Database Reference
In-Depth Information
5.3 Data Security Issues
Since the data collection nodes in the internet of things spend a lot
of time unattended, it opens up the system to a number of security
threats. For example,
data integrity
is often a concern, because a mali-
cious adversary can change the data at various stages in the pipeline. In
order to address these issues, a number of methods have been designed
to password-protect the writing of the memory in the RFID tags or the
sensor nodes. A number of solutions for password protection in the con-
text of sensor data are proposed in [4, 70]. For RFID data, this is a
greater challenge because the password-protection process requires the
use of energy-intensive cryptographic algorithms. This would require an
onboard battery (active tag) for enablement, and larger energy consump-
tion requirements are usually undesirable. In this context, a number of
methods, which have low energy requirements for these cryptographic
solutions in RFID have been proposed recently [26, 37].
The use of RFID technology also has a number of other security con-
cerns. For example, RFID technology is highly dependent on the use
of radio signals which are easily jammed. This can open the system to
a variety of infrastructure threats, that can disrupt the data collection
process. It has recently been demonstrated [19], that RFID tags can be
cloned to emit the same identification code as another tag. This opens
the system to fraud, when the RFID tag is used for the purpose of sen-
sitive tasks such as payment, authentication or access control. As in the
previous case, a number of cryptographic solutions are being proposed
to increase the security of RFID technology [19].
A number of security issues also arise in the context of data represen-
tations on the semantic web. The data on the semantic web is dynamic
and open, which makes it a challenge from a security perspective. There-
fore, methods have been proposed for marking up web entities with a
semantic policy language, and the use of distributed policy management
as a tool for security [63]. The major challenge which is identified with
implementing such security policies for the semantic web is the decen-
tralized nature of the semantic web, with a large number of entities, each
with its resources, services, agents, users, and their heterogeneity. The
work in [63] proposes a distributed policy framework, in which every
entity can specify their own policy, since there is no centralized policy.
A policy language is proposed, based on RDF-S, in order to markup
security information. The policies are specified in terms of
properties
of users, agents, services or resources, rather than
identities
, since full
authentication is not possible on the web. A related privacy-preserving
ontology framework, based on OWL-S, is proposed in [64].
