussed in Section Internet. With the emergence of social networking, users started
3. Section 4 concludes survey study with references at the end. to become connected together over the Internet. The next step in
the IoTs is where objects around us will be able to connect to
2. IOT OVERVIEW AND BACKGROUND each other (e.g. machine to machine) and communicate via the
2.1. What is the Internet of Things? Internet.
As shown in Fig. 1, the IoTs allow people and things to be
connected anytime, anyplace, with anything and anyone, ideally IoT promises to create a world where all the objects (also called
using any path/network and any service [1]. They are Material smart objects) around us are connected to the Internet and
objects connected to material objects in the Internet. communicate with each other with minimum human
intervention. The ultimate goal is to create a better world for
human beings, where objects around us know what we like,
20
International Journal of Computer Applications (0975 8887)
Volume 90 No 11, March 2014
what we want, and what we need and act accordingly without transmissions over very narrow frequency bands, with the
explicit instructions [1]. obvious advantage of enormous link budgets and thus
significantly enhanced ranges. IEEE802.15.4e standard is very
2.3. Architecture and Protocal Stack of IoTs suitable for a protocol stack for IoT because it is latest
IoTs can be divided into three important layers Viz; Perception, generation of highly reliable and low-power MAC protocol.
Network and Application. As shown in Fig.3, perception layer
(also called as recognition layer) gathers data/information and
identifies the physical world. Network layer is the middle one
(also called as wireless sensor networks), which accountable for
the initial processing of data, broadcasting of data, assortment
and polymerization. The topmost application layer offers these
overhauls for all industries.Among these layers, the middle one
network layer is also a "Central Nervous System" that takes
care of global services in the IoTs, since it acts the part of
aggregating with upward application layer and makes the link
downward of perceptual layer.
21
International Journal of Computer Applications (0975 8887)
Volume 90 No 11, March 2014
2.4.1. IoTs in Medical Application health service center. In the state of emergency, first-aid
Due to population growth, rural urbanization, declining notification is delivered to medical institution by health service
birthrate, population aging, economic growth and social center to provide emergency services to patients.
unbalanced resource utilization, some social problems have
become increasingly apparent in the healthcare field.
2.4.2. IoT in Smart Home
Now a days, smart homes are becoming more and more cost-
The health management level and the incapability of effective and intellectualized with continued progress and cost
responding to emergency is a pressing social problem. reduction in communication technology, information
technology, and electronics, which connects the Internet with
There is a serious shortage in medical staffs, institutional everyday devices and sensors for connecting virtual and
facilities especially in rural areas, lack of medical facilities, low physical objects through the data capture and communication
level of treatment, inadequate healthcare system capabilities development.
The imperfect diseases prevention system cannot meet the
national strategy requirements to safeguard the health of the
citizen becoming heavy burden on economy, individuals,
families and state.
Inadequate disease prevention and early detection capability.
To address these issues, Remote Monitoring and Management
Platform of Healthcare information (RMMP-HI) [5] can
provide monitoring and management of these lifestyle diseases
so as to reach the purpose of prevention and early detection.
22
International Journal of Computer Applications (0975 8887)
Volume 90 No 11, March 2014
Fig. 7. Intelligent community security system (ICSS)[7]. Fig. 9. Surrounding Security Subsystem [7].
Through wireless the information of each subsystem is The SSS contains electronic access controls, electronic fences
messaged to the CIPS implies automatic adjustments and timely and rotatable monitoring cameras. It can be utilized to avoid
warnings in order to maintain the community security. The illegal enter or intrusive behavior into communities. The
details about ICSS subsystems are as follows: subsystem can find the exact location of the accident by using
sensing terminals which can automatically omit untrue signals.
2.4.3.1. Vehicle Management Subsystem of the ICSS The rotatable cameras will track the people or objects by IPR
technology; simultaneously they triggers alarm to the handheld
devices of the security personnel and CIPS through the sensor
network.
Intruders location could be verified on the CIPS electronic map
and electronic alarm is triggered. The accident images can get
by clicking the handheld devices of security personnel and can
rush to the crime scene as early as possible. The CIPS will give
lighting facilities and begin to monitor systems to tape the
whole process in order to ensure the security of the area
particularly in the places which is beyond the security
personnel sights.
23
International Journal of Computer Applications (0975 8887)
Volume 90 No 11, March 2014
24
International Journal of Computer Applications (0975 8887)
Volume 90 No 11, March 2014
Typically in IoTs, the environment is sensed by connected To conceal the real identity tied with the stored data
devices. They then broadcast the gathered information and Pseudonymization and Anonymization could be used. Without
particular events to the server which carries out the application disclosing any specific record, a database could allow access
logic. This is performed by Mobile or/and fixed communication only to statistical data (sum, average, count, etc.). To ensure the
which takes the responsibility. output (typically aggregate queries) is independent of the
absence or presence of a particular record adds noise called as
Privacy should be protected in the device, in storage during differential privacy [14] could be the appropriate technique.
communication and at processing which helps to disclose the
sensitive information [10].The privacy of users and their data 3.2.4. Privacy at Processing
protection have been identified as one of the important It is mainly of two folds. Firstly, personal data must be treated
challenges which need to be addressed in the IoTs. in a way that it should be simpatico with the intended purpose.
Secondly, without explicit acceptance and the knowledge of the
3.2.1. Privacy in Device data owner, their personal data should not be disclosed or
The sensitive information may be leaked out in case of retained to third parties.
unauthorized manipulation or handling of hardware and
software in these devices. For example, an intruder can re- By considering the above two points, Digital Rights
programme a surveillance camera could such that it sends data Management (DRM) systems [15] is most suitable which
not only to the legitimate server, but also to the intruder. Thus, controls the consumption of commercial media and defends
for devices that gather sensitive data robustness and tamper- against re-distribution illegally. One can define privacy policies
resistance are especially important. To ensure IoTs security for personal data in a rights object or license instead of
trusted computing technologies including device integrity excersing principles for commercial media which must be
validations, tamper-resistant modules and trusted execution obeyed during the data processing. DRM requires trusted
environments are useful. devices, secure devices to work efficiently and effectively.
In order to provide the privacy in the devices, there exists so Users permission and their awareness are requirements for
many problems one need to address such as it could be the distribution of personal data. User notification aids to avoids
location privacy of the device holder , non-identifiability means abuse.
protecting the identification of the exact nature of the device,
protecting the personal information in case of the device theft or 4. CONCLUSION
loss and resilience to side channel attacks. Location Privacy in The IoT technology draws huge changes in everyones
WSN is achieved by using the algorithm Multi-Routing everyday life. In the IoTs era, the short-range mobile
Random walk [11] in the wireless sensors, in the case of the transceivers will be implanted in variety of daily requirements.
Protecting of display privacy and Protection of personal The connections between people and communications of people
Identifiable Information(PII) in case of device loss, theft could will grow and between objects to objects at anytime, in any
be achieved by having QR codes(Quick Response Code) location. The efficiency of information management and
technique [12] were selected. In the case of Non-Identifiability communications will arise to a new high level. The dynamic
and side channel attacks adding randomness or noise, having environment of IoTs introduces unseen opportunities for
synchronous CPUs, Blind values used in calculations could be communication, which are going to change the perception of
used. computing and networking. The privacy and security
implications of such an evolution should be carefully
3.2.2. Privacy during Communication considered to the promising technology. The protection of data
To assure data confidentiality during the transmission of the and privacy of users has been identified as one of the key
data, the most common approach is encryption. Encryption on challenges in the IoT.
certain occasions adds data to packets which provides a way for
tracing, e.g. sequence number, IPsec- SecurityParameterIndex, In this survey, we presented Internet of Things with architecture
etc. These data may be victimized for linking packets to the and design goals. We surveyed security and privacy concerns at
analysis of same flow traffic. Secure Communication Protocol different layers in IoTs. In addition, we identified several open
could be the suitable approach [13]. issues related to the security and privacy that need to be
addressed by research community to make a secure and trusted
During the communication Pseudonyms can be replaced for platform for the delivery of future Internet of Things. We also
encryption in case it is not feasible to the devices identity or discussed applications of IoTs in real life. In future, research on
users in order to decrease the vulnerability. One of the long- the IoTs will remain a hot issue. Lot of knotty problems are
familiar examples is Temporary Mobile Subscriber Identity waiting for researchers to deal with.
(TMSI). Devices should communicate if and only if when there
is a need, to derogate privacy disclosure induced by 5. REFERENCES
communication. In 3GPP machine type communications, in [1] C. Perera, A. Zaslavsky, P. Christen, and D.
order to avoid unnecessary collection of location information by Georgakopoulos, Context Aware Computing for The
the network after a certain period of inactivity the devices will Internet of Things: A Survey IEEE Communications
detach from the network. Surveys & Tutorials, 2013, pp. 1-41
3.2.3. Privacy in Storage [2] G. Gang, L. Zeyong, and J. Jun, Internet of Things Security
For protecting privacy of information storage, following Analysis, 2011 International Conference on Internet
principals should be considered. Technology and Applications (iTAP), 2011, pp. 1-4.
Only the least possible amount of information should be [3] M. Palattella, N. Accettura, X. Vilajosana, T. Watteyne, L.
stored that is needed. Grieco, G. Boggia, and M. Dohler, "Standardized protocol
stack for the internet of (important) things," Proceedings
In case of mandatory then only personal information retained. of IEEE, 2012, pp. 1-18.
Information is brought out on the basis of need-to-know.
25
International Journal of Computer Applications (0975 8887)
Volume 90 No 11, March 2014
[4] O. Vermesan, P. Friess,and A. Furness, The Internet of state-of-the-art survey, International Conference
Things 2012, By New Horizons, 2012. [Online]. onCommunication Systems (ICCS),Proceedings of IEEE,
Available: http://www.internet-of-things-research.eu/pdf/ 2012, pp. 75-79.
IERC_Cluster_ Book_2012_WEB.pdf
[11] L. Zhou, Q. Wen, and H. Zhang. "Preserving Sensor
[5] W. Zhao, C. Wang, and Y. Nakahira, Medical Application Location Privacy in Internet of Things." In Computational
On IoT, International Conference on Computer Theory and Information Sciences (ICCIS), proceedings of IEEE,
and Applications (ICCTA), 2011, pp. 660-665. 2012, pp. 856-859.
[6] K. Bing, L. Fu, Y. Zhuo, and L. Yanlei, Design of an [12] B. Tepekule, U. Yavuz, and A. E. Pusane, "Modern
Internet of Things-based Smart Home System, 2nd Kodlama Tekniklerinin QR Kod Uygulamalarna
International Conference on Intelligent Control and Yatknlg, On the Use of Modern Coding Techniques in
Information Processing, 2011, pp. 921-924. QR Applications.", Proceedings of IEEE, 2013. pp.1-4.
[7] J. Liu, and L. Yang, Application of Internet of Things in [13] M.Giannikos, K. Korina, N. Fotiou, G. F. Marias and G. C.
the Community Security Management, Computational Polyzos, "Towards secure and context-aware information
Intelligence, Communication Systems and Networks,Third lookup for the Internet of Things." In Computing,
International Conference on IEEE, 2011, pp. 314-318. Networking and Communications (ICNC,) Proceedings
of IEEE , 2013, pp. 632-636.
[8] D. Jiang, and C. ShiWei, A Study of Information Security
for M2M of IoT, 3rd International Conference on [14] R. Hall, A. Rinaldo, and L. Wasserman, "Differential
Advanced Computer Theory and Engineering (ICACTE), Privacy for Functions and Functional Data," Journal of
2010, pp. 576-579. Machine Learning Research, 2013, pp.703-727.
[9] RFC 2828, Internet Security Glossary, May 2000, [15] E. Liu, Z. Liu, and F. Shao, "Digital Rights Management
[Online]. Available: https://www.ietf.org/rfc/rfc2828.txt. and Access Control in Multimedia Social Networks" In
Genetic and Evolutionary Computing, Springer
[10] Y. Cheng, M. Naslund, G. Selander, and E. Fogelstrm, International Publishing, 2014,pp.257-266.
Privacy in Machine-to-Machine Communications: A
IJCATM : www.ijcaonline.org 26