Security and Internet of Things (IoT). Analysing the difference between Austria and India in consumer awareness of IoT Vulnerabilities, perception towards IoT Privacy and Value

Contents

Abstract

Acknowledgement

List of Abbreviations

List of Figures

List of Tables

1) Introduction
1.1) Research Motivation and Purpose
1.2) Previous research done on Internet of Things
1.3) Research Gap (How is this study different?)
1.4) Choice of Countries
1.5) Gender
1.6) Expected Outcome

2) What is Internet of Things?
2.1) Economic Impact
2.2) Internet of Things Segments
2.3) Growth
2.4) Security and Internet of Things
2.5) Consumer awareness of IoT Vulnerabilities
2.6) Perception towards Privacy
2.7) Value Perception of Internet of Things

3) Research Methodology and Research Method
3.1) The Research Process
3.2) Selected Research Methods and Methodology
3.3) Theoretical Framework
3.4) Research Questions and Variables

4) Interview and Survey
4.1) Findings from the Interview
4.2) Survey Questions

5) Results
5.1) Analysis

6) Discussion
6.1) Conclusion

7) Limitations and Implication for Future Research Mashood HASSAN September
7.1) Limitations
7.2) Implication for Future Research

Bibliography

Appendix

Abstract

The vision of internet of things (IoT) has become a reality and in recent years, it has seen rapid growth. However, there is a lot more to come from this technological Tsunami. In simple terms, Internet of Things is a network of interconnected objects or things with sensors, collecting data and making actionable decisions. With the arrival and adaptation of this technology, many questions regarding cyber security are raised. This master thesis examines the consumer perspective on key elements of the internet of things. The elements in focus are consumer awareness, the perception of privacy and perception of value. The relationship of these elements with Gender and Nationality is investigated. The study is based on the survey of respondents belonging to Austria and India. After interviewing two experts from the field of the internet of things and reviewing the literature, the vulnerabilities surrounding IoT were confirmed. Lack of consumer awareness is considered a hindrance in the adaptation of IoT, whereas the trust between technology and consumers has decreased over time. It is claimed that consumers do not value security enough to pay extra for it.

However, the findings from this study suggest a shift in the understanding and attitude of the consumer base. The author finds while certain trends from previous researchers remain unchanged. There has been an increased awareness among consumers overall. Gender influences the awareness; value perception of consumers is also influenced by Gender and Nationality. The perception of privacy is negative, and the trust of consumers remains low. Most people would like to see more work done by the industry and the government to increase consumer education regarding cybersecurity and Internet of Things.

Keywords: Internet of Things, Security, Consumer, Awareness, Privacy, Value, Perception, Austria, India, Gender

Acknowledgement

I would first like to thank my thesis advisor Mag. DR. Rupert Beinhauer at FH Joanneum University of Applied Sciences. Prof. Beinhauer always had an open door to his office whenever I ran into trouble or had a question about my research or writing. He constantly permitted this paper to be my own work but navigated me in the right path whenever he thought I needed it.

I would especially like to thank the two experts for taking out time for the interviews and for their valuable input. DI (FH) Michael Brickmann MA who is a Full Professor at the FH Joanneum in Graz, Austria and Prof. Marko Bajec who is a Full Professor at the Faculty of Computer & Information Science, University of Ljubljana. This thesis could not have been possible without their input and expertise.

Finally, I must express my profound gratitude to my parents Zahid Hassan Qureshi and Rubeena Zahid for providing me with constant support and nonstop encouragement throughout my years of education. This accomplishment would not have been possible without them.

Thank you!

Mashood Hassan

List of Abbreviations

illustration not visible in this excerpt

List of Figures

Figure 1 Quartz India Report (Bhattacharya, 2017)

Figure 2 Awareness Q1

Figure 3 Security

Figure 4 Regular Update

Figure 5 Consumer Education

Figure 6 Protective Measure

Figure 7 Buying Behaviour

Figure 8 Personal Info

Figure 9 Media Coverage

Figure 10 Trust

Figure 11 Willingness to Pay

Figure 12 Value Offered vs Personal Info

Figure 13 Familiarity Gender

Figure 14 Devices Owned Gender

Figure 15 Secure Gender

Figure 16 Update Gender

Figure 17 Education Gender

Figure 18 Familiarity Nationality

Figure 19 Devices owned Nationality

Figure 20 Security Nationality

Figure 21 Updates Nationality

Figure 22 Education Nationality

Figure 23 Protective Measures Gender

Figure 24 Buying Behaviour Gender

Figure 25 Personal Info Gender

Figure 26 Media Coverage Gender

Figure 27 Trust Gender

Figure 28 Protective measure Nationality

Figure 29 Buying Behaviour Nationality

Figure 30 Personal Information Nationality

Figure 31 Media Coverage Nationality

Figure 32 Trust Nationality

Figure 33 Paying Extra Nationality

Figure 34 Personal Info Nationality

Figure 35 Paying Extra Gender

Figure 36 Value Offered Gender

List of Tables

Table 1 Buying Technological Products

Table 2 Products Interest

Table 3 Product Familiarity

Table 4 Cronbach Alpha Awareness

Table 5 Cronbach Alpha Privacy

Table 6 Cronbach Alpha Value

Table 7 Awareness and Gender Result

Table 8 Awareness and Nationality Result

Table 9 Privacy and Gender Result

Table 10 Privacy and Nationality Result

Table 11 Value and Nationality

Table 12 Value and Nationality Result

Table 13 Elements Nationality

Table 14 Interests Nationality

Table 15 Familiarity - Nationality

Table 16 Value and Gender

Table 17 Value and Gender Result

Table 18 Elements Gender

Table 19 Interests Gender

Table 20 Familiarity - Gender

1) Introduction

This master thesis explored three areas that are crucial to a more secure adaptation of Internet of Things in the coming years. These areas include consumer awareness, perception of privacy and perception of value. With Internet of Things devices and application already becoming popular consumer purchases, the prospects from the industry look very promising, in the case of profitability and growth. However, Internet of Things has also brought with it question marks over the security of networks and the privacy of its users. These questions need to be answered to help build confidence in the industry and gain consumer trust. The author will explore distinct aspects on the consumer side which will bring forward their perspective. Also, to highlight if major gaps exist between the industry and the consumers. The thesis is divided into three phases, the first phase looks at the literature to find out and understand the security vulnerabilities of Internet of Things and what are some of the core challenges that the industry is faced with concerning awareness, privacy and understanding the value perception of consumers. The second phase of thesis will include interviews with experts and a survey of the population from the selected countries. In the third and final phase of the thesis, author will present a conclusion, giving recommendations of the findings and a brief comment of the implications for future research.

In the past 10-15 years, wireless communication systems have grown rapidly. Today we have RFID, Wi-Fi, 4G and what not! All of this has helped the internet of things to become what it is today. These technologies have especially been useful for driving smart monitoring and controlling applications. Presently, the concept of IoT has many sides, it holds many diverse technologies, services and standards. But with this elevated level of heterogeneity and a wide scale of systems, security threats associated with the current Internet are expected to magnify and take new forms. (Sicari, Rizzardi, Grieco, & Coen-Porisini, 2014)

The concepts of controlling, revealing and hiding our privacy has evolved with the changing face of technology and data use. In the recent era, connection to the Internet was cautious, optional, autonomous and most importantly consensual. Entering the new world of data collection of sensors all around us, our physical environments, the smartphones inside the pockets, appliances in our homes, smart-cars etc in the world of Internet of Things, there is no shutting down the laptop and just walking away. As the interactions of consumer with digital technology changes from the laptop into this physical world, so must the transparency of these interactions. (Groopman, 2015) Taking everything into context, it is now more than ever the need to time for consumer to be on the page as the industry and stop taking security for granted.

1.1) Research Motivation and Purpose

Internet of Things is a phenomenon that will be experiencing rapid growth in the coming years and by 2020 it is expected to add $20 trillion to the global economy. (Manyika, et al., 2015) The author as a consumer himself of IoT products was fascinated with the idea of doing research on consumers, to gauge the level of their understanding and alertness to this gigantic technological tsunami that is building up slowly but surely.

Problem Statement: To analyse the difference between Austrian and Indian consumers with regards to awareness of IoT Vulnerabilities, perception towards Privacy and Value.

Cyber Security Incidents

To highlight the importance of the topic and its relevance in present times, below some of the major news developments and incidents are mentioned that have taken place around the time of conception of this study.

- Petya ransomware attack: Numerous organizations in the US and in EU have been sabotaged by a ransomware attack known as Petya. The malicious software spread through large firms leading to PCs and data being locked up and held for ransom. Firms such as WPP (advertiser), food company Mondelez, DLA Piper (legal firm) and Maersk (Danish shipping and transport firm) were compromised. (Solon & Hern, 2017) x Russians hack the DNC: Arguably, the biggest news to come out in the previous year with regards to cyber security was the American Elections and the acquisition of the U.S. towards Russia of hacking the democratic party and influencing the result of the elections. This made worldwide news and forced people to think about cyber warfare in the years to come. (BBC, 2017)
- From Britain to India, massive ransomware attack creates havoc: The Britain’s National Cyber Security Centre teams had their work cut out in restoring hospital computer systems after a global cyber-attack hit various countries including the UK and India. UK suffered an attack on its NHS, this lead to forced closures of British hospitals to cancel and delay treatment for patients. (hindustantimes, 2017)
- Attack on internet infrastructure provider Dyn: A symbol of 2016 cyber- attacks has been just how public they have become. In October, an attack on internet infrastructure provider Dyn tool place and a “distributed denial of service (DDoS) attack” (Wheelwright, 2016) took down access to Netflix, Facebook, Twitter plus the Guardian, CNN, the New York Times, the Wall Street Journal and others.

1.2) Previous research done on Internet of Things

To help develop a good understanding of and gain insight into previous research, the literature sources available are divided into three categories, primary (published and unpublished), secondary and tertiary. These categories also incline to frequently overlap: for example, primary literature sources, including conference proceedings, can appear in journals, and some books contain indexes to primary and secondary literature. Altogether, the distinct groups of literature resources epitomise the flow of information from the original source. Often as information flows from the primary to secondary and then to tertiary sources, it grows into less detail and decreased authoritativeness but is more easily accessible. (Saunders, Lewis, & Thornhill, 2009)

Until a few years ago, Internet of things was still an emerging phenomenon but now it has truly come into the lime light and there have been numerous studies conducted on it. The research done has been varied in its perspectives and covers a vast number of issues concerning with the IoT. However, the most notable research conducted are the survey “The Internet of Things: Future of Consumer Adoption” by Accenture from the acquity international group (Accenture, 2014) and “Unlocking the potential of Internet of things” by McKinsey Global Institute.

The Accenture survey which was study of 2000 consumers across the U.S and focused on consumer adoptions and tried to examine their preferences and behaviour with regards to Internet of things and connected technology. While the McKinsey report focused on discussing the value that would be offered by the potential products and services of Internet of Things.

A major research report “Harnessing IoT Global Development” (Biggs, Garrity, LaSalle, & Polomska, 2016) was presented to the UN Broadband Commission for Sustainable Development. Apart from the mentioned studies various other researches has been done in the fields of cyber security and Internet of Things, which were toughly reviewed and are occasionally referenced in this Master Thesis as well.

1.3) Research Gap (How is this study different?)

The research conducted on the topic of Internet of Things in the years gone by has mostly focused on adaptation of the technology and highlighting the value perceived and value offered by it, meaning answering questions like What do consumers want from IoT technology, identifying the desires of consumers or focusing on Value offering, the type of services and products that would be most valuable on the market. Although, the aspect of cyber security has indeed been highlighted in the literature, no study has been conducted focusing on the consumer awareness, perception of privacy and perception of value for India and Austria. This study will talk about the other side of the equation, what if the internet of things and the technology associated with it was to fall into the wrong hands? Are consumers aware of possibilities security breaches or prepared for it? How do the handle privacy? Would they value security in monetary terms? What segments of IoT are most popular among them?

The interviews of the experts conducted in this Master Thesis highlight the security issues faced by the adaptation of Internet of Things and then the interview findings lead up to the creating of the survey done on the population. Researchers have highlighted the security threats posed by the internet of things, but the consumer perspective has been overlooked to an extent, this leaves a black hole in the industry as to the understanding of the IoT technology by an average consumer. And thus far, no research was carried out to see if the gender or nationality of the consumer influences in their idea and understanding of IoT.

1.4) Choice of Countries

India

Reviewing the literature, it became clear that adoption of Internet of Things is on a constant rise across several industries in India. Moreover, with the Indian Government also keen to develop many smart cities, IoT would be used in various applications such as smart lighting, smart parking and solid waste management. It is anticipated that an increased need for connectivity among devices to automate business processes and for instantaneous monitoring/tracking Internet of Things will further drive India’s market through 2022. Moreover, with regards to associated communication technology, short range communication technology earned the highest-share in Indian IoT market for 2016, this trend is likely to continue during the forecasted period till 2022. The major end users of IoT technology in the country include Consumer Electronics, Automotive & Transportation, Energy and Utilities, with all the four end use segments seizing a majority value share in the country's Internet of Things market in the previous year of 2016. (PRNewswire, 2017)

illustration not visible in this excerpt

Figure 1 Quartz India Report (Bhattacharya, 2017)

In the chart above, Indian based companies are already dominating the Internet of things market, so the adaptation is quite far ahead. “Companies like Tata Consultancy Services (TCS), HCL Technologies, Wipro, Infosys, and Tech Mahindra are listed among the established and expansive market leaders in the IoT space.” (Bhattacharya, 2017)

These companies will most likely advance as the worldwide IoT associated products and services expenditure is anticipated to increase. Nonetheless, while this technology is anticipated to generate 25,000 jobs by 2021, on the flipside it is also expected to eliminate 94,000 of them thereby adding on to the problem of downsizings associated to automation. (Bhattacharya, 2017)

Austria

Much like India, a lot of work is being done on Internet of things adaptation in Austria. Although most of this work/research in being conducted for the companies, to bring about innovation in business processes and automation. However, there is also a keen interest in developing consumer-oriented products with people like Frank Riemensperger at the forefront. The Chairman of the Accenture Management Board for Germany, Austria, Switzerland, emphasized in his keynote: "It is the experience associated with a product that makes the actual change." (Frick, 2016)

The choice of selected countries was made because of the authors interest in the Austrian consumers of Internet of Things compared with the consumers in India which is regarded to be ahead of most countries in IoT enabled consumer maturity. (Computer, 2017)

Besides that, India is an IT hub and has vastly different dynamics with regards to size, demographics and economy compared to Austria, in this context the author was interested to research about the possible difference in the outcome regarding consumer awareness of IoT vulnerabilities, perception of privacy and value perceived for different IoT segments. Moreover, no previous research of such scale has been conducted with regards to the selected countries and the response of consumers on the topic was of keen interest to the author.

1.5) Gender

The previous research done on the topic suggests a difference in the perspectives of Genders when it comes to adoption of the technology. According to (Accenture, 2014) research done on U.S consumers, genders differed with self- identifying their technology habits. This included innovators, early adopters, mass consumers, late adopters and consumers who planned to never use IoT technology. The report points out that, men were twice as more likely to be aware of the term Internet of things (IoT) and consider themselves to be early adopters of the technology. As compared to women, men are more likely to have owned or plan to purchase devices using Internet of Things (IoT) Technology.

Furthermore, the study (Accenture, 2014) suggests that in the case of sharing of data from connected devices, men and women differentiate in terms of the service being offered in return for the information they provide. For instance, women show to be slightly more likely than men (54% vs 47%) to share data from a connected car in return for location-based coupons or similar discounts. Men whereas, are more likely (33% vs 22%) to share data from a connected car if informed of possibly interesting places along their route.

1.6) Expected Outcome

With this thesis, the author investigates three key elements which are crucial to the realization of the Internet of Things. These key three elements are; Consumer Awareness; Perception of Privacy and Perception of Value.

By analysing Consumer Awareness, the idea is to highlight the gaps that exist between the industry and the consumer. By “gap” the author means, the lack of awareness regarding the general idea of what IoT is and IoT vulnerabilities, not the technical aspects of the IoT devices and applications. The results from this analysis should be beneficial in understanding consumer behaviour and awareness towards IoT, which can then be used by companies to create better communication channels and relationships with consumers.

The second element of IoT to be examined is the Consumer Perception of Privacy with regards to the Internet of Things. In the coming years, consumer trust will be a very important indicator of how much the public is open towards a mass adaptation of IoT in a society. With the results from analysing this variable, it would be possible to judge, to some extent at least, where the consumers stand with regards to privacy about IoT devices and application. Either they will have a positive perception, which would make things easier for IoT implementation, or they have a negative perception in which case this can be another opportunity for the industry to address these concerns.

Consumer Perception of Value is the third variable to be highlighted and analysed by the author. This variable is particularly important as its outcome will reveal in what capacity do consumers seek value within the realm of Internet of Things, what type of products they are more interested in and how much are they willing to pay for security and privacy. It will point out, where consumers are willing to spend money or even pay more in certain respects. To explore the behaviour of consumers with regards to their value perception of IoT products and applications. This could be very useful for the industry going forward, as it can help companies devise their strategy for sales with regards to Gender and Nationality.

The purpose of thesis is to help bridge the gap between the industry and consumer. To help understand where the consumers understanding is of the technology and where more effort can be made to help increase the understanding to have a safer, more prosperous co-existence of technology and society as we know it.

In the end, a comparison will be made between the consumers of the two selected countries i.e. Austria and India and between the two Genders, to highlight difference/similarities.

2) What is Internet of Things?

The era of Internet of Things seems to be upon us, yet people are not as familiar with the term as they should be. To put it in simple terms the whole idea of IoT is, ‘A worldwide network of interconnected entities’. (Roman, Zhou, & Lopez, 2013) To have an interconnected and cooperative digital environment using smart technology evolving the current internet infrastructure is what the Internet of Things model envisages. On the path of evolution, it will end up aiding many innovative services that will be improving the everyday lives of ordinary people, brood new businesses, make smart buildings, cities, and transport. (Ziegeldorf, Morchon, & Wehrle, Privacy in the Internet of Things: threats, 2013) In its idea, the internet of things is vast, full of endless possibilities and exciting for the technologically enriched society that it promises to give. When we talk about IoT, we are talking about many smart devices, all of which are interacting with each other and collaborating in accomplishing a common goal. It is a sharing environment like never, taking cloud technology to new heights. IoT finds application in many different fields, for example: patients remote monitoring, energy consumption control, traffic control, smart parking system, inventory management, production process, the customization of shopping at supermarkets and the protection for public. (Sicari, Rizzardi, Grieco, & Coen- Porisini, 2014) To develop a picture of how IoT works, imagine a world consisting of many devices that you are surrounded by and they can all communicate, sense and share information, at the same time, all are interconnected over a public or private cloud. Now these devices simultaneously collect data regularly, analyse it and use it to perform an action, providing substantial amounts of intelligent data for management, planning and decision making. This sums up the reality of the Internet of Things.

2.1) Economic Impact

The Internet of Things is not just having a social impact, economically it is going to be huge as well. It is growing swiftly, in 2011 the overall number of interconnected devices present on the planet overtook the actual number of people. However, the projection is of 25 billion connected ‘things’ throughout the globe by 2020. While the, added value from the Internet of Things is projected to be worth US$1.9 trillion by the same year, proving its economic significance. (Davies, 2015)

The biggest growth in terms of money should come from factories which could be explained by the increasing automation and the replacement of low level workers by machines. Growth in Cities is already visible, with the idea of Smart Cities becoming popular. There is also significant growth potential in Retail, Automotive and logistics segments. The human segment of the IoT is what this thesis would be focusing on. The third section of the survey is devoted to value perception of the consumer, which should help identify where the value lies within the Human segment of the Internet of Things. The image below forecasts the economic impact of the internet of things technology, highlighting the important segments with their prospective growth. On a side note, it is important to keep in mind that the data in the image is from 2015, which will make it interesting later, to see if there have been any changes in the past two years. Moreover, it will also be interesting to find out the economic impact on Austria and Indian in specific. To develop a “Big Picture” of the Internet of Things the following image perfectly sums up how most sections of society will have to incorporate this technology moving forward.

illustration not visible in this excerpt

Figure 2 Economic Impact of IoT (James Manyika, 2015)

2.2) Internet of Things Segments

illustration not visible in this excerpt

Figure 3. IoT segments (Lueth, IoT market segments - Biggest opportunities in industrial manufacturing, 2014)

In the Image above, we can see the distribution of IoT in various segments. Whether it is for Businesses or Consumers, IoT will influence almost all fields of life. Companies must come up with new strategies to incorporate IoT and make sure they do not miss out of the revolutionary phase of technology, whereas they also should rethink their marketing strategies and build new relationships with consumers. Enterprises will also have room to grow, IoT brings to the table some concrete business benefits such as improved management, better tracing of assets and products, innovative/evolving business models and a chance to achieve cost saving through the optimized use of resources.

In this thesis, the focus was on the consumer side, to find out the knowledge and standing of consumers, specifically from Austria and India on three core aspects relating to the technology, i.e. Awareness, Perception of Privacy and Perception of Value. With the growing number of smart devices coupled with other physical objects connected within the Internet of Things network, the influence and value it brings to our daily lives is becoming more prevalent as well. People get to make better informed decisions, for instance, taking the best route to work or picking their favourite restaurant, with ease like never. Modern technology can pave way for modern services to emerge as an answer to the challenges of the society. A Remote health monitoring system for elderly patients and pay as you use services can be taken as examples in this regard. As for the government, the merging of the data sources on the shared networks improves nationwide planning, increases harmony between agencies and most of all facilitating faster responsiveness to emergencies or disasters (LLP, 2011)

2.3) Growth

No longer Internet of Things can be called an emerging phenomenon. It is well and truly here; many consumers already own or are planning to buy in home IoT devices. As IoT will increase the synergy between the real and the digital world, the volume of data that is collected by sensors will be considerably larger than in the current Internet technology and the data will be more detailed and associated with the daily activities of the citizens. Which means going forward the influence of IoT on our daily lives is only likely to grow. With the recent advances in sensing technologies, social networking and mobile and cloud technologies, the boundaries between the physical, social, and cyber worlds have been blurred out. Leading to the astounding growth of internet users (from 1.158 billion in 2007 to 3 billion in 2014) and growth of internet connected devices (to 15 billion in 2014). The result has been an explosion of data produced from a myriad of internet connected devices and social networks. (BERTINO, CHOO, GEORGAKOPOLOUS, & NEPAL, 2016)

In the previous section we have already discussed the rapid rise of IoT. But, if we are to talk about the different segments of IoT, then it seems Health and Fitness will be the most popular, with many people already owning wearable devices, this segment is expected to flourish. While there is also a keen trend towards the purchase of home appliances. To help understand this phenomenal growth rate and potential of internet of things we should know about the contributing factors which have provided a boost to Internet of Things adoption.

- The decrease in expense of computing in part with the evolution of Wi-Fi are empowering factors in the growth of IoT applications.
- Fast growth in mobile technology and the distribution of 3G networks from 2001 forwards, coupled with the increased connectivity globally including urban to rural.
- The surge of software development that is partly attributable to economies of scale is another significant contributor.

(Biggs, Garrity, LaSalle, & Polomska, 2016)

Both business and individual consumers have been open to the fact that Internet of Things devices and application are drastically improving efficiency. Which is paving way for innovation of new business models and changes in everyday behaviour of the general population.

Future Trends

Internet of Things, specifically with regards to cyber security will be the centre of attention in the coming years, with a study (Newman, 2017) predicting $1 trillion to be spent annually by 2021 on a global level. The main future course of Internet of Things development can be summarized in the following points:

- Nearly $6 trillion will be spent on it over the course of next five years.
- Businesses will be the top adopter of IoT solutions. They are three ways the IoT can improve their bottom line, by lowering operating costs, increasing productivity and expanding into new markets or developing innovative product.
- Governments are focused on growing productivity, reducing costs and improving the quality of life of citizens. They will likely be the second- largest adopters of IoT systems.
- Consumers will lag businesses and governments in IoT adoption. Still, they will be buying a vast number of devices and invest a substantial amount of money in IoT.

(Newman, 2017)

2.4) Security and Internet of Things

To quote Deloitte’s Dana Spataru at the IoT Solutions World Congress in Barcelona, end October 2016: “Data is the new oil, and data leaks are the new oil spills”. (Clerck)

In a research conducted by HP (Company, 2014), 10 most popular devices under the cloud of Internet of Things were reviewed. The result of the research showcased some disturbing statistics. It pointed out a high average number of susceptibilities per each of the device. The nature of the threats varied from a Heartbleed to denial of service due to weak passwords to cross-site scripting. Almost all the devices working with the Internet of things will require some sort of personal information as input. (Company, 2014) Some of these devices were said to be having weak security. While a lot of these popular devices were shown to be vulnerable to attackers and easy to identify. A summary from the results of the HP report is shown in the image below.

illustration not visible in this excerpt

Figure 4 HP Research Findings (Company, 2014)

From the literature, the section about the security threats and vulnerabilities to Internet of Things will be highlighted the most as it forms the basis of the thesis. However, the author would like to state that the technicalities regarding the Internet of Things devices and application with not be explored in detail as they require a more thorough IT and programming qualification, which the author is not equipped with. In this section, the major security concerns according to the literature will be put forward in a simplistic manner as to be easy understandable to a lay man without in depth knowledge of IoT workings.

To put it very briefly, the concept of Internet of things means “A worldwide network of interconnected entities.” Because IoT has such a vast array of devices and applications, no single strategy might be applicable to secure the vision of Internet of Things. IoT ecosystems are being designed to handle a number closer to billions of objects, that will cooperate among themselves and other diverse objects or things. These interactions must be protected in some way! Shielding the data and services running all related elements and restraining the quantity of occurrences that will affect the full IoT. (Roman, Zhou, & Lopez, 2013) The core problem of securing IoT lies in its complexity, because it’s something different and new, the traditional methods of security do not apply here. “The number of attack vectors available to malicious attackers might become staggering, as global connectivity (‘‘access anyone’’) and accessibility (‘‘access anyhow, anytime’’) are key tenets of the IoT”. (Roman, Zhou, & Lopez, 2013)

With the recent scandals US elections being hacked and groups like anonymous getting increasingly prominent in the mainstream media, it’s safe to say that time has come to take these threats as serious. In fact, one of the problems with the security of IoT seems to be that people do not take it seriously, believing that they will never be the victims. IoT finds application in many different fields, for example; patients remote monitoring, energy consumption control, traffic control, smart parking system, inventory management, production chain, customization of shopping, civil protection. Users from these require the protection of personal information related to movements, habits and interactions with other people. In a single term, their privacy should be guaranteed. (Sicari, Rizzardi, Grieco, & Coen-Porisini, 2014)

When we raise questions about IoT security threats, there are a lot of possibilities, to understand these threats, it is first important to break-down the major areas of vulnerabilities. Some of these might seem to be overlapping but in the case of Internet of Things, as everything is under a cloud, therefore different areas are closely linked together. If one is compromised, it would probably lead to the other areas being vulnerable as well. This complexity is one more reason to understand this technology, so consumers can be better equipped to ask question of the industry personnel who are developing these devices. The major areas concerning security issues are highlighted and discussed below:

illustration not visible in this excerpt

Figure 5 IoT Security Challenges (Sicari, Rizzardi, Grieco, & Coen-Porisini, 2014)

The image above shows the major security challenges that are being faced by IoT. And they have a lot to do with consumer security and privacy. The presence of billions of diverse objects makes it extremely complicated to do identity management. Authorization is another important feature closely related to authentication, if there exist no access control, all could be get into by everybody. This is neither feasible nor realistic, in fact, the data surge caused because of the mass ‘things’ producing information is a significant threat to the privacy. Which is why it being important for users to have the tools that would let them hold their anonymous status in this well-connected world.

The extensiveness’ and variedness of the IoT does affects the trust and governance of it as well. See from a rational viewpoint, an IoT system can be described as a collection of smart devices that network on a collaborative basis to realize a common goal. Traditional security counter-measures and privacy tools cannot directly be applied to this technology due to their limited computing power. Then there is the issue of scalability cause by the sizeable number of inter- connected devices. Therefore, a flexible structure is needed to be able to handle the threats arising in such a dynamic setting. (Sicari, Rizzardi, Grieco, & Coen- Porisini, 2014)

For IoT to work, consumers should have a guarantee for data anonymity, confidentiality and integrity. There should also be better mechanisms preventing unauthorized users (i.e., humans and devices) to access the system. Collectively with the conventional security solutions, there is the need to provide built-in security for the devices (i.e., embedded) to add active prevention, discovery, diagnosis, isolation and resourceful countermeasures against breaches. IoT, as we know allows a constant transfer and sharing of data amongst things and users to achieve respective goals. In such a flowing and sharing environment, authentication, authorization, access-control and nonrepudiation are vital to safeguard secure communication. (Sicari, Rizzardi, Grieco, & Coen-Porisini, 2014) Then another non-security flaw which is rather non-technical in nature is the lack of legislative cover for consumers. And non-extant minimum set standards for the Industry.

“The rapid spread of connected devices is outpacing an organization’s ability to manage it and to safeguard company and employee data.” said Christos Dimitriadis who is the international president of ISACA and group director of Information Security for INTRALOT. (ISACA, ISACA Survey, 2015)

Data scientists and analysts have different views on this subject. Some are prepared to ‘embrace’ this Internet of Things for most of the benefits it propositions, while others are worried by it. The later, directing to the possible hazards of the networked things, believing that the rising tendency of connectivity, which has all these sensing devices and can co-operate with each another will only expand the possibility of attacks and increase vulnerabilities. Looking back, there were various prominent occasions that have shown us just how susceptible some connected devices can be to hackers. (BullGuard, 2017) Some of the examples include:

1. A connected toilet seat controlled through an Android application got hacked by researchers, which caused this toilet to continually flush, thereby, increasing the water usage.
2. Researchers exposed a fault in smart-TV programmes and launched something termed a ‘red button attack’. The smart-TV data stream was hacked and then used to takeover what was shown on the screen. One ransomware hit an Android Smart TV and subsequently demanded $500.
3. Many researchers have proved how the ‘smart-cars’ may easily be hacked. The effects range from killing off the brakes to manoeuvring the car from left to right.
4. ‘Cyber-criminals’ succeeded in penetrating the sensors of a state facility and
a manufacturing plant in New Jersey. Thereby, they could remotely alter the temperature inside these buildings.
5. In the US, frighteningly internet connected baby monitors have been successfully hacked. Hacker would then scream at the child to make them awake or even post video feeds of these children on the internet. (BullGuard, 2017)

Basic Security Measures purposed by literature

Technology like the Internet of Things can be difficult to understand for a common consumer with limited technical know-how. When a regular consumer buys a connectable device, the ‘user manual’ guides them through the basic procedure of connecting and configuring. There is very little emphasis on protecting and securing the device and the network. Most consumers don’t even change the default username, password, and the wireless key of the connected devices. (MSV, 2016) And this puts them in a lot of risk, without them even knowing about it. Which is why experts purposing some basic security measure that could be used to prevent security breaches. A survey by ESET in co-operation with the National Cyber Security Alliance revealed that more than 40% are “not confident at all” in the safety and security of IoT Devices. ((NCSA) National Cyber Security Alliance & ESET , 2016)

[...]