Stand to Research the Privacy Limitations of the Internet of Things in the DID's Perspective © Mikhail Shpak Bauman Moscow State Technical University, Moscow, Russia Shpak.mike@gmail.com Abstract. Accelerated growth of the Internet of Things (IoT) expands the implementation of it in our everyday life. The IoT connects artificial intelligence and different physical applications or devices, in order to expand the usage scope and make cities more innovative. A great amount of data produced by the IoT is an example of Data Intensive Domains (DID). The first two parts of this article is a background overview of the IoT and areas, where the IoT is developing. The third part describes the privacy limitations and possible solutions. The fourth part is about the level of IoT privacy limitations in the era of DID. In Conclusion the Research Stand was developed and aims that are planned to achieve. Keywords: Internet of Things, security, privacy issues, IoT industries, surveillance. use Internet for information exchange between the cars 1 Introduction for better route selection and accident reports. In health industry smart devices are used by a lot of The Internet of Things is a new era of communication people. These are devices like smart watches to trace the between the people and the devices. Everyone is surrounded heart rate, glucose level for diabetics, sleep time with all possible types of electronics, which make life easier. duration, workout results, breathing rate, body The Internet of Things is a network of smart devices. Smart temperature and other health indicators. These indicators devices are machines or appliances that utilize different can be shared either with different applications to create protocols, such as RFID (Radio Frequency Identification), an overview of our day or with the doctor [2], who can Bluetooth or TCP/IP (Transmission control Protocol) and adjust medical treatment according to the received technics to transfer information over the Internet and information. exchange the data between the customers and services in the In retail shops they use different sensors, lasers and RFID cloud, as described by [1]. The amount of smart devices has scanners to improve their business strategy by better supply already outnumbered the number of employees working in chain management and creating customer’s profile. offices, and this number is predicted to grow up-to 26 billion According to the study of [3] the improved store by 2020. Following are some examples of industries, where performance, choice of products and customers footprint can smart devices are frequently used and how do they produce be measured by the means of indoor positioning system. data. Table 1 (see Table 1) created by the author shows the existence of the problem about customer’s personal 2 Smart devices as Big Data Producers information in regards to every type of smart device. According to Table 1, certainly, there are many different Different areas of usage include smart homes, transport ways to make life or business process easier, and people and logistics, health and retail industries. We shall continue looking for different ways to implement the Internet consider these devices from the point of possible of Things technologies in other industries. Thus, the trend of personal data theft. Internet of Things will be constantly growing. Smart home devices are used to smart control door locks, windows, air conditioner, heater, electricity plugs, coffee machines, dishwashers, alarm clock, fire alarm, smoke 3 Privacy limitations and Solutions detectors and window shades. Smart home management Privacy is a very important aspect of human’s life, is divided into three parts: smart control, smart power- especially when all devices people are using, sometimes saving and smart application. are able to collect sensitive information about our life. Transport industries smart devices are used to provide The Internet of Things devices create information that is mobile services in the car with high speed Internet. This used for the analysis purpose [4]. feature will enable real time traffic control, interaction All devices in the Internet of Things generate data, and with the car manufacturer service for remote diagnostics not all people understand what happens after they agreed and improved company logistics automation. Moreover, with all the terms and conditions proposed by the in the beginning of the self-driven car era, they start to business. Users have limited rights in managing smart devices. According to the study [5], in order to use the collected data user permission should be acquired stating Proceedings of the XX International Conference what opportunities this data will make for the future use “Data Analytics and Management in Data Intensive of this technology. Domains” (DAMDID/RCDL’2018), Moscow, Russia, October 9-12, 2018 222 Table 1 The existence of the problem about customer’s personal information Type of smart What for Personal Type of Information device data leak issue Smart control control monitoring the status and the mode of Exists Status, mode home devices Smart power- evaluates the user energy consumption Exists Water amount, gas amount and saving patterns and assists in reducing the waste of electricity amount in a certain energy period of time Smart application potentially expand the functionality of Exists Vulnerabilities in the software home’s smart devices Smart transport real time traffic control, remote diagnostics, Exists No data logistics automation for better route selection and accident reports Exists Information exchange between the cars (multihop) Smart Ecology Air Quality Egg o monitor the air quality and No No data pollution level in the city and create a pollution map Smart health medical data from smart health devices, Exists Exchange of health data with industry medical supply management doctors, adjustment of treatment Retail shops Evaluate the business strategy No No data devices or got permission level to change the code of the Next four subsections will discuss how to limit the mechanisms, can potentially cause major health possibility of a hacker attack and other vulnerabilities. problems or even death [8]. An in-depth literature review has been made to categorize many different types of vulnerabilities for 3.3 Solution Three - Data encryption both local and future implementation and modeling in the research in the cloud stand. If the data from the smart devices will be stolen and misused, it will have a big impact on privacy. Different 3.1 Solution One – Light weight authentication companies, such as social networks, smart phones, method Numerical Control Information laptops, some loyalty programs and other have total The Internet of things sensors, application and services overview of our life since 2010, they know what people are usually connected by a software-defined networking buy, where do they spend time and even how do they controller. This technology makes network control easier look, because of recent implementation of face by dividing network flow of the control plane from the recognition systems into our phones, tablets and laptops. data plane. But the issue with this technology is that none Local Internet providers are sharing Internet usage of the existing controllers have security firewall to block information, such as cookies with different malware containing packets from reaching the device advertisement organizations. manager [6]. Current situation makes the privacy control Technologically advanced world makes people’s life questionable in different smart devices. easier, but at the same time increases the dependence on the used systems. As mentioned in the article by [9], the 3.2 Solution Two – Controller with enhanced autonomous vehicles are very dependent on the security firewall method (Data security and data infrastructure, and if some part of the infrastructure has encryption) failed, because of the weather condition or a hacker Privacy question is very sensitive for people. More attack, appears an unforeseen time gap between than 60% of social media users identified the lack of autonomous driving and driver’s involvement, because control on shared information [7]. People are using web they lose connection with out of sensor range neighbours. security surveillance IP-cameras inside their apartments, Market leaders create smart device ecosystems, which but when people are at home, they continue recording, don’t have a proper security implementation. and that makes their life more transparent. Someone who One example, in March 2018 Amazon has bought a door has access to their Wi-Fi network can use man-in-the- bell system for 2 billion dollars. After implementing it middle breach to gain unauthorized access to video with Amazon Alexa they will have access to the archives or can open the door lock. Attacker, who got information about people, who are currently at home or access to private medical data held on smart health who went on vacation. 223 3.4 Solution Four– Anonymizing data 4 The level of personal information security All these technologies are reducing privacy around the The Internet of Things devices generate very large amounts globe, and if the access to the information is not managed of data every day. All this data is accumulated, transferred, properly it can result in increase of criminal actions and stored and analyzed. As more devices will be sold, the more privacy violations in the future and subsequently limit attractive this data will become for hackers. The level of the usage of the Internet of Things. People can just accept security of smart devices is usually very poor. According to the fact they are being watched and somebody has access research of [10], one of the problems is in numerical control to their life. Any business is interested in income, and information. Numerical control information in Internet of lack of attention to security measures may potentially Things is about how devices interact with each other. turn into problems with personal privacy and data Access to the privacy information can be obtained because information security. If the Internet of Things data gets of false routing or a replay attack. According to the study of compromised different consequences may happen. The [11] personal information can contain names, address, future privacy limitation is an expanding problem, which phone numbers, emails and others. The damage from the will be discussed further. loss of personal information refers to the violation of both business and customers interests in the disclosed information. Numerical Lightweight Control Authentication Device Protocol Smart home Retail Transport Health devices shopping Smart Smart Power- Smart Services in Remote Smart Treatment Customer Supply control saving application the car diagnostics watch adjustment profiling chain RFID Bluetooth TCP/IP connected Indicators sensors smart devices smart devices Networking IoT Hub controller Man-in-the- middle 5G Internet Router Base Station Cloud Data Storage Anonimizing data Data Analysis Figure 1 Scheme of Research Stand 224 The purpose of this paper was to prepare research stand management. International Journal of aimed to the privacy limitations and security analysis in Distributed Sensor Networks, 2015, 1-10. the Internet of Things using the content of the Table 2 doi:10.1155/2015/730762 (see Table 2), it describes the Problems and Solutions of [2] Buldakova, T.I., & Suyatinov S.I. (2014) the IoT, as a summary of the previous section. Reconstruction method for data protection in telemedicine systems // Progress in Biomedical Table 2 The aspects of the security of Internet of Optics and Imaging - Proceedings of SPIE. Things 2014. Vol. 9448. Paper 94481U. Problem Solution [3] Hwangbo, H., Kim, J., Lee, Z., & Kim, S. Low level of personal Numerical Control (2017). Store layout optimization using indoor information security Information positioning system. International Journal of Low level of the privacy Networking controller Distributed Sensor Networks, 13(2), 27-40. control with enhanced security doi:10.1177/1550147717692585 firewall [4] Perera, C., Zaslavsky, A., Christen, P., Data theft and misuse Anonymizing data &Georgakopoulos, D. (2014). Context aware Authentication process in A transfer security computing for the Internet of Things: A transfer control between lightweight protocol survey. IEEE Communications Surveys & the Internet of Things Tutorials, 16(1), 414-454. devices doi:10.1109/surv.2013.042313.00197 [5] Perera, C., Ranjan, R., Wang, L., Khan, S., Each problem is planned to be analyzed in regards to the &Zomaya, A. (2015). Big data privacy in the level, where the vulnerability may occur. During the Internet of Things era. IT Professional, 17(3), modelling process [12], sample data will be sent to the 32-39. doi:10.1109/mitp.2015.34 IoT hub and different analysis and characteristics of the [6] Nguyen, T., &Yoo, M. (2017). Analysis of problem will be measured at the solution implementation attacks on device manager in software-defined point to verify the proposed stand structure and to Internet of Things. International Journal of recommend possible solutions to eliminate gaps in Distributed Sensor Networks, 13(8), 44- security. 52.doi:10.1177/1550147717728681 [7] Sarikakis, K., & Winter, L. (2017). Social Conclusion - Future DID’s Impact on media users’ legal consciousness about Privacy privacy. Social Media + Society, 3(1), 1-14. doi:2056305117695325 The topic identified for further research is data intensive [8] Khera, M. (2016). Think like a hacker. Journal analysis in DID. Different types of the privacy of Diabetes Science and Technology, 11(2), limitations’ and solutions’ are briefly described further 207-212. doi:10.1177/1932296816677576 and illustrated by Figure 1 (see Figure 1) Scheme of [9] Lee, E., Gerla, M., Pau, G., Lee, U., & Lim, J. Research Stand. Different levels of dataflow are presented on the scheme. First level is showing the (2016). Internet of vehicles: From intelligent industries and types of implementation of the IoT. The grid to autonomous cars and vehicular second level shows examples of data collecting methods. fogs. International Journal of Distributed The third level from IoT hub to Data Analysis shows the Sensor Networks, 12(9), 1-14. process of collecting and processing the data and types doi:10.1177/1550147716665500 of vulnerabilities, which may affect the security. Each of [10] Li, Y., & Li, M. (2017). A privacy protection the solutions on the scheme gives an illustration of every mechanism for numerical control information in solution for better understanding, on which level each of Internet of Things. International Journal of them may be tested and what other new possible Distributed Sensor Networks, 13(8), 16-24. outcomes can be foreseen during the dataflow. doi:10.1177/1550147717726312 Acknowledgments. This work is supervised by [11] Lu, X., Qu, Z., Li, Q., & Hui, P. (2015). Privacy Associate Professor, PhD, Dr. Elena Smirnova, Faculty information security classification for Internet of Informatics and Control Systems, Bauman Moscow of Things based on internet data. International State Technical University. Journal of Distributed Sensor Networks, 11(8), 11-17. doi:10.1155/2015/932941 References [12] Buldakova, T.I., & Dzhalolov A.S (2012). Analysis of data processes and choices of data- [1] Ko, J., Lee, B., Lee, K., Hong, S., Kim, N., & processing and security technologies in Paek, J. (2015). Sensor virtualization module: situation centers // Scientific and Technical Virtualizing IoT devices on mobile smart Information Processing. 2012. Vol. 39. No. 2. phones for effective sensor data P. 127-132. 225