IJIRST International Journal for Innovative Research in Science & Technology| Volume 3 | Issue 02 | July 2016

ISSN (online): 2349-6010

Internet of Things: Privacy & Security Issues

Ms. Khushboo Desai
Assistant Professor
Department of Computer Engineering
SALITER, Ahmedabad. Gujarat, India

Abstract
The Internet of Things is emerging as the third wave in the development to the internet. Internet of things (IOT) is expected to
have a massive impact on consumer products, business and wider culture, but these are still early days[1]. The Internet of Things
(IOT) describes a worldwide network of intercommunicating devices. It integrates the ubiquitous communications, pervasive
computing, and ambient intelligence. The Internet of Things paradigm envisions the pervasive interconnection and cooperation
of smart things over the current and future Internet infrastructure. The Internet of Things is, thus, the evolution of the Internet to
cover the real-world, enabling many new services that will improve peoples everyday lives, spawn new businesses and make
buildings, cities and transport smarter. This paper analyses the privacy and security issues in the Internet of Things in detail. To
this end, we first discuss the evolving features and trends in the Internet of Things with the goal of Scrutinizing their privacy
implications. Second, we classify and examine privacy threats in this new setting, pointing out the challenges that need to be
overcome to ensure that the Internet of Things becomes a reality.
Keywords: IoT, WSN, SOA
_______________________________________________________________________________________________________
I.

INTRODUCTION

In the Internet of Things vision, every physical object has a virtual component that can produce and consume services. Such
extreme interconnection will bring unprecedented convenience and economy, but it will also require novel approaches to ensure
its safe and ethical use.[2]
IOT systems will deliver advanced services of a whole new kind based on increasingly fine-grained data acquisition in an
environment densely populated with smart things. Examples of such IOT systems are pervasive healthcare, advanced building
management systems, smartcity services, public surveillance and data acquisition, or participatory sensing applications. Privacy
has been a hot research topic in different technology and application areas that are important enablers of the IOT vision, e.g.
RFID, wireless sensor networks (WSN), web personalization, and mobile applications and platforms. These privacy threats,
whether known or new, need to be considered (i) in a reference model of the IOT accounting that accounts for its specific entities
and data flows, (ii) from the perspective of existing privacy legislation, and (iii) with regard to the and evolving features in the
IOT. For without a clear understanding of the arising issues and the appropriate counter-measures, the success of new pioneering
services and their users privacy will be at peril. We consider some of the key spheres of significance in arriving at a reference
architecture that is aimed at achieving trustworthiness among end-users in IOT applications, as being reminiscent of the
implementation of security and privacy in:
The IOT application, holistically
Ubiquitous computing systems in the solution
Participating Cloud computing systems
In the Service-Oriented Architecture (SOA) layer
In the Internet of Things (IOT), everything real becomes virtual, which means that each person and thing has a locatable,
addressable, and readable counterpart on the Internet. These virtual entities can produce and consume services and collaborate
toward a common goal. The users phone knows about his physical and mental state through a network of devices that surround
his body, so it can act on his behalf. The embedded system in a swimming pool can share its state with other virtual entities.
With these characteristics, the IoT promises to extend anywhere, anyhow, anytime computing to anything, anyone, any
service.
II. PROTOCOL & PRIVACY ISSUES
The Internet of Things (IOT) has particular security and privacy problems. The Internet Engineering Task Force is designing
authentication and authorization mechanisms for the most constrained devices which are part of the Internet of Things
[3].Privacy protection, on the other hand, depends largely on individual users to understand and configure security settings. This
often requires a high level of IT security competence, and is therefore likely to fail more often than not. Addressing this issue is
likely to greatly improve public acceptance of IOT consumer end products[3].The Internet of Things (IOT) universe of devices,
sensors, networks and technologies is so vast that meaningfully addressing any aspect of it -- such as security and privacy -- can
be daunting. Even narrowing the scope down to specific IOT use cases, such as vehicles/robots, smart homes, critical

All rights reserved by www.ijirst.org

227

Internet of Things: Privacy & Security Issues

(IJIRST/ Volume 3 / Issue 02/ 040)

infrastructure, connected medical devices, wearable, or HVAC systems, requires factoring in numerous and complex security
considerations.
IOT Security & Passwords
A number of IOT devices available today have defaulted to the lowest hanging fruit for security and authentication: passwords.
Passwords are bad for the web; for IOT, theyre a disaster for a number of reasons. First, IOT devices are almost always very
limited in their user interface -- they dont have keyboards to type a password into, nor do they have screens on which to display
random pairing codes." When you try to bolt a password-like system onto something with a difficult interface, you usually
end up with something weak.
Passwords endure as a frustratingly popular yet weak security link, one that is terribly inadequate for IOT and should
challenge vendors to embrace more secure authentication methods throughout the development process.
The physical nature of IOT has an enormous potential impact on privacy because it involves going beyond what you do on
your computer to what you do anytime, anywhere. As referenced at the outset, wrapping our arms around security and
privacy across the entire IOT system is a daunting task. Nonetheless, a vendor and industry approach should consider the
following layers:
Privacy policy: Vendors should take privacy seriously. They must respect their customers enough to understand that
privacy is a legitimate human need. NIST is working on some privacy standards that might help. Sometimes systems are
secure (they work the way theyre intended), but violate someones privacy because they are designed to do so. For
instance, they track people when they dont want to be tracked.
Security policy: Vendors must intentionally build secure systems. A system thats not intentionally secure is definitely
insecure. Someone needs to think hard about the security of your system, and that person needs to be pretty experienced in
order to do a good job.
Application-level security: Many IoT security flaws are the same types of bugs weve seen on the Internet for years, such as
default backdoor admin passwords, weak passwords, not using encryption over the network, and open ports.
Protocol-level security: Wireless protocols such as ZigBee have some weaknesses, so even if you secure the application
layer, the communication link itself can be intercepted or modified.
III. DATA & PRIVACY
Some of the data protection and privacy challenges raised by IOT are new, but many others are traditional, albeit amplified due
to the exponential increase of data processing involved. For example:
Not all IoT-M2M products and services have a privacy component to them, but when there is one (or information is
aggregated with data from other services)
it can give a detailed view of all facets of a user's life (e.g. wearable, connected cars, connected homes);the IOT value chain is
long and complex and significant number of stakeholders are involved in the data processing; IOT relies on the principle of the
extensive processing of data through sensors that are designed to communicate unobtrusively and exchange data in a seamless
way; the exponential volume of data that can be collected, and its further combination, its storage in the cloud and the use of
predictive analytics tools can transform data into something useful but also allow companies - and potentially malware - to have
very detailed profiles of individuals; and the sharing and combination of data through cloud services will increase the locations
and jurisdictions where personal data resides.
Data Protection & the IOT
The estimated growth of this new trend in the market is expected to hit between 26 billion and 30 billion devices by 2020, with
an estimated market worth of between $6 trillion and $9 trillion.[5]
To put this in context, the following are some interesting implications (including ones concerning data protection) that relate
to the explosion of these interconnected devices:
These devices will constantly generate huge amounts of data, so we will need faster networks, larger storage capabilities
(likely in the cloud) and more bandwidth to support the growth in Internet traffic.
There is not yet an open ecosystem to host these devices to make them interoperable like there is on Microsoft Windows,
Apple iOS and Google Android ecosystems.
Vendors are creating private networks for interoperability among their own products, but these are incompatible with
others. This creates a major challenge forintegration across multiple solutions.
The current Internet protocol (IPv4) cannot handle the growth in the number of interconnected devices on the Internet. This
will trigger the need to switch to a more scalable protocol, such as IPv6.
Security and the IOT
With this in mind, you may be concerned about how to deal with security in the IOT. The following are several security
challenges that will need to be faced as the IOT gains steam:

All rights reserved by www.ijirst.org

228

Internet of Things: Privacy & Security Issues

(IJIRST/ Volume 3 / Issue 02/ 040)

If we already have trouble today keeping our computers, smartphones and tablets updated with the latest version of code,
wont it be a nightmare trying to keep these millions of devices updated and free of security bugs?
With the amount of data these devices will generate, how do we navigate the sea of data to identify suspicious traffic over
the network? What if we miss incidents because we are unable to identify them?
Proprietary and enclosed implementations such as those that vendors are creating today make it harder to find hidden or
unknown zero-day attacks.
Even though IPv6 has been present for some time, this protocol has not yet been fully perfected. As with everything that is
new, we have to handle new and unknown weaknesses. That being said, the way we apply security controls over IPv4 may
not be useful or relevant for protecting IPv6.
Data Management

Traditional data management systems handle the storage, retrieval, and update of elementary data items, records and files. In the
context of IOT, data management systems must summarize data online while providing storage, logging, and auditing facilities
for offline analysis. This expands the concept of data management from offline storage, query processing, and transaction
management operations into online-offline communication/storage dual operations. We first define the data lifecycle within the
context of IOT and then outline the energy consumption profile for each of the phases in order to have a better understanding of
IOT data management[5].
The Internet of Things (IOT) has made the leap to become a main stream topic. This growing recognition is due to the impact
the IOT has had on business analytics and the potential that still remains untapped. Each day, new machines, sensors, and
devices come online and feed information into data systems. As organizations embark on new IOT initiatives and work to extract
more insight from swelling data volumes, a new data management approach is called for.
Organizations that previously derived the majority of their insight from transactional data are shifting their focus to IOT data.
All of this analytical development generates swelling data volumes, with IOT organizations averaging 30% data growthyearover-year. Other estimates put data growth rates higher across all industries. Even conservatively, enterprise data will Double
within three years.
Not only is data growing, it is also diversifying. More than half of IOT organizations are concerned that their analytical tools
and infrastructure are not equal to modern data demands. Many organizations lack the tools and infrastructure needed to leverage
non-traditional data formats, such as unstructured and geospatial data.
Managing Data at the Edge
As devices and sensors multiply and data volumes swell, legacy data management infrastructure and techniques will no longer be
sufficient to fully leverage the IOT. IOT organizations demonstrate the direction that data management needs to take. Traditional
centralized databases will always have a role to play in analytics. However, as IOT initiatives continue to gain Momentum, data
management is moving from the central data repository towards the edge of the network. IOT organizations are nearly twice as
likely as all other organizations to have automated data capture. These organizations embed Data management into the devices
and sensors generating data to facilitate a smooth and steady stream of information.
IV. PRIVACY PROTECTION
In most cases, end-users are likely to accept an IoT solution that is managed or hosted on a trusted cloud provider system. We
propose the use of a governance body for ongoing certification and regulation of standards pertaining to the all-encompassing
extent of a typical IOT implementation.
Privacy in the Ubiquitous Sensors and Devices in the Smart Environment
In considering the security and privacy concerns of IOT applications, it is important to hone in on some of the security and
privacy challenges pertaining to pervasive devices and sensors that are often working ubiquitously to collect and exchange data
in the environment. From a security and privacy perspective, some of the key requirements that can be addressed at this layer of
the IOT application include:
User identification and validation
Privacy in ubiquitous computing
Secure network communications
Data communications and storage security
Data privacy
Content security
Tamper resistance
Privacy in the Cloud Computing Layer
Nonetheless, vulnerabilities in cloud solutions can differ for a given cloud deployment model. Some of the cloud deployment
models in use today include:

All rights reserved by www.ijirst.org

229

Internet of Things: Privacy & Security Issues

(IJIRST/ Volume 3 / Issue 02/ 040)

Private Cloud
Community Cloud
Public Cloud
Hybrid Cloud
Virtual Private Cloud
Privacy in the IOT Apps and Service Layer

The IOT system interacts with its own cloud-hosted service layer as well as external services. The IOT application user interface
itself might have its own privacy and security concerns. In addition, the third party external services used in the solution might
need to be governed to ensure that they protect the end-users privacy and security preferences. For example, if the IOT
application interacts with the Facebook Graph API, the end-user might have specific privacy settings set on Facebook (an OSN)
that needs to be protected in the IOT system.
Cross-Cutting Governance Layer
Health Information Security and Privacy Compliance
V. CONCLUSION
With the outburst of cloud services and the advent of pervasive and context-aware services, it is increasingly necessary to ensure
that sensitive data is not compromised. This paper motivates the need for a detailed analysis of privacy threats and challenges in
the Internet of Things. Finally, we stress two core thoughts that our work suggests for a privacy-aware Internet of Things: First,
the IOT is evolving privacy is a constant challenge and must be faced with the necessary foresight. Second, a fruitful outcome
requires coordinated action to provide technical solutions supported by the corresponding legal framework.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]

National Intelligence Council, Disruptive Civil Technologies Six Technologies with Potential Impacts on US Interests Out to 2025 Conference Report
CR 2008-07, April 2008
R. Roman, P. Najera, and J. Lopez, \Securing the Internet of Things",IEEE Computer,vol. 44, pp. 51 -58, 2011
Presser M, Krco Sa. IOT-I: Internet of Things Initiative: Public Deliverables D2.1: Initial report on IoT applications of strategic interest 2010.
Evans D. The Internet of Things - How the Next Evolution of the Internet Is Changing Everything. CISCO white paper
Sen R., Ramamritham K. Efficient Data Management on lightweight Computing Devices. Proceedings of the International Conference on Data Engineering
(ICDE 2005); Tokyo, Japan. 58 April 2005; pp. 419420.
Rastogi V, Nath S. Differentially private aggregation of distributed time-series with transformation and encryption. Proceedings of the 2010 ACM
SIGMOD International Conference on Management of data.SIGMOD 10, 2010; 735746, doi:10.1145/1807167.1807247
D. Giusto, A. Iera, G. Morabito, L. Atzori (Eds.), The Internet of Things,Springer, 2010. ISBN: 978-1-4419-1673Ivor D. Addo, Sheikh I. Ahamed, International Journal of Services Computing (ISSN 2330-4472) Vol. 2, No. 4, Oct.-Dec. 2014.

All rights reserved by www.ijirst.org

230