After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy

This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things—and any of its unforeseen progeny—develop with an eye toward safeguarding individual privacy while allowing technological development

Mobile Edge Computing Empowers Internet of Things

In this paper, we propose a Mobile Edge Internet of Things (MEIoT) architecture by leveraging the fiber-wireless access technology, the cloudlet concept, and the software defined networking framework. The MEIoT architecture brings computing and storage resources close to Internet of Things (IoT) devices in order to speed up IoT data sharing and analytics. Specifically, the IoT devices (belonging to the same user) are associated to a specific proxy Virtual Machine (VM) in the nearby cloudlet. The proxy VM stores and analyzes the IoT data (generated by its IoT devices) in real-time. Moreover, we introduce the semantic and social IoT technology in the context of MEIoT to solve the interoperability and inefficient access control problem in the IoT system. In addition, we propose two dynamic proxy VM migration methods to minimize the end-to-end delay between proxy VMs and their IoT devices and to minimize the total on-grid energy consumption of the cloudlets, respectively. Performance of the proposed methods are validated via extensive simulations

Surfing the Internet-of-Things: lightweight access and control of wireless sensor networks using industrial low power protocols

Internet-of-Things (IoT) is emerging to play an important role in the continued advancement of information and communication technologies. To accelerate industrial application developments, the use of web services for networking applications is seen as important in IoT communications. In this paper, we present a RESTful web service architecture for energy-constrained wireless sensor networks (WSNs) to enable remote data collection from sensor devices in WSN nodes. Specifically, we consider both IPv6 protocol support in WSN nodes as well as an integrated gateway solution to allow any Internet clients to access these nodes.We describe the implementation of a prototype system, which demonstrates the proposed RESTful approach to collect sensing data from a WSN. A performance evaluation is presented to illustrate the simplicity and efficiency of our proposed scheme

An access control management protocol for Internet of things devices

Internet enabled computing devices are increasingly at risk of misuse by individuals or malware. Initially such misuse was targeted mainly at computers, however there is increasing targeting of tablet and smartphone devices. In this paper we examine an access control management protocol for Internet of things devices in order to attempt to provide some protection against misuse of such devices. Although anti-malware software is commonly used in computers, and is increasingly being used for tablets and smartphones, this may be a less practicable approach for Internet of things devices. The access control management protocol for Internet of things devices examined in this paper involves the use of physical proximity ‘registration’ for remote control of such devices, encryption of communications, verification of geo-location of the mobile device used to control the IoT device, safe operation controls, and exception reporting as a means of providing a tiered security approach for such devices

Internet of Thing Based Confidential Healthcare Data Storage, Access Control and Monitoring Using Blockchain Technique

Internet of Things plays a significant role in multiple sectors like agriculture, manufacturing and healthcare for collecting information to automation. The collected information is in different diversity and consists of confidential and non-confidential information. Secure handling of confidential data is a crucial task in cloud computing like storage, access control and monitoring. The blockchain based storage technique provides immutable data storage, efficient access control and dynamic monitoring to confidential data. Thus, the secure internet of things data storage, access control and monitoring using blockchain technique is proposed in this work. The patients health information that are in different formats are pruned by a decision tree algorithm and it classifies the confidential data and non-confidential data by the fuzzy rule classification technique. Depending on data owner's willing, the fuzzy rule is framed and the confidential and non-confidential data collected by internet of things sensors are classified. To provide confidentiality to confidential data, Attribute Based Encryption is applied to confidential data and stored in an off-chain mode of blockchain instead of entire data encryption and storage. The non-confidential data is stored in a plaintext form in cloud storage. When compared to support vector machine, K-nearest neighbor and Naive Bayes classification techniques, the proposed fuzzy rule based confidential data identification produces greater than 96 % of accuracy based on data owner willing and confidential data storage takes lesser than 20 % of storage space and processing time in an entire data storage. Additionally, the blockchain performances like throughput, network scalability and latency is optimized through minimal block size and transactions. Thus, our experimental results show that the proposed blockchain based internet of things data storage, access control and monitoring technique provides better confidentiality and access control to confidential data than the conventional cloud storage technique with lesser processing time

Smart object-oriented access control: Distributed access control for the Internet of Things

Ensuring that data and devices are secure is of critical importance to information technology. While access control has held a key role in traditional computer security, its role in the evolving Internet of Things is less clear. In particular, the access control literature has suggested that new challenges, such as multi-user controls, fine-grained controls, and dynamic controls, prompt a foundational re-thinking of access control. We analyse these challenges, finding instead that the main foundational challenge posed by the Internet of Things involves decentralization: accurately describing access control in Internet of Things environments (e.g., the Smart Home) requires a new model of multiple, independent access control systems. To address this challenge, we propose a meta-model (i.e., a model of models): Smart Object-Oriented Access Control (SOOAC). This model is an extension of the XACML framework, built from principles relating to modularity adapted from object-oriented programming and design. SOOAC draws attention to a new class of problem involving the resolution of policy conflicts that emerge from the interaction of smart devices in the home. Contrary to traditional (local) policy conflicts, these global policy conflicts emerge when contradictory policies exist across multiple access control systems. We give a running example of a global policy conflict involving transitive access. To automatically avoid global policy conflicts before they arise, we extend SOOAC with a recursive algorithm through which devices communicate access requests before allowing or denying access themselves. This algorithm ensures that both individual devices and the collective smart home are secure. We implement SOOAC within a prototype smart home and assess its validity in terms of effectiveness and efficiency. Our analysis shows that SOOAC is successful at avoiding policy conflicts before they emerge, in real time. Finally, we explore improvements that can be made to SOOAC and suggest directions for future work