A Comparative Study between Security and Privacy

Adnan Ahmed Abi Sen Abdullah M. Basahel

College of Computing and Information Technology Faculty of Economics and Administration
King Abdulaziz University, Jeddah, SAUDI ARABIA King Abdulaziz University, Jeddah, SAUDI ARABIA
Email Id: adnanmnm@hotmail.com Email Id: abdullah.basahel@googlemail.com

Abstract New technologies like the Internet of Things (IoT), However, unprecedented access to all this data and the objects
Smart City (SC), and Big data have changed the way we look which are distributed ubiquitously causes to serious security
towards life. These technologies created integration between the and privacy challenges (e.g. penetration cases, violations for
physical and virtual world that paved the way for many services users' data, and revealing their sensitive information which has
that we could not imagine a decade ago for the users. The fuel for led to the loss of trust. Particularly, according to IoT, Privacy
these services is the sensed data, which can be collected anytime and Security are the most challenges limit and face the future
and anywhere by using sensors. However, these technologies and of IoT. If RXUGDWDLVQ¶WVHFXUHDQGour privacy is exploited by
their services have several challenges on their way ahead. This
either a hacker, un-trusted application, or malicious service
will decide how they will evolve in the future. The most sensitive
provider that means creating adverse effects on the whole
and critical challenges are security and p  
Unfortunately, there is no real comprehensive understanding of
XVHU¶VOLIH and the existed applications [3-4].
the two concepts so far. This paper highlights both concepts, Many countries raised concern about privacy along with
definitions, points of interests in each one, distinguishing aspects security and consider it as a crime required to be penalized,
and compatibility. In addition, few practical cases are discussed where the European law (in 2016) confirmed the user's right to
with a focus on security and privacy for the IoT environment. notice any disclosure of information practices before starting
to collect it. He has the right to express his opinion on how the
Keywords Privacy; Security; Internet of Things; Smart City; data is collected and used. He has the right to see everything
Cloud; Fog. collected from him and verify that the information is safe from
any unauthorized access. The General Data Protection
I. INTRODUCTION Regulation (GDPR) law has come for firms that collect, store
Our lives have become much like the virtual world. People are or process large amounts of users' information of the EU. It
able to work, communicate, shop, learn, control, monitor and asked them more openness about what data they have and
care for anything from anywhere, anytime, through the device, whom they share it [5-6].
across any network, doing anything or any job. Actually, there is no clear distinction between security and
All of the above would not have been integrated into our real privacy in the most of the researches, thereby there isn't
world without the digital revolution and the new technologies balancing among them, and that deepens the problem more and
and concepts, especially IoT, which is a modern term that more, where some applications need security and others need
contains anything that can connect to the Internet, which may privacy more. So the main contribution of this research is, it
reach 50 billion things by 2020 [1]. In the fact there is no H[SODLQV WKH GLIIHUHQFH EHWZHHQ ERWK WHUPV ³3ULYDF\´ DQG
common definition of Internet of things, however, the most of ³6HFXULW\´ LQ ,R7 HQYLURQPHQWV ZKHUH WKHUH DUH PXOWL-layers,
its definitions, refer to: multi-phases, and a lot of different applications and services.
Anything or many things that cooperate with each other,
connect to the Internet, generate any data, provide any service II. PRIVACY AND SECURITY DEFINITIONS
to any user and enable him to access these services and data Privacy is a concept related to XVHUV¶ data, especially the
from anywhere and at any time by any possible or available sensitive one, which should not be shared with everyone or
means (network). shared only with the RZQHU¶V ZLVh. This prevents any
The smart things of IoT are the objects that have unique exploiting, accessing without permission, or using it. So,
IDs/Addresses, connection to the network, and are able to privacy means that every person has the right to determine the
sense data, share it, and able to interact with other things level of his/her interaction with the environment, or the
without the need of interventionfrom the user. amount of data allowed in this participation.
The most important issue in IoT is the data that is Security is an older concept that deals with several issues such
collected/sensed from users and their environments by IoT as access control for data, encryption, and secure connectivity
devices especially Wireless Sensor Networks (WSNs) and and securing data from hacking and alteration by
Radio-Frequency Identification (RFID) tags, where this data is cybercriminals [7-8].
the base for every enhancement the services that are provided
by IoT. Another significant property for IoT is the relation III. IOT LAYERS AND PHASES
among machines themselves (M2M) without any human There are main four layers of IoT architecture and four phase
interference and that has paved the road to a novel type of of data, where security/privacy has to be maintained in one or
smart services, and applications [2].

c
978-93-80544-34-2$31.00 2019 IEEE 1282

Authorized licensed use limited to: University of West London. Downloaded on December 28,2021 at 13:46:44 UTC from IEEE Xplore. Restrictions apply.
more of these layers and phases according to the service or x Availability: Assuring that the service/system is available
application (Fig 1) [9]. The layers are: 24/7. This prevents the denial of service or any reason
x Perception Layer (Sensing/Recognition/Devices Layer): it could cause stopping for the system. Hardware and
senses, measures, collects the data from IoT devices as software techniques can be used here to provide the
WSNs, RFID, GPS, Smart Phones, etc. about user/thing availability.
identification or environment conditions (such as WSN, x Authentication: is a method to prove the identity, where
heterogeneous devices, humidity, and temperature etc.) in the authentication is done when the user has a credential
addition, some processing can be applied on sensed data (as username and password). Accountability: is connect
here. each action/data to someone to ensure the responsibility
x Communication Layer (Networking Layer & Transporting and transparency.
Layer): it is responsible for the connection between devices
x Prevent Threat, Hacking attacks on system or data
themselves (Machine to Machine M2M) or between the
devices and gateways. The communication between things x Trust: TKHUH LVQ¶W VHFXULW\ ZLWKRXW Wrust between the two
will use short-range technologies such as RFID, Bluetooth, sides of transmission or between SP and clients.
Near-Field Communication (NFC), Low Power Personal x Policy: Security requires applying specific
Area Network (6LoW-PAN), or WSN (PAN/LAN). While policies/validation on data before submission.
the connection with the gateway network will be
B. For privacy
(LAN/WAN). This layer is the brain of IoT architecture
where routing and smart gateway exists. It transmits data x Traceability: it is related to the ability of tracking type of
between the perception and application layers after information about an object as identity, queries, locations,
collecting it from the first layer and then sending it to the dates, etc. that required for many of application as
third layer. It is the integration between the internet business or health apps, however, Privacy seeks to prevent
(Transport as UDP/TCP) and communication-based tracking of objects.
networks (Connectivity). x Link-ability: it means linking data as query, location,
x Management Layer: this layer controls and manages the nicknames, to specific user/object. Privacy seeks to
data that come from the first layer, the second layer to this prevent link-ability.
third layer. It is responsible for storing, analyzing, x Identifiability: Privacy seeks to prevent it, and encourage
visualizing, and security, etc. on hiding identity of objects or replacing it with fake ones.
x Application and Services Layer (Business Layer): it is
x Prevent misusing data or unauthorized usage for it.
where the industrial and consumer applications and
services reside. The application layer is considered as a top x Prevent profiling
layer of IoT architecture. This layer provides personalized x Prevent analysis data to detect new knowledge about the
based services according to the user needs. This layer is the user/object
link between the users and applications. x Prevent localization for user/object
x Trust: Privacy prefers using services without the need to
IV. PRIVACY AND SECURITY CONCERNS trust.
Privacy differs from security in terms of interests, however, at x Access control: the user has the right to access and
the same time, there are intersections and integration between manage his data at any time.
both concepts, Fig 2 shows these concerns [10-18].
V. PRIVACY VS. SECURITY
A. For security
This part presents some compression issues between security
x Confidentiality: It is the protection of the personal data by and privacy [4-18]:
encrypting it or hiding it when this data is stored or moved x A security preserves data between A-user and B-user
between two parties as SP and client, thereby no one can where a trust with B-User, while in privacy A-User gives
view this data, and that enhances the trust between the two B data for taking some services, however, it is not
parties. Any type of data can be confidential according to required from A to trust with B.
the type of application, but usually, passwords and
x In the privacy, the attacker has to collect more data about
accounts have to be secret and confidential. Many
the user to analyze it and detect new information, while in
algorithms of encryption/ steganography are used with
security only an information can break the security like
different keys/techniques to achieve confidentiality,
the password or key.
however, to achieve more security you need more
x The most important in privacy is data, so if an attacker
resources.
steals data, he will not be able to get knowledge of the
x Integrity: Maintaining the accuracy and consistency of
user, while in security it is more important to detect the
data over its entire life-cycle, and preventing any data
attack, attacker, and prevent them.
alteration (adding, updating, or deleting). Hashing
x 3ULYDF\LVQ¶WUHODWHGVRPXFKWRKDUGZDUHDVVHFXULW\
algorithm can be used here as MD5.

6th International Conference on Computing for Sustainable Global Development (INDIACom). 1283

Authorized licensed use limited to: University of West London. Downloaded on December 28,2021 at 13:46:44 UTC from IEEE Xplore. Restrictions apply.
 x Privacy will be more important if we deal with the tracking for users by adding noise for data, sending dummy
external party, not if the whole system for me then the data, or hiding the identity of the user [20-21].
security will be better. In WSNs/RFID applications, security concerns about
x In WSN application, the privacy of data will be very preventing any potential attack on devices or data will privacy
important because there are many eavesdroppers. concerns about preventing an attacker from getting useful
x Protecting only sensitive data is a very important issue in knowledge if it succeeds in steal the data or tapping on it [22-
privacy. 23].
x Stolen data is related to security more than privacy In marketing and shopping, security works to protect all
x There are many differences between privacy and security, information about seals, and customers will privacy works on
also in their applications, however, at the same time, there preventing profiling user data and analysis it to get new
are many integrationsor overlaps. information about his shopping habits [24-25].
x The reputations issue is important for privacy. Many of other applications as VPDUWFLW\DSSVWKHGDWDGRHVQ¶W
need to be encrypted but at the same time, we should be
x Trust is important for security, but it is not preferred with
privacy insured, if this data collected by any third party and analyzed,
no any sensitive information will be detected [26].
x The attacker for privacy can use many of techniques
Some sensitive applications as military require integrated
where each one gives him additional information.
between privacy and security to achieve comprehensive
x There are attacks for privacy and different attacks for
protection and reduce the size of plenty if any attack occurred
security
[27].
x There are metrics for privacy and metrics for security
x There are techniques for privacy and other for security. VI. TECHNIQUES PRESERVING SECURITY VS. PRIVACY
x The manufacturers care more about their hardware The most of the security mechanisms depend on encryption,
security than the privacy of the user. hashing, digital signature, filtering data, steganography, etc.
Privacy concerns about protecting the most sensitive parts of however the difference between these techniques mostly
data, in all phases, which is divided into five parts as depicted related to the algorithm of encryption [28-31].
in fig 3. While in privacy there are more diversity where there are (K-
It should be noted that despite the great difference in the two Anonymity techniques to hide the identity, dummy to prevent
concepts, there is also significant overlap between them at the attacker to distinguish between true and false information,
same time. obfuscation to add noise on data before sending, PIR to
retrieve huge data from SP which will be not able to determine
ZKDW WKH H[DFWO\ XVHU¶V TXHU\ FRRSHUDWLRQ EHWZHHQ XVHU WR
protect their (locations, identities, or queries), depending on
WKLUGSDUW\WRKLGHXVHU¶,'IURP63HWF [32-38].
VI. CONCLUSION
Fig. 3. Sensitive data parts of IoT query This research provided detailed information about security and
V. IOT APPLICATION privacy. In this work, we tried to make the difference between
these two concepts easier and clearer, especially in the IoT
The Internet promises to provide opportunities to create strong
environment. Although there are many dissimilar issues
industrial and business systems with Wi-Fi applications, RFID
between them. However, the integration between them is very
devices, mobile sensors such as health, energy, infrastructure,
important for many applications. The balancing among
learning, environment, communication, military, transportation
security and privacy will get significantly interesting 2020
systems, road traffic, bus tracking, agriculture, food, security,
while dealing with more than 50 billion things connected to the
and surveillance and many other applications. In Fig 4, there
Internet which will observe every event in our life and the
are many examples of these domains and applications.
world.
Some applications require privacy more than security and
others requires security more than privacy, for example, in REFERENCES
health application, security means to ensure that the user data
[1] Kumar JS, Patel DR (2014) A survey on internet of things: Security and
will be secured through sending and storing its data in the privacy issues. Int J Comput Appl 90(11)
database of SP by using encryption technique, while privacy [2] Sen, A. A. A., Eassa, F. A., Jambi, K., & Yamin, M. (2018). Preserving
prefers to get the service without linking the data and without privacy in internet of things: a survey. International Journal of
storing personal information to prevent revealing the user Information Technology, 10(2), 189-200.
identity. That can be achieved by using K-Anonymity [3] Fouz, F., & Sen, A. A. (2016). PERFORMANCE AND SCHEDULING
OF HPC APPLICATIONS IN CLOUD. Journal of Theoretical &
technique. So if the data accessed by an attacker or by SP itself Applied Information Technology, 85(3).
there is no threat to the user because it is anonymous [19]. [4] Schrammel J, Hochleitner C, Tscheligi M (2011) Privacy, trust
In location-based services (LBS), security means protecting SP and interaction in the internet of things. In: International joint
from an attack, while privacy concerns about preventing conference on ambient intelligence. Springer, Berlin, pp 378±379

1284 6th International Conference on Computing for Sustainable Global Development (INDIACom).

Authorized licensed use limited to: University of West London. Downloaded on December 28,2021 at 13:46:44 UTC from IEEE Xplore. Restrictions apply.
[5] Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D (2014) Security of the internet [23] $ .KDWWDE = -HGGL ( $PLQL DQG 0 %D\RXPL ³,QWURGXFWLRQ to
of things: perspectives and challenges. Wireless Netw 20(8):2481±2501 5),'´LQ5),'6HFXULW\, Analog Circuits and Signal Processing, pp. 3±
[6] Zhou J, Cao Z, Dong X, Vasilakos AV (2017) Security and privacy for 26, Springer International Publishing, Cham, 2017.
cloud-based IoT: challenges. IEEE Commun Mag 55(1):26±33 [24] Yamin M, Al Harbi O (2016) Online shopping adoption in Saudi Arabia:
[7] Sicari S, Rizzardi A, Grieco LA, Coen-Porisini A (2015) Security, An empirical research. Int Multiling Acad J 2(1)
privacy and trust in internet of things: the road ahead. Comput Netw [25] Yamin M, A Al Amri S (2016) Mobile applications and customers
76:146±164 satisfaction in saudi electricity company. Int Multiling Acad J 2(1)
[8] Takabi H, Joshi JB, Ahn GJ (2010) Security and privacy challenges in [26] Abi Sen A, Albouraey F, Jambi KA (2017) Preserving privacy of smart
cloud computing environments. IEEE Secur Priv 8(6):24±31 cities based on the fog computing. In: Smart societies infrastructure,
[9] Yamin, M., Basahel, A. A., & Abi Sen, A. A. (2018). Managing Crowds technologies, and applications (SCITA), Springer
with Wireless and Mobile Technologies. Wireless Communications and [27] Ghoreyshi, S. M., Shahrabi, A., & Boutaleb, T. (2017). Void-handling
Mobile Computing, 2018. techniques for routing protocols in underwater sensor networks: Survey
[10] Wernke M, Skvortsov P, Du¨ rr F, Rothermel K (2014) A classification and challenges. IEEE Communications Surveys & Tutorials, 19(2), 800-
of location privacy attacks and approaches. Pers Ubiquit Comput 827.
18(1):163±175 [28] Ernvall, A. M., & Nyberg, K. (2003, September). On server-aided
[11] Ziegeldorf JH, Morchon OG, Wehrle K (2014) Privacy in the internet of computation for RSA protocols with private key splitting. In Proceedings
things: threats and challenges. Secur Commun Netw 7(12):2728±2742 of Nordsec.
[12] Zhang K, Ni J, Yang K, Liang X, Ren J, Shen XS (2017) Security and [29] Babar, S., Stango, A., Prasad, N., Sen, J., & Prasad, R. (2011, February).
privacy in smart city applications: challenges and solutions. IEEE Proposed embedded security framework for internet of things (iot).
Commun Mag 55(1):122±129 In Wireless Communication, Vehicular Technology, Information Theory
[13] Weber RH (2010) Internet of things-new security and privacy challenges. and Aerospace & Electronic Systems Technology (Wireless VITAE),
Comput Law Secur Rev 26(1):23±30 2011 2nd International Conference on (pp. 1-5). IEEE.
[14] Wang J, Zhang Z, Xu K, Yin Y, Guo P (2013) A research on security and [30] Al-Rahal, M. S., ABI SEN, A. D. N. A. N., & Basuhil, A. A. (2016).
privacy issues for patient related data in medical organization system. Int High level security based steganoraphy in image and audio files. Journal
J Secur Appl 7(4):287±298 of Theoretical & Applied Information Technology, 87(1).
[15] Roman R, Zhou J, Lopez J (2013) On the features and chal lenges of [31] Cirani S, Picone M, Gonizzi P, Veltri L, Ferrari G (2015) Iot-oas: an
security and privacy in distributed internet of things. Comput Netw oauth-based authorization service architecture for secure services in iot
57(10):2266±2279 scenarios. IEEE Sens J 15(2):1224±1234
[16] Thierer AD (2014) The internet of things and wearable technology: [32] Niu B, Li Q, Zhu X, Cao G, Li H (2014) Achieving k-anonymity in
addressing privacy and security concerns without derailing innovation. privacy-aware location-based services. In: INFOCOM, 2014 proceedings
Richmond J Law Technol 21(1) IEEE. IEEE, pp 754±762
[17] Thierer AD (2015) The internet of things and wearable technology: [33] Shankar P, Ganapathy V, Iftode L (2009) Privately querying location-
addressing privacy and security concerns without derailing innovation. based services with Sybil query. In: Proceedings of the 11th international
Richmond J Law Technol 21(2) conference on ubiquitous computing. ACM, pp 31±40
[18] Bhattasali T, Chaki R, Chaki N (2013) Study of security issues in [34] Alrahhal, M. S., Ashraf, M. U., Abesen, A., & Arif, S. (2017). AES-
pervasive environment of next generation internet of things. In: Route Server Model for Location based Services in Road
Computer information systems and industrial management. Springer, Networks. International Journal Of Advanced Computer Science And
Berlin, pp 206±217 Applications, 8(8), 361-368.
[19] Mendelson, D., & Wolf, G. (2017). ³Health Privacy and [35] Rebollo-Monedero D, Forne J, Domingo-Ferrer J (2012) Query
Confidentiality´Chapter 23, in Tensions and Traumas in Health Law, I [36] profile obfuscation by means of optimal query exchange between users.
Freckelton and & K Petersen (Eds) Sydney: IEEE Trans Dependable Secure Comput 9(5):641±654
[20] Xu, T., & Cai, Y. (2007, November). Location anonymity in continuous [37] Xu T, Cai Y (2009) Feeling-based location privacy protection for
location-based services. In Proceedings of the 15th annual ACM location-based services. In: Proceedings of the 16th ACM conference on
international symposium on Advances in geographic information computer and communications security. ACM, pp 348±357
systems (p. 39). ACM. [38] Yamin M, Sen AAA (2018) Improving privacy and security of user data
[21] Xu T, Cai Y (2008) Exploring historical location data for anonymity in location based services. Int J Ambient Comput Intell (IJACI) 9(1):19±
preservation in location-based services. In: INFOCOM 2008. The 27th 42
conference on computer communications. IEEE, pp 547±555 [39] Sen, A. A. A., Eassa, F. B., Yamin, M., & Jambi, K. (2018). Double
[22] Z. Chen, A. Liu, Z. Li, Y.-J. Choi, H. Sekiya, and - /L ³(QHUJ\- Cache Approach with Wireless Technology for Preserving User
Efficient Broadcasting Scheme for Smart Industrial Wireless Sensor Privacy. Wireless Communications and Mobile Computing, 2018
1HWZRUNV´0RELle Information Systems, vol. 2017, Article ID 7538190,
17 pages, 2017.

Fig. 1. Layers, Phases, and Components of IoT

6th International Conference on Computing for Sustainable Global Development (INDIACom). 1285

Authorized licensed use limited to: University of West London. Downloaded on December 28,2021 at 13:46:44 UTC from IEEE Xplore. Restrictions apply.
 Fig. 2. Privacy vs. Security concerns

Fig. 4. IoT applications Figure

1286 6th International Conference on Computing for Sustainable Global Development (INDIACom).

Authorized licensed use limited to: University of West London. Downloaded on December 28,2021 at 13:46:44 UTC from IEEE Xplore. Restrictions apply.