Lecture 2 - The Inner Workings Flashcards
What is Kosinski, M., Stillwell, D., & Graepel, T. (2013) about
This article argues that easily accessible digital records of behavior (in this study Facebook likes) can be used to automatically and accurately predict a range of highly sensitive personal attributes that people would typically assume to be private.
What is Youm, H. Y. (2017) about?
The internet of things (IoT)
What are the 5 stages of IoT device lifecycle are identified in:
- Design and development
- Testing and debugging
- Deployment,
- Management
- Decommissioning of IoT devices
What is the General IoT topology
A generic IoT topology includes:
- Data acquisition from a sensor or device
- Data aggregations through a gateway
- Data analysis in a private or public cloud
v
What is a sensor network?
Sensor networks are the most essential components of the IoT. They include sensors and actuators. The sensors collect data which then is processed and decisions are made. The actuators make the decided actions.
What is a Ubiquitous Sensor Network?
The Ubiquitous Sensor Network (USN) is defined as an intelligent information infrastructure of advanced e-Life society. It delivers user-oriented information and provides knowledge services to anyone anytime, anywhere
What are the Security and Privacy needs that need to be addressed in IoT
- At the lowest level, the hardware layer should ensure security and privacy during collecting and temporary storage within the device.
- Secure protocols need to ensure communication is well protected.
- Once the data is received, application level protection needs to be in place to monitor and control whoever can see or use the data.
What are the various threats in a IoT device
- Cloning of things
a. During the manufacturing process of a thing, an untrusted manufacturer can easily clone the physical characteristics, firmware/software, or security configuration of the thing. - Malicious substitutions of things
a. During the installation of a thing, a genuine thing may be substituted with a similar variant of lower quality without being detected. - Eavesdropping attack
a. During the commissioning of a thing into a network, it may be possible to eavesdropping on keying materials, security parameters, or configuration settings. - Man-in-the-middle attack
a. A third party is able to eavesdrop on or sit in between the two communicating entities during the execution of a protocol. - Firmware Replacement attack
a. Replacing software by malicious software during the operation or maintenance phase. - Extraction of security parameters
a. An attempt to extract security information such as keys (e.g., device’s key, private-key, group key) from this. - Routing attack
a. Routing information in IoT can be spoofed, altered, or replayed, in order to create routing loops, attract/repel network traffic, extend/shorten source routes, etc. - Privacy threat
a. The typical privacy threats to the users may include the tracking of a thing’s location and usage. - Denial-of-Service attack (DoS)
a. Attackers can continuously send requests to the specific things so as to deplete their resources.
What is Privacy?
the right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share its personal information with others.
What are the 6 requirements of IoT?
- Communication security
a. Privacy-related content of data can be protected during data transmission or transfer in IoT - Data management security
a. Data can be protected when storing or processing data in IoT. - Service provision security
a. Unauthorized access to service and fraudulent service provision can be prohibited and privacy information related to IoT users can be protected. - Integration of security policies and techniques
a. The ability to integrate different security policies and techniques is required, so as to ensure a consistent security control over the variety of devices and user networks in IoT. - Mutual authentication and authorization
a. Before a device (or an IoT user) can access the IoT, mutual authentication and authorization between the device (or the IoT user) and IoT is required to be performed according to predefined security policies. - Security audit
a. Any data access or attempt to access IoT applications are required to be fully transparent, traceable and reproducible.
What are the 5 security functions of IoT devices?
- Secure booting
a. During booting, the authenticity and integrity of the software and applications on the device is verified using cryptographically generated digital signatures. - Access control
a. Should limit the privileges of device components and applications so they access only the resources they need to do their jobs. - Device authentication
a. The device should authenticate itself prior to receiving or transmitting data. - Firewalling and IPS (intrusion protection system)
a. Firewall or deep packet inspection capability to control traffic that is destined to terminate at the device. - Updates and patches
a. Operators need to roll out patches, and devices need to authenticate them, in a way that does not consume bandwidth or impair the functional safety of the device.
What is the Conclusion of Youm, H. Y. (2017)
Conclusion
International standardization developing groups are striving to develop standards to address security and privacy issues for IoT.
IoT has entered a phase of mass usage and it could not acceptable that 70% of IoT devices have major security vulnerabilities.
In the case where IoT devices would be used for dozens of years without upgrade or update, it may be impossible to protect IoT devices itself against new upcoming threats or vulnerabilities.
- These security measures to prevent these new threats should be employed in the IoT devices
Since IoT device users have usually no knowledge of security technology, their default security setting should be employed to address this challenge.
It is noted that many security holes are created during developing, since a developer is not so interested in security compared with developer of general-purpose computer.
What is Zhou 2011 about?
We mainly adopted the Unified Theory of Acceptance and Use of Technology (UTAUT) that argues that four factors determine user adoptation:
1. Performance expectancy
2. Effort expectancy
3. Social influence
4. Facilitating conditions
Additionally, flow theory is used in the analysis.
- Flow represents a holistic sensation that people feel when they act with total involvement. In this research, we measured flow with two factors: perceived enjoyment and attention focus
Users’ continuance usage is critical to the success of mobile Internet.
The results indicate that perceived enjoyment has strong effects on satisfaction and continuance usage. In addition, performance expectancy also affects continuance usage.
- Thus mobile service providers need to consider perspectives of both user performance and experience in order to facilitate mobile Internet continuance usage.
v
What is Circuit switching and packet switching?
o This entailed parts of the message being put in multiple packets that could be send seperately. This meant that if one packet didn’t send, the entire message didn’t have to be send again, as the rest of the packets did arrive
Who is Joseph Licklider and what are his idea’s?
- Combination of hardware and software
- Interaction between man and machine
a. Computers could be used for repetitive tasks, while asking the questions and interpreting the outcomes was up to the people. - Network of people
a. Everyone has different knowledge to bring to the table and so a network of people can be used to tackle problems regarding the network. It would be a combined effort, everyone has something to add.
