Nicht aus der Schweiz? Besuchen Sie lehmanns.de

Internet of Things Security and Data Protection (eBook)

Sébastien Ziegler (Herausgeber)

eBook Download: PDF
2019 | 1st ed. 2019
XI, 221 Seiten
Springer International Publishing (Verlag)
978-3-030-04984-3 (ISBN)

Lese- und Medienproben

Internet of Things Security and Data Protection -
Systemvoraussetzungen
171,19 inkl. MwSt
(CHF 167,25)
Der eBook-Verkauf erfolgt durch die Lehmanns Media GmbH (Berlin) zum Preis in Euro inkl. MwSt.
  • Download sofort lieferbar
  • Zahlungsarten anzeigen

This book provides an overview of the most recent developments in Internet of Things (IoT) security and data protection. It presents the results of several international research projects addressing this topic from complementary angles. It starts by analyzing the main privacy and security threats on IoT, as well as the evolution of data protection norms, such as the European General Data Protection Regulation (GDPR), and their impact on IoT. Through a comprehensive and systematic approach, the contributors present new perspectives on IoT & Cloud Computing security requirements. They discuss the most recent approach to support trusted IoT, including new models of privacy risk assessment, labeling and certification, and contractual tools (such as Privacy PACT). Practical implementations, such as in the European Large Scale Pilots on IoT for Smart Cities (Synchronicity), are presented, explaining how they address security, privacy and data protection. Finally, innovative models to secure IoT systems are presented for the network and end-nodes security, including network threats analysis.



Dr. Sébastien Ziegler is co-founder and Director General of Mandat International. He serves as President of the IoT Forum, as Vice Chair of the IEEE ComSoc Subcommittee on the IoT, and as Rapporteur at the ITU on research and emerging technologies for the IoT. He initiated several national and international research projects in the area of ICT, with a focus on Internet of Things, IPv6, multiprotocol interoperability, crowdsourcing, privacy, and cybersecurity. He is currently coordinating and associated to several ongoing European research projects and is co-directing the Master in Advanced Studies on the Internet of Things at the University of Geneva. With a multi-disciplinary academic profile, combining international law, science, and economics, he is a relentless promoter of research, innovation and international cooperation. He personally supported the creation of more than ten organizations, foundations and companies.

Dr. Sébastien Ziegler is co-founder and Director General of Mandat International. He serves as President of the IoT Forum, as Vice Chair of the IEEE ComSoc Subcommittee on the IoT, and as Rapporteur at the ITU on research and emerging technologies for the IoT. He initiated several national and international research projects in the area of ICT, with a focus on Internet of Things, IPv6, multiprotocol interoperability, crowdsourcing, privacy, and cybersecurity. He is currently coordinating and associated to several ongoing European research projects and is co-directing the Master in Advanced Studies on the Internet of Things at the University of Geneva. With a multi-disciplinary academic profile, combining international law, science, and economics, he is a relentless promoter of research, innovation and international cooperation. He personally supported the creation of more than ten organizations, foundations and companies.

About this Book 6
Contents 7
List of Figures 9
List of Tables 11
Chapter 1: Internet of Things Cybersecurity Paradigm Shift, Threat Matrix and Practical Taxonomy 12
1.1 Cybersecurity Threats Taxonomy for the Internet of Things 12
1.2 Traditional Cybersecurity Threat Matrix 14
1.3 Internet of Things Cybersecurity Paradigm Shift 14
1.3.1 Internet of Things Proxy Attacks 16
1.3.2 Internet of Things Target Attacks 16
1.4 New Cybersecurity Threat Matrix 17
1.5 Conclusion 18
Chapter 2: Privacy and Security Threats on the Internet of Things 19
2.1 New Perspective on Protection of IoT Systems 19
2.2 Related Work 25
2.3 New Security and Privacy Threats in IoT 28
2.4 Cyberthreat Analysis 29
2.4.1 Life Cycle of Cyberattacks 30
2.4.2 Security Objectives for IoT/CPS 31
2.4.3 Threat Actors 31
2.4.4 Attack Patterns 32
2.4.5 Major Security Vulnerabilities 32
2.4.6 Main Threats in IoT/CPS 33
2.4.7 Security Threats on Physical Layer 35
2.4.8 Security Threats of Network Layer 38
2.4.9 Security Threats of Application Layer 40
2.5 Common Countermeasures to Mitigate Threats in IoT/ CPS 41
2.6 Major Privacy Threats in IoT 41
2.7 Related Security Frameworks 44
2.7.1 OWASP IoT 44
2.7.2 oneM2M 45
2.7.3 GSMA IoT Security Guidelines 47
2.7.4 ANASTACIA Project Security Framework 49
2.7.5 ARMOUR Project Framework 50
2.8 Conclusion 51
References 52
Chapter 3: End-Node Security 54
3.1 Introduction 54
3.2 Security Bootstrapping and Commissioning 55
3.2.1 What is Bootstrapping 55
3.2.2 IoT Device Life Cycle 55
3.2.3 Generic Bootstrapping Framework 56
3.3 Setting the Bases for Secure Communications 57
3.3.1 Authentication, Authorisation and Accounting (AAA) 57
3.3.2 Extensible Authentication Protocol (EAP) 58
3.3.3 Transporting EAP in IoT 59
Protocol for Carrying Authentication for Network Access (PANA) 60
CoAP-EAP 60
3.4 Instantiating Bootstrapping in IoT 62
3.4.1 After the Bootstrapping: The Operational Phase of the IoT Device 64
3.4.2 Enabling Security Association Protocols (SAPs) 64
3.4.3 Communication Between IoT Devices 64
3.4.4 Evaluation of EAP Lower Layers PANA and CoAP-EAP 65
Overhead as EAP Lower Layer 65
Time, Success Ratio and Energy Consumption 66
3.4.5 Conclusions About Security Bootstrapping and Commissioning 66
3.5 Intrusion Detection Systems for the Internet of Things 67
3.5.1 Introduction of the Challenge 68
3.5.2 IoT Environment and the Need for IDS 68
Shortcomings of Prevention Systems in the IoT World 69
IoT-Induced Challenges for the Development of IoT-Specific IDSs 69
Limitations of the Existing Art 71
Synthesis 71
3.5.3 Architectural Solution 72
Probes Location 72
Security Enforcement 73
Detection Methods 73
Signature-Based Detection 73
Behavioural Analysis Detection 73
3.5.4 Reaction Systems 74
Passive Reaction Subsystems 74
Active Reaction Subsystems 74
3.5.5 Deployment Scenario and Validation 75
3.5.6 Conclusion 76
References 77
Chapter 4: IoT and Cloud Computing: Specific Security and Data Protection Issues 79
4.1 Introduction 79
4.2 Cloud Computing 80
4.2.1 Subjects of the Cloud Computing 80
4.2.2 Personal Data Protection in the Cloud 81
4.2.3 Lack of Control 82
4.2.4 Lack of Information on the Processing of Personal Data 83
4.3 Internet of Things 84
4.4 Critical Issues in the Interaction Between IoT and Cloud 86
Chapter 5: Network Threat Analysis 88
5.1 Introduction 88
5.2 Stakeholders of Cybercrime and Cybersecurity 89
5.2.1 Attackers 89
5.2.2 Defenders 90
5.2.3 Victims 91
5.3 Information and Markets 94
5.3.1 Cybercriminals 94
5.3.2 Potential Cybercrime Victims 95
5.3.3 Cyber-Defence Services Providers 96
5.3.4 Cybersecurity Regulatory: Law Enforcement Authorities 96
5.4 The Future of Cybersecurity in the Context of IoT 97
References 99
Chapter 6: Evolution of Data Protection Norms and Their Impact on the Internet of Things 100
6.1 Introduction 100
6.2 The European General Data Protection Regulation: A Step Change for the Protection of Personal Data in the World of the Internet of Things 101
6.2.1 Accountability 102
6.2.2 Stakeholders and Risks in the IoT 102
6.2.3 Data Protection Impact Assessment 103
6.2.4 Data Breach 104
6.2.5 Security Measures 105
6.2.6 Data Subject’s Rights 106
6.3 Internet of Things and Big Data: A Dangerous Liaison? 110
6.4 The US and UK Approaches 110
6.5 A New Perspective: “Data Protecy” 111
Chapter 7: Universal Privacy Risk Area Assessment Methodology 113
7.1 Introduction 113
7.2 Initial Requirements 114
7.3 Universal Privacy Risk Area Assessment Methodology 114
7.3.1 Comprehensive Data Protection Approach 115
7.3.2 Generic Process 117
7.3.3 Customisation 118
7.3.4 Asymmetric Access to Information 118
7.4 UPRAAM for Crowdsourcing 119
7.4.1 UPRAAM Customisation for Crowdsourcing 119
7.4.2 UPRAAM for Crowdsourcing Description 120
7.5 Privacy Flag Crowdsourcing Assessment Tools 122
7.5.1 Privacy Monitoring Agents 122
7.5.2 Privacy Flag Browser Add-On 123
7.5.3 Privacy Flag Apps 123
7.5.4 Privacy Flag Observatory 123
References 124
Chapter 8: GDPR Compliance Tools for Internet of Things Deployments 125
8.1 Complying with Data Protection Regulations 125
8.2 Normative Heterogeneity 126
8.2.1 Examples of Normative Asymmetry 126
8.3 Data Protection Risks Mitigation 128
8.3.1 UPRAAM In-Depth Evaluation 129
8.3.2 Voluntary Commitment 129
8.4 GDPR Certification Scheme 129
8.4.1 Addressing Emerging Technologies 130
8.4.2 Initial Requirements 130
8.4.3 Normative Comprehensiveness 131
8.4.4 Overcoming ISO Certification Gap Through a Hybrid Certification Scheme 132
8.4.5 Effective Application 133
8.5 Conclusion 134
References 134
Chapter 9: Towards Trustable Internet of Things Certification 135
9.1 Introduction and Problematic 135
9.2 The Framework for Data Protection Certification in the GDPR 137
9.2.1 Electronic Certificates as Trust Services Regulated by the eIDAS Regulation 139
9.3 Conventional Approach to Certification 143
9.4 Electronic Privacy Certification 145
9.5 Dynamic Security and Privacy Seal (DSPS) 146
9.6 EuroPrivacy Certification Synthesis 147
9.6.1 Overcoming Cybersecurity: Data Protection Hiatus 147
9.6.2 Addressing IoT Technology Requirements 148
9.6.3 Enabling Real-Time Surveillance Integration 148
9.7 Conclusion 148
Chapter 10: Voluntary Compliance Commitment Tool for European General Data Protection Regulation 149
10.1 European Data Protection Framework 149
10.1.1 Data Protection Obligations’ Evolution Towards GDPR 149
GDPR Obligations 150
10.1.2 Impact on IoT Data Processors and Controllers 151
10.2 Voluntary Compliance Commitment Tool 151
10.3 Legal Foundation and Impact of the VCT 153
10.4 Conclusion 154
Chapter 11: IoT Privacy and Security in Smart Cities 155
11.1 Introduction 155
11.1.1 Large-Scale Pilot on IoT Deployment for Smart Cities 156
11.2 IoT Interoperability for Smart Cities 157
11.2.1 Open API for IoT in Smart Cities 158
11.3 Reference Architecture for IoT in Smart Cities 159
11.3.1 Snapshot of SynchroniCity Architecture: Gateway to the Future of Internet of Things 160
Setting the Context 160
A Sneak Peak of SynchroniCity 160
11.4 Ensuring IoT Data Protection in Smart Cities 163
11.4.1 Data Protection Officer 164
11.4.2 Dual Data Protection Officer Organisation 164
11.5 Data Protection Impact Assessment for Smart Cities 165
11.5.1 DPIA Characteristics 165
11.5.2 Applicability and Benefits of a DPIA for a Smart City Project 166
11.5.3 DPIA Methodology and Target of Evaluation 167
11.5.4 Stakeholders in a Smart City DPIA 168
11.5.5 Outcome of the DPIA 170
11.6 Privacy App 171
11.7 Conclusion 172
11.8 Complementary Consideration on the Applicability of a DPIA 172
11.8.1 Key Criteria in Determining DPIA Applicability 173
11.8.2 Exemptions to the DPIA Obligation 175
Reference 177
Chapter 12: End-User Engagement, Protection and Education 178
12.1 Introduction 178
12.2 Methods of Engagement 179
12.2.1 Online Resources and Toolkits 179
12.3 Crowdsourcing 180
12.4 Workshops 181
12.5 Privacy Game 182
12.6 Art, Creativity and Public Participation 183
12.6.1 Art and Creativity in the European IoT Large-Scale Pilots 184
12.7 Privacy and Social Care 185
12.8 The General Framework: EU GDPR and ePrivacy Directive/Regulation 185
12.8.1 The ePrivacy Directive and the Upcoming ePrivacy Regulation 189
12.8.2 Data Protection Impact Assessments 190
12.9 Ethics 192
12.10 Conclusion 193
References 194
Chapter 13: User-Centric Privacy 195
13.1 Introduction 195
13.2 Mechanisms and Technologies to Empower Users’ Consent in the IoT 197
13.3 MyData Model 197
13.4 eXtensible Access Control Markup Language (XACML) 199
13.5 Distributed Capability-Based Access Control (DCapBAC) 200
13.5.1 DCapBAC Basic Scenario 201
13.5.2 DCapBAC Extended Scenario 202
13.6 Ciphertext-Policy Attribute-Based Encryption (CP-ABE) 203
13.7 Integrating Contextual Data for Dynamic User Consent 204
13.8 SMARTIE: User-Centric Security and Privacy for the IoT 206
13.8.1 Security and Privacy Requirements for a User-Centric IoT 206
13.8.2 SMARTIE Architecture 207
13.8.3 SMARTIE Components for Security and Privacy 208
13.8.4 Applying SMARTIE Components in the Internet of Energy 210
13.9 Conclusions 212
References 212
Index 214

Erscheint lt. Verlag 19.3.2019
Reihe/Serie Internet of Things
Internet of Things
Zusatzinfo XI, 221 p. 37 illus., 35 illus. in color.
Verlagsort Cham
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Technik Elektrotechnik / Energietechnik
Schlagworte cybersecurity • data protection • Internet of Things (IoT) Security • IoT Security in Smart cities • IPv6 Network Security • personal data protection • Privacy and Security Threat
ISBN-10 3-030-04984-1 / 3030049841
ISBN-13 978-3-030-04984-3 / 9783030049843
Haben Sie eine Frage zum Produkt?
PDFPDF (Wasserzeichen)
Größe: 4,7 MB

DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasser­zeichen und ist damit für Sie persona­lisiert. Bei einer missbräuch­lichen Weiter­gabe des eBooks an Dritte ist eine Rück­ver­folgung an die Quelle möglich.

Dateiformat: PDF (Portable Document Format)
Mit einem festen Seiten­layout eignet sich die PDF besonders für Fach­bücher mit Spalten, Tabellen und Abbild­ungen. Eine PDF kann auf fast allen Geräten ange­zeigt werden, ist aber für kleine Displays (Smart­phone, eReader) nur einge­schränkt geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.

Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
CHF 34,15
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
CHF 41,95