Internet of Things is Great but Let us not Forget the Security and Privacy Challenges at Play
Most people in the Internet and tech services domain are aware of the potential that Internet of Things (IoT) offers.
We can easily visualize a world of more convenience due to the advantage of linking almost everything under the sky—cars, home appliances, medical equipment, office buildings, factories, thermostats, and the rest—to the vast ‘cloud storage facility’ from where information extracted from Big Data can guide our actions and hence, better our lives.
Along with the obvious security concerns while embracing IoT, privacy issues are going unnoticed. These issues are gaining more attention, and there are yet numerous challenges in IoT which are currently under research and should be factored into planning, development, and implementation of IoT projects.
The Director of National Intelligence (USA) James Clapper in a testimony earlier this year raised the issues of threats to global security posed by governments using IoT as a spy tool.
“Smart devices incorporated into the electric grid, vehicles—including autonomous vehicles—and household appliances are improving efficiency, energy, conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services.
In future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
– James Clapper, US Director of National Intelligence
Hence, for those who are involved in building IoT solutions and infrastructures, putting security first is quite the key step in times to come.
Challenges and problems with IoT systems
The challenges and problems faced by IoT arise due to two main reasons: the gathering of a large set of data (Big Data) for each ‘thing’ in an IoT system (which is also the superset of the issue in focus for this article) and the communication among system hardware.
Under this issue of information gathering comes the class of problems related to security and privacy of information through wireless transmission media.
Security and Privacy
We know that in a large number of use cases data is transmitted between IoT devices through a wireless medium.
When it comes to security, the information that is part of an IoT system is at risk due to several factors such as physical attack, wireless information attack, and low self-defense. A physical attack can happen when a hacker tampers with IoT devices as most of the time these devices are nowhere near a human subject (Remember, at its core IoT requires minimal human interaction). A wireless information attack can happen when a hacker acquires the information from the medium before it reaches the destination.
Privacy is another important aspect in a civilization. It means the provider is only able to surmise based on the usage pattern typical of each client system. The data collection, handling, and mining are accomplished in the IoT systems in their own unique ways. An IoT system may be part of many solutions, for example a home automation system. So, to guarantee the privacy of ‘things’, the questions of concern are: (1) Who collects the personal data? (2) How these data are collected? and (3) When are the data collected?
Risk mitigation involves the following: security policies based on specified context, identity, and role models; middleware that have good privacy protocols and come with behavior-driven services to adapt as per context. Data gathering must adhere to security and privacy policies.
The thing to ascertain from all this is that moving ahead in IoT security and privacy trade-off, societal interaction, along with technology research, is seemingly the best approach to take while addressing these issues.