Security and Privacy Challenges in the Internet of Things
The sequel of this paper is structured as follows: Section 2 performs an analysis of the compo-
nents in the Internet of Things, their sensitivity to security and privacy, as well as an analysis of
the state in research for topics considered as highly sensitive. In Section 3 two major components
in the Internet of Things – Global Sensor Networks and RFID – are introduced and detailed on
related security and privacy work. Three research results from other fields that we believe are
worth investigating for the Internet of Things are introduced in Section
4. Finally, concluding
remarks are given in Section 5.
2 Analysis of Security and Privacy
As the Internet of Things is a large field with diverse technologies used, we provide a catego-
rization of topics and technologies in Section 2.1. The categorization serves as base to detail on
the security and privacy sensitivity in the respective fields. Section 2.2 then looks into the state
of research in the identified categories and details on topics that have insufficient research from
our point of view.
2.1 Categorization and Sensitivity
Figure 1 shows a categorization of topics – inner items – and respective technologies used in
each topic – outer items – that make up the Internet of Things. In our opinion the Internet of
Things can be categorized into eight topics:
• Communication to enable information exchange between devices
• Sensors for capturing and representing the physical world in the digital world
• Actuators to perform actions in the physical world triggered in the digital world
• Storage for data collection from sensors, identification and tracking systems
• Devices for interaction with humans in the physical world
• Processing to provide data mining and services
• Localization and Tracking for physical world location determination and tracking
• Identification to provide unique physical object identification in the digital world
Each topics has different technologies attached (outer items) that are used in the respective
topic. Note, that the categorization given in this work is not strictly hierarchical in terms of top-
ics and technologies. Identification, e. g., is actually a form of Processing that results from the
use of Sensors. As we believe that Identification has a special role in the Internet of Things that
is independent of physical world sensing, it is handled as a separate topic. Some technologies
appear multiple times: RFID, e. g., is used as Communication technology, provides Identifica-
tion, Localization and Tracking, RFID readers act as Sensors, and finally RFID tags and readers
make up Devices in the Internet of Things. The manifold usage of RFID assigns it a special role
that is detailed in Section 3.2.
The topics introduced are listed again in Table 1 and rated with respect to properties of security
and privacy. The properties are taken from the CIA Triad (without Non-repudiation) and the
Parkerian Hexad (without Possession or Control and Utility). The additional property Regulation
represents the need for laws and regulations in this topic. For each topic the table contains the
sensitivity for the respective property. As our categorization is not strictly hierarchical, sensitivity
Proc. WowKiVS 2009 2 / 12