Privacy in the Internet of Things: threats and challenges

The Internet of Things paradigm envisions the pervasive interconnection and cooperation of smart things over the current and future Internet infrastructure. The Internet of Things is, thus, the evolution of the Internet to cover the real world, enabling many new services that will improve people's everyday lives, spawn new businesses, and make buildings, cities, and transport smarter. Smart things allow indeed for ubiquitous data collection or tracking, but these useful features are also examples of privacy threats that are already now limiting the success of the Internet of Things vision when not implemented correctly. These threats involve new challenges such as the pervasive privacy-aware management of personal data or methods to control or avoid ubiquitous tracking and profiling. This paper analyzes the privacy issues in the Internet of Things in detail. To this end, we first discuss the evolving features and trends in the Internet of Things with the goal of scrutinizing their privacy implications. Second, we classify and examine privacy threats in this new setting, pointing out the challenges that need to be overcome to ensure that the Internet of Things becomes a reality. Copyright © 2013 John Wiley & Sons, Ltd.

[1]  Javier López,et al.  Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN , 2012, ESORICS.

[2]  Antonio Iera,et al.  The Social Internet of Things (SIoT) - When social networks meet the Internet of Things: Concept, architecture and network characterization , 2012, Comput. Networks.

[3]  Cong Wang,et al.  Privacy-Preserving Public Auditing for Data Storage Security in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[4]  Hovav Shacham,et al.  Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds , 2009, CCS.

[5]  Suman Nath,et al.  Differentially private aggregation of distributed time-series with transformation and encryption , 2010, SIGMOD Conference.

[6]  Dan Lin,et al.  Preventing Information Leakage from Indexing in the Cloud , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[7]  Ari Juels,et al.  RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[8]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[9]  Vitaly Shmatikov,et al.  Myths and fallacies of "Personally Identifiable Information" , 2010, Commun. ACM.

[10]  Yang Wang,et al.  Personalization and privacy: a survey of privacy risks and remedies in personalization-based systems , 2012, User Modeling and User-Adapted Interaction.

[11]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[12]  Peter Szolovits,et al.  Evaluating the state-of-the-art in automatic de-identification. , 2007, Journal of the American Medical Informatics Association : JAMIA.

[13]  Emiliano Miluzzo,et al.  A survey of mobile phone sensing , 2010, IEEE Communications Magazine.

[14]  Karen Renaud,et al.  Privacy: Aspects, definitions and a multi-faceted privacy preservation approach , 2010, 2010 Information Security for South Africa.

[15]  Saša Radomirović,et al.  Towards a Model for Security and Privacy in the Internet of Things , 2010 .

[16]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[17]  J. Borges,et al.  A TAXONOMY OF PRIVACY , 2006 .

[18]  J. Voelcker,et al.  Stalked by satellite - an alarming rise in GPS-enabled harassment , 2006, IEEE Spectrum.

[19]  Moti Yung,et al.  Computer Security – ESORICS 2012 , 2012, Lecture Notes in Computer Science.

[20]  Klaus Wehrle,et al.  Security Challenges in the IP-based Internet of Things , 2011, Wirel. Pers. Commun..

[21]  Abhi Shelat,et al.  Privacy and identity management for everyone , 2005, DIM '05.

[22]  Chi-Yin Chow,et al.  Privacy in location-based services: a system architecture perspective , 2009, SIGSPACIAL.

[23]  Rogério Schmidt Feris,et al.  Video analytics for retail , 2007, 2007 IEEE Conference on Advanced Video and Signal Based Surveillance.

[24]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[25]  Andrew M. Odlyzko,et al.  Privacy, economics, and price discrimination on the Internet , 2003, ICEC '03.

[26]  H. Jeff Smith,et al.  Information Privacy: Measuring Individuals' Concerns About Organizational Practices , 1996, MIS Q..

[27]  William J. Kirsch,et al.  The protection of privacy and transborder flows of personal data: the work of the Council of Europe, the Organization for Economic Co-operation and Development and the European Economic Community , 1982, Legal Issues of Economic Integration.

[28]  Florian Michahelles,et al.  Architecting the Internet of Things , 2011 .

[29]  Robert P. Minch,et al.  Privacy issues in location-aware mobile devices , 2004, 37th Annual Hawaii International Conference on System Sciences, 2004. Proceedings of the.

[30]  Felix Wortmann,et al.  Internet of Things , 2015, Business & Information Systems Engineering.

[31]  Claude Castelluccia,et al.  A security framework for privacy-preserving data aggregation in wireless sensor networks , 2011, TOSN.

[32]  Barrington Moore,et al.  Privacy: Studies in Social and Cultural History. , 1986 .

[33]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[34]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[35]  Ilia Petrov,et al.  From Active Data Management to Event-Based Systems and More , 2010, Lecture Notes in Computer Science.

[36]  Ting Yu,et al.  What are customers looking at? , 2007, 2007 IEEE Conference on Advanced Video and Signal Based Surveillance.

[37]  Salil S. Kanhere,et al.  A survey on privacy in mobile participatory sensing applications , 2011, J. Syst. Softw..

[38]  Philip S. Yu,et al.  Privacy-preserving data publishing: A survey of recent developments , 2010, CSUR.

[39]  Liang Zhang,et al.  Organizational memory: reducing source-sink distance , 1997, Proceedings of the Thirtieth Hawaii International Conference on System Sciences.

[40]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[41]  Yang Yu,et al.  Query privacy in wireless sensor networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[42]  Mikhail J. Atallah,et al.  Proceedings of the 10th international conference on Privacy enhancing technologies , 2010 .

[43]  Lewis A. Coser,et al.  Privacy: Studies in Social and Cultural History. , 1985 .

[44]  Alanson P. Sample,et al.  A capacitive touch interface for passive RFID tags , 2009, 2009 IEEE International Conference on RFID.

[45]  James H. Aylor,et al.  Computer for the 21st Century , 1999, Computer.

[46]  Leilani Battle,et al.  Building the Internet of Things Using RFID: The RFID Ecosystem Experience , 2009, IEEE Internet Computing.

[47]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[48]  Pierangela Samarati,et al.  Location privacy in pervasive computing , 2008 .

[49]  Marten van Dijk,et al.  On the Impossibility of Cryptography Alone for Privacy-Preserving Cloud Computing , 2010, HotSec.

[50]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[51]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[52]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[53]  Friedemann Mattern,et al.  From the Internet of Computers to the Internet of Things , 2010, From Active Data Management to Event-Based Systems and More.

[54]  Ton van Deursen 50 Ways to Break RFID Privacy , 2010, PrimeLife.

[55]  K. David,et al.  Wireless Visions: A Look to the Future by the Fellows of the WWRF , 2012, IEEE Vehicular Technology Magazine.

[56]  Ayman I. Kayssi,et al.  Privacy as a Service: Privacy-Aware Data Storage and Processing in Cloud Computing Architectures , 2009, 2009 Eighth IEEE International Conference on Dependable, Autonomic and Secure Computing.

[57]  Michael G. Bailey,et al.  The urgency for effective user privacy-education to counter social engineering attacks on secure computer systems , 2004, CITC5 '04.

[58]  Florian Michahelles,et al.  Things That Twitter: Social Networks and the Internet of Things , 2010, Pervasive 2010.

[59]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[60]  Marc Langheinrich,et al.  A survey of RFID privacy approaches , 2009, Personal and Ubiquitous Computing.

[61]  Shivakant Mishra,et al.  Decorrelating wireless sensor network traffic to inhibit traffic analysis attacks , 2006, Pervasive Mob. Comput..

[62]  Alfred Kobsa,et al.  Privacy-Enhanced Web Personalization , 2007, The Adaptive Web.

[63]  Peter Friess,et al.  Internet of Things Strategic Research Roadmap , 2011 .

[64]  Wensheng Zhang,et al.  GP^2S: Generic Privacy-Preservation Solutions for Approximate Aggregation of Sensor Data (concise contribution) , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).

[65]  Seungyeop Han,et al.  These aren't the droids you're looking for: retrofitting android to protect data from imperious applications , 2011, CCS '11.

[66]  E. Todeva Networks , 2007 .

[67]  Joseph Gray Jackson,et al.  Privacy and Freedom , 1968 .

[68]  Kui Ren,et al.  Distributed Privacy-Preserving Access Control in Sensor Networks , 2012, IEEE Transactions on Parallel and Distributed Systems.