Privacy and Security Threats on the Internet of Things

Part of the Internet of Things book series (ITTCC)


This chapter will provide an overview of the main threats on IoT systems and deployments. It will address both security and privacy challenges. This chapter will benefit from the contributions derived from several project results, including ANASTACIA and Armour.


Privacy Cybersecurity IoT CPS Threats Management 



This chapter includes results shared by the European research project Anastacia (Grant Agreement N° 731558), which has received funding from the European Union’s Horizon 2020 Research and Innovation Programme and the Swiss State Secretariat for Education, Research and Innovation.


  1. 1.
    Global Opportunity Report 2017, First Edition is published by DNV GL AS. DNV GL AS, Høvik, Oslo Copyright © 2017 By DNV GL AS. This report is available at
  2. 2.
    Top ten strategic technology trends 2017, Gartner, October 2016Google Scholar
  3. 3.
    Predictions 2017: security and skills will temper growth of IoT, Forrester, 2016Google Scholar
  4. 4.
    R.H. Weber, Internet of things—new security and privacy challenges. Comput. Law Secur. Rev. 26(1), 23–30 (2010)MathSciNetCrossRefGoogle Scholar
  5. 5.
    M. Haus, M. Waqas, A. Ding, Y. Li, S. Tarkoma, J. Ott, Security and privacy in device to device (D2D) communication: a review. IEEE Commun. Surv. Tutor. 19(2), 1054–1079 (2017)CrossRefGoogle Scholar
  6. 6.
    Thales data Threat Report (2017).
  7. 7.
    Cisco. IoT threat environment—an overview of the IoT threat landscape with risk-based security program recommendations. White paper (2015)Google Scholar
  8. 8.
    IDC and TXT Solutions, SMART 2013/0037 Cloud and IoT combination, study for the European Commission.; 26 Billion “things” may be connected globally by 2020 (2014)
  9. 9.
    Commission staff working document—advancing the Internet of things in Europe, EC, Apr 2016Google Scholar
  10. 10.
    R. Neisse, G. Steri, G. Baldini, Enforcement of security policy rules for the Internet of things, 3rd International workshop on Internet of things communications and technologies (IoT-CT), in conjunction with The 10th IEEE WiMob, Oct 2014Google Scholar
  11. 11.
    G. Baldini, A. Skarmeta, et al. Security certification and labelling in Internet of things, 2016 IEEE 3rd WF-IoT, 12–14 Dec 2016Google Scholar
  12. 12.
    A. Ahmad, G. Baldini, P. Cousin, S.N. Matheu, A. Skarmeta, E. Fourneret, B. Legeard, Large scale IoT security testing, benchmarking and certification, cognitive hyperconnected digital transformation, Chap. 7, pp. 189–220Google Scholar
  13. 13.
    A. Ahmad, G. Baldini, P. Cousin, S.N. Matheu, A. Skarmeta, E. Fourneret, B. Legeard,O. Vermesan, J. Bacquet (Eds), Large scale IoT security testing, benchmarking and certification, Cognitive Hyperconnected Digital Transformation (River Publishers, Gistrup)Google Scholar
  14. 14.
    A. Cardenas, S. Amin, B. Sinopoli, A. Giani, A. Perrig, S. Sastry, Challenges for securing cyber physical systems. Proceedings of the Workshop on future directions in cyber-physical systems security (2009), p. 5Google Scholar
  15. 15.
    Dimitar Kostadinov, Cyber threat analysis. InfoSec Institute, July 2014.
  16. 16.
    Threat lifecycle management: overview and solutions. The Sage Group. 2017. Accessed May 2017
  17. 17.
    E.K. Wang, Y. Ye, X. Xu, S.M. Yiu, L.C.K. Hui, K. P. Chow, Security issues and challenges for cyber physical system. Proceedings of the 2010 IEEE/ACM Int’l conference on green computing and communications & Int’l conference on cyber, physical and social computing. IEEE Computer Society (2010), pp. 733–738Google Scholar
  18. 18.
    Machine to Machine Communications (M2M), Threat analysis and counter-measures to M2M service layer, ETSI TR 103 167 V0.2.1 (2011-01)Google Scholar
  19. 19.
    Y. Gao, Y. Peng, F. Xie, W. Zhao, D. Wang, X. Han et al. Analysis of security threats and vulnerability for cyber-physical systems. In Computer Science and Network Technology (ICCSNT), 2013 3rd International Conference (IEEE, 2013), pp. 50–55Google Scholar
  20. 20.
    Mobile Working Group. Security Guidance for Early Adopters of the Internet of Things. (CSA, 2015)Google Scholar
  21. 21.
    Paul Bischoff, Comparing the privacy policy of Internet giants side-by-side, Published 20 Mar 2017.
  22. 22.
    J. Tully, Cyber security expert: iPhone X facial recognition is vulnerable, Published 20 Nov 2017.
  23. 23.
    K. McCarthy, Whois? No, Whowas: Incoming Euro privacy rules torpedo domain registration system. Published 26 Oct 2017.
  24. 24.
  25. 25.
  26. 26.
    GSMA Security Framework CLP11, February, 2016Google Scholar
  27. 27.
    S. Ziegler, A. Skarmeta, J. Bernal, E.E. Kim, S. Bianchi, ANASTACIA: Advanced networked agents for security and trust assessment in CPS IoT architectures. 2017 Global Internet of Things Summit (GIoTS), Geneva (2017), pp. 1–6. doi:
  28. 28.
    A.M. Zarca, J.B. Bernabe, I. Farris, Y. Khettab, T. Taleb, A. Skarmeta, Enhancing IoT security through network softwarisation and virtual security appliances. Int. J. Netw. Manag. 28(5), e2038 (2018)CrossRefGoogle Scholar
  29. 29.
    I. Fzarris, J. B. Bernabe, N. Toumi, D. Garcia-Carrillo, T. Taleb, A. Skarmeta, B. Sahlin, Towards provisioning of SDN/NFV-based security enablers for integrated protection of IoT systems. 2017 IEEE Conference on Standards for Communications and Networking (CSCN), Helsinki (2017), pp. 169–174. doi:
  30. 30.
    A. Molina Zarca, J.B. Bernabe, I. Farris, Y. Khettab, T. Taleb, A. Skarmeta, Enhancing IoT security through network softwarization and virtual security appliances. Int. J. Netw. Manag. 28(5), e2038 (2018)CrossRefGoogle Scholar
  31. 31.
    ARMOUR—large-scale experiments of IoT security trust. European Union’s H2020 project

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Mandat InternationalGenevaSwitzerland
  2. 2.Device GatewayLausanneSwitzerland
  3. 3.University of MurciaMurciaSpain
  4. 4.ATOS ResearchMadridSpain
  5. 5.Softeco SismatGenovaItaly

Personalised recommendations