Security and privacy issues of physical objects in the IoT: Challenges and opportunities

Abstract In the Internet of Things (IoT), security and privacy issues of physical objects are crucial to the related applications. In order to clarify the complicated security and privacy issues, the life cycle of a physical object is divided into three stages of pre-working, in-working, and post-working. On this basis, a physical object-based security architecture for the IoT is put forward. According to the security architecture, security and privacy requirements and related protecting technologies for physical objects in different working stages are analyzed in detail. Considering the development of IoT technologies, potential security and privacy challenges that IoT objects may face in the pervasive computing environment are summarized. At the same time, possible directions for dealing with these challenges are also pointed out.

[1]  Qian Ping Survey on privacy preservation in IoT , 2013 .

[2]  David A. Wagner,et al.  Privacy and security in library RFID: issues, practices, and architectures , 2004, CCS '04.

[3]  Florin Sandu,et al.  SDR Implementation of a D2D Security Cryptographic Mechanism , 2019, IEEE Access.

[4]  Laurence T. Yang,et al.  Anonymous Credential-Based Access Control Scheme for Clouds , 2015, IEEE Cloud Computing.

[5]  Bin Zhao,et al.  IMBAS: Identity-based multi-user broadcast authentication in wireless sensor networks , 2008, Comput. Commun..

[6]  Wenjing Lou,et al.  Multi-user Broadcast Authentication in Wireless Sensor Networks , 2007, 2007 4th Annual IEEE Communications Society Conference on Sensor, Mesh and Ad Hoc Communications and Networks.

[7]  Xiaoyan Zhu,et al.  An Efficient Anonymous Batch Authentication Scheme Based on HMAC for VANETs , 2016, IEEE Transactions on Intelligent Transportation Systems.

[8]  Chris Clifton,et al.  Privacy-Preserving Decision Trees over Vertically Partitioned Data , 2005, DBSec.

[9]  Guang Gong,et al.  Accelerating signature-based broadcast authentication for wireless sensor networks , 2012, Ad Hoc Networks.

[10]  Naixue Xiong,et al.  Anonymity-Based Privacy-Preserving Data Reporting for Participatory Sensing , 2015, IEEE Internet of Things Journal.

[11]  Huansheng Ning,et al.  The yoking-proof-based authentication protocol for cloud-assisted wearable devices , 2016, Personal and Ubiquitous Computing.

[12]  Huei-Ru Tseng On the security of a unique batch authentication protocol for vehicle-to-grid communications , 2012, 2012 12th International Conference on ITS Telecommunications.

[13]  Sugata Sanyal,et al.  Survey of Security and Privacy Issues of Internet of Things , 2015, ArXiv.

[14]  G. Edward Suh,et al.  Physical Unclonable Functions for Device Authentication and Secret Key Generation , 2007, 2007 44th ACM/IEEE Design Automation Conference.

[15]  Juan E. Tapiador,et al.  M2AP: A Minimalist Mutual-Authentication Protocol for Low-Cost RFID Tags , 2006, UIC.

[16]  Jin-Woo Han,et al.  Self-Destructible Fin Flip-Flop Actuated Channel Transistor , 2016, IEEE Electron Device Letters.

[17]  L. D.G.,et al.  Research in a Novel Integrated Chip of Safe and Initiation Control , 2012 .

[18]  Wenjing Lou,et al.  On Broadcast Authentication in Wireless Sensor Networks , 2006, IEEE Transactions on Wireless Communications.

[19]  B V Santhosh Krishna,et al.  A systematic study of security issues in Internet-of-Things (IoT) , 2017, 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC).

[20]  Dan Feng,et al.  SeDas: A Self-Destructing Data System Based on Active Storage Framework , 2013, IEEE Transactions on Magnetics.

[21]  Srinivas Devadas,et al.  Reliable and efficient PUF-based key generation using pattern matching , 2011, 2011 IEEE International Symposium on Hardware-Oriented Security and Trust.

[22]  S. H. Choi,et al.  An RFID-based Anti-counterfeiting System , 2008 .

[23]  Brian King,et al.  An Anti-Counterfeiting RFID Privacy Protection Protocol , 2007, Journal of Computer Science and Technology.

[24]  Xiaoyan Zhu,et al.  A conditional privacy scheme based on anonymized batch authentication in Vehicular Ad Hoc Networks , 2013, 2013 IEEE Wireless Communications and Networking Conference (WCNC).

[25]  Arnab Raha,et al.  D-PUF , 2017, ACM Trans. Embed. Comput. Syst..

[26]  Yang Wang,et al.  CloudSky: A Controllable Data Self-Destruction System for Untrusted Cloud Storage Networks , 2015, 2015 15th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[27]  Min Zhao,et al.  Physical Unclonable Function Based Authentication Protocol for Unit IoT and Ubiquitous IoT , 2016, 2016 International Conference on Identification, Information and Knowledge in the Internet of Things (IIKI).

[28]  Laurence T. Yang,et al.  Shared Authority Based Privacy-Preserving Authentication Protocol in Cloud Computing , 2015, IEEE Transactions on Parallel and Distributed Systems.

[29]  Laurence T. Yang,et al.  Grouping-Proofs-Based Authentication Protocol for Distributed RFID Systems , 2013, IEEE Transactions on Parallel and Distributed Systems.

[30]  Arun Somani,et al.  Distributed fault detection of wireless sensor networks , 2006, DIWANS '06.

[31]  Jie Liu,et al.  A Data-Driven Robustness Algorithm for the Internet of Things in Smart Cities , 2017, IEEE Communications Magazine.

[32]  Hong Liu,et al.  Cooperative Privacy Preservation for Wearable Devices in Hybrid Computing-Based Smart Health , 2019, IEEE Internet of Things Journal.

[33]  Berk Sunar,et al.  State of the art in ultra-low power public key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications Workshops.

[34]  Wei Ni,et al.  Survey on blockchain for Internet of Things , 2019, Comput. Commun..

[35]  Jianfeng Ma,et al.  A full lifecycle privacy protection scheme for sensitive data in cloud computing , 2014, Peer-to-Peer Networking and Applications.

[36]  HuWen,et al.  DTLS based security and two-way authentication for the Internet of Things , 2013, ADHOCNETS 2013.

[37]  Donggang Liu,et al.  Multilevel μTESLA: Broadcast authentication for distributed sensor networks , 2004, TECS.

[38]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[39]  Mohammad Reza Aref,et al.  A secure authentication scheme for VANETs with batch verification , 2015, Wirel. Networks.

[40]  Georg Carle,et al.  DTLS based security and two-way authentication for the Internet of Things , 2013, Ad Hoc Networks.

[41]  Laurence T. Yang,et al.  Aggregated-Proof Based Hierarchical Authentication Scheme for the Internet of Things , 2015, IEEE Transactions on Parallel and Distributed Systems.

[42]  Tie Qiu,et al.  A Secure Time Synchronization Protocol Against Fake Timestamps for Large-Scale Internet of Things , 2017, IEEE Internet of Things Journal.

[43]  Huansheng Ning,et al.  Secure Authentication and Prescription Safety Protocol for Telecare Health Services Using Ubiquitous IoT , 2017 .

[44]  Yunhao Liu,et al.  Informative counting: fine-grained batch authentication for large-scale RFID systems , 2013, MobiHoc.

[45]  Mohsen Guizani,et al.  Battery Status-aware Authentication Scheme for V2G Networks in Smart Grid , 2013, IEEE Transactions on Smart Grid.

[46]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[47]  Zahid Mahmood,et al.  Distributed Multiparty Key Management for Efficient Authentication in the Internet of Things , 2018, IEEE Access.

[48]  Laurence T. Yang,et al.  Selective disclosure and yoking-proof based privacy-preserving authentication scheme for cloud assisted wearable devices , 2018, Future Gener. Comput. Syst..

[49]  Laurence T. Yang,et al.  Cyberentity Security in the Internet of Things , 2013, Computer.

[50]  Yan Xie,et al.  Microfluidic device for triggered chip transience , 2013, 2013 IEEE SENSORS.

[51]  Gail-Joon Ahn,et al.  Efficient Anonymous Message Submission , 2012, IEEE Transactions on Dependable and Secure Computing.

[52]  Lei Yang,et al.  Identification-free batch authentication for RFID tags , 2010, The 18th IEEE International Conference on Network Protocols.

[53]  Xuefeng Zheng,et al.  A Hexagon-based Key Pre-distribution Scheme for Large Scale Static Wireless Sensor Networks , 2008, J. Commun..

[54]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[55]  Utz Roedig,et al.  Securing communication in 6LoWPAN with compressed IPsec , 2011, 2011 International Conference on Distributed Computing in Sensor Systems and Workshops (DCOSS).

[57]  Yue Zhao,et al.  Study of a novel bi-stable and easy integrated MEMS ETBS , 2012, 2012 7th IEEE International Conference on Nano/Micro Engineered and Molecular Systems (NEMS).

[58]  Ovidiu Banias,et al.  Combined Malicious Node Discovery and Self-Destruction Technique for Wireless Sensor Networks , 2009, 2009 Third International Conference on Sensor Technologies and Applications.

[59]  Laurence T. Yang,et al.  Role-Dependent Privacy Preservation for Secure V2G Networks in the Smart Grid , 2014, IEEE Transactions on Information Forensics and Security.

[60]  Tie Qiu,et al.  Security and Privacy Preservation Scheme of Face Identification and Resolution Framework Using Fog Computing in Internet of Things , 2017, IEEE Internet of Things Journal.

[61]  Liming Chen,et al.  Users' Privacy Concerns in IoT Based Applications , 2018, 2018 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Cloud & Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI).

[62]  G. Edward Suh,et al.  Extracting secret keys from integrated circuits , 2005, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[63]  Yue Xu,et al.  A unified face identification and resolution scheme using cloud computing in Internet of Things , 2018, Future Gener. Comput. Syst..

[64]  Daniel Curiac,et al.  Energy-driven methodology for node self-destruction in wireless sensor networks , 2009, 2009 5th International Symposium on Applied Computational Intelligence and Informatics.

[65]  Rebecca N. Wright,et al.  Privacy-Preserving Computation of Bayesian Networks on Vertically Partitioned Data , 2006, IEEE Transactions on Knowledge and Data Engineering.

[66]  Huanyu Cheng,et al.  A Physically Transient Form of Silicon Electronics , 2012, Science.

[67]  W. Lou,et al.  Simulation research on a novel micro-fluidic self-destruct device for microchips , 2010, 2010 IEEE 5th International Conference on Nano/Micro Engineered and Molecular Systems.

[68]  Liming Chen,et al.  An Open Internet of Things System Architecture Based on Software-Defined Device , 2019, IEEE Internet of Things Journal.

[69]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[70]  Laurence T. Yang,et al.  Aggregated-Proofs Based Privacy-Preserving Authentication for V2G Networks in the Smart Grid , 2012, IEEE Transactions on Smart Grid.

[71]  Hong Liu,et al.  Cyber-Physical-Social Based Security Architecture for Future Internet of Things , 2012, IOT 2012.

[72]  Jorge Sá Silva,et al.  A secure interconnection model for IPv6 enabled wireless sensor networks , 2010, 2010 IFIP Wireless Days.

[73]  Jianfeng Ma,et al.  A Secure Data Self-Destructing Scheme in Cloud Computing , 2014, IEEE Transactions on Cloud Computing.

[74]  Abdelmalek Azizi,et al.  Internet of things security , 2017, 2017 International Conference on Wireless Technologies, Embedded and Intelligent Systems (WITS).

[75]  Bryan Ford,et al.  Dissent: accountable anonymous group messaging , 2010, CCS '10.

[76]  Shiuh-Pyng Shieh,et al.  An efficient broadcast authentication scheme in wireless sensor networks , 2006, ASIACCS '06.

[77]  Iluminada Baturone,et al.  A dual-factor access control system based on device and user intrinsic identifiers , 2016, IECON 2016 - 42nd Annual Conference of the IEEE Industrial Electronics Society.

[78]  Radia Perlman,et al.  The ephemerizer: making data disappear , 2005 .

[79]  Berk Sunar,et al.  Low-Power Elliptic Curve Cryptography Using Scaled Modular Arithmetic , 2004, CHES.

[80]  Maode Ma,et al.  UBAPV2G: A Unique Batch Authentication Protocol for Vehicle-to-Grid Communications , 2011, IEEE Transactions on Smart Grid.

[81]  Ahmad-Reza Sadeghi,et al.  Efficient Helper Data Key Extractor on FPGAs , 2008, CHES.

[82]  Xiaojiang Du,et al.  A Lightweight Multicast Authentication Mechanism for Small Scale IoT Applications , 2013, IEEE Sensors Journal.

[83]  Dharma P. Agrawal,et al.  Intrusion Detection in Homogeneous and Heterogeneous Wireless Sensor Networks , 2008, IEEE Transactions on Mobile Computing.

[84]  Zhi Chen,et al.  A lightweight attribute-based encryption scheme for the Internet of Things , 2015, Future Gener. Comput. Syst..

[85]  Maode Ma,et al.  A Batch Authentication Protocol for V2G Communications , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.

[86]  Lisandro Zambenedetti Granville,et al.  A DTLS-based security architecture for the Internet of Things , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[87]  Ingrid Verbauwhede,et al.  PUFKY: A Fully Functional PUF-Based Cryptographic Key Generator , 2012, CHES.

[88]  Andrei V. Gurtov,et al.  PAuthKey: A Pervasive Authentication Protocol and Key Establishment Scheme for Wireless Sensor Networks in Distributed IoT Applications , 2014, Int. J. Distributed Sens. Networks.