Security and privacy issues in Internet of Things

Question: Discuss about the Security and privacy issues in Internet of Things. Answer: Introduction The world of technology is advancing at a tremendous speed. Every other day there is a specific technology being launched somewhere. Among the technologies that are taking the world by storm is the Internet of Things (IoT) (Gartner, 2013). In this paper, we explore more on the topic. Some research questions that will be answered in this include What is IoT? What are the security and privacy issues that are facing IoT? How are these issues being addressed? Which are some of the technologies being used in IoT? Overview of Internet of Things (IoT) What is IoT? Every day, a person, whichever part of the world they are in, uses a smart device. It might be a mobile phone, smart TV, a vehicle, camera etc. A smart device can be said to be anything that contains electronics, sensors, software and can be connected to a network (Gartner, 2013). The term IoT in this case refers to the interconnection of these 'things'. Once they are online they are able to collect and exchange data without any human intervention. In the recent years, terms such as smart homes have emerged and all this is because of IoT. Applications of IoT While this technology has seen extremely use in home, other fields have not been left behind. Some areas it has been incorporated include: Health sector-Every other second, the world is faced with a high number of people requiring medical attention (Kumar Patel, 2014). The problem is the field is faced with lack of enough expertise. To deal with this IoT has been incorporated in making systems that are used in remote monitoring of patients health, diagnosis and consequently the delivery of correct drugs to patients. Home automation- One is able to connect all objects they own ranging from appliances, automobiles to livestock. Retail shops- People no longer use bar codes to monitor the movement of their goods. With the onset of RFIDs (Radio Frequency Identification) and other devices, retail shop owners are able to monitor their stock and get real-time data to make necessary decisions. Hardgrave (2015). A perfect example is the use of IoT in Walmart Supply chain management. Industry automation - Industries are automating most of their processes to improve efficiency. Manufacturing and Logistics- Areas such as machine to machine interaction and tracking of goods in transit has been made better with IoT. Privacy and Security Issues in IoT Gartner (2013) oversees a world where more than 26 billion devices will be connected to the internet by the year 2020. Still, some researchers have taken this number a notch higher to 50 billion devices at the same time (Cisco 2016). This is a scary thought keeping in mind every other day the world is waking up to people being hacked, their identity stolen and such issues. Still, there will be huge amounts of data being produced every second and the world is yet to bring about applications to process this large amount of data effectively and efficiently (Xia, Yang, Wang Vinel, 2012). Below, we look at some of the issues facing IoT as far as both privacy of users and devices is concerned. Privacy Most of the smart devices used today collect at least one piece of personal information, say ID numbers, date of birth, names etc., from the user. Now, imagine all the devices you have that are connected to the Internet and just think of how much of you have put online. Scary, no? As if this is not enough, often this information is transmitted without encryption over networks. This should become a concern to every person. Hackers on the other hand couldn't have seen better days. From the rise of the Anonymous group and whistle blowers who are leaking confidential information (as seen just before the US general election where Hilary Clinton's past emails were aired to the public), its evident hactivism is taking shape and the privacy of the people has never been under attack more than today (Ntuli Abu-Mahfouz, 2016). On misuse of information, a classic example is where Politicians use the information you provided to your ISP to determine your location and frequently send you messages requesting you to vote for them. It leaves one wondering, if a mere politician can access this information, how many more dangerous people can access and use this information to harm you in some way. Security The current level of technology allows room for securing servers, personal computers, and other devices with the best security protocols and practices (Staff, 2015). However, the security of IoT devices is a tad hard to maintain seeing that it uses bi-directional communication whose security is still blossoming and seldom sufficient. Some security issues facing IoT include: Insecure web interface- Among the 10 top vulnerabilities outlined by the Open Web Application Security Project (OWASP) have been fueled by insecure web interfaces found on most IoT devices. Insufficient authentication- The moment devices allow a user to login with a lame password such as 123456 or jeremy, means that hacking such a device is a piece of cake. Hacking Issues such as ramsomware, DDoS (Distributed Denial Of Service) attacks, identity theft and such, have been on the rise as a result of the availability of devices all over the internet. Problem with this is some devices are critical and when they are tampered with dire consequences result. E.g. a health monitoring system. In addition, the data they often hold is sensitive and can be used for malicious activities by notorious criminals. Security Measures Being Adopted in IoT Inasmuch as it seems almost impossible to secure IoT devices, there are measure that have (are) been put in place to ensure the security of these devices is maintained. Among them there is: End-to-end encryption To ensure end to end security, technologies such AES (Advanced Encryption Standard) are being integrated with the existing standards (Staff, 2015). This technology ensures than only those devices with encryption keys can transmit and decrypt data from the source device. Device status monitoring- Each and every device connected to the internet should have a way of monitoring their presence. If all of a sudden it goes offline, the owner should have a way of knowing immediately it stops submitting data and the reasons behind the sudden change in status (Kumar Patel, 2014). If it's say a smart TV, offline status could mean someone's tampering with it or there's power/ internet outage at home. IoT metadata tracking technology applies in this case. Education of the users Recent trends show that one of the main reason why most of these devices are prone to security attacks is because most of the users don't know how to set them up right. Educating the users on the threats and possible ways of keeping themselves safe has come in handy in reducing attacks and creating a better security informed generation. Ban on Open Inbound Ports in Devices- traditionally, these are the ports that have been used between communicating devices. The problem with them is they demand to be left open, always which created a vulnerability for intruders (talk of malware infections, DOS attacks, compromise in data etc.) to gain access. By not using these ports, and instead using outbound connections, security is guaranteed. End to end penetration test This test should be performed to identify early some of the vulnerability that could be existing in a given IoT device interface and appropriate mitigation measures applied. Token Base Access Control- In this technology, the network acts as a traffic cop in the sense that it determines which device can transmit data, with who and which devices are actually allowed on the network. Technologies Associated with IoT and their application in Real World IoT Analytics Given that these devices are producing immense amounts of data every second comes the need for systems to analyze this data and give useful information for major decision-making. E.g., a health monitoring system should be able to monitor the body activities of an individual and communicate any sudden changes that could signal an attack or onset of a disease. Distributed computing stream platforms (DSCPs) They process the high rate data streams provided by IOT devices to perform tasks such as pattern identification and real-time analytics. Business can use this technology to make market predictions (Jones, 2015). Conclusion The world has completely opened up to IoT. Each and every day more devices are being developed and even more are being connected to the internet. Its the reality at hand. There are so many benefits that have resulted from this interconnection. However, as seen in this research, this has brought about challenges and problems to the people with it. From hacking to data theft, challenges issues are getting worse by the day. The world thus needs to focus more on improving the security in IoT devices. Reference Gartner, J. R. (2013). Gartner Says the Internet of Things Installed Base Will Grow to 26 Billion Units By 2020. Kumar, J. S., Patel, D. R. (2014). A survey on internet of things: Security and privacy issues. International Journal of Computer Applications, 90(11). ISACA, C. (2015). 5, 2012. Jones, L. K. (2015). The insecurity of things: How to manage the internet of things (Doctoral dissertation, Utica College). Staff, F. T. C. (2015). Internet of Things: Privacy and Security in a Connected World. Technical report, Federal Trade Commission. Ntuli, N., Abu-Mahfouz, A. (2016). A Simple Security Architecture for Smart Water Management System. Procedia Computer Science, 83, 1164-1169. Xia, F., Yang, L. T., Wang, L., Vinel, A. (2012). Internet of things. International Journal of Communication Systems, 25(9), 1101. Glossary IoT- Internet of things DSCP- Distributed computing stream platforms AES- Advanced Encryption Standard RFIDs- Radio Frequency Identification DDoS- Distributed Denial Of Service