Security and Privacy in Smart Cities: Challenges and Opportunities

Smart cities are expected to improve the quality of daily life, promote sustainable development, and improve the functionality of urban systems. Now that many smart systems have been implemented, security and privacy issues have become a major challenge that requires effective countermeasures. However, traditional cybersecurity protection strategies cannot be applied directly to these intelligent applications because of the heterogeneity, scalability, and dynamic characteristics of smart cities. Furthermore, it is necessary to be aware of security and privacy threats when designing and implementing new mechanisms or systems. Motivated by these factors, we survey the current situations of smart cities with respect to security and privacy to provide an overview of both the academic and industrial fields and to pave the way for further exploration. Specifically, this survey begins with an overview of smart cities to provide an integrated context for readers. Then, we discuss the privacy and security issues in current smart applications along with the corresponding requirements for building a stable and secure smart city. In the next step, we summarize the existing protection technologies. Finally, we present open research challenges and identify some future research directions.

[1]  Song Guo,et al.  Malware Propagation in Large-Scale Networks , 2015, IEEE Transactions on Knowledge and Data Engineering.

[2]  Xiaohui Liang,et al.  Security and Privacy in Smart City Applications: Challenges and Solutions , 2017, IEEE Communications Magazine.

[3]  Michele Magno,et al.  A Low Cost, Highly Scalable Wireless Sensor Network Solution to Achieve Smart LED Light Control for Green Buildings , 2015, IEEE Sensors Journal.

[4]  Vallipuram Muthukkumarasamy,et al.  Securing Smart Cities Using Blockchain Technology , 2016, 2016 IEEE 18th International Conference on High Performance Computing and Communications; IEEE 14th International Conference on Smart City; IEEE 2nd International Conference on Data Science and Systems (HPCC/SmartCity/DSS).

[5]  Liang Xiao,et al.  Evolutionary Game Theoretic Analysis of Advanced Persistent Threats Against Cloud Storage , 2017, IEEE Access.

[6]  Andrea Zanella,et al.  Long-range communications in unlicensed bands: the rising stars in the IoT and smart city scenarios , 2015, IEEE Wireless Communications.

[7]  Hao Jiang,et al.  A Medical Healthcare System for Privacy Protection Based on IoT , 2015, 2015 Seventh International Symposium on Parallel Architectures, Algorithms and Programming (PAAP).

[8]  David A. Wagner,et al.  The Feasibility of Dynamically Granted Permissions: Aligning Mobile Privacy with User Preferences , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[9]  Niraj K. Jha,et al.  A Comprehensive Study of Security of Internet-of-Things , 2017, IEEE Transactions on Emerging Topics in Computing.

[10]  Mohsen Guizani,et al.  Internet of Things Architecture: Recent Advances, Taxonomy, Requirements, and Open Challenges , 2017, IEEE Wireless Communications.

[11]  Ihsan Jabbar,et al.  Using Fully Homomorphic Encryption to Secure Cloud Computing , 2016, IoT 2016.

[12]  Jiguo Yu,et al.  IoT Applications on Secure Smart Shopping System , 2017, IEEE Internet of Things Journal.

[13]  K. J. Ray Liu,et al.  Privacy or Utility in Data Collection? A Contract Theoretic Approach , 2015, IEEE Journal of Selected Topics in Signal Processing.

[14]  Tarik Taleb,et al.  An Accurate Security Game for Low-Resource IoT Devices , 2017, IEEE Transactions on Vehicular Technology.

[15]  PRADIP KUMAR SHARMA,et al.  A Software Defined Fog Node Based Distributed Blockchain Cloud Architecture for IoT , 2018, IEEE Access.

[16]  Rob Kitchin,et al.  Getting smarter about smart cities: Improving data privacy and data security , 2016 .

[17]  Rasool Jalili,et al.  An efficient statistical zero-knowledge authentication protocol for smart cards , 2016, Int. J. Comput. Math..

[18]  Alessandro Bassi,et al.  Designing, Developing, and Facilitating Smart Cities: Urban Design to IoT Solutions , 2016 .

[19]  Hyun-Soo Choi,et al.  Biometric Authentication Using Noisy Electrocardiograms Acquired by Mobile Sensors , 2016, IEEE Access.

[20]  Isabel Wagner,et al.  Privacy in the Smart City—Applications, Technologies, Challenges, and Solutions , 2018, IEEE Communications Surveys & Tutorials.

[21]  Jianhua Li,et al.  Big Data Analysis-Based Security Situational Awareness for Smart Grid , 2018, IEEE Transactions on Big Data.

[22]  Hwee Pink Tan,et al.  Machine Learning in Wireless Sensor Networks: Algorithms, Strategies, and Applications , 2014, IEEE Communications Surveys & Tutorials.

[23]  Dongxi Liu,et al.  Lightweight Mutual Authentication for IoT and Its Applications , 2017, IEEE Transactions on Sustainable Computing.

[24]  Mohammad Emtiyaz Khan,et al.  SmarPer: Context-Aware and Automatic Runtime-Permissions for Mobile Devices , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[25]  Elisa Bertino,et al.  Kalis — A System for Knowledge-Driven Adaptable Intrusion Detection for the Internet of Things , 2017, 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS).

[26]  Jürgen Schönwälder,et al.  Management of resource constrained devices in the internet of things , 2012, IEEE Communications Magazine.

[27]  Michael Devetsikiotis,et al.  Blockchains and Smart Contracts for the Internet of Things , 2016, IEEE Access.

[28]  Albert Y. Zomaya,et al.  Privacy of Big Data in the Internet of Things Era , 2014, ArXiv.

[29]  Shui Yu,et al.  Big Privacy: Challenges and Opportunities of Privacy Study in the Age of Big Data , 2016, IEEE Access.

[30]  Luming Tan,et al.  Future internet: The Internet of Things , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[31]  Danilo De Donno,et al.  An IoT-Aware Architecture for Smart Healthcare Systems , 2015, IEEE Internet of Things Journal.

[32]  Hans Jochen Scholl,et al.  Smart Governance: A Cross-Case Analysis of Smart City Initiatives , 2016, 2016 49th Hawaii International Conference on System Sciences (HICSS).

[33]  Kim-Kwang Raymond Choo,et al.  Privacy-Preserving-Outsourced Association Rule Mining on Vertically Partitioned Databases , 2016, IEEE Transactions on Information Forensics and Security.

[34]  Georgios Kambourakis,et al.  DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[35]  Mehdi Bennis,et al.  Toward Interconnected Virtual Reality: Opportunities, Challenges, and Enablers , 2016, IEEE Communications Magazine.

[36]  Ehab Al-Shaer,et al.  IoTChecker: A data-driven framework for security analytics of Internet of Things configurations , 2017, Comput. Secur..

[37]  Hoang Long Nguyen,et al.  Towards Ontological Approach on Trust-Aware Ambient Services , 2017, IEEE Access.

[38]  Chunhua Su,et al.  You Think, Therefore You Are: Transparent Authentication System with Brainwave-Oriented Bio-Features for IoT Networks , 2020, IEEE Transactions on Emerging Topics in Computing.

[39]  Yong Xiang,et al.  Protection of Privacy in Biometric Data , 2016, IEEE Access.

[40]  Francesco Palmieri,et al.  Multi-layer cloud architectural model and ontology-based security service framework for IoT-based smart homes , 2018, Future Gener. Comput. Syst..

[41]  Zhiyong Feng,et al.  Network Security Situation Awareness Based on Semantic Ontology and User-Defined Rules for Internet of Things , 2017, IEEE Access.

[42]  Yuguang Fang,et al.  A game-theoretic approach for achieving k-anonymity in Location Based Services , 2013, 2013 Proceedings IEEE INFOCOM.

[43]  Xuemin Sherman Shen,et al.  A Lightweight Lattice-Based Homomorphic Privacy-Preserving Data Aggregation Scheme for Smart Grid , 2018, IEEE Transactions on Smart Grid.

[44]  Jiming Chen,et al.  Smart community: an internet of things application , 2011, IEEE Communications Magazine.

[45]  Tao Zhang,et al.  Fog and IoT: An Overview of Research Opportunities , 2016, IEEE Internet of Things Journal.

[46]  Soo-Hyung Kim,et al.  Quality of Private Information (QoPI) model for effective representation and prediction of privacy controls in mobile computing , 2017, Comput. Secur..

[47]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[48]  Feng Xia,et al.  Vehicular Social Networks: Enabling Smart Mobility , 2017, IEEE Communications Magazine.

[49]  José Ramón Gil-García,et al.  Towards a smart State? Inter-agency collaboration, information integration, and beyond , 2012, Inf. Polity.

[50]  Shiuh-Pyng Shieh,et al.  Emerging Security Threats and Countermeasures in IoT , 2015, AsiaCCS.

[51]  Georgios K. Ouzounis,et al.  Smart cities of the future , 2012, The European Physical Journal Special Topics.

[52]  Rodrigo Roman,et al.  On the Vital Areas of Intrusion Detection Systems in Wireless Sensor Networks , 2013, IEEE Communications Surveys & Tutorials.

[53]  Alessandro Acquisti,et al.  Follow My Recommendations: A Personalized Privacy Assistant for Mobile App Permissions , 2016, SOUPS.

[54]  Laurence T. Yang,et al.  Data Mining for Internet of Things: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[55]  Aaron Roth,et al.  Mechanism design in large games: incentives and privacy , 2012, ITCS.

[56]  Sherali Zeadally,et al.  Anonymous Authentication for Wireless Body Area Networks With Provable Security , 2017, IEEE Systems Journal.

[57]  Yanfei Sun,et al.  Strategic Honeypot Game Model for Distributed Denial of Service Attacks in the Smart Grid , 2017, IEEE Transactions on Smart Grid.

[58]  Muthucumaru Maheswaran,et al.  Security Challenges and Approaches in Internet of Things , 2016 .

[59]  Kwangjo Kim,et al.  Deep Abstraction and Weighted Feature Selection for Wi-Fi Impersonation Detection , 2018, IEEE Transactions on Information Forensics and Security.

[60]  Shahaboddin Shamshirband,et al.  Cooperative game theoretic approach using fuzzy Q-learning for detecting and preventing intrusions in wireless sensor networks , 2014, Eng. Appl. Artif. Intell..

[61]  Mohsen Guizani,et al.  Smart Cities: A Survey on Data Management, Security, and Enabling Technologies , 2017, IEEE Communications Surveys & Tutorials.

[62]  Ke Xu,et al.  A tutorial on the internet of things: from a heterogeneous network integration perspective , 2016, IEEE Network.

[63]  Theresa A. Pardo,et al.  Conceptualizing smart city with dimensions of technology, people, and institutions , 2011, dg.o '11.

[64]  Weihua Zhuang,et al.  PHY-Layer Spoofing Detection With Reinforcement Learning in Wireless Networks , 2016, IEEE Transactions on Vehicular Technology.

[65]  Willy Susilo,et al.  Secure Message Communication Protocol Among Vehicles in Smart City , 2018, IEEE Transactions on Vehicular Technology.

[66]  S. Geertman,et al.  The development of smart cities in China , 2015 .

[67]  Andreas Oberheitmann The Development of Smart Cities in China , 2017 .

[68]  Sanming Zhou,et al.  Networking for Big Data: A Survey , 2017, IEEE Communications Surveys & Tutorials.

[69]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[70]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[71]  A. Blyth,et al.  Effectiveness of blocking evasions in Intrusion Prevention Systems White Paper April , 2013 .

[72]  Jiguo Yu,et al.  Mutual Privacy Preserving $k$ -Means Clustering in Social Participatory Sensing , 2017, IEEE Transactions on Industrial Informatics.

[73]  Ahmed Ahmim,et al.  Privacy-Preserving Schemes for Ad Hoc Social Networks: A Survey , 2016, IEEE Communications Surveys & Tutorials.

[74]  Ingmar Baumgart,et al.  Privacy-Aware Smart Metering: A Survey , 2014, IEEE Communications Surveys & Tutorials.

[75]  Zhili Sun,et al.  Blockchain-Based Dynamic Key Management for Heterogeneous Intelligent Transportation Systems , 2017, IEEE Internet of Things Journal.

[76]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[77]  Jinjun Chen,et al.  Threats to Networking Cloud and Edge Datacenters in the Internet of Things , 2016, IEEE Cloud Computing.

[78]  Muhammad Khurram Khan,et al.  A software agent enabled biometric security algorithm for secure file access in consumer storage devices , 2017, IEEE Transactions on Consumer Electronics.

[79]  Zahid Anwar,et al.  Ontology for attack detection: An intelligent approach to web application security , 2014, Comput. Secur..

[80]  Yasin Kabalci,et al.  A survey on smart metering and smart grid communication , 2016 .

[81]  Kishore Angrishi,et al.  Turning Internet of Things(IoT) into Internet of Vulnerabilities (IoV) : IoT Botnets , 2017, ArXiv.

[82]  Eleni I. Vlahogianni,et al.  A Real-Time Parking Prediction System for Smart Cities , 2016, J. Intell. Transp. Syst..

[83]  Xiong Luo,et al.  A kernel machine-based secure data sensing and fusion scheme in wireless sensor networks for the cyber-physical systems , 2016, Future Gener. Comput. Syst..

[84]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[85]  Nils Walravens,et al.  Mobile Business and the Smart City: Developing a Business Model Framework to Include Public Design Parameters for Mobile City Services , 2012, J. Theor. Appl. Electron. Commer. Res..

[86]  Hongbo Zhu,et al.  Deceptive Attack and Defense Game in Honeypot-Enabled Networks for the Internet of Things , 2016, IEEE Internet of Things Journal.

[87]  Shaolei Ren,et al.  Game Theory for Cyber Security and Privacy , 2017, ACM Comput. Surv..

[88]  Adnan M. Abu-Mahfouz,et al.  Smart water meter system for user-centric consumption measurement , 2015, 2015 IEEE 13th International Conference on Industrial Informatics (INDIN).

[89]  Nathan Shone,et al.  Advancing the Micro-CI Testbed for IoT Cyber-Security Research and Education , 2017 .

[90]  Chunxiao Jiang,et al.  Information Security in Big Data: Privacy and Data Mining , 2014, IEEE Access.

[91]  Md. Zakirul Alam Bhuiyan,et al.  Shared-node IoT network architecture with ubiquitous homomorphic encryption for healthcare monitoring , 2015, Int. J. Embed. Syst..

[92]  Sneha A. Dalvi,et al.  Internet of Things for Smart Cities , 2017 .

[93]  Ricardo Jardim-Gonçalves,et al.  Towards a reference ontology for security in the Internet of Things , 2015, 2015 IEEE International Workshop on Measurements & Networking (M&N).

[94]  Saraju P. Mohanty,et al.  Everything You Wanted to Know About Smart Cities , 2016, IEEE Consumer Electron. Mag..

[95]  G. Loewenstein,et al.  Privacy and human behavior in the age of information , 2015, Science.

[96]  Bashar Nuseibeh,et al.  Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms , 2016, IOT.

[97]  Alfred Kobsa,et al.  Privacy preference modeling and prediction in a simulated campuswide IoT environment , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[98]  M. Bolívar,et al.  Governing the smart city: a review of the literature on smart urban governance , 2016 .

[99]  Karen Renaud,et al.  Yes, I know this IoT Device Might Invade my Privacy, but I Love it Anyway! A Study of Saudi Arabian Perceptions , 2017, IoTBDS.

[100]  Basel Alomair,et al.  Efficient Authentication for Mobile and Pervasive Computing , 2010, IEEE Transactions on Mobile Computing.

[101]  Fabio Roli,et al.  Adversarial Biometric Recognition : A review on biometric system security from the adversarial machine-learning perspective , 2015, IEEE Signal Processing Magazine.

[102]  Nathalie Mitton,et al.  Towards a smart city based on cloud of things, a survey on the smart city vision and paradigms , 2017, Trans. Emerg. Telecommun. Technol..

[103]  Zahid Mahmood,et al.  Lightweight Two-Level Session Key Management for End User Authentication in Internet of Things , 2016, 2016 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[104]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[105]  Ruby B. Lee,et al.  Multi-sensor authentication to improve smartphone security , 2015, 2015 International Conference on Information Systems Security and Privacy (ICISSP).

[106]  Haibo He,et al.  A Hierarchical Distributed Fog Computing Architecture for Big Data Analysis in Smart Cities , 2015, ASE BD&SI.