The document discusses the Internet of Things (IoT), which connects devices to share data. It notes that IPv6 expansion enabled IoT growth by providing more addresses. Many IoT devices collect user information without privacy policies. The document outlines security risks like vulnerabilities that could allow hacking. It recommends implementing privacy protections, securing devices, and limiting collected data. Different approaches to IoT architecture are compared, including thing-centric, gateway-centric, smartphone-centric, cloud-centric, and enterprise-centric models.

1. Brandon Walston

2.  Internet of Things or IoT is a network of
devices/objects that are interconnected, making
them programmable, adaptable, and potentially
capable of interacting with people
 What led to the growth of IoT?
◦ IPv6’s huge increase in address space is a huge factor
in the growth of IoT
 “the address space expansion means that we could
assign an IPv6 address to every atom on the surface
of the earth and still have enough addresses left to
do another 100+ earths.” – Steve Leibson

3.  IoT devices collect information and can be invisible to
the user/owner
 Most IoT devices do not have a privacy policy and are
not explicit on information they collect
 IoT devices can serve as a place for hackers to launch
attacks and gain access to information
 According to a June 2014 report by Hewlett Packard, 7
out of 10 IoT devices have some kind of security flaw –
with an average of 25 vulnerabilities per device

4.  IoT devices in the medical field such as insulin pumps
and MRI machines create more hackable access points.
◦ SANS Institute released study showing how 375 U.S.
healthcare organizations were actively compromised
between September 2012 and October 2013.
 FitBit data has already been admitted into court in
personal injury cases
 Federal Trade Commission called for manufacturers to
embed security in their IoT products
 Massachusetts senator Ed Markey released results of his
inquiry into the cybersecurity practices of major car
manufacturers. He called security measures
“inconsistent and incomplete”

5.  Make sure companies add a privacy policy for IoT
devices
 Clearly explain and inform users of the information that
is collected and risk involved
 Companies/Agencies beginning to include IoT should
have personnel that is trained to know the risk of IoT
and security countermeasures to prevent potential
breaches
 Build security into devices from the start rather than
near the end
 Consider Data Minimization, which is limiting the
amount of customer data that is collected

6.  What are five traits to consider when
implementing IoT?
◦ Privacy, Security, Cost, Level of Difficulty, and
Performance
 Thing-Centric
 Gateway-Centric
 Smartphone-Centric
 Cloud-Centric
 Enterprise-Centric

7.  Things are smart on their own and store most
of their data on-board.
◦ Communicate to the Internet only for centralized
coordination and analysis
◦ Favored by
 Construction
 Agriculture
 Utilities (infrastructure) and transportation
◦ Asset is remotely connected and is expensive/large
enough to carry much of computing resource

8. Advantages Disadvantages
 Optimized for real-time
onboard performance
 Resilient to poor-quality
connectivity
 Offers improved security
 Saves on communication
data since data is
selectively sent out or
received
 Cost and complexity are
added to the thing and the
edge of the network
(undesirable if simplicity
is important)
 Design flaws can lead to
devices/computing
resources on islands
 Requires specialized skills
in the embedded and
operational technologies,
which may be hard to find

9.  The gateway houses the application logic, stores
data and communicates with the Internet for the
things connected to it.
◦ Provides resources for devices
◦ Favored by
 Building Systems
 Utilities and Smart city assets (streetlights)
 Requires most of the resources (user interface,
app. Logic, data storage and analytics) are on the
gateway

11. Advantages Disadvantages
 Removes the need for
cost and complexity to
exist on things and
places it on gateway
 Gateways can act as
smarter portals to the
Internet
 Act as connector hub for
devices
 Act as IP address for all
devices connected to it
 Require an extra “tier”
(gateway itself) to
communicate with
Internet (extra point of
failure)
 Require that cost and
complexity reside on
the gateway (cannot use
the cloud)

12.  Smartphone or any mobile device houses the
application logic, stores data and
communicates with the Internet for devices
that are connected to it
◦ Things can be connected to the smartphone before
they are connected to the Internet
◦ Smartphone serves as gateway to the Internet
◦ Favored by following industries
 Wearable market (apple watch, fit bit)
 Mobile health – monitoring equipment
 Consumer home items (power tools, toys, appliances)

13. Advantages Disadvantages
 Minimizes cost, complexity,
need for a user interface,
power consumption, and
weight of the device
 Smartphones are carried by
almost everyone
 The device can access apps
on smartphone
 Smartphones will often have
more computing power
than what might have
existed on the device
 Smartphones are not
standardized
 If smartphone is not
working (battery off) then
the device IoT
capabilities become
compromised
 Requires proximity to the
smartphone
 Security of device is
dependent on the
security of the
smartphone

14.  The cloud will act as the central connection
hub, power analytics and provision data
storage
◦ Rely on cloud resources to drive functionality and
data management
◦ Favored in the following industries
 Consumer-based IoT, if there is a stable Internet
connection (appliances)
 Enterprise environments such as offices may use cloud
– centric for coffee machines or photocopiers

16. Advantages Disadvantages
 Minimizes cost,
complexity, need for a
user interface, power
consumption, and
weight of device
 Well suited to deliver
“network level”
smartness
 Requires stable
connection to the
Internet
 High volume of data
being sent to the
cloud, increasing
communications cost
 Requires sharing of
data with the cloud,
which raises security
and privacy issues

17.  Devices are behind a firewall
 Little need to extend out to the external
Internet
 Ideal when few remote machines are
geographically outside of enterprise area
◦ Favored by the following industries
 Hospitals
 Industrial plants

19. Advantages Disadvantages
 Security and privacy
are better contained by
restricting Internet and
public cloud access
 Real time control and
monitoring are
enhanced if all
resources are nearby
 Not well suited where
many devices are
geographically
dispersed
 Benefits of the cloud
are lost
 All computing
resources and storage
must be local

20.  Folk, Chris. Hurley, Dan. Kaplow, Wesley. Payne, James. AFCEA International
Cyber Committee: The Security Implications of the Internet of Things
http://www.itworld.com/article/2906805/welcome-to-the-internet-of-things-
please-check-your-privacy-at-the-door.html
 Burnett, C.A. Internet of Things: Welcome to the Internet of Things. Please check
your privacy at the door
 Zanolli, Lauren. Welcome to privacy hell, also known as the Internet of Things.
http://www.fastcompany.com/3044046/tech-forecast/welcome-to-privacy-
hell-otherwise-known-as-the-internet-of-things
 Khan, Shabbi. http://www.manufacturingindustryadvisor.com/iot-designing-
privacy-and-security-into-devices/
 Tollefson, Rodika. http://thirdcertainty.com/news-analysis/internet-things-
facilitates-healthcare-data-breaches/
 Sabatino, Connor. http://www.autoindustrylawblog.com/2015/02/23/the-
internet-of-things-lessons-for-the-automotive-industry/