Abstract
The devices in the Internet of Things (IoT) environment find applications in a wide variety of fields, from smart homes and smart cities to smart wearables. Earlier predictions had estimated a huge number of connected devices in use by the year 2015, but it did not happen. A main reason refers to the ubiquity of IoT devices that has its own set of unique challenges and problems which are not easy to surmount. One core issue relates to the security and connectivity vulnerabilities of these devices. With the number of IoT devices steadily on the rise and trends like BYOD (Bring Your Own Device) catching up, the challenges faced by these devices are steadily increasing. To understand the significance of issues relating to the connectivity of IoT devices, we must learn about their unique characteristics and requirements. However, notwithstanding the multiple vulnerabilities, unfortunately, there is no silver bullet to suggest definitive solutions. Apart from securing the devices, there is also an urgent need to update the laws that protect data ownership rights and restrict access to personal data. This chapter is an effort to address privacy and security challenges that IoT devices face. The chapter highlights novel solutions that can be usefully employed to make these devices more secure. It discusses device trust , policies and standards , data anonymization , lightweight authentication , encryption, and Datagram Transport Layer Security (DTLS) techniques.
This is a preview of subscription content, log in via an institution.
References
Meola A (2016) What is the Internet of Things (IoT). http://www.businessinsider.com/what-is-the-internet-of-things-definition-2016-8. Accessed Mar 2017
Qureshi R (2016) Ericsson mobility report, June 2016. https://www.ericsson.com/res/docs/2016/ericsson-mobility-report-2016.pdf. Accessed Mar 2017
Lamming M, Flynn M (1994) “Forget-me-not” Intimate computing in support of human memory, 94 International Symposium on next generation human interface, Technical Report EPC-1994-103, 2–4 Feb 1994
Media (2002) A brief history of wearable computing. www.media.mit.edu/wearables/lizzy/timeline.html#1981b. Accessed Mar 2017
Ashton K (2009) That ‘internet of things’ thing, 22 June 2009. http://www.rfidjournal.com/articles/view?4986. Accessed Mar 2017
Drozhzhin A (2015) Internet of crappy things, 19 Feb 2015, https://blog.kaspersky.com/internet-of-crappy-things/7667/. Accessed March 2017
Zhou W, Piramuthu S (2014) Security/privacy of wearable fitness tracking IoT devices. In: 9th Iberian Conference on Information Systems and Technologies (CISTI), pp 1–5, 18–21 June 2014
Arsene L (2014) Bitdefender research exposes security risks of android wearable devices, 12 Sept 2014. www.darkreading.com/partner-perspectives/bitdefender/bitdefender-research-exposes-security-risks-of-android-wearable-devices-/a/d-id/1318005. Accessed Mar 2017
Scully P (2016) Understanding IoT Security – Part 1 of 3: IoT security architecture on the device and communication layers, 29 Nov 2016. https://iot-analytics.com/understanding-iot-security-part-1-iot-security-architecture/. Accessed Mar 2017
Greenberg A (2015) Hackers remotely kill a jeep on the highway – with me in it, 21 July 2015. https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/. Accessed Mar 2017
Loisel Y, di Vito S (2015) Securing the IoT 2 – secure boot as a root of trust. http://www.embedded.com/design/safety-and-security/4438300/Securing-the-IoT--Part-2---Secure-boot-as-rooot-of-trust-. Accessed Mar 2017
White Paper (2017) Building trust in the internet of things, (2017), Wind Report
Engels D, Fan X, Gong G, Hu H, Smith EM (2010) Hummingbird: ultra-lightweight cryptography for resource-constrained devices. In: Sion R et al (eds) Financial cryptography and data security. FC 2010. Lecture notes in computer science, vol 6054. Springer, Berlin/Heidelberg
Engels D, Saarinen MJO, Schweitzer P, Smith EM (2011) The hummingbird-2 lightweight authenticated encryption algorithm. In: Juels A, Paar C (eds) RFID. Security and privacy. RFIDSec 2011. Lecture notes in computer science, vol 7055. Springer, Berlin/Heidelberg
Standaert FX, Piret G, Gershenfeld N, Quisquater JJ (2006) SEA: a scalable encryption algorithm for small embedded applications. In: Domingo-Ferrer J, Posegga J, Schreckling D (eds) Smart card research and advanced applications. CARDIS 2006. Lecture notes in computer science, vol 3928. Springer, Berlin/Heidelberg
Snader R, Kravets R, Harris AF (2016) CryptoCop: lightweight, energy-efficient encryption and privacy for wearable devices. In WearSys 2016 – Proceedings of the 2016 Workshop on Wearable Systems and Applications, co-locatedssssss with MobiSys 2016, pp 7–12. [2935647] Association for Computing Machinery, Inc. doi:https://doi.org/10.1145/2935643.2935647, 25–30 June 2016
Perrig A, Szewczyk R, Tygar J et al (2002) SPINS: security protocols for sensor networks. ACM J Wirel Netw 8(5):521–534
Young Sil Lee, Esko Alasaarela, Hoon Jae Lee (2014) An efficient scheme using elliptic curve cryptography (ECC) with symmetric algorithm for healthcare system. Int J Secur Appl 8(3):63–70
He D, Zeadally S (2015) An analysis of RFID authentication schemes for internet of things in healthcare environment using elliptic curve cryptography. IEEE Internet Things J 2(1):72–83
Lakkundi V, Singh K (2014) Lightweight DTLS implementation in CoAP-based Internet of Things, vol. 00, no, pp 7–11. In: Advanced Computing and Communications (ADCOM), 2014 20th annual international conference, 19–22 Sept 2014
King J, Awad AI (2016) A distributed security mechanism for resource-constrained IoT devices. Informatica Int J Comput Inform (Slovenia) 40(1):133–143
Eisenbarth T, Kumar S, Paar C, Poschmann A, Uhsadel L (2007) A survey of lightweight-cryptography implementations. IEEE Des Test 24(6):522–533
Yu S, Wang C, Ren K, Lou W (2010) Achieving secure, scalable, and fine-grained access control in cloud computing. In: Proceedings of IEEE INFOCOM’10, San Diego, CA, USA, March 2010
Wang G, Liu Q, Wu J (2010) Hierarchical attribute-based encryption for fine-grained access control in cloud storage services. In: Proceedings of the ACM conference Computer and Communications Security (ACM CCS), Chicago, IL, 4–8 Oct 2010
Wang C, Wang Q, Ren K, Lou W (2010) Privacy-preserving public auditing for storage security in cloud computing. In: INFOCOM’10 proceedings of the 29th conference on information communications, pp 525–533, 14–19 Mar 2010
El Emam K, Dankar FK, Issa R, Jonker E, Amyot D et al (2009) A globally optimal k-anonymity method for the de-identification of health data. J Am Med Inform Assoc 16:670–682
Felix JGC (2015) Anonymity in preference-aware location-based services without third trusted-party. In: 12th EAI international conference mobile and ubiquitous systems, Coimbra, Portugal
FTC (2015) Internet of things, FTC Staff report, January 2015
FTC (2016) A tool for inclusion or exclusion, (2016), FTC report Big Data, January 2016
General Wellness: Policy for Low Risk Devices (2016) FDA document, July 2016
ERCIM News 101 (2015) Special theme: the internet of things and the web of things, April 2015
Zigbee (2017) The ZigBee Alliance. http://www.zigbee.org/zigbeealliance/. Accessed Mar 2017
Varadharajan V et al (2016) Data security and privacy in the internet of things (iot) environment. In: Mahmood Z (ed) Connectivity frameworks for smart devices. Springer, Cham, pp 261–281
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Vijayaraghavan, V., Agarwal, R. (2017). Security and Privacy Across Connected Environments. In: Mahmood, Z. (eds) Connected Environments for the Internet of Things. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-70102-8_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-70102-8_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70101-1
Online ISBN: 978-3-319-70102-8
eBook Packages: Computer ScienceComputer Science (R0)