Security and privacy in the internet of things

The internet of things (IoT) is a technology that has the capacity to revolutionise the way that we live, in sectors ranging from transport to health, from entertainment to our interactions with government. This fantastic opportunity also presents a number of significant challenges. The growth in the number of devices and the speed of that growth presents challenges to our security and freedoms as we battle to develop policies, standards, and governance that shape this development without stifling innovation. This paper discusses the evolution of the IoT, its various definitions, and some of its key application areas. Security and privacy considerations and challenges that lie ahead are discussed both generally and in the context of these applications. ARTICLE HISTORY Received 20 April 2017 Revised 5 July 2017 Accepted 8 July 2017


Introduction
The internet of things (IoT) is heralded as a development that can deliver dramatic changes in the way we live. It is recognised as an enabler that will increase efficiency in a number of areas, including transport and logistics, health, and manufacturing. The IoT will assist in the optimisation of processes through advanced data analytics, and be the catalyst for new market segments by capitalising on its cyber-physical characteristics, giving rise to cross-cutting applications and services (Miorandi et al. 2012).

The evolution of the IoT
The idea of connecting 'things' to the internet extends much further back than the use of the term 'Internet of Things'. In the early 1980s students at Carnegie Melon University fitted internet-connected photosensors to a soft drinks vending machine, which allowed them to count the number of cans that were being dispensed. This enabled anyone with access to the internet to determine how many drinks had been dispensed, and thus how many were remaining (Vetter 1995).
Even before the first webpage was created, John Romkey and Simon Hackett introduced a toaster that was connected to the internet in 1990. Romkey's presentation at the 1990 Interop Conference featured an internet-connected Sunbeam Deluxe Automatic Radiant Control toaster, and arose as the result of a challenge at the previous year's conference from Dan Lynch, President of Interop, to Romkey. Lynch had promised Romkey centre stage at the event if he succeeded. The toaster was connected using TCP/IP and had a Simple Networking Management Protocol Management Information Base (SNMP MIB) controller; its one function was to turn the power on or off. The first use of the term 'Internet of Things' came much later, and is widely attributed to Ashton (Ashton 2009), when he used it as the title of a presentation at Procter and Gamble in 1999.

The growth of the IoT
There has been rapid growth in the number of devices connected to the internet. A number of analysts, notably Cisco and Ericcson (Dave Evans and Hans Vestburg, respectively), have predicted that there will be 50 billion devices connected to the internet by 2020. Of course, these estimates are difficult to assert with confidence, and both have now revised their estimates down. Evans, now at Stringify, predicts 30 million whist Ericcson estimates 28 billion by 2021. One reason that it is difficult to predict growth is that there are not even consistent figures for the number of devices connected to the internet today. Not only is there a significant difference in figures using the same definitions, but the issue concerning the varying interpretations of the IoT also has an impact. Some figures clearly state the difference between machine-to-machine (M2M) and IoT devices, such as those of the GSMA, whose analysis of M2M 'focuses on cellular M2M connectivity and excludes computing devices in consumer electronics such as smartphones, e-readers, tablets, as well as other types of M2M connection technologies that support the wider universe of the Internet of Things (IoT)' (Kechiche 2015). A 2015 report by Machine Research predicted that the total number of M2M connections will grow from 5 billion in 2014 to 27 billion in 2024 (Machina 2015). Nordrum (2016) observed that, in 2016, Gartner estimated that there were 6.4 billion devices (excluding smartphones, tablets, and computers), the International Data Corporation estimated 9 billion (with the same exclusions) and IHS estimated 17.6 billion (including smartphones, tablets, and computers). A similar study by Juniper Research estimated that there were 16 billion devices.
Whilst there are not consistent figures for the number of connected IoT devices, it can be seen that the number of devices is enormous, and growth has been, and is predicted to be, rapid.

Defining the IoT
When writing about his first use of the term IoT, Ashton remarked that the term 'is still often misunderstood'. Indeed, today there exist many definitions and interpretations of the IoT (Atzori, Iera, and Morabito 2010;Bandyopadhyay and Sen 2011;Malina et al. 2016). This might be expected when considering the general public, or researchers with a vague interest in the field, but is more surprising when more specialist researchers vary the definition. For example, the IEEE in its Special Report: The IoT (IEEE 2014) describes the IoT as 'a network of itemseach embedded with sensorswhich are connected to the Internet'. On the other hand another august, expert organisation, the Internet Engineering Task Force (IETF), states that 'in the vision of the IoT, "things" are very various such as computers, sensors, people, actuators, refrigerators, TVs, vehicles, mobile phones, clothes, food, medicines, books, etc.' (Minerva, Biru, and Rotondi 2015). Following a workshop in 2008, the Information Society and Media Directorate-General of the European Commission (DG INFSO) and the European Technology Platform on Smart Systems Integration stated that a 'thing' is 'an object not precisely identifiable' (INFSO 2008). Having considered a range of projects involving the IoT, the Strategic Research Agenda of the Cluster of European Research Projects (CERP) on the IoT (Vermesan et al. 2011) gave its own definition of the IoT. This has also been perceived as having shortcomings (Uckelmann, Harrison, and Michahelles 2011) since the definition used components that had been mentioned previously in relation to other visions, such as pervasive or ubiquitous computing, and that this made it difficult to distinguish from these concepts. The IoT can be seen as related to, and emanating from, a number of different technologies, visions, and research directions. Stankovic (2014) has recognised that there is an increasing overlap between, and merging of, principles and research questions in five different research communities: IoT, mobile computing, pervasive computing, wireless sensor networks, and cyber-physical systems. Atzori, Iera, and Morabito (2010) considers the IoT to be the convergence of three key visions: 'things'-oriented (e.g. RFID, NFC, Wireless Sensor Actuators), 'Internet'-oriented (e.g. IP for smart objects) and 'semantic'-oriented (e.g. reasoning over data).
However one considers its evolution, it is clear that the IoT brings together a variety of key areas, and complicating the issue of defining and distinguishing the IoT. Given the close relationship with other visions and advances, and that there is not a common understanding of the definition and size of the IoT, or indeed what 'things' are, it is unsurprising that there are challenges in security, privacy, and policy within the IoT. For the purposes of this paper we will use the interpretation of 'things' as proposed by the IETF.

Relationship to M2M and the internet of everything
Whilst M2M communication is currently a commonly used term, especially given discussion surrounding the Fourth Industrial Revolution and the Industrial IoT, it has a longer history than that. Basic fleet management solutions and Supervisory Control and Data Acquisition (SCADA) solutions have relied on M2M communications for a number of decades (Morrish 2014), and even before this the use of M2M communications allowed the use of ATMs and point of sale systems.
M2M involves direct communication between devices without human intervention. This communication can be over any channel, whether wired or wireless, and the number of technologies, standards, and protocols for communication is large and growing. Communication may occur through a network, including cellular networks (GSM, 3G, 4G), or directly between devices (without going through a base station, intermediary, or access point) in a point-to-point manner, each having a different attack surface. Some of the key communication technologies include Wi-Fi, RFID, Dedicated Short Range Communication (DSRC), Bluetooth, Bluetooth Low Energy (more recently referred to as Bluetooth Smart), NFC, and Zigbee. These technologies vary in frequency, range, and coverage, and are defined by different standards, as presented in Table 1.
In addition to these varying communication technologies, there exist applicationspecific standards, such as the Meter-Bus standard, developed for the remote reading of gas or electricity meters (EN 13757-x (Buxmann, Hess, and Ruggaber 2011), whilst ABB has been developing products and services for the IoT, Services and People. The Fourth Industrial Revolution is being developed through the Industrial IoT (Sadeghi, Wachsmann, and Waidner 2015), the connected car agenda is developing into the Internet of Vehicles (Gerla et al. 2014), and there are even more obscure developments such as the Internet of Animal Health Things (Smith et al. 2015).
Recently, Cisco and Qualcomm have been advocating the use of the term internet of everything (IoE). Whilst some argue that this term may have been developed as a marketing ploy by Cisco, there is certainly some benefit in defining a system that goes beyond many of the typical uses of the IoT, especially given its development outside of M2M environments. As M2M can be considered a subset of the IoT, the IoE can be thought of as a superset of the IoT.
The concept of the IoE brings together four key elements: people, process, things, and data. Here the things are physical sensors, devices, actuators, and other items, generating data or receiving information from other sources. Rather than being restricted to the human, we can consider the human-generated and -related systems such as social networks, and health, well-being, and fitness applications. Data are analysed and processed to create useful information for intelligent decisions and to control mechanisms. This concept of the IoE will not only allow examination of the IoT as a system involving machines and humans, but also brings together the services, context, environments, and intelligencethe data and the process (Bojanova, Hurlburt, and Voas 2014). In the context of the IETF definition of the IoT, this vision of the IoE might be considerably less of a fundamental shift.
To summarise, the IoT has evolved using a wide range of core technologies from a number of key visions. It has evolved through developments by distinct, often disparate communities, each with slightly different overarching aims. Further, these developments have been made in different application areas, often using specific and proprietary standards. This diffuse nature of development has led to an inevitable lack of harmonisation and shared vision, hampering standardisation and effective regulation. It is this lack of standardisation and regulation that has precipitated many of the existing security and privacy issues in the IoT, and left technicians and users without the necessary information and control to, service, update, and address problems created with devices and services. The lack of coherence, oversight, understanding, and protocols means that security risk analysis, risk assessment, and countermeasure implementation are much more difficult tasks than they would be with a more directed and coordinated development path. The nature of the growth, both rapid and significant, has meant that the impact of these concerns is considerable and requires urgent redress. In this paper we present a discussion of the security and privacy challenges in the IoT, illustrated through a number of key applications. The paper first presents an overview of the widespread applications of the IoT and the various classifications of applications found in the literature. It outlines a number of specific application areas, before presenting a discussion on general security and privacy issues in the IoT. The impact of the IoT on security and privacy concerns are then discussed, before the final conclusions and recommendations in areas of key concern are made.

Applications of the IoT
The IoT is having a significant impact in a number of domains, and a number of researchers have provided insights and analyses into its applications. When presenting applications of the IoT, researchers have their own classification of domains and applications. Each taxonomy has its own merits, and depends not only upon the objective to be achieved but also the definition and context of the IoT under consideration. The reader is referred to the references presented in Table 2 (further information on the applications of the IoT).
Application domains have been presented by both industry and academia. For example, the industry brochure, Libelium (2015), lists 61 applications for the IoT in a number of domains using different sensor boards. Academic efforts include Atzori, Iera, and Morabito (2010) who classify applications in four short-medium term categories (transportation and logistics; healthcare; smart environmenthome, office, plant; personal and social) and a longer term futuristic category. In Miorandi et al. (2012) the authors use six categories, retaining the healthcare domain whilst modifying others. Most significantly, however, they overlook the personal and social domain, and instead introduce the security and surveillance category. Whitmore, Agarwal, and Xu 2015 use a modified classification based upon consideration of an updated literature review, drawing most significantly on the work of Atzori, Iera, and Morabito (2010) and Miorandi et al. (2012). This classification dispenses with a temporal futuristic view and reorganises the transportation and logistics and smart environment domains, recognising the considerable role of the IoT in supply chains and its connection to the field of logistics, thus developing a category specifically for supply chains and logistics. Further, a new category, smart infrastructure, is presented, which extends the smart environments domain of Atzori and introduces the infrastructure aspects of transport. Zanella et al. (2014) focus attention on the smart city whilst Da Xu, He, and Li (2014) concentrate on industry applications of the IoT, and include consideration of the niche case of the IoT as applied to firefighting. Authors of this latter paper extend their work to wider applications (Li, Da Xu, and Zhao 2015), combining it with concepts from Atzori and Miorandi. Perera et al. (2014) and Bandyopadhyay and Sen (2011) both draw heavily on the report from the CERP into the IoT (Vermesan et al. 2011). This report defines three essential application domains for the IoT: industry, environment, and society. However, the report finds that it is difficult to isolate any of these domains, and rather applications and services apply at the intra-and interdomain level. Instead, we should consider applications (which support one or more of the aforementioned domains) and services that cater for a specific functionality or need at an intra-or inter-domain level. Therefore, if organisations wish to consider their cyber security risk, to do so at the domain level would be misleading, though apparently intuitive. The fact that there exist a number of ways to consider domains and applications should tell us that this way of thinking about risk is unhelpful. Whilst threat modelling and risk assessment across domains can have similar themes, they are likely to have radically different risks. Thus, rather than considering cyber security risk at domain level, we should examine a number of IoT applications that are at the inter-domain level. We now discuss a small selection of applications that carry significant cyber security risk, representing high impact and/or likelihood of an attack.

Connected and autonomous vehicles
The application of sensors in the automotive sector has been one of the largest growth areas (Meola 2016). There are a significant number of sensors within vehicles used for everything from engine operation to system monitoring, emission control, and brakes. Examples include Bluetooth-enabled tyre pressure monitoring systems, crank position, cam position, manifold absolute pressure, and throttle position. Sensors are also being embedded to form an integral part of transport infrastructure, and there has been significant investment in the UK with, for example, the introduction of Highways England's Smart Motorways Programme (Phull 2012). Other initiatives include developing infrastructure and communication in urban environments. UKCITE (www.ukcite.co.uk) is a project in the UK funded through both the Centre for Connected and Autonomous Vehicles and Innovate UK (part of a £100 million investment programme in research and development) that involves equipping over 40 miles of urban roads, dual-carriageways, and motorways with communications technology. Using Vehicle to Infrastructure (V2I) communication allows better traffic flow, especially in urban and suburban environments (Faezipour et al. 2012). Communication between vehicles, so-called V2V communication, through technologies such as DSRC, long-term evolution for vehicles, and Visible Light Communications, are enabling the platooning of cars in order to reduce energy consumption and provide advance notice of incidents. The deployment of such Intelligent Transportation Systems utilising Edge and Cloud Technology can assist in accident management, location-based traffic, and weather notifications, thereby supporting assisted driving (Atzori, Iera, and Morabito 2010).

Health, well-being, and recreation
The use of sensors is an integral part of emerging medical and healthcare technologies. The IoT has the potential to be integrated into numerous healthcare services and applications (Dohr et al. 2010;Bui and Zorzi 2011;Islam et al. 2015). The healthcare services that will benefit most significantly include ambient assisted living (a significant area of application involving the use of smart homes to allow patient monitoring and care in independent environments); the internet of mobile health (integrating medical sensors into mobile technologies); semantic medical access (utilising semantics, IoT healthcare applications can use medical rule engines to analyse large quantities of sensor data); and adverse drug reaction (by labelling drugs and examining a medical database, any potential adverse reaction such as allergy, or reaction with other drugs, can be avoided). Healthcare applications that have already been developed, or are set to be developed include blood pressure and diabetes monitoring, body temperature and rehabilitation monitoring, oxygen saturation monitoring, and wheelchair management (Stachel et al. 2013).

Industry 4.0
One of the biggest impacts globally of the IoT is expected to come through the advent of the Fourth Industrial Revolution, in which IoT technologies are to be incorporated into each phase of the manufacturing process. This will involve a shift from automated to intelligent manufacturing processes (Thoben, Wiesner, and Wuest 2017), incorporating cyberphysical systems, automated robotics, big data analytics, and cloud computing (Fedorov et al. 2015). The IoT can be employed throughout the development lifecycle through the introduction of smart connected machines with proactive maintenance, enabling a smarter manufacturing process delivered through intelligent logistics, allowing rapid, flexible, and lean manufacturing. Optimised decision-making and innovative planning methods, combined with smart grid technology, will mean the energy efficiency of plants can be maximised.

Logistics
With large numbers of shipments and increased inventory, IoT technologies can support logistics dynamically by enabling the service provider to increase operational efficiency whilst also increasing automation and decreasing manual processes (Macaulay, Buckalew, and Chung 2015). The uses of the IoT in logistics can have a pronounced impact on smart inventory management, damage detection, real-time visibility, accurate inventory control, optimal asset utilisation, predictive maintenance, and freight management (Uckelmann, Harrison, and Michahelles 2011). The application of RFID technology to logistics (Sun 2012) enables industry to forecast information, identify future trends, estimate the probability of an accident, and allow for the early adoption of remedial measures. This can improve enterprises' ability to respond to the market and maintain risk aware supply.

Smart grid
In recent years there has been a dramatic increase in investment in smart grid research and development, pushing the UK into the lead in the European deployment of a wide range of viable smart grid solutions (DECC 2014). Smart Grid is an intelligent power system which incorporates information and communication with existing transmission and distribution systems (Li et al. 2011). This is made possible by utilising sensors, digital meters, and controllers with analysis tools to monitor and optimise grid performance, prevent power outages, and restore supply (Li et al. 2011). The development of Smart Grid will help cater to the requirements of smart cities with numerous intelligent systems creating building and community energy management systems (CEMS) (Karnouskos 2010). The IoT sensors can help identify devices connected to the grid and send realtime power information to the consumer.

Homes, buildings, and offices
There has been a significant growth in the demand for smart home devices, with over 161 million units being shipped between 2010 and 2016 according to IHS Markit (IHS 2016); over half of these devices were delivered in 2016, a 64-per cent increase on the previous year. This increase included purchases of smart energy management systems such as Nest thermostats, security solutions such as August smart locks, and personal home assistants such as Google Home, Bosch's Mykie, and Amazon's Alexa.
In addition to growth in consumer adoption of smart technology, there has also been a surge in demand within the office environment. A new report by British Land and Worktech Academy (British Land 2017) of over 1000 workers, nearly a third of whom were decision-makers, found that 88 per cent of respondents expressed a wish to control their work environment better. The study found that a smart office would have a significant impact on company performance and environment, with predictions of productivity increases of 37 per cent, loyalty increases of 38 per cent, and well-being and happiness improving by over 40 per cent. This growth in demand for the IoT in houses, buildings, and offices will contribute to the development of smart cities (Zanella et al. 2014).

Retail
With the increased benefits of sensor technologies, the IoT has the ability to enhance the consumer experience in retail stores and businesses. Monitoring and controlling operational data and equipment performance, for example, will allow businesses to improve performance by tracking progress in real time (Lee and Lee 2015). Sensors generate large quantities of data through time, which can be used to determine potential drawbacks and help businesses adapt through big data and business analytics. Understanding the market trends and demands of customers through advanced market analysis will lead to reactive and proactive supply, which can limit resource wastage and developments that will ultimately fail to find demand. Through increased adoption of the IoT, not only can retailers ensure appropriate procurement and supply, but also offer customers different products, which may be more suited to their needs. For example, a user may buy some consumer electronics, but there may be products that can offer the appropriate amount of interoperability, battery life etc. as an alternative. This decision could be derived from information gathered from sensors, and could work in much the same way as when we choose to update our mobile telephone or internet packages, receiving advice from suppliers regarding the most appropriate service for our needs. Customer satisfaction can also be achieved through connected retail, as well as customer recognition and context aware offers (Macaulay, Buckalew, and Chung 2015).

Agriculture
Smart technology is also being developed in the agricultural sector. Field information is traditionally obtained through manual reporting mechanisms, which can lead to inaccuracies in data. To maximise and streamline the production of agricultural commodities by systematically increasing efficiency and decreasing manual labour, IoT sensors and technologies can contribute to scientific cultivation with increased quality (Chen and Jin 2012). This is enabled through monitoring environmental parameters such as air pressure, humidity, and wind direction through wireless sensors, which can help cultivation through the adaptation of agricultural requirements. Furthermore, from production processes through to market consumption, the food supply chain requires the maintenance of appropriate preservation techniques which can be improved through sensor technologies and pervasive computing (Atzori, Iera, and Morabito 2010). The importance of food traceability was highlighted in the Elliot Review (Elliott 2014). The IoT can play a significant role in improving assurance, logistics, and supply chain management through tracking and tracing systems.

Entertainment and media
Entertainment and media is also seen as a sector which could benefit from the advances in the IoT (Martin 2016), and research is being developed for media content sharing services over home-based IoT networks (Hu et al. 2013). This provides an ability to both personalise content seamlessly and allow the simple sharing of media. Advertisements can be personalised for individual communities and families. Potential content filtering based on age is also expected to have an impact on the entertainment industry (eMarketer 2016). Other applications, such as ad hoc news gathering based on the location of the user, are also set to increase (Bandyopadhyay and Sen 2011). The games industry is a significant area of the entertainment sector, and one in which the IoT could have a considerable impact. We have already seen the huge popularity of Pokémon Go, and the combination of the IoT and augmented reality systems could play a major part in the development of new gaming experiences.

Security challenges within the IoT
As the IoT expands and becomes more interwoven into the fabric of our everyday lives, as well as becoming an increasingly important component of our critical national infrastructure, securing its systems becomes vital. The securing of systems can be based upon a number of principles, from the CIA of information security (confidentiality, integrity, and availability), to the five pillars of information assurance (confidentiality, integrity, availability, authenticity, and non-repudiation) and the Parkerian Hexad (confidentiality, integrity, availability, authenticity, possession, and utility) (Parker 1998). Research articles discussing security considerations relating to cyber-physical (as opposed to information) and IoT systems vary in which principles they adopt. The majority of researchers restrict consideration to the CIA. The Parkerian Hexad, whilst originally offered as an improvement to overcome the limitations of the CIA, is often rejected; indeed, the usefulness of the Hexad remains the subject of debate among security professionals (Feruza and Kim 2007). Others go beyond these earlier principles and include robustness, reliability, safety, resilience, performability, and survivability (see for example Sterbenz et al. 2010). It is certainly worth considering all of these components of security, especially in complex cyber-physical systems such as the IoT. However, for this piece we use the three broadest categories of the CIA, understanding that the compromises may be of physical as well as information assets. We discuss some of the most significant challenges, highlighting which principles are under threat of compromise. However, it must be recognised that this is not an exhaustive list of the security challenges.

Physical limitations of devices and communications
In any application area, IoT devices are usually embedded with low power and low area processors, and it has been recognised that 'the Internet Protocol could and should be applied even to the smallest devices' (Mulligan 2007). Constraints on IoT devices limit the ability to process information at speedthere is a limited CPU, memory, and energy budget. This means that challenging forms of security are required which satisfy the competing goals of strong performance and minimal resource consumption. The constraints in size and power impact most significantly on efforts to maintain confidentiality and integrity in IoT systems. For example, the largest physical layer packet in IEEE 802.15.4 (recall that Zigbee and 6LoWPAN, for example, are both based on this standard) is 127 bytes (Montenegro et al. 2007). Given that the frame overhead could be 25 bytes, the maximum frame size in the media access control layer is 102 bytes. To protect confidentiality encryption can be applied, but it should be noted that link-layer security further reduces this maximum frame size. If AES-CCM-128 (Advanced Encryption Standard using 128 bits, running in so-called CCM mode, a mode of operation designed to provide both authentication and confidentiality) were to be used, this would consume 21 bytes, leaving only 81 bytes available. On the other hand, using AES-CCM-32 would only consume 9 bytes, leaving 93 available. Designing appropriately secure and robust systems is challenging, since communication between nodes is often over 'lossy and low-bandwidth channels' (Heer et al. 2011).
For security through digital signatures, a public key infrastructure is required, and this is a significant challenge to IoT systems. Public key infrastructure can protect against both loss of confidentiality and loss of integrity. However, even the encryption process with the public key requires computational and memory resources that are beyond many wireless sensor systems, especially when frequent data transmission is required (Doukas et al. 2012).

Heterogeneity, scale, and ad-hoc nature
It has been recognised that the high level of heterogeneity (Sicari et al. 2015;Misra, Maheswaran, and Hashmi 2016), compounded by the large scale of IoT systems, will magnify security threats to the current internet. Roman, Najera, and Lopez (2011) notes that heterogeneity has 'great influence over the protocol and network security services that must be implemented in the IoT'. Security solutions have to cope with entities with varying hardware specifications, and need to provide authentication and authorisation of IoT nodes (Malina et al. 2016), as well as key agreement (Suo et al. 2012). The heterogeneity of the IoT means it cannot be assumed that all devices can present a full protocol stack. Further, the potential number of services and service execution options, along with the need to handle heterogeneous resources, requires service management; these challenges will have an adverse impact on the security of IoT systems (Miorandi et al. 2012). The lack of open standards and use of proprietary solutions presents a significant problem, since security solutions must integrate with 'black boxes'. Allowing developers to implement security based on their own proprietary standards can lead to 'security through obscurity' (Phillips, Karygiannis, and Huhn 2005), recognised as a flawed technique within the ambit of security. Security issues are further exacerbated due to the fact that 'transient and permanent random failures are commonplace, and failures are vulnerabilities that can be exploited by attackers' (Stankovic 2014), and that the ad hoc nature of the IoT requires the tailoring of existing techniques (Sicari et al. 2015). Clearly, as the number of devices connected to the internet grows, so do security and privacy issues (Cha et al. 2009).
Many components of the IoT, particularly in the health and transport and logistics domains are also mobile. This presents a challenge in ensuring that security solutions adapt to the mobile environment, interacting with many different components and systems, each potentially offering different settings, protocols, and standards.

Authentication and identity management
Identity management concerns the unique identification of objects, and authentication then validates the identity relationship between two parties (Mahalle et al. 2010). The CERP report (Vermesan et al. 2011) recognises that further research is needed in the 'development, convergence and interoperability of technologies for identification and authentication that can operate at a global scale'.
Authentication within the IoT is critical, since without appropriate authentication the confidentiality, integrity, and availability of systems can be compromised. This is because if an adversary can authenticate as a legitimate user, they will have access to any data that the user has, and can see (compromising confidentiality), modify (compromising integrity), and delete or restrict availability (compromising availability) in the same way that the user can.
The authentication and identification of users in the IoT remains a significant challenge. Currently, username/password pairs are the most common form of authentication and identification of users in electronic systems, though other forms such as shared keys, digital certificates, or biometric credentials may be used (Gessner et al. 2012). However, the vision of the IoT as ubiquitous will eliminate many of the physical interaction interfaces through which usernames and passwords are passed.
In traditional electronic environments the ability to take advantage of single-sign-on (SSO) mechanisms can be useful, allowing users to authenticate only once to interact with various services. Systems such as Shibboleth OpenID and OAuth2 were not designed to fulfil IoT systems, and whilst work is being undertaken to adapt OAuth2 it cannot, as yet, provide widespread SSO in IoT environments. Citizens in an IoT environment may wish to choose their identity provider, and this is challenging using current protocols.
Furthermore mobility, privacy, and anonymity require further analysis and research (Riahi et al. 2013). Those IoT systems that feature mobile services will have users passing through different architectures and infrastructures owned by different providers. Managing the identity of users in such mobile, heterogeneous, and multiply owned environments can be challenging. Whilst privacy in the IoT is discussed in the next section, the issue of anonymity in the IoT presents a particular challenge, especially in mobile environments. Although there may be a desire for anonymity, users also want good levels of service, and this often requires understanding as to 'whom' the service is being provided. Furthermore, if there is a need for resilient services, then accountability is desirable. Clearly, in a truly anonymous system, accountability is hard to achieve. Pseudonymity can provide a balance between anonymity and accountability. In pseudonymous systems, the actions of a person are linked to a random identifier, rather than an identity. A pseudonym may provide a persistent identifier to ensure that a service can be offered from initiation to completion. To be effective in IoT systems, there remains a challenge for pseudonyms to operate in a standardised manner across multiple domains.
It is not just the identification and authentication of users that requires consideration. It is also necessary to identify and validate service and devices in IoT systems. It can be challenging to perform a strong authentication of devices in the IoT 'because of the nature of the device or the context in which it is being used' (Sarma and Girão 2009). Without adequate authentication processes, it is not be possible to assure the data originated from the intended device, or was received by the intended device. If the devices are appropriately authenticated, there is still a requirement to authenticate the service, since certain services will have access to certain data.

Authorisation and access control
It has been recognised that there is a need to 'exercise access control over [the Internet of Things] at the edge of the network in the device or, at least, a local access controller for the device' (Cerf 2015). There is an important role in establishing whether the user, once identified and validated, has permission to access the requested resources (Abomhara and Køien 2014). Access control requires communication between entities (often restricted to software entities rather than human, since users impact on the system through the software entities that they control) to request and grant access. There are various models for access control such as Discretionary Access Control (DACwhere an administrator determines who can access resources); role-based access control (RBACallowing access based on the role that the requester holds); and attribute-based access control (ABACwhere rights are granted through policies which evaluate the attributes of the user, resource requested and the environment from which the request is made).
Effective access control in an IoT context is challenging. Whilst it is desirable to use an access control model that removes discretion, the use of RBAC and ABAC is known to be challenging for low-powered IoT devices. Further, RBAC requires the definition of roles. In many IoT systems there is the likelihood that the number of roles will grow rapidly, and thus handling all these roles, especially during system updates, becomes difficult if finegrained access control is intended. ABAC faces similar challenges, especially in decentralised architectures. Neither ABAC nor RBAC 'provide scalable, manageable, effective, and efficient mechanisms … and [so] are not able to effectively support the dynamicity and scaling needs of IoT contexts' (Gusmeroli, Piccione, and Rotondi 2013). RBAC, ABAC, and DAC are all access control list (ACL) models, and an alternative approach is to use capability-based approaches. These methods involve the requester having a reference or capability that allows access to a service. This requires a reference that is communicable, revocable, unforgeable, and which can be thought of as analogous to the key to a safe deposit box. These methods attempt to overcome some of the limitations of ACL models, but they are unable to 'tailor access based on various attributes or constraints' (Ferraiolo, Cugini, and Kuhn 1995). Capability-based methods include identity authentication and capability-based access control (IACAC) (see Mahalle et al. 2013), and capabilitybased access control (CapBAC) (see Gusmeroli, Piccione, and Rotondi 2013).

Implementation, updating, responsibility, and accountability
It is vital, though often overlooked in discussion, that the implementation and updating of security protection must be both manageable and low cost. IoT systems can be geographically remote and involve sensors and actuators in extreme and challenging environments. To protect the cyber security of the system it is vital that any vulnerabilities are addressed as soon as they are discovered. As such, there is a need for remote access to allow these system updates. The latest software patches could be installed dynamically, and the process managed through cloud-assisted frameworks; however, designing a secure mechanism for dynamic installation is a challenging task (Maglaras et al. 2016). It must also be recognised that updates can change the functionality of devices, and these changes may not always be aligned with user expectations (Rose, Eldridge, and Chapin 2015). For this reason, in cases where a user has responsibility or control over applying a patch, they may decide against updating if they feel the risk of compromise outweighs the negative impact on functionality (Cavusoglu, Cavusoglu, and Zhang 2008). The Dyn attack in 2016 was illustrative of the significant impact a botnet of the likes of unpatched printers, IP cameras, residential gateways, and baby monitors can have in conducting a distributed denial of service attack. This leads to another significant challenge regarding responsibility, liability, and accountability in the IoT. Since the IoT, comprises different devices, communications, infrastructure, and services under different control and ownership, determining responsibility and liability remain a challenge. Whilst legal liability may lie with one organisation, the impact of a seemingly innocuous attack on one component could cause catastrophic, irrevocable damage to another. For example, if a service is compromised due to an issue in a device or some third-party architecture, the repercussions in terms of customer backlash may not impact on the device manufacturer or architecture owner, but rather the service operator. The possibility of such cases may lead some parties to be less concerned about cyber-physical security than they should be. The situation is even more difficult given the highly complex attack surface. One minor vulnerability in one device or service may be exploited along with other, seemingly innocuous vulnerabilities elsewhere in the system, controlled, owned or supplied by different parties. If this leads to a major compromise, the level or responsibility of each party may not be immediately clear. This makes it difficult to make a case for security investment.

Security issues in connected and autonomous vehicles
The connected and autonomous vehicles (CAV) area is complex and involves many different sensors, actuators, infrastructure, communications protocols, and services. These services vary from small, simple services running on only a few components, through to global services involving significant parts of the critical national infrastructure. This work cannot encompass all of the types of system and potential and implemented attacks. However, it is possible to highlight some of the most significant attacks.
Modern vehicles have between 70 and 100 integrated electronic control units (ECUs) for applications such as braking, steering, transmission, suspension, and engine control. The sensors providing information into these ECUs include the Tyre Pressure Monitoring System Infotainment system, Camera, LIDAR, RADAR, and brake and engine sensors. Communication to ECUs is through a range of network types including CAN (Controller Area Networks), FlexRay, MOST (Media Oriented System Transport), and LIN (Local Interconnect Network). Different manufacturers employ different networks, but modern vehicles will feature a number of these network types. However, these protocols were designed prioritising efficiency and safety rather than security. Checkoway et al. (2011) and Koscher et al. (2010) exploited various on-board and remote vehicular vulnerabilities physical endpoint devices such as On-Board Diagnostic Units (OBD), and external communications such as DSRC and Bluetooth. More publicised was the work of Miller and Vallesek in 2015, in which they used remote execution to exploit a vulnerability (combined with a weakness in the Sprint-enabled remote access UConnect ® ) in a Jeep Cherokee (Mansfield-Devine 2016). They were able to control the vehicle whilst it was in motion.
Although the likelihood of a cyber-attack on a connected vehicle is currently thought to be low, the increasing importance of these vehicles, and the rise of technologies such as ransomware, make this a significant emerging risk to the integrity and availability of connected and autonomous vehicular systems. As well as financial motivations, we are likely to see attempts to compromise these systems by terrorists, nation states, and hacktivists.
Many applications in CAV involve a combination of personal and vehicular (that can be linked to individuals) data that is sent externally. This type of data can have its confidentiality and privacy breached in a number of ways, including through the use of 'sniffing stations'. It is also possible to undertake man in the middle attacks on the wireless communications entering a vehicle, thereby compromise the integrity of that data. Such a man in the middle attack was the basis of the remote exploit of the Jeep by Miller and Valasek.
As connected vehicles interact with and become dependent upon infrastructures such as Cloud and Edge-cloud, the risk and impact of attacks on the availability of systems will increase.

Security issues in health, well-being, and recreation
Recently, there have been an increasing number of attacks where the victims have been hospitals. There have been a myriad of potential and actual attacks on individual connected devices, including drug delivery systems, electronic health implants, insulin pumps, and pacemakers. However, recent years have seen attacks being discovered that are unprecedented in their scale and surface. In particular, the MEDJACK attack (Storm 2015), first discovered by Trend Micro, impacted on blood gas analysers, computerised tomogram apparatus, magnetic resonance imaging systems, and x-ray machines. Attacks have been carried out that targeted communications protocols as well as devices. Security flaws have been found in the proprietary communication protocols of ten implantable cardiac defibrillators (ICDs) (Marin et al. 2016). These medical systems obviously pose a risk to each part of the CIA triad. As well as the very evident problems of disrupting availability and compromising integrity, there are also issues of confidentiality. Medical data can be used for identity theft or fraud, as well as to discover drug prescriptions, enabling hackers to order medication online. Hackers might also consider extortion and blackmail of people with certain illnesses that they would not want disclosed. Similar attacks on the confidentiality, integrity, and availability of IoT-enabled well-being, such as fitness trackers, also exist, though the impact from breaches on availability and potentially integrity is less severe. This is not the case regarding confidentiality of information.
Security issues in Industry 4.0 Industry 4.0 has been heralded as a transformational move that brings together data, connectivity, and autonomy to create the Fourth Industrial Revolution. However, there exist a number of significant threats to these cyber-physical systems.
Significant cyber-physical attacks have been reported over a number of years, and there are likely a significant number of attacks that are not reported, or even discovered. Examples include the Maroochy Water Services attack in Australia in 2000, in which the sewerage system encountered a series of faults where the pumps were not running when they were supposed to be and alarms were disabled. This was further aggravated by a loss of communication from the central computer with various pumping stations. Similarly, Stuxnet had a rapid and significant impact on the Iranian nuclear industry. More recent attacks include the 2014 attack on a German steel mill, and disruptions to the Ukrainian energy network.
Other attacks on confidentiality of information include leakage of intellectual data that can lead to the loss of competitive advantage in the market. In addition, it would also equip competitors with the capacity to undermine innovations that are yet to be manufactured.

Security issues in logistics
The IoT appears to offer significant efficiency and business opportunity in logistics. There are various application scenarios, which inevitably creates a large attack surface. One recognised attack is the manipulation of embedded data, either by malicious substitution of tags or by modification of tag information (Misra, Maheswaran, and Hashmi 2016). Whilst logistics are often thought of as part of the road network, it should be recognised that logistics also involve rail, air, and sea. A particular vulnerability concerns the modification of ship details including position, course, cargo, flagged country, speed, name, and MMSI (Mobile Maritime Service Identity) status (Balduzzi, Pasta, and Wilhoit 2014). To further intensify an attack, the creation of fake vessels with all the same details of an existing vessel can be exploited, for example, having an Iranian vessel with nuclear cargo appear off the coast of the US. This compromises the confidentiality and integrity of the system.

Security issues in smart grid
Attacks on critical national infrastructure for energy, such as the reported attack by China and Russia on the United States (see Misra, Maheswaran, and Hashmi 2016), and the attacks on Ukraine have been discussed extensively in white papers, academic papers (see Liang et al. 2017) for example, and the wider press. These attacks are predominantly (though it may be argued not exclusively) attempting to disrupt availability in these cyberphysical systems. However, there are a number of other attacks known within Smart Grid technologies.
Attacks are not always at the national infrastructure level, but can occur further down the architecture. CEMS are more localised, and are used to determine and balance community power requirements, including deciding the size of generators and the capacity of transmission lines to be used over short periods of time to meet demand. CEMS have already been shown to be vulnerable to denial of service attacks as well as counterfeit messaging, compromising both availability and integrity.
Further down the architecture there is a significant growth in the rollout of smart metres. UK government figures state that by September 2016 there were over 500,000 smart metres installed in the UK. However, data transmitted over the internet by the smart meters have been shown to be unsigned and unencrypted (Greveler et al. 2012), compromising the confidentiality of the system.

Security issues in homes, buildings, and offices
There is a vast range of devices for the smart home promising intelligent resource efficiency through remote and instant access and control. Whilst such devices and services offer economic and functional benefits, they do increase security risks. The key risks that such devices represent are to confidentiality and privacy. Some issues, such as how energy consumption can provide inferences for profiling, have been discussed previously. So, too, have the use of connected home devices and their contribution to the Dyn attack. The types of devices that have been compromised already include cameras, printers, doorbells, weighing scales, and recently, in the UK in particular, home routers, among many others. Whilst lack of availability of these devices is inconvenient, when the power of all devices is combined into a botnet, the global impact can be significant.
As well as attacking the devices in smart homes and offices, hackers will target the building automation and control systems. Probably the most significant attack utilising access to internet-connected building control systems was the attack on Target. The attack originated by compromising the heating, ventilation, and air conditioning (HVAC) company supplying Target. The company will have had access to the Target network for remote monitoring and maintenance, and this will have provided an entry point into the system that the attacker could escalate from, thereby compromising the confidentiality of 40 million customer records. Of course, access to building systems for homes or offices carry a wider threat not just to confidentiality, but also to integrity and availability.

Privacy challenges in the IoT
Privacy is seen as a major concern in the IoT (Misra, Maheswaran, and Hashmi 2016;Sicari et al. 2015;Ziegeldorf, Morchon, and Wehrle 2014;Roman, Najera, and Lopez 2011;Gessner et al. 2012). The IoT has made an enormous quantity of data available, belonging not only to consumers such as is the case with the World Wide Web, but to citizens in general, groups, and organisations. This can be used to establish what we are interested in, where we go, and our intentions. Whilst this can provide great opportunities for improved services, it must be weighed against our desire for privacy. It is vital that consumers trust the services they engage with to respect their privacy. Trust is a fundamental element in the forming of any relationship, and is a vital factor in the adoption of new technology (Yan, Zhang, and Vasilakos 2014). People will not use new technology if they do not have sufficient trust in the safeguarding of privacy, security, and safety (Taddeo and Floridi 2011;IBM Watson Foundation 2015), and this is particularly true in complex systems such as the IoT.
Sensors, including those embedded in mobile devices, collect a variety of data about the lives of citizens. This data will be aggregated, analysed, processed, fused, and mined in order to extract useful information for enabling intelligent and ubiquitous services. Trust refers to the determining of when and to whom information should be released or disclosed (Yan and Holtmanns 2008).
In 2010 Facebook founder Mark Zuckerberg proudly stood on stage and announced that 'privacy is no longer a social norm'. This has been debated at length by a number of academics. In 2006, a privacy paradox was proposed (Barnes 2006), arguing that 'adults are concerned about invasion of privacy, while teens freely give up personal information'. This central thesis has been the subject of a great deal of academic work (it has in excess of 900 citations), with many academics demonstrating that this paradox exists in various contexts. However, changes have been observed, and recently the Oxford Internet Institute released a report that detailed a new privacy paradox. In the report, Blank, Bolsover, and Dubois (2014), argue that young people 'are much more likely than older people to have taken action to protect their privacy', and that the new paradox is based upon the notion that 'social life is now conducted online and that SNSs do not provide users with the tools that would adequately enable them to manage their privacy in a way that is appropriate for them'. A recent study by Pew Research Center (Rainie et al. 2013) found that 86 per cent of internet users have taken steps online to remove or hide their digital footprints. Techniques employed included clearing cookies, avoiding using their real name, encrypting email and using virtual networks to hide their internet protocol (IP) address.
Giving users more control over the collection and use of their personal information has been seen as an essential aspect of ensuring trust in distributed systems. Previous projects, such as the Platform for Privacy Preferences Project (P3P) have been designed to give users control when using web browsers. The P3P protocol, an initiative of the World Wide Web Consortium (W3C) initiated in 2002, allows websites to declare the intended use of data collected through web browsers. It was built upon the idea of translating website privacy policies into standardised machine-readable information to aid transparency and enable user choice. Unfortunately, the project ended prematurely, and there have been very few implementations. There are a number of reasons cited for the failure of P3P, centred around the lack of adoption by industry and users (Jøsang, Fritsch, and Mahler 2010). Specific reasons include a lack of adoption by websites  due to the drivers for businesses to adopt PET technologies (compliance, efficiency, and risk of brand damage) are not significant enough for a sufficient number of businesses ); a lack of adoption by browsers (Cranor et al. 2008); and a lack of acceptance by users, including cultural considerations that affect the international adoption of P3P Reay, Dick, and Miller 2009).
A variety of privacy enhancing technologies have been developed for ensuring privacy, including Virtual Private Networks, Transport Layer Security, DNS Security Extension, Onion Routing, and Private Information Retrieval (Weber 2010). Privacy Policy Languages are another type of PET, and the P3P project discussed earlier can be considered to belong to the PET class of PPLs (Wang and Kobsa 2009). PPLs can be categorised as external (declarative without enforcement) or internal (normative with support for enforcement); P3P falls in the former class. Other PPLs include SAML (Security Assertion Markup Language), XACML (an OASIS standard for access control), including PPL, A-PPL, and GeoXACML the extensions of XACML; XACL; SecPAL and its extension for specifying the handling of personally identifiable information, SecPAL4P; AIR (Accountability In RDF); XPref; P2U; EPAL; P-RBAC; FlexDDPL; Jeeves; PSLang; ConSpec; and SLAng (see Kasem-Madani andMeier 2015 andHenze et al. 2016 for more information). Whilst there exists a range of PPLs, none has emerged as the de facto standard, and large-scale adoption remains a challenge.

Consent
As mentioned previously, it is important to balance optimised and personalised service with the desire for privacy. One method of reconciling these competing objectives is to ensure the consent of the consumer to their data to be collected, stored, and shared. However, this brings about a number of challenges. Consent has traditionally been based on a system of transparency: a provider of a service should make clear what data is collected and what it is to be used for. Of course, there have been questions about whether presenting a consumer with 70 pages of detail is clear in itself, and this is now starting to be addressed by regulation. The draft General Data Protection Regulation (GDPR) Consent Guidance Document from the ICO in the UK (ICO 2017) states that whilst the Data Protection Directive stated that 'any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed', Article 4(11) of the GDPR states 'any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her'. If the IoT realises the vision of becoming ubiquitous, we will be interacting with systems without a physical interface. In this case (as noted by Peppet 2014), 'giving consumers data and privacy information and an opportunity to consent is particularly challenging'. The GDPR (2016) also requires consent to be granular and easy to withdraw. These are significant challenges with the absence of suitable interfaces to provide or revoke consent. These challenges will not only be in public areas, but within homes as IoT technology becomes embedded. For example, the data from the pressure sensors, IR sensors, and RFID systems are sufficient for an adversary to monitor and understand the human activities in a home. As an example, data associated with a smart fridge could be used to determine eating habits and health which, might affect the individual's life insurance with an insurance company. The use of sensors and intelligence is also growing in the production of toys. Smart toys have the ability to recognise the voice of, analyse, and interact with the child. These toys usually have external Bluetooth and Wi-Fi connection capabilities, which leaves the endpoints vulnerable to adversarial attacks (Dobbins 2015). These toys can expose children's personally identifiable information, and also leads to the fear of the children's location being tracked and making them vulnerable. In addition, these toys can be used to act as surveillance devices, or hijacked to behave inappropriately (Chaudron et al. 2017). This leads to the challenge for toymakers to incorporate security from the inception of connected toys (Nelson 2016). Parents who give children smart toys are either implicitly or explicitly giving consent for the data pertaining to their child to be collected, processed, stored, and transmitted. However, they are not, in general, empowered to consent to the handling of data of other children, a friend say, interacting with the toy. Without this explicit consent the personal data of the friend should not be handled. However, separating the two sets of data will be challenging, and it is likely that toys will handle data without explicit consent.
Privacy concerns within the IoT are not restricted to consumers, there can also be impacts on industry. The Industrial IoT is more complex than traditional ICT systems, due to the large attack surface with numerous attack vectors (Sadeghi, Wachsmann, and Waidner 2015). A proper definition of the privacy requirements needs to be formulated (Da Xu, He, and Li 2014). Beyond the risk of violation of sensitive employee or customer details, the potential loss of intellectual data opens up the possibility of competitors replicating the knowledge and capabilities of the victim organisation, which can undermine competitive advantage (Sadeghi, Wachsmann, and Waidner 2015). Whilst it is understood that industrial espionage, through an inside or other attack, can result in intellectual property theft, there are cases where indirect privacy compromises could lead to a leakage of intellectual capital. For example, if the data related to industrial orders are compromised, it not only gives a competitor the ability to predict the industrial supply of current goods and materials, but also future goods and innovative technologies currently in development. Similarly, data protection compromises could reveal the financial performance along with the business processes and business intelligence of an industry which could restrict the industry's ability to borrow money, or impact on its insurance premiums. This area has received little attention as yet.

Conclusions and further work
In this article we have discussed the origins of the IoT and how this has posed a major challenge to standardisation and a single overall vision. This, in turn, has given rise to challenges for security and assurance in the IoT.
Arguably the most significant challenge, but also the most fundamental, is to encourage standardisation and coordination in the IoT. This is not only difficult in terms of process and technology, but also politics. There needs to be consideration of all stakeholders and their conflicting views on the IoT. The P3P project shows the difficulties involved in gaining consensus and trust between parties that have different visions and interests.
The P3P project was laudable but faced considerable difficulties. An analogous system for the IoT would certainly be beneficial, but it is challenging to ensure that the outcomes are relevant and acceptable to all. If there is to be a protocol, analogous to P3P, to communicate how data are captured, processed, stored, and transmitted, and offer users a way to have choice and control regarding their data, it is important that lessons are learned from the P3P project. It is important that, for any standard to be successful, the project should be mindful of the politics involved. Privacy advocates may see the development as industrial subterfuge, a criticism that was levelled at the P3P project; the protocol should not allow services to create an illusion of privacy whilst gathering personal data. It should be recognised that any standard is likely to be only part of a solution, and as such, implementing the standard alone may not provide adequate protection. Therefore it is recommended that the standard should be used together with other privacy enhancing tools. Any standard should be developed in line with legal and regulatory compliance. If there is no compliance requirement or financial implication to not implementing the protocol, the business case for the protocol will fail. To maximise the probability of industry adoption and user acceptance, any protocol for managing consent in the IoT should be: . developed around firmly agreed principles, to ensure there is no mission creep and that the objectives are clear; . simple, economically efficient, and implementable; . mindful of any impact on current and future business models; . co-developed with industry bodies (service and infrastructure providers) and user representative groups; . developed in line with legal and regulatory compliance. If there is no compliance requirement or financial implication to not implementing the protocol, the business case for the protocol will fail.
Another key area that requires immediate attention is in the low power and low area (small form factor) aspects of the IoT. Challenges exist in developing attack-resistant solutions on such constrained devices, and an ability to detect, diagnose, and recover from attacks. Key protocol developments to address the problem of strong, low-budget security include the work of the IETF 6LoWPAN group, who have developed encapsulation and header compression mechanisms that allow IPv6 packets to be sent and received over low-rate wireless personal area networks. Nodes in these IEEE 802.15.4-based networks can operate in two secure modes: ACL mode (providing access only to trusted nodes) and Secure mode (providing confidentiality, message integrity, access control, and sequential freshness). Other protocols that are designed to address such issues include Host Internet Protocol (HIP), and Datagram Transport Layer Security (DTSL). The former is more efficient but the 'limited usage of HIP poses severe limitations' (Garcia-Morchon et al. 2013), whilst the latter is more interoperable, but offers poor performance. Key management, including storage and exchange, remains a significant challenge for resource-constrained IoT systems, as many current solutions for security rely on firmware with significant energy consumption overheads (Healy, Newe, and Lewis 2009).
Authentication and identification in IoT systems is fundamental for security and privacy. Obviously, systems based upon biometric identification, possibly combined with a token, may prove advantageous compared to existing systems, but care must be taken to ensure that the system is secure yet frictionless.
Significant progress has been made in the battle to ensure the authenticity of devices, streams, and services in the IoT. In particular, the development of Physical Unclonable Functions (PUFs) (see Suh and Devadas 2007;Tuyls and Škorić 2007;Guajardo, Kumar, and Schrijen 2007), can play a role in device authentication. A PUF has a complex and unpredictable yet repeatable mapping system of inputs to outputs. For efficient authentication, the function needs to be easy to evaluate and repeatable, and for security purposes it needs to be difficult to predict. Some weaknesses have been observed, such as ageing, which can make PUF responses unreliable (Maiti and Schaumont 2011), and improved schemes using enhanced challenge-response are being developed (Maiti, Kim, and Schaumont 2012). PUFs are being combined with embedded Subscriber Identity Modules (eSIMs) to provide authentication and access control. The eSIM is used to address issues of scalability, interoperability, and compliance with security protocols (Cherkaoui, Bossuet, and Seitz 2014).
Other areas requiring urgent attention include the need to adapt existing SSO mechanisms, or create new ones that better fit the IoT. Although some approaches address this need, proposing a hybrid architecture that combines all mechanisms through specially crafted middleware [6], this topic still needs research.
There is also a need for a standardised communication platform and architecture, with unified security considerations in intelligent transport systems, prioritising the incorporation of security in each layer of the architecture. Attacks have been shown to be feasible from the physical layer (through communications such as Bluetooth or DSRC), through to the network layer (such as CAN, LIN etc.), to the facilities layer by altering the ECUs, before finally affecting applications such as windscreen wipers and door locks.
Various Industrial IoT attacks have also shown SCADA vulnerabilities such as slow updates and authentication holes, paving the way for further attack vectors on the network. This raises a need for secure and reliable architecture that can protect an Industrial IoT from network to endpoint devices, which governs the functioning of an industry.
The IoT presents an opportunity to revolutionise the way we live and work. However, there remain a number of significant challenges to ensure that its potential can be realised without catastrophic consequences. There are numerous guidelines and best practices for security in the IoT available to individuals and organisations. The U.S Department of Homeland Security (DHS 2016) explains the risks and strategic principles of the IoT, and suggests best practices for devices and systems from design to operational. The Broadband Internet Technical Advisory Group (BITAG 2016), provide a, report that highlights the issues associated with general consumers installing IoT products by analysing and emphasising issues such as data leaks and privacy violations. Specific security requirements for connected vehicles and medical devices are recommended by the group I Am The Cavalry (Cavalry, 2014(Cavalry, , 2016. In the cellular domain, GSMA has produced a comprehensive overview report that investigates the availability, identity, privacy and security challenges of the IoT, presents guidance on the mobile solution and provides examples in different applications (GSMA Association 2016a). The overview report acts as a primer to the Service Ecosystem (GSMA Association 2016b) and Endpoint Ecosystem Reports (GSMA Association 2016c). The final report in the suite outlines security principles for network security, privacy considerations and the services provided by network operators (GSMA Association 2016d). Even with the guidance available, there remain challenges around the design, implementation, and management of the IoT. In this paper we have discussed some of these challenges, from defining and standardising the IoT, to specific challenges such as eliciting and managing consent. It is clear that significant progress is being made, but there is still a long way to go in the battle to secure the IoT.

Disclosure statement
No potential conflict of interest was reported by the authors.

Funding
This work was supported by Cyber Security of the Internet of Things [EPSRC Grant EP/N02334X/1].

Notes on contributor
Professor Carsten Maple leads the GCHQ-EPSRC recognised Academic Centre of Excellence in Cyber Security Research at the University of Warwick, where he is Professor of Cyber Systems Engineering and Director of Research in Cyber Security in WMG. Professor Maple has published over 200 peer reviewed papers and is co-author of the UK Security Breach Investigations Report 2010, supported by the Serious Organised Crime Agency and the Police Central e-crime Unit. His research has attracted millions of pounds in funding and has been widely reported through the media. Professor Maple is the Privacy and Trust stream lead for PETRAS, the UK Research Hub for Cyber Security of the Internet of Things. He is currently funded by a range of sponsors including EPSRC, EU, DSTL, the South Korean Research Agency, Innovate UK and private companies.