IOT PRIVACY, SECURITY, GOVERANCE

The major factory influence the security, privacy are:

• Gateway
• Analytics
• Connectivity of Devices
• Cloud Computing
• Automation
• Inter Operability

i. GATEWAY:
Data traffic between the IOT devices has to be monitor.
• Network protocols
▪ Encryption standards
▪ Transmission and reception using specify port number.

ii. ANALYTICS:
Analog data can be read and analyzed and converted a appropriate formats. Try
to prevent data loss and malicious attacks.

iii. CONNECTIVITY OF DEVICES:

The senor and its devices are connected the collects the information and send
to the upper layers. Some of the micro-sensors are used in several applications in
IOT. They are:
❖ Humidity (or) moisture control
❖ Temperature Sensor
❖ Pressure sensor
❖ RFID Tags

iv. CLOUD COMPUTING:

It deals with user Interface, standards and protocols followed by database and
automation.
 v. AUTOMATION:
It purely works on AI (Automation Intelligence). Decision making. It relates
with the human behavior and its affect the activation and de-activation of IOT
connected device.

vi. INTER OPERABILITY:

IOT interoperability is the capacity for multiple components within an IOT
deployment to effectively communicate, share data and perform together to
achieve a shared outcome.

OVERVIEW OF GOVERNANCE:
It deals with data security and integrity. The major layers involved are: Application
layer, network layer and physical layer.

Key aspect of governance:

▪ Platform
▪ Communication

Platform:

• Register (or) de-register a set of IOT devices.

• Collect the data, publish the data and interact with upper layer.

Communication:

Tap with the set of protocols. Transport the data across all the layers. Follow GDPR
(General Data Protection Regulation)

Roles & Responsibility of IOT Governance:

I. IOT Architecture
II. Security Architecture
IOT ARCHITECTURE:

Key device the IOT platform and establish the set of standard & guidelines to be
followed.

SECURITY ARCHITECTURE:

✓ Infrastructure
✓ Architect design
✓ Secure coding practice
✓ Testing methodologies
✓ Security Audit

Data scientist

IOT Architect IOT Developer IOT Tester Device

SME

Security Architect

Implementing & operating IOT governance framework

✓ Setup the needed governance body.

✓ Build & enrich needed culture.
✓ Implement the process control & its associated roles.
✓ Implement the changes in the management process.
Steps involved in governance Framework:

✓ Collect the IOT echo system requirements.

✓ Understand the organizational IOT strategy.
✓ Deside on Investing IOT control.
✓ Setup governance framework (or) groups and also ensure all aspects of
governance are covered within the framework.
✓ Create repository to all set of relative documents.
✓ Define process control and its associated roles.

IOT PRIVACY & SECURITY ISSUE

How to secure IOT:

• The user can reduce and prevent the threads in the following practices.

APPROACHES:

• Assign & Administrator

• Regularly check for the patches and it updates.

• Vulnerablities are the major and constant issues in the field of IOT and the
vulnerablities can count from any layer of the IOT devices.

• Even the old vulnerablities are being used by the cyber criminals to infect the
devices.

• demonstrate how long the unpatched devices can stay in online.

• Use strong passwords for all types of records.

Prioritize wi-fi security:

• Some of the best ways to protect is enabling the router firewall.

• Using a strong password for wi-fi access .

• Ensure secure router settings.

 • Apply network Segmentation.

i. It prevents the spread of attacks since they have been isolated.

Base Device platform Analysis:

A base Device platform operating system has to be ensure based on its

configuration and its security requirements has to be verify and also the verification
need to be done to ensure any testing interfaces are removed from the hardware.

Network Traffic Verification:

The network traffic shoukd be analysed for anytype of encrypted or modifiable

datas so light weight encryption algorithms can be used to measure the performs
requirements.

Verification of functional security requirements:

IOT solutions can use saas to identify the authorization and authentication
requirements.

Side channel attack defense verification:

It can be implemented either in hardware and software and it should be

continuous penetration testing acitivity so it minimize the advanced threads in the IOT
layers .

Secure code Reviews:

During execution certain main modules can be removed such as boot process
,security enforcement encryption models and similer modules can be removed it leads
inot mal function of the IOT device.

End to End penetration Test:

It should be conducted across the signal path to identify any vulnerablities found in
the web interface.
 Considering different protocols used by IOT:

• A huge set of Network protocols are used such as bluetooth, NFC(Near Field
Communication), RFF 24, LORA and Infrared communication are used.

• So the administrator should understand the hole set of protocols used in the IOT
system to reduce the risk and to recent the threads.

CONTRIBUTION FROM FP7 PROJECTS:

7th Framework program for Research & Technological Development.

FOCUS:

Focus fastest the research in Europe and other countries and it is focused on the
following areas:

• Health
• Food and Agriculture
• Fishers and Bio-technology
• Information and Communication technology
• Nano science
• Space
• Security
The idea’s behind FP7 is mostly carried out by individual teams and they are
implemented by European research council (ERC), it is nothing but European Union
Research Development and funding program.

IOT creates two types of objects:

• Virtual object
• Composite Virtual Object
Virtual Object:

It is used to create set of objects.

Composite virtual Object:

 They are used to provide to the already created virtual objects.

The Framework contains Three layers:

First layer:
First layer is responsible for managing virtual object throughout the lifecycle and it
ensures the link to the real world entity.
Eg: Sensor, Actuator and other IOT devices.
Second layer:

• It purely uses the services provided by the virtual objects.

• It focus on work flow management, access control and quality assurance.
Third layer:

• It is responsible for interactive with the user.

• It records the user needs and requirements by collecting and analyzing user-
profiles, stack holders contact and service level agreements.
• It creates/activates relevant virtual objects or composite virtual object for the set
of users.

GAMBAS:

Generic Adaptive Middleware for Behavior Driven Autonomous Service

• The design and provide infrastructure support to the processing representators.
• Multiple number of frameworks and methods will be provided to enhance the
multi model environment.
• Protocols and tools are used to the devices for user specific privacy profile policy.
Third party Internet public transport explotation
Services system

User content information public transport sensors &

Acutators

➢ Some of the interoperability issues that can be occur are listed below:
• The data may be received from the heterogeneous devices, so that the data
representation may also get differ.
• There may be chances for dynamics/frequent changes in the information delivered
from the data stream or sensor.
 GAMBAS APPLICATION
Recognising content
Discover Services Prototype Application
Recommended Services
Pick services
Query Context Validate Enable
Expose privacy User
Share context Interface
Automated Interoperable
Get result
Privacy data
reservation modelling
Data
acquisation

Service discovery and communication

middleware

SMARTIE:

• Secure and sMARter ciTIEs Data Management.

• The main framework of smartie is to create distributed framework for
large volume of heterogeneous information for the implementation of
smart cities.
• It allows secure and trustworthy information exchange for the owner
privacy.
• It support end to end secure information delivery between the IOT
devices.
• It focus on security, trust and privacy of IOT infrastructure.
• Smartie is a data centric platform which offers highly scalable and secure
information for smart city application.
BUTLER PROJECT:

• It comes under smart city.

• The main focus Butler project to create a technical platform to
support the development of IOT.
• Butler project integrates current technologies and develop new bundles
of application that focus on,
1. Improving smart technologies with secure and privacy context and it can
be implemented over home,office,healthcare,transportation etc…
2. Integrating (or) Developing a new flexible smart device network
architecture to which various sensors and gateways will get
interconnected over IPv6.

SECURITY,PRIVACY AND TRUST IN IOT DATA PLATFORM FOR SMART CITIES:

• One of the main aim of smart city technology is to provide different

mechanisms for different aspect of data management.
• The data will be gather from various source and it will be owned by
different administrative domains.
• All information are stored in different places for instances it can remain
locally in the sensors (or) in the company internal DB (or) in the social
network.
DATA SHARING AND POLICY ENFORCEMENT API:

Architectural

Component of

Smart city
Data processing and data
minimization

Access

Control

Secure Informtion

Delivery Secure distributed Discovery

Storage of trust

worthy

service

Cryptographic supply
• It allows the user for data accessing at the same time it provides solutions for easy
configure management process.

• The user in the resident will require full access and data privacy policies for
example a user might be willing to share this location information with his families
and friends and make this available in the public transport at the same time user
does not wish to use the location by the third party service providers . so creating
such type of platform is highly a challenging task.
Risk measures to a smart city IOT platform:

• We predict that the smart city data will be eventually store in the cloud and deploy
cloud computing techniques. so in this case the smart city management system
inherits the security and privacy risk of smart city management from the outside
attackers.

• There are several risk that can be exposed over a smart city infrastructure such as:

i. Attack on control infrastructure

ii. poisoning of data

iii. Leakage of confidential data

iv. Attackers can attach and attack mulitple number of services

v. Manipulate the sensor measurements and infitterate the system

with wrong data's.

vi. Attacking the sensor or actuator physically.

vii. Accessing the platform using a forged request malicious request

and causing damage to the depending platforms in the IOT.

viii.The security can be build into infrastructure rather than adding

pluggin or firewall is not applicable instead a server which is
holding data and services has to be distributed among mulitiple
sensors.

ix. so that no single server will have the power over a significant data.
FIRST STEP TOWARDS SECURE PLATFORM IN IOT

There are 7 ways to secure your IOT platform

➢ Setup your rooter correctly
➢ Use strong password
➢ Crate separate wifi network for the IOT devices
➢ Disable the features that you do’s use
➢ Keep your devices upto date
➢ Enable multifactor authentication
➢ Deploy a next generation firewall(NGFW)

TRUST AND QUALITY OF INFORMATION IN OPEN

HETROGENENOUS NETWORK

The IOT system has many different owner and they are in need to get cooperated in
system of services so the individual systems are combined together in order to interact and
provide services to the multiple number of systems.

The dependability enhances the following attributes:

▪ Availability-It deals with readiness of the correct services

▪ Reliability-It deals with correctness and continuity of services
▪ Integrity-It deals with lacking of appropriate system and its alteration
▪ Maintainability-It is the ability to under go updates and repairs

All system of SOS will have their own lifecycle so no systems will be dependent
on another systems
There are certain fundamental builds for managing SOS. There are:

• Autonomy
• Belonging
• Connectivity
• Diversity
• Emergence

Autonomy:

Ability to make independent choices

Belonging:

The system may undergo some changes to be the part of SOS

Connectivity:

Ability of the system to link with other systems

Diversity:

It access the data which is available in the different systems

Emergence:

The new property that may appear and it can be enhanced based on it adaptability

FAIR(fuzzy based aggregation in network resitance):

How the trust can be established and maintained between the base station and
the sensor node it works on two steps:

i. Aggregate
ii. Confirm
 There will be three roles distributed among the node.

i. Aggregator node
ii. Normal node
iii. Storage node
• Each message will be authenticated and broadcasted by the protocol.
• Each node will sense the environment and send back its measurement to
the base notation.
• The aggregator node collects all the from values and measure the precision
and compute the result.
• Each nodes will check the result and compare with its own measurement
and works on biggest algorithm and share the key values to its relevant
base.

Aggregate node Aggregate node

1 2 1 2 3 4 3

Normal Storage Normal Storage

4
node node node node

1) Aggregate node Trigger the network

2) Network sends back the measurement
3) Aggregate node aggregate(or)collects the data and send back the
tuble[result:precision]
4) Every node checks the result and sends the confirmation message to the
storage node.