research-article

Security and privacy threats in IoT architectures

Authors:

Jari Veijalainen,

Yasir AliAuthors Info & Claims

BodyNets '12: Proceedings of the 7th International Conference on Body Area Networks

Pages 256 - 262

Published: 24 February 2012 Publication History

Abstract

In this paper, we describe developments towards the Internet of Things (IoT) and discuss architecture visions for the IoT. Our emphasis is to analyze the known and new threats for the security, privacy and trust (SPT) at different levels of architecture. Our strong view is that the IoT will be an important part of the global huge ICT infrastructure ("future Internet") humanity will be strongly relying on in the future with relatively few data centers connected to trillions of sensors and other "things" over gateways, various access networks and a global network connecting them. While the infrastructure is globally connected, it is divided into millions of management domains, such as homes, smart cities, power grids, access points and networks, data centers, etc. It will evolve both bottom-up and top-down. An important question is what consequences a bottom-up and top-down construction of the IoT infrastructure has for the security, privacy and trust and what kind of regulation is appropriate. We review the currently emerging privacy regulation in EU.

References

[1]

Weiser, M. 1991. The Computer for the 21st century, Scientific American 265(3): 94--104.

[2]

Wright, D., Gutwirth, S., Friedewald, M., Vildjiounaite, E. and Punie, Y. (Eds). 2008. Safeguards in a World of Ambient Intelligence, Springer Verlag.

Digital Library

[3]

Kopetz, H. 2011. Internet of Things. Ch 13. In Real-Time Systems: Design Principles for Distributed Embedded Applications. 2nd Edition. Springer Verlag 2011, 307--323. DOI 10.1007/978-1-4419-8237-7_13.

[4]

Straub, T. and Heinemann, A. 2008. Security for ubiquitous computing, In M. Mühlhäuser and I. Gurevych, Handbook of Research on Ubiquitous Computing Technology for Real Time Enterprises, IGI Global, pp. 337--362.

[5]

Wu, G., Talwar, S., Johnsson, K., Himayat, N., and Johnson, K. D. 2011. Recent Progress in Machine-To-Machine Communications, IEEE Communication Magazine. Apr. 2011, 36--43.

[6]

Molina-Markham, A., Shenoy, P., Fu, K., Cecchet, E., Irwin, D. 2010. Private Memoirs of a Smart Meter. Proc. of BuildSys 2010 61--66.

Digital Library

[7]

Atzori, L. Iera, A., and Morabito, G., The Internet of Things: A survey, Computer Networks 54 (2010) 2787--2805.

Digital Library

[8]

Guinard, G., Fischer, M. Trifa, V. 2010. Sharing using social networks in a composable web of things. In Proceedings of the 8th IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOM Workshops), 702--707. IEEE CS. DOI=10.1109/PERCOMW.2010.5470524.

[9]

Mattern, F. and Floerkemeier, C. 2010. From the Internet of Computers to the Internet of Things. In K. Sachs, I. Petrov, and P. Guerrero (Eds.): Buchmann Festschrift, LNCS 6462, 242--259, 2010. Springer-Verlag 2010.

Digital Library

[10]

Botts, M., Percivaal, G., Reed, C., Davidson, J., Nittel, S., Labrinidis, A., Stefanidis, A. 2008. GeoSensor Networks, Springer Berlin/Heidelberg.

[11]

IoT-A, Internet of Things --Architecture. Retrieved on June 20, 2012 from http://www.iot-a.eu/public/front-page.

[12]

ISO/IEC 2012. Information Technology -- Telecommunication and Information exchange between systems. International Standard, Final Draft, ISO/IEC 29180.

[13]

Stuckman, P., Zimmerman, R. 2009. European Research on Future Internet Design. IEEE Wireless Communications Oct. 2009, 14--22.

Digital Library

[14]

Stajano, F. 2010. Security Issues in Ubiquitous Computing. In H. Nakashima, H. Aghajan and J. C. Augusto (Eds). Handbook of Ambient Intelligence and Smart Environments, Springer, pp. 281--314.

[15]

Das, S. K., Agah, A. and Kumar, M. 2008. Security in Pervasive Computing, In H. Nemati (ed). Information Security and Ethics: Concepts, Methodologies, Tools and Applications, IGI Global, pp. 3627--3643.

[16]

Ioannidis, S. 2008. Security and Privacy in a Networked and Mobile World. Retrieved on June 30, 2012 from http://www.ict-forward.eu/media/publications/fidis2008-presentation-forward.pdf.

[17]

Dlamini, M. T., Eloff, M. M. and Eloff, J. H. P. 2009. Internet of things: emerging and future scenarios from an information security perspective. In Proceedings of the Southern Africa Telecommunication Networks and Applications Conference (SATNAC 2009), Swaziland, 30 August-2 September 2009, pp. 6.

[18]

Poslad, S. 2009. Ubiquitous Computing: Smart Devices, Environments and Interactions, John Wiley and Sons, pp. 386--392.

Digital Library

[19]

Bos, H., Ioannidis, S., Jonssom, E., Kirda, E. and Kruegel, C. 2008. Future Threats to Future Trust, In Proceedings of the Future Trust in Computing Conference, Berlin, Germany: 2008, available at http://www.ics.forth.gr/dcs/Activities/papers/fot.pdf.

[20]

Kruegel, C. and Ioannidis, S. 2009. On Looking FORWARD, ERCIM NEWS, vol. 76, Jan. 2009, pp. 62--63.

[21]

Markatos, E., Ioannidis, S. and Kruegel, C. 2008. From the World of Security - A Word from the Experts Tracing the Changing Nature of Cyber-attacks, ENISA Quartely Review, vol. 4, p. 4.

[22]

Biedermann, S., Katzenbeisser, S. 2011. Detecting computer worms in the cloud, In J. Camenish and D. Kesdogan (Eds.), Open Problems in Network Security, Lecture Notes in Computer Science 7039, 43--54.

Digital Library

[23]

Carr. J. 2012. Inside Cyber Warfare. O'Reilly Media, Inc., Sebastopol, Calif. USA.

[24]

Cole, P. H. and Ranasinghe, D. C. (Eds). 2007. Networked RFID Systems and Lightweight Cryptography: Raising Barriers to Product Counterfeiting, Springer Verlag.

Digital Library

[25]

MacManus, R. 2009. Should Consumers Fear the Internet of Things? Retrieved On June 7, 2012 from http://www.readwriteweb.com/archives/rfid_fear.php.

[26]

Carbunar, B. Yu, Y., Shi, W., Pearce, M, and Vasudevan, V. 2010. Query privacy in wireless sensor networks. ACM Transactions on Sensor Networks, Vol. 6, No. 2, Article 14. DOI=http://doi.acm.org/10.1145/1689239.1689244.

Digital Library

[27]

Bao, F., Li, H. and Wang, G. 2009. Information Security Practice and Experience. In Proceedings of the 5th International Conference IPSEC 2009, Xi'an, China, 13--15.

[28]

Ouyang, Y., Le, Z., Liu, D., Ford, J., and Makedon, F. 2008. Source Location Privacy against Laptop-Class attacks in sensor networks. In Proceedings of the 4th international conference on Security and privacy in communication networks, 5, (Istanbul, 2008), ACM New York, available at http://dl.acm.org/citation.cfm?doid=1460877.1460884.

Digital Library

[29]

Bonaci, T., Bushnell, L., Poovendran, R. 2010. Node Capture Attacks in Wireless Sensor Networks: A system theoretic approach, In Proceedings of Decision&Control (CDC), 2010, 49^th IEEE conference on Digital Object Identifier, Atlanta, GA, 6765-6772.

[30]

Martins, D. and Guyennet, H. 2010. Wireless Sensor Network Attacks and Security Mechanisms: A Short Survey. In Proceedings of the 13^th International Conference on Network-Based Information Systems, IEEE Computer Society Press.

Digital Library

[31]

Raazi, S. M. K., Pervez, Z. and Lee, S. 2011. Key Management Schemes of Wireless Sensor Networks: A Survey, In A. K. Pathan (ed). Security of Self-Organizing Networks: MANET, WSN, WMN, VANET, CRC Press, pp. 297--316.

[32]

European Parliament. 1995. Directive 95/46/EC on the 'Protection of Individuals with regard to the Processing of Personal Data and on the Free Movement of such Data', available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML.

[33]

European Parliament. 2002. Directive 2002/58/EC on 'privacy and electronic communications', available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:en:PDF.

[34]

European Parliament and the Council. 2006. Directive 2006/24/EC 'for amending Directive 2002/58/EC', available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF.

[35]

European Commission. 2012. Proposal for European Parliament and the Council (General Data Protection Regulation), available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=COM:2012:0011:FIN:EN:PDF.

[36]

Langheinrich, M. 2001. Privacy by Design - Principles of Privacy-aware Ubiquitous Systems, In Proceedings of the 3^rd International Conference on Ubiquitous Computing, Springer, pp. 273--291.

Digital Library

Cited By

Pape SRannenberg K(2019)Applying Privacy Patterns to the Internet of Things' (IoT) ArchitectureMobile Networks and Applications10.1007/s11036-018-1148-224:3(925-933)Online publication date: 1-Jun-2019
https://dl.acm.org/doi/10.1007/s11036-018-1148-2
Memos VPsannis KIshibashi YKim BGupta B(2018)An Efficient Algorithm for Media-based Surveillance System (EAMSuS) in IoT Smart City FrameworkFuture Generation Computer Systems10.1016/j.future.2017.04.03983:C(619-628)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1016/j.future.2017.04.039
Yaqoob IAhmed ERehman MAhmed AAl-garadi MImran MGuizani M(2017)The rise of ransomware and emerging security challenges in the Internet of ThingsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2017.09.003129:P2(444-458)Online publication date: 24-Dec-2017
https://dl.acm.org/doi/10.1016/j.comnet.2017.09.003
Show More Cited By

Index Terms

Security and privacy threats in IoT architectures

Recommendations

Emerging Security Threats and Countermeasures in IoT
ASIA CCS '15: Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security

IoT (Internet of Things) diversifies the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level. As sensitive and private ...
Internet of Things (IoT): From awareness to continued use
Abstract
This paper proposes a research model with five constructs, i.e., IoT awareness, users’ IoT privacy knowledge, users’ IoT security knowledge, users’ IoT Trust, and continued intention to use IoT to bring clarity to the growing yet ...
Highlights
- Clarifying how variables linked from IoT awareness to IoT continued use.
- IoT ...
Security, privacy and trust in Internet of Things

Internet of Things (IoT) is characterized by heterogeneous technologies, which concur to the provisioning of innovative services in various application domains. In this scenario, the satisfaction of security and privacy requirements plays a fundamental ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

BodyNets '12: Proceedings of the 7th International Conference on Body Area Networks

February 2012

287 pages

ISBN:9781936968602

General Chair:
Ilangko Balasingham
Oslo University Hospital HF and Norwegian University of Science and Technology, Norway

Sponsors

ICST: International Communication Sciences and Technology Association

In-Cooperation

SIGCHI: ACM Special Interest Group on Computer-Human Interaction

Publisher

ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering)

Brussels, Belgium

Publication History

Published: 24 February 2012

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Tekes

Conference

BODYNETS'12

Sponsor:

ICST

BODYNETS'12: International Conference on Body Area Networks

February 24 - 26, 2012

Oslo, Norway

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

10
Total Citations
View Citations
2,208
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Pape SRannenberg K(2019)Applying Privacy Patterns to the Internet of Things' (IoT) ArchitectureMobile Networks and Applications10.1007/s11036-018-1148-224:3(925-933)Online publication date: 1-Jun-2019
https://dl.acm.org/doi/10.1007/s11036-018-1148-2
Memos VPsannis KIshibashi YKim BGupta B(2018)An Efficient Algorithm for Media-based Surveillance System (EAMSuS) in IoT Smart City FrameworkFuture Generation Computer Systems10.1016/j.future.2017.04.03983:C(619-628)Online publication date: 1-Jun-2018
https://dl.acm.org/doi/10.1016/j.future.2017.04.039
Yaqoob IAhmed ERehman MAhmed AAl-garadi MImran MGuizani M(2017)The rise of ransomware and emerging security challenges in the Internet of ThingsComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2017.09.003129:P2(444-458)Online publication date: 24-Dec-2017
https://dl.acm.org/doi/10.1016/j.comnet.2017.09.003
Moratelli CJohann SNeves MHessel FKent KYoo S(2016)Embedded virtualization for the design of secure IoT applicationsProceedings of the 27th International Symposium on Rapid System Prototyping: Shortening the Path from Specification to Prototype10.1145/2990299.2990301(2-6)Online publication date: 1-Oct-2016
https://dl.acm.org/doi/10.1145/2990299.2990301
Jacobsson ABoldt MCarlsson B(2016)A risk analysis of a smart home automation systemFuture Generation Computer Systems10.1016/j.future.2015.09.00356:C(719-733)Online publication date: 1-Mar-2016
https://dl.acm.org/doi/10.1016/j.future.2015.09.003
Masdari MJalali M(2016)A survey and taxonomy of DoS attacks in cloud computingSecurity and Communication Networks10.1002/sec.15399:16(3724-3751)Online publication date: 10-Nov-2016
https://dl.acm.org/doi/10.1002/sec.1539
GrØnli TPourghomi PGhinea G(2015)Towards NFC payments using a lightweight architecture for the Web of ThingsComputing10.1007/s00607-014-0397-697:10(985-999)Online publication date: 1-Oct-2015
https://dl.acm.org/doi/10.1007/s00607-014-0397-6
Ferraz FFerraz C(2014)Smart City Security IssuesProceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing10.1109/UCC.2014.137(842-847)Online publication date: 8-Dec-2014
https://dl.acm.org/doi/10.1109/UCC.2014.137
Poslad SHamdi MAbie HMattern FSantini SCanny JLangheinrich MRekimoto J(2013)Adaptive security and privacy management for the internet of things (ASPI 2013)Proceedings of the 2013 ACM conference on Pervasive and ubiquitous computing adjunct publication10.1145/2494091.2499770(373-378)Online publication date: 8-Sep-2013
https://dl.acm.org/doi/10.1145/2494091.2499770
GrØnli TGhinea GYounas M(2013)A Lightweight Architecture for the Web-of-ThingsProceedings of the 10th International Conference on Mobile Web Information Systems - Volume 809310.1007/978-3-642-40276-0_19(248-259)Online publication date: 26-Aug-2013
https://dl.acm.org/doi/10.1007/978-3-642-40276-0_19

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents