Privacy Implications of the Internet of Things

  • Ivan Gudymenko
  • Katrin Borcea-Pfitzmann
  • Katja Tietze
Part of the Communications in Computer and Information Science book series (CCIS, volume 277)


The Internet of Things (IoT) is likely to become one of the milestones which is going to determine the technological advance for the future. At the same time, new privacy concerns arise which might seriously impede the adoption of such systems. In this paper, we provide for our view on privacy implications of IoT focusing on RFID technology as one of its main enablers and suggest possible solutions to developing IoT systems in a privacy-respecting and secure way.


IoT privacy RFID 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Atzori, L., Iera, A., Morabito, G.: The internet of things: A survey. Comput. Netw. 54, 2787–2805 (2010)zbMATHCrossRefGoogle Scholar
  2. 2.
    Hui, J.W., Culler, D.E.: Extending IP to low-power, wireless personal area networks. IEEE Internet Computing 12(4), 37–45 (2008)CrossRefGoogle Scholar
  3. 3.
    Krikorian, R., Gershenfeld, N., Cohen, D.: The Internet of Things. Scientific American, 76–81 (October 2004)Google Scholar
  4. 4.
    Welbourne, E., Battle, L., Cole, G., Gould, K., Rector, K., Raymer, S., Balazinska, M., Borriello, G.: Building the internet of things using RFID: The RFID ecosystem experience. IEEE Internet Computing 13(3), 48–55 (2009)CrossRefGoogle Scholar
  5. 5.
    Gudymenko, I., Borcea-Pfitzmann, K.: A Framework for Transforming Abstract Privacy Models into Implementable System Requirements. In: 1st International Workshop on Model-based Interactive Ubiquitous Systems (2011)Google Scholar
  6. 6.
    Benetton to tag 15 million items (March 2003), (accessed on July 18, 2011)
  7. 7.
    Gonsalves, A.: Privacy concerns hinder RFID rollout (January 2000),,privacy-concerns-hinder-rfid-rollout.aspx (accessed on July 18, 2011)
  8. 8.
    Weber, R.H.: Internet of things - new security and privacy challenges. Computer Law & Security Review 26(1), 23–30 (2010)CrossRefGoogle Scholar
  9. 9.
    Report: Privacy and data protection impact assessment framework for RFID applications (January 2011) (accessed on May 25, 2011)Google Scholar
  10. 10.
    Cavoukian, A.: Privacy by Design. Take a challenge. Electronic Resource (2009),
  11. 11.
    Whiting, D., Housley, R., Ferguson, N.: Counter with CBC-MAC (CCM). Internet Ingineering Task Force (2003)Google Scholar
  12. 12.
    Schelby, Z., Bormann, C.: 6LoWPAN: the Wireless Embedded Internet. Wiley (2009)Google Scholar
  13. 13.
    European Parliament and Council Directive: Directive 2002/58/EC of the European Parliament and of the Council: concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities (2002)Google Scholar
  14. 14.
    Cha, I., Shah, Y., Schmidt, A.U., Leicher, A., Meyerstein, M.V.: Trust in M2M communication. IEEE Vehicular Technology Magazine 4(3), 69–75 (2009)CrossRefGoogle Scholar
  15. 15.
    Wu, G., Talwar, S., Johnsson, K., Himayat, N., Johnson, K.D.: M2M: From mobile to embedded internet. IEEE Communications Magazine 49(4), 36–43 (2011)CrossRefGoogle Scholar
  16. 16.
    Day, J.D., Zimmermann, H.: The OSI reference model. Proceedings of the IEEE 71(12), 1334–1340 (1983)CrossRefGoogle Scholar
  17. 17.
    Cichon, J., Klonowski, M., Kutylowski, M.: Privacy Protection in Dynamic Systems Based on RFID Tags. In: Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops, PerCom Workshops 2007, pp. 235–240 (March 2007)Google Scholar
  18. 18.
    Hutter, M., Feldhofer, M., Wolkerstorfer, J.: A Cryptographic Processor for Low-Resource Devices: Canning ECDSA and AES Like Sardines. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 144–159. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. 19.
    Hutter, M., Joye, M., Sierra, Y.: Memory-Constrained Implementations of Elliptic Curve Cryptography in Co-Z Coordinate Representation. In: Nitaj, A., Pointcheval, D. (eds.) AFRICACRYPT 2011. LNCS, vol. 6737, pp. 170–187. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  20. 20.
    NIST. Specification for the Advanced Encryption Standard (AES). FIPS 197 (November 2001)Google Scholar
  21. 21.
    Koblitz, N.: Elliptic Curve Cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Weis, S.A., Sarma, S.E., Rivest, R.L., Engels, D.W.: Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems. In: Hutter, D., Müller, G., Stephan, W., Ullmann, M. (eds.) Security in Pervasive Computing. LNCS, vol. 2802, pp. 201–212. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  23. 23.
    Karjoth, G., Moskowitz, P.A.: Disabling RFID Tags with Visible Confirmation: Clipped Tags are Silenced. In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, WPES 2005, pp. 27–30. ACM, New York (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ivan Gudymenko
    • 1
  • Katrin Borcea-Pfitzmann
    • 1
  • Katja Tietze
    • 1
  1. 1.Department of Computer Science, Chair of Privacy and Data SecurityDresden University of TechnologyDresdenGermany

Personalised recommendations