Security and Privacy Issues in Internet of Things (IoT) A Report

Table of Content
Executive Summary3

1
Introduction.4

Technology Trends of IoT..4

Communication Models for IoT.5

Application working on IoT...5

Tools for IoT...5

Challenges in IoT6

Security Aspect.6

Privacy Aspect..7

Attack on Security and Privacy ...8

Conclusion..9

References...9

Organization Working for IoT9

Executive Summary

2
 Internet of thing is referred as smart use of interconnected devices which gather data from sensors of
embedded systems and from other physical objects. The area is emerging technically, socially as well as economically.
Every small device is made connected to each other with Internet. A huge transition in life style has been found. It is
projected that impact of IoT on the economy and Internet will be very magnificent. It is predicted that around 100
billion devices working on IoT, will create a global economic influence by 2025 of more than $11 trillion (Rose,
Eldridge and Chapin, 2015). A new technology arrives with new challenge. A large mass of IoT devices are feared to be
hacked giving rise to tougher security and privacy challenges.
Security
IoT is highly interconnected in nature via internet. The devices with this smart system communicate with this
poorly secure medium. As the number of these internet connected appliance are amplifying, the security concerns for
the same are also growing. This is redirecting to highly unsecure environment.
Privacy
Also, IoT devices accesses variety of information like details of heath care, personal information, recordings
etc. The data from these devices are transferred to other devices via public networks. These highly sensitive and
personal data are not supposed to be leaked or hacked in public networks.

Many researches are in progress to provide more security and privacy of information. This report will highlight
an introduction to IoT devices, various technology trends involved for IoT, its communication model, its application and
finally end up with detailing the security and privacy challenges with IoT.

The IoT has promise to bring revolutionary and connected intelligent world. Security and privacy are two
severe challenges beside few more, IoT is facing. In order to get full benefits of the new trends these issue are needed to
tackled with serious care.

Introduction

In Internet of Things, a thing can be a person with monitoring machine, an animal with biochip, a vehicle
with sensor to sense pressure or any other human created devices that can be assigned with IP address. Number of such
things which can talk, share information, transfer data, sense data etc. come together to form a new technology trend

3
called as Internet of Things (IoT) as shown in figure 1. The Internet Architecture Board (IAB) begins RFC 7452(2005)
Architectural Considerations in Smart Object Networking, with this description:

The term "Internet of Things" (IoT) denotes a trend where a large number of embedded devices employ
communication services offered by the Internet protocols. Many of these devices, often called "smart objects, are not
directly operated by humans, but exist as components in buildings or vehicles, or are spread out in the environment.

Figure 1 : Internet based devices connected forming an IoT Scenerio (Gubbi, Buyya ,Marusic, Palaniswamia ,2012)

Technology Trends for IoT

Several technology trends have come together to serve IoT. These relevant technologies can include (Rose, Eldridge and
Chapin, 2015)
Ubiquitous connectivity Internet based devices can connect from everywhere
IP based networking All devices are assigned with the IP address, which indicates all devices can
communicate to each other with internet.
Sensor Networks IoT devices are made up of small sensors with low energy consumption have large
computing capacity.
Small Size devices The IoT devices are of small sized, can be easily handled.
Adaptability to new algorithms - New approaches to increase computing power and data storage for these
devices is formed. And these devices are easily adaptable to it.
Cloud Computing Cloud is helping IoT devices to leverage the resources to process, manage and store data.

Communication models for IoT

The Internet of Things follows different architecture for communication. They are discussed as (Rose, Eldridge and
Chapin, 2015)

4
 1. Device to Device Model
In this type of model an IoT device is communicates to other Iot devices directly.
2. Device to Cloud Model
In this, an IoT device is communicates to cloud.
3. Device to Gateway Model
In this model, an IoT device is connected to gateway which in turn is connected to other networks
4. Back- End Data Sharing Model
The smart device in this model is made interoperable as per the cloud or its federation.

Application of IoT

Here are list of top area and its IoT applications heating up the market. The data is collected (Rahul, 2016)
1. Smart Home Nest learning thermostat, smart home lighting, air quality egg, Amazon Echo.
2. Wearables Jawbone UP2, Fitbands, Moto 360 sport
3. Retial Smart Retial solution.
4. Smart Cities Smart waste and recycle system, smart street lights, smart parking kit.
5. Healthcare UroSense, Dispensing services
6. Agriculture OpenIoT Phonet Project, Carbon Nanotube probe.
7. Transportation- Locomotive from GE, Caterpillars newest Equipment.
8. Industrial Automation Smart structure embedded data collector, waspmote sensor node.
9. Energy Management Smart metering and smart grid management

Tools of IoT
Given below in Table 1 are list tools used for IoT. The data is collected (Harvey, 2014 )
Developme Hardware Home Middleware Operating Monitori Platforms Printing Securit
nt Tool Automatio System ng and y
n Software Integration
Tools
Arduino, Arduino Yn, OpenHAB, IoTSyS, AllJoyn, Freeboard DeviceHive, Exciting OWASP
Eclipse IoT BeagleBoard, The Thing OpenIoT Contiki, Devicehub.n Printer
Project, Flutter, Local System Raspbian, et, IoT
Kinoma, Motors, RIOT, Toolkit,
M2MLabs Connected Spark Mango,
Mainspring, Car Nimbits,
Node-RED Microduino, OpenRemot
Pinoccio e, SiteWhere

Challenges IoT is facing

A new technology comes with list of new challenges. Below is list of few challenges which IoT will face on large
scale
1. Security
The security of data when travelling through publically unsecure network is biggest challenge IoT will
face.
2. Privacy
It is necessary that there should be no data leakage especially personal data, when travelling in network.
3. Interoperability and its standards
IoT devices needed to interoperable along with following standards. It is will become difficult for the
buyer to buy such devices which cannot adapt itself in changing in environment.

5
 4. Legal, Regulation and rights
Devices need to follow rules and regulation while they are designed. Violation of any legal laws and
regulation can cause big impact on business.
5. Emerging Economic and Development Issue
Due to huge demand and increasing device, the IoT may face economic and development issue in
future.
Above are highlights of major challenges affecting IoT. The detailing of security and privacy are mentioned in next
section

Security Aspect

The disruptive nature of IoT device has created its own security challenge. Instance like constrain on memory and
computer resources, auto- up gradation and scalability, orphaned devices etc. are creating new challenges for security.
(Bitdefender, 2016) (Rose, Eldridge and Chapin, 2015) Below are details:
Security Challenges of IoT
The security of IoT devices is facing lot of challenges in various fields. Majorly demanding challenges are
discussed below:
Scalability
Many IoT devices are designed to scale massive by using their sensor capability. These devices are
made to scale more than their capability, increase security questions. Some devices are designed to establish
links to neighboring devices on its own. Such device may get connected to already affected device, increase
the chance of security break.
Identical devices
Many IoT devices are collection of similar or more or less similar devices. Suppose if the security of
one device is attacked, it will directly affect the security issue of all the other devices connected to it with same
features.
No up gradation of Security mechanism
There are certain devices which are no longer used because of availability of new high tech devices.
Such devices are orphaned after sometime. The security mechanism used at the time of these orphaned devices
may not work with current high end devices.
Device design for not to upgrade
Certain devices are designed not to upgrade purposely. Suppose if the device is doing well in the
market. Many attackers may try to attack the security mechanism. Now the device is designed for no up
gradation, hence security feature cannot be enhanced. If the device is attacked, there will no scope of
upgradation.
Little or no exposure of internals of IoT devices
User of the device does not know about the internals of the devices. It leads to security vulnerability
when user believes that the device is performing few unnecessary functions while in reality, the device might
be collecting unwanted data.
Low secure locations
Some devices are needed to be installed at places with low security system. The attacker might gain a
direct access to these devices to gather information.
Environmental condition
Some devices are needed to install in environment places where the active monitoring is not possible.
In these places it will be easy for attacker to gain access to the device resulting into damaging the security.
Internet based model
Early, IoT devices are designed in private organization. But due to advancement in technology not
these devices can be created online too. The exposure of device during design time to public network can bring
the security concerns on bigger note.

The above list demonstrates the security facing challenges for IoT devices. There is need to understand these
issues in detail, work on it and need to find permanent solution for the same.

6
 Arising Security Questions in certain areas?
A number of questions arise in mind when it comes to understand the security of the IoT devices. Some of
them as follow:
Which security design is best suited for the device after understanding the condition in which the device will
be installed?
Does the applied security designed affect the cost of device? If yes, than up to how much and what extent? And
other related questions to cost
What security standards and metrics are applied to the device? Is this standard suitable for the device in its
present condition?
What about the data confidentiality policies? What encryption technique is used? Still the data is safe? What
are authentication and access control policies applied to the data?
What is the life of the IoT device? Does it need field up gradation? If yes, then are these devices secure while
upgrading itself?
Are the devices sharing data or sharing responsibility with many other devices or multiple users? If yes, is this
sharing secure?
Are there rules defined on selling of IoT devices with known and unknown security flaws?
What are set of rule defined for devices which has orphaned? What if a device leaks their security mechanism?
What if the same mechanism is applied to the new advance devices in the same security mechanism?

The above discussion has cleared certain picture of security for the researcher to understand the security challenge
and work in the same directions.

Privacy Aspect

The unpredictable methods of collecting data, data carrying non-sharable information etc. are the biggest privacy
challenge of IoT. An unauthorized person if get access to these data can cause bigger damage on personal aspect.
Privacy is needed to be looked upon as major challenge IoT can face. Below are details (Rose, Eldridge and Chapin,
2015) (Ziegeldorf, Morchon, and Wehrle, 2014) (Bitdefender, 2016).
Privacy Challenges for IoT
Majorly demanding challenges that privacy are facing are listed below
Privacy Preference
A user enters its preference when it wants to access certain device. While entering the user is also for
agreeing on the terms and condition. It may occur sometime that there is no availability of any user interaction
module, so that user can understand how its information is used by the device. This raises a privacy concern
for the user data.
Monitoring Privacy Preferences
The IoT devices handle large amount data every second. This data can be non-sharable information
too. A monitor is available to keep check on data related privacy preferences. It is not necessary that monitor
may remain available for whole time. As such the devices are connected to large number of other devices,
which can increase the question of data leak.
Difference of norms in private and public place
The norms to operate in private and public places differ. If a device operating at public place is moved
to a private place, it is not necessary that the mechanism applied to the device is functional for private too. This
can affect the access of the private data.

Exposure of one device to multiple user

An IoT device collects data and sends that same data to multiple user in collective action. This data
may be of large amount. In such large mass of data it is difficult to identify the privacy preference information.
Big data analysis on personal information
Sometimes there is need to apply big data analyst is applied to the personal information. In such
scenario, already the personal data is at the risk in terms of exposure of personal information.
Ubiquitous and familiarity of IoT device

7
 Due to ubiquitous and familiarity of device, the individual who are unaware of usage of the devices,
may end up distributing some personal information to other device or the attacker.

The above mentioned are some privacy challenge of IoT, which are needed to look upon in future. Research in
these particular areas can enhances the privacy factor of the device

Arising Privacy Questions in certain areas?

A number of privacy related question arises in mind while understanding the IoT devices. These major
questions are:
Are the devices acting fair in collection data? How is the device using this collected data?
The policies which are defined for privacy is actually applied? Or is there any privacy leakage at any end?
A large mass of user are expecting the privacy? Is the device fulfilling this privacy aspect?
How are these privacy policy designed? Are there any loopholes while planning for this privacy policy?
A correct identification of the privacy factor is planned or not?

Privacy is another bothering area for any new technology trend. A major consideration for this area is needed and
researches can carried out for the same.

Attacks on Security and Privacy for IoT

A few attacks on security and privacy are discussed in this section (Barcena and Wueest, 2015)
Physical Access
An attacker can gain attack a smart device and if it gets the physical access for the same.
Local Attack
An attacker, if get access to either wifi or Ethernet of the local network, can attack the IoT device
connected through that network. The attacks can be of two types
o Cloud Polling
The smart devices are connected to cloud network. An attacker can attack such device by using Man-
In-the- Middle attack to know what data is delivered from the smart device to the cloud.
o Direct Attack
The attacker in this scenario attacks the smart device directly, to get the access for the same.
Cloud Infrastructure attack
Cloud Infrastructure if attacked by the attacker, can cause severe damage to the data which are
collected by the smart device
Malware
Malicious software if installed on any device on the network can cause severe damage to the entire
network.
Mitigation
It is difficult for the IoT device to secure themselves as the mode of communication is not secure.

Conclusion
The report highlighted the many prospective about Internet of Thing. It started with the introduction to this
new technology trend which is rapidly covering the entire global market. Further the working of these IoT devices is
discussed. We also saw certain current trending IoT application capturing the market. Due to its enormous growth IoT
will be facing number of challenges in future which can limit the growth of these devices. Report then discussed
privacy and security for IoT in detail. The discussion includes different security and privacy challenges along with its
research related questions in detail. The discussion of different attacks causing security and privacy failure is done. The
report has also provided list of organization working for IoT in and out at end.

Reference

Barcena, M.B.,Wueest,C., (2015), Insecurity in the Internet of Things, Security Response by Symantec

8
Bitdefender,(2016), The Internet of Things: Risks in the Connected Home

Gubbi, J.,Buyya,R.,Marusic, S., Palaniswamia M.,(2012),Internet of Things (IoT): A Vision, Architectural Elements,
and Future Directions, Internet of things vision and future

Harvey, C., (2014), Open Source Tools for the Internet of Things, Datamation, http://www.datamation.com/open-
source/35-open-source-tools-for-the-internet-of-things-1.html

Rahul,(2016), IoT Application with examples, IoT Wiki, http://internetofthingswiki.com/iot-applications-examples/541/

RFC 7452,(2015), Architectural Considerations in Smart Object Networking

Rose,K., Eldridge, S., Chapin, L.,(2015), The Internet of Things: An Overview Understanding the Issues and
Challenges of a More Connected World, The Internet Society

Ziegeldorf, J.H., Morchon, O.G. and Wehrle,K.,(2014), Privacy in the Internet of Things: threats and challenges,
Security and Communication Networks Volume 7, Issue 12, 27282742

Organization working with IoT

Here are list of all organization working on IoT(Rose, Eldridge and Chapin, 2015):

AIOTI - The Alliance for Internet of Things Innovation

AllSeen Alliance
ETSI ETSIs Connecting Things
IEC 62443/ISA99 Industrial Automation and Control System Security Committee
IEEE (including P2413)
IERC The European Research Cluster on the Internet of Things
IETF - Internet Engineering Task Force (IETF)
IIC The Industrial Internet Consortium
IGF - Internet Governance Forum
Internet of Things Consortium
IP for Smart Objects (IPSO) Alliance
ISOCs Internet of Food SIG
ITU
MAPI Foundation -- The Manufacturers Alliance for Productivity and
OASIS
oneM2M
Online Trust
Open Interconnection Consortium
The Open Management Group
Open Web Application Security Project
Smart Grid Interoperability Panel
Thread Group