Skip to main content
SpringerLink
Log in

Internet of Things Security and Privacy

  • Chapter
  • First Online:
Internet of Things From Hype to Reality

Abstract

This chapter outlines the main security and privacy issues in IoT and surveys the techniques that were proposed to address them. Some of the discussed techniques prevent security breaches from taking place while others try to detect malicious behavior and trigger an appropriate mitigating countermeasure.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Notes

  1. 1.

    Light-computational applications may also reside in the Fog Domain.

References

  1. D. Willis, A. Dasgupta, S. Banerjee, in Paradrop: A Multi-Tenant Platform for Dynamically Installed Third Party Services on Home Gateways. SIGCOMM workshop on distributed cloud computing. (ACM, 2014)

    Google Scholar 

  2. W. Xu et al., Jamming sensor networks: attack and defense strategies. IEEE Netw. 20(3), 41–47 (2006)

    Article  Google Scholar 

  3. W. Ye, J. Heidemann, D. Estrin, Medium access control with coordinated adaptive sleeping for wireless sensor networks. IEEE/ACM Trans. Netw. 12(3), 493–506 (2004)

    Article  Google Scholar 

  4. T. Van Dam, K. Langendoen, in An Adaptive Energy-Efficient MAC Protocol for Wireless Sensor Networks. Proceedings of the 1st international conference on embedded networked sensor systems. (ACM, 2003)

    Google Scholar 

  5. K.P. Dyer et al, Peek-a-boo, i still see you: Why Efficient Traffic Analysis Countermeasures Fail. IEEE Symposium on Security and Privacy (SP). (IEEE, 2012)

    Google Scholar 

  6. J. Park et al, in An Energy-Efficient Selective Forwarding Attack Detection Scheme Using Lazy Detection in Wireless Sensor Networks. Ubiquitous Information Technologies and Applications. (Springer, Netherlands, 2013), pp. 157–164

    Google Scholar 

  7. L.K. Bysani, A.K. Turuk, in A Survey on Selective Forwarding Attack in Wireless Sensor Networks. IEEE International Conference on Devices and Communications (ICDeCom), 2011

    Google Scholar 

  8. B. Xiao, B. Yu, C. Gao, CHEMAS: identify suspect nodes in selective forwarding attacks. J. Parallel Distrib. Comput. 67(11), 1218–1230 (2007)

    Article  MATH  Google Scholar 

  9. P. Thulasiraman, S. Ramasubramanian, M. Krunz, in Disjoint Multipath Routing to Two Distinct Drains in a Multi-Drain Sensor Network. 26th IEEE International Conference on Computer Communications, INFOCOM 2007

    Google Scholar 

  10. H.-M. Sun, C.-M. Chen, Y.-C. Hsiao, in An Efficient Countermeasure to the Selective Forwarding Attack in Wireless Sensor Networks. TENCON 2007–2007 IEEE Region 10 Conference, 2007

    Google Scholar 

  11. A. Grau, Can you trust your fridge? IEEE Spectrum 52(3), 50–56 (2015)

    Article  Google Scholar 

  12. C. Li, A. Raghunathan, N.K. Jha, in Hijacking an Insulin Pump: Security Attacks and Defenses for a Diabetes Therapy System. 13th IEEE International Conference on e-Health Networking Applications and Services (Healthcom), 2011

    Google Scholar 

  13. D. Evans, in The Internet of Things How the Next Evolution of the Internet is Changing Everything. Technical report, CISCO IBSG, April 2011

    Google Scholar 

  14. R. Thomas et al, Hey, you, get off of my cloud: Exploring Information Leakage in Third-Party Compute Clouds. Proceedings of the 16th ACM Conference on Computer and Communications Security. (ACM, 2009)

    Google Scholar 

  15. M. Dabbagh, B. Hamdaoui, M. Guizai, A. Rayes in Release-Time Aware VM Placement. Globecom Workshops (GC Wkshps), 8–12 Dec 2014, pp. 122–126

    Google Scholar 

  16. M. Dabbagh, B. Hamdaoui, M. Guizani, A. Rayes, Toward energy-efficient cloud computing: prediction, consolidation, and overcommitment. IEEE Network 29(2), 56–61 (2015)

    Google Scholar 

  17. M. Dabbagh, B. Hamdaoui, M. Guizani, A. Rayes in Efficient Datacenter Resource Utilization Through Cloud Resource Overcommitment. IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), 2015, pp. 330–335

    Google Scholar 

  18. R. Boutaba, Q. Zhang, M. Zhani, Virtual Machine Migration in Cloud Computing Environments: Benefits, Challenges, and Approaches, in Communication Infrastructures for Cloud Computing, ed. by H. Mouftah, B. Kantarci (IGI-Global, USA, 2013), pp. 383–408

    Google Scholar 

  19. D. Perez-Botero, A Brief Tutorial on Live Virtual Machine Migration From a Security Perspective (University of Princeton, USA, 2011)

    Google Scholar 

  20. W. Zhang et al, in Performance Degradation-Aware Virtual Machine Live Migration in Virtualized Servers. International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT), 2012

    Google Scholar 

  21. V. Venkatanathan, T. Ristenpart, M. Swift, in Scheduler-Based Defenses Against Cross-VM Side-Channels. Usenix Security. 2014

    Google Scholar 

  22. T. Kim, M. Peinado, G. Mainar-Ruiz in Stealthmem: System-Level Protection Against Cache-Based Side Channel Attacks in the Cloud. Proceedings of USENIX Conference on Security Symposium, Security’12. USENIX Association, 2012

    Google Scholar 

  23. H. Raj, R. Nathuji, A. Singh, P. England in Resource Management for Isolation Enhanced Cloud Services. Proceedings of the 2009 ACM Workshop on Cloud Computing Security. (ACM, 2009), pp. 77–84

    Google Scholar 

  24. Y. Zhang. M.K. Reiter, in Duppel: Retrofitting Commodity Operating Systems to Mitigate Cache Side Channels in the Cloud. Proceedings of the 2013 ACM SIGSAC Conference on Computer; Communications Security, CCS ’13. (ACM, 2013)

    Google Scholar 

  25. P. Li, D. Gao, M.K. Reiter, in Mitigating Access Driven Timing Channels in Clouds Using Stopwatch. IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2013, pp. 1–12

    Google Scholar 

  26. R. Martin, J. Demme, S. Sethumadhavan, in Timewarp: Rethinking Timekeeping and Performance Monitoring Mechanisms to Mitigate Sidechannel Attacks. Proceedings of the 39th Annual International Symposium on Computer Architecture, 2012

    Google Scholar 

  27. F. Zhou et al, in Scheduler Vulnerabilities and Coordinated Attacks in Cloud Computing. 10th IEEE International Symposium on Network Computing and Applications (NCA), 2011

    Google Scholar 

  28. K. Panagiotis, M. Bora, in Cloud Security Tactics: Virtualization and the VMM. 6th International Conference on Application of Information and Communication Technologies (AICT), IEEE, 2012

    Google Scholar 

  29. F. Zhang et al, in CloudVisor: Retrofitting Protection of Virtual Machines in Multi-Tenant Cloud With Nested Virtualization. Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles. (ACM, 2011)

    Google Scholar 

  30. T. Taleb, A. Ksentini, Follow me cloud: interworking federated clouds and distributed mobile networks. IEEE Netw. 2013

    Google Scholar 

  31. E. Damiani et al, in A Reputation-Based Approach for Choosing Reliable Resources in Peer-To-Peer Networks. Proceedings of the 9th ACM Conference on Computer and Communications Security. (ACM, 2002)

    Google Scholar 

  32. W. Itani et al, in Reputation as a Service: A System for Ranking Service Providers in Cloud Systems. Security, Privacy and Trust in Cloud Systems (Springer, Heidelberg, 2014), pp. 375–406

    Google Scholar 

  33. J. Sahoo, M. Subasish, L. Radha, in Virtualization: A Survey on Concepts, Taxonomy and Associated Security Issues. Second International Conference on Computer and Network Technology (ICCNT), 2010

    Google Scholar 

  34. S. Yi, Q. Zhengrui, L. Qun, in Security and Privacy Issues of Fog Computing: A Survey. Wireless Algorithms, Systems, and Applications (Springer International Publishing, 2015), pp. 685–695

    Google Scholar 

  35. E. Oriwoh, J. David, E. Gregory, S. Paul, in Internet of Things Forensics: Challenges and Approaches. 9th International Conference Conference on Collaborative Computing: Networking, Applications and Worksharing (Collaboratecom), (IEEE, 2013), pp. 608–615

    Google Scholar 

  36. Z. Brakerski, V. Vinod, Efficient fully homomorphic encryption from (standard) LWE. SIAM J. Comput. 43(2), 831–871 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  37. E. Lauter, in Practical Applications of Homomorphic Encryption. Proceedings of the 2012 ACM Workshop on Cloud Computing Security Workshop. (ACM, 2012)

    Google Scholar 

  38. C. Hennebert, D. Jessye, Security protocols and privacy issues into 6lowpan stack: a synthesis. IEEE Internet of Things J. 1(5), 384–398 (2014)

    Article  Google Scholar 

  39. Daily Tech Blogs On Line: http://www.dailytech.com/Five+Charged+in+Largest+Financial+Hacking+Case+in+US+History/article32050.htm

  40. M. Miller, in Car Hacking’ Just Got Real: In Experiment, Hackers Disable SUV on Busy Highway, the Washington Post, 2015, online: http://www.washingtonpost.com/news/morning-mix/wp/2015/07/22/car-hacking-just-got-real-hackers-disable-suv-on-busy-highway/

  41. “2015 Data Breach Investigation Report”, Verizon Incorporation, 2015

    Google Scholar 

  42. M. Dabbagh et al, Fast dynamic internet mapping. Future Gener. Comput. Syst. 39, 55–66 (2014)

    Google Scholar 

  43. Forrester, Security: The Vital Element of the Internet of Things, 2015, Online: http://www.cisco.com/web/solutions/trends/iot/vital-element.pdf

  44. F. Adib, D. Katabi, in See Through Walls With WiFi!, vol 43 (ACM, 2013)

    Google Scholar 

  45. S. Kumar, S. Gil, D. Katabi, D. Rus, in Accurate Indoor Localization With Zero Start-Up Cost. Proceedings of the 20th Annual International Conference on Mobile Computing and Networking. (ACM, 2014), pp. 483–494

    Google Scholar 

  46. G. Wang, Y. Zou, Z. Zhou, K. Wu, L. Ni, in We Can Hear You With Wi-Fi!. Proceedings of the 20th Annual International Conference on Mobile Computing and Networking. (ACM, 2014), pp. 593–604

    Google Scholar 

  47. Y. Qiao, O. Zhang, W. Zhou, K. Srinivasan, A. Arora, in PhyCloak: Obfuscating Sensing from Communication Signals. Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI), 2016

    Google Scholar 

  48. T. Yu et al, in Handling a Trillion (Unfixable) Flaws on a Billion Devices: Rethinking Network Security for the Internet-of-Things. Proceedings of the 14th ACM Workshop on Hot Topics in Networks, 2015

    Google Scholar 

  49. M. Dabbagh, B. Hamdaoui, M. Guizani, A. Rayes, Software-defined networking security: pros and cons. IEEE Commun. Mag. (2015)

    Google Scholar 

  50. Doctors disabled winless in Dick Cheney’s pacemaker to thwart hacking: Naked Secuirty by Sophos. Oct 22 (2013) https://nakedsecurity.sophos.com/2013/10/22/doctors-disabled-wireless-in-dick-cheneys-pacemaker-to-thwart-hacking/

  51. A. Peterson, Yes, terrorist could have hacked Dick Cheney’s heart. The Washington Post. Oct 21 (2013) https://www.washingtonpost.com/news/the-switch/wp/2013/10/21/yes-terrorists-could-have-hacked-dick-cheneys-heart/

Download references

Author information

Authors and Affiliations

  1. Cisco Systems, San Jose, California, USA

    Ammar Rayes

  2. Oregon State University, Corvallis, Oregon, USA

    Mehiar Dabbagh

Authors
  1. Mehiar Dabbagh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ammar Rayes
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mehiar Dabbagh .

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this chapter

Cite this chapter

Dabbagh, M., Rayes, A. (2017). Internet of Things Security and Privacy. In: Internet of Things From Hype to Reality. Springer, Cham. https://doi.org/10.1007/978-3-319-44860-2_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-44860-2_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-44858-9

  • Online ISBN: 978-3-319-44860-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation