Security and Privacy Challenges in the Internet of Things

Electronic Communications of the EASST

Volume 17 (2009)

Workshops der

Wissenschaftlichen Konferenz

Kommunikation in Verteilten Systemen 2009

(WowKiVS 2009)

Security and Privacy Challenges in

the Internet of Things

Christoph P. Mayer

Universit

¨

at Karlsruhe (TH), Germany

Abstract: The future Internet of Things as an intelligent collaboration of minia-

turized sensors poses new challenges to security and end-user privacy. The ITU has

identified that the protection of data and privacy of users is one of the key chal-

The Internet has undergone severe changes since its first launch in the late 1960s as an outcome

of the ARPANET. The initial four-node network has quickly grown into a highly interconnected

and self-organized network that builds the daily basis for business, research, and economy. The

number of people using this worldwide network has exponentially grown up to about 1.5 bn and

hereby makes up about 20% of the world population. This sheer number of end users – that

does not even comprise servers and routers inside the networks – has changed our daily life and

habits. With the miniaturization of devices, increase of computational power, and reduction of

energy consumption, this trend will continue – the Internet of Things.

One of the most challenging topics in such an interconnected world of miniaturized systems

and sensors are security and privacy aspects: without sureness that safety of private information

tegrity of data sensed and exchanged by ‘things’. Privacy of humans and things must be ensured

to prevent unauthorized identification and tracking. Further, the more autonomous and intelli-

gent things get, problems like the identity and privacy of things, and responsibility of things in

their acting will arise. Up to now, corrupted digital systems were mostly not able to act in the

physical world. This will change dramatically in a dangerous way that corrupted digital systems

can now operate in and influence the physical world. What happens, once a corrupted thing

killed a person?

1 / 12 Volume 17 (2009)

Security and Privacy Challenges in the Internet of Things

The sequel of this paper is structured as follows: Section 2 performs an analysis of the compo-

remarks are given in Section 5.

2 Analysis of Security and Privacy

As the Internet of Things is a large field with diverse technologies used, we provide a catego-

rization of topics and technologies in Section 2.1. The categorization serves as base to detail on

the security and privacy sensitivity in the respective fields. Section 2.2 then looks into the state

of research in the identified categories and details on topics that have insufficient research from

our point of view.

2.1 Categorization and Sensitivity

Figure 1 shows a categorization of topics – inner items – and respective technologies used in

each topic – outer items – that make up the Internet of Things. In our opinion the Internet of

• Processing to provide data mining and services

• Localization and Tracking for physical world location determination and tracking

• Identification to provide unique physical object identification in the digital world

Each topics has different technologies attached (outer items) that are used in the respective

topic. Note, that the categorization given in this work is not strictly hierarchical in terms of top-

ics and technologies. Identification, e. g., is actually a form of Processing that results from the

use of Sensors. As we believe that Identification has a special role in the Internet of Things that

is independent of physical world sensing, it is handled as a separate topic. Some technologies

appear multiple times: RFID, e. g., is used as Communication technology, provides Identifica-

tion, Localization and Tracking, RFID readers act as Sensors, and finally RFID tags and readers

sensitivity for the respective property. As our categorization is not strictly hierarchical, sensitivity

Proc. WowKiVS 2009 2 / 12