Abstract
Presently, the globe is going through development in smart cities as the Internet of Things (IoT) is capable of connecting with almost every object in the environment through sensors, cloud, end user devices, and user interface. This is possible because of the uprising in information technology day by day, thereafter contributing to the social and economic welfare of citizens. The Internet is becoming more integrated in daily life as managed by the Internet of Things. As IoT devices embrace novel endless opportunities to make life easier for people, they also increase the risk of data breaches, unsuspected users, and malicious attacks in the IoT framework. So preserving security and privacy from threats and attacks is an endowing challenge that is faced by IoT devices. It is known to an extent that data are more vulnerable in terms of security and privacy, because of integrated features implemented in the Internet of Things. Consequently, it is more prone to cyber threats and attacks despite the fact that it brings unbounded comfort and social security. Resolving these challenges and promising security and privacy of information against threats and attacks should be the prime priority while designing and implementing the architecture of Internet of things (IoT). However, the end user ought to trust that IoT devices and services provided by them are safe and secure. IoT devices protection needs to be considered while designing the framework, to protect it from any kind of threat and attack while keeping in mind ethics and policies which are utilized by the Internet of Things mechanization. In this chapter, privacy and security issues are discussed along with threats and attacks. Overview of the Interest of Things (IoT) is discussed in the beginning. Research work done in the past is also reviewed and examined with state of the art whereupon highlighting techniques utilized including the objectives and limitations. Additionally, this chapter covers layers of the Internet of Things (IoT) with the network of IoT and security and challenges in each layer of IoT architecture. Major security issues are also considered, followed by a discussion about Smart City Applications with their threats and solutions precisely to preserve concealment of Internet of Things (IoT) devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973–993.
https://www.alliedmarketresearch.com/internet-of-things-iot-in-agriculture-market. DOA: 06-06-2021.
https://www.statista.com/statistics/992118/worldwide-internet-of-things-top-patent-owners/. DOA: 06-06-2021.
https://www.forbes.com/sites/zakdoffman/2019/09/14/dangerous-cyberattacks-on-iot-devices-up-300-in-2019-now-rampant-report-claims/?sh=49add6c58926. DOA: 06-06-2021.
Alqassem (2014, May–June). Privacy and security requirements framework for the internet of things (IoT). International Conference on Software Engineering (ICSE) Companion India (pp. 739–741).
Rahman, F. A., Daud, M., Mohamad, M. Z. (2016, March). Securing Sensor to Cloud Ecosystem using Internet of Things (IoT) Security Framework. ICC (International Conference on Internet of things and Cloud Computing), United Kingdom, Article No.: 79.
Lee, Y. J., & Kim, D. H. (2015). Threats analysis, requirements and considerations for secure internet of things. International Journal of Smart Home, 9, 191–198.
Abomhara, M., Køien, G. M. (2014, May). Security and privacy in the internet of things: current status and open issues. Privacy and Security in Mobile Systems (PRISMS) Denmark, (pp. 1–8).
Alqassem, I., Svetinovic, D. (2014, December). A taxonomy of security and privacy requirements for the internet of things (IoT). Industrial Engineering and Engineering Management (IEEM) Malaysia (pp. 1244–1248).
Kim, H.-J., Chang, H.-S., Suh, J.-J., Shon, T.-S. (2016, May). A study on device security in IoT convergence. Industrial Engineering, Management Science and Application (ICIMSA) South Korea (pp. 1–4).
S. Li, T. Tryfonas, H. Li, “The internet of things: A security point of view”, Internet Research, vol. 26, pp. 337-359, April 2016.
Atlam, H.F., Alenezi, A., Alassafi, M.O., Walters, R.J., Wills, G.B. (2018). XACMLforbuildingaccess control policies in internet of things. In: Proceedings of the 3rd International Conference on Internet of Things, Big Data and Security (IoTBDS 2018) (pp. 253–260).
Atlam, H.F., Walters, R.J., Wills, G.B. (2018). Internet of nano things: security issues and applications. In 2018 2nd International Conference on Cloud and Big Data Computing, no. October (pp. 71–77).
Atlam, H. F., Walters, R. J., & Wills, G. B. (2018). Fog computing and the internet of things: A review. Big Data Cognitive Comput., 2(2), 1–18.
Deogirikar, J. (2017). Security attacks in IoT : a Survey. In International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (pp. 32–37).
Abdur, M., Habib, S., Ali, M., & Ullah, S. Security issues in the internet of things (IoT): A comprehensive study. International Journal of Advanced Computer Science and Applications, 8(6).
Suo, H., Wan, J., Zou, C., & Liu, J. (2012). Security in the internet of things: A review. In International conference on computer science and electronics engineering (CCSEE 2012) (Vol. 3, pp. 648–651).
Maple, C. (2017). Security and privacy in the internet of things. Journal of Cyber Policy, 2(2), 155–184.
Martin, P., & Brohman, K. (2014). CLOUDQUAL: A quality model for cloud services. IEEE Transactions on Industrial Informatics, 10(2), 1527–1536.
Cerf, V., Ryan, P., Senges, M., & Whitt, R. (2016). IoT safety and security as shared responsibility. Business Information, 1, 7–19.
Egele, M., Kruegel, C., Kirda, E., & Vigna, G. (2011). PiOS: Detecting privacy leaks in iOS applications. In Proceedings of 28th annual network and distributed system security symposium (pp. 1–15).
Enck, W., Gilbert, P., Han, S., Tendulkar, V., Chun, B.-G., Cox, L. P., Jung, J., McDaniel, P., & Sheth, A. N. (2014). TaintDroid: An information flow tracking system for realtime privacy monitoring on smartphones. ACM Transactions on Computer Systems, 32(2), 1–29.
Xiao, X., Tillmann, N., Fahndrich, M., de Halleux, J., Moskal, M., & Xie, T. (2015). User-aware privacy control via extended static-informationf low analysis. Automated Software Engineering, 22(3), 333–366. https://doi.org/10.1007/s10515014-0166-y
Enck, W., Ongtang, M., & McDaniel, P. (2008). Mitigating android software misuse before it happens. Network and Security Research Center, Department of Computer Science and Engineering, Pennsylvania State University, Tech. Rep.
Ndibanje, B., Lee, H.-J., & Lee, S.-G. (2014). Security analysis and improvements of authentication and access control in the internet of things. Sensors (Basel, Switzerland), 14(8), 14786–14805. [Online]. Available: http://www.ncbi.nlm.nih.gov/pmc/articles/PMC4179010/
Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2012). Identity driven capability based access control (ICAC) scheme for the internet of things. In Proceedings of international conference on advanced networks and telecommunciations systems (ANTS) (pp. 49–54).
Hernandez-Ramos, J. L., Pawlowski, M. P., Jara, A. J., Skarmeta, A. F., & Ladid, L. (2015). Toward a lightweight authentication and authorization framework for smart objects. IEEE Journal on Selected Areas in Comm., 33(4), 690–702.
http://cdn.iotwf.com/resources/71/IoT_Reference_Model_White_Paper_June_4_2014.pdf. DOA: 06-06-2021.
https://www.hiotron.com/iot-architecture-layers/. DOA: 06-06-2021.
Jha, R. K., Puja, H. K., Kumar, M., & Jain, S. (2021). Layer based security in narrow band internet of things (NB-IoT). Computer Networks, 185, 107592. ISSN 1389-1286.
Dorsemaine, B., Gaulier, J., Wary, J., Kheir, N., & Urien, P. (2016). A new approach to investigate IoT threats based on a four layer model. In 2016 13th international conference on new technologies for distributed systems (NOTERE) (pp. 1–6). https://doi.org/10.1109/NOTERE.2016.7745830
Wheelus, C., & Zhu, X. (2020). IoT network security: Threats, risks, and a data-driven defense framework. IoT, 1, 259–285. https://doi.org/10.3390/iot1020016
Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., & Sikdar, B. (2019). A survey on IoT security: Application areas, security threats, and solution architectures. IEEE Access, 7, 82721–82743. https://doi.org/10.1109/ACCESS.2019.2924045
Nawir, M., Amir, A., Yaakob, N., & Lynn, O. B. (2016). Internet of things (IoT): Taxonomy of security attacks. In 2016 3rd international conference on electronic design (ICED) (pp. 321–326). https://doi.org/10.1109/ICED.2016.7804660
Atlam, H. F., & Wills, G. B. (2020). IoT security, privacy, safety and ethics. In M. Farsi, A. Daneshkhah, A. Hosseinian-Far, & H. Jahankhani (Eds.), Digital twin technologies and smart cities. Internet of things (technology, communications and computing). Springer. https://doi.org/10.1007/978-3-030-18732-3_8
Namvar, N., Saad, W., Bahadori, N., & Kelley, B. (2016). Jamming in the internet of things: A game- theoretic perspective. In IEEE global communications conference (GLOBECOM) (pp. 1–6).
K. Zhang, X. Liang, R. Lu and X. Shen, "Sybil attacks and their defenses in the internet of things," IEEE Internet of Things Journal, vol. 1, no. 5, pp. 372-383, Oct. 2014.
Salehi, S., Razzaque, M. A., Naraei, P., & Farrokhtala, A. (2013). Detection of sinkhole attack in wireless sensor networks. In IEEE international conference on space science and communication (IconSpace) (pp. 361–365).
Ali, S., Khan, M. A., Ahmad, J., Malik, A. W., & ur Rehman, A. (2018). Detection and prevention of black hole attacks in IOT & WSN. In 2018 third international conference on fog and mobile edge computing (FMEC) (pp. 217–226). https://doi.org/10.1109/FMEC.2018.8364068
Goyal, M., & Dutta, M. (2018). Intrusion detection of wormhole attack in IoT: A review. International Conference on Circuits and Systems in Digital Enterprise Technology (ICCSDET), 2018, 1–5. https://doi.org/10.1109/ICCSDET.2018.8821160
https://portswigger.net/daily-swig/artificial-intelligence-can-stop-iot-based-ddos-attacks-in-their-tracks-research. DOA: 06-06-2021.
Chouhan, P., & Singh, R. (2016). Security attacks on cloud computing with possible solutions. International Journal of Advanced Research in Computer Science and Software Engineering, 6(1), 92–96.
https://www.netsparker.com/blog/web-security/code-injection. DOA: 06-06-2021.
https://www.smartdatacollective.com/assessing-severity-sql-injection-threats-iot-security/. DOA: 06-06-2021.
Swamy, S. N., Jadhav, D., & Kulkarni, N. (2017). Security threats in the application layer in IOT applications. In 2017 international conference on I-SMAC (IoT in social, Mobile, analytics and cloud) (I-SMAC) (pp. 477–480). https://doi.org/10.1109/I-SMAC.2017.8058395
Fowler, P. (2002). 5 GHz goes the distance for home networking. IEEE Microwave Magazine, 49–55.
Hypponen, K., & Haataja, K. M. J. (2007). Nino: Man-in-the-middle attack on Bluetooth secure simple pairing. In The third IEEE/IFIP international conference in Central Asia on internet (pp. 1–5).
Jakobsson, M., & Wetzel, S. (2001). Security weaknesses in bluetooth. In Topics in cryptology: The Cryptographer’s track at RSA conference (pp. 176–191).
https://www.f-secure.com/v-descs/bluetooth-worm_symbos_lasco_a.shtml. DOA: 9-6-2021.
https://en.wikipedia.org/wiki/List_of_WLAN_channels. DOA: 9-6-2021.
IEEE, “IEEE Std 802.11i,” Amendment 6: Medium Access Control Security Enhancement, 2004.
Lounis, K., & Zulkernine, M. (2020). Attacks and defenses in short-range wireless technologies for IoT. IEEE Access, 8, 88892–88932. https://doi.org/10.1109/ACCESS.2020.2993553
N. Borisov, I. Goldberg, and D.Wagner, “Intercepting mobile communications: The insecurity of 802.11,” in Proceedings of the 7th annual international conference on mobile computing and networking, pp. 180– 189, ACM, 2001.
https://behrtech.com/blog/6-leading-types-of-iot-wireless-tech-and-their-best-use-cases/. DOA: 9-6-2021.
Khanji, S., Iqbal, F., & Hung, P. (2019). ZigBee security vulnerabilities: Exploration and evaluating. In 2019 10th international conference on information and communication systems (ICICS) (pp. 52–57). https://doi.org/10.1109/IACS.2019.8809115
Ďurech, J., & Franeková, M. (2014). Security attacks to ZigBee technology and their practical realization. In 2014 IEEE 12th international symposium on applied machine intelligence and informatics (SAMI) (pp. 345–349). https://doi.org/10.1109/SAMI.2014.6822436
https://www.smartcitiesworld.net/news/news/iot-boost-for-glasgow-2265/ Date of access 9 June 2021.
https://www.iotevolutionworld.com/smart-transport/articles/432166-practical-parking-pni-sensor-corporation-senet-roll-out.htm/ Date of access 9 June 2021.
https://sfvbj.com/news/2018/feb/13/semtech-selected-smart-agriculture-system/Date of access 9 June 2021.
Yang, X., Karampatzakis, E., Doerr, C., & Kuipers, F. (2018). Security vulnerabilities in LoRaWAN. In 2018 IEEE/ACM third international conference on internet-of-things design and implementation (IoTDI) (pp. 129–140). https://doi.org/10.1109/IoTDI.2018.00022
Kail, E., Banati, A., Lászlo, E., & Kozlovszky, M. (2018). Security survey of dedicated IoT networks in the unlicensed ISM bands. In 2018 IEEE 12th international symposium on applied computational intelligence and informatics (SACI) (pp. 000449–000454). https://doi.org/10.1109/SACI.2018.8440945.5
Coman, F. L., Malarski, K. M., Petersen, M. N., & Ruepp, S. (2019). Security issues in internet of things: Vulnerability analysis of LoRaWAN, Sigfox and NB-IoT. Global IoT Summit (GIoTS), 2019, 1–6. https://doi.org/10.1109/GIOTS.2019.8766430
https://smartparkingsystems.com/en/nb-iot-sensors-applied-to-parking-system/Date of access 9 June 2021.
https://www.libelium.com/iot-solutions/smart-tracking/Date of access 9 June 2021.
https://e.huawei.com/topic/leading-new-ict-ua/nb-iot-ofo-smart-bike.html/ Date of access 9 June 2021.
https://www.veracode.com/security/arp-spoofing/ Date of access 9 June 2021.
Security and Privacy of Smart Cities: A Survey, Research Issues and Challenges Mehdi Sookhak, Helen Tang, Senior Member, IEEE, Ying He, Student Member, IEEE, and F. Richard Yu, Fellow, IEEE, Citation information: DOI 10.1109/COMST.2018.2867288, IEEE Communication Survey and Tutorial.
Ota, K., Kumrai, T., Dong, M., Kishigami, J., & Guo, M. (2017). Smart Infrastructure Design for Smart Cities. IT Professional, 19(5), 42–49. https://doi.org/10.1109/mitp.2017.3680957
https://www.google.com/amp/s/smartcity.press/smart-governance-for-smart-cities/amp/ Date of access :1 June 2021.
https://www.frontiersin.org/research-topics/21020/ai-powered-smart-healthcare-in-smart-cities/ Date of access : 1 June 2021.
Agarwal, P., Hassan, S. I., Mustafa, S. K., & Ahmad, J. (2020). An effective diagnostic model for personalized healthcare using deep learning techniques. In Applications of deep learning and big IoT on personalized healthcare services (pp. 70–88). IGI Global.
Agarwal, P., Chopra, K., Kashif, M., & Kumari, V. (2018). Implementing ALPR for detection of traffic violations: A step towards sustainability, 2018. In Proceedia: Computer science (pp. 738–743). Elsevier Journal Publication. ISSN: 1877-0509.
Agarwal, P., & Alam, A. (2018). Use of ICT in sustainable transportation. Proceedings of International Conference on Future Environment and Energy, 150(1), 1–7.
Smart Cities. (2019). Opportunities, challenges, and security threats January 2019. Journal of Strategic Innovation and Sustainability, 14(3).
https://www.google.com/amp/s/www.computerweekly.com/opinion/Smart-cities-face-challenges-and-opportunities%3famp=1 Date of access 8 June, 2021.
https://www.information-age.com/iot-governance-compliance-security-challenges-123490573/ Date of access 8 June2021.
IoT Security, Privacy, Safety and Ethics Hany F. Atlam and Gary B. Wills ©Springer Nature Switzerland AG 2020 M. Farsi et al. (eds.), Digital Twin Technologies and Smart Cities, Internet of Things, https://doi.org/10.1007/978-3-030-18732-3_8.
Zhang, K., Ni, J., Yang, K., Liang, X., Ren, J., & Shen, X. S. (2017). Security and privacy in smart city applications: Challenges and solutions. IEEE Communications Magazine, 55(1), 122–129. https://doi.org/10.1109/MCOM.2017.1600267CM
https://www.rambus.com/iot/smart-cities/Date of access 1 June 2021.
Oh, S., & Kim, Y. (2017). Security requirements analysis for the IoT. International Conference on Platform Technology and Service (PlatCon), 2017, 1–6. https://doi.org/10.1109/PlatCon.2017.7883727
https://www.google.com/amp/s/www.veracode.com/security/man-middle-attack%3famp/ Date of access 5 June 2021.
https://www.trendmicro.com/vinfo/it/security/news/online-privacy/identity-theft-and-the-value-ofourpersonaldata#:~:text=Identity%20theft%20happens%20when%20your,media%2C%20and%20credit%20card%20details/ Date of access 5 June 2021.
https://searchsecurity.techtarget.com/definition/hijacking/ Date of access 5 June 2021.
https://www.sciencedirect.com/topics/computer-science/hijacking/ Date of access 5 June 2021.
https://www.cloudflare.com/en-in/learning/ddos/what-is-a-ddos-attack/#:~:text=A%20distributed%20denialofservice%20(DDoS)%20attack%20is,a%20flood%20of%20Internet%20traffic/ Date of access 5 June 2021.
https://www.datafoundry.com/blog/what-is-a-permanent-dos-pdos-attack#:~:text=A%20Permanent%20Denial%20of%20Service,have%20moved%20to%20cloud%20computing/ Date of access 5 June 2021.
Acknowledgement
This work is partially funded by FCT/MCTES through national funds and when applicable co-funded EU funds under the Project UIDB/50008/2020; and by Brazilian National Council for Scientific and Technological Development - CNPq, via Grant No. 313036/2020-9.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Koshy, A.S., Fatima, N., Agarwal, P., Rodrigues, J.J.P.C. (2022). Security and Privacy Threats in IoT-Enabled Smart Cities. In: Rodrigues, J.J.P.C., Agarwal, P., Khanna, K. (eds) IoT for Sustainable Smart Cities and Society. Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-89554-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-89554-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-89553-2
Online ISBN: 978-3-030-89554-9
eBook Packages: EngineeringEngineering (R0)