Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Looking at Smart Cities with an Historical Perspective Read chapter Read first chapter

2017 | OriginalPaper | Chapter

7. Security and Privacy for the Internet of Things Communication in the SmartCity

Authors : Ralf C. Staudemeyer, Henrich C. Pöhls, Bruce W. Watson

Published in: Designing, Developing, and Facilitating Smart Cities

Publisher: Springer International Publishing

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Growing SmartCities means that the amount of information processed and stored to manage a city’s infrastructure (e.g., traffic, public transport, electricity) is growing as well. To manage this, SmartCities are deploying truly distributed and highly scalable information and communication (ICT) infrastructure, connecting a conglomerate of smart devices and ‘smart things’. In recent years, the term Internet-of-Things (IoT) was coined to describe constrained systems that react via sensors to physical changes in its environment and may be able to influence that environment via actuators. While ICT generally helps to ‘mine’ collected information, the IoT complements this with direct access to a sensor’s data or even taking immediate corrective action. Using the capabilities of the IoT to monitor and control the SmartCity implies numerous devices communicate data about the city its citizens. The communicated data is used to make decisions that will affect many citizens, and if not secured correctly, attackers (or other ‘errors’) could disrupt operation of the SmartCity. Moreover, collected data possibly impinges on basic privacy rights if not gathered, communicated and processed correctly. This chapter provides a primer on general information security, its main goals, and the basic IoT security challenges in the SmartCity. Built upon the basic IT security goals of confidentiality, integrity, and availability, this chapter addresses security and privacy problems faced in the communication aspects of the SmartCity. We highlight that security is a crucial enabler for the ICT-dependent SmartCity to base the decisions on reliable data and to execute commands securely. We specifically point out that security starts at the very beginning of the data collection and communication process. On top of this, we focus on major issues related to private communication, as privacy is a key acceptance factor for an ICT-enabled SmartCity by its citizens.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Privacy and Social Values in Smart Cities
next chapter IoT Communication Technologies for Smart Cities
Footnotes
1
“Completely Automated Public Turing test to tell Computers and Humans Apart”.
 
2
Computationally infeasible means that it is possible, but that doing so would require a very long time and very powerful resources.
 
Literature
1.
Gollmann D (2011) Computer security, 3rd edn. John Wiley & Sons
2.
Stallings W, Brown L (2014) Computer security: principles and practice, 3rd edn. Pearson Education
3.
ISO/IEC (2014) ISO/IEC 27001: Information technology—Security techniques—Information security management systems—Overview and vocabulary. Technical report
4.
Mitnick KD, Simon WL (2003) The art of deception: controlling the human element of security. John Wiley & Sons
5.
Slay J, Koronios A (2005) Information technology, security and risk management. John Wiley & Sons, Australia Ltd
6.
Paul M (2012) The 7 qualities of highly secure software. CRC Press
7.
McGraw G (2006) Software security: building security, vol 1. Addison-Wesley
8.
Viega J, McGraw G (2001) Building secure software: how to avoid security problems the right way. Addison Wesley
9.
Tragos EZ, Pöhls HC, Staudemeyer RC, Slamanig D, Kapovits A, Suppan S, Fragkiadakis A, Baldini G, Neisse R, Langendörfer P, Dyka Z, Wittke C (2015) Securing the internet of things—security and privacy in a hyperconnected world. In: Vermesan O, Friess P (eds) Building the hyperconnected society- internet of things research and innovation value chains, ecosystems and markets. River Publishers Series of Communications. pp 189–219
10.
Issarny V, Georgantas N, Hachem S, Zarras A, Vassiliadist P, Autili M, Gerosa MA, Hamida AB (2011) Service-oriented middleware for the future internet: state of the art and research directions. J Internet Serv Appl 2(1):23–45
11.
Tragos EZ, Bernabe JB, Staudemeyer RC, Luis J, Ramos H, Fragkiadakis A, Skarmeta A, Nati M, Gluhak A (2016) Trusted IoT in the complex landscape of governance, security, privacy, availability and savety. In: Digitising the industry - internet of things connecting the physical, digital and virtual worlds. River Publishers Series of Communications. pp 210–239
12.
Heer T, Garcia-Morchon O, Hummen R, Keoh SL, Kumar SS, Wehrle K (2011) Security challenges in the IP-based internet of things. Wireless Pers Commun 61(3):527–542CrossRef
13.
Weber RH (2010) Internet of things new security and privacy challenges. Comput Law Secur Rev 26(1):23–30CrossRef
14.
Lamport L, Shostak R, Pease M (1982) The Byzantine generals problem. ACM Trans Program Lang Syst 4(3):382–401CrossRefMATH
15.
Cavoukian A (2009) Privacy by design ... take the challenge
16.
Gürses S, Troncoso C, Diaz C (2011) Engineering privacy by design. Comput Priv Data Prot 14:25
17.
Schneier B (1996) Applied cryptography: protocols, algorithms, and source code in C, 2nd edn. John Wiley & Sons, New YorkMATH
18.
Katz J, Lindell Y (2014) Introduction to modern cryptography, 2nd edn. Chapman & Hall/CRC
19.
Danezis G, Clayton R (2007) Introducing traffic analysis. In: Digital privacy: theory, technologies, and practices, pp 1–24
20.
21.
Rivest RL, Shamir A, Adleman L (1978) A method for obtaining digital signatures and public-key cryptosystems. Commun ACM 21(2):120–126MathSciNetCrossRefMATH
22.
23.
Miller V (1986) Use of elliptic curves in cryptography. In: Proceedings of advances in cryptology (CRYPTO85). Springer, pp 417–426
24.
Hankerson D, Menezes AJ, Vanstone S (2006) Guide to elliptic curve cryptography. Springer Science & Business Media
25.
Bock H, Braun M, Dichtl M, Hess E, Heyszl J, Kargl W, Koroschetz H, Meyer B, Seuschek H (2008) A milestone towards RFID products offering asymmetric authentication based on elliptic curve cryptography. Invited talk at RFIDsec
26.
Braun M, Hess E, Meyer B (2008) Using elliptic curves on RFID tags. Int J Comput Sci Netw Secur 2:1–9
27.
Hein D, Wolkerstorfer J, Felber N (2009) ECC is ready for RFID a proof in silicon. In: Avanzi RM, Keliher L, Sica F (eds) Selected areas in cryptography. Lecture notes in computer science, vol 5381, pp 401–413
28.
Municipality of Amsterdam. Amsterdam—SmartCity
29.
Efthymiou C, Kalogridis G (2010) Smart grid privacy via anonymization of smart metering data. In: 1st IEEE international conference on smart grid communications, Oct 2010, pp 238–243
30.
Jawurek M (2013) Privacy in smart grids. Ph.D. thesis, Friedrich-Alexander-University Erlangen-Nuernberg
31.
Lahoti G, Mashima D, Chen W-P (2013) Customer-centric energy usage data management and sharing in smart grid systems. In: Proceedings of the first ACM workshop on smart energy grid security, SEGS ’13. ACM, New York, NY, USA, pp 53–64
32.
Danezis G, Jawurek M, Kerschbaum F (2011) Sok: privacy technologies for smart grids—a survey of options
33.
Mashima D, Roy A (2014) Privacy preserving disclosure of authenticated energy usage data. In: 2014 IEEE international conference on smart grid communications (SmartGridComm), Nov 2014, pp 866–871
34.
Pöhls, HC, Karwe M (2014) Redactable signatures to control the maximum noise for differential privacy in the smart grid. In: Cuellar J (ed) Proceedings of the 2nd workshop on smart grid security (SmartGridSec 2014). Lecture notes in computer science (LNCS), vol 8448. Springer International Publishing
35.
36.
Michiels EF (1996) ISO/IEC 10181–6: 1996 Information technology—Open systems interconnection—Security frameworks for open systems: integrity framework. ISO Geneve, Switzerland
37.
Clark DD, Wilson DR (1987) A comparison of commercial and military computer security policies. In: 1987 IEEE symposium on security and privacy. Los Alamitos, CA, USA, Apr 1987, pp 184–184
38.
Shirey R (2007) RFC 4949–Internet Security Glossary
39.
Gollmann D (2012) Veracity, plausibility, and reputation. In: Information security theory and practice. Security, privacy and trust in computing systems and ambient intelligent ecosystems, pp 20–28
40.
Gollmann D (1996) What do we mean by entity authentication? In: Proceedings of 1996 IEEE symposium on security and privacy, pp 46–54
41.
Goldwasser S, Micali S, Rivest RL (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comput 17(2):281–308
42.
Turner S, Chen L (2007) RFC 6151–updated security considerations for the MD5 message-digest and the HMAC-MD5 algorithms
43.
ISO/IEC (1997) ISO/IEC 13888-1: Information technology—security techniques—non-repudiation, Part 1: General. ISO Geneve, Switzerland
44.
World Health Organisation Europe (WHO/E) (2013) Health impact assessment of air pollution in the eight major italian cities, p 65
45.
46.
Camenisch J, Dubovitskaya M, Haralambiev K, Kohlweiss M (2015) Composable and modular anonymous credentials: definitions and practical constructions. In: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics), vol 9453. Springer Verlag, pp 262–288
47.
Raymond J-F (2001) Traffic analysis: protocols, attacks, design issues, and open problems. In: Designing privacy enhancing technologies, pp 10–29
48.
Fawcett T, Provost F (1996) Combining data mining and machine learning for effective user profiling. Sci Technol 42:8–13
49.
Danezis G, Domingo-Ferrer J, Hansen M, Hoepman J-H, Métayer DL, Tirtea R, Schiffner S, Agency (2014) Privacy and data protection by design—from policy to engineering. Technical report, European Union Agency for Network and Information Security, Dec 2014
50.
Danezis G, Diaz C (2008) A survey of anonymous communication channels 1–61
51.
Song DX, Wagner D, Tian X (2001) Timing analysis of keystrokes and timing attacks on SSH. In: 10th USENIX security symposium 28913:25
52.
Dupasquier B, Burschka S, McLaughlin K, Sezer S (2010) Analysis of information leakage from encrypted Skype conversations. Int J Inf Secur 9(5):313–325 JulCrossRef
53.
Pfitzmann A, Hansen M (2010) A terminology for talking about privacy by data minimization: anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management. Technical report
54.
Chaum DL (1981) Untraceable electronic mail, return addresses, and digital pseudonyms, Feb 1981
55.
Ruiz-Martínez A (2012) A survey on solutions and main free tools for privacy enhancing web communications. J Netw Comput Appl 35(5):1473–1492
56.
Goldschlag D, Reed M, Syverson P (1999) Onion routing. Commun ACM 42(2):39–41CrossRef
57.
Dingledine R, Mathewson N, Syverson P (2004) Tor: the second-generation onion router. In: Proceedings of the 13th USENIX security symposium, vol 13. USENIX Association, pp 303–320
58.
59.
Golle P, Juels A (2004) Dining cryptographers revisited. In: Proceedings of advances in cryptology (EUROCRYPT 2004), pp 456–473
60.
Waidner M, Pfitzmann B (1990) The dining cryptographers in the disco: unconditional sender and recipient untraceability with computationally secure serviceability. In: Proceedings of the workshop on the theory and application of cryptographic techniques on advances in cryptology (EUROCRYPT ’89) 89:690
61.
Corrigan-Gibbs H, Ford B (2010) Dissent: accountable anonymous group messaging, p 12
62.
Goel S, Robson M, Polte M, Sirer E (2003) Herbivore: a scalable and efficient protocol for anonymous communication. Technical report, Cornell University
63.
Guan Y, Fu X, Bettati R, Zhao W (2002) An optimal strategy for anonymous communication protocols. In: Proceedings of the 22nd international conference on distributed computing systems 2002, pp 257–266
64.
Stajano F, Anderson R (2000) The cocaine auction protocol: on the power of anonymous broadcast. Inf Hiding 1768:434–447CrossRef
65.
Metadata
Title
Security and Privacy for the Internet of Things Communication in the SmartCity
Authors
Ralf C. Staudemeyer
Henrich C. Pöhls
Bruce W. Watson
Copyright Year
2017
Book
Designing, Developing, and Facilitating Smart Cities

Print ISBN: 978-3-319-44922-7

Electronic ISBN: 978-3-319-44924-1

Copyright Year: 2017

DOI
https://doi.org/10.1007/978-3-319-44924-1_7