Abstract
This chapter reviews the expanding role of the Internet of Things (IoT) in our lives as well as the security concerns of IoT. While IoT has expanded enormously in recent years both in the private and public sectors where it has enhanced the quality of life, it has also created potential security risks for users in various ways, such as in enabling unauthorized access and misuse of personal information, facilitating attacks on other systems, and creating safety risks. Even though these risks have been already common in cyberspace contexts, the introduction of IoT has increased these risks given its role in expanding the Internet and its connections to every aspect of our daily lives. This chapter will provide a systematic review of the current literature of IoT in order to identify IoT security challenges, and to offer recommendations for responding to these challenges. As a result of our study, we identified pervasiveness, privacy, and vulnerability as main challenges that are discussed in the literature. In this research, we also compiled some recommendations such as encryption, cryptology, authentication, authorization, and advanced security frameworks, schemes, and protocols to respond current security challenges in the IoT. Policy recommendations are also discussed to give ideas to policymakers about IoT security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Abbreviations
- AI:
-
Artificial intelligence
- AR:
-
Augmented reality
- DDoS:
-
Distributed denial of service
- FTC:
-
Federal Trade Commission
- ICT:
-
Information communication technologies
- IoT:
-
Internet of Things
- IP:
-
Internet protocol
- IT:
-
Information technology
- MCI:
-
Mass casualty incident
- RFID:
-
Radio frequency identification
References
Abomhara, M., & Køien, G. M. (2014). Security and privacy in the Internet of Things: Current status and open issues. In 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS) (pp. 1–8).
Allen, N. (2016). Cybersecurity weaknesses threaten to make smart cities more costly and dangerous than their analog predecessors. USApp–American Politics and Policy Blog.
Ammar, M., Russello, G., & Crispo, B. (2018). Internet of Things: A survey on the security of IoT frameworks. Journal of Information Security and Applications, 38, 8–27.
Atzori, L., Iera, A., & Morabito, G. (2017). Understanding the Internet of Things: Definition, potentials, and societal role of a fast evolving paradigm. Ad Hoc Networks, 56, 122–140. https://doi.org/10.1016/j.adhoc.2016.12.004.
Banerjee, M., Lee, J., & Choo, K.-K. R. (2017). A blockchain future to Internet of Things security: A position paper. Digital Communications and Networks, 4(3), 149–160.
Belguith, S., Kaaniche, N., Laurent, M., Jemai, A., & Attia, R. (2018). PHOABE: Securely outsourcing multi-authority attribute based encryption with policy hidden for cloud assisted IoT. Computer Networks, 133, 141–156.
Berman, F., & Cerf, V. G. (2017). Social and ethical behavior in the Internet of Things. Communications of the ACM, 60(2), 6–7. https://doi.org/10.1145/3036698.
Bhabad, M. A., & Bagade, S. T. (2015). Internet of Things: Architecture, security issues and countermeasures. International Journal of Computer Applications, 125(14), 1–4.
Bokefode, J. D., Bhise, A. S., Satarkar, P. A., & Modani, D. G. (2016). Developing a secure cloud storage system for storing IoT data by applying role based encryption. Procedia Computer Science, 89, 43–50.
Caron, X., Bosua, R., Maynard, S. B., & Ahmad, A. (2016). The Internet of Things (IoT) and its impact on individual privacy: An Australian perspective. Computer Law & Security Review, 32(1), 4–15.
Chinn, D., Kaplan, J., & Weinberg, A. (2014). Risk and responsibility in a hyperconnected world: Implications for enterprises. Retrieved from https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/risk-and-responsibility-in-a-hyperconnected-world-implications-for-enterprises.
Cobb, S. (2016). 10 things to know about the October 21 IoT DDoS attacks. Retrieved from https://www.welivesecurity.com/2016/10/24/10-things-know-october-21-iot-ddos-attacks/.
Cooper, H. M. (1984). The integrative research review: A systematic approach. Beverly Hills, CA: Sage Publications.
Demir, F. (2011). Technology use in community policing: Usability evaluation by Eye tracking method. Germany: Lambert Academic Publishing.
Demir, F. (2012). Designing intranet communication portals for government agencies: Turkish National Police Case. Police Science Journal. Retrieved from http://www.arastirmax.com/bilimsel-yayin/polis-bilimleri-dergisi/14/2/75-94-kamu-kurumlari-ic-ag-iletisim-portali-tasarimi-turk-polis-teskilati-ornegi.
Demir, F. (2014). Communication ethics. In Ethics in professional. Ankara: Adalet Publishing House.
Demir, F., Ahmad, S., Jiang, D., Huang, R., Jahnke, I., & Calyam, P. (2017). A next-generation augmented reality platform for mass casualty incidents. Journal of Usability Studies, 12(4), 193–214.
Dhillon, P. K., & Kalra, S. (2017). A lightweight biometrics based remote user authentication scheme for IoT services. Journal of Information Security and Applications, 34, 255–270.
Federal Trade Commission. (2015). Internet of Things. FTC Staff Report. Retrieved from https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf.
Feng, W., Qin, Y., Zhao, S., & Feng, D. (2018). AAoT: Lightweight attestation and authentication of low-resource things in IoT and CPS. Computer Networks, 134, 167–182.
Fitzgerald, P., & Kelly, D. (2016). The Internet of Things: What sheriffs need to know. Sheriff & Deputy, 68(4), 48–51.
Gil-Garcia, J. R., Pardo, T. A., & Nam, T. (Eds.). (2015). Smarter as the new urban agenda: A comprehensive view of the 21st century city (Vol. 11). Cham: Springer.
Greenberg, A. (2015). Hackers remotely kill a jeep on the highway—With me in it. Retrieved July 19, 2017, from https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/.
Greenberg, A. (2017). Securing driverless cars from hackers is hard. Ask the ex-Uber guy who protects them. Retrieved July 19, 2017, from https://www.wired.com/2017/04/ubers-former-top-hacker-securing-autonomous-cars-really-hard-problem/.
Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645–1660.
Gusmeroli, S., Piccione, S., & Rotondi, D. (2013). A capability-based security approach to manage access control in the Internet of Things. Mathematical and Computer Modelling, 58(5), 1189–1205.
Hahn, J. (2017). The Internet of Things: Mobile technology and location services in libraries. Library Technology Reports, 53(1), 5–28.
Han, Q., Zhang, Y., & Li, H. (2018). Efficient and robust attribute-based encryption supporting access policy hiding in Internet of Things. Future Generation Computer Systems, 83, 269–277.
Harbert, T. (2017). Making connections. Government Technology, 30(1), 16–20.
Harrop, P. (2016). Benchmarking clarifies the future of Internet of Things. Database & Network Journal, 46(6). Retrieved from https://www.mendeley.com/research-papers/benchmarking-clarifies-future-internet-things.
Hernandez-Ramos, J. L., Moreno, M. V., Bernabe, J. B., Carrillo, D. G., & Skarmeta, A. F. (2015). SAFIR: Secure access framework for IoT-enabled services on smart buildings. Journal of Computer and System Sciences, 81(8), 1452–1463.
Holt, T. J., Bossler, A. M., & Seigfried-Spellar, K. C. (2015). Cybercrime and digital forensics: An introduction. New York: Routledge.
Hossain, M. M., Fotouhi, M., & Hasan, R. (2015). Towards an analysis of security issues, challenges, and open problems in the Internet of Things. In Services, 2015 IEEE World Congress (pp. 21–28). New York: IEEE.
Jacobsson, A., Boldt, M., & Carlsson, B. (2016). A risk analysis of a smart home automation system. Future Generation Computer Systems, 56, 719–733.
Jayaraman, P. P., Yang, X., Yavari, A., Georgakopoulos, D., & Yi, X. (2017). Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation. Future Generation Computer Systems, 76, 540–549.
Jeon, J., & Jeong, S.-R. (2016). Designing a crime-prevention system by converging big data and IoT. Journal of Internet Computing and Services, 17(3), 115–128. https://doi.org/10.7472/jksii.2016.17.3.115.
Jiang, L., Xu, L. D., Cai, H., Jiang, Z., Bu, F., & Xu, B. (2014). An IoT-oriented data storage framework in cloud computing platform. IEEE Transactions on Industrial Informatics, 10(2), 1443–1451.
Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing, 24, 210–223.
Kang, S., & Kim, S. (2017). How to obtain common criteria certification of smart TV for home IoT security and reliability. Symmetry, 9(10), 233.
Khan, M. A., & Salah, K. (2018). IoT security: Review, blockchain solutions, and open challenges. Future Generation Computer Systems, 82, 395–411.
Kim, K.-W., Han, Y.-H., & Min, S.-G. (2017). An authentication and key management mechanism for resource constrained devices in IEEE 802.11-based IoT access networks. Sensors (Basel, Switzerland), 17(10).
Kshetri, N. (2017). Blockchain’s roles in strengthening cybersecurity and protecting privacy. Telecommunications Policy, 41(10), 1027–1038.
Kula, S., & Guler, A. (2015). Smart public safety: Application of mobile electronic system integration (MOBESE) in Istanbul. In Smarter as the new urban agenda (pp. 243–258). Cham: Springer International Publishing.
Lavanya, M., & Natarajan, V. (2017). Lightweight key agreement protocol for IoT based on IKEv2. Computers & Electrical Engineering, 64, 580–594.
Li, F., Han, Y., & Jin, C. (2016). Practical access control for sensor networks in the context of the Internet of Things. Computer Communications, 89–90, 154–164.
Li, X., Niu, J., Kumari, S., Wu, F., Sangaiah, A. K., & Choo, K.-K. R. (2018). A three-factor anonymous authentication scheme for wireless sensor networks in Internet of Things environments. Journal of Network and Computer Applications, 103, 194–204.
Lindqvist, U., & Neumann, P. G. (2017). The future of the Internet of Things. Communications of the ACM, 60(2), 26–30.
Mahmoud, R., Yousuf, T., Aloul, F., & Zualkernan, I. (2015). Internet of Things (IoT) security: Current status, challenges and prospective measures. In 10th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 336–341).
Mai, V., & Khalil, I. (2017). Design and implementation of a secure cloud-based billing model for smart meters as an Internet of Things using homomorphic cryptography. Future Generation Computer Systems, 72, 327–338.
Marcena, M. B., & Wueest, C. (2015). Insecurity in the Internet of Things. Security Response, Symantec.
Marin, L., Pawlowski, M. P., & Jara, A. (2015). Optimized ECC implementation for secure communication between heterogeneous IoT devices. Sensors (14248220), 15(9), 21478–21499.
Mathur, A., Newe, T., & Rao, M. (2016). Defence against black hole and selective forwarding attacks for medical WSNs in the IoT. Sensors (14248220), 16(1), 1–25.
Mayer, C. P. (2009). Security and privacy challenges in the internet of things. Electronic Communications of the EASST, 17. https://doi.org/10.14279/tuj.eceasst.17.208.
Mineraud, J., Mazhelis, O., Su, X., & Tarkoma, S. (2016). A gap analysis of Internet-of-Things platforms. Computer Communications, 89–90, 5–16.
Neagle, C. (2015, August 26). Smart refrigerator hack exposes Gmail account credentials. Retrieved July 19, 2017, from http://www.networkworld.com/article/2976270/internet-of-things/smart-refrigerator-hack-exposes-gmail-login-credentials.html.
Peris-Lopez, P., González-Manzano, L., Camara, C., & de Fuentes, J. M. (2018). Effect of attacker characterization in ECG-based continuous authentication mechanisms for Internet of Things. Future Generation Computer Systems, 81, 67–77.
Public Accenture. (2016). Smart move: Emerging technologies make their mark on public service among the foremost missions of government is to improve the delivery of public service and meet the rising expectations of citizens. Retrieved from https://www.mendeley.com/research-papers/smart-move-emerging-technologies-make-mark-public-service-among-foremost-missions-government-improve.
Riahi, A., Challal, Y., Natalizio, E., Chtourou, Z., & Bouabdallah, A. (2013). A systemic approach for IoT security. In Distributed Computing in Sensor Systems (DCOSS). In 2013 IEEE International Conference (pp. 351–355). New York: IEEE.
Riel, A., Kreiner, C., Macher, G., & Messnarz, R. (2017). Integrated design for tackling safety and security challenges of smart products and digital manufacturing. CIRP Annals, 66(1), 177–180.
Sah, P. (2016). Saving environment using Internet of Things: Challenges and the possibilities. Advances in Internet of Things, 6, 55–64.
Sanchez-Arias, G., González García, C., & Pelayo G-Bustelo, B. C. (2017). Midgar: Study of communications security among Smart Objects using a platform of heterogeneous devices for the Internet of Things. Future Generation Computer Systems, 74, 444–466.
Sanchez, P., Lopez, R., & Skarmeta, A. (2013). Panatiki: A network access control implementation based on pana for IoT devices. Sensors, 13(11), 14888–14917.
Scholl, H. J. (2016). Special issue on “Smartness in governance, government, urban environments, and the Internet of Things”: An editorial introduction. Information Polity, 21(1), 1–3. https://doi.org/10.3233/IP-150377.
Schurgot, M. R., Shinberg, D. A., & Greenwald, L. G. (2015). Experiments with security and privacy in IoT networks (pp. 1–6). New York: IEEE.
Sha, K., Wei, W., Andrew Yang, T., Wang, Z., & Shi, W. (2018). On security challenges and open issues in Internet of Things. Future Generation Computer Systems, 83, 326–337.
Sicari, S., Rizzardi, A., Miorandi, D., Cappiello, C., & Coen-Porisini, A. (2016). A secure and quality-aware prototypical architecture for the Internet of Things. Information Systems, 58, 43–55.
Suo, H., Wan, J., Zou, C., & Liu, J. (2012). Security in the Internet of Things: A review. In 2012 International Conference on Computer Science and Electronics Engineering (Vol. 3, pp. 648–651). https://doi.org/10.1109/ICCSEE.2012.373.
Suresh, P., & Ramachandran, S. (2016). Development of smart cities in India—Dream to reality. Scholedge International Journal of Business Policy & Governance, 3(6), 73–81. https://doi.org/10.19085/journal.sijbpg030601.
Tai, W. L., Chang, Y. F., & Li, W. H. (2017). An IoT notion-based authentication and key agreement scheme ensuring user anonymity for heterogeneous ad hoc wireless sensor networks. Journal of Information Security and Applications, 34, 133–141.
Tao, M., Zuo, J., Liu, Z., Castiglione, A., & Palmieri, F. (2018). Multi-layer cloud architectural model and ontology-based security service framework for IoT-based smart homes. Future Generation Computer Systems, 78, 1040–1051.
The U.S. Department of Commerce. (2017). Fostering the advancement of the Internet of Things. Retrieved from https://www.ntia.doc.gov/files/ntia/publications/iot_green_paper_01122017.pdf.
Thune, J., Dakota, S., Roger Wicker, C. F., Roy Blunt, M., Marco Rubio, M., Kelly Ayotte, F., Hampshire J., & Moran, N. (2008). Senate Committee on Commerce, Science, and Transportation One Hundred Fourteenth Congress Second Session Subcommittee on Surface Transportation and Merchant Marine Infrastructure, Safety and Security. Retrieved from https://www.mendeley.com/research-papers/senate-committee-commerce-science-transportation-one-hundred-fourteenth-congress-second-session-subc.
Van den Bergh, J., & Viaene, S. (2015). Key challenges for the smart city: Turning ambition into reality. In 2015 48th Hawaii International Conference on System Sciences (pp. 2385–2394). IEEE.
Wainwright, N. (2015). Innovate 11 Presentation. USA: Internet of Things Panel. Retrieved from https://www.postscapes.com/videos/viewvideo/180/innovate-11-internet-of-things-panel/Page-1.
Wang, Z. (2018). A privacy-preserving and accountable authentication protocol for IoT end-devices with weaker identity. Future Generation Computer Systems, 82, 342–348.
Wang, K.-H., Chen, C.-M., Fang, W., & Wu, T.-Y. (2017). A secure authentication scheme for Internet of Things. Pervasive and Mobile Computing, 42, 15–26.
Want, R., Schilit, B. N., & Jenson, S. (2015). Enabling the Internet of Things. Computer, 48(1), 28–35.
Warburton, S. (2015). Bosch pilots active parking management system. Aroq—Just-Auto.Com (Global News). Retrieved from https://www.mendeley.com/research-papers/bosch-pilots-active-parking-management-system.
Weber, R. H. (2010). Internet of Things—New security and privacy challenges. Computer Law & Security Review, 26(1), 23–30. https://doi.org/10.1016/j.clsr.2009.11.008.
Wortmann, F., & Fluchter, K. (2015). Internet of Things. Business & Information Systems Engineering, 57(3), 221–224.
Wu, F., Li, X., Sangaiah, A. K., Xu, L., Kumari, S., Wu, L., & Shen, J. (2018). A lightweight and robust two-factor authentication scheme for personalized healthcare systems using wireless medical sensor networks. Future Generation Computer Systems, 82, 727–737.
Wurm, J., Arias, O., Hoang, K., Sadeght, A., & Jin, Y. (2016). Security analysis on consumer and industrial IOT devices. 21st Asia and South Pacific Design Automation Conference (ASP-DAC).
Yang, Y., Zheng, X., & Tang, C. (2017). Lightweight distributed secure data management system for health Internet of Things. Journal of Network and Computer Applications, 89, 26–37.
Yang, Y., Zheng, X., Guo, W., Liu, X., & Chang, V. (2018). Privacy-preserving fusion of IoT and big data for e-health. Future Generation Computer Systems, 86, 1437.
Zhang, Z. K., Cho, M. C. Y., Wang, C. W., Hsu, C. W., Chen, C. K., & Shieh, S. (2014). IoT Security: Ongoing challenges and research opportunities. In 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications (pp. 230–234).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Guler, A., Demir, F. (2020). Identifying Security Challenges in the IoT for the Public Sector: A Systematic Review. In: Gil-Garcia, J.R., Pardo, T.A., Gasco-Hernandez, M. (eds) Beyond Smart and Connected Governments. Public Administration and Information Technology, vol 30. Springer, Cham. https://doi.org/10.1007/978-3-030-37464-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-37464-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-37463-1
Online ISBN: 978-3-030-37464-8
eBook Packages: Economics and FinanceEconomics and Finance (R0)