Security and Privacy in loT Neelamani Samal and Debasis Countia

The Internet of Things (IoT) plays a remarkable role in our modern daily life. With the use of IoT our daily life has become easier and dynamic. The IoT covers almost all fields, including home automation, office automation, healthcare, sports, industrial applications, and transport, Smart Cities, agricultural, Smart Energy and the Smart Grid, etc. Therefore this technology requires security management and privacy control over the user data which is in the cloud. Security in IoT is the technology area concerned with securing connected devices and networks in the Internet of Things environment where we have a number of devices connected over the internet with IP addresses. There are so many devices, sensors, things that we are wearing or using, things that we are interacting with that we will not even sense it in future. The IoT enables development of helpful tools and technological partners to resolve security issues which may occur in the future. Due to the small size of modern CPUs, the possible features of IoT and its applications are almost unlimited. IoT devices [16] are connected to the internet, so they are vulnerable to the same kinds of cyber-attack that can affect the user’s personal and commercial information.

Through IoT the user is connected to a number of devices for gathering and controlling information. Therefore protecting consumer privacy of information has become difficult as the IoT becomes available to all involved. A number of devices are connected to different kinds of devices and this increase in connectivity and data collection results in less control of privacy of information to the public. Both the control of data and control of the different devices that are connected has become a major area of concern in the modern age of internet access. Therefore maintaining control over the data and device with maintaining privacy is of more concern as control can be lost if someone hacks into a smart phone or computer. Control can be lost when more and more companies collect data about users connected to the internet. Everything that we search, and all of our online activities, is being tracked by many companies that provide us with the sendees for their data-mining purposes and for improving user experience over the IoT. But sometimes these activities breach user security and privacy of data.

Internet of Things (IoT) Security Technologies

Creating a security framework [6] in IoT is purely problem specific i.e. depending on the case a specific security measure may be taken for improving security in IoT and to fix the shortcomings. Based on usage, it is possible to differentiate six main directions of security solutions for IoT.

In general among the greatest of the Internet of Things security issues, scientists suggest the following points are maximal in maintaining security. These issues include authentication problems, lack of proper data encryptions and security analytics, vulnerability of networks, and problems with the application program interface. The best part of security management is that these issues are successfully handled by the IoT experts to make it more user friendly and reliable, and each of them has a specific approach in terms of IoT security.

IoT Security for Networks

The best approach to creating a safe network with the collaboration of IoT is to connect it to a pre-installed backend system while maintaining security. To achieve the highest level of sophistication in the environment we combine traditional approaches of data protection such as antivirus and firewalls with protocols, standards, and complex device capabilities for specified uses.

Authentication Fixing for IoT Security Issues

Managing the authentication of accessing devices will definitely add a security benefit and can resolve most of the security threats. The functionality of these IoT security solutions ensures a safe authentication of one user into multiple networks or devices. Apart from the standard password-based procedure of maintaining security, the developers in IoT generally advise use of two-factor [15] authentications, biometrics, and digital certificates and other components that may be required to increase security.

IoT Security Technologies for Data Encryption

Data encryption can be considered one of the best ways to establish a secure environment or ecosystem for maintaining security. In this approach information becomes almost unreachable or unreadable for hackers with the help of standard and effective cryptographic algorithms designed and developed by the IoT expert. These tools are commonly used in a large range of applications. Encryption and technologies protect the data from the hacker and the full encryption key lifecycle management process establishes a powerful security system which can increase IoT security. In this context blockchaining can be considered one of the best approaches to establishing security.

Security Analytics as a Dimension of IoT Security Solutions

To facilitate the necessary measures in connection with the Internet of Things security, we need to monitor all the smart devices and carry out regular monitoring and check their performance of the security standard. For this purpose various IoT security vendors offer their analytical capabilities and the tools. For an authentic solution, vendors assist in collecting, monitoring, processing and reporting on data that is given to the IoT devices. And to address the issue properly, analytics toolkits are frequently used which can match recent trending technologies, which also include AI, machine learning, deep learning and big data. In general security analytics can be considered an integral part of the software solution for security analytics.

IoT Security Technologies: Core Protection Methods (IoT API)

Application program interface (API) security capability includes the ability to authenticate and authorize the flow of information inside the fully protected IoT network, which may include smart devices, backend systems or any third-party applications. The API must provide end to end service which helps the client to proceed with the required platform [13] and the deserved API control ensuring the security of the information and the data. This should guarantee safe storage of sensitive information, and should have a system of authentication and authorization.

How to Build Trust in IoT

To build trust in IoT environment we have to ensure the following:

Enable Device Authentication

To ensure secure participation in the Internet of Things, each and every connected device needs a unique identification in the network. We have a number of methods to prove an identity to the IoT devices such as passwords, biometrics, digital certificates etc. However, when we focus on providing the secure ID the choice of device depends on the capabilities of the device [9].

In environments where our main point of consideration is only security and safety, a hardware-based authentication provides the best means to establish and maintain authentication of the device identity. The digital certificates issued from a trustworthy [5] vendor of key management can be the proven mechanism for security, whereas the storage and processing of the information received demands the traditional RSA keys and management by elliptic curve cryptography (ECC). The combination of both RSA and ECC makes device authentication more reliable.

Encryption to Protect Data

With the use of a proper authentication device a proper encryption mechanism is essential to protect the IoT data which is confidential and has high significance. In IoT the device must protect user data from the device itself and the environment and cloud storage.

This requires process steps to identify the data to be encrypted, and also a key management scheme to distribute and manage the keys that are used to encrypt the data. The secure storage and access control for keys need proper investigation and planning before giving permission or the key to the user. Keys need to be properly managed and integrated in order to ensure security. The IoT and its applications are increasing day by day so for more authentic use the key management must be scalable and dynamic all the time.

Blockchain Technology

A blockchain technology based system is a classical distributed system [l l] where all the participating entities are geographically scattered but connected through different types of networks [2]. Decentralization is the fundamental characteristic of blockchain which can be employed to solve the issues of traditional transaction management systems. Blockchain basically provides a platform where multiple entities which do not trust each other can work or share information in a common platform.

This technology is a decentralized [ 12] architecture having all transactions recorded as a digital ledger. All the nodes are connected in a distributed manner such as mesh topology. Transactions occurring between any nodes are passed through verification by the blockchain network, then after the mining process the completed transaction is recorded in a block. The block consists of numbers of valid transactions between


Comparison of permissionless and permissioned blockchain

Permissionless Blockchain

Permissioned Blockchain

Environment Type Participation in Consensus Identity

Consensus Type Transaction Processing Speed Consensus Algorithms

Open All nodes

Pseudo-Anonymous Lottery based Slow

Proof of Work. Proof of Stake, Proof of Burn. Proof of Delegated Stake, etc.


Selected nodes Registered Participants Voting based Fast

Paxos, Practical Byzantine Fault tolerance, Raft, etc.

different nodes. Once recorded in a block the transaction can never be changed. So blockchain provides an immutable digital ledger among all the nodes present in the network. It builds trust [7] among all users as all the users have the same set of digital record present among themselves and whatever happens in the network one can see it. Blockchain technology has security, and privacy issues of the users are addressed using public and private key concepts also using a digital signature. Blockchain can mainly be used in two different ways; permissionless and permissioned. Table 9.1 provides a brief comparison of both the technologies. Permissionless design which is generally established on an open environment allows anyone to join the system as well as allowing writing to shared blocks. Permissionless design also gives equal privilege to all the nodes in case of consensus process. A permissioned blockchain design is managed by a known set of entities and is established in a closed environment. Though all the entities are allowed to perform transactions, only a fixed set of predetermined nodes can take part in the consensus process in a permissioned blockchain. Consensus algorithms [4] play an important part in managing an efficient and secure blockchain system.

< Prev   CONTENTS   Source   Next >