Skip to main content

About this book

This book provides an overview of the most recent developments in Internet of Things (IoT) security and data protection. It presents the results of several international research projects addressing this topic from complementary angles. It starts by analyzing the main privacy and security threats on IoT, as well as the evolution of data protection norms, such as the European General Data Protection Regulation (GDPR), and their impact on IoT. Through a comprehensive and systematic approach, the contributors present new perspectives on IoT & Cloud Computing security requirements. They discuss the most recent approach to support trusted IoT, including new models of privacy risk assessment, labeling and certification, and contractual tools (such as Privacy PACT). Practical implementations, such as in the European Large Scale Pilots on IoT for Smart Cities (Synchronicity), are presented, explaining how they address security, privacy and data protection. Finally, innovative models to secure IoT systems are presented for the network and end-nodes security, including network threats analysis.

Table of Contents


Chapter 1. Internet of Things Cybersecurity Paradigm Shift, Threat Matrix and Practical Taxonomy

The growing adoption and expansion of the Internet of Things are paving the way to new cybersecurity risks. This chapter will highlight key characteristics of this evolution. In order to ease the discussion and management of such threats, it defines a practical taxonomy for categorising the various cybersecurity threats encompassing regular networks and Internet of Things deployments.
Sébastien Ziegler

Chapter 2. Privacy and Security Threats on the Internet of Things

This chapter will provide an overview of the main threats on IoT systems and deployments. It will address both security and privacy challenges. This chapter will benefit from the contributions derived from several project results, including ANASTACIA and Armour.
Sébastien Ziegler, Cédric Crettaz, Eunah Kim, Antonio Skarmeta, Jorge Bernal Bernabe, Ruben Trapero, Stefano Bianchi

Chapter 3. End-Node Security

This chapter will focus on the security of end nodes. It will present a research perspective on the latest technological developments to secure constraint nodes.
Antonio Skarmeta, Dan Garcia Carrillo, Alexis Olivereau

Chapter 4. IoT and Cloud Computing: Specific Security and Data Protection Issues

This chapter will address the specific challenges related to cloud computing and will be directly fed by results from the project CloudWatch2.
Luca Bolognini, Paolo Balboni

Chapter 5. Network Threat Analysis

This chapter will share some key results from the SAINT project starting with an overview of the people who form the cybercrime network including attackers, victims and the organisations who are attempting to protect them. Then we will elaborate on the role of information from the point of view of various relevant stakeholders (cybercriminals, potential cybercrime victims, cyber-defence services providers, cybersecurity regulatory and law enforcement authorities, researchers). Finally, we will discuss the future of cybersecurity in the context of IoT and present both the underlying opportunities and threats.
Anna Brékine, Anastasios Papathanasiou, Dimitrios Kavallieros, Sébastien Ziegler, Christopher Hemmens, Adrian Quesada Rodriguez, Georgios Germanos, Georgios Kokkinis, Georgios Leventakis, Jart Armin, John Bothos

Chapter 6. Evolution of Data Protection Norms and Their Impact on the Internet of Things

This chapter will provide an overview of international data protection norms. It will specifically discuss and explain the recent evolution in Europe with the adoption of the European General Data Protection Regulation and its impact on other countries. It will clarify the main concepts and the differences among the various geographic areas.
Luca Bolognini, Sébastien Ziegler

Chapter 7. Universal Privacy Risk Area Assessment Methodology

This chapter will describe the Universal Privacy Risk Area Assessment Methodology (UPRAAM) designed to assess the conformance of IoT deployments with personal data protection regulations, such as the European General Data Protection Regulation (GDPR).
Sébastien Ziegler

Chapter 8. GDPR Compliance Tools for Internet of Things Deployments

This chapter presents Privacy Flag and the EuroPrivacy certification scheme, which have been developed to assess, inter alia, the compliance of IoT deployments with the whole set of GDPR requirements.
Ana Maria Pacheco Huamani, Sébastien Ziegler

Chapter 9. Towards Trustable Internet of Things Certification

This chapter will outline the most recent evolution in the domain of IoT security and data protection labelling and certification. It provides an overview of several international research projects, including Create-IoT, Privacy Flag and ANASTACIA.
Lucio Scudiero, Sébastien Ziegler

Chapter 10. Voluntary Compliance Commitment Tool for European General Data Protection Regulation

This chapter will discuss and present a new model of voluntary compliance commitment tool to bridge legal gaps between European and non-European legislations, with a focus on data processing of IoT data. This tool was developed in the context of the H2020 Privacy Flag project (http://​privacyflag.​eu/​) that intended to develop a collective privacy protection framework enabling citizens to better control and protect their personal data. In addition to a set of tools and solution enabling the data subjects to collectively assess and control the level of risk for their privacy in the context of web, smartphone apps and Internet of Thing deployments, Privacy Flag also researched and developed a voluntary legal binding mechanism for companies located outside of Europe to align with and abide to European standards in terms of personal data protection.
Luca Bolognini, Camilla Bistolfi, Sébastien Ziegler

Chapter 11. IoT Privacy and Security in Smart Cities

This chapter will focus on the specific and complex case of IoT deployment in smart cities. In this context it will leverage on the work conducted within Synchronicity, a project gathering 11 cities from Europe, America and Asia, and examine the security and privacy aspects within the overall smart city ecosystem through the prism of IoT data protection and implementation of GDPR in smart cities.
Sébastien Ziegler, Mythili Menon, Pasquale Annichino

Chapter 12. End-User Engagement, Protection and Education

This chapter will focus on the human factors and more specifically how end-users can be engaged, informed and associated with IoT deployments, to minimise the legal, financial and reputational risks. It will present the achievements of U4IoT and CREATE-IoT projects in the context of the five European large-scale pilots on IoT.
Adrian Quesada Rodriguez, Sébastien Ziegler, Christopher Hemmens, Ana Maria Pacheco Huamani, Cesco Reale, Nathalie Stembert, Drew Hemment, Rob Heyman, Jonas Breuer, Dejan Drajic

Chapter 13. User-Centric Privacy

Security and privacy aspects are crucial for the acceptance of IoT environments. Accordingly, this chapter will focus on new approaches to enable end user to better control and protect their privacy and personal data. In particular, it will describe the work carried out in the context of the EU project SMARTIE, which proposed a user-centric platform for secure exchange and sharing based on the use of advanced cryptographic schemes. This platform is, in turn, an instantiation of a reference functional architecture derived from the IoT-A project that is also explained. Furthermore, the chapter provides a description about the use of specific technologies and approaches that are employed in the context of Smart Buildings, where data protection aspects are addressed through the mentioned platform.
Antonio Skarmeta, José L. Hernández-Ramos, Juan A. Martinez


Additional information