IJIRST –International Journal for Innovative Research in Science & Technology| Volume 3 | Issue 02 | July 2016 ISSN (online): 2349-6010

All rights reserved by www.ijirst.org 227

Internet of Things: Privacy & Security Issues

Ms. Khushboo Desai

Assistant Professor

Department of Computer Engineering

SALITER, Ahmedabad. Gujarat, India

Abstract

The Internet of Things is emerging as the third wave in the development to the internet. Internet of things (IOT) is expected to

have a massive impact on consumer products, business and wider culture, but these are still early days[1]. The Internet of Things

(IOT) describes a worldwide network of intercommunicating devices. It integrates the ubiquitous communications, pervasive

computing, and ambient intelligence. The Internet of Things paradigm envisions the pervasive interconnection and cooperation

of smart things over the current and future Internet infrastructure. The Internet of Things is, thus, the evolution of the Internet to

cover the real-world, enabling many new services that will improve people’s everyday lives, spawn new businesses and make

buildings, cities and transport smarter. This paper analyses the privacy and security issues in the Internet of Things in detail. To

this end, we first discuss the evolving features and trends in the Internet of Things with the goal of Scrutinizing their privacy

implications. Second, we classify and examine privacy threats in this new setting, pointing out the challenges that need to be

overcome to ensure that the Internet of Things becomes a reality.

Keywords: IoT, WSN, SOA

_______________________________________________________________________________________________________

I. INTRODUCTION

In the Internet of Things vision, every physical object has a virtual component that can produce and consume services. Such

extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure

its safe and ethical use.[2]

IOT systems will deliver advanced services of a whole new kind based on increasingly fine-grained data acquisition in an

environment densely populated with smart things. Examples of such IOT systems are pervasive healthcare, advanced building

management systems, smartcity services, public surveillance and data acquisition, or participatory sensing applications. Privacy

has been a hot research topic in different technology and application areas that are important enablers of the IOT vision, e.g.

RFID, wireless sensor networks (WSN), web personalization, and mobile applications and platforms. These privacy threats,

whether known or new, need to be considered (i) in a reference model of the IOT accounting that accounts for its specific entities

and data flows, (ii) from the perspective of existing privacy legislation, and (iii) with regard to the and evolving features in the

IOT. For without a clear understanding of the arising issues and the appropriate counter-measures, the success of new pioneering

services and their users’ privacy will be at peril. We consider some of the key spheres of significance in arriving at a reference

architecture that is aimed at achieving trustworthiness among end-users in IOT applications, as being reminiscent of the

implementation of security and privacy in:

The IOT application, holistically

Ubiquitous computing systems in the solution

Participating Cloud computing systems

In the Service-Oriented Architecture (SOA) layer

In the Internet of Things (IOT), everything real becomes virtual, which means that each person and thing has a locatable,

addressable, and readable counterpart on the Internet. These virtual entities can produce and consume services and collaborate

toward a common goal. The user’s phone knows about his physical and mental state through a network of devices that surround

his body, so it can act on his behalf. The embedded system in a swimming pool can share its state with other virtual entities.

With these characteristics, the IoT promises to extend “anywhere, anyhow, anytime” computing to “anything, anyone, any

service.”

II. PROTOCOL & PRIVACY ISSUES

The Internet of Things (IOT) has particular security and privacy problems. The Internet Engineering Task Force is designing

authentication and authorization mechanisms for the most constrained devices which are part of the Internet of Things

[3].Privacy protection, on the other hand, depends largely on individual users to understand and configure security settings. This

often requires a high level of IT security competence, and is therefore likely to fail more often than not. Addressing this issue is

likely to greatly improve public acceptance of IOT consumer end products[3].The Internet of Things (IOT) universe of devices,

sensors, networks and technologies is so vast that meaningfully addressing any aspect of it -- such as security and privacy -- can

be daunting. Even narrowing the scope down to specific IOT use cases, such as vehicles/robots, smart homes, critical

Internet of Things: Privacy & Security Issues (IJIRST/ Volume 3 / Issue 02/ 040)

All rights reserved by www.ijirst.org 228

infrastructure, connected medical devices, wearable, or HVAC systems, requires factoring in numerous and complex security

considerations.

IOT Security & Passwords

A number of IOT devices available today have defaulted to the lowest hanging fruit for security and authentication: passwords.

Passwords are bad for the web; for IOT, they’re a disaster for a number of reasons. First, IOT devices are almost always very

limited in their user interface -- they don’t have keyboards to type a password into, nor do they have screens on which to display

random “pairing codes." When you try to bolt a “password-like” system onto something with a difficult interface, you usually

end up with something weak.

Passwords endure as a frustratingly popular yet weak security link, one that is terribly inadequate for IOT and should

challenge vendors to embrace more secure authentication methods throughout the development process.

The physical nature of IOT has an enormous potential impact on privacy because it involves going beyond “what you do on

your computer” to “what you do anytime, anywhere.” As referenced at the outset, wrapping our arms around security and

privacy across the entire IOT system is a daunting task. Nonetheless, a vendor and industry approach should consider the

following layers:

Privacy policy: Vendors should take privacy seriously. They must respect their customers enough to understand that

privacy is a legitimate human need. NIST is working on some privacy standards that might help. Sometimes systems are

secure (they work the way they’re intended), but violate someone’s privacy because they are designed to do so. For

instance, they track people when they don’t want to be tracked.

Security policy: Vendors must intentionally build secure systems. A system that’s not intentionally secure is definitely

insecure. Someone needs to think hard about the security of your system, and that person needs to be pretty experienced in

order to do a good job.

Application-level security: Many IoT security flaws are the same types of bugs we’ve seen on the Internet for years, such as

default “backdoor” admin passwords, weak passwords, not using encryption over the network, and open ports.

Protocol-level security: Wireless protocols such as ZigBee have some weaknesses, so even if you secure the application

layer, the communication link itself can be intercepted or modified.

III. DATA & PRIVACY

Some of the data protection and privacy challenges raised by IOT are new, but many others are traditional, albeit amplified due

to the exponential increase of data processing involved. For example:

Not all IoT-M2M products and services have a privacy component to them, but when there is one (or information is

aggregated with data from other services)

it can give a detailed view of all facets of a user's life (e.g. wearable, connected cars, connected homes);the IOT value chain is

long and complex and significant number of stakeholders are involved in the data processing; IOT relies on the principle of the

extensive processing of data through sensors that are designed to communicate unobtrusively and exchange data in a seamless

way; the exponential volume of data that can be collected, and its further combination, its storage in the cloud and the use of

predictive analytics tools can transform data into something useful but also allow companies - and potentially malware - to have

very detailed profiles of individuals; and the sharing and combination of data through cloud services will increase the locations

and jurisdictions where personal data resides.

Data Protection & the IOT

The estimated growth of this new trend in the market is expected to hit between 26 billion and 30 billion devices by 2020, with

an estimated market worth of between $6 trillion and $9 trillion.[5]

To put this in context, the following are some interesting implications (including ones concerning data protection) that relate

to the explosion of these interconnected devices:

These devices will constantly generate huge amounts of data, so we will need faster networks, larger storage capabilities

(likely in the cloud) and more bandwidth to support the growth in Internet traffic.

There is not yet an open ecosystem to host these devices to make them interoperable like there is on Microsoft Windows,

Apple iOS and Google Android ecosystems.

Vendors are creating private networks for interoperability among their own products, but these are incompatible with

others. This creates a major challenge forintegration across multiple solutions.

The current Internet protocol (IPv4) cannot handle the growth in the number of interconnected devices on the Internet. This

will trigger the need to switch to a more scalable protocol, such as IPv6.

Security and the IOT

With this in mind, you may be concerned about how to deal with security in the IOT. The following are several security

challenges that will need to be faced as the IOT gains steam:

Internet of Things: Privacy & Security Issues (IJIRST/ Volume 3 / Issue 02/ 040)

All rights reserved by www.ijirst.org 229

If we already have trouble today keeping our computers, smartphones and tablets updated with the latest version of code,

won’t it be a nightmare trying to keep these millions of devices updated and free of security bugs?

With the amount of data these devices will generate, how do we navigate the sea of data to identify suspicious traffic over

the network? What if we miss incidents because we are unable to identify them?

Proprietary and enclosed implementations such as those that vendors are creating today make it harder to find hidden or

unknown zero-day attacks.

Even though IPv6 has been present for some time, this protocol has not yet been fully perfected. As with everything that is

new, we have to handle new and unknown weaknesses. That being said, the way we apply security controls over IPv4 may

not be useful or relevant for protecting IPv6.

Data Management

Traditional data management systems handle the storage, retrieval, and update of elementary data items, records and files. In the

context of IOT, data management systems must summarize data online while providing storage, logging, and auditing facilities

for offline analysis. This expands the concept of data management from offline storage, query processing, and transaction

management operations into online-offline communication/storage dual operations. We first define the data lifecycle within the

context of IOT and then outline the energy consumption profile for each of the phases in order to have a better understanding of

IOT data management[5].

The Internet of Things (IOT) has made the leap to become a main stream topic. This growing recognition is due to the impact

the IOT has had on business analytics and the potential that still remains untapped. Each day, new machines, sensors, and

devices come online and feed information into data systems. As organizations embark on new IOT initiatives and work to extract

more insight from swelling data volumes, a new data management approach is called for.

Organizations that previously derived the majority of their insight from transactional data are shifting their focus to IOT data.

All of this analytical development generates swelling data volumes, with IOT organizations averaging 30% data growthyear-

over-year. Other estimates put data growth rates higher across all industries. Even conservatively, enterprise data will Double

within three years.

Not only is data growing, it is also diversifying. More than half of IOT organizations are concerned that their analytical tools

and infrastructure are not equal to modern data demands. Many organizations lack the tools and infrastructure needed to leverage

non-traditional data formats, such as unstructured and geospatial data.

Managing Data at the Edge

As devices and sensors multiply and data volumes swell, legacy data management infrastructure and techniques will no longer be

sufficient to fully leverage the IOT. IOT organizations demonstrate the direction that data management needs to take. Traditional

centralized databases will always have a role to play in analytics. However, as IOT initiatives continue to gain Momentum, data

management is moving from the central data repository towards the edge of the network. IOT organizations are nearly twice as

likely as all other organizations to have automated data capture. These organizations embed Data management into the devices

and sensors generating data to facilitate a smooth and steady stream of information.

IV. PRIVACY PROTECTION

In most cases, end-users are likely to accept an IoT solution that is managed or hosted on a trusted cloud provider system. We

propose the use of a governance body for ongoing certification and regulation of standards pertaining to the all-encompassing

extent of a typical IOT implementation.

Privacy in the Ubiquitous Sensors and Devices in the Smart Environment

In considering the security and privacy concerns of IOT applications, it is important to hone in on some of the security and

privacy challenges pertaining to pervasive devices and sensors that are often working ubiquitously to collect and exchange data

in the environment. From a security and privacy perspective, some of the key requirements that can be addressed at this layer of

the IOT application include:

User identification and validation

Privacy in ubiquitous computing

Secure network communications

Data communications and storage security

Data privacy

Content security

Tamper resistance

Privacy in the Cloud Computing Layer

Nonetheless, vulnerabilities in cloud solutions can differ for a given cloud deployment model. Some of the cloud deployment

models in use today include:

Internet of Things: Privacy & Security Issues (IJIRST/ Volume 3 / Issue 02/ 040)

All rights reserved by www.ijirst.org 230

Private Cloud

Community Cloud

Public Cloud

Hybrid Cloud

Virtual Private Cloud

Privacy in the IOT Apps and Service Layer

The IOT system interacts with its own cloud-hosted service layer as well as external services. The IOT application user interface

itself might have its own privacy and security concerns. In addition, the third party external services used in the solution might

need to be governed to ensure that they protect the end-user’s privacy and security preferences. For example, if the IOT

application interacts with the Facebook Graph API, the end-user might have specific privacy settings set on Facebook (an OSN)

that needs to be protected in the IOT system.

Cross-Cutting Governance Layer

Health Information Security and Privacy Compliance

V. CONCLUSION

With the outburst of cloud services and the advent of pervasive and context-aware services, it is increasingly necessary to ensure

that sensitive data is not compromised. This paper motivates the need for a detailed analysis of privacy threats and challenges in

the Internet of Things. Finally, we stress two core thoughts that our work suggests for a privacy-aware Internet of Things: First,

the IOT is evolving – privacy is a constant challenge and must be faced with the necessary foresight. Second, a fruitful outcome

requires coordinated action to provide technical solutions supported by the corresponding legal framework.

REFERENCES

[1] National Intelligence Council, Disruptive Civil Technologies – Six Technologies with Potential Impacts on US Interests Out to 2025 –Conference Report

CR 2008-07, April 2008 [2] R. Roman, P. Najera, and J. Lopez, \Securing the Internet of Things",IEEE Computer,vol. 44, pp. 51 -58, 2011

[3] Presser M, Krco Sa. IOT-I: Internet of Things Initiative: Public Deliverables – D2.1: Initial report on IoT applications of strategic interest 2010.

[4] Evans D. The Internet of Things - How the Next Evolution of the Internet Is Changing Everything. CISCO white paper [5] Sen R., Ramamritham K. Efficient Data Management on lightweight Computing Devices. Proceedings of the International Conference on Data Engineering

(ICDE 2005); Tokyo, Japan. 5–8 April 2005; pp. 419–420.

[6] Rastogi V, Nath S. Differentially private aggregation of distributed time-series with transformation and encryption. Proceedings of the 2010 ACM

SIGMOD International Conference on Management of data.SIGMOD ’10, 2010; 735–746, doi:10.1145/1807167.1807247

[7] D. Giusto, A. Iera, G. Morabito, L. Atzori (Eds.), The Internet of Things,Springer, 2010. ISBN: 978-1-4419-1673-

[8] Ivor D. Addo, Sheikh I. Ahamed, International Journal of Services Computing (ISSN 2330-4472) Vol. 2, No. 4, Oct.-Dec. 2014.