Articles Data Breaches and Identity Theft | Page 12

Cyber security and the Internet of Things 75
2.3.1 Confidentiality
Confidentiality is an important security feature in IoT, but it may not be
mandatory in some scenarios where data is presented publicly [18]. However,
in most situations and scenarios sensitive data must not be disclosed or read by
unauthorized entities. For instance patient data, private business data, and/or
military data as well as security credentials and secret keys, must be hidden
from unauthorized entities.
2.3.2 Integrity
To provide reliable services to IoT users, integrity is a mandatory security
property in most cases. Different systems in IoT have various integrity
requirements [49]. For instance, a remote patient monitoring system will have
high integrity checking against random errors due to information sensitivities.
Loss or manipulation of data may occur due to communication, potentially
causing loss of human lives [6].
2.3.3 Authentication and authorization
Ubiquitous connectivity of the IoT aggravates the problem of authentication
because of the nature of IoT environments, where possible communication
would take place between device to device (M2M), human to device, and/or
human to human. Different authentication requirements necessitate different
solutions in different systems. Some solutions must be strong, for example
authentication of bank cards or bank systems. On the other hand, most will
have to be international, e.g., ePassport, while others have to be local [6].
The authorization property allows only authorized entities (any authenticated
entity) to perform certain operations in the network.
2.3.4 Availability
A user of a device (or the device itself) must be capable of accessing services
anytime, whenever needed. Different hardware and software components in
IoT devices must be robust so as to provide services even in the presence
of malicious entities or adverse situations. Various systems have different
availability requirements. For instance, fire monitoring or healthcare monitor-
ing systems would likely have higher availability requirements than roadside
pollution sensors.
2.3.5 Accountability
When developing security techniques to be used in a secure network, account-
ability adds redundancy and responsibility of certain actions, duties and