Internet of Things (IoT) offers the capability to connect and integrate both digital and physical objects to the internet and to enable machine-to-machine and machine-to-human communication or interactions services. The real-time adoptions and deployments of such systems for different applications such as smart cities, smart grids, smart homes, or smart environments require guaranteed security and privacy-enabled IoT services. This is due to fact that devices in the IoT generate, process, and exchange huge amounts of safety-critical data as well as privacy-sensitive information. In order to ensure secure and safe operation and to avoid cyber-attacks on such systems, it is crucial to incorporate security and privacy measures to countermeasure the different possible attacks. This chapter presents different security and privacy requirements and a taxonomy of security threats in the context of the IoT. In addition, the authors survey the most relevant defense strategies available in the literature related to IoT security with their merits and demerits.
TopIntroduction
The Internet of Things (IoT) is characterized by a collection of heterogeneous, geographically distributed, smart devices that interact with each other on a collaborative basis to complete a particular task (Vermesan, 2011; Tsai, 2014; Ning, 2012). The core objective of the IoT is to provide smart services in a variety of application domains such as Smart Homes, Smart Cities, Smart Grids and so on (Turner, 2011; Roman, 2011). In these application domains, security and privacy requirements of the IoT play a very important role which includes privacy and confidentiality of data exchanged among devices and controlling stations, access control within the IoT, and trust among connected devices and users.
Fundamental hurdles for pushing IoT and its services into the real-world applications are security, privacy and trust (Jing, 2014; Rodrigo, 2013; Sicari, 2015; Zheng, 2014). The main aim of the security services designed for the IoT is to provide secure interactions between the devices and the Internet host, and protecting the information and service provisioning of all relevant components of IoT. Generally, in a collaborative and information sharing system such as the IoT, different security and privacy services such as confidentiality, data integrity, access control, anonymity, and availability for users and smart things and trustworthiness among smart devices and users are required. These security services are very important to ensure secure communication among different entities of the IoT. Due to the heterogeneity and ad hoc nature of IoT components and the lack of computing resources such as processing power and storage, it is required to tailor existing security solutions to this new smart environment. Traditional security and privacy mechanisms cannot be directly applied to the IoT (Ning, 2012; Turner, 2011; Roman, 2011). This is due to fact that in the IoT, different communication stacks, standards and resource-constrained devices are involved. In addition, the IoT involves a high number of interconnected devices that arise the requirements of a scalable security and privacy mechanisms for this system.