Security and privacy in the Internet of Things

Abstract The Internet of Things (IoT) revolution is expected to drive change in our society in an unprecedented way. It will help us collect exponentially more data in a continuous manner and get deeper insights derived from such data. There are several surveys done in the area of IoT in terms of enabling technologies, application domains, applications, protocols, and open issues. Among the open issues discussed are important concerns such as security and privacy. The low capabilities of IoT devices in terms of their energy and computing capabilities, the unreliable nature of the wireless channel, and physical vulnerability are among the contributing factors to some unique security vulnerabilities. This chapter summarizes recent research results in the area of IoT security. It emphasizes the challenges of privacy and security in IoT. The discussion considers open challenges in security and data privacy such as (1) scale and constrained network elements, (2) privacy in data collection as well as data sharing and management, and (3) identity management and authentication. The chapter presents existing literature, a critical assessment of the work that has been done, develops a perspective on the area, and evaluates trends. It also presents taxonomy of IoT security risks, attacks, and mechanisms.

[1]  Jongsung Kim,et al.  HIGHT: A New Block Cipher Suitable for Low-Resource Device , 2006, CHES.

[2]  Carsten Magerkurth,et al.  IoT Reference Model , 2013 .

[3]  Randall J. Atkinson,et al.  IP Encapsulating Security Payload (ESP) , 1995, RFC.

[4]  Frank Stajano,et al.  Location Privacy in Pervasive Computing , 2003, IEEE Pervasive Comput..

[5]  Luca Veltri,et al.  Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview , 2013, Algorithms.

[6]  Thiemo Voigt,et al.  Routing Attacks and Countermeasures in the RPL-Based Internet of Things , 2013, Int. J. Distributed Sens. Networks.

[7]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[8]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, ACM Trans. Inf. Syst. Secur..

[9]  Georg Carle,et al.  A DTLS based end-to-end security architecture for the Internet of Things with two-way authentication , 2012, 37th Annual IEEE Conference on Local Computer Networks - Workshops.

[10]  Zach Shelby,et al.  Constrained RESTful Environments (CoRE) Link Format , 2012, RFC.

[11]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[12]  David E. Culler,et al.  SPINS: Security Protocols for Sensor Networks , 2001, MobiCom '01.

[13]  Jean-Jacques Quisquater,et al.  SEA: A Scalable Encryption Algorithm for Small Embedded Applications , 2006, CARDIS.

[14]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[15]  Pascal Thubert,et al.  Compression Format for IPv6 Datagrams over IEEE 802.15.4-Based Networks , 2011, RFC.

[16]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[17]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[18]  Christof Paar,et al.  A Survey of Lightweight-Cryptography Implementations , 2007, IEEE Design & Test of Computers.

[19]  David A. Wagner,et al.  Secure routing in wireless sensor networks: attacks and countermeasures , 2003, Ad Hoc Networks.

[20]  Sheila Frankel,et al.  IP Security (IPsec) and Internet Key Exchange (IKE) Document Roadmap , 2011, RFC.

[21]  Carsten Bormann,et al.  Neighbor Discovery Optimization for IPv6 over Low-Power Wireless Personal Area Networks (6LoWPANs) , 2012, RFC.

[22]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[23]  Luca Veltri,et al.  IoT-OAS: An OAuth-Based Authorization Service Architecture for Secure Services in IoT Scenarios , 2015, IEEE Sensors Journal.

[24]  Riccardo Bonetto,et al.  Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[25]  Eran Hammer-Lahav,et al.  The OAuth 1.0 Protocol , 2010, RFC.

[26]  Philip Levis,et al.  RPL: IPv6 Routing Protocol for Low-Power and Lossy Networks , 2012, RFC.

[27]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[28]  David E. Culler,et al.  Transmission of IPv6 Packets over IEEE 802.15.4 Networks , 2007, RFC.

[29]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[30]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[31]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[32]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[33]  Alex Pentland,et al.  Enigma: Decentralized Computation Platform with Guaranteed Privacy , 2015, ArXiv.

[34]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1998, Inf. Comput..

[35]  David K. Y. Yau,et al.  On Information-theoretic Measures for Quantifying Privacy Protection of Time-series Data , 2015, AsiaCCS.

[36]  Thiemo Voigt,et al.  6LoWPAN Compressed DTLS for CoAP , 2012, 2012 IEEE 8th International Conference on Distributed Computing in Sensor Systems.