MIPRO 2016, May 30 - June 3, 2016, Opatija, Croatia
Security challenges of the Internet of Things Mario Weber, MsC Croatian Regulatory Authority for Network Industries Mihanoviceva 9, HR-10110 Zagreb, Croatia; e-mail:
[email protected] Marija Boban, PhD University of Split Faculty of Law Domovinskog rata 8, 21000 Splilt; e-mail:
[email protected] Abstract — Internet of things (furthermore IoT) by definition refers to a networked interconnection of devices in everyday use that are often equipped with ubiquitous intelligence. It is based on processing of large quantities of data in order to provide useful information/service and enables an efficient regulatory policy in the area of IoT. One of the key challenges for the realization of the IoT includes security challenges, especially in the area of privacy and confidentiality among management of heterogeneities and limitations of network capacities. Those challenges will be based on information security management systems as well as on legal foundations. When considering the legal framework of security and privacy of the IoT, it has to be determined which model of regulation should be applied. Thereby, no traditional government regulation is actually appropriate for a global system such as IoT. The most important foundation consequently will be the regulatory foundations of European union (on the territory of EU) and, consequently building the model of self-regulation based partly on state and mostly on law international agreements which are to be considered as tools to govern the IoT. This paper gives an insight into the most important security challenges related to implementation of IoT and building appropriate regulatory framework. Adoption of the regulatory framework is crucial for the development of IoT services due to adequate legal security companies will get. Key words: security, IoT, challenges, privacy, data, confidentiality, regulation
INTRODUCTION The Internet, or how we like to refer to it, the World Wide Web, is no longer merely a network of computers but it also connects different devices that are able to send and receive information about the status of devices connected to the network. The Internet of Things (hereinafter: IoT) is a concept allowing for the networking of different things and objects from everyday life and their everyday communication over the Internet, without human interaction, with a view to improving the conditions and way of life. The term Internet of Things was employed for the first time by Kevin Ashton, the director of MIT's Auto-ID centre, in 1999 in his presentation for Procter & Gamble, but it took a few years for the term to enter into more frequent use. IoT was formally introduced as a term in 2006 by the International Telecommunication Union (ITU) in its Internet report [1]. With the development of IoT technology, every device in our surroundings will be able to communicate with another device and send information to that device or control it, depending on the collected information. The Internet of Things is a network connecting objects from different environments into a single large network
based on the Internet Protocol, and it is a basis for the development of the so-called smart environments, such as smart houses, factories or even cities. As opposed to the former vertical development of individual areas and technologies (from technologies for connecting mobile devices, wireless sensory networks, processing of large quantities of data), the addition of a new middleware permits the realization of the concept of the Internet of Things. The middleware enables the connection of different technologies and platforms and it is a platform for the development of advanced services without the need to possess knowledge about every technology separately with a view to developing new services [2]. The networking of a large number of objects in our surroundings will result in a larger quantity of generated data that must be stored, processed and presented in an acceptable form. There are many applications for services in the IoT field, from user applications that will provide added value only to the user who defined them to entire branches of science that are provided simplified sharing of resources, collecting of data from a large number of sensors, statistical analysis of such data and conclusions in relation to data in real time [3]. The potential for economic exploitation and application of IoT was recognized by the Economist magazine as a result of a survey conducted in June 2013 when opinions of 779 business experts were collected to define the business index of IoT. Results have shown that three quarters of companies have been actively researching or using IoT, and 96% stated that they would start using IoT in one form or another in the following 3 years. The assessment of potential growth of the IoT market in the next few years varies depending on number of connected devices and on the economic growth of the market. Therefore, for example, Gartner estimated that 30 billion devices will be connected to the Internet in 2020 with a single IP address which would bring additional USD 1.9 billion (1012) for the world economy [4]. At the same time, Cisco and Ericsson forecast that this number would increase to 50 billion [5] [6] objects connected to the Internet, which will result in earnings for the world economy amounting to USD 14 billion. For comparison sake, this amount exceeds total GDP of 17 EU Member States in 2011 [7]. IDC also envisaged in October 2013 that there will be a total of 212 billion “objects” by 2020, which would equal to EUR 8.9 billion per year with the annual growth rate of 7.9% [8]. This paper provides an overview of the situation in IoT with a special emphasis on regulatory challenges that will emerge in the upcoming years in this area. It gives history of the development of IoT technology through different European and international bodies and organizations, such as ITU and the European Research Cluster with projects
638
related to IoT. It also provides a definition of IoT and related concepts, an overview of two reference models for IoT architecture and the most important protocols for the Internet of Things. In addition to that, an overview is provided of the current situation in IoT in Europe including situation in Croatia and in the USA, including challenges and possible problems for the realization of IoT. I. DEFINITION OF THE INTERNET OF THINGS For the time being there is no generally accepted definition of the Internet of Things. The definition itself is still unclear and it is frequently a subject of philosophical discussions. Majority of authors in this area use their own definition which, to a greater or lesser extent, differs from other definitions. Some of the definitions that most frequently occur in literature are provided below. As a rule, IoT may be defined as a network of objects that are able to detect and exchange information among each other, but it differs from the Internet in several other aspects [1]. A more widely accepted definition is ITU's definition from 2005, which is very general and reads as follows: IoT is a global infrastructure for the Information Society, enabling advanced services by interconnecting (physical and virtual) things based on, existing and evolving, interoperable information and communication technologies [1]. The RFID group defines IoT as the worldwide network of interconnected objects uniquely addressable based on standard communication protocols [9]. According to the IoT European Research Cluster (IERC)1 IoT is an integral part of the future Internet, and it is defined as a dynamic global infrastructure that has the ability of self-configuration, that is, a network based on standard and interoperable communications protocols, and a network in which physical and virtual “things” have identity, physical characteristics and virtual personality and also use intelligent interfaces while being at the same time secretly integrated into the information network [10]. IERC also provides its own definition of “things” as active participants in business, information and social processes where they are enabled to interact and communicate among themselves and with the environment. This interaction and communication take place in the form of the exchange of data and information collected from the environment. While reacting autonomously to the real/physical world events and influencing it by running processes, “things” trigger actions and create services with or without direct human intervention [10]. “Things” may also be defined as real/physical or digital/virtual subjects that exist and move in time and space and may be identified. Things are often identified in accordance with the assigned identification number, name and/or location address. IoT vs M2M IoT and M2M systems largely overlap but, considering their definitions, they may not be regarded as identical. A shared characteristic of IoT and M2M is remote access to devices. However, there are some essential differences between them. A traditional M2M refers to 1
http://www.internet-of-things-research.eu/
communication between two or more devices by means of a mobile or fixed network. This is vertical point-to-point communication. M2M applications usually consist of a hardware module embedded into a device on the user side which communicates through a mobile or fixed network with the corresponding application, often on the side of the service provider. The objective is to reduce management and maintenance costs. M2M connects “things” with a computer. IoT connects a computer with “things” (machines, devices, sensors, products etc.), systems (business applications, support systems, analytical systems, data storages, control systems etc.) and people (consumers, employees, partners and buyers). IoT is based on the IP network for horizontal connection of objects/devices to a cloud or user platform. IoT usually combines sensory data with “big data”, analytic or company applications for the improvement of productivity, increase of production and share on the market, improvement of services, offer of SaaS (Software as a Service) etc. As opposed to M2M which only supports devices, IoT solutions support passive sensors as well, small strength sensors and cheap devices that may not be adjusted to M2M hardware modules. IoT devices communicate through standard IP networks. IoT is usually connected to a cloud which makes it a scalable and flexible solution as opposed to M2M communications which are frequently oriented towards installation of SIM cards or drawing a fixed line. IoT is more oriented towards software solution or IP network while M2M communication is primarily oriented towards an embedded hardware and mobile network. It must be mentioned that M2M with Internet Protocol is a part of IoT. IoT is a broader concept than M2M because it may be integrated into the overall company business solution while M2M is more oriented towards maintenance.
Figure 1. M2M/IoT Sector Map (source: www.beechamresearch.com)
SCOPE OF IoT Although IoT enables a wide spectrum of applications in everyday life, its current application is limited and significant changes are expected in the future. Key enabling technologies include ubiquitous connectivity, smart devices and possibility for integration of smart objects into different applications. There are many different connected things ranging from machines to vehicles, devices, light fixtures and buildings. They are not limited only to material objects, for example, smart places and sensing of the environment are very important
639
for many applications. The scope of application is very wide, including upgraded traffic safety and traffic management, transformation of the power grid towards advanced grids on the basis of new requirements such as energy efficiency, micro production of electricity, electrical vehicles and awareness of users about energy consumption. The scope of application of IoT may be divided into the following areas: personal and household use, economy, service programmes and mobile area. The abovementioned division is presented in Figure 2.
Figure 2. A graphic presentation of IoT end users and areas of application depending on the type of collected data [9]
Personal and household IoT Information collected by sensors is used only by the person who owns the network. Wi-Fi is often used as the core network enabling high permeability and supporting the transmission of video signal and high frequency of sampling which favours the transmission of audio signal. One of the best examples of application of IoT in this area is e-health care. Data collected by sensors placed on body are sent to one of the smart devices in the house which further transmits them to a server. A smart phone is a good example of a data-collecting device because it contains several interfaces the most suitable of which for this purpose is Bluetooth. The collected data may be used by doctors to supervise patients even when they are at home, which contributes to the reduction of hospitalization costs. Control of household devices, such as air-conditioning devices, refrigerators, washing machines etc. will enable better management of the house (smart house) and more efficient energy use [9]. Economic IoT The economic application in the work environment refers to the “network of things”. Data collected by such network are used only by the network user and they may be selectively published. Sensors have always been a constituent part of factories in relation to safety, automation and other processes necessary for continuous operation. Sensors will be replaced in the future by wireless systems which will ensure flexible changes of settings, that is, simpler changes of settings whenever necessary. The new system is merely an IoT sub network which is restricted to one factory.
Service programmes Data collected from the network are most frequently used for the optimization of processes. Examples of such use include smart meters. Data collected by means of smart meters enable providers of utility services to manage their resources with a view to achieve greater optimization of costs and profits. Such systems consist of very expensive networks used for the supervision of key infrastructure and efficient resource management. Mobile network, WiFi network or satellite communication may be used as a key network. Concrete application of achievements in this area will significantly improve the existing monitoring systems that will be more efficient in the monitoring of certain targets, noticing of suspicious activity and monitoring of unauthorized access. Ensuring the quality of water or monitoring of agricultural land are only some of the areas in which IoT has already had many benefits, and it is certain that benefits from use of IoT technology will be even greater in the future [9]. Mobile IoT Noise pollution is mostly caused by city traffic. Furthermore, traffic also contributes to the reduction of air quality and to emission of greenhouse gases. Traffic jams contribute to increased costs of economic and social activities in majority of cities. All of the above-mentioned problems may be reduced by continuous collecting and processing of traffic data. In relation to traffic via long distance wireless sensors networks, IoT enables constant monitoring of time of travel, from points of origin to destination points, of air pollution and noise pollution. This kind of an IoT system will most likely replace current systems for collecting traffic data and support the development of algorithms for traffic management, including higher object control systems. The results of processing of collected data will be presented to passengers who will have a continuous insight into situation in traffic [9]. II. BUILDING THE SECURITY AND REGULATORY FRAMEWORK OF THE INTERNET OF THINGS IoT is a complex system that might bring about numerous innovations and new rules of behaviour. Scientists, politicians, CEOs of large companies in Europe and the USA are currently discussing potential rules of behaviour. Regulation must take into account the complexity of the IoT system which is why the problem should be considered from several forward-looking levels. Special attention should be paid to results of market regulation, that is, to its impact on innovations and adjustment and speed of spreading of the IoT in society and business environments. Below is an overview of discussions in the private sector and in the public about key IoT problems that include privacy, security, ethics, data confidentiality, competition, economic development and freedom of innovation. Europe Due to its demanding objectives, Europe has achieved the greatest progress in the IoT segment and its development
640
is further supported by regulations in several sectors. Guidelines important for the for the IoT sector are defined in the following documents: 1. "The Energy Services Directive" – Directive 2006/32/ECon energy end-use efficiency of various devices and energy services In accordance with this Directive, it is expected that 80% of households will have installed smart energy meters by 2020. 2. "eCall Directive“– by 2015 the eCall service should be available in all EU Member States. Until then all new vehicles need to have installed devices that will automatically dial 112 in case of an accident and provide key information, such as GPS coordinates, data about the driver and the similar. 3. “The EU 531/2012 Roaming Regulation” – the Roaming Directive introduces important changes that may assist EU market, such as the introduction of an aggregator as a wholesale service provider. The discussion on the importance of IoT in Europe started in 2006 and continued in 2007 when the concept of IoT was officially accepted in the Commission Communication on RFID [15]. In the report on “Future Networks and Internet” from November 2008, it was recognised that IoT has high potential for the development of new services but at the same time presents risk in terms of protection of privacy of individuals [16]. The need for discussion about architecture and management of the IOT has been recognized, and all the Member States have been invited to promote decentralised management in order to ensure confidentiality, safety, privacy and ethical management of data exchanged in the IoT [16]. The European Commission accepted the strategic action plan for IoT in 14 points [17] in 2009 which represented a collection of principles for management of the IoT, the assessment of possible risks, the financing of joint investments, participation in international dialogue, and integration of IoT into 4 research and development projects of a public-private partnership. In June of 2010 the EC established a multi-stakeholder working group consisting of people of different profiles including scientists, technicians, representatives of the industry, legal and social sciences as an advisory body of the European Commission dealing with main issues including management mechanisms, ownership of data, privacy, security, standards and international cooperation. The EC conducted a public consultation in IoT management in 2012. The questionnaire collected opinions on the appropriate approach to management in order to stimulate faster development of IOT, while at the same time ensuring adequate protection of EU citizens. The results have demonstrated a joint position that IoT will contribute to significant economic and social progress, in particular in the areas of health, independent life and support for disabled persons. In all other areas, it illustrated differences in opinions between citizens and associations of citizens that desire a stricter regulation compared to the industry. According to the results, 77% of respondents supported the development of indicators for impact assessment in the field of data protection,
including requirements related to the consent of users to collect data, data anonymization, restricted use and data retention and privacy. An interesting fact is that the majority of replies indicated that IoT will bring about many ethical issues related to the collected data but also that the development of IoT should not result in social injustice. The European Union expert group concluded in December 2012 that there is a significant disagreement between the business community (in the first place the industry) and the public on the majority of problems, in particular privacy, security and need for faster development of competitiveness in an IoT environment [18]. On the basis of this conclusion, the EC entrusted a European company named RAND with the development of guidelines for IoT management. Its report was published in August of 2013 stating that IoT is developing quickly and represents a challenge for traditional business, market, management and social models. Economic, social, political, legal and technological Internet management is based on a presumption of rational selection, market strength and efficient self-organization adjusted to systems under human control. Since interactive autonomous IT systems are significantly different from this paradigm [19], RAND recommends the application of a “soft law” approach that will include standards, supervision and ethical character and will at the same time ensure freedom for the industry to adjust to requirements in a simpler manner. This should ensure space for the development of IoT in the EU. The United States of America As opposed to Europe which stimulates the development of IoT with is regulatory activities, discussions on IoT in the United States are sporadic and scattered. The majority of debates take place within individual federal agencies interested only in some segments of IoT. Thus, for example, in 2012, the National Institute of Standards and Technology published the Framework and Roadmap for Smart Grid Interoperability Standards [20] which covered only one segment of IoT. The State Department investigated in 2013 the possibilities for using the IoT for monitoring weapons of mass destruction, and the Department of Homeland Security has been continuously installing sensory systems for detection of chemical and biological threats [21]. The first serious discussion was initiated in April 2013 by the Federal Trade Commission by asking for comments on the influence of IoT on privacy and security [22]. Only 27 replies were received, out of which more than 60% from the industry or their associations. Consequently, comments were against regulation. The majority of comments were focused on self-regulation and the removal of government influence on the development of standards of privacy and security that would endanger the development and innovations for IoT. The industry believes that the development of certificates for security and privacy could ensure sufficient protection of users. In November of 2013 the FTC held a public workshop on IoT in order to investigate problems related to security and privacy due to increasing numbers of connected
641
devices [23]. At this workshop, the President of the FTC pointed out the key challenges, one of the main being the loss of collected and stored personal data. The three basic principles he singled out included data transparency, simple selection of control of personal data and the privacy model [29]. The round table further opened a discussion on additional control issues such as the use of IoT for government supervision of citizens. Several options for the protection of privacy and safety of users were proposed, such as self-regulation, the preparation of certified approval certificates, implementation of ethical codes, the implementation of the existing law on users and the development of new regulation of IoT. The conclusion of the work group was that regulation will depend on whether companies earn revenue exclusively from IoT products and services or they plan to profit from user data by offering data analysis services. III. SECURITY CHALLENGES RELATED TO IMPLEMENTATION IOT IoT is an area in which research is in full swing. Following the basic research on technologies used in the area of IoT, it is necessary to introduce standards for architecture, platforms and communication between individual components. The development of standards and platforms for IoT is a basis for the development of advanced services. There are many possible directions for research because the mature phase of development of IT brings new challenges related to market regulation, payment, security and improvement of performances and efficiency of work of platforms. So far, research focused on the establishment of functional platforms that will enable the provision of an increasing number of services, but, with the increase of the number of users, it will necessary to provide support to the quality of service. The open issues in the area of data processing include standardization of query language, definition of key evaluation (and comparison) parameters for various components and adjustment of algorithms for processing data flow in cloud computing and variable characteristics of entry data. Energy efficiency will represent a significant challenge in the development of communication protocols and devices. Power sources and autonomous operation will be of great importance, in particular for sensory modules that will for the most part be battery-powered. The best indicators are today's sensors which are mostly batterypowered and constantly broadcast data by using Wi-Fi or Bluetooth technology. Key challenges and possible problems [26] that need to be considered and solved before mass application of the IoT include the following: 1. Security privacy and confidentiality - the security domain has the following challenges: (a) securing IoT architecture, (b) proactive identification and protection of IoT from arbitrary attacks (e.g. DoS and DDoS attacks) and abuse and (c) proactive identification and protection of IoT from malware. In the area of user privacy, special challenges include the following: (a)
control of personal data (privacy of data), (b) need to improve privacy technologies and the relevant laws [28].and (c) standards [27]., methods and tools for managing the identity of users and objects. In the area of confidentiality, some of the specific challenges include the following: (a) the need for simpler exchange of critical, protected and confidential information and (b) confidentiality must be a constituent part of IoT design. 2. Standardisation: Management of heterogeneity management of heterogeneous applications, environments and devices represents a great challenge as well as the standardization of heterogeneous technologies, devices, applications and interfaces. The lack of a single connection standard (a wide selection of wired and wireless and "proprietary" solutions) will represent a significant challenge to connectivity at the global level. 3. In security challenges great role play limitations of network capacity – the convergence of devices that arises from the IoT stimulates greater demand for a certain degree of expected QoS of the associated network infrastructure. New mobile applications that provide certain services may demand more frequent sending of small blocks of data (sessions) necessary for upgrading and synchronizing. The frequency of the abovementioned sessions will have a great impact on delay and permeability of the network itself. This part of infrastructure must be securely delivered in order to ensure secure data flow. 4. And last but not least: the management of a large quantities of data and processing of large quantities of data to ensure useful information/service as well as to ensure confidentiality and integrity of data as a part of information/service (IoT except for "raw" data from the source may generate a large quantity of metadata or temporary data necessary for the realization of services (e.g. sensory reading may be stored in a relational and semantics database). Characteristics are the following: quantity (size of data), diversity (heterogeneity of processed data, e.g. tables, pictures, e-mail) and dynamics (characteristics of data, intensity and frequency of arrivals, manner of processing). Platforms for IoT must enable efficient processing of data in real time resulting from user demands because the user wishes to be instantly informed of interesting events (e.g. selection of the most favourable travel route). In addition to the above-mentioned main challenges, there are also some other challenges such as: (a) market regulation, (b) designing of a more efficient architecture for networking of sensors and storage of collected data, (c) development of mechanisms for the processing of the flow of data gathered in sensory networks, (d) transition to IPv6 (large number of addresses, possibility for auto configuration and improved security parameters), (e) power sources of devices/sensors (devices are powered by electricity produced from the environment such as vibrations, light and air flow) and (f) decreased cost of IoT components.
642
CONCLUSION IoT represents a new, interesting direction in the development of the Internet. It refers to unique identification of objects and their virtual representation in the structure of the Internet. Such objects may communicate with each other, provide information about itself and accept data collected by other objects. The development of IoT depends on the dynamics of innovations in numerous technical fields, from wireless sensors to nanotechnology. Capacities, such as the monitoring of changes in the environment or communication between devices, represent high priority in the development of IoT. One of the key challenges for the realization of the IoT include security, privacy and confidentiality, management of heterogeneities, limitations of network capacities, management and processing of large quantities of data in order to provide useful information /service and enable an efficient regulatory policy in the area of IoT. Since, protection of privacy is one of the key constitutional rights of citizens' it is very imortant to note that IoT will have to be in compliance with the new European regulatory frameworks for data and privacy protection, as well as with all legal requirements into a single group of rules in the EU and inclucing also revised measures for data transparency and safety issues. REFERENCES: I. II.
III.
IV. V.
VI.
VII. VIII.
IX.
X.
„ITU Internet Reports 2005: The Internet of Things“, International Telecommunication Union Antonić, „Platforme za obradu podataka u stvarnom vremenu u području Internet objekata“, Report for doctoral qualification exam, 2013. John Soldatos, Nikos Kefalakis, Manfred Hauswirth, Martin Serrano, Jean-Paul Calbimonte, Mehdi Riahi, Karl Aberer, Prem Prakash Jayaraman4, Arkady Zaslavsky, Ivana Podnar Žarko, Lea Skorin-Kapov and Reinhard Herzog. OpenIoT: Open Source Internet-of-Things in the Cloud, Invited paper, to appear in Lecture Notes in Computer Science, vol. 9001, 2015. „Forecast: The Internet of Things, Worldwide, 2013.“, Gartner, 2013. D.Evans, “ The Internet of Things How the Next Evolution of the Internet Is Changing Everything”, White Paper, Cisco, April 2011. Miguel Blockstrand, Tomas Holm, Lars-Örjan Kling, Robert Skog and Berndt Wallin, „Operator opportunities in the internet of things“, Ericsson review, 2011 Rooney, B. “Internet of Things Poses Big Questions.” Wall Street Journal Online, July 3, 2013. International Data Corporation (IDC) Press Release. “The Internet of Things Is Poised to Change Everything, Says IDC.” October, 2013, Jayavardhana Gubbi, Rajkumar Buyya, Slaven Marusic, Marimuthu Palaniswami, „Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions“, Future Generation Computer Systems, 2013. CERP-IoT, Vision and Challenges for Realising the Internet of Things, March 2010
643
XI. Toby Jaffey, „MQTT and COAP, IoT Protocols“, Eclipse Newsletter, February 2014. XII. Paul Duffy, „Beyond MQTT: A Cisco view on IoT Protocols“, Cisco Blog, April 2013. XIII. XMPP Standards Foundation, http://xmpp.org/aboutxmpp/technology-overview/ XIV. Stan Schneider, „Understanding The Protocols Behind The Internet Of Things“, Electronic Design, October 2013. XV. G. Santucci, “1.1 The Internet of Things: Between the Revolution of the Internet and the Metamorphosis of Objects”, Vision and Challenges for Realising the Internet of Things, March 2010. XVI. European Commission. “Communication on future networks and the internet.” Brussels, September, 2008. XVII. European Commission, „Internet of Things: A 14point Action Plan“, Brisel, lipanj 2009. XVIII. T. Wachtel, “10th Meeting of the Internet of Things Expert Group Meeting Minutes” Brussels, November 2012. XIX. RAND Europe, “Europe’s policy options for a dynamic and trustworthy development of the Internet of Things.”, SMART 2012/0053, August 2013 XX. National Institute for Standards and Technology (NIST), “NIST Releases Final Smart Grid 'Framework 2.0' Document”, February 2012. XXI. Department of Homeland Security, http://www.dhs.gov/stsnapshot-detect-protect, rujan 2013 XXII. Federal Trade Commission, “Public Comments: # 484; FTC Seeks Input on Privacy and Security Implications of the Internet of Things; FTC Project No. P135405; Commission Staff to Conduct Workshop on November 21, 2013 in Washington, DC“, July 2013 XXIII. Federal Trade Commission, Internet of Things Workshop, Washington DC, http://ftc.gov/bcp/workshops/internet-of-things/, November, 2013 XXIV. http://www.hakom.hr/default.aspx?id=116&subI D=3366 XXV. ECC Report 153 on Numbering and Addressing in Machine-to-Machine (M2M) Communications – Nov. 2010 (http://www.cept.org/files/5424/documents/ECC%20REP%2 0153%20%20Numbering%20and%20Addressing%20in%20Machineto-Machine%20%28M2M%29%20Communications.pdf) XXVI. Rafiullah Khan, Sarmad Ullah Khan, Rifaqat Zaheer and Shahid Khan, “Future Internet: The Internet of Things Architecture, Possible Applications and Key Challenges”, 10th International Conference on Frontiers of Information Technology, 2012. XXVII. Boban, M., Information security and the right to privacy in digital economy– the case Of Republic of Croatia // Zbornik radova 37. međunarodnog skupa za za informacijsku i komunikacijsku tehnologiju, elektroniku i mikroelektroniku - MIPRO 2014. Zagreb : MIPRO, 2014. 1687-1692 XXVIII. Boban, M., Upravljanje sigurnosnim rizicima i krizno upravljanje u mrežnoj komunikaciji // .Zagreb, 2014. 549-572 XXIX. Boban, Marija, Pravo na privatnost i pravo na pristup informacijama u suvremenom informacijskom društvu. // Zbornik radova Pravnog fakulteta u Splitu. 49 (2012) , 3 (105); 575-598
