Skip to main content
SpringerLink
Log in

Security and Privacy Issues in Internet of Things

  • Chapter
  • First Online:
Blockchain Technology in Internet of Things

  • 2072 Accesses

Abstract

IoT systems of a high level of ubiquity and heterogeneity are confronted with various security and privacy threats. In order to guarantee system functionality and reach a complete acceptance of users, it is necessary to specify security issues and privacy concerns in IoT.

The security issues mainly include confidentiality, integrity, and authentication. Generally speaking, confidentiality ensures that data contents are not revealed to adversaries; integrity guarantees that data packets are not tampered with during transmissions; and authentication prevents unauthorized users from accessing the system. Privacy concerns arise from the fact that data packets transmitted from users to IoT infrastructures may contain sensitive information (e.g., identity, location, trajectory, report, query). Since the information is highly related to user privacy, leaking it will expose user to attacks ranging from advertisement spams, to stocking, or even physical injury. Therefore, privacy enforcements must be provided by IoT systems.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. K. Gai, M. Qiu, H. Zhao, Cost-aware multimedia data allocation for heterogeneous memory using genetic algorithm in cloud computing. IEEE Trans. Cloud Comput. (2016)

    Google Scholar 

  2. J. Ni, K. Zhang, X. Lin, X. Shen, Securing fog computing for Internet of Things applications: challenges and solutions. IEEE Commun. Surv. Tutorials 20(1), 601–628 (2017)

    Article  Google Scholar 

  3. Z. Zhang, Z. Qin, L. Zhu, J. Weng, K. Ren, Cost-friendly differential privacy for smart meters: exploiting the dual roles of the noise. IEEE Trans. Smart Grid 8(2), 619–626 (2017)

    Google Scholar 

  4. L. Zhu, M. Li, Z. Zhang, Q. Zhan, ASAP: an anonymous smart-parking and payment scheme in vehicular networks. IEEE Trans. Dependable Secure Comput. PP(99), 1–12 (2018)

    Google Scholar 

  5. L. Zhu, Y. Wu, K. Gai, K.K.R. Choo, Controllable and trustworthy blockchain-based cloud data management. Futur. Gener. Comput. Syst. 91, 527–535 (2019)

    Article  Google Scholar 

  6. K. Gai, M. Qiu, Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers. IEEE Trans. Ind. Inf. 14(8), 3590–3598 (2018)

    Article  Google Scholar 

  7. K. Gai, M. Qiu, H. Zhao, W. Dai, Anti-counterfeit scheme using Monte Carlo simulation for e-commerce in cloud systems, in 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2015), pp. 74–79

    Google Scholar 

  8. H. Liang, K. Gai, Internet-based anti-counterfeiting pattern with using big data in China, in IEEE 17th International Conference on High Performance Computing and Communications (HPCC) (IEEE, Piscataway, 2015), pp. 1387–1392

    Google Scholar 

  9. L. Zhu, M. Li, L. Liao, Dynamic group signature scheme based integrity preserving event report. Sens. Lett. 10(8), 1785–1791 (2012)

    Article  Google Scholar 

  10. P. Su, N. Sun, L. Zhu, Y. Li, R. Bi, M. Li, Z. Zhang, A privacy-preserving and vessel authentication scheme using automatic identification system, in Proceedings of the 5th International Workshop on Security in Cloud Computing (SCC) in conjunction with the 12th ACM Asia Conference on Computer and Communications Security (ASIACCS), April 2017, pp. 1–8

    Google Scholar 

  11. L. Zhu, M. Li, Z. Zhang, C. Xu, R. Zhang, X. Du, N. Guizani, Privacy-preserving authentication and data aggregation for fog-based smart grid. IEEE Commun. Mag. 57(6), 80–85 (2019)

    Article  Google Scholar 

  12. S.A. Elnagdy, M. Qiu, K. Gai, Cyber incident classifications using ontology-based knowledge representation for cybersecurity insurance in financial industry, in 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2016), pp. 301–306

    Google Scholar 

  13. K. Thakur, M. Qiu, K. Gai, M.L. Ali, An investigation on cyber security threats and security models, in 2015 IEEE 2nd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2015), pp. 307–311

    Book  Google Scholar 

  14. S.A. Elnagdy, M. Qiu, K. Gai, Understanding taxonomy of cyber risks for cybersecurity insurance of financial industry in cloud computing, in 2016 IEEE 3rd International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2016), pp. 295–300

    Google Scholar 

  15. K. Gai, Y. Wu, L. Zhu, L. Xu, Y. Zhang, Permissioned blockchain and edge computing empowered privacy-preserving smart grid networks. IEEE Internet Things J. PP(99), 1–12 (2019)

    Google Scholar 

  16. K. Gai, K.K.R. Choo, L. Zhu, Blockchain-enabled reengineering of cloud datacenters. IEEE Cloud Comput. 5(6), 21–25 (2018)

    Article  Google Scholar 

  17. K. Gai, M. Qiu, Y. Li, X.-Y. Liu, Advanced fully homomorphic encryption scheme over real numbers, in 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud) (IEEE, Piscataway, 2017), pp. 64–69

    Google Scholar 

  18. K. Gai, M. Qiu, An optimal fully homomorphic encryption scheme, in IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS), 2017 IEEE 3rd International Conference on Big Data Security on Cloud (BigDataSecurity) (IEEE, Piscataway, 2017), pp. 101–106

    Google Scholar 

  19. J. Katz, Y. Lindell, Introduction to Modern Cryptography, 2nd edn. (CRC Press, Boca Raton, 2015), pp. 1–576

    MATH  Google Scholar 

  20. L. Zhu, Z. Yang, M. Wang, M. Li, ID list forwarding free confidentiality preserving data aggregation for wireless sensor networks. Int. J. Distrib. Sens. Netw. 2013, 1–14 (2013)

    Article  Google Scholar 

  21. T. Feng, C. Wang, W. Zhang, L. Ruan, Confidentiality protection for distributed sensor data aggregation, in Proceedings of the 27th IEEE International Conference on Computer Communications (INFOCOM) (2008), pp. 68–76

    Google Scholar 

  22. C. Castelluccia, A.C.F. Chan, E. Mykletun, G. Tsudik, Efficient and provably secure aggregation of encrypted data in wireless sensor networks. ACM Trans. Sens. Netw. 5(3), 1–36 (2009)

    Article  Google Scholar 

  23. R. Lu, X. Liang, X. Li, X. Lin, X. Shen, EPPA: an efficient and privacy-preserving aggregation scheme for secure smart grid communications. IEEE Trans. Parallel Distrib. Syst. 23(9), 1621–1632 (2012)

    Article  Google Scholar 

  24. K. Moslehi, R. Kumar, A reliability perspective of the smart grid. IEEE Trans. Smart Grid 1(1), 57–64 (2010)

    Article  Google Scholar 

  25. Z.M. Fadlullah, M.M. Fouda, N. Kato, A. Takeuchi, N. Iwasaki, Y. Nozaki, Toward intelligent machine-to-machine communications in smart grid. IEEE Commun. Mag. 49(4), 60–65 (2011)

    Article  Google Scholar 

  26. D. Boneh, B. Lynn, H. Shacham, Short signatures from the Weil pairing. J. Cryptol. 17(4), 297–319 (2004)

    Article  MathSciNet  Google Scholar 

  27. M. Bellare, P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in Proceedings of the ACM Conference on Computer and Communication Security (1993), pp. 63–73

    Google Scholar 

  28. H. Lee, J. Lee, J. Han, The efficient security architecture for authentication and authorization in the home network, in 3rd International Conference on Natural Computation (ICNC) (2007), pp. 1–5

    Google Scholar 

  29. Y.-P. Kim, S. Yoo, C. Yoo, DAoT: dynamic and energy-aware authentication for smart home appliances in Internet of Things, in IEEE International Conference on Consumer Electronics (ICCE) (2015), pp. 196–197

    Google Scholar 

  30. Voter Privacy: What You Need to Know About Your Digital Trail During the 2016 Election (2016). Available: https://www.eff.org/deeplinks/2016/02/voter-privacy-what-you-need-know-about-your-digital-trail-during-2016-election

  31. Privacy Protection in Billing and Health Insurance Communications (2016). Available: https://journalofethics.ama-assn.org/article/privacy-protection-billing-and-health-insurance-communications/2016-03

  32. Privacy (2019). Available: https://blinddatewithabook.com/pages/privacy

  33. E.D. Cristofaro, C. Soriente, Extended capabilities for a privacy-enhanced participatory sensing infrastructure (PEPSI). IEEE Trans. Inf. Forensics Secur. 8(12), 2021–2033 (2013)

    Article  Google Scholar 

  34. S. Gisdakis, T. Giannetsos, P. Papadimitratos, SPPEAR: security & privacy-preserving architecture for participatory-sensing applications, in Proceedings of the 7th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) (2014), pp. 39–50

    Google Scholar 

  35. D. Boneh, X. Boyen, H. Shacham, Short Group Signatures, in Proceedings of the 24th Annual International Cryptology Conference (CRYPTO) (2004), pp. 41–55

    Google Scholar 

  36. R. Lu, X. Lin, T.H. Luan, X. Liang, X. Shen, Pseudonym changing at social spots: an effective strategy for location privacy in VANETs. IEEE Trans. Veh. Technol. 61(1), 86–96 (2012)

    Article  Google Scholar 

  37. M. Motani, V. Srinivasan, P.S. Nuggehalli, PeopleNet: engineering a wireless virtual social network, in Proceedings of the 11th Annual International Conference on Mobile Computing and Networking (MobiCom) (2005), pp. 243–257

    Google Scholar 

  38. P. Mohan, V.N. Padmanabhan, R. Ramjee, Nericell: rich monitoring of road and traffic conditions using mobile smartphones, in Proceedings of the 6th ACM Conference on Embedded Network Sensor Systems (SenSys) (2008), pp. 357–358

    Google Scholar 

  39. Y. Xiao, L. Xiong, Protecting locations with differential privacy under temporal correlations, in Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security (CCS) (2015), pp. 1298–1309

    Google Scholar 

  40. P. Zhang, C. Hu, D. Chen, H. Li, Q. Li, ShiftRoute: achieving location privacy for map services on smartphones. IEEE Trans. Veh. Technol. 67(5), 4527–4538 (2018)

    Article  Google Scholar 

  41. M. Gruteser, D. Grunwald, Anonymous usage of location-based services through spatial and temporal cloaking, in Proceedings of the 1st International Conference on Mobile Systems, Applications and Services (MobiSys) (2003), pp. 31–42

    Google Scholar 

  42. H. Kido, Y. Yanagisawa, T. Satoh, An anonymous communication technique using dummies for location-based services, in Proceedings of the International Conference on Pervasive Services (2005), pp. 88–97

    Google Scholar 

  43. P. Shankar, V. Ganapathy, L. Iftode, Privately querying location-based services with SybilQuery, in Proceedings of the 11th International Conference on Ubiquitous Computing (UbiComp) (2009), pp. 31–40

    Google Scholar 

  44. K.C. Lee, W.-C. Lee, H.V. Leong, B. Zheng, Navigational path privacy protection: navigational path privacy protection, in Proceedings of the 18th ACM Conference on Information and Knowledge Management (CIKM) (2009), pp. 691–700

    Google Scholar 

  45. M.L. Yiu, C.S. Jensen, X. Huang, H. Lu, Spacetwist: managing the trade-offs among location privacy, query performance, and query accuracy in mobile services, in Proceedings of the IEEE 24th International Conference on Data Engineering (ICDE) (2008), pp. 366–375

    Google Scholar 

  46. S.T. Peddinti, A. Dsouza, N. Saxena, Cover locations: availing location-based services without revealing the location, in Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society (2011), pp. 143–152

    Google Scholar 

  47. M. Utsunomiya, J. Attanucci, N. Wilson, Potential uses of transit smart card registration and transaction data to improve transit planning. Transp. Res. Rec. J. Transp. Res. Board 1971(1), 888–896 (2006)

    Article  Google Scholar 

  48. Y. Zheng, L.Z. Zhang, X. Xie, W.Y. Ma, Mining interesting locations and travel sequences from GPS trajectories, in Proceedings of the International Conference on World Wide Web (WWW) (2009), pp. 791–800

    Google Scholar 

  49. X. Cao, G. Cong, C.S. Jensen, Mining significant semantic locations from GPS data, in Proceedings of the International Conference on Very Large Data Bases (VLDB) Endowment (2010), pp. 1009–1020

    Article  Google Scholar 

  50. B. Agard, C. Morency, M. Trpanierm, Mining public transport user behaviour from smart card data, in IFAC Symposium on Information Control Problems in Manufacturing (INCOM), vol. 12 (2006), pp. 399–404

    Article  Google Scholar 

  51. R. Chen, G. Acs, C. Castelluccia, Differentially private sequential data publication via variable-length n-grams, in ACM Conference on Computer & Communications Security (CCS) (2012), pp. 638–649

    Google Scholar 

  52. C. Dwork, Differential privacy, in Proceedings of the 33th International Colloquium on Automata, Languages, and Programming (ICALP), vol. 4052 (2006), pp. 1–12

    Google Scholar 

  53. C. Dwork, F. McSherry, K. Nissim, A. Smith, Calibrating noise to sensitivity in private data analysis, in Theory of Cryptography Conference (TCC) (2006), pp. 265–284

    Google Scholar 

  54. M. Li, L. Zhu, Z. Zhang, R. Xu, Achieving differential privacy of trajectory data publishing in participatory sensing. Inf. Sci. 400–401, 1–13 (2017)

    Google Scholar 

  55. M. Li, L. Zhu, Z. Zhang, R. Xu, Differentially private publication scheme for trajectory data, in Proceedings of the 1st IEEE International Conference on Data Science in Cyberspace (DSC), June 2016, pp. 596–601

    Google Scholar 

  56. M. Li, F. Wu, G. Chen, L. Zhu, Z. Zhang, How to protect query and report privacy without sacrificing service quality in participatory sensing, in Proceedings of the IEEE International Performance Computing and Communications Conference (IPCCC), December 2015, pp. 1–7

    Google Scholar 

  57. S. Ding, X. He, J. Wang, B. Qiao, K. Gai, Static node center opportunistic coverage and hexagonal deployment in hybrid crowd sensing. J. Signal Process. Syst. 86(2–3), 251–267 (2017)

    Article  Google Scholar 

  58. Z. Zhang, C. Jin, M. Li, L. Zhu, A perturbed compressed sensing protocol for crowd sensing. Mobile Inf. Syst. (MIS) 2016, 1–9 (2016)

    Google Scholar 

  59. S. Sicari, A. Rizzardi, L.A. Grieco, A. Coen-Porisini, Security, privacy and trust in Internet of Things: the road ahead. Comput. Netw. 76, 146–164 (2015)

    Article  Google Scholar 

  60. J. Ni, A. Zhang, X. Lin, X. Shen, Security, privacy, and fairness in fog-based vehicular crowdsensing. IEEE Commun. Mag. 55(6), 146–152 (2017)

    Article  Google Scholar 

  61. K. Gai, M. Qiu, L. Tao, Y. Zhu, Intrusion detection techniques for mobile cloud computing in heterogeneous 5G. Secur. Commun. Netw. 9(16), 3049–3058 (2016)

    Article  Google Scholar 

  62. K. Gai, Y. Wu, L. Zhu, M. Qiu, M. Shen, Privacy-preserving energy trading using consortium blockchain in smart grid. IEEE Trans. Ind. Inf. PP(99), 1–12 (2019)

    Google Scholar 

  63. J. Albath, S. Madria, Secure hierarchical data aggregation in wireless sensor networks, in Proceedings of the IEEE Wireless Communications and Networking Conference (WCNC) (2009), pp. 1–6

    Google Scholar 

  64. H. Nicanfar, P. Jokar, V.C.M. Leung, Efficient authentication and key management for the home area network, in IEEE International Conference on Communications (ICC) (2012), pp. 8780–882

    Google Scholar 

  65. X. Wang, W. Cheng, P. Mohapatra, T. Abdelzaher, Enabling reputation and trust in privacy-preserving mobile sensing. IEEE Trans. Mobile Comput. 13(12), 2777–2790 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China

    Liehuang Zhu & Keke Gai

  2. College of Computer Science and Information Engineering, Hefei University of Technology, Hefei, China

    Meng Li

Authors
  1. Liehuang Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Keke Gai
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Meng Li
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Zhu, L., Gai, K., Li, M. (2019). Security and Privacy Issues in Internet of Things. In: Blockchain Technology in Internet of Things. Springer, Cham. https://doi.org/10.1007/978-3-030-21766-2_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-21766-2_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-21765-5

  • Online ISBN: 978-3-030-21766-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation