Articles Data Breaches and Identity Theft | Page 13

76 M. Abomhara and G. M. Køien
planning of the implementation of network security policies. Accountability
itself cannot stop attacks but is helpful in ensuring the other security techniques
are working properly. Core security issues like integrity and confidentiality
may be useless if not subjected to accountability. Also, in case of a repudiation
incident, an entity would be traced for its actions through an accountability
process that could be useful for checking the inside story of what happened
and who was actually responsible for the incident.
2.3.6 Auditing
A security audit is a systematic evaluation of the security of a device or service
by measuring how well it conforms to a set of established criteria. Due to
many bugs and vulnerabilities in most systems, security auditing plays an
important role in determining any exploitable weaknesses that put the data
at risk. In IoT, a systems need for auditing depends on the application and
its value.
2.3.7 Non-repudiation
The property of non-repudiation produces certain evidence in cases where the
user or device cannot deny an action. Non-repudiation is not considered an
important security property for most of IoT. It may be applicable in certain
contexts, for instance, payment systems where users or providers cannot deny
a payment action.
2.3.8 Privacy goals
Privacy is an entitys right to determine the degree to which it will interact with
its environment and to what extent the entity is willing to share information
about itself with others. The main privacy goals in IoT are:
• Privacy in devices – depends on physical and commutation privacy.
Sensitive information may be leaked out of the device in cases of device
theft or loss and resilience to side channel attacks.
• Privacy during communication – depends on the availability of a device,
and device integrity and reliability. IoT devices should communicate only
when there is need, to derogate the disclosure of data privacy during
communication.
• Privacy in storage – to protect the privacy of data stored in devices, the
following two things should be considered:
• Possible amounts of data needed should be stored in devices.