Abstract
IoT systems of a high level of ubiquity and heterogeneity are confronted with various security and privacy threats. In order to guarantee system functionality and reach a complete acceptance of users, it is necessary to specify security issues and privacy concerns in IoT.
The security issues mainly include confidentiality, integrity, and authentication. Generally speaking, confidentiality ensures that data contents are not revealed to adversaries; integrity guarantees that data packets are not tampered with during transmissions; and authentication prevents unauthorized users from accessing the system. Privacy concerns arise from the fact that data packets transmitted from users to IoT infrastructures may contain sensitive information (e.g., identity, location, trajectory, report, query). Since the information is highly related to user privacy, leaking it will expose user to attacks ranging from advertisement spams, to stocking, or even physical injury. Therefore, privacy enforcements must be provided by IoT systems.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
K. Gai, M. Qiu, H. Zhao, Cost-aware multimedia data allocation for heterogeneous memory using genetic algorithm in cloud computing. IEEE Trans. Cloud Comput. (2016)
J. Ni, K. Zhang, X. Lin, X. Shen, Securing fog computing for Internet of Things applications: challenges and solutions. IEEE Commun. Surv. Tutorials 20(1), 601–628 (2017)
Z. Zhang, Z. Qin, L. Zhu, J. Weng, K. Ren, Cost-friendly differential privacy for smart meters: exploiting the dual roles of the noise. IEEE Trans. Smart Grid 8(2), 619–626 (2017)
L. Zhu, M. Li, Z. Zhang, Q. Zhan, ASAP: an anonymous smart-parking and payment scheme in vehicular networks. IEEE Trans. Dependable Secure Comput. PP(99), 1–12 (2018)
L. Zhu, Y. Wu, K. Gai, K.K.R. Choo, Controllable and trustworthy blockchain-based cloud data management. Futur. Gener. Comput. Syst. 91, 527–535 (2019)
K. Gai, M. Qiu, Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers. IEEE Trans. Ind. Inf. 14(8), 3590–3598 (2018)
K. Gai, M. Qiu, H. Zhao, W. Dai, Anti-counterfeit scheme using Monte Carlo simulation for e-commerce in cloud systems, in 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2015), pp. 74–79
H. Liang, K. Gai, Internet-based anti-counterfeiting pattern with using big data in China, in IEEE 17th International Conference on High Performance Computing and Communications (HPCC) (IEEE, Piscataway, 2015), pp. 1387–1392
L. Zhu, M. Li, L. Liao, Dynamic group signature scheme based integrity preserving event report. Sens. Lett. 10(8), 1785–1791 (2012)
P. Su, N. Sun, L. Zhu, Y. Li, R. Bi, M. Li, Z. Zhang, A privacy-preserving and vessel authentication scheme using automatic identification system, in Proceedings of the 5th International Workshop on Security in Cloud Computing (SCC) in conjunction with the 12th ACM Asia Conference on Computer and Communications Security (ASIACCS), April 2017, pp. 1–8
L. Zhu, M. Li, Z. Zhang, C. Xu, R. Zhang, X. Du, N. Guizani, Privacy-preserving authentication and data aggregation for fog-based smart grid. IEEE Commun. Mag. 57(6), 80–85 (2019)
S.A. Elnagdy, M. Qiu, K. Gai, Cyber incident classifications using ontology-based knowledge representation for cybersecurity insurance in financial industry, in 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2016), pp. 301–306
K. Thakur, M. Qiu, K. Gai, M.L. Ali, An investigation on cyber security threats and security models, in 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2015), pp. 307–311
S.A. Elnagdy, M. Qiu, K. Gai, Understanding taxonomy of cyber risks for cybersecurity insurance of financial industry in cloud computing, in 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2016), pp. 295–300
K. Gai, Y. Wu, L. Zhu, L. Xu, Y. Zhang, Permissioned blockchain and edge computing empowered privacy-preserving smart grid networks. IEEE Internet Things J. PP(99), 1–12 (2019)
K. Gai, K.K.R. Choo, L. Zhu, Blockchain-enabled reengineering of cloud datacenters. IEEE Cloud Comput. 5(6), 21–25 (2018)
K. Gai, M. Qiu, Y. Li, X.-Y. Liu, Advanced fully homomorphic encryption scheme over real numbers, in 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2017), pp. 64–69
K. Gai, M. Qiu, An optimal fully homomorphic encryption scheme, in IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 2017 IEEE 3rd International Conference on Big Data Security on Cloud (BigDataSecurity) (IEEE, Piscataway, 2017), pp. 101–106
J. Katz, Y. Lindell, Introduction to Modern Cryptography, 2nd edn. (CRC Press, Boca Raton, 2015), pp. 1–576
L. Zhu, Z. Yang, M. Wang, M. Li, ID list forwarding free confidentiality preserving data aggregation for wireless sensor networks. Int. J. Distrib. Sens. Netw. 2013, 1–14 (2013)
T. Feng, C. Wang, W. Zhang, L. Ruan, Confidentiality protection for distributed sensor data aggregation, in Proceedings of the 27th IEEE International Conference on Computer Communications (INFOCOM) (2008), pp. 68–76
C. Castelluccia, A.C.F. Chan, E. Mykletun, G. Tsudik, Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sens. Netw. 5(3), 1–36 (2009)
R. Lu, X. Liang, X. Li, X. Lin, X. Shen, EPPA: an efficient and privacy-preserving aggregation scheme for secure smart grid communications. IEEE Trans. Parallel Distrib. Syst. 23(9), 1621–1632 (2012)
K. Moslehi, R. Kumar, A reliability perspective of the smart grid. IEEE Trans. Smart Grid 1(1), 57–64 (2010)
Z.M. Fadlullah, M.M. Fouda, N. Kato, A. Takeuchi, N. Iwasaki, Y. Nozaki, Toward intelligent machine-to-machine communications in smart grid. IEEE Commun. Mag. 49(4), 60–65 (2011)
D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)
M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in Proceedings of the ACM Conference on Computer and Communication Security (1993), pp. 63–73
H. Lee, J. Lee, J. Han, The efficient security architecture for authentication and authorization in the home network, in 3rd International Conference on Natural Computation (ICNC) (2007), pp. 1–5
Y.-P. Kim, S. Yoo, C. Yoo, DAoT: dynamic and energy-aware authentication for smart home appliances in Internet of Things, in IEEE International Conference on Consumer Electronics (ICCE) (2015), pp. 196–197
Voter Privacy: What You Need to Know About Your Digital Trail During the 2016 Election (2016). Available: https://www.eff.org/deeplinks/2016/02/voter-privacy-what-you-need-know-about-your-digital-trail-during-2016-election
Privacy Protection in Billing and Health Insurance Communications (2016). Available: https://journalofethics.ama-assn.org/article/privacy-protection-billing-and-health-insurance-communications/2016-03
Privacy (2019). Available: https://blinddatewithabook.com/pages/privacy
E.D. Cristofaro, C. Soriente, Extended capabilities for a privacy-enhanced participatory sensing infrastructure (PEPSI). IEEE Trans. Inf. Forensics Secur. 8(12), 2021–2033 (2013)
S. Gisdakis, T. Giannetsos, P. Papadimitratos, SPPEAR: security & privacy-preserving architecture for participatory-sensing applications, in Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2014), pp. 39–50
D. Boneh, X. Boyen, H. Shacham, Short Group Signatures, in Proceedings of the 24th Annual International Cryptology Conference (CRYPTO) (2004), pp. 41–55
R. Lu, X. Lin, T.H. Luan, X. Liang, X. Shen, Pseudonym changing at social spots: an effective strategy for location privacy in VANETs. IEEE Trans. Veh. Technol. 61(1), 86–96 (2012)
M. Motani, V. Srinivasan, P.S. Nuggehalli, PeopleNet: engineering a wireless virtual social network, in Proceedings of the 11th Annual International Conference on Mobile Computing and Networking (MobiCom) (2005), pp. 243–257
P. Mohan, V.N. Padmanabhan, R. Ramjee, Nericell: rich monitoring of road and traffic conditions using mobile smartphones, in Proceedings of the 6th ACM Conference on Embedded Network Sensor Systems (SenSys) (2008), pp. 357–358
Y. Xiao, L. Xiong, Protecting locations with differential privacy under temporal correlations, in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS) (2015), pp. 1298–1309
P. Zhang, C. Hu, D. Chen, H. Li, Q. Li, ShiftRoute: achieving location privacy for map services on smartphones. IEEE Trans. Veh. Technol. 67(5), 4527–4538 (2018)
M. Gruteser, D. Grunwald, Anonymous usage of location-based services through spatial and temporal cloaking, in Proceedings of the 1st International Conference on Mobile Systems, Applications and Services (MobiSys) (2003), pp. 31–42
H. Kido, Y. Yanagisawa, T. Satoh, An anonymous communication technique using dummies for location-based services, in Proceedings of the International Conference on Pervasive Services (2005), pp. 88–97
P. Shankar, V. Ganapathy, L. Iftode, Privately querying location-based services with SybilQuery, in Proceedings of the 11th International Conference on Ubiquitous Computing (UbiComp) (2009), pp. 31–40
K.C. Lee, W.-C. Lee, H.V. Leong, B. Zheng, Navigational path privacy protection: navigational path privacy protection, in Proceedings of the 18th ACM Conference on Information and Knowledge Management (CIKM) (2009), pp. 691–700
M.L. Yiu, C.S. Jensen, X. Huang, H. Lu, Spacetwist: managing the trade-offs among location privacy, query performance, and query accuracy in mobile services, in Proceedings of the IEEE 24th International Conference on Data Engineering (ICDE) (2008), pp. 366–375
S.T. Peddinti, A. Dsouza, N. Saxena, Cover locations: availing location-based services without revealing the location, in Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (2011), pp. 143–152
M. Utsunomiya, J. Attanucci, N. Wilson, Potential uses of transit smart card registration and transaction data to improve transit planning. Transp. Res. Rec. J. Transp. Res. Board 1971(1), 888–896 (2006)
Y. Zheng, L.Z. Zhang, X. Xie, W.Y. Ma, Mining interesting locations and travel sequences from GPS trajectories, in Proceedings of the International Conference on World Wide Web (WWW) (2009), pp. 791–800
X. Cao, G. Cong, C.S. Jensen, Mining significant semantic locations from GPS data, in Proceedings of the International Conference on Very Large Data Bases (VLDB) Endowment (2010), pp. 1009–1020
B. Agard, C. Morency, M. Trpanierm, Mining public transport user behaviour from smart card data, in IFAC Symposium on Information Control Problems in Manufacturing (INCOM), vol. 12 (2006), pp. 399–404
R. Chen, G. Acs, C. Castelluccia, Differentially private sequential data publication via variable-length n-grams, in ACM Conference on Computer & Communications Security (CCS) (2012), pp. 638–649
C. Dwork, Differential privacy, in Proceedings of the 33th International Colloquium on Automata, Languages, and Programming (ICALP), vol. 4052 (2006), pp. 1–12
C. Dwork, F. McSherry, K. Nissim, A. Smith, Calibrating noise to sensitivity in private data analysis, in Theory of Cryptography Conference (TCC) (2006), pp. 265–284
M. Li, L. Zhu, Z. Zhang, R. Xu, Achieving differential privacy of trajectory data publishing in participatory sensing. Inf. Sci. 400–401, 1–13 (2017)
M. Li, L. Zhu, Z. Zhang, R. Xu, Differentially private publication scheme for trajectory data, in Proceedings of the 1st IEEE International Conference on Data Science in Cyberspace (DSC), June 2016, pp. 596–601
M. Li, F. Wu, G. Chen, L. Zhu, Z. Zhang, How to protect query and report privacy without sacrificing service quality in participatory sensing, in Proceedings of the IEEE International Performance Computing and Communications Conference (IPCCC), December 2015, pp. 1–7
S. Ding, X. He, J. Wang, B. Qiao, K. Gai, Static node center opportunistic coverage and hexagonal deployment in hybrid crowd sensing. J. Signal Process. Syst. 86(2–3), 251–267 (2017)
Z. Zhang, C. Jin, M. Li, L. Zhu, A perturbed compressed sensing protocol for crowd sensing. Mobile Inf. Syst. (MIS) 2016, 1–9 (2016)
S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)
J. Ni, A. Zhang, X. Lin, X. Shen, Security, privacy, and fairness in fog-based vehicular crowdsensing. IEEE Commun. Mag. 55(6), 146–152 (2017)
K. Gai, M. Qiu, L. Tao, Y. Zhu, Intrusion detection techniques for mobile cloud computing in heterogeneous 5G. Secur. Commun. Netw. 9(16), 3049–3058 (2016)
K. Gai, Y. Wu, L. Zhu, M. Qiu, M. Shen, Privacy-preserving energy trading using consortium blockchain in smart grid. IEEE Trans. Ind. Inf. PP(99), 1–12 (2019)
J. Albath, S. Madria, Secure hierarchical data aggregation in wireless sensor networks, in Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC) (2009), pp. 1–6
H. Nicanfar, P. Jokar, V.C.M. Leung, Efficient authentication and key management for the home area network, in IEEE International Conference on Communications (ICC) (2012), pp. 8780–882
X. Wang, W. Cheng, P. Mohapatra, T. Abdelzaher, Enabling reputation and trust in privacy-preserving mobile sensing. IEEE Trans. Mobile Comput. 13(12), 2777–2790 (2014)
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Zhu, L., Gai, K., Li, M. (2019). Security and Privacy Issues in Internet of Things. In: Blockchain Technology in Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-21766-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-21766-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-21765-5
Online ISBN: 978-3-030-21766-2
eBook Packages: Computer ScienceComputer Science (R0)