UNIT IV

SECURITY PROTOCOLS IN IOT

Topics: Framework for Privacy and Trust in IoT-Policy- Based Approach for
Informed Consent in Internet of Things.

4.1 Framework for Privacy and Trust in IoT-Policy:

4.1.1 IoT Trust Framework:

The IoT is bridging the virtual, digital, physical worlds and mobile
networks need to scale to match the demands of billions of things, while the
processing capabilities require addressing the information provided by the
"digital shadow" of these real things. This need focusing on the developments
in the virtual world and the physical world for solving the challenges of IoT
applications.
In the virtual world, network virtualization, software-defined
hardware/networks, device management platforms, edge computing and data
processing/analytics are developing fast and urgency to be endeavoured as
enabling technologies for IoT. Connecting the virtual, digital, physical worlds
generates knowledge through IoT applications and platforms, while
addressing security, privacy and trust issues across these dimensions.
Smart IoT applications modify the way people interact with the
intelligent spaces (called also cyber-spaces), from how remotely control
appliances at home to how the care for patients or elderly persons is perform.
The massive deployment of IoT devices represents a tremendous economic
impact and at the same time offers multiple opportunities.
IoT’s potential is underexploited, the physical and intelligent are
largely disconnected, requiring a lot of manual effort to find, integrate, and
use information in a meaningful way. IoT and its advances in intelligent
spaces advances can be categorised along with the key technologies at the
core of the Internet.
Ensuring the security, reliability, resilience, and stability of Internet
applications and services is critical to promoting the concept of trusted IoT
based on the features and security provided of the devices at various levels of
the digital value chain.

Figure 10: IoT complex interlinked concepts of trustworthiness, dependability and

trustability

Security needs to be designed into IoT solutions from the concept phase
and integrated at the hardware level, the firmware level, the software level
and the service level. IoT applications need to embed mechanisms to
continuously monitor security and stay ahead of the threats posed by
interactions with other IoT applications and environments.
 Trust is based on the ability to maintain the security of the IoT system
and the ability to protect application/customer information, as well as being
able to respond to unintended security or privacy breaches.
In the IoT, it is important to drive security, privacy, data protection and
trust across the whole IoT ecosystem and no company can "do it alone" in the
IoT space; success will require organizations to partner, value chains to be
created and ecosystems to flourish. Yet, as IoT users start to bring more
players, service providers and third-party suppliers into their value chain, tech
firms and IoT solutions providers will face increasing pressure to demonstrate
their security capabilities.
A layered IoT architecture is proposed for a trust management control
mechanism. The IoT infrastructure is decomposed into three layers: sensor,
core and application. Each layer is controlled by a specific trust management
under the following purposes: self-organisation, routing and multi-service,
respectively. The final decision-making is executed by the service requester
(i.e. the user) according to the collected trust information and the requester
policy. A formal semantics-based and fuzzy set theory are used to realise the
trust mechanism.
The distinction between trust and the related concepts of
trustworthiness, confidence and the act of entrusting something to someone
are extremely important. Uncertainty and vulnerability are two of the core
elements in trust relations. In addressing issues of trust, actors select strategies
that reduce uncertainty or decrease vulnerability, depending on the particular
context in which the issues emerge. Mechanisms for reducing vulnerability
in the face of increased contact with unknown things include enforceable
contracts, insurance schemes, etc. The characteristics of different types of
trust relations include faith, confidence, legal trust and trust/distrust.
 Since it is a sign of a more usual quality known to be correlated with
trustworthiness (for example, same group, class, family, or same source),
identity ‘signals’ trustworthiness in many cases.

4.1.2 The IoT Privacy Framework:

This concept produces an overview of the IoT privacy framework,
being a constitutive component of the broader IoT Policy framework
discussed under the present deliverable. Taking into account the nature of
privacy as a fundamental human right and in view of best surfacing the human
centred nature of the privacy framework –being part of the overarching
human centred IoT Policy Framework proposed, the analysis below starts by
using as a benchmark point of reference the user centred concerns associated
with privacy.

Figure 14: IoT Privacy framework

The panorama of user centred concerns:
Sensors, mobile phones, wearable objects, RFID tags, cameras,
middleware components, have a common feature: they are all points of entrance
of data, often personal data. As the players of the IoT landscape heavily leverage
on personal data to deliver services and increase consumers’ welfare, personal
data protection and security are key elements in the “value creation chain” of IoT.
In this regard, IoT does not necessarily pose new challenges; it – however
– makes traditional challenges escalate and multiply. There is therefore an
underlying relation between the need of privacy and the consequential need of
trust in the IoT architectures handling our personal data, which renders necessary
to make the IoT trustworthy and the data processing operations taking place
therein transparent.
The need for privacy can thus be categorized around the following
subcategories:
1. Identity Privacy: The need of privacy for information that can identify a
person.
2. Location Privacy: The need of privacy for information that can identify a
person’s location, since the location is in itself a personal data which can reveal
further personal data, e.g. points of interest
3. Footprint Privacy: The need of privacy for all personal data leaked
unintentionally, e.g. Preferred language. To these subcategories a further one
should be added:
4. Dynamic Privacy: The need to keep control on the processes of profiling,
inferencing and automated decision making started from the collected personal
data, which can be further categorized in:
a. Device Trust: Need to interact with reliable devices.
b. Processing Trust: Need to interact with correct and meaningful data.
c. Connection Trust: Requirement to exchange the right data with the right
service providers and nobody else
d. System Trust: Desire to leverage a dependable overall system. This can be
achieved by providing as much transparency of the system as possible.
According to an elaboration made by IoT-EPI, the relation between privacy and
trust in IoT can be defined with Figure 15 below:

Figure 15: Relation between privacy and trust

This graph represents the required trust levels given a certain need for
privacy. There we see, that even when the need for privacy is at a maximum, at
1, the required trust level towards a service / architecture is below 0.75.
Such a mismatch is due to the fact that for users it is impossible to trust a
service / architecture 100% since there are too many unknown factors in the
current state of things. An individual sharing personal data usually does not have
a complete understanding of how the architecture is built up, about how security
measures are realised or how trustworthy potentially involved third parties are.
The graph also implies that that the user is not able to trust the service at the
expected level in relation to his privacy needs – leaving room for improvement
on the side of IoT device and software vendors. IoT-EPI researchers have
therefore included an “Ideal Trust” line in Figure 15 to indicate the user trust
levels that vendors should be striving towards.
 The biggest challenge for IoT is therefore to fill this information
asymmetry with users by means of technical and organisational user-friendly
solutions.
One idea could be to deploy a solution which measures the level of
trustworthiness of a service using the traffic light metaphor. Alternatively, a more
elaborate dashboard could be used to give the user an overview of trust values
and make adequate suggestions about which services to use.
Yet in some different contexts, like in the smart cities domain, users should
be involved when carrying out Privacy Impact Assessments on the envisaged
smart city initiative.

4.2 Policy- Based Approach for Informed Consent in Internet of

Things:

Informed consent is an essential element of data protection for information

and communication technology (ICT) systems as the consent of a data subject
(e.g., the citizen) is often necessary for a third party to legitimately process
personal data. To provide informed consent regarding the use of personal data,
the citizen must have a clear understanding of how his/her personal data will be
used by ICT applications. This may not be an easy task, especially for a citizen
with a limited understanding of the complexities of ICT systems, as End User
License Agreements (EULAs) are often either too complex or too generic to be
easily understood. This issue is likely to become more critical in the Internet of
Things (IoT) where the collection of personal data can happen in various ways,
which are often not evident to the user. There is a need to define new models of
informed consent that (a) address the different capabilities and features of the user
of IoT systems and applications and (b) make the provision of informed consent
easier.
 The term informed consent originates in the medical community and
describes the process for obtaining permission from a patient to perform a
medical procedure on the basis that he/she has been fully informed about the
benefits and risks of the procedure, and has agreed to the procedure being
undertaken. Informed consent may only be given by patients who have adequate
reasoning faculties and are aware and in possession of all relevant facts at the
time the informed consent is given.

The informed consent process has now been adopted to regulate the
interactions of citizens within the digital world. From a legal perspective, the
notion of informed consent is essential for the data protection of information and
communication technology (ICT) systems as the consent of a data subject is often
necessary for a third party to legitimately process personal data.

To provide informed consent regarding the use of personal data, the citizen
must have a clear understanding on how his/her personal data will be used by the
ICT systems and applications. This may not be an easy task, especially for a
citizen with a limited understanding of the complexities of ICT. On the other
hand, informed consent must be collected before ICT applications can be used.

There is a need for a more sophisticated tool for informed consent, which
would provide the following features at a minimum:
1. Support different types of users across the full spectrum of users in the
digital divide (i.e., from the most ICT literate to the least) and/or support
different user roles.
2. Be customizable so that the user can change settings if he/she wishes
to within preestablished parameters, as defined by the regulations or the
application developer.
3. Support different type of contexts or changes in the environment.
 Beyond the ICT domain, the issue of providing a tool for “informed
consent” with these features is further complicated by the evolution of the IoT.
The definition of EULAs for end users may be further complicated by the limited
processing capabilities of IoT devices, the distributed nature of the IoT, and the
integration of the digital with the real world. The numbers of potential data
operations in a fully deployed IoT make the adoption of EULA less practical. In
addition, the nature of the informed consent required would vary depending on
the data provided by the IoT device and the related data flow.

In other words, IoT device manufacturers should provide more

decentralized control over the processing of personal data in the new data-driven
environment IoT so that users could gain a better understanding of what data of
theirs is collected and how it is used. This should be reflected in the definition of
a new approach to providing informed consent in the IoT.

Overview of the System:

The policy-based approach that we propose in this paper builds on and
combines these different trends to offer a solution to the informed consent
problem in the IoT.
As described in Figure 19.1, the system is user-centric. A graphic user
interface enables the user to define a set of rules embedded in policies that should
be both simple enough for the user to comprehend and complex enough to enable
advanced users to fine-tune them if necessary. The user can also define how and
when to be contacted by the system and notified about a change in the
context.
The policy-based system is a semiautonomous agent in itself, whose main
role is to authorize or deny data operations on behalf of the user. In making each
decision, the agent evaluates the rules/policies defined and chosen by the user
but also takes into account context elements, and eventually information relating
to user behavior and the reputations of third parties.
To handle the reputation system, the user is able to participate in
communities which evaluate and rank IoT applications and third parties (e.g.,
service providers and application developers).

Figure 19.1: Overview of the system.

To ensure the policy enforcement, the whole system is built on an IoT platform that
embeds policy enforcement components and the policy framework, as described in the rest of
this chapter. To be implemented successfully, the system must address the following
requirements:

1. Support different types of users across the full spectrum of users in the digital divide (i.e.,
from the most ICT literate to the less) and/or the different roles. This includes the necessity of
providing the user with easily understood information in a simple GUI, and also the setup of
mechanisms to train and motivate the user to define policies (i.e., to ensure regular use of the
system).

2. Be customizable so that the user can change settings if he/she wishes. One of the challenges
of customization is to adapt the GUI to follow the user proficiency.
3. Support different type of contexts or changes in the IoT environment and ensuring the
enforcement of the policies chosen by the user.