Quantifying Security and Privacy in Internet of Things Solutions (original) (raw)
Related papers
Identification of Privacy and Security Risks of Internet of Things: An Empirical Investigation
Review of Computer Engineering Research
The internet of things (IOT) is a phenomenon of connected devices over the internet to ease human life. It is a system where a separate computing device embedded with sensors is connected to other devices or to the cloud through the different infrastructures of the Internet. The implication of the IOT is still challenging in a geographically distributed environment. Particularly, the main challenges are associated with data privacy and security. In this study, we investigate in the report the risks/issue related to IoT data privacy and security from the existing literature for the last two years and provide a review. We identify a total of seven issues related to IoT data privacy and security. The findings revolved that Privacy, Security, confidentiality, and integrity are the most significant issues for IoT in the current era. The findings of this study provide the researchers with a body of knowledge about the critical issues faced by the users and practitioners of IOT across the globe. Contribution/Originality: In this paper, we conducted the literature review to find out the main challenges that are being faced by challenges related to privacy and security mainly, authentication and access control, confidentiality and integrity IOT devices users and as well as for IOT manufacturer. We highlighted seven, privacy, trust on the device and conducted a questionnaire survey from different organizations and from different research experts and ranked it accordingly.
Security Requirements of Internet of Things-Based Healthcare System: a Survey Study
Acta Informatica Medica, 2019
Introduction:Internet of Things (IoT), which provides smart services and remote monitoring across healthcare systems according to a set of interconnected networks and devices, is a revolutionary technology in this domain. Due to its nature to sensitive and confidential information of patients, ensuring security is a critical issue in the development of IoT-based healthcare system.Aim:Our purpose was to identify the features and concepts associated with security requirements of IoT in healthcare system.Methods:A survey study on security requirements of IoT in healthcare system was conducted. Four digital databases (Web of Science, Scopus, PubMed and IEEE) were searched from 2005 to September 2019. Moreover, we followed international standards and accredited guidelines containing security requirements in cyber space.Results:We identified two main groups of security requirements including cyber security and cyber resiliency. Cyber security requirements are divided into two parts: CIA Triad (three features) and non-CIA (seven features). Six major features for cyber resiliency requirements including reliability, safety, maintainability, survivability, performability and information security (cover CIA triad such as availability, confidentiality and integrity) were identified.Conclusion:Both conventional (cyber security) and novel (cyber resiliency) requirements should be taken into consideration in order to achieve the trustworthiness level in IoT-based healthcare system.
Living in the Internet of Things: Cybersecurity of the IoT - 2018
Security risk assessment methods have served us well over the last two decades. As the complexity, pervasiveness and automation of technology systems increases, particularly with the Internet of Things (IoT), there is a convincing argument that we will need new approaches to assess risk and build system trust. In this article, we report on a series of scoping workshops and interviews with industry professionals (experts in enterprise systems, IoT and risk) conducted to investigate the validity of this argument. Additionally, our research aims to consult with these professionals to understand two crucial aspects. Firstly, we seek to identify the wider concerns in adopting IoT systems into a corporate environment, be it a smart manufacturing shop floor or a smart office. Secondly, we investigate the key challenges for approaches in industry that attempt to effectively and efficiently assess cyber-risk in the IoT.
Privacy-by-Design Framework for Assessing Internet of Things Applications and Platforms
The Internet of Things (IoT) systems are designed and developed either as standalone applications from the ground-up or with the help of IoT middleware platforms. They are designed to support different kinds of scenarios, such as smart homes and smart cities. Thus far, privacy concerns have not been explicitly considered by IoT applications and middleware platforms. This is partly due to the lack of systematic methods for designing privacy that can guide the software development process in IoT. In this paper, we propose a set of guidelines, a privacy-by-design framework, that can be used to assess privacy capabilities and gaps of existing IoT applications as well as middleware platforms. We have evaluated two open source IoT middleware platforms, namely OpenIoT and Eclipse SmartHome, to demonstrate how our framework can be used in this way.
Privacy risk analysis in the IoT domain
2018 Global Internet of Things Summit (GIoTS), 2018
Most IoT systems are using or exchanging user related information between system components. This means that privacy is a key factor in these systems. Privacy, both in terms of not allowing unauthorized access to information, but also in terms of handling sensitive information correctly and responsibly. As IoT systems typically are comprised of many software and hardware distributed components, ensuring privacy is a challenging task. This paper proposes a risk rating methodology for identifying and rating privacy risks, and demonstrates how to apply this methodology in an IoT use case set in the context of the EU H2020 BIG IoT project. It is also demonstrated how to handle the results of the risk rating methodology.
Assessing the Internet of Things Security Risks
Journal of Communications
Internet of Things (IoT) has extensively altered the IT landscape, allowing thus no human requirements in order to fluently communicate. However, it has introduced uncertainty which led to the emergence of a myriad of security risks. As coping with these security risks is becoming more and more challenging, the need of a new Security Risk Assessment (SRA) approach dealing with the IoT heterogeneous and dynamic paradigm is needed. Indeed, SRA is the primary means preserving the business services' confidentiality, integrity and availability. Different SRA approaches exist but applying them to the pervasive paradigm of the IoT is commonly agreed as impotent. Therefore, we provide a novel approach based on the Elasticsearch Stack Solution (ELK) and the Plan, Do, Check, Act (PDCA) cycle aimed at efficiently assessing IoT' security risks. As a result, the provided approach has skillfully dealt with the IoT dynamic environment. Furthermore, a benchmark of our novel approach and the existing approaches is successfully realized highlighting eventually the main findings.
An Overview of Security Issues in Internet of Things
In the in-progress years, people ought to utilize net at whenever and anywhere. Internet of Things (IOT) allows people and things to be associated Anytime, Anyplace, with something and Anyone, in a very excellent world utilizing Any way/arrange and Any administration. IOT is recognized by completely different advancements, that offer the innovative administrations in varied application areas. This infers there square measure completely different difficulties gift whereas causation IOT. the standard security administrations aren't squarely connected on IOT due to varied correspondence stacks and completely different benchmarks. therefore, adaptable security instruments square measure ought to be developed, that manage the protection dangers in such distinctive condition of IOT. During this summary we have a tendency to gift the various analysis difficulties with their specific arrangements. Likewise, some open problems square measure found and a number of clues for additional analysis heading square measure upheld.
In this chapter, the authors collected data from issues related to threats in the applications of IoT-based technologies that describe the security and privacy issues from 30 peer reviewed publications from 2014 to 2017. Further, they analyzed each threat type and its percentages in each application of the internet of things. The results indicated that the applications of smart transportation (20%) face the highest amount of security and privacy issues followed by smart home (19%) and smart cities (18%) compared to the rest of the applications. Further, they determined that the biggest threats were denial of service attack (9%) followed by eavesdropping (5%), man in the middle (4%), and replay (4%). Denial of service attacks and man in the middle attack are active attacks that can severely damage human life whereas eavesdropping is a passive attack that steals information. This study has found that privacy issues have the biggest impacts on people. Therefore, researchers need to find possible solutions to these threats to improve the quality of IoT applications.
Strategies for Internet of Things data privacy and security using systematic review
European Conference on Cyber Warfare and Security
The Internet of Things (IoT) now referend to as the Internet of Everything (IoE) has been in existence long before it was identified as a concept. It was introduced with the emergence of the Fourth Industrial Revolution and was aimed at improving people’s lives and economies across the globe by connecting physical items to the internet so they can be able to deliver specific services implicitly. The nature of IoT requires that all the systems ensure data privacy and security because much of data that is uploaded into and used by the system is personal and private. Thus, the aim of this research was to identify the tools and strategies that can be used for IoT data privacy and security while also providing a brief but intensive understanding of the concept of IoT and data privacy and security challenges faced by IoT systems. This qualitative research study utilised a pragmatic paradigm and data was collected and analysed using text-based secondary data sources and a PRISMA protocol t...
Journal of Ambient Intelligence and Humanized Computing, 2020
Internet of Things (IoT) played a significant role in Healthcare. One of the major challenges in IoT health is security. For this reason, regarding the past studies, there is a lack of a comprehensive security framework that encompasses all layers of IoT. This article offers a security framework with four layers of sensor, network, service, and application. These layers help to develop security mechanisms within the proposed framework by providing security solutions. Also, security improvement has been influenced by the Multi Criteria Decision Making (MCDM) technique. To evaluate this framework, a conceptual model was defined with six critical criteria including security, network, services, interoperability, privacy, and reliability. The validity and reliability of this conceptual model were analyzed using SPSS 24 and AMOS 18. After proving the important criteria in the proposed model, we used the MCDM process of fuzzy analytic network process to prioritize the important criteria. The evaluation results of the conceptual model in the proposed framework, after analyzing the routes, show the validity of the proposed criteria. Therefore, in this model, 8 out of 12 communication routes between the criteria have a positive and significant relationship and 4 routes do not. The results of prioritizing important criteria in the research model, using analytic network process method, show that the network criterion, and authentication and validation sub-criteria have the highest priority among the proposed criteria. Thus, it can be decided that security solutions in the network layer and authentication and validation sub-criteria help to develop the proposed security framework.