Defining IoT Orchestrations with Security and Privacy by Design: A Gap Analysis

2021 ◽  
pp. 1-8
Author(s):  
Papoutsakis Manos ◽  
Fysarakis Konstantinos ◽  
Spanoudakis George ◽  
Ioannidis Sotiris
Keyword(s):  
Gap Analysis ◽  
Security And Privacy ◽  
Privacy By Design

Empirical Research on Security and Privacy by Design

2017 ◽  
pp. 1-46
Author(s):  
Koen Yskout ◽  
Kim Wuyts ◽  
Dimitri Van Landuyt ◽  
Riccardo Scandariato ◽  
Wouter Joosen
Keyword(s):  
Empirical Research ◽  
Security And Privacy ◽  
Privacy By Design

Security and Privacy Liability Policy in the Arab World

2021 ◽  
Vol 2 (1) ◽  
pp. 1-11
Author(s):  
Kyounggon Kim
Keyword(s):  
Gap Analysis ◽  
Arab World ◽  
Evaluation Model ◽  
Arab Countries ◽  
Security And Privacy ◽  
Analysis Model ◽  
Short Term ◽  
Cyber Threats ◽  
Gap Analysis Model

Focusing on Cooperation, Capability, and Assessment (ACC) approach performed in top-down, bottom-up, short-term, and long-term (TBSL). Cooperation between countries is essential to proactively respond to various cyber threats such as cyber criminals and cyber terrorists and to show rapid recovery resilience. Develop a cybersecurity evaluation model and a gap analysis model and spread them to the remaining Arab countries.

scholarly journals A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective

Symmetry ◽  
2019 ◽  
Vol 11 (6) ◽  
pp. 774 ◽  
Author(s):  
Hezam Akram Abdulghani ◽  
Niels Alexander Nijdam ◽  
Anastasija Collen ◽  
Dimitri Konstantas
Keyword(s):  
Data Protection ◽  
Smart Grids ◽  
Smart Cities ◽  
Internet Security ◽  
Security And Privacy ◽  
Battery Life ◽  
Privacy By Design ◽  
Protection Measures ◽  
Iot Security ◽  
Smart Cars

The Internet of Things (IoT) makes our lives much easier, more valuable, and less stressful due to the development of many applications around us including smart cities, smart cars, and smart grids, offering endless services and solutions. Protecting IoT data of such applications at rest either on the objects or in the cloud is an indispensable requirement for achieving a symmetry in the handling and protection of the IoT, as we do with data created by persons and applications. This is because unauthorised access to such data may lead to harmful consequences such as linkage attacks, loss of privacy, and data manipulation. Such undesired implications may jeopardise the existence of IoT applications if protection measures are not taken, and they stem from two main factors. One is that IoT objects have limited capabilities in terms of memory capacity, battery life, and computational power that hamper the direct implementation of conventional Internet security solutions without some modifications (e.g., traditional symmetric algorithms). Another factor is the absence of widely accepted IoT security and privacy guidelines for IoT data at rest and their appropriate countermeasures, which would help IoT stakeholders (e.g., developers, manufacturers) to develop secure IoT systems and therefore enhance IoT security and privacy by design. Toward this end, we first briefly describe the main IoT security goals and identify IoT stakeholders. Moreover, we briefly discuss the most well-known data protection frameworks (e.g., General Data Protection Regulation (GDPR), Health Insurance Portability (HIPAA)). Second, we highlight potential attacks and threats against data at rest and show their violated security goals (e.g., confidentiality and integrity). Third, we review a list of protection measures by which our proposed guidelines can be accomplished. Fourth, we propose a framework of security and privacy guidelines for IoT data at rest that can be utilised to enhance IoT security and privacy by design and establish a symmetry with the protection of user-created data. Our framework also presents the link between the suggested guidelines, mitigation techniques, and attacks. Moreover, we state those IoT stakeholders (e.g., manufacturers, developers) who will benefit most from these guidelines. Finally, we suggest several open issues requiring further investigation in the future, and we also discuss the limitations of our suggested framework.

scholarly journals Security and Privacy for Mobile IoT Applications Using Blockchain

Sensors ◽  
2021 ◽  
Vol 21 (17) ◽  
pp. 5931
Author(s):  
Kevin Carvalho ◽  
Jorge Granjal
Keyword(s):  
Security Requirements ◽  
Security And Privacy ◽  
Privacy By Design ◽  
Privacy And Security ◽  
Daily Lives ◽  
Smart Vehicles ◽  
Iot Applications ◽  
Application Data ◽  
Viable Approach ◽  
Edge Layer

Internet of Things (IoT) applications are becoming more integrated into our society and daily lives, although many of them can expose the user to threats against their privacy. Therefore, we find that it is crucial to address the privacy requirements of most of such applications and develop solutions that implement, as far as possible, privacy by design in order to mitigate relevant threats. While in the literature we may find innovative proposals to enhance the privacy of IoT applications, many of those only focus on the edge layer. On the other hand, privacy by design approaches are required throughout the whole system (e.g., at the cloud layer), in order to guarantee robust solutions to privacy in IoT. With this in mind, we propose an architecture that leverages the properties of blockchain, integrated with other technologies, to address security and privacy in the context of IoT applications. The main focus of our proposal is to enhance the privacy of the users and their data, using the anonymisation properties of blockchain to implement user-controlled privacy. We consider an IoT application with mobility for smart vehicles as our usage case, which allows us to implement and experimentally evaluate the proposed architecture and mechanisms as a proof of concept. In this application, data related to the user’s identity and location needs to be shared with security and privacy. Our proposal was implemented and experimentally validated in light of fundamental privacy and security requirements, as well as its performance. We found it to be a viable approach to security and privacy in IoT environments.

scholarly journals Incorporating privacy by design in body sensor networks for medical applications: A privacy and data protection framework

2020 ◽  
pp. 57-57
Author(s):  
Christos Kalloniatis ◽  
Costas Lambrinoudakis ◽  
Mathias Musahl ◽  
Athanasios Kanatas ◽  
Stefanos Gritzalis
Keyword(s):  
Sensor Networks ◽  
Impact Assessment ◽  
Data Protection ◽  
Security And Privacy ◽  
Body Sensor Networks ◽  
Medical Applications ◽  
Privacy By Design ◽  
Privacy Requirements ◽  
Legal Obligations ◽  
Elicitation Process

Privacy and Data protection are highly complex issues within eHealth/M-Health systems. These systems should meet specific requirements deriving from the organizations and users, as well as from the variety of legal obligations deriving from GDPR that dictate protection rights of data subjects and responsibilities of data controllers. To address that, this paper proposes a Privacy and Data Protection Framework that provides the appropriate steps so as the proper technical, organizational and procedural measures to be undertaken. The framework, beyond previous literature, supports the combination of privacy by design principles with the newly introduced GDPR requirements in order to create a strong elicitation process for deriving the set of the technical security and privacy requirements that should be addressed. It also proposes a process for validating that the elicited requirements are indeed fulfilling the objectives addressed during the Data Protection Impact Assessment (DPIA), carried out according to the GDPR.

Co-creating Security-and-Privacy-by-Design Systems

2016 ◽  
Author(s):  
Sauro Vicini ◽  
Francesco Alberti ◽  
Nicolas Notario ◽  
Alberto Crespo ◽  
Juan Ramon Troncoso Pastoriza ◽  
...  
Keyword(s):  
Security And Privacy ◽  
Privacy By Design ◽  
Design Systems
Sign in / Sign up

Export Citation Format

Share Document