Articles Data Breaches and Identity Theft | Page 7

70 M. Abomhara and G. M. Køien
interaction with the physical world by measuring the state of entities or by
initiating actions that will initiate a change to the entities.
A service provides a well-defined and standardized interface, offering all
necessary functionalities for interacting with entities and related processes.
The services expose the functionality of a device by accessing its hosted
resources [12].
2.1.3 Security in IoT devices and services
Ensuring the security entails protecting both IoT devices and services
from unauthorized access from within the devices and externally. Secu-
rity should protect the services, hardware resources, information and data,
both in transition and storage. In this section, we identified three key
problems with IoT devices and services: data confidentiality, privacy and
trust.
Data confidentiality represents a fundamental problem in IoT devices
and services [27]. In IoT context not only user may access to data but also
authorized object. This requires addressing two important aspects: first, access
control and authorization mechanism and second authentication and identity
management (IdM) mechanism. The IoT device needs to be able to verify
that the entity (person or other device) is authorized to access the service.
Authorization helps determine if upon identification, the person or device is
permitted to receive a service. Access control entails controlling access to
resources by granting or denying means using a wide array of criteria. Autho-
rization and access control are important to establishing a secure connection
between a number of devices and services. The main issue to be dealt with
in this scenario is making access control rules easier to create, understand
and manipulate. Another aspect that should be consider when dealing with
confidentiality is authentication and identity management. In fact this issue
is critical in IoT, because multiple users, object/things and devices need to
authenticate each other through trustable services. The problem is to find
solution for handling the identity of user, things/objects and devices in a secure
manner.
Privacy is an important issue in IoT devices and service on account of the
ubiquitous character of the IoT environment. Entities are connected, and data
is communicated and exchanged over the internet, rendering user privacy a
sensitive subject in many research works. Privacy in data collection, as well as
data sharing and management, and data security matters remain open research
issues to be fulfilled.