Privacy and Security in Internet of Things and Wearable Devices

Enter the nascent era of Internet of Things (IoT) and wearable devices, where small embedded devices loaded with sensors collect information from its surroundings, process it, and relay it to remote locations for further analysis. Albeit looking harmless, these nascent technologies raise security and privacy concerns. We pose the question of the possibility and effects of compromising such devices. Concentrating on the design flow of IoT and wearable devices, we discuss some common design practices and their implications on security and privacy. Two representatives from each category, the Google Nest Thermostat and the Nike+ Fuelband, are selected as examples on how current industry practices of security as an afterthought or an add-on affect the resulting device and the potential consequences to the user's security and privacy. We then discuss design flow enhancements, through which security mechanisms can efficiently be added into a device, vastly differing from traditional practices.

[1]  Óscar García-Morchón,et al.  End-to-End Transport Security in the IP-Based Internet of Things , 2012, 2012 21st International Conference on Computer Communications and Networks (ICCCN).

[2]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[3]  Kevin Fu,et al.  Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[4]  Ramjee Prasad,et al.  Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT) , 2010, CNSA.

[5]  Carlos V. Rozas,et al.  Innovative instructions and software model for isolated execution , 2013, HASP '13.

[6]  Adam Thierer,et al.  The Internet of Things and Wearable Technology: Addressing Privacy and Security Concerns without Derailing Innovation , 2015 .

[7]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[8]  Scott D. Lathrop,et al.  Wireless security threat taxonomy , 2003, IEEE Systems, Man and Cybernetics SocietyInformation Assurance Workshop, 2003..

[9]  Robin Seggelmann SCTP: strategies to secure end-to-end communication , 2012 .

[10]  Dave Evans,et al.  How the Next Evolution of the Internet Is Changing Everything , 2011 .

[11]  G. Manduchi,et al.  Performance Comparison of VxWorks, Linux, RTAI, and Xenomai in a Hard Real-Time Application , 2008, IEEE Transactions on Nuclear Science.

[12]  Ramjee Prasad,et al.  Identity Authentication and Capability Based Access Control (IACAC) for the Internet of Things , 2012, J. Cyber Secur. Mobil..

[13]  Antonio Iera,et al.  A systemic and cognitive approach for IoT security , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[14]  Ibrahim Haddad Open-source compliance , 2009 .

[15]  Klaus Wehrle,et al.  Privacy in the Internet of Things: threats and challenges , 2014, Secur. Commun. Networks.

[16]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[17]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[18]  Massimo Barbaro,et al.  A Face Is Exposed for AOL Searcher No , 2006 .

[19]  William A. Arbaugh,et al.  A secure and reliable bootstrap architecture , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[20]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[21]  Ittai Anati,et al.  Innovative Technology for CPU Based Attestation and Sealing , 2013 .

[22]  Yacine Challal,et al.  A Systemic Approach for IoT Security , 2013, 2013 IEEE International Conference on Distributed Computing in Sensor Systems.

[23]  Rodrigo Roman,et al.  Securing the Internet of Things , 2017, Smart Cards, Tokens, Security and Applications, 2nd Ed..

[24]  Geoff Mulligan,et al.  The 6LoWPAN architecture , 2007, EmNets '07.

[25]  Christof Paar,et al.  Stealthy dopant-level hardware Trojans: extended version , 2013, Journal of Cryptographic Engineering.

[26]  Fei Zhao,et al.  The Future of Personal Area Networks in a Ubiquitous Computing World , 2010, Int. J. Adv. Pervasive Ubiquitous Comput..

[27]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[28]  Hans Schaffers,et al.  Smart Cities and the Future Internet: Towards Cooperation Frameworks for Open Innovation , 2011, Future Internet Assembly.