Skip to main content
SpringerLink
Log in

Differentiating Security from Privacy in Internet of Things: A Survey of Selected Threats and Controls

  • Chapter
  • First Online:
Computer and Network Security Essentials

Abstract

We decided to use simpler definitions of security and privacy, boiling down to their most essential characteristics. Our guide was the famous Cooley’s classic definition of personal immunity as “a right of complete immunity: to be let alone” [3]. This phrase was soon adapted for definition of privacy. Being provided by a lawyer, it includes physical aspects of privacy—critical in the real world but not essential in the virtual world; as will be clear from our definitions of security and privacy in the next paragraph, we see these aspects more as security characteristics than privacy characteristics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 109.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 139.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 199.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Sundmaeker, H., Guillemin, P., Friess, P., & Woelfflé, S. (2010). Vision and challenges for realising the Internet of Things. Cluster of European Research Projects on the Internet of Things, European Commission (CERP-IoT). doi: 10.2759/26127

  2. Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in computing (5th ed.). Englewood Cliffs, NJ: Prentice Hall.

    Google Scholar 

  3. Cooley, T. M. (1879). Treatise on the law of torts or the wrongs which arise independent of contract. Chicago: Callaghan.

    Google Scholar 

  4. Yang, G., Xu, J., Chen, W., Qi, Z. H., & Wang, H. Y. (2010). Security characteristic and technology in the Internet of Things. Journal of Nanjing University of Posts and Telecommunications, 30(4), 20–29.

    Google Scholar 

  5. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of Things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347–2376.

    Article  Google Scholar 

  6. Lilien, L., Kamal, Z., Bhuse, V., & Gupta, A. (2006). Opportunistic networks: the concept and research challenges in privacy and security. Proceedings of International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks, Miami, FL, pp. 134–147.

    Google Scholar 

  7. Lilien, L., Gupta, A., Kamal, Z., & Yang, Z. (2010). Opportunistic resource utilization networks—a new paradigm for specialized ad hoc networks [Special Issue: Wireless Ad Hoc, Sensor and Mesh Networks, Elsevier]. Computers and Electrical Engineering, 36(2), 328–340.

    Google Scholar 

  8. Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120–134.

    Article  Google Scholar 

  9. Spruit, M., & Wester, W. (2013). RFID security and privacy: Threats and countermeasures. Utrecht: Department of Information and Computing Sciences, Utrecht University.

    Google Scholar 

  10. Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2010). Classification of RFID attacks. Journal of Information Systems Frontiers, 12(5), 491–505.

    Article  Google Scholar 

  11. De Fuentes, J. M., Peris-Lopez, P., Tapiador, J. E., & Pastrana, S. (2015). Probabilistic yoking proofs for large scale IoT systems. Ad Hoc Networks, 32, 43–52.

    Article  Google Scholar 

  12. Katagi, M., & Moriai, S. (2011). Lightweight cryptography for the Internet of Things (Technical Report). Tokyo: Sony Corporation. Online: http://www.iab.org/wp-content/IAB-uploads/2011/03/Kaftan.pdf

  13. Specht, S. M., & Lee, R. B. (2004). Distributed denial of service: taxonomies of attacks, tools, and countermeasures. Proceedings of ISCA International Conference on Parallel and Distributed Computing Systems (PDCS), San Francisco, CA, pp. 543–550.

    Google Scholar 

  14. Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of Internet of Things (IoT). International Journal of Computer Applications, 111(7), 1–6.

    Article  Google Scholar 

  15. Mahmood, Z. (2016). Connectivity frameworks for smart devices. Cham: Springer International Publishing.

    Book  Google Scholar 

  16. Roman, R., Alcaraz, C., Lopez, J., & Sklavos, N. (2011). Key management systems for sensor networks in the context of the Internet of Things. Computers & Electrical Engineering, 37(2), 147–159.

    Article  Google Scholar 

  17. Alani, M. M. (2016). Elements of cloud computing security: A survey of key practicalities. Springer Briefs in Computer Science. Berlin: Springer International Publishing.

    Google Scholar 

  18. Zunnurhain, K., & Vrbsky, S. V. (2010). Security attacks and solutions in clouds. Proceedings of the 1st International Conference on Cloud Computing, Tuscaloosa, AL, pp. 145–156.

    Google Scholar 

  19. Anggorojati, B. (2015). Access control in IoT/M2M-cloud platform. Ph.D. dissertation, The Faculty of Engineering and Science, Aalborg University, Aalborg, Denmark.

    Google Scholar 

  20. Patel, A., Taghavi, M., Bakhtiyari, K., & Júnior, J. C. (2013). An intrusion detection and prevention system in cloud computing: A systematic review. Journal of Network and Computer Applications, 36(1), 25–41.

    Article  Google Scholar 

  21. Ahmed, N. (2016). Designing, implementation and experiments for moving target defense. Ph.D. dissertation, Department of Computer Science, Purdue University, West Lafayette, IN.

    Google Scholar 

  22. Hong, J. (2012). The state of phishing attacks. Communications of the ACM, 55(1), 74–81.

    Article  Google Scholar 

  23. Muir, B. (2009). Radio frequency identification: privacy & security issues (slides). Slide Share. Online: http://www.slideshare.net/bsmuir/rfid-privacy-security-issues-31614795

  24. Thompson, D. R., Chaudhry, N., & Thompson, C. W. (2006). RFID security threat model. In Proceedings of Conference on Applied Research in Information Technology, Conway, AR.

    Google Scholar 

  25. Virmani, D., Soni, A., Chandel, S., & Hemrajani, M. (2014). Routing attacks in wireless sensor networks: A survey. arXiv preprint arXiv:1407.3987.

    Google Scholar 

  26. Ben Othmane, L., & Lilien, L. (2009). Protecting privacy in sensitive data dissemination with active bundles. In Proceedings of Seventh Annual Conference on Privacy, Security and Trust (PST) (pp. 202–213). Saint John, NB.

    Google Scholar 

  27. Sibert, O., Bernstein, D., & Van Wie, D. (1995). The DigiBox: A self-protecting container for information commerce. Proceedings of First USENIX Workshop on Electronic Commerce, New York, NY, pp. 15–15.

    Google Scholar 

  28. Berthold, O., & Langos, H. (2002). Dummy traffic against long term intersection attacks. In Proceedings of International Workshop on Privacy Enhancing Technologies (pp. 110–128). Berlin: Springer.

    Google Scholar 

  29. PCI Security Standards Council. (2010). Initial roadmap: point-to-point encryption technology and PCI DSS compliance. Emerging Technology Whitepaper. Online: https://www.pcisecuritystandards.org/documents/pci_ptp_encryption.pdf

  30. Wan, Z., Xing, K., & Liu, Y. (2012). Priv-Code: Preserving privacy against traffic analysis through network coding for multi-hop wireless networks. Proceedings of 31st Annual IEEE International Conference on Computer Communications (INFOCOM), Orlando, FL, pp. 73–81.

    Google Scholar 

  31. Pearson, S. (2009). Taking account of privacy when designing cloud computing services. Proceedings of the ICSE Workshop on Software Engineering Challenges for Cloud Computing, Vancouver, BC, pp. 44–52.

    Google Scholar 

  32. Waterson, D. (2015). IoT inference attacks from a whole lotta talkin’ going on. Thoughts on Information Security. Online: https://dwaterson.com/2015/08/26/iot-inference-attacks-froma-whole-lotta-talkin-going-on/

  33. Squicciarini, A., Sundareswaran, S., & Lin, D. (2010). Preventing information leakage from indexing in the cloud. Proceedings of 3rd IEEE International Conference on Cloud Computing, Miami, FL, pp. 188–195.

    Google Scholar 

  34. Nasim, R. (2012). Security threats analysis in Bluetooth-enabled mobile devices. International Journal of Network Security & its Applications, 4(3), 41–56.

    Article  Google Scholar 

  35. Monir, S. (2017). A Lightweight attribute-based access control system for IoT. Ph.D. dissertation, University of Saskatchewan, Saskatoon, SK.

    Google Scholar 

  36. Tebaa, M., & Hajji, S. E. (2014). Secure cloud computing through homomorphic encryption. International Journal of Advancements in Computing Technology (IJACT), 5(16), 29–38.

    Google Scholar 

  37. Tchao, A., Di Marzo, G., & Morin, J. H. (2017). Personal DRM (PDRM)—A self-protecting content approach. In F. Hartung et al. (Eds.), Digital rights management: Technology, standards and applications. New York: CRC Press, Taylor & Francis Group.

    Google Scholar 

  38. Ziegeldorf, H., Morchon, G., & Wehrle, K. (2014). Privacy in the Internet of Things: Threats and challenges. Security and Communication Networks, 7(12), 2728–2742.

    Article  Google Scholar 

  39. Pfitzmann, A., & Hansen, M. (2010). A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (Version v0.34). Online: https://dud.inf.tu-dresden.de/literatur/Anon_Terminology_v0.34.pdf

  40. Duncan, G., & Stokes, L. (2009). Data masking for disclosure limitation. Wiley Interdisciplinary Reviews: Computational Statistics, 1(1), 83–92.

    Article  Google Scholar 

  41. Ren, K., Lou, W., Kim, K., & Deng, R. (2006). A novel privacy preserving authentication and access control scheme for pervasive computing environments. IEEE Transactions on Vehicular Technology, 55(4), 1373–1384.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Western Michigan University, Kalamazoo, MI, USA

    A. Al-Gburi, A. Al-Hasnawi & L. Lilien

  2. On leave from Department of Computer Science, Al-Mustansiriyah University, Baghdad, Iraq

    A. Al-Gburi

  3. On leave from Department of Electrical Engineering, Al‐Furat Al‐Awsat Technical University, Najaf, Iraq

    A. Al-Hasnawi

Authors
  1. A. Al-Gburi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. A. Al-Hasnawi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. L. Lilien
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to A. Al-Hasnawi .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, Michigan, USA

    Kevin Daimi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Cite this chapter

Al-Gburi, A., Al-Hasnawi, A., Lilien, L. (2018). Differentiating Security from Privacy in Internet of Things: A Survey of Selected Threats and Controls. In: Daimi, K. (eds) Computer and Network Security Essentials. Springer, Cham. https://doi.org/10.1007/978-3-319-58424-9_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-58424-9_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-58423-2

  • Online ISBN: 978-3-319-58424-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation