Security and Privacy in the IoT

  • Elisa Bertino
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10726)


Deploying existing data security solutions to the Internet of Things (IoT) is not straightforward because of device heterogeneity, highly dynamic and possibly unprotected environments, and large scale. In this paper, we first outline IoT security and privacy risks and critical related requirements in different application domains. We then discuss aspects of a roadmap for IoT security and privacy with focus on access control, software and firmware, and intrusion detection systems. We conclude the paper by outlining a few challenges.


  1. 1.
    Bertino, E., Ghinita, G., Kamra, A.: Access control for databases: concepts and systems. Found. Trends Databases 3(1–2), 1–148 (2011)MATHGoogle Scholar
  2. 2.
    Bertino, E.: Data security and privacy in the IoT. In: Proceedings of the 19th International Conference on Extending Database Technology, EDBT 2016, Bordeaux, France, March 15–16, 2016, Bordeaux, France, 15–16 March 2016Google Scholar
  3. 3.
    Bertino, E., Islam, N.: Botnets and Internet of Things security. IEEE Comput. 50(2), 76–79 (2017)CrossRefGoogle Scholar
  4. 4.
    Rawlinson, K.: HH Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack.
  5. 5.
    Bansal, S.K.: Linux Worm targets Internet-enabled Home Appliances to Mine Cryptocurrencies, March 2014.
  6. 6.
    Wright, A.: Hacking cars. Commun. ACM 54(11), 18–19 (2011)CrossRefGoogle Scholar
  7. 7.
  8. 8.
    Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity Internet of Things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, China, May 30–June 3 2016Google Scholar
  9. 9.
    Sametinger, J., Rozenblit, J.W., Lysecky, R.L., Ott, P.: Security challenges for medical devices. Commun. ACM 58(4), 74–82 (2015)CrossRefGoogle Scholar
  10. 10.
    Accenture. Driving the Unconventional Growth through the Industrial Internet of Things (2015).
  11. 11.
    McLaughin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)CrossRefGoogle Scholar
  12. 12.
    Shebaro, B., Oluwatimi, O., Bertino, E.: Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. 12(2), 150–163 (2015)CrossRefGoogle Scholar
  13. 13.
    Levy, A., Long, J., Riliskis, L., Levis, P., Winstein, K.: Beetle: flexible communication for bluetooth low energy. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2016, Singapore, 26–30 June 2016Google Scholar
  14. 14.
    Midi, D., Payer, M., Bertino, E.: Memory safety for embedded devices with nesCheck. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, 2–6 April 2017Google Scholar
  15. 15.
    Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis - a system for knowledge-driven adaptable intrusion detection for the Internet of Things. In: 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017, Atlanta, GA, USA, 5–8 June 2017Google Scholar
  16. 16.
    Cui, A., Costello, M., Stolfo, S.: When firmware modifications attack: a case study of embedded exploitation. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, 24–27 February 2013Google Scholar
  17. 17.
    Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8–11 February 2015Google Scholar
  18. 18.
    Bossi, L., Bertino, E., Hussain, S.R.: A system for profiling and monitoring database access patterns by application programs for anomaly detection. IEEE Trans. Software Eng. 43(5), 415–431 (2017)CrossRefGoogle Scholar
  19. 19.
    Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 11, 2661–2674 (2013)CrossRefGoogle Scholar
  20. 20.
    Won, J.H., Singla, A., Bertino, E.: Blockchain-based Public Key Infrastructure for Internet-of-Things (2017, Submitted for Publication)Google Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Purdue UniversityWest LafayetteUSA

Personalised recommendations