Скачать книгу

The iCore project also puts forth recommendations to be respected in different practical use cases in the IoT. Thus, the report (Menore 2012) emphasizes the idea of providing mechanisms to protect information infrastructure against DoS threats and to implement the mechanisms required to support the recovery of service after a failure.

      The research described in Nagara et al. (2017) specifies a portable DoS testing tool that is based on a software for IoT devices. This DoS test must be carried out at the design and development stage of the product. The tool consists of an attacking entity and a monitor. The attacker carries out a DoS attack on the target device (that is, the IoT object) and transmits information on the traffic to the monitor. In this context, the “Mirai” attack was used and targeted the devices using Linux to transform them into “bots” that could be remotely controlled and used for a large-scale network attack. The tool effectively verifies whether the IoT devices are resistant or vulnerable to DoS-type attacks.

      1.4.3. Privacy protection and trust in the IoT

      1.4.3.1. Privacy

      Protecting privacy in the IoT requires specific considerations to protect information related to a person’s privacy from being shared in this kind of environment. Data transmitted by a single object may not generate confidentiality problems that could compromise an individual’s privacy. However, when fragmented data originating from several different objects is re-assembled, compiled and analyzed, it may generate sensitive information that requires appropriate protection.

      As already seen in section 1.3.2, the IoT operates in different fields of application through which personal data of the users is collected. In fact, IoT service consumers risk divulging private information, little by little, without realizing it as they are unaware of the nature of the data collected and how it is used in this kind of environment. Current approaches to data protection in IoT are based chiefly on encryption or on access control to the collected data. Nonetheless, threats to privacy in the IoT may not be covered by the mechanisms that these solutions offer. For example, data processing may be outsourced, creating the risk of data being sold for marketing or other purposes to third parties (Sicari et al. 2015).

      1.4.3.2. Trust

      Trust is managed through several processes from data collection to the provision of customer service. Trust management in the IoT thus provides an efficient means of evaluating trust relations between IoT entities and helps them in taking decisions about communicating and collaborating with each other. To guarantee this trust, data detection and collection must be reliable in the IoT. Special attention must, therefore, be paid to properties of trust in this kind of environment. These properties include the sensitivity, accuracy, security, reliability, and persistence of the object, as well as the effectiveness of data collection. This collection generates an enormous volume of data that must be carefully processed and analyzed, maintaining trust in terms of reliability, protection of privacy and accuracy. Further, the data must be securely transmitted and communicated in an IoT environment. An important challenge to face in meeting this objective is managing encryption keys in the IoT, as data confidentiality is common to security services, privacy protection and trust management. Moreover, the measures needed to act against attacks that could impact all levels of the IoT environment must be taken into consideration and we must ensure that the system is robust against all types of attacks in order for users to be able to sufficiently trust their IoT environment. Finally, users expect scalable and efficient identity management. Identity management concerns all layers of the IoT architecture, starting from the object all the way up to the user of services hosted in the Cloud. Identity management must respect the confidentiality of the service user’s identity in order to respect their privacy. The context of the IoT service is likely to influence identity management strategies. For example, a critical IoT service in the field of e-health requires finer and more specific identity management (Yan et al. 2014).

      1.4.3.3. Regulations

       – process personal data equitably, lawfully and transparently;

       – only collect and preserve personal data that are truly necessary and destroy these data after use;

       – ensure that the data held are accurate and updated;

       – ensure that you are ready to manage the increased rights of individuals;

       – designate a data protection officer;

       – develop and maintain a register of processing activities;

       – share personal data responsibly.

      1.4.3.4. Research projects

      Several research projects have been carried out on trust and privacy in the IoT. For example, there is the report from the AIOTI (Alliance of Internet of Things Innovation) Workshop on Security and Privacy in IoT, which outlines the key security and privacy requirements for different application fields of the IoT. These requirements can be summarized as the user being able to monitor the data, the transparency and control of the user interface, default encryption, data insulation, continuous monitoring, etc. Further, this report highlights the importance of applying additional mechanisms such as minimizing data collection and the need for accountability in the misuse of collected personal data (AIOTI 2017).

Скачать книгу