Overview The Internet Of Things (IOT) System Security,Applications ...

Overview The Internet Of Things (IOT) System Security,Applications,Architecture And Business Models Ahmad Firdausi Department of Electrical Engineering Universitas Mercu Buana Jakarta, Indonesia [email protected]

Abstract— The Internet of Things (IoT) brings together a mul-titude of technologies, with a vision of creating an interconnected world.This paper provides an overview of the Internet of Things (IoT) with emphasis on enabling system security,architecture,business models and application issues. The IoT is enabled by the latest developments in RFID, smart sensors. The basic premise is to have smart sensors collaborate directly without human involvement to deliver a new class of applications. The current revolution in Internet, mobile and machine-to-machine (M2M) technologies can be seen as the first phase of the IoT. In the coming years, the IoT is expected to bridge diverse technologies to enable new applications by connecting physical objects together in support of intelligent decision making. We survey the four most dominant IoT architectures and analyze their security components with respect to the requirements. Our analysis shows a mediocre coverage of security requirements. Keywords—IoT,Internet of Things,RFID

I. INTRODUCTION Internet of Things (IoT) is a new revolution of the Internet. It makes Objects themselves recognizable, obtain intelligence, communicate information about themselves and they can access information that has been aggregated by other things. The Internet of Things allows people and things to be connected Anytime, Anyplace, with Anything and Anyone, ideally using Any path/network and Any service,This implies addressing elements such as Convergence, Content, Collections, Computing, Communication, and Connectivity.[1]

A growing number of physical objects are being connected to the Internet at an unprecedented rate realizing the idea transportation, healthcare, industrial automation, and emergency response to natural and man-made disasters where human decision making is difficult. The IoT enables physical objects to see, hear, think and perform jobs by having them ―talk‖ together, to share information and to coordinate decisions. The IoT transforms these objects from being traditional to smart by exploiting its underlying technologies such as ubiquitous and pervasive computing, embedded devices, communication technologies, sensor networks, Internet protocols and applications. Smart objects along with their supposed tasks constitute domain specific applications (vertical markets) while ubiquitous computing and analytical services form application domain independent services (horizontal markets). Fig. 1 illustrates the overall concept of the IoT in which every domain specific application is interacting with domain independent services, whereas in each domain sensors and actuators communicate directly with each other. Over time, the IoT is expected to have significant home and business applications, to contribute to the quality of life and to grow the world‗s economy. For example, smarthomes will enable their residents to automatically open their garage when reaching home, prepare their coffee, control climate control systems, TVs and other appliances. In order to realize this potential growth, emerging technologies and innovations, and service applications need to grow proportionally to match market demands and customer needs. Further more, devices need to be developed to fit customer requirements in terms of availability anywhere and anytime. Also, new protocols are

Fig. 1. The overall picture of IoT emphasizing the vertical markets and the horizontal integration between them

required for communication compatibility between heterogeneous things (living things, vehicles, phones, appliances, goods, etc.). Moreover, architecture standardization can be seen as a backbone for the IoT to create a competitive environment for companies to deliver quality products. In addition, the traditional Internet architecture needs to be revised to match the IoT challenges. For example, the tremendous number of objects willing to connect to the Internet should be considered in many underlying protocols. In 2010, the number of Internet connected objects had surpassed the earth‗s human population . Therefore, utilizing a large addressing space (e.g., IPv6) becomes necessary to meet customer demands for smart objects. Security and privacy are other important requirements for the IoT due to the inherent heterogeneity of the Internet connected objects and the ability to monitor and control physical objects. Furthermore, management and monitoring of the IoT should take place to ensure the delivery of highquality services to customers at an efficient cost.[2] II. MARKET OPORTUNITY The IoT offers a great market opportunity for equipment manufacturers, Internet service providers and application developers. The IoT smart objects are expected to reach 212 billion entities deployed globally by the end of 2020 [4]. By2022, M2M traffic flows are expected to constitute up to 45% of the whole Internet traffic [3, 4, 5]. Beyond these predictions, McKinsey Global Institute reported that the number of connected machines (units) has grown 300% over the last 5 years [6]. Traffic monitoring of a cellular network in the US also showed an increase of 250% for M2M traffic volume in 2011 [7].

Economic growth of IoT-based services is also considerable for businesses. Healthcare and manufacturing applications are projected to form the biggest economic impact. Healthcare applications and related IoT-based services such as mobile health (m-Health) and telecare that enable medical wellness, prevention, diagnosis, treatment and monitoring services to be delivered efficiently through electronic media are expected to create about $1.1-$2.5 trillion in growth annually by the global economy by 2025. The whole annual economic impact caused by the IoT is estimated to be in range of $2.7 trillion to $6.2 trillion by 2025 [6]. On the other hand, Wikibon predicts that the value created from the industrial Internet to be about $1,279 billion in 2020 with Return on Investment (ROI) growing to 149% compared to 13% in 2012 [8]. Moreover, Navigant recently reported that the Building Automation Systems (BAS) market is expected to rise from $58.1 billion in 2013 to reach $100.8 billion by 2021; a 60% increase [9]. All these statistics, however, point to a potentially significant and fast-pace growth of the IoT in the near future, related industries and services. This progression provides a unique opportunity for traditional equipment and appliance manufacturers to transform their products into ―smart things‖. Spreading the IoT and related services globally requires Internet Service Providers (ISPs) to provision their networks to provide QoS for a mix of M2M, person-to-machine (P2M) and person-to-person (P2P) traffic flows. III. IOT PROPERTIES & SECURITY REQUIREMENTS In this section, we identify the properties that constitute the uniqueness of the IoT in terms of the security and privacy challenges. Furthermore, we construct a number of security and privacy requirements, based on the aforementioned prop- erties, and discuss them in detail. A. IoT Properties In contrast to traditional IT systems such as enterprise applications, cloud computing, and big data, a combination of a number of properties makes the IoT unique in terms of the challenges that need to be coped with. We identify these properties by analyzing related IoT research [10]. The identified distinguishing properties are four, namely: the uncontrolled environment, the heterogeneity, the need for scalability, as well as the constrained resources utilized in the IoT: a) Uncontrolled environment: Many things will be part of a highly uncontrolled environment; things travel to un- trustworthy surroundings, possibly without supervision. Sub- properties of the uncontrolled environment are: mobility, phys- ical accessibility, and the lack of trust. Mobility: Stable network connectivity and constant presence cannot be expected in such an environment. •

Physical accessibility: In the IoT, sensors can be publicly accessible, e.g., traffic control cameras, and environmental sensors.

•

Trust: A priori trusted relationships are unlikely for the large amount of devices interacting with each other and users [11]. Thus, automated mechanisms to measure and manage trust of things, services, and users are crucial for the IoT.

b) Heterogeneity: IoT is expected to be a highly het- erogeneous ecosystem as it will have to integrate a multitude of things from various manufacturers. Therefore, version com- patibility, and interoperability have to be considered. c) Scalability: The vast amount of interconnected things in the IoT demands highly scalable protocols. This also has an influence on security mechanisms. For instance, central- ized approaches, e.g., hierarchical Public Key Infrastructures (PKIs), as well as some distributed approaches, e.g., pairwise symmetric key exchange schemes, cannot scale with the IoT. d) Constrained resources: Things in the IoT will have constraints that need to be considered for security mechanisms. This includes energy limitations, e.g., battery powered devices, as well as low computation power, e.g., micro sensors. Thus, heavy computational cryptographic algorithms cannot be ap- plied to all things. B. Security Requirements for the IoT Security and privacy are crucial enabling technologies and thus among the biggest challenges [10], for the IoT. Therefore, it is compelling for the IoT architectures to consider and resolve these challenges upfront. Otherwise, applications as well as whole ecosystems building on top of such architectures may repeat the security fallacies of the past decades. For that, a precise understanding of security requirements in the context of the IoT is indispensable Prior technology trends, e.g., cloud computing and big data, are likely to share security requirements with the IoT. However, the uniqueness of the IoT introduces new challenges to security requirements, different from previous technology trends. Big data solutions for instance are designed to scale and deal with heterogeneity of data sources. Nevertheless, big data solutions are not required to deal with an uncontrolled environment and constrained resources; big data analytics run in isolated silos with time or resources to spare. Likewise, cloud computing by design is supposed to scale and overcome challenges of constrained resources. However, cloud computing hardly deals with mobility of devices and physical accessibility of sensors. Related IoT security surveys are incomplete with respect to requirements. For instance, [12] provides a sound review of network security and identity management, but does not consider privacy, trust, and resilience; [13] emphasizes privacy and trust, but hardly tackles network security, identity manage- ment, and resilience. The requirement listing in [14] is the most extensive to the best of our knowledge. The analysis however only considers identity management.

To provide a comprehensive overview, we summarize security requirements from the domain of the IoT, but also related areas of IT and elaborate these requirements in the context of the properties of the IoT. For that, we split the requirements into five groups: Network Security, Identity Management, Privacy, Trust, and Resilience. The five main security requirements along with their subcomponents are shown in Fig. 1. Furthermore, Table I depicts the relationship between the various IoT properties and the security requirements. In a glance, it is shown that with regard to network security the constrained resources have the strongest connection, mainly due to the restrictions that they apply to traditional security mechanisms, e.g., cryptography. Moreover, identity management is influenced by the heterogeneity of the IoT. Privacy is mostly connected with scalability and the constrained re- sources as restrictions are posed to the technology candidates that can be utilized. Furthermore, the uncontrolled environment and the heterogeneity of the IoT have a serious impact on trust. Lastly, resilience is directly connected to the need of the IoT for scalability. 1) Network Security: Network security requirements [46] can be split into confidentiality, authenticity, integrity, and availability. These apply to IoT architectures, e.g., by means of things connecting to things or services. However, properties of the IoT, e.g., constrained resources, must be considered. The IoT requires architectures to deal with the hetero- geneity of things. Interconnecting things may require confi- dentiality, e.g., to prevent eavesdropping sensitive information via Internet transmission. Technologies such as IPSec[16] and Transport Layer Security (TLS)[17] exist to fulfill this require- ment. However, overhead may exceed the resource constraints of things and thus dedicated secure network stacks for the IoT exist [18]. Authenticity provides proof that a connection is established with an authenticated entity (cf. the following section). Integrity ensures no data is lost or modified unde- tected. While authenticity includes integrity, integrity alone can be required in the absence of authenticity to detect and recover failures. Existing mechanisms, e.g., TCP and TLS may suffice. However, IoT scenarios may require transactional integrity, e.g., critical infrastructures, and thus this should be considered by the architectures as well. Availability ensures that the connectivity of a thing or service persists even under link failures. Therefore, IoT architectures should ensure that link handover is possible. 2) Identity Management: Identity management poses a specific challenge in the IoT due to the number of devices, but also due to the complex relationship between devices, services, owners and users [19], [20]. Hence, specific attention has to be payed to authentication, authorization including revocation, and accountability or non-repudiation. The mere quantity of devices in the IoT scenarios exceed the capabilities of direct authentication, e.g., a user provision- ing many devices with her service credentials. Hence, methods to claim ownership and take control over devices are required.

Within the IoT scenarios, interactions may stretch across multiple domains. Scenarios for existing authorization so- lutions, e.g., Kerberos [21], assume a single domain that encloses devices, owners, users, and services. Thus, solutions for federated authorization that work with untrusted devices, allow delegation of access across domains, and provide quick revocation, e.g., for broken or rogue devices, are required. Accountability ensures that every action is clearly bound to an authenticated entity. Accountability is a particular challenge in the IoT due to the magnitude of reuse of devices, services, and also data for many purposes. Thus, accountability must deal with huge amounts of entities, delegation of access, actions that span organizational domains, as well as continuous derivation of data.

Uncontrolled Environment Heterogeneity Scalability Constrained Resources

Network Security • • • ••

3) Privacy: Privacy is considered to be one of the most dominant challenges in the IoT [19] due to the involvement of citizens and increasingly ubiquitous data collection, e.g., in smart home scenarios. A plethora of privacy definitions exist depending on the view of an IT solution. We briefly elaborate on data privacy, anonymity, pseudonymity, and unlinkability. Data privacy complements confidential data transmission in the sense that a stored data record must not expose undesired

Identity Management • •• • •

Privacy • • •• ••

Trust ••• •• • •

Resilience • • ••• •

TABLE I: IoT properties and security requirements: the ―•‖ symbols represent the level of influence in a scale from one (low) to three (high). properties, such as the identity of a person. This requirement is an enormous challenge in the IoT, as so many sensing devices collect personal information. Large amount of such data becomes Personally Identifiable Information (PII) when combined together; the data identifies a person [22]. Models to ―anonymize‖ such data records exist [23], [24], [25], but have constantly proven to be insufficient. Moreover, models to protect this data privacy under data exchange between domains [26] are rather uncharted and complicated to apply.

linked together. Unlinkability protects from profiling in the IoT. While pseudonyms may solve unlinkability, i.e., a differ- ent pseudonyms is used for every action, cross-implications with anonymity, in particular unknown meta-data, remain a challenge. Furthermore, some entity can always link every pseudonym to a person, and can thus also link all actions of that person.

Anonymity describes the property of a single person not being identifiable as the source of data or an action [27]. Anonymity is desirable in the IoT whenever a persons‘ identity is not required to comply to data minimization laws (Directive 95/46/EG [28], as well as to dispel preconceptions that arise with data collection in the IoT. Achieving anonymity is a tough challenge as wearable and mobile devices may leak PII such as IP addresses and location unknowingly. Technologies such as anonymous credentials [29] and onion routing [30] exist, but may not scale well with the IoT.

Device trust in the IoT is a challenge, as a priori trust in devices cannot always be established, e.g., due to high dynamics and cross domain relations. Hence, approaches such as trusted computing [32] (for standardized devices) as well as computational trust [33] are required to establish device trust. Moreover, every entity may assess trust in a device differently, hence IoT architectures have to deal with non-singular views of trust.

Pseudonymity trades off anonymity with accountability. With pseudonymity, actions of a person are linked with a pseudonym, a random identifier, rather than an identity. Pseudonyms can serve many purposes [31], e.g., linking mul- tiple actions of the same persons or providing graceful degra- dation of anonymity in the case of abuse. While pseudonyms may resolve privacy and accountability concerns in the IoT, standardized solutions that accompany multiple domains are required. Unlinkability qualifies pseudonymity in the sense that specific actions of the same person must not be

4) Trust: Trust is another crucial requirement in the IoT due to the fact that it is highly distributed as well as dependable on qualitative data. Trust can be decomposed into device trust, entity trust, and data trust [22].

Entity trust in the IoT refers to expected behavior of participants such as persons or services. While device trust can be established via trusted computing, mapping such ap- proaches to device trust, e.g., via behavioral attestation, is more challenging and experimental. Data trust occurs in the IoT in a twofold manner: first, data originates from many and potentially untrusted devices. Hence, trusted data must be derived from untrusted sources, e.g., by applying data aggregation and machine learning techniques Second, IoT services derivate new data, e.g., by integrating different types of data. For that newly generated data, a new trust assessment is required, e.g., via computational trust.

5) Resilience: The merge of scale of the IoT in terms of devices creates a large surface for attacks and failures. For this reason, resilience and robustness against attacks and failures apply, as important requirements, to the IoT. Architectures must provide means to proficiently select things, transmission paths, and services according to their robustness (failure/attack avoidance). Furthermore, to ensure resilience, fail-over and recovery mechanisms must be pro- vided to maintain operations under failure or attacks, and to return to normal operations (failure/attack mitigation).

IV. APPLICATION DOMAINS The Applications of the IoT are numerous and diversified in all areas of every-day life of people which broadly covers society, industries, and environment. All the IoT applications developed so far comes under these three broad areas as shown in Table 1. According to Internet of Things Strategic Research Agenda (SRA) during 2010, 6 or more application domains were identified that are smart energy, smart health, smart buildings, smart transport, smart living and smart cities. According to the survey that the IoT-I project ran during 2010 65 IoT application scenarios were identified and grouped in to 14 domains, which are Transportation, Smart Home, Smart City, Lifestyle, Retail, Agriculture, Smart Factory, Supply chain, Emergency, Health care, User interaction, Culture and tourism, Environment and Energy. Some of the IoT applications are briefly explained in next coming paragraphs. Table 2. IoT Application Domains Domain

Society

Environment

Industry

Description

Activities related to the betterment and development of society, cities and people

Activities related to the protection, monitoring and development of all natural resources Activities related to financial, commercial transactions between companies, organizations and other entities

Applications Smart Cities, Smart Animal Farming, Smart Agriculture, Healthcare, Domestic and Home automation, Independent Living, Telecommunications, Energy, Defense, Medical technology, Ticketing, Smart Buildings Smart Environment, Smart Metering, Smart Water Recycling, Disaster Alerting Retail, Logistics, Supply Chain Management Automotive, Industrial Control, Aerospace and Aviation

A. Smart Cities The IoT play a vital role to improve the smartness of cities includes many applications to monitoring of parking spaces availability in the city, monitoring of vibrations and material conditions in buildings and bridges, sound monitoring in sensitive areas of cities, monitoring of vehicles and pedestrian levels, intelligent and weather adaptive lighting in street lights, detection of waste containers levels and trash collections, smart roads, intelligent highways with warning messages and diversions according to climate conditions and unexpected events like accidents or traffic jams. Some of IoT smart cities applications are smart parking, structural health, noise urban maps, traffic congestion, smart lightning, waste management, intelligent transportation systems and smart building. These smart cities IoT applications use RFID, Wireless Sensor Network and Single sensors as IoT elements and the bandwidth of these applications ranges from small to large. The already developed IoT applications reported on the literature are Awarehome, Smart Santander and city sense [2]. B. Smart Agriculture and Smart water The IoT can help to improve and strengthen the agriculture work by monitoring soil moisture and trunk diameter in vineyards to control and maintain the amount of vitamins in agricultural products, control micro climate conditions to maximize the production of fruits and vegetables and its quality, study of weather conditions in fields to forecast ice information, rail, drought, snow or wind changes, control of humidity and temperature level to prevent fungus and other microbial contaminants. The role of IoT in water management includes study of water suitability in rivers and the sea for agriculture and drinkable use, detection of liquid presence outside tanks and pressure variations along pipes and monitoring of water level variations in rivers, dams and reservoirs. This kind of IoT applications use Wireless sensor network and single sensors as IoT elements and the bandwidth range as medium. The already reported IoT applications in this kind are SiSviA, GBROOS and SEMAT [2]. C. Retail and Logistics Implementing the IoT in Retail/Supply Chain Management has many advantages which include monitoring of storage conditions along the supply chain and product tracking for traceability purposes and payment processing based on location or activity duration for public transport, gyms, theme park, etc. In the shop itself, IoT offers many applications like guidance in the shop according to a preselected shopping list, fast payment solutions like automatically check-out using biometrics, detection of potential allergen in a given product and control of rotation of products in shelves and warehouses to automate restocking processes. The IoT elements used in this kind of application are RFID and WSN and the bandwidth range is small. The example

retail IoT reported in literature is SAP future retail center . The IoT in logistics includes quality of shipment conditions, item location, storage incompatibility detection, fleet tracking, etc. The IoT elements used in the field of logistics are RFID, WSN and single sensors and the bandwidth ranges from medium to large. Many logistics IoT trial implementations are reported in the literature [2].

building grounds to prevent break downs and corrosion. The radiation levels application used to measure the radiation levels in nuclear power stations surroundings to generate leakage alerts and the final IoT application is used to detect the gas levels and leakages in industrial environments, surroundings of chemical factories and inside mines.[2]

V. IOT ARCHITECTURE

Fig.2 The IoT Application Domains

D. Health Care Many benefits provided by the IoT technologies to the healthcare domain are classified into tracking of objects, staff and patients, identification and authentication of people, automatic data collection and sensing . Tracking is the function used to identify a person or an object in motion. This includes the case of patient flow monitoring to improve workflow in hospitals. The identification and authentication includes patient identification to reduce incidents harmful to patients, comprehensive and current electronic medical record maintenance, and infant identification in hospitals to prevent mismatching. The automatic data collection and transfer is mostly aimed at reducing form processing time, process automation, automated care and procedure auditing, and medical inventory management. Sensor devices enable function centered on patients, and in particular on diagnosing patient conditions, providing real-time information on patient health indicators. Application domains include different telemedicine solutions, monitoring patient compliance with medication regiment prescriptions, and alerting for patient well-being. In this capacity, sensors can be applied both in in-patient and out-patient care. The elements of IoT in Health Care are RFID, NFC, WSN, WiFi, Bluetooth, etc. significantly improve the measurement and monitoring methods of vital functions such as temperature, blood pressure, heart rate, cholesterol level, blood glucose, etc.[2] E. Security & Emergencies The IoT technologies in the field of security and emergencies are tremendously increased in which few are listed; perimeter access control, liquid presence, radiation levels and explosive and hazardous gases, etc. The perimeter access control is used to detect and control the unauthorized people entry to restricted areas. The liquid presence is used for liquid detection in data centers, warehouses and sensitive

The IoT should be capable of interconnecting billions or trillions of heterogeneous objects through the Internet, so there is a critical need for a flexible layered architecture. The ever increasing number of proposed architectures has not yet converged to a reference model [34]. Meanwhile, there are some projects like IoT-A [35] which try to design a common architecture based on the analysis of the needs of researchers and the industry. From the pool of proposed models, the basic model is a 3- layer architecture [36, 37, 38] consisting of the Application,Network, and Perception Layers. In the recent literature,however, some other models have been proposed that add more abstraction to the IoT architecture [2, 3, 17-20]. Fig. 3 illustrates some common architectures among them is the 5- layer model (not to be confused with the TCP/IP layers) which has been used in [36, 37, 38]. Next, we provide a brief discussion on these five layers:

Fig. 3. The IoT architecture.

A. Objects Layer The first layer, the Objects (devices) or perception layer, represents the physical sensors of the IoT that aim to collect and process information. This layer includes sensors and actuators to perform different functionalities such as querying location, temperature, weight, motion, vibration, acceleration, humidity, etc. Standardized plug-and-play mechanisms need to be used by the perception layer to configure heterogeneous objects [36, 37]. The perception layer digitizes and transfers data to the Object Abstraction layer through secure channels. The big data created by the IoT are initiated at this layer.

A. Object Abstraction layer Object Abstraction transfers data produced by the Objects layer to the Service Management layer through secure channels. Data can be transferred through various technologies such as RFID, 3G, GSM, UMTS, WiFi, Bluetooth Low Energy, infrared, ZigBee, etc. Furthermore, other functions like cloud computing and data management processes are handled at this layer [36]. B. Service Management Layer Service Management or Middleware (pairing) layer pairs a service with its requester based on addresses and names. This layer enables the IoT application programmers to work with heterogeneous objects without consideration to a specific hardware platform. Also, this layer processes received data, makes decisions, and delivers the required services over the network wire protocols [36, 37, 39]. C. Application Layer The application layer provides the services requested by customers. For instance, the application layer can provide temperature and air humidity measurements to the customer who asks for that data. The importance of this layer for the IoT is that it has the ability to provide high-quality smart services to meet customers‗ needs. The application layer covers numerous vertical markets such as smart home, smart building, transportation, industrial automation and smart healthcare [36, 37-40]. D. Business Layer The business (management) layer manages the overall IoT system activities and services. The responsibilities of this layer are to build a business model, graphs, flowcharts, etc. based on the received data from the Application layer. It is also supposed to design, analyze, implement, evaluate, monitor, and develop IoT system related elements. The Business Layer makes it possible to support decision-making processes based on Big Data analysis. In addition, monitoring and management of the underlying four layers is achieved at this layer. Moreover, this layer compares the output of each layer with the expected output to enhance services and maintain users‗ privacy [36]

VI. CONCLUSION The IoT has the capacity to be a transformative force, positively impacting the lives of millions worldwide,all countries have been started and allotted more funding to carry out researches in the field of IoT in all these about said issues and challenges. Many research teams have been initiated from all over the world to carry out IoT related researches. All their aims to add a new dimension to this process by enabling communications with and among smart objects, thus leading to the vision of ‗‗anytime, anywhere, anymedia, anything‖ communications. To keep this objective in mind, we carefully surveyed the most important

aspects of IoT, the various applications of IoT, and the communication enabled technologies or IoT elements which are used in IoT applications. The last part of this paper also highlighted the issues and challenges related to IoT and guide the researchers on future research directions which are penetrated in IoT field. This paper presented an overview of the premise of this concept, its enabling system security,, applications,business models,security and the recent research addressing different aspects of the IoT. We finally presented the need for new-smart autonomic management, data aggregation, and business models services to achieve better horizontal integration among IoT service. REFERENCES [1]

Ala Al-Fuqaha,Mohsen Guizani,Mehdi Mohammadi,Mohammed Aledhari,Moussa Ayyash, " Internet of Things A Survey on Enabling Technologies, Protocols and Applications‖.IEEE Communications Surveys & Tutorials.2015. [2] Dr..V.Bhuvaneswari, Dr.R.Porkodi, ―The Internet of Things (IoT) Applications and Communication Enabling Technology Standards An Overview‖ .International Coference on Intelligent Computing Applications‖2014. [3] D. Evans, "The internet of things: How the next evolution of the internet is changing everything," CISCO White Paper, 2011. [4] J. Gantz and D. Reinsel, "The digital universe in 2020: Big data, bigger digital shadows, and biggest growth in the far east," IDC iView: IDC Analyze the Future, vol. 2007, pp. 1-16, 2012. [5] S. Taylor, "The Next Generation of the Internet Revolutionizing the Way We Work, Live, Play, and Learn," CISCO Point of View,2013 [6] J. Manyika, M. Chui, J. Bughin, R. Dobbs, P. Bisson and A.Marrs, Disruptive Technologies: Advances that Will Transform Life, Business, and the Global Economy. McKinsey Global Institute San Francisco, CA, 2013 [7] M. Z. Shafiq, L. Ji, A. X. Liu, J. Pang and J. Wang, "A first look at cellular machine-to-machine traffic: Large scale measurement and characterization," in ACM SIGMETRICS Performance Evaluation Review, 2012, pp. 65-76. [8] D. Floyer, "Defining and Sizing the Industrial Internet,"Wikibon, 2013. [9] I. Navigant Consulting, "Commercial Building Automation Systems," Navigant Consulting Research, 2013. [10] Emmanouil Vasilomanolakis,Jorg Daugbert,Manisha Luthra,Vangelis Gazis,Alex Weismaier,Panayotis Kikiras.‖On The Security and Privacy Of Internet Of Things Architectures and Systems‖International Workshop on Secure Internet of Things.2015 [11] R Roman, P Najera, and J Lopez. Securing the internet of things. Computer, 44(9):51–58, 2011. [12] Simone Cirani, Gianluigi Ferrari, and Luca Veltri. Enforcing security mechanisms in the IP-based internet of things: An algorithmic overview. Algorithms, 6(2):197–226, 2013.

[13] Jari Veijalainen, Denis Kozlov, and Yasir Ali.

Security and Privacy Threats in IoT Architectures. In Proceedings of the 7th International Conference on Body Area Networks, number International Conference on Body Area Networks, pages 256–262. ACM, 2012.

[14] Sachin Babar, Parikshit Mahalle, Antonietta Stango, Neeli Prasad, and Ramjee Prasad. Proposed security model and threat taxonomy for the Internet of Things (IoT). In International Conference on Network Security & Applications (CNSA), volume 89, pages 420–429. Springer Berlin Heidelberg, 2010.

[15] Gu¨ nter Scha¨fer. Security in fixed and wireless networks - an introduction to securing data communications. Wiley, 2003.

[16] S. Kent and R. Atkinson. Security Architecture for the Internet Protocol.

RFC 2401 (Proposed Standard), November 1998. Obsoleted by RFC 4301, updated by RFC 3168. [17] T. Dierks and E. Rescorla. The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard), August 2008. Updated by RFCs 5746, 5878, 6176.

[18] Riccardo Bonetto, Nicola Bui, Vishwas Lakkundi, Alexis Olivereau, Alexandru Serbanati, and Michele Rossi. Secure communication for smart IoT objects: Protocol stacks, use cases and practical examples. 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2012 - Digital Proceedings, 2012. [19] Carlo Maria Medaglia and Alexandru Serbanati. An overview of privacy and security issues in the internet of things. In The Internet of Things, pages 389– 395. Springer, 2010.

[20] Hui Suo, Jiafu Wan, Caifeng Zou, and Jianqi Liu.

Security in the internet of things: a review. In Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on, volume 3, pages 648–651. IEEE, 2012.

[21] Jennifer G. Steiner, B. Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the USENIX Winter Conference. Dallas, Texas, USA, January 1988, pages 191–202. USENIX Association, 1988. [22] Joerg Daubert, Alexander Wiesmaier, and Panayotis Kikiras. A view on privacy & trust in iot. In IOT/CPS-Security Workshop, IEEE International Conference on Communications, ICC 2015, London, GB, June 08-12, 2015, page to appear. IEEE, 2015. [23] Ashwin Machanavajjhala, Daniel Kifer, Johannes Gehrke, and Muthuramakrishnan Venkitasubramaniam. anonymity. TKDD, 1(1), 2007.

L-diversity: Privacy beyond k-

[24] Latanya Sweeney. k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 10(5):557–570, 2002. [25] Xiaokui Xiao and Yufei Tao. M-invariance: towards privacy preserving re-publication of dynamic datasets. In Chee Yong Chan, Beng Chin Ooi, and Aoying Zhou, editors, Proceedings of the ACM SIGMOD International Conference on Management of Data, Beijing, China, June 12-14, 2007, pages 689–700. ACM, 2007. [26] Cynthia Dwork and Jing Lei. Differential privacy and robust statistics. In Michael Mitzenmacher, editor, Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, May 31 - June 2, 2009, pages 371–380. ACM, 2009. [27] Andreas Pfitzmann and Marit Ko¨ hntopp. Anonymity, unobservability, and pseudonymity - A proposal for terminology. In Hannes Federrath, editor, Designing Privacy Enhancing Technologies, International Work- shop on Design Issues in Anonymity and Unobservability, Berkeley, CA, USA, July 2526, 2000, Proceedings, volume 2009 of Lecture Notes in Computer Science, pages 1–9. Springer, 2000.

[28] European Parliament and Council of the European Union. On the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal, L(281):0031– 0050, 1995. [29] Jan Camenisch and Els Van Herreweghen. Design and implementation of the idemix anonymous credential system. In Vijayalakshmi Atluri, editor, Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, Washington, DC, USA, November 18-22, 2002, pages 21–30. ACM, 2002. [30] Roger Dingledine, Nick Mathewson, and Paul F. Syverson. Tor: The second-generation onion router. In Matt Blaze, editor, Proceedings of the 13th USENIX Security Symposium, August 9-13, 2004, San Diego, CA, USA, pages 303–320. USENIX, 2004.

[31] Andreas Pfitzmann and Marit Ko¨ hntopp. Anonymity, unobservability, and pseudonymity - A proposal for terminology. In Hannes Federrath, editor, Designing Privacy Enhancing Technologies, International Work- shop on Design Issues in Anonymity and Unobservability, Berkeley, CA, USA, July 2526, 2000, Proceedings, volume 2009 of Lecture Notes in Computer Science, pages 1–9. Springer, 2000.

[32] Alexander Iliev and Sean W. Smith. Protecting client privacy with trusted computing at the server. IEEE Security & Privacy, 3(2):20–28, 2005. [33] Audun Jøsang, Roslan Ismail, and Colin Boyd. A survey of trust and reputation systems for online service provision. Decision Support Systems, 43(2):618–644, 2007.

[34] S. Krco, B. Pokric and F. Carrez, "Designing IoT architecture(s): A european perspective," in Internet of Things (WF-IoT), 2014 IEEE World Forum On, 2014, pp. 79-84. [35] (9/18/2014). EU FP7 Internet of Things Architecture project. Available: http://www.iot-a.eu/public. [36] R. Khan, S. U. Khan, R. Zaheer and S. Khan, "Future internet: The internet of things architecture, possible applications and key challenges," in Frontiers of Information Technology (FIT), 2012 10th International Conference On, 2012, pp. 257-260. [37] Z. Yang, Y. Peng, Y. Yue, X. Wang, Y. Yang and W. Liu, "Study and application on the architecture and key technologies for IOT," in Multimedia Technology (ICMT), 2011 International Conference On, 2011, pp. 747-751. [38] M. Wu, T. J. Lu, F. Y. Ling, J. Sun and H. Y. Du, "Research on the architecture of internet of things," in Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference On, 2010, pp. V5-484-V5-487. [39] M. A. Chaqfeh and N. Mohamed, "Challenges in middleware solutions for the internet of things," in Collaboration Technologies and Systems (CTS), 2012 International Conference [40] L. Tan and N. Wang, "Future internet: The internet of things," in Advanced Computer Theory and Engineering(ICACTE), 2010 3rd International Conference On, 2010, pp. V5-376-V5-380.