**8. Future opportunities and challenges of IoT and IoE applications**

### **8.1. Future opportunities**

People are getting more connected and devices are becoming smarter, and new network architectures are adapting to this: such as big data, cloud infrastructure, and mobility, which are important parts of the Internet of Everything movement. In the future, every device is considered to be communicating to some extent and this will have an impact on the growth of cloud services [57]. The IoE will reinvent industries at three levels in the future; the first level is *business processes and services* will be improved by the new trends in digital technology [30], the second level is *business model*, which will be changed as new ways of doing business industries will emerge and companies will tend to digitalize more its products and processes, an example stated in [30] is that of Nike with its connected sporting clothes in the healthcare domain [30], the third level is *business moment*, which is the need to compete with other businesses [30]. Also the IoE will generate large volumes of data in real time, and therefore, businesses will need big data, storage, and analysis tools to manage these data; generate high-level information and services; and turn them into money. As millions of objects, sensors, devices, and people get more connected and collect more data; a critical task for companies will be to tackle the issues of privacy and security that arise through the use of IoE technology [30].

### **8.2. Challenges**

IoT and IoE offer numerous revolutionary benefits to consumers in many areas such as healthcare and supply chain management (SCM), to name a few. The use of connected medical devices, for example, can engage patients in their own care and allow doctors to respond in real time and better manage the patients' diseases. Despite these opportunities in many application fields, security and privacy risks arise due to the increased connectivity among devices, people, and the Internet. According to Ref. [62] IoT technology presents a higher potential of security risks at different levels such as enabling unauthorized access to personal information and identity theft, creating safety risks and allowing attacks to other connected systems; for example "security vulnerabilities in an IoT device could be used to launch a denial of service attack on the consumer's network to which it is connected, this device could also be used to send malicious emails and messages to other devices" [62]. Unauthorized persons might also create physical safety risks by exploiting the security vulnerabilities of IoT devices: for example, a hacker can change the settings of an insulin pump to no longer deliver insulin to the concerned patient, which creates health problems and crisis [62].

Companies experiencing the IoT technology may not have enough experience in dealing with the security issues stated above and therefore find securing IoT devices and communications a challenging task [62]. Also the structure of some IoT devices is sophisticated and the manufacturers find it difficult or expensive to apply a security patch in them if a specific vulnerability is discovered [62]. In addition, some IoT devices are made disposable after purchase and therefore, the consumers are often left with vulnerable devices shortly after their purchase in most cases [62].

In addition to security risks, there are many privacy risks involved with IoT such as the collection of sensitive personal daily information such as health information, geolocation, and account numbers and sending data through the cloud [62]. The collection of this information over time could be misused and can help intruders infer future values. Privacy principles state that users should control their personal data and choose the smart environment and technology that protects their private lives [63]. Users usually have difficulty knowing about the existence of IoT devices in their environment, what information is being disclosed and sent in the network, and which parties benefit from this information. Also manufacturers are interested in building services around the collected data rather than selling the devices themselves [63]. According to Ref. [62], researchers state that the smartphones could be used to disclose the user's personality type, demographics, stress level and mood, happiness, etc. [62]. Another privacy risk is that an intruder could intercept unencrypted IoT data remotely while sent in the IoT network, combine, analyze, and act upon them [63]. The above security and privacy challenges may result in an undermined consumer confidence and a decrease in the IoT technology widespread adoption, which will surely affect the overall societal acceptance of IoT services [62].

Our proposed middleware architecture called FlexRFID tackles the security and privacy issues in the IoT environment at the application level by using policies as described in [29]. These policies allow the applications to specify the security, access control and privacy rules that should be applied on data before getting them, and therefore minimize the possibilities of compromising user's sensitive data. At devices level, new security models other than strong encryption are required in IoT because of the devices' limited capabilities such as limited size, computing, and processing power [63].

Authors in [1] define features of IoT security and privacy in the healthcare field, including security requirements of medical data, which are "confidentiality, integrity, authentication, availability, data freshness, non-repudiation, authorization, resiliency, fault-tolerance, and self-healing" [1]. In addition, the authors in [1] identify challenges for providing secure IoT services, which include (1) the computational, memory, and energy limitations of IoT healthcare devices, (2) multiplicity of IoT devices in healthcare, (3) mobility of IoT devices through different networks having different security configurations, which requires a challenging task of developing a mobility-compliant security algorithm, (4) scalability of IoT devices and their connection to the global information network, (5) IoT devices are connected to multiprotocol networks using a wide range of communication media and a dynamic network topology, (6) designing a mechanism for dynamic security updates for the various IoT devices, and (7) designing tamper-resistant packages for IoT healthcare devices to avoid extracting cryptographic secrets, modifying programs, or replacing these devices. In addition to the challenges stated above, there are many other issues that need to be addressed concerning IoT services and devices. According to authors in [1], the most important issues are: the need for a unified standardization effort, the need for special IoT platforms and frameworks, targeting cost analysis of IoT-based services, the need to develop new IoT applications as the technology evolves and new devices emerge, the need for a "business model," and the need for "quality of service" guarantees for most IoT services [1].
