Abstract
Internet of things (IoT) is increasingly present in our lives. As a consequence of connecting devices, IoT can make people's lives more convenient and comfortable. However, despite unquestionable benefits offered by IoT, there is still a great deal of concern from users and companies about the security and privacy of their data. In this sense, this study conducts a qualitative study based on three case studies of companies in the IoT field, which aims to characterize how these IoT companies look at the security and privacy challenges posed by IoT. The findings allowed the authors to identify the main challenges faced by IoT companies during the past years, the main privacy risks exposed by IoT devices, and the countermeasures that companies and users can adopt to increase the security of IoT.
TopIntroduction
The Internet of Things (IoT) is a concept that describes the large and growing number of digital devices that operate between networks of potentially global scale. Unlike the conventional Internet, in which interaction is essentially performed by people, IoT is composed only of sensors and other intelligent devices (Chou, 2016). Therefore, we are facing a technological revolution that includes the interaction between objects and simple actions of daily life to the most complex processes of organizing entire industrial productions. IoT provides new and innovative ways for organizations to manage and monitor remote operations (Vermesan & Friess, 2014). Conceptually, it offers the possibility of connecting the physical world with the digital world through the Internet.
Significant social and material vulnerabilities can appear with the advancement of IoT. The Internet exposes people to new risk situations, which although they already exist in the physical world, are enhanced in the virtual world, due to the greater exposure and range that technologies provide. Several risks may arise due to IoT's lack of privacy and security. For example, hackers can open the door of a house remotely by knowing access security codes, can know user behaviors through access to the network of home light sensors or temperature sensors, can spy a person through access to security cameras, etc. (Eastwood, 2017; Karlov, 2017). Therefore, it is critical that IoT provides strong security mechanisms in a way that the benefits of this technology could be safely exploited by people.
The large network of connected devices and the enormous flow of data that IoT will generate turn data security and privacy a fundamental challenge. In this sense, this study aims to characterize how IoT service providers address the challenge of data privacy and security. By conducting case studies with leading companies in this sector we seek: (i) to identify the main privacy risks that IoT devices can expose; (ii) analyze the main privacy and security barriers in IoT devices; and (iii) propose countermeasures that can be adopted by companies and users to increase the security of IoT. The manuscript is organized as follows: initially a literature review on the concept of IoT and security and data protection is performed. After that, the adopted methodology is presented. Consequently, the main identified solutions and recommendations are presented and discussed. After that, some indications for future research are given. Finally, the main conclusions are drawn.
Key Terms in this Chapter
Local Area Network (LAN): Computer network covering a small local area, like a home, office, or small group of buildings such as a home, office, or college.
Winmax: Technology that allows the expansion of the internet signal at higher speeds over long distances.
Security: A set of measures taken to protect oneself from any acts of violence, such as attacks, robberies, espionage, sabotage, etc.
ZigBee: Protocol that is employed for PANs and is based on the IEEE 802.15 standard. Even though they are low-powered, Zigbee devices can transmit data over long distances by passing data through intermediate devices to reach more distant ones, creating a mesh network.
Privacy: Ensuring privacy involves citizens having control over existing information about themselves and exercising this control in a consistent manner with their personal interests and values.
Wi-Fi: Abbreviation of wireless fidelity, standard technology for wireless access to local networks. This technology allows electronic devices to be connected to a wireless local area network (WLAN) and Internet using radio waves.
Metropolitan Area Network (MAN): A network that connects two or more local area networks together but does not extend beyond the boundaries of the immediate town, city, or metropolitan area.
Wide Area Network (WAN): A group of computer networks connected together over a large geographical distance crossing metropolitan, regional, or national boundaries.