Discuss about the Security And Privacy Issues In Iot.
The IOT or Internet of Things is a futuristic concept wherein everyday objects and accessories would be able to connect to each other, be aware about their surroundings as well as be connected to the internet. IOT is close associate with technologies such as Sensor, RFID and Wireless networks. According to Gartner, approximately 25 to 30 Billion IOT devices would be in use in the world. The rate at which this is growing possess big security concerns as IOT devices have multiple vulnerability while at the same time the potential growth attracts the attention of malicious actors. IOT security is an important concern because: a) IOT is considered to be an extended version of Wireless Sensor Networks, Mobile communication and Broadband which and since they itself possess multiple security flaws, it also translates over to IOT b) Since every device is connected to the internet and has itself low defence mechanisms c) IOT objects communicate with each other leaving scope of security and privacy. This paper aims to summarize the potential security and privacy threats of IOT (Schneier, 2017).
The characteristics of IOT that points to out it’s dynamic behaviour, mobility, intelligence, undefined parameters make it’s a high-end technological domain and a scalable technological revolution but also highly vulnerable in terms of security. As a result, it’s important to understand the concept of IOT before moving ahead to its security vulnerabilities.
Also, the same pattern could be observed in determining different paradigms of IOT, and they include:
As a result, the similar concept could applied to the structure of IOT. The IOT architecture, comprises of:
The application layer that consists of the bulk of the logic interacts with the end-users to satisfy their needs. The perception layers gathers environment related data and network layer consists of wireless and wired systems is intended to transmit and process information (“Cloud Computing Security, Privacy and Forensics: Issues and Challenges Ahead”, 2018). The IOT needs solutions related to architecture that helps manage heterogeneous states so as to work effectively.
Privacy is considered to be a fundamental human right and the Universal Declaration of Human Rights mentions this in 1948. In the US, the first biggest piece of legislation that was passed was the 1974 Privacy Act. However, even today the level of privacy protection offered by the legislation are insufficient because of the day-to-day spillages and unpunished breach of privacy and security issues. This issue is greatly enhanced with IOT as it creates many new grey areas wherein legislative boundaries disappear. First of this is the notion of PII or Personally Identifiable Information as the definition of PII quickly deprecates in lieu of IOT as it becomes increasingly difficult to distinguish between Non-PII and PII. Many privacy breaches today go unnoticed. For example, websites that allow constant tracking of users on the web (“Cloud Computing Security, Privacy and Forensics: Issues and Challenges Ahead”, 2018) or for instance smartphone companies and carriers that constantly collect location of the users or even smart meter readings that track people’s lifestyles. Also, too many privacy breaches go unnoticed among users as data collection of everyday things become a normality and the data collection is more passive.
Privacy theats
Identification
Identification means the threat of being identified by a name, pseudonym, address or contact number or by other means. This is a rapidly growing issue within IOT as the usage of surveillance cameras in IOT devices have become a norm for non-security contexts such as marketing and analytics purposes by non-government units. The images captured by these cameras can be automatically recognized using advanced facial recognition techniques. Apart from this, the increasing interconnection among devices (Song, Fink & Jeschke, 2014) make fingerprinting possible. Finally, the integration of speech and phrase recognition technology used in everyday consumer products such as speaker systems or calendars have made a huge data-base not just individual speech samples but also what they speak into, what they demand constantly among others. This could potentially be used to recognize and identify people by government and non-government organizations.
Localization and Tracking
Localization and tracking means constant or in-frequent accessing and / or recording of person’s location through space and time. As IOT objects become smarter and more intuitive, their accuracy and frequency of recording location to provide meaningful feedback and help increases as well. Simultaneously, the recording of location also becomes more passive and users are unaware about the same. This is a among the most concerning privacy issues associated with IOT.
Profiling
Profiling means compiling details of an individuals and tracking his likes, preferences, background and other details in order to understand the individual better. These methods are typically used on social media sites and ecommerce sites to provide better recommendation to users. However, with so many IOT devices in the wild, it gets easier to track and profile an individual’s lives those parts which were previously inaccessible.
Security Threats
Perception layer security issues: It stands at the lowest level in IOT structure and is the main source of access for the information within IOT. There isn’t enough security mechanisms built into this layer and is vulnerable to attack owing to its limited energy use, diversity and a weak protection that relies on the security of RFID, M2M and WSN. Perception layer is susceptible to attacks such as congestion attack, DoS attack, forward attack, physical capture, capture gateway node and node replication attack. Within Perception layer, WSN and RFID also have separate vulnerabilities:
Wireless Sensor Networks
WSN sense and control various environment around them and the security issues can be categorized under :
RFID technology
RFID is used for automatic exchange of information without user intervention and have various vulnerabilities within them that includes :
Security issues in physical layer
Physical layer is used to perform various functionalities including generation and selection of carrier frequency, demodulation and modulation, decryption and encryption as well as reception and transmission of data (“The IoT threat to privacy – TechCrunch”, 2013). Vulnerabilities and attack vectors for this includes jamming of radio signals. This is a type of Denial of Service attack wherein the attack constantly occupies the entire communication channel between different nodes effectively preventing them from communicating to each other. This type of attack is either performed continuously or in isolation. In either of the cases, the networks typically suffer great consequences. The second type of attack on Node tampering includes node tampering. In node tampering, the attackers extract sensitive information from within the physical layer.
Internet of Things faces a great deal of vulnerabilities when it comes to network layer. These includes illegal network access, eavesdropping on data, destruction, man-in-the-middle type of attacks, DoS attacks, virus and malware based attacks and so on. IoT that has a large sensing capabilities as it’s connected by multiple devices and have multiple sources of data that feed on them would also have additional security concerns. These concerns range from ineffective network data transfer speeds, large number of nodes causing network congestion and thereby resulting in various DoS styled attacks. The DoS attacks that take place in the network layer include the following:
Application Layer security issues
Internet of Things application is a result of tight integration between computer technology, industry professionals and communication technology and thus it has multiple applications. The security issues that typically riddle Application layer includes tampering as well as eavesdropping. This particular layer carries out different responsibilities of the traffic management. It is also responsible for providing software for multiple applications that help in carrying out translation of data into something which is comprehensible and also in collecting of information. This is done by sending the queries. A DoS attack that is path-based can be initiated within the application layer by way of simulating various sensor nodes so as to create huge traffic towards base station.
Technological solutions should intimately involve humans in the process. Some of the solutions deploy several access control methods or even privacy awareness applications. For instance, study proposed by the DPA or Dynamic Privacy Analyser, recommended a solution wherein the owner of a ‘smart meter’ should be made aware that he or she is sharing the data with 3rd parties and that it involves privacy risks in that context. Whereas half of the solutions proposed took the human completely out of the loop. They had (“Security Challenges in the Internet of Things (IoT)”, 2016) proposed cryptographic techniques as well as data minimization and information manipulation techniques so as to prevent data being sniffed on to servers. Apart from this, an original scheme known as PEM or Path Extension Method was presented that allowed for a powerful protection of location based privacy and this was accomplished using an encryption technique that made sure that adversaries would not be able to eavesdrop on any form of communication.
A vast majority of researchers had been quite fundamentalist when it comes to privacy. This is also something that can be expected and some unconcerned researchers might never have the interest in the first place to carry out any research in this domain. It also means, however, there might also be some unrealistic standards about a woman and a man on the street as well as their stance on privacy. Some unconcerned consumers (Hussain & Kaliya, 2018) are likely to be unwilling when it comes to taking any action on preserving their privacy as they don’t care much about it. Much of the solutions proposed in this regard take into the assumption that consumers might always be concerning about their privacy and unwilling to share information or unwilling to spend time in engaging their rights to defend privacy. In both the cases, the assumption could be flawed as well.
The main question here that demands attention and investigation is whether or not consumers having different privacy stances are sure to be putting in extra effort to interact, question the authority and fight for their right to privacy. This becomes extra difficult when narratives thrown by corporations suggest that by learning and tracking consumers, they can better tailor their services and systems to consumer’s needs. As a result, the researchers who are constantly coming up with various innovative solutions that might prove to be futile when it comes to the face of consumer’s complacency or their unwillingness to engage on matters of privacy.
There are many limitations in the research report presented above. The biggest limitation is perhaps the omission of smartphones from the research. Smartphones perfectly qualify as an IoT device as it has nearly all the characteristics of an IoT device and it has still not been included in the report. This is because smartphones open up an entirely new form of discussion that has sometimes different privacy and security (Basu, 2005) issues than IoT although many of those issues do overlap. This report was meant to focus entirely on privacy and security related issues with the IoT devices such as the smart speakers, smart lights or the technologies being used in smart cities and so on.
As an extension to this research, a follow up research report should assess several privacy perception that relates to IoT in order to find out whether the people would come forward to protect their privacy. Moreover, it should also determine if they would value a management tool through which they can manage their privacy and prevent it to some degree if some efforts were needed from their end in order to do so. For instance, enabling encryption which isessentially a security tool but practically preservers any communication to and from IoT devices to the server. A further research should also be carried out that assesses the security-specific solutions for IoT.
Conclusion
The ongoing state of IOT reveals that there are still a significant amount of work that needs to be done in order to secure these embedded smart devices. Even though the total number of IoT devices along with newer technological solutions as well as scientific research has soared in the past few years, the solutions to secure them has not been able to keep the same pace. There are multiple known security beaches that affect the IoT devise and there are multiple cases of security breaches happening as of this minute. At the same time, the amount of data being generated and passed through these IoT devices is also increasing at an unprecedented rate which means nothing but more exposure to sensitive data which in turn brings the need for a discussion among privacy and Security Council. Efforts made recently in regards to IoT has not been able to cover the entire breadth of security challenges posed by IoT and it reveals that many research opportunities are still pending in several areas that includes smart detection capabilities and object hardening. Present challenges and issues should be taken as the background for improvement opportunities that helps organizations incorporate security mechanisms in the early design of these IoT devices. Finally, users would also need to understand the core objective of these smart devices and what it is meant to be used for so that they can incorporate some extra security and prevention from their end to ensure the risk of exposing sensitive data about them is kept at minimum.
References
Basu, S. (2005). On issues of Convenience, Privacy and Security. Journal Of Information Privacy And Security, 1(2), 1-3. https://dx.doi.org/10.1080/15536548.2005.10855764
Cloud Computing Security, Privacy and Forensics: Issues and Challenges Ahead. (2018). International Journal Of Recent Trends In Engineering And Research, 4(3), 10-13. https://dx.doi.org/10.23883/ijrter.2018.4083.xwpna
Cloud Computing Security, Privacy and Forensics: Issues and Challenges Ahead. (2018). International Journal Of Recent Trends In Engineering And Research, 4(3), 10-13. https://dx.doi.org/10.23883/ijrter.2018.4083.xwpna
Future Internet | Special Issue : IoT Security and Privacy. (2018). Retrieved 2018, from https://www.mdpi.com/journal/futureinternet/special_issues/and_Privacy
Hussain, M., & Kaliya, N. (2018). An Improvised Framework for Privacy Preservation in IoT. International Journal Of Information Security And Privacy, 12(2), 46-63. https://dx.doi.org/10.4018/ijisp.2018040104
Schneier, B. (2017). IoT Security: What’s Plan B?. IEEE Security & Privacy, 15(5), 96-96. https://dx.doi.org/10.1109/msp.2017.3681066
Security Challenges in the Internet of Things (IoT). (2016). Retrieved 2018, from https://resources.infosecinstitute.com/security-challenges-in-the-internet-of-things-iot/
Song, H., Fink, G., & Jeschke, S. (2014). Security and privacy in cyber-physical systems.
The IoT threat to privacy – TechCrunch. (2013). Retrieved 2018, from https://techcrunch.com/2016/08/14/the-iot-threat-to-privacy
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download