Research Problem

Discuss about the Security and Privacy Issues in Internet of Things (IoT).

The Internet of Things (IoT) would refer to the several millions of devices from all over the world, which would be connected to each other with the help of internet-based technology (Wortmann & Fluchter, 2015). Cheap processors and wireless networks have the possibility of IoT technology to be successful. The technology of IoT adds an intelligence level to the devices and thus they would be able to communicate without the involvement of a human being. This technology would help in merging the physical and the digital worlds. Any object of the physical world could be turned into an IoT based device and then could be controlled if it could be connected with the help of the internet (Mulani & Pingle, 2016).

With the rise in the number of devices that are being connected with the help of internet technology, this has led to a number of problems, which have risen with this advancement. This paper focusses on the various problems, which may arise with the rising growth of increase in the IoT networks (Gubbi et al., 2013). Privacy and protection of information should be the major area of concern for the security of the IoT based devices. This is meant for the purpose of the confidentiality of the user and issues related to the security (Sicari et al., 2015). This paper discusses about the security issues related to the IoT environment.

The research topic discusses about the security aspects within the IoT network. The security within the premises of the IoT environment is an important matter of concern as the devices, which are connected to the internet are capable of sharing vital information related to the users (Roman, Zhou & Lopez, 2013). The IoT based devices make use of sensors for a variety of devices. In many of the IoT based applications, the sensors make use of variables that includes pressure, speed, temperature, heart rate and many others. 

There is a high need for the privacy and the protection of security in the IoT environment. Many of the devices that are used within the IoT environment have a limited amount of memory, low capacity of processing and less power of the battery. Hence, the classical mechanisms for the security of the devices are sometimes inefficient in order to deal with the unique situations of security, which might arise with the changing trends in the IoT environment (Whitmore, Agarwal & Da Xu, 2015). The devices, which are connected in the environment of IoT are able to perform their functions with the help of wireless based networks that are able to provide lower bandwidth.

Research Justification

Fragmentation is another problem, which has affected the sector of IoT. The solutions for security are not standardized earlier or they may be standardized for one area of application. The IoT environment is mainly affected due to the need for the interoperability between the devices, which are connected together (Keoh, Kumar & Rschofenig, 2014).  

The research is based on the discussion about the various issues that might arise with the security and privacy with the emerging trends within the IoT networks. Though the technological advancements have brought major changes, it is quite essential to maintain the confidentiality of the data of the user.

The Internet of Things (IoT) is a comprehensive network of the virtual and the physical things that would be connected with the help of internet networks. Each and every object that are connected with the internet are provided with a unique ID that is mainly used for the purpose of identification (Soliman et al., 2013).  IoT is one such emerging technology that would be able to change the way in which users would be able to connect with various kind of devices. In the near future, every kind of electronic device would be a smart device that would be able to communicate and compute with the handheld and devices of infrastructure (Al-Fuqaha et al., 2015).  Most of the devices that are connected with the internet would be majorly operated on the battery due to the reason that they would possible to operate on low processing. The privacy is also a major issue within the IoT environment. The major privacy and security concerns within IoT are device heterogeneity, identification of the devices and the authentication of the devices. Another set of major challenges that are included within the IoT environment are mechanism of communication in ethics, scalability, integration, surveillance and the various business models (Borgia, 2014).

The primary technologies that are included within the IoT environment are Near Field Communication (NFC), Wireless Sensor Networks (WSN) and Radio Frequency Identification (RFID).  

Near Field Communication (NFC) – This is regarded as one of the major technologies, which is mainly used in order to communicate with the devices that are within a few centimeters of distance. This technology makes use of low power and requirement of data rate. The technology of NFC mainly supports some of the features of IoT such as smart cards, control of access, transport and many others (Coskun, Ozdenizci & Ok, 2013).

Literature Review

Wireless Sensor Networks (WSN) – The WSN technology is used when there would be a need for the applications of remote sensing and the collecting of information. The networks based on WSN are effective in cost and consumes less power. The Deterministic Algorithm is a type of algorithm, which has been majorly been proposed that could be used to solve various kind of problems related to the coverage of the networks (Khalil et al., 2014)

Radio Frequency Identification (RFID) – Another major form of technology that is used is the RFID. Each and every object within the IoT environment have an inbuilt smart tags and identifiers. This helps in the configuring with the other kinds of devices with the help of computers. The objects within the IoT network have an inbuilt smart chip or a microprocessor that would be able to provide the capability to the object in order to sense the correct information from the surrounding environment, compute the information and then communicate the desired results to other humans or objects (Lee & Lee, 2015). 

The technology of IoT has covered a wide range of the application products. The number of protocols, which are being added in the IoT network, are increasing rapidly. The protocols that are being used for the higher level functions are mainly assigned to the vendors (Rahman & Shah, 2016).

The QUIC (Quick UDP Internet Connections) is a kind of protocol, which makes use of the User Datagram Protocol (UDP). It would be able to support a composite group of connections. The QUIC protocol possesses the ability to provide the protection of security unlike the Transport Layer Security or as the Secured Sockets Layer. They have the feature of reducing the transport latency and the number of available connections (Lychev, 2015). This protocol has been also designed in order to make an estimation of the bandwidth in either of the direction such that the problem in the congestion of the networks could be avoided.

The DTLS (Datagram Transport Layer) is a kind of protocol, which is mainly responsible for supplying the privacy of communication for the purpose of UDP. The DTLS protocol would enable the client/server applications to be eligible such that any issues with the tampering of messages, forgery of messages or eavesdropping could be avoided. The base level of the DTLS protocol is known as the TLS that is mainly used for providing security to the IoT based network (Fossati & Tschofenig, 2016).   

The Technologies in IoT

The devices that are being connected within the IoT network have a little amount of resources. Hence the complete suite of security cannot be used. Special frameworks for the security could be designed or they could be acquired from the existing solutions. In order to provide solutions for the security, lightweight solutions for security would have to be made in order to secure the IoT network (Skarmeta, Hernandez-Ramos & Moreno, 2014).

Requirements of the Security Framework– The architecture for the IoT network would always have a major impact on the security and the privacy of the different users. The meaning of the privacy within the IoT network is necessary in order to ensure that the information of the user would remain hidden from suspicious people. The privacy of an individual is their personal right.

Privacy of the User – There are certain steps that needs to be persuaded in order to help the provider of information to refrain from a lookup system that would be in relation with the user. The major requirement within the current environment of IoT is to focus and enhance on the privacy of the user and the security of the information of the user within every layer.

A tagging of the data is proposed for the purpose of the management of the privacy within the environment of IoT. This is also meant in order to preserve the vital data, demonstrate the model of privacy (Ukil, Bandyopadhyay & Pal, 2014).

Control of Access – The provider of the information service should apply any mechanism for the control of access in order to secure the data from potential misuses and any form of damage to the private information of the users by any other group. It should be available to the individual who would deserve it.

Management of the Identity – The network of IoT is considered as a vast area of administration, which deals with the identification of an object with the help of different kinds of techniques within the system and thus control of access by associating the rights of the users and putting some level of restrictions with the identity that has been recognized.

Secure Communication of Data – The communication of secured data is considered as a major part of the security in the IoT environment. This would include the authentication of the objects that would be communicating and maintaining the integrity of the data, which is communicated. It would also involve the protection of the identity of the communicating objects (Jing et al., 2014).

IoT Protocols Related to Security

Resilience against Attacks – Attackers are able to discover and exploit any kind of vulnerability within the existing system within an open and the IoT connected world. The systems should be designed in such a way that they would be able to support any kind of mechanism for protecting themselves against any kind of attacks. The system should also be capable to protect themselves against single failure point and they should adjust in cases of the failure of the nodes. They should also be able to fight against several kinds of attacks. 

Mobile Based Security – There is a regular movement of the mobile nodes from one part of the cluster of networks to the another part within the IoT network. A cryptography based protocol is constantly being used in order to allow for the protection of the privacy, identification and the authentication. The ad-hoc protocol provides the ability for the rapid supply of the protections and thus guard them against the various kinds of attacks, which may include eavesdropping, tracking of the location, replay attack and many others (Tao et al., 2014).

Technologies for Enhancing of the Privacy – The major area of concern within the IoT framework is related to the privacy of the data of the user. In order to enhance the personal data of the user, there are a few basic technologies, which could be used.

Security of the Transport Layer – The Transport Layer Security (TLS) would be helpful in increasing the integrity and confidentiality of the data within the IoT network. The prime issue within the TLS is that each of the individual object would require a connection of TLS that would search for the information.

Virtual Private Network – The VPN are the kind of networks that could be easily accessed from the outside area that would be formed by a close group. The networks could easily access the system and they could help in promising the confidentiality of the user and the maintenance of the integrity of the data. The VPN do not provide the facility of a global exchange of information. The information is confined within a limited area, which would be helpful in enhancing the effectiveness of the privacy.

Encryption of the Data – The majority of the devices that would be connected within the IoT framework would be operated on battery power. Hence the encryption technology would provide constraints for the processing of low power algorithms. The encryption could be done for the purpose of integrity of the data throughout the transportation of the data.

Needs for the Security and Privacy

Onion Routing – This is considered as one of the technique of the enhancement of the privacy that would encrypt and merge the traffic of the internet from several sources. The process of onion routing could hamper the matching of the packets of internet for a particular source (Gregorio, 2015).

Major Issues of Security – The technology of the internet has evolved with the changing times. The IoT is a major change in the technological field. In order to make the IoT network to be feasible, it is mostly important to reduce the cost and thus increase the number of the supportable devices. There are some of the technical issues along with the security issues, which need to be solved before the achievement of the goal of the wider adoption of the IoT environment.

The major technical issues of the IoT framework includes wireless based communication, energy security and the scalability. Some of the vital issues related to the security are:

Identification – The identification of every device is mainly required in order to keep a check on the originality or any kind of malicious code. There might be a need for the reference of the manufacturer.

Authentication – The biggest issue in the IoT environment is of authentication. The authentication of every device connected within the IoT framework is a difficult task. Many mechanisms for the security have been proposed earlier that would be based on the on the cryptographic primitives of private key.

Management of the Data – One of the major problem in the IoT environment is for the identification of the several devices and addressing the issues that would arise. There are several methods, which could be useful for the purpose of identification of the various objects within the environment of IoT. Some of the methods might include the identification of the vision based object, identification with the help of barcodes and many others. The technologies such as NFC and RFID are mainly used for the purpose of scanning (Abomhara & Koien, 2014).

Heterogeneity – This is also regarded as one of the biggest issue for the privacy and security within IoT. The problems should be properly undertaken in order to design the IoT framework into a reliable and secure platform. Each of the object within the IoT framework should be able to tackle the problem individually. It is a hard task to secure the various kinds of devices from several kinds of attacks. Each of the device within the IoT framework are able to communicate and work independently as compared to the devices that are not compatible to the IoT framework.

Remediation of the Problems– Various kinds of solutions to the various issues that are in relation with the privacy and security in the IoT framework are:

Identification – The identification of the various devices could be performed by the consideration of the physical addresses by the deployment with the help of IPv6. The process of identification would be necessary for proceeding towards authentication and the management of the data. 

Authentication – The process of the authentication of various kind of devices in the current timeframe would be considered as an issue. The RFID plays as a major part for the purpose of identification of various kind of objects. The process makes use of the electromagnetic induction and the propagation of the electromagnetic waves in order to identify the various objects (Wu et al., 2016).

Management of the Data – The identification with the help of bar code is considered as the mostly common and consumes less power. The barcode scanner is able to scan the barcode and the information that would be contained within the barcode would transfer the data that could be identified by the computers.

Heterogeneity – The IDRA architecture should be used in order to integrate all the devices I order to remove the issue of heterogeneity. The IDRA are capable of connecting with the objects without the use of any kind of gateway. The IDRA also helps in reducing the cost. The IDRA also helps in supporting the best kind of strategy among the several kinds of technologies at all the levels of the network (Yao et al., 2016).

Conclusion

Based on the above report, it could be concluded that in the recent years, IoT would become as a major component in the future of internet. With the advancements in this field, the security and the privacy of the devices connected with the internet should also be developed. In order to achieve the goal of privacy and the security of the devices, there should be a significant amount of research, which would be needed. There are some major areas of research within the IoT framework such as the proper utilization of Big Data, openness, dependencies and architecture and scaling. As a large number of devices are connected in the network of IoT, hence the proper utilization of the system would be affected.  As there is no such standard for the IoT architecture, hence it is extremely important to have a kind of architecture that would be adequate in nature. This would allow ease in the control, connectivity and communication. This research has also put a deep focus on the various privacy and the security issues within the IoT environment and also discusses about the other IoT based aspects, which includes the architecture and the applications of the IoT. 

References

Abomhara, M., & Køien, G. M. (2014, May). Security and privacy in the Internet of Things: Current status and open issues. In Privacy and Security in Mobile Systems (PRISMS), 2014 International Conference on (pp. 1-8). IEEE.

Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347-2376.

Borgia, E. (2014). The Internet of Things vision: Key features, applications and open issues. Computer Communications, 54, 1-31.

Coskun, V., Ozdenizci, B., & Ok, K. (2013). A survey on near field communication (NFC) technology. Wireless personal communications, 71(3), 2259-2294.

Fossati, T., & Tschofenig, H. (2016). Transport layer security (TLS)/datagram transport layer security (DTLS) profiles for the internet of things. Transport.

Gregorio, L. D. (2015). Evolution and Disruption in Network Processing for the Internet of Things: The Internet of Things (Ubiquity symposium). Ubiquity, 2015(December), 1.

Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future generation computer systems, 29(7), 1645-1660.

Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the Internet of Things: perspectives and challenges. Wireless Networks, 20(8), 2481-2501.

Keoh, S. L., Kumar, S. S., & Tschofenig, H. (2014). Securing the internet of things: A standardization perspective. IEEE Internet of Things Journal, 1(3), 265-275.

Khalil, N., Abid, M. R., Benhaddou, D., & Gerndt, M. (2014, April). Wireless sensors networks for Internet of Things. In Intelligent Sensors, Sensor Networks and Information Processing (ISSNIP), 2014 IEEE Ninth International Conference on (pp. 1-6). IEEE.

Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises. Business Horizons, 58(4), 431-440.

Lychev, R., Jero, S., Boldyreva, A., & Nita-Rotaru, C. (2015, May). How secure and quick is QUIC? Provable security and performance analyses. In Security and Privacy (SP), 2015 IEEE Symposium on (pp. 214-231). IEEE.

Mulani, T. T., & Pingle, S. V. (2016). Internet of things. International Research Journal of Multidisciplinary Studies, 2(3).

Rahman, R. A., & Shah, B. (2016, March). Security analysis of IoT protocols: A focus in CoAP. In Big Data and Smart City (ICBDSC), 2016 3rd MEC International Conference on (pp. 1-7). IEEE.

Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266-2279.

Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer networks, 76, 146-164.

Skarmeta, A. F., Hernandez-Ramos, J. L., & Moreno, M. V. (2014, March). A decentralized approach for security and privacy challenges in the internet of things. In Internet of Things (WF-IoT), 2014 IEEE World Forum on (pp. 67-72). IEEE.

Soliman, M., Abiodun, T., Hamouda, T., Zhou, J., & Lung, C. H. (2013, December). Smart home: Integrating internet of things with web services and cloud computing. In Cloud Computing Technology and Science (CloudCom), 2013 IEEE 5th International Conference on (Vol. 2, pp. 317-320). IEEE.

Tao, F., Cheng, Y., Da Xu, L., Zhang, L., & Li, B. H. (2014). CCIoT-CMfg: cloud computing and internet of things-based cloud manufacturing service system. IEEE Transactions on Industrial Informatics, 10(2), 1435-1442.

Ukil, A., Bandyopadhyay, S., & Pal, A. (2014, April). Iot-privacy: To be private or not to be private. In Computer Communications Workshops (INFOCOM WKSHPS), 2014 IEEE Conference on (pp. 123-124). IEEE.

Whitmore, A., Agarwal, A., & Da Xu, L. (2015). The Internet of Things—A survey of topics and trends. Information Systems Frontiers, 17(2), 261-274.

Wortmann, F., & Flüchter, K. (2015). Internet of things. Business & Information Systems Engineering, 57(3), 221-224.

Wu, D. J., Taly, A., Shankar, A., & Boneh, D. (2016, September). Privacy, discovery, and authentication for the internet of things. In European Symposium on Research in Computer Security (pp. 301-319). Springer, Cham.

Yao, L., Sheng, Q. Z., Ngu, A. H., & Li, X. (2016). Things of interest recommendation by leveraging heterogeneous relations in the internet of things. ACM Transactions on Internet Technology (TOIT), 16(2), 9