Introduction to IoT

Question:

Discuss about the New Security and Privacy Challenges System.

Internet of things (IoT) is the interconnection of everyday devices and objects with the internet of computing which allows them to collect and exchange information. Every object has a unique identity, but the computer system can interoperate such identity with internet infrastructure. The IoT enables users to control their devices remotely across the existing infrastructure of the internet, which provides the option of direct integration of computer system in the physical world which improves the competence, accuracy, and advantages of the objects. Convergence means a combination of multiple different technologies into a single device or system.

The IoT technology has numerous advantages, but they are vulnerable towards the risk of cyber-attack such as lack of information security, data analytics, hacking, and lack of data protocol standards. The popularity of IoT technology increases the threat of cybercrimes which can be dangerous for the privacy and security of its users. This essay will focus on analysing the benefit of IoT in convergence and convenience. Further, the article will evaluate potential risk in the IoT technology and its impact on user’s privacy. The essay will recommend measures that can minimise the potential threat of cyber-attack while using IoT technology.

The internet of things is the connection of everyday usable devices to the internet such as car, appliances, kitchen, and others. According to Xia et al. (2012), in this technology, the objects are connected to the computer-based system through a single network which allows them to send and receive data with each other. The devices connected to the internet of things can interact with each other and share the information of users which improve their usability. The devices are connected through sensors which assist them to communicate with each other and user can control them using though existing network infrastructure, it allows for a direct integration of the physical world with computer systems. The combination resulted in improved usability of the products because it increases their efficiency, accuracy, and advantages. With the advancement of technology, the technology will be able to use in devices such as smart grids, virtual power plants, home appliances, automatic transport system and smart cities. As per the research firm Gartner, more than 25 billion devices will be connected to the internet of things technology by the year 2020 (Gartner 2015).

The internet of things concept was first introduced in the article of Scientific American by Mark Weiser in 1991; the report provided the idea that reducing cost, size, and energy consumption of objects such as microprocessors, electronic appliances, and communication devices will assist in creating a ubiquitous computing experience (Press 2014). The term was attributed by Kevin Ashton, who was the co-founder of MIT Auto-ID center (Maney 2015). Governments and international organisation have recognised the development of the internet of things technology as an essential factor of growth. US National Intelligence Council added the internet of things technology to their list of ‘Six Disruptive Civil Technologies’ in 2008 (Taylor 2008). The mass usage and popularity of Internet-based smart devices assist in the growth of intent of things technology. Although, the first use of internet of things technology was found in1980s in Coca-Cola machine which was situated in Carnegie Melon University. Local programmers connect the device to the internet which allows them to check whether the drink is available and cold, before making their trip to the machine (Smith 2015). In modern times, the internet of things technology is used in appliances and wearable, with due to their popularity, more companies are using them in their products.

Advantages of IoT in convergence and convenience

Siriram (2011) provided that convergence means integration of different technologies into single computer network structure; it can also be defined as coming together of communications, computing and broadcasting technology into a single connection to the network infrastructure. The future of internet of things technology can be described as the integration of real-world infrastructure with devices which are connected to the internet-based system. The internet of things technology assists in the convenience of the people by improving the efficiency, accuracy, and usability of devices. In the development of new IP protocol IPv6 eliminate the limit of 4.3 billion addresses to trillions upon trillion, it increases the number of devices connected to the internet from 32 bits to 128 bits (Carpenter et al. 2015). The reduction in the cost of hardware, inexpensive high-speed internet accessibility, cloud service, increased capability of sensors and IPv6 allow more consumer devices to connect to the internet and improve the convergence and convenience in modern methods.

There have been several cases of success and failure of the internet of things technology. Currently, the internet of things technology is prevalent in cloud-based and wearable technology, but it will be widespread in different devices by 2025. As per Kiritsis (2011), the devices use by individuals such as car, headphones, lamps, washing machine, refrigerator, coffee machines, smartphones, wearable products, kitchen appliances and almost every other device will be connected to the internet to share and collect information from other devices. There have been many cases of IoT failure, for example, Target has one of the worst security breaches due to using IoT technology. The company was using HVAC contractor for granting trusted access to their heating and cooling systems, the hacker uses the credentials and installed a credit card skimming software on the sales devices, which causes a data breach. In 2013 cybercriminals were able to hack thousands of IoT refrigerators by using default passwords. The refrigerators was connected to a single network with allowing then access to a large number of devices. They use such devices to send thousands of spam emails to the users (Gubbi et al. 2013).

There have been various cases in which IoT was a success, especially in home security market IoT devices has dominated the industry. Security devices such as Ring, SimpliSafe, and DropCam improve the security of houses and provide various other benefits to the users. Many companies are using IoT technology in benefiting consumers, for example, while going to a meeting, a person’s car will be able to collect information from the calendar to know the timing of meeting and it can provide the best route to take. While stuck in traffic, a car can send a text to other party stating the approx. The time it will take to get at the location of the meeting. The alarm clock can notify the coffee maker to start brewing coffee once a person turns off his/her alarm. In a business environment, the office equipment knew when the inventory is running low, and it can automatically reorder it. Philips Hue is one of the most popular IoT devices, it allows users to change the colour of their lights with just one click, and they can also turn it on or off. Ninja Block adds may sensors to the house which tracks things such as water pipe burst and any motion inside the home; it automatically sends a notification to the users regarding the same.

Potential risks and its impact on user’s privacy

HarvestGreek is an IoT application that saves peoples time by feeding and watering plants based upon their actual growing requirements; it is an automating device which improves the growth of plants without any human interaction (Bandyopadhyay and Sen 2011). As per Miorandi et al. (2012), in case of infrastructure management, the IoT technology can benefit by controlling the operations of bridges, railway tracks, and roads in urban and rural areas. The IoT devices can monitor the process and report any change in the situation which can compromise the security of operation and increase risk in the procedure.A significant portion of the internet of things products are developed for the consumer use. Companies such as Bosch, IBM, Dell, Amazon Web Services, AT&T, and Cisco, are making IoT consumer gadgets which include smart wearable, medical gadgets, connected cars, home automation, and smart appliances such as refrigerator, washer, and ovens which are connected through Wi-Fi network.

In the manufacturing sector, the IoT technology assists the companies, such as Airware, Sigfox, and MetroMile, in automating the manufacturing equipment, assets, and the procedure. According to Atzori, Lera, and Morabito (2010), the corporations can monitor the practices in real-time which improve the security of the processes. Digital control system assists in automating the overall operation of manufacturing via predictive maintenance, arithmetical assessment, and measurements to maximize dependability of devices. The integration of smart grid can enable real-time power optimisation, evaluation of work, automatic controlling and safety management. As per the research of Daugherty et al. (2016), the development of IoT technology in manufacturing industry will generate more than $12 trillion of worldwide GDP by 2030. In the agriculture sector, wireless sensor can be integrated into the devices which provide necessary information such as temperature, wind speed, soil nutrition, humidity, and pest infection to the farmers which can assist in the improvement of the quality and quantity of the crops by reducing risk and wastage.

Innovations in the internet of things technology are advancing industries such as military, medical, business, supply chain, education and smart cities. As per Khoo (2011), with the immense advantages provided by the internet of things technology to individuals and society, there are several privacy issues and threats from proponents of cybercrimes. According to Weber (2010), the cybercriminals can use lack of proper security guidelines and weaknesses of the operating system to access the sensitive data of corporations and individuals which imposes a significant risk of their privacy. The threat of internet of things technology includes data security, lack of global standards, analytics complexity, and cyber-attacks.

Measures to minimize the potential threat of cyber-attack while using IoT technology

The right of privacy is significant for individuals, as conflict always occurs between modern technology and privacy of users in the industry. With the popularity of social media sites, the risk of privacy exposure has become a considerable threat to many peoples. Caron et al. (2015) conducted a study in Australian context which provided that the privacy regulations in Australia are not adequate to protect the private data of internet of things technology. As per Roman, Zhou, and Lopez (2013), in IoT technology, the sensors in devices collect a significant amount of data naturally which is unrelated to their primary purpose, and such information is distributed to other devices without the requirement of an individual to activate the sensor each time.

In past few years, the automation and driverless technology have increased in the automotive industry, companies such as Tesla, Google, Apple, and Uber are testing and producing self-driving cars (Gibbs 2017). The driverless vehicles, such as Tesla Model S, Lexus GS 450h and Audi RS 7, can perform ordinary driving actions such as back from the garage, parallel parking, analysing the road for potential accidental risk and even making call or messages through phones. All these features maximise the users driving pleasure and improve safety while driving, but these functions are not without any flaws. The awareness regarding cybersecurity is rapidly increasing in the automotive industry. Firstly, the security flaw was found in Jeep Cherokee by Charlie Millar and Chris Valasek in 2015; the two experts provided that hackers can easily manipulate connected cars (Greenberg 2016). The cybercriminals can hack essential functions of the vehicle such as brakes or speed; they can apply changes to the car while sitting miles away from the actual vehicle. Another risk of automated cars is that they are easier to unlock by hackers which makes them a potential target for theft. The connected car cybersecurity risks increase potential risk for individuals and public which reduces their global development.

Safety, data confidentiality and lack of interoperability are among the primary risks which can reduce the development of intent of things technology. The lack of robust and modest resource crunching accessibility, complex safety mechanism cannot be embedded in the IoT devices which make them vulnerable towards cyber-attacks by hackers (Vermesan et al. 2011). The DDoS cyber-attack over IoT system is denial to sleep in which hackers target specific IoT devices and machines which are attached to limited power supply sources and access them repeatedly to drain their power (Zargar, Joshi and Tipper 2013). The attack of denial to sleep can threaten the functioning of IoT technology, and it causes data gaps. The cyberterrorist can target particular operating systems on which malware can be processed, which makes the weak operating system and low-security devices vulnerable towards the cyber-attacks. The security breaches conducted by hackers reduce the trust of the public from the IoT system, and it exposes its vulnerabilities which can adversity influence the customer’s perception.

Success and failure case studies of IoT technology

The user of IoT technology might use low quality sensor and sell their data to large corporations. As per Kopetz (2011), the significant amount of data collected by IoT devices can become tradable as an asset; the consumers can sell their personal information to data aggregators, thus turning data into currency. Weber and Weber (2010) provided that the cybercriminals can install malware in IoT devices and control them for their unfair advantage which can be dangerous for the individual and public safety. There is lack of international law which applies to worldwide entities regarding the cyber-attacks, the privacy regulation of states are insufficient as the application of IoT technology is worldwide. The government finds it difficult to capture and punish the cybercriminals due to lack of proper regulations regarding their crimes. Laws and judicial interventions regarding the violation of privacy over the internet are ambiguous, and legislation regarding the security of public lags behind as the technology develops rapidly.

The risks of IoT technology reduce its development worldwide; several theories can be applied by companies to ensure the security guideline in IoT devices. In case of DDoS attacks, the companies can use various software applications to protect themselves from the attack. The security site KrebsOnSecurity suffered a DDoS attack which delivers them staggering 620 gigabits per second network traffic; another French web host receives 1.1 terabits per second attack. The common username of hackers has been leaked by the research of Ankit Anubhav, who works with NewSky Security. The DDoS attack uses default passwords for IoT devices to hack and control thousands of devices, companies such as KrebsOnSecurity, now uses randomly generated passwords to avoid the attack of DDoS attacks. The random number generator machine provides various unique passwords to the businesses which they can use to protect the IoT devices, by using this method, IoT devices working on same networks will be protected from cyber-attack.

Another theory that can be applied by companies to protect IoT devices of people from year attacks is “Nudge Theory”. According to Yang (2014), this theory focuses on changing the behaviour of individuals by “nudging” them towards better security decisions. For example, Facebook privacy nudge prevented users from unintentionally disclosing things which they might regret in future, such as a nasty comment or personal details. The users should continuously change their IoT devices passwords, and the passwords must be unique and difficult to ensure a high level of protection. The IoT devices should be continuously updated because companies can provide new security against malware in updates. The corporations and industry can apply various measures to protect the IoT technology from cybercriminals. As per Wortmann and Fluchter (2015), while decentralising the data, such as cloud service, procedure, gadgets and corporate bodies, it is necessary that such integration is systematic to provide safety to the data. IoT technology requires real-time interoperability in the devices and security measures need to adapt and prevent data islands. Encryption of data is necessary while implementing an IoT technology while transmitting the data through different IoT gadgets it is necessary that such information is not leaked in the process.

Future of IoT technology

Suo et al. (2012) provided that encryption algorithm turns standard text into cipher text which makes it difficult for hackers to understand the data; it ensures the security of information while it transfers between different internets of things devices such as refrigerator, air conditioners, and lights. The encryption procedure is significantly crucial while using smart homes devices because these gadgets continuously send and receive information with each other, and breach in one device can compromise the security of the entire system. Another method is hash-based cryptography theory which uses a digital signature scheme to secure the data of users. This theory ensures that while sharing the information, IoT devices decide whether an application can be trusted or not. Therefore, the proper authentication credentials are required to enter by an application to connect and share with IoT gadgets. As per Vlacheas et al. (2013), there is a considerable lack of identity and access management tools in authentication framework of IoT gateways. The implementation of global structures for authentication will be difficult to establish because solutions are created for the traditional environment, and they did not apply to the varied, heterogeneous and dispersed environment of IoT.

Firewall or deep packet inspection theory is required to be embedded in the IoT devices because they have unique protocols which are different from enterprise IT protocols. According to Ning, Liu, and Yang (2013), these protocols assist in recognising malicious payloads which are hidden in non-IT protocols. The Intrusion Prevention System (IPS) is a risk prevention application that examines the flow of network traffic; the examination assists in detection and prevention of vulnerability exploits. The firewall and IPS technology should be embedded in the IoT devices for filtering the network traffic to make optimal use of resources. Secure booting theory is also required in IoT devices by using cryptographically generated digital signatures; these signatures improve the integrity and authenticity of software. The strict regulation of government is also necessary to ensure that proper security measures are taken by companies while creating IoT products. These measures will reduce the risk of IoT technology and improve its usability for the users.

Conclusion

In conclusion, the internet of things technology brings various benefits to the convergence and convenience, the efficiency and accuracy of devices increased by using IoT technology. These devices share and collect information with each other to improve their usability, the convergence of technology increase the function of devices which enhance the experience of the user. The IoT can be used in building appliances, automobiles, security devices and smart cities. The use of IoT technology can improve the procedure of various devices, but along with benefits, there are several disadvantages of IoT technology as well. There are several potential risks in IoT technology such as cybersecurity issues, breach of security, data theft, lack of information protocols, and high level of complexity. The companies can implement various security theories to reduce the impact of risk in IoT technology such as using secure booting, firewalls, updates, encryption, and authentication. With proper security measures, IoT technology will provide various benefits to companies are individuals and transform multiple industries and their procedures.

References

Atzori, L., Iera, A. and Morabito, G., 2010. The internet of things: A survey. Computer networks, 54(15), pp.2787-2805.

Bandyopadhyay, D. and Sen, J., 2011. Internet of things: Applications and challenges in technology and standardization. Wireless Personal Communications, 58(1), pp.49-69.

Caron, X., Bosua, R., Maynard, S.B. and Ahmad, A., 2016. The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective. Computer Law & Security Review, 32(1), pp.4-15.

Carpenter, B., Chown, T., Gont, F., Jiang, S., Petrescu, A. and Yourtchenko, A., 2015. Analysis of the 64-bit Boundary in IPv6 Addressing (No. RFC 7421).

Daugherty, P., Banerjee, P., Negm, W. and Alter, A.E., 2015. Driving unconventional growth through the industrial internet of things. Accenture (https://www. accenture. com/us-en/_acnmedia/Accenture/next-gen/reassembling-industry/pdf/Accenture-Driving-Unconventional-Growth-through-IIoT. pdf Downloaded 15 July 2016).

Gartner., 2015. Gartner Says By 2020, a Quarter Billion Connected Vehicles Will Enable New In-Vehicle Services and Automated Driving Capabilities. Gartner. Retrieved form < https://www.gartner.com/newsroom/id/2970017 >

Gibbs, S., 2017. Samsung self-driving cars take fight to Apple, Uber and Google’s Waymo. The Guardian. Retrieved from < https://www.theguardian.com/technology/2017/may/02/samsung-self-driving-car-challenge-google-waymo-apple-uber >

Greenberg, A., 2016. THE JEEP HACKERS ARE BACK TO PROVE CAR HACKING CAN GET MUCH WORSE. Wired. Retrieved from < https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/ >

Gubbi, J., Buyya, R., Marusic, S. and Palaniswami, M., 2013. Internet of Things (IoT): A vision, architectural elements, and future directions. Future generation computer systems, 29(7), pp.1645-1660.

Khoo, B., 2011, October. RFID as an enabler of the internet of things: issues of security and privacy. In Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing (pp. 709-712). IEEE.

Kiritsis, D., 2011. Closed-loop PLM for intelligent products in the era of the Internet of things. Computer-Aided Design, 43(5), pp.479-501.

Kopetz, H., 2011. Internet of things. In Real-time systems (pp. 307-323). Springer US.

Maney, K., 2015. MEET KEVIN ASHTON, FATHER OF THE INTERNET OF THINGS. Newsweek. Retrieved from < https://www.newsweek.com/2015/03/06/meet-kevin-ashton-father-internet-things-308763.html >

Miorandi, D., Sicari, S., De Pellegrini, F. and Chlamtac, I., 2012. Internet of things: Vision, applications and research challenges. Ad Hoc Networks, 10(7), pp.1497-1516.

Ning, H., Liu, H. and Yang, L.T., 2013. Cyberentity security in the internet of things. Computer, 46(4), pp.46-53.

Press, G., 2014. A Very Short History Of The Internet Of Things. Forbes. Retrieved from < https://www.forbes.com/sites/gilpress/2014/06/18/a-very-short-history-of-the-internet-of-things/#26a687c910de >

Roman, R., Zhou, J. and Lopez, J., 2013. On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), pp.2266-2279.

Siriram, R., 2011. Convergence of technologies. South African Journal of Industrial Engineering, 22(1), pp.13-27.

Smith, G., 2015. From 1982 Coca-Cola vending machine to latest trend: What the Internet of Things means for business. Real Business. Retrieved from < https://realbusiness.co.uk/tech-and-innovation/2015/07/15/from-1982-coca-cola-vending-machine-to-latest-trend-what-the-internet-of-things-means-for-business/ >

Suo, H., Wan, J., Zou, C. and Liu, J., 2012, March. Security in the internet of things: a review. In Computer Science and Electronics Engineering (ICCSEE), 2012 international conference on (Vol. 3, pp. 648-651). IEEE.

Taylor, D., 2008. The World in 2025, According to the National Intelligence Council. Old-Thinker News. Retrieved from < https://www.oldthinkernews.com/2008/06/26/the-world-in-2025-according-to-the-national-intelligence-council/ >

Vermesan, O., Friess, P., Guillemin, P., Gusmeroli, S., Sundmaeker, H., Bassi, A., Jubert, I.S., Mazura, M., Harrison, M., Eisenhauer, M. and Doody, P., 2011. Internet of things strategic research roadmap. Internet of Things-Global Technological and Societal Trends, 1, pp.9-52.

Vlacheas, P., Giaffreda, R., Stavroulaki, V., Kelaidonis, D., Foteinos, V., Poulios, G., Demestichas, P., Somov, A., Biswas, A.R. and Moessner, K., 2013. Enabling smart cities through a cognitive management framework for the internet of things. IEEE communications magazine, 51(6), pp.102-111.

Weber, R.H. and Weber, R., 2010. Internet of things (Vol. 12). New York, NY, USA:: Springer.

Weber, R.H., 2010. Internet of Things–New security and privacy challenges. Computer law & security review, 26(1), pp.23-30.

Xia, F., Yang, L.T., Wang, L. and Vinel, A., 2012. Internet of things. International Journal of Communication Systems, 25(9), p.1101.

Yang, S.H., 2014. Internet of things. In Wireless Sensor Networks(pp. 247-261). Springer London.

Zargar, S.T., Joshi, J. and Tipper, D., 2013. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), pp.2046-2069.