No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
An Overview of Privacy and Security Issues in the Internet of Things
Abstract
While the general definition of the Internet of Things (IoT) is almost mature, roughly defining it as an information network
connecting virtual and physical objects, there is a consistent lack of consensus around technical and regulatory solutions.
There is no doubt, though, that the new paradigm will bring forward a completely new host of issues because of its deep impact
on all aspects of human life. In this work, the authors outline the current technological and technical trends and their impacts
on the security, privacy, and governance. The work is split into short- and long-term analysis where the former is focused
on already or soon available technology, while the latter is based on vision concepts. Also, an overview of the vision of
the European Commission on this topic will be provided.
... The authors also mention some additional efforts that include lightweight encryption methods, such as Elliptic Curve Cryptography (ECC), to protect privacy and avoid counterfeiting attempts, which require additional standardization efforts to meet confidentiality expectations of the IoT infrastructure. WSN security concerns can be addressed in some aspects, by the use of authentication methods through Public Key Infrastructure (PKI), to prevent rogue node data injection, and authorization technologies to mitigate DoS risks [25]. According to [22], node authentication can solve most of the problems that may be caused by unauthorized uses, some of the authentication methods disused take into account SPINS, composed of Secure Network Encryption Protocol (SNEP), micro-Tesla, TINYSEC, Localized Encryption and Authentication Protocol (LEAP/LEAP+) and Zigbee. ...
... The data transmitted from the scan reading is commonly "unprotected or read-only" [25, p.391], including Ultra High Frequency (UHF) and Global Gen-2 tags under default settings. RFID passive tagging, by default, permits reading by any compliant scanner with no authentication at all, increasing ears dropping risks and relegating passive RFID solutions to non critical settings [25]. RFID vulnerabilities can be classified as the following: (a) attacks on authenticity, i.e. unauthorized tag disabling, (b) attacks on integrity, i.e. unauthorized tag cloning, (c) attacks on confidentiality, i.e. unauthorized tag tracking and (d) attacks on availability, i.e. replay attacks [23]. ...
... User privacy and integrity can also be endangered from the lack of data confidentiality and integrity. Unauthorized access of sensor data could interfere with the proper functioning of the system, as well as unauthorized access and control [25]. IEEE standard 802.15.4, ...
The Internet of Things (IoT) is intended for ubiquitous connectivity among different entities or "things". While its purpose is to provide effective and efficient solutions, security of the devices and network is a challenging issue. The number of devices connected along with the ad-hoc nature of the system further exacerbates the situation. Therefore, security and privacy has emerged as a significant challenge for the IoT. In this paper,we aim to provide a thorough survey related to the privacy and security challenges of the IoT. This document addresses these challenges from the perspective of technologies and architecture used. This work focuses also in IoT intrinsic vulnerabilities as well as the security challenges of various layers based on the security principles of data confidentiality, integrity and availability. This survey analyzes articles published for the IoT at the time and relates it to the security conjuncture of the field and its projection to the future.
... The Internet of Things (IoT) denotes a network of interconnected devices that exchange data, encompassing everything from household appliances to industrial sensors [1]. The swift advancement of the IoT has led to the deployment of an enormous number of devices, which generate a massive amount of data that needs to be processed and transmitted [2,3]. The device traffic significantly burdens the network's control plane, which manages and controls network resources [4,5]. ...
... Research groups look into various aspects of the IoT and facilitate surveys on problems and challenges [4,5,7,[10][11][12] that need to be discussed, including security and privacy [2][3][4][5]7], architectural issues, big data , and energy efficiency, as well as managing IoT traffic and preventing connection congestion on the fly [2]. The integration of SDN and IoT results in improved global network accessibility, efficient traffic management, and decision-making processes that adhere to legal standards [22]. ...
... Research groups look into various aspects of the IoT and facilitate surveys on problems and challenges [4,5,7,[10][11][12] that need to be discussed, including security and privacy [2][3][4][5]7], architectural issues, big data , and energy efficiency, as well as managing IoT traffic and preventing connection congestion on the fly [2]. The integration of SDN and IoT results in improved global network accessibility, efficient traffic management, and decision-making processes that adhere to legal standards [22]. ...
... So we can see it is an excellent idea to combine them and reduce the Internet's original weakness, making it more flexible. In early research, Medaglia [4] proposed how current technological and technical trends influence our security and privacy and analyzed the future impact. It [4] explores the IoT infrastructure between users' connections and remotely managed relationships will increase security and privacy problems because it needs data transmission: between infrastructure and users. ...
... In early research, Medaglia [4] proposed how current technological and technical trends influence our security and privacy and analyzed the future impact. It [4] explores the IoT infrastructure between users' connections and remotely managed relationships will increase security and privacy problems because it needs data transmission: between infrastructure and users. Whereas IoT is not very safe in their infrastructure because people overlook that and invest time to upgrade, loT security design [4] tries to open pervasive and interoperable infrastructure to follow this trend. ...
... It [4] explores the IoT infrastructure between users' connections and remotely managed relationships will increase security and privacy problems because it needs data transmission: between infrastructure and users. Whereas IoT is not very safe in their infrastructure because people overlook that and invest time to upgrade, loT security design [4] tries to open pervasive and interoperable infrastructure to follow this trend. ...
Privacy data belongs to big data, and it is personal information from our lives. The common problem is privacy leaking and cyber attacks. The current solution uses a complex algorithm to encrypt data, but it is expensive and inefficient. In the paper, we combine students' information at university to make four layers based on a reliable framework named FMM. The proposed framework FMM, according to different privacy levels, will choose other encryption methods to protect these data and increase efficiency to keep trade-offs.
... The widespread use of various interconnected Internet-of-Things (IoT) devices into people's daily routines leads not only to improvements in the quality and comfort of life but also to threats to personal privacy (the worldwide average number of connected devices was already at 17.1 devices per home in 2022 [1]) [2,3]. The massive amount of information generated, transmitted, and stored during the operation of any electronic device may contain data that, under certain conditions, can be used against the user or owner by violating their privacy (even when communication is encrypted, an attack on privacy can work without knowledge of the communication's contents; this type of attack is called traffic analysis [4,5], and its countermeasure would be to provide unobservable communication for the IoT [6,7]), which may allow attackers to undermine the security of the person [8][9][10]. ...
... Finding threats to the afore-modelled system, 3. ...
Every year, more and more electronic devices are used in households, which certainly leads to an increase in the total number of communications between devices. During communication, a huge amount of information is transmitted, which can be critical or even malicious. To avoid the transmission of unnecessary information, a filtering mechanism can be applied. Filtering is a long-standing method used by network engineers to segregate and thus block unwanted traffic from reaching certain devices. In this work, we show how to apply this to the Internet of Things (IoT) Smart Home domain as it introduces numerous networked devices into our daily lives. To analyse the positive influence of filtering on security and privacy, we offer the results from our in-depth STRIDE and LINDDUN analysis of several Smart Home scenarios before and after the application. To show that filtering can be applied to other IoT domains, we offer a brief glimpse into the domain of smart cars.
... Operational services over such complex infrastructures require the collection and aggregation of citizens' data [26], e.g. total power demand for preventing blackouts or average speed of vehicles for mitigating traffic congestion. On the one hand, aggregation over citizens' sensitive data raises concerns about privacy [49]. On the other hand, these data have a great potential to improve the performance and sustainability of smart cities [21,57]. ...
... Future work towards the direction of more formal privacy guarantees concerns the integration of micro-aggregation [13,22] and differential privacy mechanisms [19,39] in IoT-PGA. Moreover, grouping strategies that encode trust models [64] and security against malicious attackers that eavesdrop data [49] are also subject of future work. ...
Big data collection practices using Internet of Things (IoT) pervasive technologies are often privacy-intrusive and result in surveillance, profiling, and discriminatory actions over citizens that in turn undermine the participation of citizens to the development of sustainable smart cities. Nevertheless, real-time data analytics and aggregate information from IoT devices open up tremendous opportunities for managing smart city infrastructures. The privacy-enhancing aggregation of distributed sensor data, such as residential energy consumption or traffic information, is the research focus of this paper. Citizens have the option to choose their privacy level by reducing the quality of the shared data at a cost of a lower accuracy in data analytics services. A baseline scenario is considered in which IoT sensor data are shared directly with an untrustworthy central aggregator. A grouping mechanism is introduced that improves privacy by sharing data aggregated first at a group level compared as opposed to sharing data directly to the central aggregator. Group-level aggregation obfuscates sensor data of individuals, in a similar fashion as differential privacy and homomorphic encryption schemes, thus inference of privacy-sensitive information from single sensors becomes computationally harder compared to the baseline scenario. The proposed system is evaluated using real-world data from two smart city pilot projects. Privacy under grouping increases, while preserving the accuracy of the baseline scenario. Intra-group influences of privacy by one group member on the other ones are measured and fairness on privacy is found to be maximized between group members with similar privacy choices. Several grouping strategies are compared. Grouping by proximity of privacy choices provides the highest privacy gains. The implications of the strategy on the design of incentives mechanisms are discussed.
... Due to the engagement of people and more pervasive data gathering, such as in smart home situations, privacy is regarded to be one of the most prominent issues in the IoT (Medaglia & Serbanati, 2010). Depending on how an IT system viewed, a variety of privacy definitions exist. ...
... Because of the massive number of devices, as well as the complicated interaction between equipment, applications, ownership, and consumers, identity management represents a great difficulty in the IoT (Medaglia & Serbanati, 2010;Suo et al., 2012). ...
As everything around us will be linked to the net in many ways via the Internet of Things (IoTs) and compared to the standard Internet, new forms of problems and complications can arise. Huge IoTs experiments are currently under way, most of which concern its sight, supporting technology, software, or facilities. Recently, a limited studies have comprehensively defined the security requirements such as privacy concerns, security, and trusting in the IoTs that are deemed special to the future net, these terms need to be discussed and addressed via numerous scholars and research groups as well. This article surveyed through 102 references from popular literature databases to explore the features\ properties that define the distinctive IoT relating to forthcoming privacy, security and trust issues. Then created security requirements that were triggered by the mentioned properties. This article examined the privacy, security, trust and resilience components of the three most popular IoT architectures in consideration of the requirements as well. Also, this survey contributed to the state-of-the-art security issues for embedded devices in Internet of Things world including provide a comparative table of well-known secure routing protocols and their countermeasures to well-known attacks on Open Systems Interconnection (OSI) structure of Wireless Sensor Networks (WSNs) within Internet of Things world. Finally, this survey identifies a number of study gaps that will serve as the foundation for future research.
... Attackers use these issues to continuously launch attacks on IoT devices, and once successful, it will cause huge losses to businesses and even society. Therefore, solving the authentication and communication security issues of terminal devices is a key step in achieving IoT security [8]. ...
... Due to its own characteristics, the Internet of things faces a variety of attacks, so the design of Internet of things authentication scheme faces many challenges. Generally, a relatively perfect IoT authentication mechanism should have these attributes [8]. term key and use it to try to retrieve key. ...
... 3) Privacy: Privacy is defined as protection of information from exposure to unauthorized ones [20]. It can be either data privacy or user privacy or location privacy. ...
... It can be either data privacy or user privacy or location privacy. The availability of private sensor data such as personal identifying information or indirect information like location [21], through which users identity can be revealed to malicious users is loss of privacy [20]. It is important to maintain privacy for successful implementation of IoT. ...
In recent times, IoT has emerged as a new paradigm for the interconnection of heterogeneous, resource-constrained, and communication-capable smart devices. It has been anticipated as a key enabler for various domains of applications such as health care, automotive, agriculture, industrial operations, automation , energy, and the next generation of living. However, the current IoT applications face significant challenges in terms of the huge amount of collected data, intensive data exchange, security, privacy, centralized processing, and interoperability. To mitigate many of these issues, blockchain has been identified as a promising innovative technology. Blockchain, in conjunction with smart contracts, has received significant attention both from the industry and academia and offers features such as irreversibility, non-repudiation, proof of provenance, fault tolerance, pseudonymity, decentralized operations and decision-making, and distributed ledger. The integration of blockchain with IoT requires essential insights concerning the application areas, scalability, security, privacy, data college and storage, performance, and governance. Thus, this paper intends to expound on the opportunities and key aspects of using blockchain in the IoT landscape. Specifically, this paper surveys the utilization of blockchain for various IoT applications. Besides, the paper distinguishes different technical aspects and presents the associated research challenges. At last, future research directions are discussed depending on the lessons learned.
... E-learning is a noticeable type of technical innovation holding out the promotion of economic growth because it helps alter the way trading agreements are carried out. Global implementation of plans for institutional information security and privacy is already underway, and these techniques are now the main focus of scientific studies (Medaglia and Serbanati, 2010). Nassani et al. (2023) stressed that E-learning is the basic driver of privacy and security of a firm. ...
Higher education institutions are increasingly adopting e-learning due to its numerous advantages. Although online education technologies have advanced significantly, issues related to security and privacy have not received adequate attention. This paper reviews existing research on security and privacy challenges in online education, with a particular focus on enhancing online learning environments using Public Key Infrastructure (PKI). The review shows that PKI provides a secure foundation for online interactions by ensuring reliable authentication and data protection. Additionally, both service providers and users benefit from mutual trust when PKI certificates are used to support authentication and authorization processes. Further research could explore how machine learning and deep learning can enhance security measures and strengthen the effectiveness of PKI systems.
... This technology will help the banks strengthen their market position and earn customer trust; hence bank growth is assured, [86]. 5GIoT describes the existence of humans in a wellintelligently connected manner. ...
Industry 5.0 is the key to a revolution in the banking industry, the driving forces are the Internet of Things (IoT) and fifth-generation (5G) high-speed coµµunication technology. The article aiµs to propose a 5GIoT business µodel in the banking revolution with a neuro-fuzzy technique that will enhance banking services and operations. The developed µodel is based on the online survey of nuµerous custoµer categories, including international and national bankers, students, IT professionals, housewives and others. The survey’s data is used to verify the banking business µodel using Machine Learning & Neuro-fuzzy techniques. This µodel deals with instant loans, collateral µonitoring, overspending by banks, Credit cards, Card readers, Autoµatic Trailer Machine (ATM), Real-Tiµe Data Sharing and online payµents easily. The ML µodel is fed with 403 survey data and perforµs well with an accuracy of 79.2% on the Python platform.
... If trying to work within these limitations, and given that most IoT embedded devices allow Internet connectivity, it could be argued that cloud computing can solve the computational power constraints by abstracting the computing platform and making it virtually as powerful as needed. However, a number of additional design considerations may rule out the use of cloud computing for AESR applications: the latency introduced by cloud communications can be a problem for, e.g., time critical security applications [6]; regarding Quality of Service (QoS), network interruptions introduce an extra point of failure into the system; regarding privacy and bandwidth consumption, respectively, sending alerts rather than streaming audio or acoustic features out of the sound recognition device both rules out any possibility of eavesdropping [7] and requires less bandwidth. ...
In the context of the Internet of Things (IoT), sound sensing applications are required to run on embedded platforms where notions of product pricing and form factor impose hard constraints on the available computing power. Whereas Automatic Environmental Sound Recognition (AESR) algorithms are most often developed with limited consideration for computational cost, this article seeks which AESR algorithm can make the most of a limited amount of computing power by comparing the sound classification performance em as a function of its computational cost. Results suggest that Deep Neural Networks yield the best ratio of sound classification accuracy across a range of computational costs, while Gaussian Mixture Models offer a reasonable accuracy at a consistently small cost, and Support Vector Machines stand between both in terms of compromise between accuracy and computational cost.
... As many engineering applications have become increasingly reliant on user data, data privacy has become a concern that data aggregators and curators must take into consideration. In numerous applications, such as healthcare [Yang et al., 2018], energy systems [Asghar et al., 2017], transportation systems [Zhang and Zhu, 2018], and the Internet of Things (IoT) [Medaglia and Serbanati, 2010], the data gathered to support system operation often contain sensitive individual information. Differential privacy [Dwork and Roth, 2014] has emerged as a standard privacy framework that can be used in such applications to protect sensitive data while allowing the resultant privatized data to remain useful. ...
The Gaussian mechanism is one differential privacy mechanism commonly used to protect numerical data. However, it may be ill-suited to some applications because it has unbounded support and thus can produce invalid numerical answers to queries, such as negative ages or human heights in the tens of meters. One can project such private values onto valid ranges of data, though such projections lead to the accumulation of private query responses at the boundaries of such ranges, thereby harming accuracy. Motivated by the need for both privacy and accuracy over bounded domains, we present a bounded Gaussian mechanism for differential privacy, which has support only on a given region. We present both univariate and multivariate versions of this mechanism and illustrate a significant reduction in variance relative to comparable existing work.
... The pervasive nature of IoT, with devices often collecting data without explicit user consent, raises questions about the ethical implications of data handling and storage practices. Studies, such as the one conducted by emphasize the need for privacy-preserving mechanisms, especially in applications like healthcare and smart cities where sensitive personal information is frequently involved (Medaglia and Serbanati, 2010). The ongoing discourse on achieving a harmonious coexistence between the advantages of datadriven innovation and the safeguarding of individual privacy reflects the evolving ethical considerations in the IoT landscape. ...
The research paper delves into the intricate realm of IoT device security, unravelling the multifaceted risks and presenting a nuanced exploration of mitigation strategies. A comprehensive literature review unveils common security threads and the current state of IoT security measures. The subsequent analysis identifies security risks, including unauthorized access, encryption lapses, authentication weaknesses, physical vulnerabilities, and privacy concerns. Mitigation strategies encompass technical measures, policy frameworks, and user education, forming a holistic approach. The paper concludes by outlining recommendations for future research, emphasizing interdisciplinary collaboration, dynamic threat modelling, privacy-preserving technologies, standardization, certification, and blockchain integration. Envisioning a secure and connected future, the research underscores the pivotal role of manufacturers, policymakers, and users in shaping a resilient IoT landscape.
... This is to say that, large percentage of mobile users is uncomfortable with their privacy and security in IoT. Similarly, previous studies have clearly shown that security and privacy are major challenges for users to adopt IoT (Gao & Bai, 2014;Medaglia & Serbanati, 2010). This affects the rate of IoT technology uses. ...
This study examines the acceptance of internet of things (IoT) in developing countries. The study adopted value-based adoption model (VAM) and integrated with perceived trust to examine mobile payment as the sample application of IoT. Convenience sampling technique was employed to identify the ideal areas for data collections. Mall intercept technique (MIT) was employed to collect a total of 430 valid cases from mobile payments users in mobile payment centers. Structural equation modeling (SEM) was employed to examine the paths of the hypothesized relationships. The findings show that usefulness, perceived trust, perceived value, and perceived fee have direct and significant influences on acceptance of internet of things in developing countries. Furthermore, perceived fee, technicality, and perceived enjoyment were also found to have significant effects on perceived value. The study has provided theoretical and practical implications to researchers and policymakers on how to increase consumption of IoT services in developing countries.
... Decker and Stummer [60] reveal that 87 percent of IoT users are interested in the personal information collected through IoT devices and services. Medaglia and Serbanati [61] explained the privacy and security factors as a big challenge before user-oriented services or applications. Similarly, Gungor et al. [62] and Cho [63] found that related risks like privacy concerns always accompany benefits perceived from the Internet or IoT. ...
Internet is becoming a part of our lifestyle; however, the usage rate and application of the Internet are disparate in different parts of the world. In many emerging countries, the Internet is yet to penetrate ordinary households. The present study focuses on how IoT adoption impacts the banks' customer relationship management (CRM) in an emerging market context. Furthermore, the moderating roles of gender, age, and bank ownership type on the relationship between the adoption of IoT and CRM have also been tested. Cost, convenience, social context, and privacy were studied as the predicting variables of IoT adoption, while IoT adoption was investigated as the antecedent of CRM. The CRM variable has been operationalized as a second-order latent construct consisting of three first-order latent variables: responsiveness, satisfaction, and assurance. A cross-sectional, non-probability-based survey was conducted from 467 bank customers of three public and three private sector banks in Aligarh city of India. Two CFA models were run to ensure reliability, validity, and model fit. Hypotheses were tested using structural equation modeling (SEM) on AMOS software, while PROCESS Macro v4.0 by Hayes (2009) was used to test the moderating effect of gender on the relationship between IoT adoption and CRM. The results indicate that cost, convenience, social context, and privacy are positively influencing IoT adoption, which in turn positively affects CRM. Gender and age were found to have a negative moderation effect on the path between IoT adoption and CRM, while bank ownership type positively moderated this link.
... With the continuous development of technology, the connotation and concept of the wirless IoT are constantly deepening, and the extension is also constantly expanding [1]. To this day, wirless IoT has initially possessed the characteristics of intelligent terminal interconnection, open platform services, and wide network coverage, and is widely used in various fields such as transportation, agriculture, healthcare, education, and finance. ...
In recent years, wirless Internet of Things (IoT) technology has developed rapidly, and the reuse of spectrum resources, network efficiency, and the diversity of multi-communication scenarios have brought great challenges to the existing Internet of Things. And Device to Device (D2D) communication technology in 5th Generation Mobile Communication Technology (5G) has good application prospects in these aspects. Therefore, the combination with D2D can well solve the needs in the wirless Internet of things. However, safe and effective communication has become an urgent problem to be solved. In this paper, this paper proposes a D2D group communication protocol for wireless IoT in 5G. In this protocol, the Chinese remainder theorem is introduced into the protocol design, and a secure and efficient group authentication scheme is constructed based on secret sharing and Chebyshev Polynomials. The formal security proof using Burrows Abadi Needham (BAN) logic and informal security analysis show that our proposed protocol meets the security requirements. Through performance analysis, compared with other related schemes, this scheme not only provides better security, but also has obvious advantages in computation and communication efficiency.
... Because this is helpful in changing how trading deals are performed, e-learning is one of the technical advancements that have a great deal of promise for economic growth [2]. Firm information privacy and security strategies are already being implemented global, and have also become a focal point of research [3]. E-learning is the basic driver of privacy and security of a firm. ...
The success of businesses is now mostly dependent on e-learning methods as these methods are a rapidly growing innovative technology. Blockchain technology has also been considered to have the ability to change businesses. Therefore, this research aims to explore the direct influence of e-learning on the effectiveness of privacy and security in electronics manufacturing. This study also examines the considerable mediating role of the adoption of blockchain technology between e-learning and privacy and security. Furthermore, the current research investigates how digital orientation moderates the association between e-learning and privacy and security. For the collection of data, the cross-sectional research design and random sampling technique were used, and data were gathered from employees of electronics manufacturing firms in Pakistan through questionnaires. The working response rate of the study was 70%. The findings proved that e-learning plays a considerable role in boosting the privacy and security of electronics manufacturers. The results also demonstrate that the adoption of blockchain technology mediates and digital orientation moderates the link between e-learning and privacy and security. This study adds to the better understanding of management by presenting the significant role of e-learning and blockchain technology in improving the efficiency of privacy and security for electronics manufacturing firms.
... In the field of smart transportation systems, Beck (2017) observes that security concerns are often underappreciated by cities embarking on smart city programs: only 19 out of the first 32 applications to the U.S. Department of Transportation's Smart City Challenge voiced concerns about security risks. Medaglia and Serbanati (2010) look into the challenges of privacy and security in networks (RFID and WSN) that allow for the collection of information in IoT systems. Bennati and Pournaras (2018) acknowledge that privacy is a key challenge for smart cities, and propose a system to enhance privacy through group-level aggregation of data collected by sensors. ...
Institute of Transportation Studies (ITS) Final Report
In recent years, “smart city” technologies have emerged that allow cities, counties, and other agencies to manage their infrastructure assets more effectively, make their services more accessible to the public, and allow citizens to interface with new web- and mobile-based operators of alternative service providers. This project reviews the academic literature and other sources on potential strengths, weaknesses, and risks associated with smart city technologies. No dataset was found that measures the adoption of such technologies by government agencies. To address this gap, a methodology was developed to guide data collection on the adoption of smart city technologies by urban transportation agencies and other service providers in California. The strategy used involved webscraping; interviews with experts, public agency, and senior level staff; and consultations with technology vendors. The approach was tested by assembling data on the adoption of smart city technologies in California by municipalities and other local public agencies.
... As many engineering applications have become increasingly reliant on user data, data privacy has become a concern that data aggregators and curators must take into consideration. In numerous applications, such as healthcare Yang et al. [2018], energy systems Asghar et al. [2017], transportation systems Zhang and Zhu [2018] and Internet of Things (IoT) Medaglia and Serbanati [2010], the data gathered to support system operation often contains sensitive individual information. Differential privacy Dwork and Roth [2014] has emerged as a standard privacy framework that can be used in such applications to protect sensitive data while allowing privatized data to remain useful. ...
The Gaussian mechanism is one differential privacy mechanism commonly used to protect numerical data. However, it may be ill-suited to some applications because it has unbounded support and thus can produce invalid numerical answers to queries, such as negative ages or human heights in the tens of meters. One can project such private values onto valid ranges of data, though such projections lead to the accumulation of private query responses at the boundaries of such ranges, thereby harming accuracy. Motivated by the need for both privacy and accuracy over bounded domains, we present a bounded Gaussian mechanism for differential privacy, which has support only on a given region. We present both univariate and multivariate versions of this mechanism and illustrate a significant reduction in variance relative to comparable existing work.
... In the event of an accident or irregular process in TDG, the secured information captured from the IoT devices is currently not immutable, and this allows the possibility of big market players impacting the process by tampering with the information. The design of current technologies that support IoT data storage does not guarantee this level of data integrity (Medaglia and Serbanati, 2010;Yang et al., 2017;Ammar et al., 2018). To ensure the objectives of such a system are met, one should answer the following questions: ...
This thesis address the general problem of safe and secure transport of dangerous goods (TDG). The TDG is very complicated to manage because of risk for the environment and human life. Currently, it suffers from a lack of efficiency, trust, and transparency.In this thesis, we propose a novel method to specify the workflow aspects of TDG by considering all TDG process stages during its entire lifecycle. This method aims to facilitate the specifications of the TDG workflow management system that is entirely based on existing regulatory frameworks ensuring the compliance, trust, and transparency of all underlying processes. The proposed system design method is based on the so-called model-driven architecture (MDA) approach and enhancing it to consider blockchain properties. The first stage is the formal analysis of the process of TDG and its alignment with the regulatory frameworks. The proposed design method aims, at this stage, to allow the formal definition and verification of the design of the system with regard to the regulatory frameworks. The next stages of the method rely strongly on the model transformation that is a salient aspect of the proposed design method. Model transformation allows to automatically discover peer system components and authorized interactions. The last stage of the whole model transformations is the specification of digital twin profiles for all potential stakeholders. All the interactions in the real world between stakeholders are transformed into interactions in the digital world, while the interactions with the environment are achieved through the use of IoT. The proposed approach enables interactions between components of the systems (digital twins, IoT devices, etc.) only if this is compliant with the regulatory framework. Thanks to blockchain technology, our design method allows improving trust and transparency in the process of TDG from the perspective of stakeholder collaborations. Smart contract technological capabilities are also a cornerstone of the proposed solution. This thesis also contributes to improving the semantic of smart contracts to capture supply chain management specifications as well as dangerous goods specificities in terms of transportation. Dynamic concepts related to the supply chain management of dangerous goods such as time-related and geographic constraints, digital certification, anomaly detection and multi-party smart contract, managing emergencies, and shared responsibility have been addressed at the level of the smart contract. In particular, this thesis proposes applying temporal logic for the formal specification and verification of smart contracts. This thesis proposes an integrated approach for blockchain and IoT to support the dynamic aspects in the supply chain of dangerous goods. Data collected from various IoT devices along the physical supply chain (goods, vehicles, country borders, etc.) are transmitted to the blockchain and further processed by the system following the workflow logic that was specified and automatically triggering related smart contracts and corresponding actions. The last contribution in this thesis is the implementation of a proof-of-concept system to validate the different aspects of the contribution, namely the design method, the trust and transparency assurance, and the automatic triggering of actions and information flows.
... For instance, the IoT users may share/contribute their data for benefits, however, the dishonest one can "recontribute" the same data for more rewards. At the same time, the IoT users' may expose themselves to privacy threats as their data contain personal information (e.g., identity, location) [92], and hence it should be well protected [93]. In such context, data aggregation and incentive mechanisms have attracted numerous researchers' attention from both industry and academia [94]. ...
The Internet of Things (IoT) has remarkably evolved over the last few years to realize a wide range of newly emerging services and applications empowered by the unprecedented proliferation of smart devices. The quality of IoT networks heavily relies on the involvement of devices for undertaking functions from data sensing, computation to communication and IoT intelligence. Stimulating IoT devices to actively participate and contribute to the network is a practical challenge, where incentive techniques such as blockchain, game theory, and Artificial Intelligence (AI) are highly desirable to build a sustainable IoT ecosystem. In this article, we present a systematic literature review of the incentive techniques for IoT, aiming to provide general readers with an overview of incentive-enabled IoT from background, motivations, and enabling techniques. Particularly, we first present the fundamentals of IoT data network infrastructure, and several key incentive techniques for IoT are described in details, including blockchain, game theory, and AI. We next provide an extensive review on the use of these incentive techniques in a number of key IoT services, such as IoT data sharing, IoT data offloading and caching, IoT mobile crowdsensing, and IoT security and privacy. Subsequently, we explore the potential of incentives in important IoT applications, ranging from smart healthcare, smart transportation to smart city and smart industry. The research challenges of incentive techniques in IoT networks are highlighted, and the potential directions are also pointed out for future research of this important area.
... These gadgets are primarily part of an ecosystem known as the Internet of Things (IoT), which epitomises today's digital revolution. This ecosystem comprises devices, sensors, networks, cloud storage, and apps that work together to assist enterprises in improving their strategic posture [25,26]. Figure 9 depicts the Internet of Things architecture. ...
Today, the Internet is one of the most expanding and changing technologies, and it has grown popular all around the globe. The Internet of Things (IoT) is a system that includes a device, a sensor, a network, cloud storage and an application. Every interface to communicate with another device over the Internet to share information and achieve specific objectives Internet of Things (IoT) is a new future technology that is gaining traction in various fields around the world. Kuwait is one of the nations in the planning stages of expanding IoT development, comparable to other countries with rising IoT application development. However, owing to several obstacles and challenges in integrating IoT devices, it was not simple to design IoT devices. This article highlights IoT’s key concerns, barriers and solutions to these issues. IoT’s future trends and uses were also briefly explored in this article to acquire a more in-depth understanding of IoT equipment.KeywordsInternet of thingsIoT adoptionImplementationChallenges and barriersKuwait
... This is to say that, large percentage of mobile users is uncomfortable with their privacy and security in IoT. Similarly, previous studies have clearly shown that security and privacy are major challenges for users to adopt IoT (Gao & Bai, 2014;Medaglia & Serbanati, 2010). This affects the rate of IoT technology uses. ...
This study examines the acceptance of Internet of Things (IoT) in Developing countries. The study adopted value-based adoption model (VAM) and integrated with perceived trust to examine mobile payment as the sample application of IoT. Convenience sampling technique was employed to identify the ideal areas for data collections. Mall Intercept Technique (MIT) was employed to collect a total of 430 valid cases from mobile payments users in mobile payment centers. Structural Equation Modeling (SEM) was employed to examine the paths of the hypothesized relationships. The findings show that usefulness, perceived trust, perceived value and perceived fee have direct and significant influences on acceptance of Internet of Things in developing countries. Furthermore, perceived fee, technicality and perceived enjoyment were also found to have significant effects on perceived value. The study has provided theoretical and practical implications to researchers and policy makers on how to increase consumption of IoT services in developing countries.
... It has been projected that IoT will rise to a market scope of $300B by 2022 in healthcare covering the medical devices, systems, applications, and services sectors (Firouzi et al., 2018). IoT allows a broad range of intelligent applications and resources to solve the problems facing individuals or the healthcare sector (Medaglia & Serbanati, 2010). For instance, P to D (Patient-to-Doctor), P to M (Patient to Machine), S to M (Sensor to Mobile), M to H (Mobile to Human), D to M (Device to Machine), O to O (Object to Object), D to M (Doctor to Machine), T to R (Tag to Reader) have dynamic IoMT link capabilities. ...
There is a long history of engagement between computing and healthcare, adopting telemedicine is slow due to political willingness, limited infrastructure development frameworks, and availability. The Internet of Medical Things (IoMT) is going to be one of the fastest developments, and it’s anticipated to bring in the largest delivery of technology in existence. Hence, human-to-machine (H2M), machine-to-machine (M2M), and person-to-person (P2P) interactions can be fully updated along with telemedicine for the betterment of society in general. The use of IoMT-based sensors helps in the real-time detection of diseases and has significantly reduced the mortality rate. To meet the requirements of low latency and energy efficiency during medical data analysis, edge computing combined with 5G speeds is the answer. Edge computing has contributed greatly in the areas of low latency, massive connectivity of devices, and higher data rates in a network for ultra-reliable communication in the smart healthcare system. Therefore, this chapter discusses the areas of applicability and several extraordinary opportunities brought by the edge-enabled IoMT-based system in the healthcare system. The chapter also discusses the research challenges of the deployment of Edge IoMT-based system in the healthcare system and proposes an edge-enabled IoMT-based system framework. The application of the edge-enabled IoMT system brings end users and data sources running at a distance closer to the network nodes. The proposed framework can be used for real-time data capture, diagnosis, and monitoring patients’ health conditions like body motion, speech signals, body temperature, blood pressure, blood glucose, and heart rate, among others using various devices and sensors. Besides, the system can be useful in the emergency cases such as heart attacks, hysteria, anxiety, and epilepsy, thus saving the life of any patient.
... As traditional security mechanisms consume excessive energy, large memory storage, and high processing, researchers are adopting the topic of 'Lightweight Security Mechanisms' to implement it in a resource-constrained IoT system, exerting a big effort to overcome the attackers' developing technologies. Research is considering strong lightweight authentication mechanisms as the most important aspect of IoT-Cloud networks to guarantee the appropriate functionality of these networks [5][6][7]. ...
Internet of Things (IoT) is a pervasive technology that grants authorized users the ability to communicate with sensors and devices. This technology connects millions of devices, exchanges sensitive information with users, and off-loads classified information to the cloud. This technology is evolving to encompass time-critical applications. In IoT-time critical applications, legitimate users may require accessing the real-time data directly from the IoT devices rather than requesting data stored in the cloud. These IoT devices are prone to distinct threats and security breaches. Authentication mechanisms are substantial to control access to IoT devices in cloud computing, as authorized users and IoT devices should ensure the authenticity of each other and generate a session key for securing the exchanged traffic. As different IoT devices are resource-constrained, traditional security mechanisms will not be appropriate for these devices, as they need considerable computational power and consume excessive energy. Cryptographic researchers are exerting a worthy effort to develop lightweight security mechanisms to cope with resource-constrained IoT systems. In this paper, we propose a novel lightweight protocol (Light-AHAKA) for authenticating IoT-cloud elements and establishing a key agreement for encrypting the exchanged sensitive data. Security analysis of the (Light-AHAKA) is carried out to assure the protocol immunity to different security attacks.
... IoT technology is featured both at work and at home [1,2], for example, in the form of smart offices, smart homes or smart watches. The IoT takes on an elaborate role by embedding technology such as radiofrequency identification (RFID) in smart objects [3], which can communicate with other virtual objects when provided with an appropriate infrastructure [4,5]. ...
In recent years, the Internet of Medical Things (IoMT) has gained momentum. This development has only been intensified by the current COVID-19 crisis, which promotes the development of applications that can help stop the virus from spreading by monitoring people’s movements and their social contacts. At the same time, it has become increasingly difficult for individuals to control the use of their private data by commercial companies. While Internet users claim to be highly interested in protecting their privacy, their behaviors indicate otherwise. This phenomenon is discussed in literature as the so-called privacy paradox. The existence of the privacy paradox has also been confirmed by previous studies, which found individuals’ claims and actions to contradict one another. The present study investigates the following research questions: (1) What significance do individuals attribute to protecting their privacy, with a special focus on the health sector? (2) To what extent are they willing to grant commercial parties access to their data in order to use applications in general and health applications in particular? Results from seven focus groups with 40 respondents aged 20–30 years were conducted in an urban setting in Austria in late 2019. The respondents’ inputs are meant to provide answers to these questions. The results indicate that, overall, the young generation is well-informed about the growing data collection and is quite critical of it. As such, their willingness to share information in the health context is only moderately pronounced. Thus, only a moderately pronounced privacy paradox can be detected for the health sector when compared to other sectors. In conclusion, implications and directions for further research are addressed.
In the contemporary era, blockchain technology has brought about a significant transformation in the realm of digital currency through innovations like Bitcoin. A blockchain serves as a decentralized ledger, ensuring an immutable record of transactions across a network. Recent observations indicate the pivotal role of blockchain technology not only in the financial sector but also in networking. This study considers blockchain as the essential link in establishing a genuinely decentralized, trustless, and secure environment for network nodes. The objective is to provide a systematic and comprehensive overview of futuristic endeavours in this domain. The exploration begins with an examination of the fundamental operational concepts of blockchains and how these systems achieve decentralization, security, and suitability. The focus then shifts towards addressing open research challenges within blockchain technologies, particularly in securing diverse communication networks such as Distributed Computing, Vehicular Ad-hoc Networks, Opportunistic Networks, and Delay Tolerant Networks. Simulation results underscore the superior security performance of blockchain, especially under conditions of attack.
Blockchain technology may be a recent advancement and offers a ground-breaking technique for keeping the knowledge for an extended time and completing transactions like knowledge management, knowledge handling, performing arts functions, associated establishing trust in an open atmosphere. Most of them are considering block chain as a technology innovation significantly for cryptography and cyber security with systems like bitcoin, IoT, sensible Grids and etc., albeit this technology proofs its name and has received ton and ton of growing interests in multiple dimensions, the safety and security of the block chains are still in analysis whereas deploying block chain in versatile domains and environments. This work elaborates a comprehensive summary of the safety and privacy of block chain from knowledge management perspective. Attention platform is employed for implementation and testing. Around 20,000 records are being taken and valid mistreatment the projected algorithmic program. Initially, a block chain is created using distributed information, which tracks an ever-changing list of trading records by organising them into a hierarchic chain of block. Because attention knowledge necessitates greater security, a peer-to-peer overlay network is used to create and maintain the block chain, which is secured through the intelligent and suburbanized use of cryptography with crowd computing. ALM algorithmic program projected has been increased with applicable knowledge possession by providing 2 issue authentications with an accuracy of 95%.The projected system may be a decentralized system and thence guaranteeing higher knowledge transparency and auditability. Security and privacy properties are being ensured by providing fine grained access management on the highest of the ALM encoding. Hence, Security and privacy problems with current scenario are addressed well with a high-level access management rulesets.
This paper explores various security and privacy issues inherent in IoT devices, ranging from vulnerabilities in device firmware and software to data breaches and unauthorized access. We delve into the challenges of securing IoT devices due to their resource constraints, diverse communication protocols, and often lax security practices during development. Additionally, we discuss privacy implications stemming from the collection and sharing of sensitive personal data by IoT devices, as well as the potential for surveillance and data misuse. Furthermore, we examine the implications of IoT devices in critical infrastructure and industrial systems, where security breaches can have severe consequences. Finally, we propose potential solutions and best practices to address these challenges, including robust encryption methods, regular security updates, and improved authentication mechanisms, to ensure the security and privacy of IoT devices in an increasingly connected world. The exponential growth of IoT devices across various sectors such as smart homes, healthcare, transportation, and industrial automation underscores the importance of ensuring their security and privacy. As these devices become more integrated into daily life and critical infrastructure, any vulnerability can have widespread and severe consequences. The evaluation of alternative performances through Complex Proportionality Assessment (COPRAS) requires an understanding of key criteria, exploration of options, and comparison of relevant facts. Meeting the decision-makers' desire for comparing grades involves choosing among multiple options based on predetermined competing requirements. COPRAS offer a method for such assessments in real-world scenarios, where criteria are nuanced and values cannot be quantified numerically. From the result smart thermostat got the first rank whereas wearable fitness tracker is having the lowest rank.
Blockchain technology may be a recent advancement and offers a ground-breaking technique for keeping the knowledge for an extended time and completing transactions like knowledge management, knowledge handling, performing arts functions, associated establishing trust in an open atmosphere. Most of them are considering block chain as a technology innovation significantly for cryptography and cyber security with systems like bitcoin, IoT, sensible Grids and etc., albeit this technology proofs its name and has received ton and ton of growing interests in multiple dimensions, the safety and security of the block chains are still in analysis whereas deploying block chain in versatile domains and environments. This work elaborates a comprehensive summary of the safety and privacy of block chain from knowledge management perspective. attention platform is employed for implementation and testing. Around 20,000 records are being taken and valid mistreatment the projected algorithmic program. Initially, a block chain is created using distributed information, which tracks an ever-changing list of trading records by organising them into a hierarchic chain of block. Because attention knowledge necessitates greater security, a peer-to-peer overlay network is used to create and maintain the block chain, which is secured through the intelligent and suburbanized use of cryptography with crowd computing. ALM algorithmic program projected has been increased with applicable knowledge possession by providing 2 issue authentications with an accuracy of 95%.The projected system may be a decentralized system and thence guaranteeing higher knowledge transparency and auditability. Security and privacy properties are being ensured by providing fine grained access management on the highest of the ALM encoding. Hence, Security and privacy problems with current scenario are addressed well with a high-level access management rulesets.
Internet of Things (IoT) is a group of physical objects like sensors and actuators etc. connected through the network for dynamic exchange of information for augmenting the performance of products and services. The IoT is the upcoming technology that will play a vibrant role in enhancing a number of aspects of energy industry, healthcare, business and transport etc. According to a survey, the human population will reach 7.8 billion this year and over 28 billion IoT devices will be the part of the Internet, therefore, everyone will own at least one device which can connect to the Internet. Connecting such devices is a challenging task as each device can have its security and architecture concerns. Moreover the devices in IoT have the ability to work autonomously and automatically which may cause security and privacy issues. IoT combines multiple technologies such as WSN, fiber optics, broadband, 2G/3G/4G networks etc. This makes the security procedure more difficult because each technology is vulnerable to various security threats and network vulnerabilities. Since the birth of IoT substantial development have taken place in the field of IoT but as discussed many security threats were raised due to independent nature of devices, heterogeneity of various technologies used, large quantity of data produced by the exchanges between various devices and vulnerabilities in the network and devices. In this chapter we are presenting a survey on the potential threats, attacks and vulnerabilities in IoT.
This study, carried out for the European Commission (DG JUST), examines the link between national civil liability rules and consumers’ attitudes towards AI-enabled products and services (AI applications). The study examines, based on behavioural analysis, the following two dimensions: - As regards the societal acceptance of AI applications, the study aims to assess the current level of acceptance of AI applications, the factors shaping it, as well as the awareness of potential challenges in obtaining compensation for damage caused by these applications and its effect on societal acceptance. - With respect to consumers’ trust and willingness to take up AI applications, the study aims to generate insights on the potential impact regulatory alternatives adapting the liability regime might have on consumers’ trust and their willingness to take up such applications, and on the causal mechanisms underlying this impact. The behavioural experiment was built around three types of AI applications and reflected two scenarios of damage caused by such applications: damage caused to the owners of the AI application and damage caused to a third party. Within each of these scenarios, three alternative liability regimes (from the following: fault-based liability with the burden of proof on the victim, a shift of the burden of proof regarding fault, strict liability of the owner = consumer, strict liability of another party) were presented in the form of fictional interviews with a lawyer. A reduced likelihood of obtaining compensation for damage caused by AI was assumed with respect to fault-based liability regimes putting the burden of proof on the injured party. In line with this study’s focus on Member States’ national liability rules, none of the posited alternative liability regimes corresponds to the existing Product Liability Directive.
The purpose of this paper is to identify factors predicting perceived intention of using IoT by Indians. To fulfill the purpose, basing on literature review and on diffusion theory of planned behavior (DTPB) model, factors predicting perceived intention of using IoT by the Indian consumers have been identified and hypotheses have been developed which were tested by collecting data using questionnaire from 400 concerned respondents. The data were analyzed and tested using different standard tools. The study revealed that: perceived usefulness, perceived ease of use, compatibility impact attitude, influence of family members, influence of peers, influence of others impact subjective norms, self-efficacy, and facilitating conditions impact perceived behavioral control. Again, attitude and perceived behavioral control influence intention though subjective norms significantly do not influence intention. Again, it is found that intention positively influences the actual use of IoT by the consumers. The outcome would help the IoT service providers to improve their businesses.
Abstrak-Internet of Things (IoT) merupakan suatu jaringan yang menghubungkan berbagai objek yang memiliki identitas pengenal serta alamat IP, sehingga dapat saling berkomunkasi dan bertukar informasi mengenai dirinya maupun lingkungan yang diinderanya. Objek-objek dalam IoT dapat menggunakan maupun menghasilkan layanan-layanan dan saling bekerjasama untuk mencapai suatu tujuan bersama. Dengan kemampuannya ini, IoT telah menggeser definisi internet sebagai komputasi dimana saja kapan saja bagaimana saja, menjadi apa saja siapa saja dan layanan apa saja. Salah satu isu yang masih menjadi kelemahan dalam pengimlementasian IoT adalah masalah kemanan dan privasi. Serangan terhadap keamanan IoT dapat mencakup serangan terhadap label RFID, jaringan komunikasi maupun pada privasi data. Untuk mencegah dan mengatasinya dibutuhkan mekanisme dan protokol keamanan. Masalah keamanan dan privasi yang mungkin mengancam IoT serta rencana mitigasi yang telah dikembangkan akan di-review dalam paper ini. Kata kunci: internet of things, keamanan, privaci Abstract-Internet of Things (IoT) refers to the network of identifiable and addressable objects that have the ability to communicate and exchange information regarding themselves and their environments that they sense. Objects in IoT can use or produce services and work together to attain a common goal. With this ability, IoT has shifted the traditional definition of internet as anywhere and anytime computing to anything, anyone and anyservice computing. However, IoT has to deal with security and privacy issues that may slowing down its widespread implementation. This paper discusses the security and privacy threats that may attack either the components of IoT or the end users. First, we give an overview of the IoT and its architecture. We then present the security and privacy challenges that threaten IoT, and followed by the needs to protect the privacy and some mitigation technique.
We do not have any data. This is a systematic literature review where we selected relevant publications from several top venues and journals in computer science, privacy, security, and software engineering.
We do not have any data. This is a systematic literature review where we selected relevant publications from several top venues and journals in computer science, privacy, security, and software engineering.
The rise of Internet of Things (IoT) systems has enabled us to access real-time information about our surrounding environments. However, IoT data collection in hostile and inaccessible areas without infrastructure supports is a challenging issue due to the inherent physical constraints associated with the tiny sensors. A viable solution to this problem is to use agile and controllable unmanned aerial vehicles (UAVs) to collect the ground data and relay it to the remote cloud for further processing. Under this UAV–IoT scenario, the limited battery supply carried by the sensor must be efficiently utilized so as to prolong the lifetime of the IoT system. Nevertheless, lifetime extension does not merely entail the reduction of the sum energy expenditure of sensors. In this article, we first show that minimizing the sum energy consumption cannot effectively extend the system lifetime due to the imbalance in energy expenditure among sensors, which, in fact, can render early energy depletion for some overburdened sensors. We also reveal a tradeoff between energy efficiency and energy fairness. To tackle this imbalance issue, we then propose an
-fairness approach to balance the energy consumption among IoT sensors. Specifically, in our study, the heterogeneities among the sensor nodes—different data loads, diverse residual energy levels, and distinct channel gains, have been taken into consideration. Based on this, an
-utility function is designed. In the maximization of the utility function, the bandwidth allocation, transmission power, and the UAV’s trajectory are jointly optimized. In addition, we also demonstrate how to properly set the
value according to the specific application scenarios, thus to achieve different levels of energy fairness and promote the functional longevity of the system to the best effort.
The healthcare system that depends on the Internet of Things (IoT) assists individuals and aids their vital everyday life activities. The affordability and user-friendliness of the usage of IoT start revolutionizing healthcare services. The IoT and its related technologies have emerged as the most preferred use cases in the healthcare system. Hence, the security and privacy issues associated with smart healthcare systems and their participated entities make its general acceptance still a dream. Also, as a remote patient monitoring system using IoT-based devices are the increase in privacy, popularity, accessibility, security concerns of logging and the transfer of medical data continue arising. Therefore, this chapter proposes IoT-based blockchain-protected medical data utilizing a smart contract for secure analysis and management of wearable sensors based on the Ethereum protocol. The integration of blockchain will counter the security and privacy issues that may arise using IoT-based wearable devices in the healthcare monitoring system, thus facilitating safe and secure storage of patients’ information in the utilization of IoT devices in the healthcare system. IoT-based healthcare can be employed to enhance the well-being of patients, make the healthcare system more effective, and help respond quickly to emergencies. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.
The widening of the Internet of Things (IoT) in healthcare and industry opens new vectors of service. Specific in healthcare, IoT enhances patient measurement monitoring and data analytics. Thanks to automation, such devices collect, interpret, and make recommendations to the patient in a short time and with minimum engagement. However, focused on customer service, several security concerns are occurring. The damage caused by malware intrusion can be extremely high in case of affecting a person’s health and life. Besides, the privacy of data plays an important role in hiding the existence of any vulnerabilities that can be exploited. This chapter provides an overview of privacy issues and possible attacks in healthcare smart IoT, a discussion of responsible parties after data leakage and guidelines how to avoid them, and ways of enhancing privacy and security in the healthcare industry.KeywordsSecurityPrivacyHealthcareInternet of ThingsDevicesPatients
As embedded integrated electronic systems (EIESs) become more pervasive (including in mission-critical applications), the need to ensure the security of data exchange in such a system against various malicious activities becomes more pronounced. However, designing secure and efficient solutions, such as authentication protocols, for the many different embedded systems with varying internal communication modes remains challenging. Therefore, in this paper, we propose a lightweight authenticated key-exchange (AKE) protocol for EIESs based on half-duplex and ‘'command/response’' bus. Specifically, the proposed protocol is designed to operate on resource-constrained devices, as well as having minimal number of interactions. We then prove the security of the proposed protocol and present the security parameter selection strategy for protocol implementation based on the empirical evaluations. Moreover, efficiency analysis also shows that the protocol can be effectively deployed in the EIESs environment.
In 2006, the standard EPC Class-1 Generation-2 (EPC-C1G2) was ratified both by EPCglobal and ISO. This standard can be considered as a “universal” specification for low-cost RFID tags. Although it represents a great advance for the consolidation of RFID technology, it does not pay due attention to security and, as expected, its security level is very low. In 2007, Chien et al. published a mutual authentication protocol conforming to EPC-C1G2 which tried to correct all its security shortcomings. In this article, we point out various major security flaws in Chien et al.'s proposal. We show that none of the authentication protocol objectives are met. Unequivocal identification of tagged items is not guaranteed because of possible birthday attacks. Furthermore, an attacker can impersonate not only legitimate tags, but also the back-end database. The protocol does not provide forward security either. Location privacy is easily jeopardized by a straightforward tracking attack. Finally, we show how a successful auto-desynchronization (DoS attack) can be accomplished in the back-end database despite the security measures taken against it.
The mifare Classic is a contactless smart card that is used extensively in access control for office buildings, payment systems for public transport, and other applications. We reverse engineered the se- curity mechanisms of this chip: the authentication protocol, the symmet- ric cipher, and the initialization mechanism. We describe several security vulnerabilities in these mechanisms and exploit these vulnerabilities with two attacks; both are capable of retrieving the secret key from a genuine reader. The most serious one recovers the secret key from just one or two authentication attempts with a genuine reader in less than a second on ordinary hardware and without any pre-computation. Using the same methods, an attacker can also eavesdrop the communication between a tag and a reader, and decrypt the whole trace, even if it involves multiple authentications. This enables an attacker to clone a card or to restore a real card to a previous state.
6LoWPAN is a protocol definition to enable IPv6 packets to be carried on top of low power wireless networks, specifically IEEE 802.15.4. The concept was born from the idea that the Internet Protocol could and should be applied to even the smallest of devices. The initial goal was to define an adaptation layer -- "IP over Foo" to deal with the requirements imposed by IPv6, such as the increased address sizes and the 1280 byte MTU. The final design takes the concepts used in IPv6 to create a set of headers that allow for the efficient encoding of large IPv6 addresses/headers into a smaller compressed header - sometimes as small as just 4 bytes, while at the same time allowing for the use of various mesh networks and supporting fragmentation and reassembly where needed. This paper describes some of the underlying assumptions and decision points made during the development of 6LoWPAN and how the "stacked header" concept is applied so that in using the protocol you only have to "pay for" what you use. It concludes with open problems and challenges for further development and research.
Wireless sensor networking remains one of the most exciting and challenging research domains of our time. As technology progresses, so do the capabilities of sensor networks. Limited only by what can be technologically sensed, it is envisaged that wireless sensor networks will play an important part in our daily lives in the foreseeable future. Privy to many types of sensitive information, both sensed and disseminated, there is a critical need for security in a number of applications related to this technology. Resulting from the continuous debate over the most effective means of securing wireless sensor networks, this paper considers a number of the security architectures employed, and proposed, to date, with this goal in sight. They are presented such that the various characteristics of each protocol are easily identifiable to potential network designers, allowing a more informed decision to be made when implementing a security protocol for their intended application. Authentication is the primary focus, as the most malicious attacks on a network are the work of imposters, such as DOS attacks, packet insertion etc. Authentication can be defined as a security mechanism, whereby, the identity of a node in the network can be identified as a valid node of the network. Subsequently, data authenticity can be achieved; once the integrity of the message sender/receiver has been established.
In this paper, we present a synchronization-based communication protocol for RFID devices. We focus on the EPCGlobal Class-1 Gen-2 RFID tag which supports only simple cryptographic primitives like Pseudo-random Number Generator (PRNG) and Cyclic Redundancy Code (CRC). Our protocol is secure in a sense that it prevents the cloned tags and malicious readers from impersonating and abusing legitimate tags, respectively. In addition, our protocol provides that each RFID tag emits a difierent bit string (pseudonym) when receiving each and every reader's query. Therefore, it makes tracking activities and personal preferences of tag's owner impractical to provide the user's privacy.
As low-cost Radio Frequency Identification (RFID) will become pervasive in our daily lives, RFID systems may create new threats to the security and privacy of individuals and organizations. However, the previous works on designing security protocols for RFID either do not conform to the EPC Class 1 Generation 2 standards or suffer from security flaws. This paper will point out the weaknesses of two EPC Class 1 GEN-2-conformed security protocols, and then proposes our new protocol, which raises the security level and conforms to the EPC Class 1 GEN-2 standards.
The development of 'Internet-0' (I0) encoding which deals with the idea of extending the notion of internetworking to interdevice internetworking is discussed. Each I0 uses IP information which adds about 100 bits to each message and has a negligible impact on the response time and power requirements. I0 uses bits that are bigger than the network which allow the data that make up a packet to be represented in the same way no matter what physical medium conveys them. I0 is aimed at the scaling limits imposed by network complexity rather than raw performance. An I0 device depends on the current routers, gateways and name servers to carry packets between I0 subnetworks.
There is no doubt that managing the flow of goods depends on monitoring the real flow in the physical world meanwhile in the digital world. Today automatic identification (auto-ID) technologies are used to close the gap between these two different environments by online updating of databases as the materials flow in the chain. From this point of view, it can be said that auto-ID technologies are core components of automated inventory control systems on all echelons of supply chain. As being a novel subcomponent of auto-ID, RFID innovates important features. Due to the fact that RFID is a recently developed technology, there exist some deficiencies, like the lack of standardization and the lack of legislation regulations that cause questions about privacy and security in society. In this study, we reviewed the standardization studies of related organizations like EPC global and ISO and compare these regulations. We also classify the risks that threaten the privacy of individuals and organizations. Finally, regarding the standardization studies and existing risks towards the privacy of individuals and organizations, security proposals and policy suggestions are introduced.
Future Internet 2020: visions of an industry expert group
- J C Hourcade
- Y Nuevo
- W Wahlster
- R Saracco
- JC Hourcade
Hourcade JC, Nuevo Y, Wahlster W, Saracco R, Reinhard P (2009) Future Internet 2020: vi-sions of an industry expert group. Future Internet Final Report, Belgium, May 2009
The 6LoWPAN architecture Proceedings of the 4th workshop on embedded networked sensors
- G Mullingan
Mullingan G (2007) The 6LoWPAN architecture. Proceedings of the 4th workshop on embed-ded networked sensors, Cork, Ireland, pp 78–82
Available at https://www.prime-project
- M Hansen
- Krasemann
Hansen M, Krasemann H (2008) PRIME whitepaper. Available at https://www.prime-project.eu/prime products/whitepaper/PRIME-Whitepaper-V3.pdf, May 2008
A Framework Model for The Internet of Things
- A Furness
Furness A (2008) A Framework Model for The Internet of Things. In: GRIFS/CASAGRAS Workshop, Hong Kong, December 2008
Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning. The 2006 symposium on cryptography and information secu-rity
- Duc
- Dn
- J Park
- H Lee
- Kim
Duc DN, Park J, Lee H, Kim K (2006) Enhancing security of EPCglobal GEN-2 RFID tag against traceability and cloning. The 2006 symposium on cryptography and information secu-rity, Hiroshima, Japan
A system of secure virtual coupons using NFC technology. Pervasive Computing and Communications Workshops PerCom Workshops ’07
- M Aigner
- S Dominikus
- M Feldhofer
Aigner M, Dominikus S, Feldhofer M (2007) A system of secure virtual coupons using NFC technology. Pervasive Computing and Communications Workshops, 2007. PerCom Workshops '07. Fifth annual IEEE international conference on, 19–23 Mar 2007, pp 362–366
PRIME whitepaper Available at https:// www. prime-project. eu/ prime_ products
- M Hansen
- H Krasemann
When your yogurt pots start talking to you: Europe prepares for the internet revolution
- E Commission