Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Internet of Things Security and Privacy

Verified

Added on 2023/06/04

AI Summary

This report discusses the threats and vulnerabilities to internet of things and privacy preserving solutions for IoT security. It covers the privacy threats in IoT, privacy preserving policies, and security requirements for IoT. The report also provides solutions for privacy preserving in the organization. The subject is IT Risk Management and the course code is not mentioned. The college/university is not mentioned.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: INTERNET OF THINGS 0
IT RISK MANAGEMENT
INTERNET OF THINGS
(Student Details:)
9/26/2018

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Internet of things 1
Executive Summary
The Internet of things helps billions of people. IoT connects thousands of smart
devices that give new experiences to people throughout the world. However, increasing
growth of connected devices increased several privacy threats and security risks. Hence,
security and privacy have become essential for the one who is operating IoT devices and
systems. There are seven kinds of threats to IoT: identification, Localization and Tracking,
Profiling, Privacy-violating interaction and presentation, Lifecycle Transitions, Inventory
Attack, and Linkage. Privacy preserving policies that need to be indulge in the corporation
are cryptography techniques, privacy awareness or context awareness, access control, and
data minimization. Due to higher complexity of IoT systems, these require end-to-end
security. Security must deal with all aspects otherwise hackers attack the weakest link and
harm the security of the organizations’ confidentiality. Fortunately, four cornerstones for
security of IoT are available: Protecting Communications, Protecting Devices, Managing
Devices, and Understanding Your System. Gigantic Corporation manufactures varieties of
software and hardware that provides its users with various telecommunication services. In
Gigantic Corporation privacy and security methods used for IoT are not enough to restrict
hackers and attackers. Therefore, there is need of improved privacy policies and security
methods. Above mentioned threats have become serious issues in the organization and need
strong and powerful security walls to restrict attackers. This report will discuss the threats
and privacy issues in the organization and also provides solutions for privacy preserving in
the organization.

Internet of things 2
Contents
Executive Summary...................................................................................................................1
Introduction................................................................................................................................4
Outline of Gigantic Corporation................................................................................................4
1. Role and responsibility....................................................................................................4
2. Technology used in Gigantic Corporation......................................................................4
Overview of Recommendation..................................................................................................5
Threats and vulnerabilities to internet of things.........................................................................5
Privacy Threats in IoT............................................................................................................6
1. Identification............................................................................................................6
2. Localisation and Tracking.......................................................................................7
3. Profiling...................................................................................................................7
4. Privacy-violating interaction and presentation........................................................7
5. Lifecycle Transitions...............................................................................................8
6. Inventory Attack......................................................................................................8
7. Linkage....................................................................................................................8
Privacy preserving solutions......................................................................................................8
1. Cryptography techniques................................................................................................8
2. Privacy awareness or context awareness.........................................................................9
3. Access Control................................................................................................................9
4. Data minimization...........................................................................................................9

Internet of things 3
IoT Security................................................................................................................................9
1. Protecting Communications:.........................................................................................10
2. Protecting Devices:.......................................................................................................10
3. Managing Devices:........................................................................................................10
4. Understanding Your System:........................................................................................11
Conclusion................................................................................................................................11
References................................................................................................................................13

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Internet of things 4
Introduction
Billions of physical devices are connected to the internet (Radomirovic, 2010). These
devices are collecting and sharing by using internet of Things, or IoT. Anything can be turned
into a part of the IoT with the help of processors and wireless networks. IoT adds digital
intelligence to devices that makes them to communicate without the help of a human being,
and hence made possible to merge the digital and physical worlds (PurpleSyntax, 2018).
Everyday objects can be made ‘smart’ by adding sensors and communication interfaces to
them. Here the word ‘smart’ means the objects are able to communicate required information
of their surroundings (Sklavos & Zaharakis, 2016)
Outline of Gigantic Corporation
Gigantic Corporation is an information and technology organization. It manufactures
variety of software’s and hardware’s that facilitates its users many telecommunication
services. Organization is facing various IT risks like security threats, data breach and other
cyber-crimes (Carr, 2016).
1. Role and responsibility
Gigantic Corporation is an IT organization and I work here as an IT Risk Assessment lead
consultant. The main roles of an IT risk consultant are to develop risk policies for the
company, assist in risk analysis, developing risk management practices, to maintain threats to
the information security and improve security systems so that users can secure their private
information.
2. Technology used in Gigantic Corporation
There are various information technologies used by Gigantic Corporation, for example, the
Internet of thing, wireless networks, cloud computing, network protocols, and information
technologies (Chakhchoukh, & Ishii, 2015). By using all these technologies, gigantic
corporation is providing communication services to many companies and consumers.

Internet of things 5
Overview of Recommendation
As the use of electronic data processing is increasing in gigantic organization,
securing information and privacy of IoT has become major issue today (T.K & Jebakumar,
2018). Westin defined information privacy in 1968 as “the right to select what personal
information about me is known to what people”. This report will cover threats and risk to
Internet of Things or IoT in the gigantic organization and how the organization adopt
different methods to reduce IoT risk for the gigantic organization. This organization can
ensure IoT security with four corner stones and these are Protecting Communications,
Protecting Devices, Managing Devices and Understanding your System (Symantec, 2016).
Privacy of the organization’s confidential data can also be assured by cryptography,
awareness of privacy risks, control over the collection and processing of the information by
individual and by data minimization (Aleisa & Renaud, 2016).
Threats and vulnerabilities to internet of things
IoT regarding technologies and features are evolving very fast and also the ways of
interaction with the IoT are evolving. Some of the risks of IoT include extended downtime,
physical harm to people, and equipment damages such of pipelines, power generation
facilities and blast furnaces (Beta.complyscore, 2016). IoT and these kinds of facilities have
been attacked several times and materially damaged. Hence security has become the most
important need for the one who is making and functioning IoT devices and systems
(Symantec, 2016). Some of the security requirements on IoT are (Deogirikar & Vidhate,
2017):
 Authentication: Authentication means ‘verification’, routing peers need to be
mutually verified before sharing route information and the origin of the shared data is
accurate. IoT require strong and highly automated authentication (Abomhara &
Køien, 2014).
 Access Control: To prevent the use of unauthorized node is known as access control it
means it ensures that the nodes are not compromised. (Abomhara & Køien, 2014).
 Confidentiality: When information is shared over a medium which is accessible
publicly such as air for wireless transmission, it needs to be protected. Confidentiality
ensures the protection of information. (Abdmeziem, 2016)

Internet of things 6
 Integrity: It ensures that not of any kind of unauthorized modification occurs and
protection of data. (Abdul-Ghani et al., 2018).
 Availability: It makes information available when it is required, specific to IoT
(Husamuddin & Qayyum, 2017).
Privacy Threats in IoT
Evolution in IoT technologies and its features leads several privacy threats and
challenges (Alsaadi & Tubaishat, 2015). Classification of these threats can be understood
from our reference model where these are most likely to appear.
Figure: Threats in the Reference Model
(Source: Ziegeldorf, Morchon, & Wehrle, 2013)
From the reference model it is seen there are seven threat categories:
 Identification
 Localization and Tracking
 Profiling
 Privacy-violating interaction and presentation
 Lifecycle Transitions
 Inventory Attack
 Linkage

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Internet of things 7
1. Identification
Association of an identifier denotes the Identification threat, e.g. association of a name
and address with an individual. Association of a particular identity to a particular privacy
breaching context defines a threat, and in addition it leads to several other threats also, e.g.
combination of different data sources or profiling and tracking (Ziegeldorf, Morchon, &
Wehrle, 2013). Gigantic Corporation facing identification threat, as large number of gigantic
employee’s identity is associated with other co-workers. Backend services of our reference
model concentrate the large amount of information and the information processing phase has
the most chances of threat of identification.
2. Localisation and Tracking
It is a kind of threat which determines and records the location of a person through time
and space. Gigantic company has threat of localisation and tracking as the hackers track the
information about location of the company’s important meetings and thus services can be
targeted in specific location and particular time (Kozlov, Veijalainen, & Ali, 2012). To track
ones location it requires binding identification of some kind to continuous localization of
individual (Aleisa & Renaud, 2016). There are different means of tracking today, e.g. GPS,
internet traffic or mobile phone location. There are many threats identified related to this
threat which leads to privacy violation, e.g. GPS stalking (Ziegeldorf, Morchon, & Wehrle,
2013). Localisation and tracking threats mainly occur in the phase of information processing,
where location of the subject is traced without his concern.
3. Profiling
Profiling refers the threat of collecting information of individual in order to conclude
interests by correlation with other data and profiles. Gigantic company is facing profiling
issues as the employees can be targeted specifically. In e-commerce profiling method is
mostly used for personalization. Profiling is also used for internal optimization depending on
interest of customer and demographics (Ziegeldorf, Morchon, & Wehrle, 2013). Examples of
profiling which leads to privacy violation are unsolicited advertisements, price
discrimination, erroneous automatic decisions and social engineering. Profiling threats
mainly occurs in the dissemination phase.

Internet of things 8
4. Privacy-violating interaction and presentation
This threat refers that personal information is conveyed through a common medium and
during this process information is disclosed to the unwelcomed audience. IoT applications
like transportation, healthcare and smart retail needs interaction with user. Smart things like
speakers, advanced lighting installations and video screens are used to provide information to
the users. Users control these smart things by new intuitive ways like by touching, moving
and speaking to smart things (Ziegeldorf, Morchon, & Wehrle, 2013). These interaction
mechanisms are public; hence gigantic company’s information and private data is on threat,
anyone in the vicinity can observe them. Hence when personal information is exchanged
between the user and the system, this becomes a threat to the privacy (Aleisa & Renaud,
2016).
5. Lifecycle Transitions
During changes of control spheres in lifecycle of smart things privacy is threatened as it
discloses private information. Stored information and collected data in smart things are main
reason behind privacy violation from lifecycle transitions (Aleisa & Renaud, 2016). Lifecycle
threat is mainly related to the information collection phase of the reference model. Gigantic
company devices are sold and disposed of when they became out of use. It is assumed that all
the data is deleted but devices store a lot of information of their history throughout their
entire lifecycle.
6. Inventory Attack
Unauthorized collection of information of personal things and data is known as Inventory
attack (Aleisa & Renaud, 2016). Hackers use inventory data to access Gigantic Company’s
confidential data and safe time to break in.
7. Linkage
This threat comes when previously separated different systems are linked. It gets to know
from combination of data sources that the subject was not disclosed to the previously isolated
sources. When data collected from different sources under different circumstances and
permissions is combined users fear inferior judgement and loss of context (Weber, 2010).

Internet of things 9
Privacy preserving solutions
In order to preserve privacy within the organization and security of end-users and service
providers, As an IT consultant I suggest, Gigantic Corporation should incorporate these
privacy policies to provide better security and to protect the company from various above
mentioned threats. Below is the list of privacy preserving solutions (Aleisa & Renaud, 2016):
1. Cryptography techniques: Of all the privacy preserving schemes cryptography
is still the most dominant privacy solutions. Cryptographic techniques are based on
encryption algorithms. Advanced Encryption Standards (AES) is used to ensure the
confidentiality.
2. Privacy awareness or context awareness: In order to make its employees
aware of the privacy of IoT, Gigantic Company should focus on individual
applications which provide its users about the basic privacy of smart devices. A
trusted third party should be proposed for the users, so that the applications will no
longer dependable on the location information (Rachid, Challal & Nadjia, 2015).
3. Access Control: Access control allows its users to manage their data by own. After
encryption and privacy awareness, access control is one of the feasible solutions.
CapBAC (Skarmeta, Hernandez-Ramos, & Moreno, 2014) is one approach for access
control. In this approach smart thing itself make authorization decisions.
4. Data minimization: Gigantic organization should apply data minimization
principle to reduce security threats. Data minimization makes the IoT service
providers to limit on the collection of the personal information that is relevant
directly. Data is retained as long as it is necessary to fulfil the requirements.
Apart from above mentioned solutions, there are other solutions also. These are mentioned
below:
1. Hitchhiking: It is a new approach that ensures the anonymity of users who gives
their location. Location is considered as the entity of interest and not the user because
the information of person who is at particular location is unnecessary (Aleisa &
Renaud, 2016).
2. Introspection: It protects the personal information of the user by analysing the
activities of the VM. CPU state of very VM is analysed here. It also detects the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Internet of things 10
malicious software on the VM, and if due to any malicious attack, IoT device loses
its integrity, it creates risks for the privacy of the user (Aleisa & Renaud, 2016).
IoT Security
IoT systems are highly complex and requires end-to-end security that covers both
cloud and connectivity layers. There is need of strong security solutions otherwise attackers
simply use weakest link to exploit the security walls of the organization. Gigantic corporation
systems drive and handle data from IoT systems. There is need of additional and unique
security solutions for IoT systems. Security for IoT systems can be covered with four
important cornerstones. By combining these four security cornerstones, robust and easy-to-
deploy security architectures can be formed. This security architecture will help in lessen
majority of security threats to the Internet of Things (Symantec, 2016).
As mentioned there are four major security constraints:
1. Protecting Communications:
There are three fundamental terms that define a meaningful security: Encryption,
Authentication and Key-management. Key management techniques used by gigantic
corporation for IoT are still not safe. A “trust model” is available to protect billions of
transactions. This “trust model” helps in authenticating systems of other companies by their
systems and this starts a communication that is encrypted, with those systems (Banerjee,
Dong, Taghizadeh, & Biswas, 2014). Accepting a data that is not verified can be dangerous
to the company. This kind of data can corrupt the device, and some malicious party would get
control of the device. Therefore a strong authentication is needed to restrict such threats.
Elliptic Curve Cryptography is ten times faster and more efficient than traditional encryption
process and does not compromise on security of IoT (Symantec, 2016).
2. Protecting Devices:
Each device boots and runs some kind of code whenever it is powered up. Here it is
necessary to ensure that device do whatever programmed to do that. Therefore, to protect a
device it is the first step to make sure the device boots and runs a code that we want it
running. OpenSSL libraries are available to check the signatures of the code, and accepts
code only if it comes from an authorized source. To ensure that the code is not tampered after

Internet of things 11
being signed, code signing cryptographically is used, and this is done at the application and
firmware levels. To protect the devices there are some rules of accepting data and these are,
“never trust unsigned code”, “never trust unsigned data” and “do not ever trust unsigned
configuration data” (Symantec, 2016). For gigantic corporation the main challenge is
‘managing the keys’ and ‘controlling access to the keys’.
3. Managing Devices:
To manage software and firmware inventories on each device as well as for device
configuration, there are strong standards for that. It requires managing configuration of host-
based security technologies for managing security for each device. OTA updates of security
content are needed for some security technologies. On the other hand, some security
technologies depend only on policy based mechanisms. Policy based security technologies
need updates only when the software is re-imaged on a device for purposes like adding
functionality. On each device security components are not the alone components that needs
be managed securely and safely. Data generated by sensors of most of the devices is needed
to be collected and transmitted safely and securely for storage at a safe and secure place. To
manage devices, IoT systems are provided with update capabilities built into them from the
starting. Chances of threats and vulnerabilities increases if the devices are not provided with
OTA updates built into them (Symantec, 2016).
4. Understanding Your System:
Today, most of the IoT technologies and systems are considered as “intranets of things.”
A device should be trusted or not depend on “Directory of Things.” This directory tracks
security information of each device and IoT system. It also helps in managing permissions
that devices and systems grant each other. These directories also helps in the discovery of
devices as more and more IoT device are increasing. Because of these directories it have
become possible to find the remote devices quickly. Details of the devices along with its
capabilities and reputation are listed in this directory (Symantec, 2016).
Conclusion
As discussed above, IoT is connecting billions of devices to the internet which collects
and shares data. It has become possible to communicate with the help of IoT without any
human being. But as we said above there are various threats to Internet of Things. Digital

Internet of things 12
devices used in the gigantic corporation are also connected with internet of things and these
are also prone to various attacks and threats. Security systems used in the organization are not
enough to secure the devices from these attacks. Privacy is also important while
communicating with IoT. Several of privacy threats, security issues are discussed above
(Ziegeldorf, Morchon, & Wehrle, 2013). This report elaborates a simple and effective
architecture for IoT security and privacy threats and also discussed about privacy preserving
policies for IoT needed in gigantic company.
 The architecture ensures that all code is signed cryptographically, authorized and
restricts the unsigned code to run.
 The architecture uses authentication and encryption processes to protect the
communication. More than a billion IoT devices are protected using trust models, but
with introduction of newer ECC algorithms increased the security level in resource
constrained IoT devices.
 Further malicious data can be reduced through host-based protection and all security
threats through security analytics.
 The architecture describes an effective, safe and secure dynamic management of the
system to diminish threats further.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Internet of things 13
References
Abdmeziem, M. M. R. (2016). Data confidentiality in the internet of things (Doctoral
dissertation, Université des Sciences et de la Technologie Houari Boumediène).
Abdul-Ghani, H. A., Konstantas, D., & Mahyoub, M. (2018). A Comprehensive IoT Attacks
Survey based on a Building-blocked Reference Model. International Journal of
Advanced Computer Science and Applications, 9(3), 355-373.
Abomhara, M., & Køien, G. M. (2014, May). Security and privacy in the Internet of Things:
Current status and open issues. In Privacy and Security in Mobile Systems (PRISMS),
2014 International Conference on (pp. 1-8). IEEE.
Aleisa, N., & Renaud, K. (2016). Privacy of the Internet of Things: A Systematic Literature
Review (Extended Discussion). arXiv preprint arXiv:1611.03340.
Alsaadi, E., & Tubaishat, A. (2015). Internet of Things: Features, Challenges, and
Vulnerabilities. International Journal of Advanced Computer Science and
Information Technology, 4(1), 1-13.
Banerjee, D., Dong, B., Taghizadeh, M., & Biswas, S. (2014). Privacy-preserving channel
access for internet of things. IEEE internet of things journal, 1(5), 430-445.
Beta.complyscore, (2016). Art of IoT Security. Retrieved from:
http://beta.complyscore.com/wp-content/uploads/2016/03/IOT_Workshop_Flyer.pdf
Deogirikar, J., & Vidhate, A. (2017, February). Security attacks in IoT: a survey. In I-SMAC
(IoT in Social, Mobile, Analytics and Cloud)(I-SMAC), 2017 International
Conference on (pp. 32-37). IEEE.

Internet of things 14
Husamuddin, M., & Qayyum, M. (2017, March). Internet of Things: A study on security and
privacy threats. In Anti-Cyber Crimes (ICACC), 2017 2nd International Conference
on (pp. 93-97). IEEE.
Kozlov, D., Veijalainen, J., & Ali, Y. (2012, February). Security and privacy threats in IoT
architectures. In Proceedings of the 7th International Conference on Body Area
Networks (pp. 256-262). ICST (Institute for Computer Sciences, Social-Informatics
and Telecommunications Engineering).
PurpleSyntax, (2018). The Beginners Guide to The Internet of Things. Retrieved from:
http://www.purplesyntax.com/blog/The_Beginners_Guide_to
Rachid, S., Challal, Y., & Nadjia, B. (2015, November). Internet of things context-aware
privacy architecture. In Computer Systems and Applications (AICCSA), 2015
IEEE/ACS 12th International Conference of (pp. 1-2). IEEE.
Radomirovic, S. (2010, December). Towards a Model for Security and Privacy in the Internet
of Things. In Proc. First Int’l Workshop on Security of the Internet of Things.
Sklavos, N., & Zaharakis, I. D. (2016, November). Cryptography and Security in Internet of
Things (IoTs): Models, Schemes, and Implementations. In New Technologies,
Mobility and Security (NTMS), 2016 8th IFIP International Conference on (pp. 1-2).
IEEE.
Skarmeta, A. F., Hernandez-Ramos, J. L., & Moreno, M. V. (2014, March). A decentralized
approach for security and privacy challenges in the internet of things. In Internet of
Things (WF-IoT), 2014 IEEE World Forum on (pp. 67-72). IEEE.

Internet of things 15
Symantec. (2016). An Internet of Things Reference Architecture. Retrieved from:
https://www.symantec.com/content/dam/symantec/docs/white-papers/iot-security-
reference-architecture-en.pdf
T.K, A., & Jebakumar, R. (2018). Security & privacy in IoT Data Provenance. International
Journal of Engineering and Technology, 10(3), 843-847.
Weber, R. H. (2010). Internet of Things–New security and privacy challenges. Computer law
& security review, 26(1), 23-30.
Westin, A. F. (1968). Privacy and freedom. Washington and Lee Law Review, 25(1), 166.
Ziegeldorf, J. H., Morchon, O. G., & Wehrle, K. (2014). Privacy in the Internet of Things:
threats and challenges. Security and Communication Networks, 7(12), 2728-2742.

1 out of 16

+13062052269

info@desklib.com

Internet of Things Security and Privacy

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Network and Security

IoT Security & Privacy: Literature Review

Internet of Things: Security and Privacy

IoT Security and Privacy Challenges

Cybersecurity Threats in the IoT

Securing IOT and Cyber-Physical Environment