1.    Introduction 

One of the most visible product groups in electronics development is IoT devices, which have exploded in many areas of our lives due to significant power consumption and size reduction. IBM estimates the number of devices connected to a network will reach globally, 50 trillion by 2020. Another calculation method, market analysis, already has more than 20 trillion IoT devices in use worldwide and the value of related services will be close to $ 3 trillion by 2020. (Kao, Y. S., et al. 2019) 

With the rapid development of electronic devices and batteries, our devices have become smaller and more sophisticated. We can now cram an entire computer into a wristwatch that has a touch screen, wireless network connection and a large number of different sensors. Not only has the size of these products shrunk but the prices have also fallen drastically, they are selling fitness bracelets for $ 5 that measure our physical activity and transfer the data to our mobile phone or PC. Most of these devices come from unknown or far eastern manufacturers, and many of them are not working in the long term. (According to estimates, wearable fitness trackers alone will have annual sales of more than $ 48 trillion in 2023.)

·         What happens to the personal information what these companies collect?

·         Are the applications included with the device safe, and are updated regularly to eliminate any errors that may occur?

·         Who, where and how are they transmitted and store our data?

·         Are the safety requirements in line with European Union standards (MCCANN, J.A. et al., 2019)?

There are many similar issues that can arise with similar tools. The value of our personal data often exceeds the purchase value of these devices, so it is more profitable for the manufacturer to resell our data than to sell the product. When will a loss-making company decide to generate illegal revenue from the sale of our data? 

This topic is inexhaustible, so it is not possible to fully investigate it, but in this report we will try to review some of the major cyber security related knowledge.

 2.    Rationale for IoT area  

IoT devices can be used in countless areas. The largest user is, of course, industry and organizations, but individuals are also increasingly using tools in their daily lives. A significant part of their one-of-a-kind device appears in utility devices, such as vehicles or household appliances, but they do not collect personally specific data. Our most sensitive personal information, such as our health or daily activities, is collected by us from wearable IoT devices and passed on to organizations beyond our control. This makes it easy to see how important the safe operation of these devices is for our peaceful lives. 

3.    Target Audience 

Wearable sensors can be classified into two large groups in terms of user grouping. The first group is healthy people who use it to maintain their health or control their sports performance. The second group includes sick or injured people who need such equipment in their health care. Of course, the two groups are not completely differentiated and the sensors that can be used are in most cases the same, but according to the law they do not fall into the same category. Because anyone can have a health problem, anyone can be subject to IoT devices. 

There is one more group to talk about on the subject, namely those who work or do research in the field. 

4.  Importance of Issue to big data and security– key issues 

As the number of IoT devices increases, the amount of data they collect also increases proportionally, which must be transmitted and stored in some form. Currently, most of the data collected is neither used and nor analysed. Although 98% of those involved do some analysis, 97% said it is difficult to derive real value from this data. Also, one third of the industry does not use network features in their business decisions. The biggest shortcoming at the moment is protecting data against external threats with an appropriate security system. (Hyun Jung L. & Myungho K. 2018)

Similar results were obtained by Jatoth, C., Gangadharan, G.R. and Buyya, R. in a 2019 study entitled 'Optimal Fitness Aware Cloud Service Composition Using an Adaptive Genotypes Evolution-Based Genetic Algorithm', where data collected from fitness devices was stored in cloud-based storage. Simultaneous use of a large number of users and data search causes serious problems for system operators. The study attempted to construct an optimal storage and retrieval algorithm using sophisticated mathematical formulas and detailed data analysis, but concluded that although the system is working in the future, further research is needed to build an even more efficient system.

Another research on fitness data access was published in 2018 called 'Permission Analysis of Health and Fitness Apps in IoT Programming Frameworks'. The research looked at the most popular fitness device platforms like Google Fit, Apple's HealthKit, Microsoft's HealthVault or Samsung's Digital Health Platform. Some of these platforms also allow third-party applications to run, but they provide access to data from each platform using APIs. The study finally examined the use of APIs created by third-party applications on 20 Google Fit devices and found that nearly 30% of them provided over-privilege.

5.    Impact on Society – critical discussion of the threats to either individuals in society or to organisations

According to a 2017 publication entitled 'Redefining cyber security with big data analytics', Cyber Security has the following areas:

•          Information Security
•         Network Security
•          Application Security
•          Operational Security

All of these appear when IoT devices are used by both individuals and organisations. However, it is the sole responsibility of the distribution or operating companies to ensure these conditions. It is up to individuals to adhere to the rules established by the companies to the extent they can expect. To operate a system safely, both parties are needed. If either one does not do its job, the system becomes vulnerable.

a.    Organisations 

IoT and CPS (Cyber-Physical Systems) will transform our lives in the coming years. This has also been recognized by the European Union and has for many years supported significant projects such as smart cities and other research. A good example of this is the ARTEMIS Industry Association, which employs 170 people and has received 50 million grants for the European IoP Platform Initiative Program (MCCANN, J.A. et al., 2019). Another good example is the city of Santander in Spain, where almost 12,000 sensors have been installed to operate the city since the beginning of 2010. These sensors are used to control the city's traffic, parking system, water service, and waste management applications. It's easy to see how much damage a cyberattack can do to these networked sensors if it affects our daily lives so much.

The study 'Cyber Security Threats Detection in the Internet of Things Using Deep Learning Approach' was published in IEEE publications a few months ago in 2019, which investigates the detection of threats to organizations. According to the study, in 2016, 39% of software was illegally sourced from unofficial sources, most of which were modified by distributors and may contain Malwares. This year alone, software development companies were hit by $ 52 trillion in illegal use. Detecting these software’s consumes significant resources from organizations. The first step is to identify modified applications, which can be a good way to examine source code or monitor data traffic. 

Another factor for organizations is the network service itself. Not all IoT devices can connect directly to the Internet, so you may need to build other networks. The routing protocol for such low-performance networks may be the Lightweight On-Demand Ad-Hoc Routing Protocol — Next Generation (LOADng) standard. This standard is addressed by Sobral J et al., Published in 2019, but also examines other usable standards. The summary of the study reveals how hard to organize devices with different network connections into a working network and then organize the data collected in a format that can be securely transmitted over the Internet. 

A similar conclusion was drawn by Triantafyllou A, et al., In his 2018 publication "Network Protocols, Schemes, and Mechanisms for the Internet of Things (IoT): Features, Open Challenges, and Trends," analysing network platforms. This study concludes that current network platforms are not fully capable of addressing the challenges posed by changing expectations, so either current protocols need to be developed or new ones created. 

This statement is supported by an earlier publication, which lists in great detail the possible protocols and standards, including communication and security aspects. This means that, although the problem has been known for years, no solution has yet been found. Salman, T. and Jain, R. (2016)  

b.    Individuals

One possible use of smart watches and bracelets is a mobile application for women's safety that monitors built-in sensors and automatically alerts authorities in the event of a possible attack. To do this, they can monitor your heart rhythms, temperatures, movement and your location. This is analysed in a 2017 publication titled 'Watch Me', but if this information goes into unauthorized hands, it will make it easier for malicious people to attack. 

For similar uses, a 2016 study, "A Two-Stage Fuzzy Logic Approach to Internet of Things (IoT) Wearable Devices", analyzes applicable sensors, which concludes that it is advisable to store them in a cloud storage for event reconstruction or analysis of the collected data. However, after an attack, these stored data can be accessed from anywhere in the world and they do not have the necessary security systems to obtain them easily. 

This is the final conclusion a third study is going to be published in 2014 called 'Security / privacy of wearable fitness tracking IoT devices'. This study concludes that the devices studied, such as FITBIT uses your social audiences for identification, access and data communication. Recently, however, it has become apparent how vulnerable these large social networks are. For example, in April 2019, 540 million records were lost from Facebook servers and other significant phishing attacks are related to this provider.

Individuals need to look at another source of danger, namely the dangers of using these devices. Such as games that can be played on smart watches. Williams, M., and his colleagues conducted several opinion polls in 2019 on the subject. Half of the respondents said they would use the device for game. However, due to its size, high levels of concentration are required during use, so we are not able to respond adequately to hazardous situations in the environment during play.

Future uses of wearable sensors in the home environment are analysed in the 2019 publication IoT Wearable Sensor and Deep Learning: An Integrated Approach for Personalized Human Activity Recognition in a Smart Home Environment. If the predicted use becomes widespread, it can capture our most intimate home activities and analyse long-term data to easily predict when we are most vulnerable to physical and electronic attacks.

The examples above show that recently only our basic personal information was stored in databases that they operate independently. Nowadays, this has been supplemented with information about our online activities like browsing, online shopping, and social connections. In the future, however, IoT devices will also capture our motion, physiological data, and the more data our enemies acquire, the more vulnerable they will be.

6.    Professional and ethical issues

Due to the size of the topic, professional and ethical expectations cannot be precisely delineated. But basically, it can be said that professionals working in this area should follow current standards and legal requirements. However, as these are lagging behind, improvements need to be addressed and changes must be adopted as quickly as possible in legacy systems. Ideally, security should first be built and then sold, but technological advancement is a major challenge for everyone, and no vulnerabilities exist so security holes need to be patched all the time.

From an ethical point of view, it is important to emphasize once again how sensitive IoT devices collect personal information about us. Because applications store not only measured data, but also our payment data set for extra services, for example. And it is not only healthy people who use such devices, but also people who are ill within the health care system and who are even more vulnerable.

7.    Conclusions

In the introduction to this report, we raised the first concern of emerging security with using wearable IoT devices. However, during the writing of the report it revealed that the topic is much more complex and not enough to answer with these basic questions, but also need technological improvements and regulations. Network communication, data storage, and security systems are only running after emerging needs, but are lagging behind for years. Unfortunately, central regulation is no better, because even one of the most advanced states in the US does not have a single strategy for IoT devices. (Tschider, C.A. 2018)

8.    References

  ‘A smart watch for women security based on iot concept “watch me”’ (2017) 2017 2nd International Conference on Computing and Communications Technologies (ICCCT), Computing and Communications Technologies (ICCCT), 2017 2nd International Conference on, p. 190. doi: 10.1109/ICCCT2.2017.7972266.

‘A two stages fuzzy logic approach for Internet of Things (IoT) wearable devices’ (2016) 2016 IEEE 27th Annual International Symposium on Personal, Indoor, and Mobile Radio Communications (PIMRC), Personal, Indoor, and Mobile Radio Communications (PIMRC), 2016 IEEE 27th Annual International Symposium on, p. 1. doi: 10.1109/PIMRC.2016.7794563.

‘Cyber Security Threats Detection in Internet of Things Using Deep Learning Approach’ (2019) IEEE Access, Access, IEEE, p. 124379. doi: 10.1109/ACCESS.2019.2937347.

Hyun Jung L. & Myungho K. (2018) ‘The Internet of Things in a Smart Connected World’, In book: Internet of Things - Technology, Applications and Standardization, DOI: 10.5772/intechopen.76128, Available at: https://www.researchgate.net/publication/326752232_The_Internet_of_Things_in_a_Smart_Connected_World (Accessed: 23 November 2019).

‘IoT Wearable Sensor and Deep Learning: An Integrated Approach for Personalized Human Activity Recognition in a Smart Home Environment’ (2019) IEEE Internet of Things Journal, Internet of Things Journal, IEEE, IEEE Internet Things J, (5), p. 8553. doi: 10.1109/JIOT.2019.2920283.

Jatoth, C., Gangadharan, G. R. and Buyya, R. (2019) ‘Optimal Fitness Aware Cloud Service Composition using an Adaptive Genotypes Evolution based Genetic Algorithm’, Future Generation Computer Systems, 94, pp. 185–198. doi: 10.1016/j.future.2018.11.022.

Kao, Y.-S., Nawata, K. and Huang, C.-Y. (no date) ‘An Exploration and Confirmation of the Factors Influencing Adoption of IoT-Based Wearable Fitness Trackers’, INTERNATIONAL JOURNAL OF ENVIRONMENTAL RESEARCH AND PUBLIC HEALTH, 16(18). doi: 10.3390/ijerph16183227.

MCCANN, J. A. et al. (2019) ‘Connected Things Connecting Europe’, Communications of the ACM, 62(4), pp. 46–51. doi: 10.1145/3312563.

‘Permission Analysis of Health and Fitness Apps in IoT Programming Frameworks’ (2018) 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 2018 17th IEEE International Conference On, TRUSTCOM-BIGDATASE, p. 533. doi: 10.1109/TrustCom/BigDataSE.2018.00081.

‘Redefining cyber security with big data analytics’ (2017) 2017 International Conference on Computing and Communication Technologies for Smart Nation (IC3TSN), Computing and Communication Technologies for Smart Nation (IC3TSN), 2017 International Conference on, p. 199. doi: 10.1109/IC3TSN.2017.8284476.

Salman, T. and Jain, R. (2016). NETWORKING PROTOCOLS AND STANDARDS FOR INTERNET OF THINGS. In Internet of Things and Data Analytics Handbook, H. Geng (Ed.). doi:10.1002/9781119173601.ch13

‘Security/privacy of wearable fitness tracking IoT devices’ (2014) 2014 9th Iberian Conference on Information Systems and Technologies (CISTI), Information Systems and Technologies (CISTI), 2014 9th Iberian Conference on, p. 1. doi: 10.1109/CISTI.2014.6877073.

Sobral J, Rodrigues J, Rabelo R, Saleem K, Furtado V. LOADng-IoT: An Enhanced Routing Protocol for Internet of Things Applications over Low Power Networks. Sensors (Basel). 2019;19(1):150. Published 2019 Jan 3. doi:10.3390/s19010150

Triantafyllou A, Sarigiannidis P, and Lagkas T. D., “Network Protocols, Schemes, and Mechanisms for Internet of Things (IoT): Features, Open Challenges, and Trends,” Wireless Communications and Mobile Computing, vol. 2018, Article ID 5349894, 24 pages, 2018. https://doi.org/10.1155/2018/5349894

Tschider, C. A. (2018) ‘Regulating the Internet of Things: Discrimination, Privacy, and Cybersecurity in the Artificial Intelligence Age’, Denver Law Review, (Issue 1), p. 87. Available at: http://search.ebscohost.com/login.aspx?direct=true&db=edshol&AN=edshol.hein.journals.denlr96.6&site=eds-live&scope=site (Accessed: 12 November 2019).

Williams, M., Nurse, J. R. C. and Creese, S. (2019) ‘(Smart)Watch Out! encouraging privacy-protective behavior through interactive games’, International Journal of Human - Computer Studies, 132, pp. 121–137. doi: 10.1016/j.ijhcs.2019.07.012.