Abstract
Deploying existing data security solutions to the Internet of Things (IoT) is not straightforward because of device heterogeneity, highly dynamic and possibly unprotected environments, and large scale. In this paper, we first outline IoT security and privacy risks and critical related requirements in different application domains. We then discuss aspects of a roadmap for IoT security and privacy with focus on access control, software and firmware, and intrusion detection systems. We conclude the paper by outlining a few challenges.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bertino, E., Ghinita, G., Kamra, A.: Access control for databases: concepts and systems. Found. Trends Databases 3(1–2), 1–148 (2011)
Bertino, E.: Data security and privacy in the IoT. In: Proceedings of the 19th International Conference on Extending Database Technology, EDBT 2016, Bordeaux, France, March 15–16, 2016, Bordeaux, France, 15–16 March 2016
Bertino, E., Islam, N.: Botnets and Internet of Things security. IEEE Comput. 50(2), 76–79 (2017)
Rawlinson, K.: HH Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack. http://www8.hp.com/us/en/hp-news/
Bansal, S.K.: Linux Worm targets Internet-enabled Home Appliances to Mine Cryptocurrencies, March 2014. http://thehackernews.com/2014/03/linux-worm-targets-internet-enabled.html
Wright, A.: Hacking cars. Commun. ACM 54(11), 18–19 (2011)
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project
Ho, G., Leung, D., Mishra, P., Hosseini, A., Song, D., Wagner, D.: Smart locks: lessons for securing commodity Internet of Things devices. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2016, Xi’an, China, May 30–June 3 2016
Sametinger, J., Rozenblit, J.W., Lysecky, R.L., Ott, P.: Security challenges for medical devices. Commun. ACM 58(4), 74–82 (2015)
Accenture. Driving the Unconventional Growth through the Industrial Internet of Things (2015). https://www.accenture.com/us-en/_acnmedia/Accenture/next-gen/reassembling-industry/pdf/Accenture-Driving-Unconventional-Growth-through-IIoT.pdf
McLaughin, S., et al.: The cybersecurity landscape in industrial control systems. Proc. IEEE 104(5), 1039–1057 (2016)
Shebaro, B., Oluwatimi, O., Bertino, E.: Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. 12(2), 150–163 (2015)
Levy, A., Long, J., Riliskis, L., Levis, P., Winstein, K.: Beetle: flexible communication for bluetooth low energy. In: Proceedings of the 14th Annual International Conference on Mobile Systems, Applications, and Services, MobiSys 2016, Singapore, 26–30 June 2016
Midi, D., Payer, M., Bertino, E.: Memory safety for embedded devices with nesCheck. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, 2–6 April 2017
Midi, D., Rullo, A., Mudgerikar, A., Bertino, E.: Kalis - a system for knowledge-driven adaptable intrusion detection for the Internet of Things. In: 37th IEEE International Conference on Distributed Computing Systems, ICDCS 2017, Atlanta, GA, USA, 5–8 June 2017
Cui, A., Costello, M., Stolfo, S.: When firmware modifications attack: a case study of embedded exploitation. In: 20th Annual Network and Distributed System Security Symposium, NDSS 2013, San Diego, California, USA, 24–27 February 2013
Shoshitaishvili, Y., Wang, R., Hauser, C., Kruegel, C., Vigna, G.: Firmalice - automatic detection of authentication bypass vulnerabilities in binary firmware. In: 22nd Annual Network and Distributed System Security Symposium, NDSS 2015, San Diego, California, USA, 8–11 February 2015
Bossi, L., Bertino, E., Hussain, S.R.: A system for profiling and monitoring database access patterns by application programs for anomaly detection. IEEE Trans. Software Eng. 43(5), 415–431 (2017)
Raza, S., Wallgren, L., Voigt, T.: SVELTE: real-time intrusion detection in the Internet of Things. Ad Hoc Netw. 11, 2661–2674 (2013)
Won, J.H., Singla, A., Bertino, E.: Blockchain-based Public Key Infrastructure for Internet-of-Things (2017, Submitted for Publication)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Bertino, E. (2018). Security and Privacy in the IoT. In: Chen, X., Lin, D., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2017. Lecture Notes in Computer Science(), vol 10726. Springer, Cham. https://doi.org/10.1007/978-3-319-75160-3_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-75160-3_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75159-7
Online ISBN: 978-3-319-75160-3
eBook Packages: Computer ScienceComputer Science (R0)