Regulating the Internet of Things: Protecting the Smart Home

The Internet of Things (IoT)—the internetworking of “smart” devices for the purpose of collecting and exchanging data—is developing rapidly. Estimates of the number of IoT devices currently in circulation range from 6.4 to 17.6 billion. By 2020, those numbers could reach upward of 30 billion. While the technology encourages innovation and promotes data-driven policymaking, it also compromises consumer privacy, security, and safety. Consumers are generally unaware that IoT devices transmit scores of personally-identifiable information with only rudimentary security protections in place. For some devices, inadequate security measures unnecessarily risk consumer safety by leaving the devices vulnerable to remote manipulation by third parties. ISSUE Whether IoT-connected devices found in a “smart” home should be regulated to ensure appropriate protections for consumers and their data. BRIEF ANSWER The IoT should be regulated but not yet. The industry is still in its infancy and the current political climate is too unstable. Over the next decade, the industry should be closely studied and regulation should be revisited once all of the main risks are assessed. Directed to the Washington State Office of Privacy and Data Security.https://digitalcommons.law.uw.edu/techclinic/1011/thumbnail.jp

Protecting Consumers in the Age of the Internet of Things

(Excerpt) IoT devices are an ever-increasing force of nature in our daily lives. They provide a multitude of essential benefits that we as a society have come to rely on. Thus, IoT devices are likely to continue to become irreplaceable tools. With the many benefits that these devices bring, they also bring a vast array of privacy and security issues that our society has not had to face until recently. Because of the new and prevalent risks associated with the IoT and because of the increasing harms to consumers, it is time for Congress to enact an IoT-specific data privacy and security law. Some of the provisions that Congress should consider including in such a law are reasonable security measures, notice and consent, data breach notification, a private right of action, and constraints on the way that manufacturers use and store consumer data

Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed

Security and privacy analysis based on Internet of Things in the fourth industrial generation (Industry 4.0)

The connection of smart devices using the Internet has dramatically changed the way people live, and this concept has also been extended to the industrial sector. This practice not only provides more stable, faster, and safer communications but also makes it possible to realize the concept of the smart factory in the fourth industrial revolution. The Internet of Things uses a unique Internet Protocol to identify, control, and transmit data to individuals as well as databases. Data is collected through the Internet of Things, stored in cloud storage, and managed and calculated through analytical tools. Internet of Things security is a field of technology that focuses on protecting connected devices and networks in the Internet of Things (IoT). Ensuring the safety of networks with connected IoT devices is critical. Security in the Internet of Things includes a wide range of techniques, strategies, protocols, and measures aimed at mitigating the ever-increasing vulnerabilities of the Internet of Things in modern businesses. The simultaneous connection of objects also brings privacy concerns. For this reason, in this research, an effort has been made to examine and analyze the most important privacy requirements in the Internet of Things in digital businesses in Industry 4.0. In this regard, by using experts' opinions and literature review, privacy requirements were extracted and evaluated using fuzzy non-linear decision-making methodology. The results showed that acquired and intrinsic information has the highest importance

Checking and Enforcing Security through Opacity in Healthcare Applications

The Internet of Things (IoT) is a paradigm that can tremendously revolutionize health care thus benefiting both hospitals, doctors and patients. In this context, protecting the IoT in health care against interference, including service attacks and malwares, is challenging. Opacity is a confidentiality property capturing a system's ability to keep a subset of its behavior hidden from passive observers. In this work, we seek to introduce an IoT-based heart attack detection system, that could be life-saving for patients without risking their need for privacy through the verification and enforcement of opacity. Our main contributions are the use of a tool to verify opacity in three of its forms, so as to detect privacy leaks in our system. Furthermore, we develop an efficient, Symbolic Observation Graph (SOG)-based algorithm for enforcing opacity

Teaching Security of Internet of Things in Using RaspberryPi

The Internet of Things (IoTs) is becoming a reality in today’s society. The IoTs can find its application in multiple domains including healthcare, critical infrastructure, transportation, and home and personal use. It is important to teach students importance and techniques that are essential in protecting IoTs. We design a series of hands-on labs in a smart home setting, which can exercise attack and protection of IoTs. Our hands-on labs use a Raspberry Pi and several diverse smart things that communicate through Z-Wave technology. Using this environment, students can operate a home automation system and learn security concepts by performing these labs. These labs demonstrate several fundamental security concepts and techniques that can be adopted in security curricula. Students are expected to understand and master how to implement various attacks, design and implement defenses to these attacks, and explore security solutions of Internet of Things in a Smart Home application

A Practical Approach to Protect IoT Devices against Attacks and Compile Security Incident Datasets

open access articleThe Internet of Things (IoT) introduced the opportunity of remotely manipulating home appliances (such as heating systems, ovens, blinds, etc.) using computers and mobile devices. This idea fascinated people and originated a boom of IoT devices together with an increasing demand that was difficult to support. Many manufacturers quickly created hundreds of devices implementing functionalities but neglected some critical issues pertaining to device security. This oversight gave rise to the current situation where thousands of devices remain unpatched having many security issues that manufacturers cannot address after the devices have been produced and deployed. This article presents our novel research protecting IOT devices using Berkeley Packet Filters (BPFs) and evaluates our findings with the aid of our Filter.tlk tool, which is able to facilitate the development of BPF expressions that can be executed by GNU/Linux systems with a low impact on network packet throughput

Management system for IPv6-enabled wireless sensor networks

“Copyright © [2011] IEEE. Reprinted from Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing. ISBN 978-1-4577-1976-9 This material is posted here with permission of the IEEE. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to [email protected]. By choosing to view this document, you agree to all provisions of the copyright laws protecting it.”It is expected that in the near future smart objects will have an Internet connection – this is the Internet of Things vision. Most of these objects compatible with the IEEE 802.15.4 standard are characterized by small size, power constrains, and small computing resources. Connecting such devices to the Internet is considered simultaneously the biggest challenge and a great opportunity for the Internet growth. To achieve the Internet of things vision is necessary to support IPv6 protocol suite in all objects. Supporting IPv6 simplifies, simultaneously, the integration of these objects in the Internet and their management. Actually, despite of the relevance, there are no existing standard solutions to manage smart object networks. Managing this type of networks poses a unique challenge because smart object networks may be comprised of thousands of nodes, are highly dynamic and prone to failures. This paper presents a complete solution to manage smart object networks based on SNMPv1 protocol. The paper also presents the design and deployment of a laboratory testbed