ITC595 Information Security: Research Report on IoT Security 2019

Verified

Added on 2023/03/31

AI Summary

This research report delves into the security and privacy challenges within the Internet of Things (IoT). It begins by defining IoT and its inherent privacy issues, particularly concerning the configuration of security settings and the potential exposure of user data. The report proposes a user-based approach to manage personally identifiable information, focusing on how data should be treated based on user service usage. It reviews existing literature, identifying gaps and future research directions, especially regarding the responsibility for determining harmful or beneficial data uses. The report also emphasizes the importance of implementing policies like data minimization and security by design to protect consumer privacy, referencing recommendations from the Federal Trade Commission (FTC). Ultimately, the research advocates for a balanced approach that leverages user control and robust security measures to foster trust and acceptance of IoT technologies.

ITC 595: Information Security Term 1, 2019
Assessment item 5: Project research report
Security and privacy issues in the Internet of things (IoT)
Student Name: Jogeswara Krishna Chaitanya Samanthapudi
Student Number: 11634571

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Abstract
The “Internet of Things” (IoT) encompasses the interconnection of everyday devices
through the internet. Internet of Thing links physical and virtual objects through the use of
communication and data capture capabilities. The technology has different problems regarding
privacy and security. Privacy is the state that ensures that personal information is not shared.
Privacy also involves the users being free from security surveillance and to decide to whom and
how one’s personal information can be revealed. The customers using the Internet of Things
technology require privacy and protection. Devices in the Internet of Things are critical because
they can collect private information about the users. The existing security mechanisms may not
be adequate in coping with the security situations that arise as a result of the use of IoT devices.
There is a need to adopt privacy and security mechanisms that would ensure that the security
and privacy of individuals are not endangered and allow the users to reap the benefits of IoT.
The IoT security and privacy problems are worsened by the need for interoperability between
different devices manufactured by different vendors.
Keywords: Security issues, privacy, Internet of things, IoT.

Introduction
Internet of Things refers to a scenario where the objects, animals, and people are given a
unique identifier or an ability to move data through a network with no interaction between the
humans or an interaction between the humans with the computers. IoT has developed from the
group of technologies which are wireless, systems of micro-electromechanical together with the
Internet(Zhou, Jia, Peng, Zhang, & Liu, 2019).
The privacy issues in IoT depend on the ability of the users to configure security settings.
Configuration of security settings requires a high level of competence in IT security; therefore,
the security may fail, often leaving the users’ private data prone to attacks. This paper proposes
the development of a mechanism that will determine how personally identifiable private
information may be treated depending on the services the customer uses on the IoT device
(Maple, 2017).
When implementing privacy policies in IoT, the usage can be considered to determine
whether personal data should be saved, exposed to other connected devices, or be deleted. The
paper will examine how considering the usage while deciding which data should be exposed,
saved, or deleted can be an effective way of protecting the privacy of the consumers. The
purpose of this research is to investigate how user-based approaches can help in protecting the
privacy of the consumers (Sicari, Rizzardi, Grieco, & Coen, 2015).
Addressing privacy issues through user-based approaches can greatly improve the
acceptance of IoT products and end devices. IoT will allow a large number of devices that were
previously unconnected to connect, communicate, and share data with other devices. The user-
based approach will provide a framework through which the consumers can easily and

transparently authorize the conditions under which their personally identifiable data collected by
the devices can be used (Porras, Khakurel, & Pänkäläinen, 2018).
It is essential to understand the potential benefits and risks that may come as a result of
IoT technology. This would help in determining whether existing tools can handle the potential
risks involved.
Highlighting the challenges/problems in your chosen
research area
Some of the potential advantages of the growth in the Internet of Things include cost
saving and convenience through automation, improved health care through connected medical
services, enhanced safety through connected motor vehicles. Due to the increased number of
devices connected to the internet, there is a potential risk to privacy and security associated with
the communication and sharing of data among these devices. Consequently, this increases the
number of vulnerabilities and chances of unauthorized access and misuse of personally
identifiable information (Sun et al., 2018).
The high cost of IoT implementation is one of the main challenges. Technology is used in
IoT to connect tangible objects to the Internet. In IOT ways of growing, the cost incurred in the
components which are used to protect capabilities like the sensing, the tracking, and the control
mechanisms required to be very cheap in the future. Another main concern is privacy. Securing
data and privacy makes it a major challenge to convince users to shift into new technologies
(Andersson, You, & Palmieri, 2018). The concerns about the privacy and protection of data are
widespread, especially in the form of sensors or the smart tags that can track movements of the
user, behaviors, or ongoing preferences. Unseen and fixed data exchange among things or
people, and among things with other things, happens in a place, where the owners don’t know or
the originators of the data. Systems of IoT should deal with the high degree to work together so

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

that the information can be processed across a value chain (Yu et al., 2018). Various industries
nowadays use several standards to protect their applications. Availability of many types of data
together with heterogeneous devices, standard interfaces used between all the diverse entities is
important.
Review of Literature
The Internet of Things technology enables the capture of massive amounts of data. This
presents increased risks to the privacy of the consumers. The exposed information includes
health, financial, and behavioral information in private homes. The data collected by IoT devices
may be used in ways that are not consistent with the context of the interaction between the
company manufacturing the device and the individual using it. For example, the data collected
by a wearable device from a customer may be used by the company for advertisement; this is not
consistent with the individual’s relationship with the company (Mohamad & Hassan, 2019).
The sudden increase in the number of devices connected to the internet can lead to
attackers using some devices to facilitate attacks on other devices; such attacks may include
denial of service. If the security and privacy vulnerabilities are exploited, this can create a risk to
personal privacy and physical safety. An example is in cases of health care where medical
devices are interconnected, such as insulin pumps and smart pacemakers.
Since the industry has a great potential for innovation, there is no need to enact IoT
specific laws; however, the IoT applications present potential risks to the privacy of the
consumers. There is a need to protect the consumers more effectively by ensuring data is not
subjected to harmful uses. Organizations should get rid of personally identifiable information to
make sure that they avoid potential future harm (Yang, Wu, Yin, Li, & Zhao, 2017).

The user-based approach will provide a way for consumer data to be flagged as either
permissible or impermissible. The user-based approach allows users to choose how their data is
going to be utilized. A system will be developed that will indicate the data use that is permitted
and that which is prohibited. A system that would allow the consumers to get information and
choices about their private data is a viable approach in controlling the privacy of consumers.
Other approaches that could add to the user-based model of data protection can be
tagging data with its appropriate uses (Zhou et al., 2019). Tagging would make it easy for an
automated process to identify the appropriate and inappropriate data usage and perform the
necessary actions. In the case of sensitive data, the customers should be allowed to choose how
this data is utilized. If the consumer decides that such data should not be stored, the system
should be able to de-identify the data. This allows the organization to analyze the data collected
from the users so as to come up with innovative ways that can be used to ensure consumer
privacy (Sicari et al., 2015). Although the data are de-identified, it may still be used by the
organization for analysis.
There are laws that exist that touch on the user-based approach of protecting customer
information. There are different statutory protections that apply to the manner in which
customers' information in the IoT should be handled. The statutory outlines the restrictions on
the uses for which the customer information may be shared. Even in cases where the customer
information may be used, the law should impose protections, such as those related to notice,
access, disputes, and accuracy (Porras et al., 2018).
Summarize the future research directions based on the
identified gaps
There are a number of concerns regarding the adoption of a solely use-based model for
the IoT. For instance, it is not clear who is responsible for deciding which uses are harmful or

beneficial; this is because the limitations of use-based approach have not yet been fully
articulated in legislation. If an organization decides that certain use of data is beneficial, and the
consumers feel that it is harmful, this may negatively affect consumer trust (Sun et al., 2018).
The use-based framework will be considered in this research because it can address some of the
customer privacy issues that exist on the Internet of Things. The use-based framework could be
used to set the prohibited and permitted uses.
How a use-based approach can help in protecting privacy
The FTC (Federal Trade Commission), provides recommendations and best practices that
businesses involved in the Internet of Things should follow in order to protect consumer privacy
and security. To resolve the privacy issue with the Internet of Things, it is necessary to
implement policies that will ensure that personally identifiable information is treated
appropriately. These policies may include data minimization, data security, and notice and
choice (Andersson et al., 2018). Ensuring security by design to the IoT devices as a way of
protecting customer privacy. This would emphasize a design that involves a privacy assessment.
Security by design may also be achieved through the implementation of smart default passwords
and allowing the consumer to change the password as necessary. It also involves testing privacy
and security measures before a product is launched; this would ensure that easy points of access
and back doors are closed (Yu et al., 2018).
Companies should also ensure data minimization as a way of protecting the privacy of the
customers. In data minimization, the companies should ensure they collect only the data that are
necessary, and the data are disposed of after use. Keeping large data can attract hackers, and
thus, increasing the risk of consumer data being used against their expectation. Another
consideration in ensuring the privacy of consumer data is notice and choice (Yang et al., 2017).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

In this approach, consumers are given prior notice about the data sharing and privacy practices.
Consumers also have the option to either give consent of the practice or opt-out.

References
Andersson, K., You, I., & Palmieri, F. (2018). Security and Privacy for Smart, Connected, and
Mobile IoT Devices and Platforms [Research article].
https://doi.org/10.1155/2018/5346596
Maple, C. (2017). Security and privacy in the internet of things. Journal of Cyber Policy, 2(2),
155–184. https://doi.org/10.1080/23738871.2017.1366536
Mohamad, M. binti, & Hassan, W. H. (2019). Current research on Internet of Things (IoT)
security: A survey. Computer Networks, 148, 283–294.
https://doi.org/10.1016/j.comnet.2018.11.025
Porras, J., Khakurel, J., & Pänkäläinen, J. (2018). Security Challenges and Solutions in
theInternet of Things. Nordic and Baltic Journal of Information and Communications
Technologies, 2018(1), 177–206. https://doi.org/10.13052/nbjict1902-097X.2018.010
Sicari, S., Rizzardi, A., Grieco, L., & Coen-Porisini, A. (2015). Security, privacy and trust in
Internet of Things: The road ahead. Computer Networks, 76.
https://doi.org/10.1016/j.comnet.2014.11.008
Sun, W., Cai, Z., Li, Y., Liu, F., Fang, S., & Wang, G. (2018). Security and Privacy in the
Medical Internet of Things: A Review [Research article].
https://doi.org/10.1155/2018/5978636
Yang, Y., Wu, L., Yin, G., Li, L., & Zhao, H. (2017). A Survey on Security and Privacy Issues in
Internet-of-Things. IEEE Internet of Things Journal, 4(5), 1250–1258.
https://doi.org/10.1109/JIOT.2017.2694844
Yu, M., Zhang, J., Wang, J., Gao, J., Xu, T., Deng, R., … Yu, R. (2018). Internet of Things
security and privacy-preserving method through nodes differentiation, concrete cluster
centers, multi-signature, and blockchain. International Journal of Distributed Sensor
Networks, 14(12), 1550147718815842. https://doi.org/10.1177/1550147718815842
Zhou, W., Jia, Y., Peng, A., Zhang, Y., & Liu, P. (2019). The Effect of IoT New Features on
Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved.
IEEE Internet of Things Journal, 6(2), 1606–1616.
https://doi.org/10.1109/JIOT.2018.2847733