On the Security and Privacy of Internet of Things Architectures and Systems

The Internet of Things (IoT) brings together a multitude of technologies, with a vision of creating an interconnected world. This will benefit both corporations as well as the end-users. However, a plethora of security and privacy challenges need to be addressed for the IoT to be fully realized. In this paper, we identify and discuss the properties that constitute the uniqueness of the IoT in terms of the upcoming security and privacy challenges. Furthermore, we construct requirements induced by the aforementioned properties. We survey the four most dominant IoT architectures and analyze their security and privacy components with respect to the requirements. Our analysis shows a mediocre coverage of security and privacy requirements. Finally, through our survey we identify a number of research gaps that constitute the steps ahead for future research.

[1]  Artemis Moroni,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[2]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[3]  Michele Rossi,et al.  Iot-a Internet of Things Architecture Document Information , 2022 .

[4]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[5]  Shiuh-Pyng Shieh,et al.  Emerging Security Threats and Countermeasures in IoT , 2015, AsiaCCS.

[6]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[7]  Maurizio Tomasella,et al.  Vision and Challenges for Realising the Internet of Things , 2010 .

[8]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[9]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[10]  Günter Schäfer,et al.  Security in fixed and wireless networks - an introduction to securing data communications , 2004 .

[11]  Luca Veltri,et al.  Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview , 2013, Algorithms.

[12]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[13]  Gang Gan,et al.  Internet of Things Security Analysis , 2011, 2011 International Conference on Internet Technology and Applications.

[14]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[15]  Enzo Mingozzi,et al.  BETaaS: Building the Environment for the Things as a Service , 2013 .

[16]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[17]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[18]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[19]  Sarmad Ullah Khan,et al.  Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges , 2012, 2012 10th International Conference on Frontiers of Information Technology.

[20]  Riccardo Bonetto,et al.  Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[21]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[22]  Andrew P. Martin,et al.  Threat-Based Security Analysis for the Internet of Things , 2014, 2014 International Workshop on Secure Internet of Things.

[23]  Steffen Fries,et al.  Secure Identifiers and Initial Credential Bootstrapping for IoT@Work , 2012, 2012 Sixth International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[24]  Cynthia Dwork,et al.  Differential privacy and robust statistics , 2009, STOC '09.

[25]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[26]  Ramjee Prasad,et al.  Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.

[27]  Glen Zorn,et al.  IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines , 2003, RFC.

[28]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[29]  Tim Dierks,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008 .

[30]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[31]  Alessandro Bassi,et al.  Enabling Things to Talk , 2013, Springer Berlin Heidelberg.

[32]  Audun Jøsang,et al.  A survey of trust and reputation systems for online service provision , 2007, Decis. Support Syst..

[33]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[34]  Sneha A. Dalvi,et al.  Internet of Things for Smart Cities , 2017 .

[35]  Laurence T. Yang,et al.  Cyberentity Security in the Internet of Things , 2013, Computer.

[36]  Yufei Tao,et al.  M-invariance: towards privacy preserving re-publication of dynamic datasets , 2007, SIGMOD '07.

[37]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[38]  Sean W. Smith,et al.  Protecting client privacy with trusted computing at the server , 2005, IEEE Security & Privacy Magazine.

[39]  Geir M. Køien,et al.  Security and privacy in the Internet of Things: Current status and open issues , 2014, 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS).

[40]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[41]  Carlo Maria Medaglia,et al.  An Overview of Privacy and Security Issues in the Internet of Things , 2010 .

[42]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[43]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[44]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[45]  Remi Badonnel,et al.  Monitoring and Security for the Internet of Things , 2013, AIMS.

[46]  Lingling Gao,et al.  A unified perspective on the factors influencing consumer acceptance of internet of things technology , 2014 .

[47]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[48]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[49]  Jörg Daubert,et al.  A view on privacy & trust in IoT , 2015, 2015 IEEE International Conference on Communication Workshop (ICCW).

[50]  Evangelos N. Gazis,et al.  Security Perspectives for Collaborative Data Acquisition in the Internet of Things , 2014, IoT360.