Abstract
We decided to use simpler definitions of security and privacy, boiling down to their most essential characteristics. Our guide was the famous Cooley’s classic definition of personal immunity as “a right of complete immunity: to be let alone” [3]. This phrase was soon adapted for definition of privacy. Being provided by a lawyer, it includes physical aspects of privacy—critical in the real world but not essential in the virtual world; as will be clear from our definitions of security and privacy in the next paragraph, we see these aspects more as security characteristics than privacy characteristics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Sundmaeker, H., Guillemin, P., Friess, P., & Woelfflé, S. (2010). Vision and challenges for realising the Internet of Things. Cluster of European Research Projects on the Internet of Things, European Commission (CERP-IoT). doi: 10.2759/26127
Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in computing (5th ed.). Englewood Cliffs, NJ: Prentice Hall.
Cooley, T. M. (1879). Treatise on the law of torts or the wrongs which arise independent of contract. Chicago: Callaghan.
Yang, G., Xu, J., Chen, W., Qi, Z. H., & Wang, H. Y. (2010). Security characteristic and technology in the Internet of Things. Journal of Nanjing University of Posts and Telecommunications, 30(4), 20–29.
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of Things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347–2376.
Lilien, L., Kamal, Z., Bhuse, V., & Gupta, A. (2006). Opportunistic networks: the concept and research challenges in privacy and security. Proceedings of International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks, Miami, FL, pp. 134–147.
Lilien, L., Gupta, A., Kamal, Z., & Yang, Z. (2010). Opportunistic resource utilization networks—a new paradigm for specialized ad hoc networks [Special Issue: Wireless Ad Hoc, Sensor and Mesh Networks, Elsevier]. Computers and Electrical Engineering, 36(2), 328–340.
Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120–134.
Spruit, M., & Wester, W. (2013). RFID security and privacy: Threats and countermeasures. Utrecht: Department of Information and Computing Sciences, Utrecht University.
Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2010). Classification of RFID attacks. Journal of Information Systems Frontiers, 12(5), 491–505.
De Fuentes, J. M., Peris-Lopez, P., Tapiador, J. E., & Pastrana, S. (2015). Probabilistic yoking proofs for large scale IoT systems. Ad Hoc Networks, 32, 43–52.
Katagi, M., & Moriai, S. (2011). Lightweight cryptography for the Internet of Things (Technical Report). Tokyo: Sony Corporation. Online: http://www.iab.org/wp-content/IAB-uploads/2011/03/Kaftan.pdf
Specht, S. M., & Lee, R. B. (2004). Distributed denial of service: taxonomies of attacks, tools, and countermeasures. Proceedings of ISCA International Conference on Parallel and Distributed Computing Systems (PDCS), San Francisco, CA, pp. 543–550.
Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of Internet of Things (IoT). International Journal of Computer Applications, 111(7), 1–6.
Mahmood, Z. (2016). Connectivity frameworks for smart devices. Cham: Springer International Publishing.
Roman, R., Alcaraz, C., Lopez, J., & Sklavos, N. (2011). Key management systems for sensor networks in the context of the Internet of Things. Computers & Electrical Engineering, 37(2), 147–159.
Alani, M. M. (2016). Elements of cloud computing security: A survey of key practicalities. Springer Briefs in Computer Science. Berlin: Springer International Publishing.
Zunnurhain, K., & Vrbsky, S. V. (2010). Security attacks and solutions in clouds. Proceedings of the 1st International Conference on Cloud Computing, Tuscaloosa, AL, pp. 145–156.
Anggorojati, B. (2015). Access control in IoT/M2M-cloud platform. Ph.D. dissertation, The Faculty of Engineering and Science, Aalborg University, Aalborg, Denmark.
Patel, A., Taghavi, M., Bakhtiyari, K., & Júnior, J. C. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications, 36(1), 25–41.
Ahmed, N. (2016). Designing, implementation and experiments for moving target defense. Ph.D. dissertation, Department of Computer Science, Purdue University, West Lafayette, IN.
Hong, J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74–81.
Muir, B. (2009). Radio frequency identification: privacy & security issues (slides). Slide Share. Online: http://www.slideshare.net/bsmuir/rfid-privacy-security-issues-31614795
Thompson, D. R., Chaudhry, N., & Thompson, C. W. (2006). RFID security threat model. In Proceedings of Conference on Applied Research in Information Technology, Conway, AR.
Virmani, D., Soni, A., Chandel, S., & Hemrajani, M. (2014). Routing attacks in wireless sensor networks: A survey. arXiv preprint arXiv:1407.3987.
Ben Othmane, L., & Lilien, L. (2009). Protecting privacy in sensitive data dissemination with active bundles. In Proceedings of Seventh Annual Conference on Privacy, Security and Trust (PST) (pp. 202–213). Saint John, NB.
Sibert, O., Bernstein, D., & Van Wie, D. (1995). The DigiBox: A self-protecting container for information commerce. Proceedings of First USENIX Workshop on Electronic Commerce, New York, NY, pp. 15–15.
Berthold, O., & Langos, H. (2002). Dummy traffic against long term intersection attacks. In Proceedings of International Workshop on Privacy Enhancing Technologies (pp. 110–128). Berlin: Springer.
PCI Security Standards Council. (2010). Initial roadmap: point-to-point encryption technology and PCI DSS compliance. Emerging Technology Whitepaper. Online: https://www.pcisecuritystandards.org/documents/pci_ptp_encryption.pdf
Wan, Z., Xing, K., & Liu, Y. (2012). Priv-Code: Preserving privacy against traffic analysis through network coding for multi-hop wireless networks. Proceedings of 31st Annual IEEE International Conference on Computer Communications (INFOCOM), Orlando, FL, pp. 73–81.
Pearson, S. (2009). Taking account of privacy when designing cloud computing services. Proceedings of the ICSE Workshop on Software Engineering Challenges for Cloud Computing, Vancouver, BC, pp. 44–52.
Waterson, D. (2015). IoT inference attacks from a whole lotta talkin’ going on. Thoughts on Information Security. Online: https://dwaterson.com/2015/08/26/iot-inference-attacks-froma-whole-lotta-talkin-going-on/
Squicciarini, A., Sundareswaran, S., & Lin, D. (2010). Preventing information leakage from indexing in the cloud. Proceedings of 3rd IEEE International Conference on Cloud Computing, Miami, FL, pp. 188–195.
Nasim, R. (2012). Security threats analysis in Bluetooth-enabled mobile devices. International Journal of Network Security & its Applications, 4(3), 41–56.
Monir, S. (2017). A Lightweight attribute-based access control system for IoT. Ph.D. dissertation, University of Saskatchewan, Saskatoon, SK.
Tebaa, M., & Hajji, S. E. (2014). Secure cloud computing through homomorphic encryption. International Journal of Advancements in Computing Technology (IJACT), 5(16), 29–38.
Tchao, A., Di Marzo, G., & Morin, J. H. (2017). Personal DRM (PDRM)—A self-protecting content approach. In F. Hartung et al. (Eds.), Digital rights management: Technology, standards and applications. New York: CRC Press, Taylor & Francis Group.
Ziegeldorf, H., Morchon, G., & Wehrle, K. (2014). Privacy in the Internet of Things: Threats and challenges. Security and Communication Networks, 7(12), 2728–2742.
Pfitzmann, A., & Hansen, M. (2010). A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (Version v0.34). Online: https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf
Duncan, G., & Stokes, L. (2009). Data masking for disclosure limitation. Wiley Interdisciplinary Reviews: Computational Statistics, 1(1), 83–92.
Ren, K., Lou, W., Kim, K., & Deng, R. (2006). A novel privacy preserving authentication and access control scheme for pervasive computing environments. IEEE Transactions on Vehicular Technology, 55(4), 1373–1384.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Al-Gburi, A., Al-Hasnawi, A., Lilien, L. (2018). Differentiating Security from Privacy in Internet of Things: A Survey of Selected Threats and Controls. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_9
Download citation
DOI: https://doi.org/10.1007/978-3-319-58424-9_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-58423-2
Online ISBN: 978-3-319-58424-9
eBook Packages: EngineeringEngineering (R0)