Question

Note: These discussion threads are an independent line of thinking from the course. We are exploring the world of loT and the
0 0
Add a comment Improve this question Transcribed image text
Answer #1

SECURITY AND PRIVACY CONCERNS IN IOTS

Security Concerns in IoTs Internet of Things virtually is a network of real world systems with real-time interactions. The development of the initial stage of IoT, is M2M (Machine to Machine), having unique characteristics, deployment contexts and subscription. Unattended operation without human intervention is possible for long periods of time by the wireless area network (WAN) or WLAN. Though providing improvements in social efficiency it creates an array of new problems concerning breach of privacy and that information security.

1. Front-end Sensors and Equipment Front-end sensors and equipment receives data via the built-in sensors. They then transmit the data using modules or M2M device, thus achieving networking services of multiple sensors. This methodology involves the security of machines with business implementation and node connectivity. Machine or perception nodes are mostly distributed in the absence of monitoring scenarios. An intruder can easily access these devices which imply damage or illegal actions on these nodes can be done. Possible threats are analyzed and are categorized to unauthorized access to data, threats to the Internet and denial of service attack.

2. Network Network plays an important role providing a more comprehensive interconnection capability, effectualness and thriftiness of connection, as well as authentic quality of service in IoTs. Since a large number of machines sending data to network congestion, large number of nodes and groups exist in lOTs may be resulted in denial of service attacks.

3. Back-end of it systems Back-end IT systems form the gateway, middleware, which has high security requirements, and gathering, examining sensor data in real time or pseudo real-time to increase business intelligence. The security of IoT system has seven major standards viz; privacy protection, access control, user authentication, communication layer security, data integrity, data confidentiality and availability at any time.

Privacy Concerns

In IOTs The Internet security glossary defines privacy as "the right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others". International Journal of Computer Applications (0975 – 8887) Volume 90 – No 11, March 2014 25 Typically in IoTs, the environment is sensed by connected devices. They then broadcast the gathered information and particular events to the server which carries out the application logic. This is performed by Mobile or/and fixed communication which takes the responsibility. Privacy should be protected in the device, in storage during communication and at processing which helps to disclose the sensitive information .The privacy of users and their data protection have been identified as one of the important challenges which need to be addressed in the IoTs.

1. Privacy in Device The sensitive information may be leaked out in case of unauthorized manipulation or handling of hardware and software in these devices. For example, an intruder can “reprogramme” a surveillance camera could such that it sends data not only to the legitimate server, but also to the intruder. Thus, for devices that gather sensitive data robustness and tamperresistance are especially important. To ensure IoTs security trusted computing technologies including device integrity validations, tamper-resistant modules and trusted execution environments are useful. In order to provide the privacy in the devices, there exists so many problems one need to address such as it could be the location privacy of the device holder , non-identifiability means protecting the identification of the exact nature of the device, protecting the personal information in case of the device theft or loss and resilience to side channel attacks. Location Privacy in WSN is achieved by using the algorithm Multi-Routing Random walk in the wireless sensors, in the case of the Protecting of display privacy and Protection of personal Identifiable Information(PII) in case of device loss, theft could be achieved by having QR codes(Quick Response Code) technique were selected. In the case of Non-Identifiability and side channel attacks adding randomness or noise, having synchronous CPUs, Blind values used in calculations could be used.

2. Privacy during Communication To assure data confidentiality during the transmission of the data, the most common approach is encryption. Encryption on certain occasions adds data to packets which provides a way for tracing, e.g. sequence number, IPsec- SecurityParameterIndex, etc. These data may be victimized for linking packets to the analysis of same flow traffic. Secure Communication Protocol could be the suitable approach . During the communication Pseudonyms can be replaced for encryption in case it is not feasible to the device’s identity or user’s in order to decrease the vulnerability. One of the longfamiliar examples is Temporary Mobile Subscriber Identity (TMSI). Devices should communicate if and only if when there is a need, to derogate privacy disclosure induced by communication. In 3GPP machine type communications, in order to avoid unnecessary collection of location information by the network after a certain period of inactivity the devices will detach from the network.

3. Privacy in Storage For protecting privacy of information storage, following principals should be considered. • Only the least possible amount of information should be stored that is needed. • In case of mandatory then only personal information retained. • Information is brought out on the basis of “need-to-know”. To conceal the real identity tied with the stored data Pseudonymization and Anonymization could be used. Without disclosing any specific record, a database could allow access only to statistical data (sum, average, count, etc.). To ensure the output (typically aggregate queries) is independent of the absence or presence of a particular record adds noise called as differential privacy could be the appropriate technique.

4. Privacy at Processing It is mainly of two folds. Firstly, personal data must be treated in a way that it should be simpatico with the intended purpose. Secondly, without explicit acceptance and the knowledge of the data owner, their personal data should not be disclosed or retained to third parties. By considering the above two points, Digital Rights Management (DRM) systems is most suitable which controls the consumption of commercial media and defends against re-distribution illegally. One can define privacy policies for personal data in a rights object or license instead of excersing principles for commercial media which must be obeyed during the data processing. DRM requires trusted devices, secure devices to work efficiently and effectively. User’s permission and their awareness are requirements for distribution of personal data. User notification aids to avoids abuse.

reference: International Journal of Computer Applications (0975 – 8887) Volume 90 – No 11, March 2014

Add a comment
Know the answer?
Add Answer to:
Note: These discussion threads are an independent line of thinking from the course. We are exploring the world of l...
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for? Ask your own homework help question. Our experts will answer your question WITHIN MINUTES for Free.
Similar Homework Help Questions
  • Have you ever considered how we come to understand the world around us? Think about that question for a minute. What is...

    Have you ever considered how we come to understand the world around us? Think about that question for a minute. What is science, and how do we use it to solve real-world problems? In our first discussion, I want to delve into thinking about the nature of biology. This includes what it is, the major themes, and how we come to form claims or knowledge. You should spend approximately 3 hours on this assignment. Instructions Use the text readings and...

  • I need your thoughts about this article. Pew Research recently reported that “roughly six-in-ten U.S. adults...

    I need your thoughts about this article. Pew Research recently reported that “roughly six-in-ten U.S. adults say they do not think it is possible to go through daily life without having data collected about them by companies or the government.” Andrew Hawn, my former colleague and now founder of MetaForesight, is a technology, media and content expert. Andrew has been collaborating with my analytic startup, Metametrix, and we recently spoke about privacy and its far-reaching implications. “We’re seeing a social...

  • The discussion: 150 -200 words. Auditing We know that computer security audits are important in business....

    The discussion: 150 -200 words. Auditing We know that computer security audits are important in business. However, let’s think about the types of audits that need to be performed and the frequency of these audits. Create a timeline that occurs during the fiscal year of audits that should occur and “who” should conduct the audits? Are they internal individuals, system administrators, internal accountants, external accountants, or others? Let me start you: (my timeline is wrong but you should use some...

  • 1. What is the outcome of this case? (Guilty, not guilty, acquitted, etc.) (2-3 sentences) 2....

    1. What is the outcome of this case? (Guilty, not guilty, acquitted, etc.) (2-3 sentences) 2. What is the author's basis of dissent OR basis or support for upholding the opinion of the court? (1 full paragraph) 3. How does this judicial opinion (and general case) increase your understanding of what has been learned/discussed during this time period of the class and the events within it? Explain how this case is historically significant to what we have learned. (I full...

  • What are the major areas of change from the old design to the new design? What...

    What are the major areas of change from the old design to the new design? What do you think the major concerns will be of employees and managers in the new design? Use the star model to identify the transitions at each point of the star. Case Study 4: Reorganizing the Finance Department: Managing Change and Transitions Read the finance department case and consider the challenges you might anticipate during this reorganization. Develop a transition plan that addresses the following...

  • FISCAL POLICY IN THEORY: March, 2020: we are on the verge of Congress and the President...

    FISCAL POLICY IN THEORY: March, 2020: we are on the verge of Congress and the President passing legislation that will empower the federal government to spend an unprecedented amount of EXTRA money not seen since World War 2 ---- in order to address the pandemic but also to help cushion the blow financially of perhaps ten or twenty million Americans --- or more --- losing their jobs, and thus suffering a drop in income. The scale of the 2020 recession...

  • The world’s 3 billion-plus smartphones emit the kind of data that health authorities covet during outbreaks....

    The world’s 3 billion-plus smartphones emit the kind of data that health authorities covet during outbreaks. They show where individuals are, where they’ve been and who they might have talked to or even touched — potentially offering maps to find infected people and clues to stopping new ones. But gaining access to this data, even amid a global pandemic, is made complex by the legal and ethical issues surrounding government access to information that can reveal intimate details about citizens’...

  • After reading the exceprt from Hardin's essay, discuss the following questions with your class After reading...

    After reading the exceprt from Hardin's essay, discuss the following questions with your class After reading the excerpt from Hardin's essay, discuss the following questions with your class 1. What is Garret Hardin most concerned about? 2. How can "the commons" best be defined? 3. Are individuals who overuse "the commons" acting irrationally? Explain. 4. Besides the "common pasture", what other resources does Hardin identify as "commons"? 5. What are some of the po Some of the possible solutions he...

  • Why did the Energy Telematics project fail and why was Joel's tram vaught off guard by...

    Why did the Energy Telematics project fail and why was Joel's tram vaught off guard by the hostile reaction of the truck drivers at the Omaha depot? MINI CASE Working Smarter at Continental Furniture International Joel Parsons hurried down the hall to the monthly executive committee meeting doing a mental checklist of all the things he was responsible for: sales analysis-check; mar keting stats-check; quarterly and YTD financials-check; operating statistics-check trends in each of these areas-check. Parsons was right hand...

  • Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around...

    Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...

ADVERTISEMENT
Free Homework Help App
Download From Google Play
Scan Your Homework
to Get Instant Free Answers
Need Online Homework Help?
Ask a Question
Get Answers For Free
Most questions answered within 3 hours.
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT