1 IntroductionA smart city is a future, better state of an existing city, where the use and exploitation of both tangible (e.g. transport infrastructures, energy distribution networks, and natural resources) and intangible assets (e.g. human capital, intellectual capital of companies and organizational capital in public administration bodies) are optimized. [1] Advanced systems manage energy, water, transportation, traffic, healthcare and education. [2] In order to make them function as a whole for citizens' benefit, various smart cities technologies are used, including city operating systems, centralized control rooms, urban dashboards, intelligent transport systems, integrated travel ticketing, bike share schemes, real-time passenger information displays, logistics management systems, smart energy grids, controllable lighting, smart meters, sensor networks, building management systems, and an vast array of smartphone apps and sharing economy platforms. [3] From the IC&T point of view, these technologies are strongly based on smaller and smaller electronic chips and electromechanical devices, sensors, Internet IPv6 and wireless technologies, sensors, RFID (Radio Frequency Identification), localization technologies, NFC (Near Field Communication), Internet of Things (IoT) and Cloud Computing. [4]In such a complex environment, all these interconnected cyberphysical devices and processes generate huge quantities of data, much of them in real-time and at a highly granular scale. [3] Data collection, processing, transfer and use enable smart living, instantaneous connection with/between every citizen, and create the possibility for the cities to be run more efficiently, productively, sustainably, fairly and transparently. [2], [3], [4] But, on the other side of the story, various problems occur in the huge data machinery that a smart city is: internal and external parties could not be trustable [4], new threats that affect data confidentiality, integrity, accessibility, protection and privacy are signaled continuously, smart cities technologies are still in their infancy, there are no standards of use and a lot of technical difficulties need to be defeated. [2], [4], [5], [6], [7], [8], [9]In the rest of the paper, the above mentioned problems are going to be approached in a framework in which smart cities are seen as a synergetic sum of smart things and smart spaces, interconnected in smart systems (infrastructure and applications) that work for the smart citizens' benefit.2 Data Vulnerabilities in a Smart City - A Four-Layer Analysis2.1 Smart ThingsIn a smart city, objects are connected in order to provide seamless communication and contextual services. A large variety of things are used in a smart city. Part of them are very sophisticated embedded systems - such as smart phones and TVs, tablets, printers, medical devices, SCADA (Supervisory Control and Data Acquisition) systems and so on, others are wearable (sensors placed on/under the skin or sewn into clothing that provide information about a person's vital signs), and many of them are usual things like keys, watches, coffee filters, fridges, domestic heating controllers, books, doors etc. Also, a lot of sensors are used to monitor air quality and pollution, auto and pedestrian traffic, bridges' resistance and road infrastructure in general, criminality rates and policing, energy and water consumption, waste management etc., forming a perceptual/recognition layer used to collect data and identify the physical world. On this layer, objects respond in numerous ways to their internal states and/or to external factors. All this things can be very smart in some situations and quite stupid in others: for example, smart in the sense that they transmit/process/respond to various data, but stupid when there is a need to protect them. Smart things suffer from hardware limitations (computational and energy constraint, memory constraint, tamper resistant packaging), software restrictions (embedded software constraint, dynamic security patch), hard network-requirements (mobility, scalability, multiplicity of devices, multiplicity of communication medium, multiprotocol networking, dynamic network topology). …
Read full abstract