Privacy in IoT
In the 21st century, internet of become important part of human life as it offers a platform for shopping, it empowers the citizens, it enables people to access information and even to make the government to be transparent (Kumar & Patel, 2014, p. 20) With tight work schedule and increasing advancement, human beings have now made it a habit to access information and purchase goods just from any location provided they can access the internet. However, Weber (2010, p. 23) contended that in the current times, privacy
in IoT has become a central issue of discussion as the researchers have found out that the internet and information face potential threats of attacks and manipulation. Therefore, this essay will investigate the privacy issue in the context of IoT. In the process, the essay will describe why privacy problems exist in IoT and what kind of privacy information is more likely to lose in IoT. In addition, the essay will select an attack which could result to the loss of privacy and analyze it in detail. Lastly, the essay describes and compares existing methods to defend against this attack based on to some criteria such as effectiveness and cost of deployment.
Shortened as IoT, internet of things is defined as a network of the physical objects, infrastructure and vehicle integrated with the electronics, actuators, sensors, software and the network connectivity which facilitate these objects to gather and exchange information or data (Olivier, Boswarthick & Elloumi 2012, p. 7).Kumar & Patel, (2014, p.21) claimed that IoT is classified into three significant layers consisting of perception, network and application layers as shown in the IoT architecture in figure 1 below. Perception layer collects data or information and recognizes the real world. On the other hand, network layer, also called the wireless sensor, is in the middle of the architecture and is responsible for professing the data, broadcasting, polymerization and assortment (Kumar & Patel 2014, p.21). Application layer is the topmost layer of the architecture and provide the overhaul of the two layers.
A study shows thatIoT permits objects to be controlled and sensed remotely across the present network infrastructure which create more opportunities for the direct integration of real world into the virtual world, and leading to increased accuracy, efficiency and the economic benefit. Vikas (2015, p.168) added that IoT enable individuals to be connected anyplace, anytime and with, possibly using any network or path and any service. For instance, via RFID, infrared sensors writing systems, laser scanners and other sensing devices of information are integrated to an object for data exchange and communication services. Zanella et al., (2014, p. 49) claimed that today, IoT is used at home, in healthcare facilities, and in business environment where every device is connected to an internet and sensors such as remote control which links the virtual world to real world.
Fig. 1: Internet of things’ Architecture
Source: (Kumar & Patel 2014, p.21)
In spite of having considerable benefits, technology experts have pointed out the increase in connectivity between the internet and devices has lead to increased privacy risks (Mayer 2009, p. 79). Studies have established that privacy problems exist in IoT and some privacy information is likely to lose in IoT. Privacy problems exist in IoT because some of the physical objects, infrastructure and network are vulnerable to attacks. Vacca (2009, p. 47) claimed that networks are sometimes a target for attack by hackers and since company computers are connected within that network, employees personal and company personal information face privacy concerns. Even at the workplace some employees becomes intruders and get into another colleague’s computer and access their personal information with their permission (Shixing et al., 2011, p. 102). This situation can take place where the computer has no strong password. System administrator of the company in most cases has the passwords of company computers hence access any information of another workmate and leak it to the public. This can be referred to as privacy problem of the device.
Zhang, Ma & Qin (2011, p. 365) claimed that privacy problem can also arise during communication as some networks are less secured exposing people’s information to attacks. Vacca (2009, p. 113) claimed that online shopping websites are popular and are major targets for attacks. Hackers and intruders know that most people use their credit cards to shop online hence targeting shopping websites could be help them get private information for several people which they can later on. In most cases, credit cards contain personal information name, date of birth and pin among others. In other words IoT has a privacy problem because its components such objects have real world information which can be exposed virtual world.
Problem of privacy also exists in the internet of things objects such computers, hard disk, flash disk and other data storage devices can only carry data to a certain capacity and also face risk of crashing (Reagle & Cranor 1999, p.50). People store their important information within the physical objects, electronic and network. However, these objects are prone to crash due to their weaknesses, hence may lead to loss of important data of information.
In addition, the problem of privacy exists in IoT due to the insecurity that has tremendously increased in the real world (Jayavardhan et al., 2013, p. 1648). For instance, the intention of using IoT by the government or companies may be to capture criminals, but since the process cannot be controlled the IoT end up capturing none criminals hence comprising their privacy. Some scholars and researchers like Adam Greenfield have argued that such technologies don not just invade privacy of individuals but are used to carry on normative activities pointing out the case of billboards integrated with hidden cameras used to track criminals or demographics of member of the public on the streets (Couldry & Turow 2014, p.1714).
As stated earlier, privacy problems with IoT expose personal information to the public. As such, various kinds of information are likely to be lost. Damico (2009, p.2) opined that companies who are connected to compromised network are likely to lose business secrets or formula to hackers and even rivals. When business secrets or a company goes public or exposed to competitors, they can suffer losses as a result of duplication of their products. Furthermore, the business can lose its uniqueness. Companies also have personal information of its employees including their names, identification numbers and education among others which can be exposed to public when their privacy is invaded (Lu & Neng 2010, p.377). However, individuals can also lose personal information such as pin and bank account number when ATM or Online websites are hacked into.
In the recent years a number of attacks have been done on IoT which deemed dangerous and could comprise the privacy and leads to loss of information. One of the recent situations has been the cyber attacks which happened on Aramco computers in 2012 (Perloth 2012). During the process 30000 workstations were attacked, forcing the company to take up to one week to restore the normalcy (Sandle 2012). A day after the cyber-attacks, Aramco Saudi stated that all the affected computers were not part of a network directly connected to the oil production. Perloth (2012) posited that the hackers group known as Cutting Sword of Justice claimed they had carried out the act using Shamoon virus. As a result of the situation, the company’s main site went and only a message apologizing to the customers could be seen on the home page. Computer security experts claimed that Shamoon has the ability of wiping the files and making numerous computers within the network unusable (Perloth 2012).
In addition, experts claim that Shamoon have the behavior of spreading from one infected computer to others computers within the network. Research also pointed out that once a machine has been infected, Shamoon virus goes on compiling a number of files from particular locations within the system and sending them to the hacker, and even erasing them (Sandle 2012). Eventually, Shamoon virus overwrites a key boot record of an infected computer and rendering it unbootable. It means that Aramco Saudi would have lost some files within important information such as business secret and staff personal information to the attacker since the virus send files of the attacked computer to the attacker.
Nevertheless, computer security experts claim that there are several ways such cyber-attacks can be prevented. Andress (2014, p. 78) pointed out that some of the ways to defend such attacks include implementing strong firewalls and using virtual private networks. Installing firewall has been regarded as one of the effective ways to prevent attacks on computers (Damico 2009, p.1). Strong firewall sets a barrier which sieves trusted and secure network and suspicious network and files which could compromise the computers.
As the first line of defense the IT officers needs to install the two types of firewalls host-based firewalls and network firewalls and be have a routine check to ensure they are working (Andress 2014, p. 63). Another mode of defending IoT electronics like computer from attack is adopting virtual private network. According to Lewis (2006, p 102) VPN
enables staffs to access secure corporate intranet even when they are outside the organization. Compared to firewall, virtual private network is more secure and effective. Unlike firewall which can bypass by some virus, VPN often permits only validated remote access via encryption techniques and tunneling protocols. In this way, it increases privacy (Lewis 2006, p. 103). However, on the basis of cost, firewall is cheaper as they come with operating system. However, virtual private network is very expensive in term s of implementation and maintenance. Nevertheless, virtual private network can also provide network firewall functionality hence extra defense against invasion of privacy.
In conclusion, the essay has established that with advancement of technology has led to rise of Internet of Things. The research has found that the Internet of Things has several benefits including sharing of information, online shopping, access to government information, control of electronics and exchange of data and information among others. Despite the benefits, Internet of Things faces strong privacy challenge which could cause fear of people and derail its growth. Several invasion of privacy have been reported as a result of growth of Internet of Things comprising of hacking of computers, phishing of people’s personal information using cookies and virus, and capturing of people’s image using hidden cameras. Therefore, this essay concludes that as people keep on developing Internet of Things through manufacturing electronics, software, networks and other physical objects, they must also pay attention to privacy issues.
Andress, J 2014, The Basics of Information Security: Understanding the Fundamentals of
InfoSec in Theory and Practice (2nd ed.), Elsevier Science
Couldry, N & Turow, J 2014, ‘Advertising, Big Data, and the Clearance of the Public Realm:
Marketers’ New Approaches to the Content Subsidy’, International Journal of Communication. Vol.8, pp. 1710–1726.
Damico, T.M 2009, ‘Cyber Attack Prevention for the Home User: How to Prevent a Cyber
Attack’, Enquiries Journal Vol. 1 No. 11, pp.1-2.
Jayavardhan, G, Rajkumar, B, Slaven, M & Marimuthu, P 2013, ‘Internet of Things (IoT): A
vision, architectural elements, and future directions, Future Generation Computer Systems, Vol. 29, No.7, pp.1645–1666.
Kumar, J.S & Patel, D.R 2014, ‘A Survey on Internet of Things: Security and Privacy Issues’,
International Journal of Computer Applications, Vol. 90, No 11, pp. 20-26.
Lewis, M 2006, Comparing, designing, and deploying VPNs (1st print. ed.), Indianapolis, Ind.:
Lu, T & Neng, W 2010, ‘Future Internet: The Internet of Things’, 3rd International Conference
on Advanced Computer Theory and Engineering (ICACTE), Vol.5, pp. 376–380
Mayer, C. P 2009, ‘Security and privacy challenges in the internet of things’, Electronic
Communications of the EASST, Vol. 17, No.11, pp. 76-97.
Olivier, H, Boswarthick, D & Elloumi, O 2012, The Internet of Things: Key Applications and
Protocols. Wiley, Chichester.
Perloth, N 2012, Cyber attack On Saudi Firm Disquiets U.S, The New York Times.
Reagle, J & Cranor, L.F 1999, ‘The platform for privacy preferences’, Communications of the
ACM, Vol.42, No.2, pp.48-55.
Sandle, T 2012, Shamoon virus attacks Saudi Oil Company, Digital Journal, Retrieved 5th
August 2016 from
Shixing, L, Hong, W, Tao, X & Guiping, Z 2011, ‘Application Study on Internet of Things in
Environment Protection Field, Lecture Notes in Electrical Engineering Volume’, Lecture Notes in Electrical Engineering, Vol.133, pp.99–106.
Vacca, J.R 2009, Computer and information security handbook, Elsevier, Amsterdam.
Vikas, B O 2015, ‘Internet of Things (IoT): A Survey on Privacy Issues and Security,
International Journal of Scientific Research in Science’, Engineering and Technology, Vol.1, No. 3, p. 168-173.
Weber, R.H 2010, Internet of Things – New security and privacy challenges, Computer Law &
Security Review 26, pp. 23–30.
Zanella, A, Bui, N, Castellani, A, Vangelista, L & Zorzi, M 2014, ‘Internet of Things for Smart
Cities’, IEEE Internet of Things Journal, Vol. 1, No. 1, pp. 46-53.
Zhang, B, Ma, X.X & Qin, Z.G 2011, ‘Security architecture on the trusting internet of things’,
Journal of Electronic Science and Technology, Vol.9, No.4, pp.364-367.