The Internet of Things (IoT) refers to a network of physical objects/devices with internet connectivity, and the communication between such devices and other internet-enabled devices and systems. IoT aims to seamlessly connect the devices to the internet to capture, integrate, and process information using servers and computing devices located anywhere across the globe.
The connected devices may form their own IoT network, requiring communication within nodes in the IoT network, and to other IoT networks which may be different in nature (based on services, topology, communication protocols, connectivity, and the like) and may be located geographically far apart.
The privacy and security needs of the IoT networks, may be different under different circumstances depending on the interacting parties, context and purpose of communication. Further, to fulfill a certain purpose, the IoT communication could span several interactions and during such interactions, the privacy and security needs may change. Due to a change in the context, environment, mobility and the like one of the parties, encountering an exception, may increase/decrease in trust level of the partner involved in the communication.
As an example, in a wireless Body Area Network (BAN), the network may be acquiring and processing a large amount of information from user's body, some of which may be strictly private for the individual user, some of which may be private under specific scenarios and some of which may be public. Examples of highly private information may include biometric data such as heartbeat, pulse rate captured by the wearable devices, as well as medical history and health conditions of the user. Some of the user's information may be disclosed conditionally and/or selectively by the IoT network to external networks (IoT or otherwise) and applications, as an example to pre-authorized persons such as doctors, laboratories, insurance companies, and the like. Further, the extent of information sharing depends on factors such as the recipient of the information (such as user or machine, authorized or not authorized), context and purpose for which the information is being shared (emergency, health check), environment (e.g., public place, doctor's cabin), means of communication (e.g., IoT local protocols, protocols such as Wi Fi), and the like. In case of a health emergency, relevant information about the patient's critical parameters and medical history may be shared to a set of doctors without any detailed authentication/authorization procedure in a private and secured manner so that sensitive information does not fall into the wrong hands. However, biometric footprint, medical data, and the like should be shared in phases in a private and secured manner as the interaction progresses. So, the privacy and security aspects depend on the context, purpose and intent of the interacting IoT network(s).
The conventional techniques provide static security and privacy mechanisms. As an example, a patient who is travelling may exhibit emergency symptoms due to which all relevant data is shared to nearby hospitals, emergency centers, and the like. However, even if his/her condition improves, the data sharing levels remain the same, even though the patient may pass through some potentially vulnerable (to security hacks) areas. This causes potential breach of security/privacy and misuse of patient information.
Therefore, the issues with the static privacy and security mechanisms are that inadequate security and privacy due to change in context and/or purpose.