Today we live in a digital era where everything is getting digitized and connected to each other. As a result, modern technologies alter the way people used to live, work, commute and communicate. These technologies, like Artificial Intelligence (AI), Internet of Things (IoT), Information & Communication Technology (ICT), Machine Learning (ML), Computer vision, Blockchain, and Data Analytics, are still evolving but making remarkable transformations in industries. Among these technologies, IoT has proven potential to connect the physical and virtual world on a single platform and thus gaining popularity in every sector adopting advanced technologies.
IoT stands for Internet of Things. The ‘thing’ in IoT can be any physical device such as smartphone, computer, washing machine, wearable device, television, headphone, lamp, building, vehicle or any other possible thing that can be thought of. The IoT technology will connect any systems, devices, objects that can be connected in the near future. These things are embedded with sensors, software, and other electronic components to transfer the data. The internet interconnects these devices and makes a giant IoT network of connected ‘things’. There are three relationships in the IoT network viz
Things-things (machines to machines)
Things-people (devices to people)
People-people (people to people)
The integration of several devices connected through the network is prone to vulnerabilities, threats, and risks. Some standard IoT privacy and security problems are discussed below:
● Authentication and Authorization
Existing systems and software platforms are getting upgraded with technological advancements, thus increasing the data’s security and safety. But accordingly, hackers are becoming more dangerous in attacking or hacking systems leading to cybercrimes such as identity thefts, personal information misuse and others. This is because most of the devices have weak and predictable passwords. Additionally, many sensors, devices and systems have default authorization credentials that are easy to hack through the network.
● Transport Layer Insecurity
IoT infrastructure has different layers of configurations and systems such as hardware, communication, application, and communication layers. Systems in these layers communicate with each other to transmit and receive data. Transport layers must be secured to prevent data leakage. Data encryption is the best solution available today to transfer data safely over the internet, but most devices fail at this step. It leads to insecure data transfer and increases security issues of IoT solutions.
● Insecure User Interface
IoT devices such as smartphones, laptops, personal computers or even web interfaces have user interfaces to manage the device as well as to make appropriate use of the data collected. However, these devices are prone to security issues such as data leakage, cross-site scripting, or identity misuse. Therefore, it is vital to maintain proper security measures while operating and handling IoT solutions.
● Disregarding Privacy Concerns
There should be safe code practices and a proper set of rules while handling business logic and services data. Furthermore, private, confidential and sensitive information regarding the organization should be kept safe to avoid possible threats like cyberattacks. Therefore, organizations and governments must implement security methods while adopting IoT solutions in sensitive data handling.
● IoT Security and Privacy Laws
Businesses look for customer privacy and secure IoT devices in compliance with IoT security and privacy laws. A few rules and regulations have been passed globally, such as the California Consumer Privacy Act (CCPA), European Union General Data Protection Regulation (GDPR). These acts are dedicated to protecting consumer privacy, but there are differences in scope, requirements and penalties for noncompliance for both laws. Moreover, there is no single globally accepted rule or regulation regarding IoT solutions that make it difficult for IoT solution manufacturers to produce solutions in compliance with these acts.
IoT enables uninterrupted and fast machine-to-machine communication that has already attracted several industries, governments, and enterprises. They have initiated developing and implementing IoT solutions and aim to enhance the productivity and growth of organizations. However, as IoT is an emerging technology, there are still several challenges in building IoT solutions for several applications. For example, there are no universal standards for IoT solutions. Moreover, concerns regarding data privacy and application security are not addressed yet. IoT solutions will be used to collect, store, exchange and analyze massive data efficiently and securely. Thus, it is important to implement strategies in protecting all components of IoT solutions from evolving security threats.
IoT interconnects billions to trillions of intelligent things with unique identities and addresses. These things process and communicate information about the physical environment and about themselves. These IoT systems are used in different applications such as advanced building management systems, pervasive healthcare, public surveillance, innovative city services, participatory sensing applications and data acquisition. The collection of vast amounts of data through these systems about people’s private lives and personal information raises serious data privacy concerns. These issues may have unwanted consequences like a failure of new services, costly lawsuits, reputation damage and so forth.
IoT-related projects have experienced colossal data privacy issues previously, like a public boycott of the Italian retailer Benetton in 2003, the revocation of the Dutch intelligent metering bill in 2009 and the recent outcry against the EU FP7 research project INDECT. IoT is dependent on different technologies like wireless sensor networks (WSN), mobile applications & platforms, web personalization and Radio Frequency Identification (RFID).
IoT features are changing with the latest technology developments. Simultaneously, the number of ways of interacting with smart things are growing rapidly and making networking more complex. Upcoming features will be exciting and attentive but will aggravate data privacy issues and introduce unknown threats. These known, as well as strange privacy issues, must be considered in reference models accounting for specific entities and data flows. In addition, the perspective of existing privacy legislation regarding evolving and unique IoT solution features should be considered while building IoT solutions.
Privacy is one of the most important majors for people, and it is becoming prominent with increased usage and efficiency of electronic data processing. It was first defined in 1968 by Westin as ‘the right to select what personal information about the person is known to what people’, and it is still equally valid. Before electronic data usage, data privacy concerns were limited and primarily controllable. For example, it is challenging to prevent cyberattacks and hacks in electronic data over the internet. Therefore, IoT solutions should guarantee
● Awareness of privacy risks by IoT solutions collecting data
● Understanding and control of the use and dissemination of personal data
● Individual control on collecting and processing personal information by IoT solutions
Thus, enterprises should focus on the security of IoT solution components like communication channels, embedded software, data, and other various devices that are prone to data privacy concerns. Multiple-factor authentication and authorisation processes should be implemented to ensure user identity and reduce opportunities for hackers to misuse confidential user information. Additionally, network firewall, custom security strategies and token-based authentication should be implemented on all aspects of every IoT application in the solution.