IoT Security and Privacy Issues

Abstract

The term “Internet of things” (IoT) was coined by Kevin Ashton in 1999 as a network of physical devices communicating with each other via the Internet. Numerous devices that were once basic household appliances are now a part of an interconnected network of smart devices like computing, storing and exchanging information. The rise in the use of IoT devices in the medical, financial and infrastructural sectors as well as in household uses means that these devices handle as well as transmit sensitive information. Ideally, such sensitive information should be adequately protected at rest and during transmission. However, the rapid emergence of IoT devices, driven by the race of introducing an innovative IoT solution to the market, has caused the security of such devices to become an afterthought. Consequently, the security and privacy of IoT has become a game of catch-up. This has created a plethora of opportunities for an attacker, whether state-sponsored or not, to feasibly attack an entire nation with two simple lines of code. Ultimately, the lack of security and privacy measures in IoT devices has previously threatened and will continuously threaten individual, economic and homeland security across the globe. The chapter sets out by defining IoT and briefly covering the components that make up an IoT environment, which lays out a basis as to why IoT devices have security and privacy issues. Applications of IoT devices in diverse fields, such as health, automobile and finance, are mentioned to explore the rise of IoT application in our current world along with the benefits reaped. The chapter then goes on to discuss the importance of addressing IoT security and privacy issues by discussing the previous attacks and the impact of such attacks. The chapter then focuses on issues pertaining to security and privacy in IoT. First, IoT security issues such as identification, device heterogeneity, default credentials, integrity and authentication are explored. Then privacy issues in IoT including but not limited to eavesdropping confidentiality and authorization are discussed. The chapter then moves on to speak about potential solutions and measures that are suggested to decrease the risk and impact of the exploitation of previously discussed IoT vulnerabilities. Additionally, a list of requirements to enhance an IoT system's security and privacy is then introduced. Regulations and further actions taken by countries around the world are also mentioned. The chapter takes the reader on a journey from discussing what IoT is and its benefits to the adverse effects of not properly considering security and privacy issues.