Smart consumer devices connected to the Internet of Things are constantly collecting personal information from consumers. Therefore, one of the biggest concerns related to the implementation of Internet of Things in our daily lives is linked to the security and privacy of personal and even sensitive personal information, since the theft of personal information can cause serious harm to individuals, businesses and overall society. IoT is a ubiquitous technology with a complex architecture and structure. Consequently, it creates novel security and privacy problems, hitherto considered harmless or undefined. Those concerns are mainly related to:
IoT technologies have longer lifespan compared to smartphones and desktop computers.
There are various numbers of manufacturers, most without traditional information technology (IT) expertise, resulting in interoperability issues and poor security hygiene.
This lack of IT expertise extends to end users (who are all de facto system administrators).
Number of devices and global connectedness exacerbate all issues. In fact, it is estimated that there are 50 billion connected devices at this moment.
Security of data and user’s privacy are different concepts but they are not mutually exclusive. Indeed, a security attack or cyberattack, automatically compromises user’s privacy.
The challenges that must be overcome to resolve IoT security and privacy issues are immense. This is primarily because of the many constraints attached to the provision of security and privacy in IoT systems. Nevertheless, in the box below a brief definition of those concepts, applied to IoT, is presented.
The type of security and privacy threats and attacks that IoT is subject to depends on its layers, since each layer has different particularities and associated technologies. In the following table a summary of the most common cyberattacks to IoT framework as well as the degree of impact to the four layers that composes IoT architecture are displayed:
Brief description
PERCEPTION LAYER
NETWORK LAYER
PROCESSING LAYER
APPLICATION LAYER
Malicious code
Any code in any part of a software system or script that is intended to cause undesired effects, security breaches or damage to a system
High
High
Low
High
DoS attack
Cyberattack in which the perpetrator seeks to make a machine or network resource unavailable
Low
High
High
Low
Routing Information
Protocols that routers can use to exchange network topology information
Low
High
High
Low
Eavesdropping
Is the act of secretly or stealthily listening to the private conversation or communications of others without their consent
High
Medium
High
Medium
Identity theft
Deliberate use of someone else’s identity usually as a method to gain a financial advantage or other personal information
High
Medium
High
Medium
Sinkhole attack
Threatens the security of WSNs at almost evert layer of their protocol stack
Medium
High
Low
Low
Phishing attack
Fraudulent attempt to obtain sensitive information or data typically carried out by email spoofing or instant messaging
Low
Low
Medium
High
As you can observe, there is a variety of possible attacks that can compromise IoT devices security and privacy with a different level of impact depending on the layer. Thus, there are considerable challenges that must be tackles by all parties involved: IoT manufacture or developer, government and end user.
Smart consumer devices connected to the Internet of Things are constantly collecting personal information from consumers. Therefore, one of the biggest concerns related to the implementation of Internet of Things in our daily lives is linked to the security and privacy of personal and even sensitive personal information, since the theft of personal information can cause serious harm to individuals, businesses and overall society. IoT is a ubiquitous technology with a complex architecture and structure. Consequently, it creates novel security and privacy problems, hitherto considered harmless or undefined. Those concerns are mainly related to:
Security of data and user’s privacy are different concepts but they are not mutually exclusive. Indeed, a security attack or cyberattack, automatically compromises user’s privacy.
The challenges that must be overcome to resolve IoT security and privacy issues are immense. This is primarily because of the many constraints attached to the provision of security and privacy in IoT systems. Nevertheless, in the box below a brief definition of those concepts, applied to IoT, is presented.
The type of security and privacy threats and attacks that IoT is subject to depends on its layers, since each layer has different particularities and associated technologies. In the following table a summary of the most common cyberattacks to IoT framework as well as the degree of impact to the four layers that composes IoT architecture are displayed:
Brief description
PERCEPTION LAYER
NETWORK LAYER
PROCESSING LAYER
APPLICATION LAYER
As you can observe, there is a variety of possible attacks that can compromise IoT devices security and privacy with a different level of impact depending on the layer. Thus, there are considerable challenges that must be tackles by all parties involved: IoT manufacture or developer, government and end user.