Internet of Things: Security and privacy issues

Authors:

  • Farzad Kamrani
  • Mikael Wedlin
  • Ioana Rodhe

Publish date: 2017-02-13

Report number: FOI-R--4362--SE

Pages: 50

Written in: English

Keywords:

  • Internet of Things
  • Security
  • Privacy
  • Privacy-preserving methods

Abstract

This report presents the results of a survey project at FOI with the goal of comprehending the security and privacy implications of the Internet of Things (IoT). There are several characteristics such as uncontrolled environment, heterogeneity, requirements for scalability, and constrained resources, which make the security and privacy issues of the IoT more challenging. Moreover, one of the requirements of IoT systems is a high degree of availability, which sometimes may compromise confidentially and integrity of the data. In the light of these conditions, the report discusses some examples of IoT security problems in specific areas, such as medical technology and transportation. Stuxnet worm that targeted control systems of Iranian nuclear enrichment plants, along with a demonstration in which researchers used a vehicle's Internet connection to take over the control of the car remotely, indicate that the IoT security encompasses new dimensions previously not observed. Other incidents such as the recent attack on the USA-based company Dyn shows that IoT devices like video cameras, digital video recorders, and home routers can be used as a platform to orchestrate distributed denial-of-service (DDoS) attacks. We have already observed a gradual change in attitudes, both in public administrations and in business entities towards collecting, processing and storing as much personal data as possible. It is plausible to assume that the emergence of the IoT will reinforce this development. One of the challenges of privacy in the IoT is that the data collection process is more passive and more pervasive, which results in that the users are less aware of whether and when they are being tracked.