IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: A Study
0 likes20 views
This document discusses security issues surrounding the Internet of Things (IoT). It begins with an introduction to IoT, describing how everyday devices are becoming interconnected. It then discusses some key security challenges for IoT, including limitations of IoT hardware and software, network issues, and different types of attacks. The document analyzes the components of an IoT network and how they work together. It identifies specific security problems related to hardware limitations, software limitations, networks, and protocols. Finally, it outlines security requirements for IoT and concludes that further research is still needed to address open security challenges.
![International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 06 Issue: 06 | June 2019 www.irjet.net p-ISSN: 2395-0072
© 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3387
Internet of Things (IoT), and the Security Issues Surrounding It:
A Study
Pratik Vaity1, Anushree Goud2
1Pratik Vaity (Student) & BVIMIT, Navi Mumbai
2Anushree Goud (Prof) & BVIMIT, Navi Mumbai
---------------------------------------------------------------------***----------------------------------------------------------------------
Abstract - The Internet of Things (IoT) concept has gained
popularity in modern years. At a theoretical level, IoT is the
interconnectivity among our day to day devices. Whilevarious
researchers have identified security challenges and problems
in IOT, there is a lack a precise study of security issues in IOT.
In this paper we focus on bridging the gap by giving attention
to the challenges and problems of IOT Security.
Key Words: Internet of Things, Security Issues, IOT
Hardware, IOT Software.
1. INTRODUCTION
Internet of things (IoT) is referred as uniquely identified
objects, and their virtual representationinaninternet-based
arrangement. This was proposed in 1998[1]. TheInternetof
Things (IoT) concept has gained popularity inmodernyears.
At a conceptual level, IoT refers to the interconnectivity
among our everyday devices, along with device autonomy,
sensing capability, and contextual awareness. IoT devices
include personal computers, laptops, tablets, smartphones,
PDAs, and other hand-held embedded devices. Device scan
communicate smartly to each other or to usintoday’sworld.
Connected devices are equipped with sensors and actuators
perceive their
surroundings, understand what is going on and perform
accordingly [2]
Fig.1 shows smart home with inter-connected things.
We cannot say that the IOT is the future of Internet because
of various security it has. Till the InternetofThingshasthese
security issues, it cannot be the future of internet.[3].
Fig.1 Smart home with inter-connected things
2. Encouragement:
To understand the importance of security and privacy issues
in IoT, we first take a look at the present state of the IoT
device in the world.[4]
Attackers have used household “smart” appliances to launch
an IoT based attack, where everyday consumer gadgets such
as connected multi-media centres, televisions, and
refrigerators had been negotiated and used as a platform to
send thousands of spam emails [5].
We argue that the incidentscoupledwiththeinsecurityofIoT
device systems show a threat to the success of the emerging
IoT. Hence, it is important to examine and understand the
serious security issues in IoT. In this paper, we motivate and
educate researchers about the multiple security issues and
threats.
3. Background:
Prior to understanding IoT security issues, firstly we need to
examine what are the components of the IoT network& how
they work together. The IOT system comprises of five
components.
Fig.2 shows connection between the following components.
-IOTDevices
-SensorBridge
-Controller
-IOTService
-Coordinator.
IOT Device. It consists of actuators,sensors, communication
interface, OS, system software and pre-loaded applications.
The main work of a smart device is to collect information
using sensors and to carry out actions using actuators.
IoT services. Mainly, IoT services are hosted on cloud i.e.
online that users can use IoT things anytime. The work of
these include IoT process automation, device management,
etc.
Sensor bridge. It acts as a bridge between the local IoT
network and cloud services. It also works asajoinerbetween
local IoT networks.](https://image.slidesharecdn.com/irjet-v6i6680-191217062613/85/IRJET-Internet-of-Things-IoT-and-the-Security-Issues-Surrounding-it-A-Study-1-320.jpg)
![International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 06 Issue: 06 | June 2019 www.irjet.net p-ISSN: 2395-0072
© 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3389
6. Different types of attacks making IoT assets as
targets.:
1. Device property-based attack.
a. Low End Device Attack:
The contender can attack using IoT devices with similar
capabilities and configurations to native network’s IoT
devices. A contender with malicious wearable device which
contains malicious applications – might get unauthorized
access to smart TV and launch different types of attacks
which threatens communication, message integrity, privacy,
etc. Here, capabilities of wearable device and smart home-
devices are more or less similar.
b. High End Device Attack.
Here, the attacker uses more powerful devices – personal-
computer, cloud PC– to get to access to native IoT network
and device from anywhere and launch severe attacks.
2. Access Level Based attack
a. Active attacks:
When the aggress or does activities in order to disturb the
normal functionality of IoT device, then those hateful
activitiesare referred as active attacks. Forexampledenialof
service (DoS), etc.
b. Passive attacks:
In this case, it is alike to the official IoT device and performs
unlawful activities to gather informationfromthetrustedIoT
devices and networks, however communication is not
disturbed. This type of attacks is againsttheconfidentialityof
IoT.
3. Information damage level Based attacks:
a. Interruption:
Other than interruptions that may happen ordinarily like
power outages or service shut downs,DoSattacksareusedto
cause resourceexhaustionandhencemakesomeservicesnot
available. Disaster recovery mechanisms are important to
implement here.
b. Man in the middle attack:
Thisattack is acyber-attackwhere a harmful impersonateor
injects himself into a conversation between two nodes,
impersonates both nodes and gains access to information
that the two nodes were trying to send to each other. A man-
in-the-middle attack gives access to a malicious actor to
intercept, send and receive data meant for someoneother,or
not meant to be sent at all.
c. Eavesdropping:
An eavesdropping attack, that are also called as a
sniffing or snooping attack, is an attack where someone tries
to steal information from computers, smartphones, or other
devices over a network. This attack takes advantage
of network communications that are not secured so that the
sent and received data cannot be accessed. These attacks are
not easy to detect because they don’t cause network
transmission to appear to be operating not casually.
d. Alteration:
Alteration attacks involve misusing or destroying with our
asset. If we access a document in a manner that is not
authorized and alter the data itcontains,wehaveaffectedthe
integrity of the data contained in the document.
e. Fabrication:
In this attack a fake message is injected into the network by
an user who is not authorized as if the user is valid. This
results in the loss of confidentiality,authenticityandintegrity
of the message.
4. Protocol Based Attack:
a. Deviation from protocol:
An attacker goes away from standard protocols (e.g.
application protocols, networking protocols) becoming an
insider and acts dangerously.
b. Protocol disruption:
An attacker might be sent inside or outside the network and
perform not legal actions on standard protocols:
synchronization protocol, etc.
7. CONCLUSION
In this paper, we have seen the most crucial security aspects
of the IOT with focus on what is being carried out and what
issues require further more research. We also perform a
deep analysis of the problems of the inter-connectedobjects
by looking for their limitation, energy limitation, resource
limitation etc. This work analyses previous research
problems and challenges and gives opportunities for future
research in this field. In conclusion, we believe this survey
has given a valuablecontributiontotheresearchcommunity,
by stating the current security problems of this very vast
area of research and encouraging researchers interested in
developing new protocols to address security in the
background of the IOT.
REFERENCES
[1] R. H. Weber, “Internet of things – new security and
privacy challenges,” Computer Law & Security Review, vol.
26, pp. 23-30, 2010.
[2] Q. Zhou and J. Zhang, “Research prospect of Internet of
Things geography,” in Proceedings of the 19th International
Conference on Geoinformatics. IEEE, 2011, pp. 1–5.
[3] Y. Yu, J. Wang, and G. Zhou, “The exploration in the
education of professionals in applied Internet of Things
engineering,” in Proceedings](https://image.slidesharecdn.com/irjet-v6i6680-191217062613/85/IRJET-Internet-of-Things-IoT-and-the-Security-Issues-Surrounding-it-A-Study-3-320.jpg)
![International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056
Volume: 06 Issue: 06 | June 2019 www.irjet.net p-ISSN: 2395-0072
© 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3390
of the 4th International Conference on Distance Learning
and Education (ICDLE). IEEE, 2010, pp. 74–77.
[4] “Internet of Things research study,” 2014, accessed on
19-April- 2014.[Online]. Available:
http://www8.hp.com/h20195/V2/GetPDF.aspx/ 4AA5-
4759ENW.pdf
[5] “Proofpoint uncovers Internet of Things cyberattack,”
2014, accessed on 19-April-2015. [Online]. Available:
http://investors.proofpoint.com/
releasedetail.cfm?releaseid=819799](https://image.slidesharecdn.com/irjet-v6i6680-191217062613/85/IRJET-Internet-of-Things-IoT-and-the-Security-Issues-Surrounding-it-A-Study-4-320.jpg)
IRJET- Internet of Things (IoT), and the Security Issues Surrounding it: A Study
- 1. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 06 | June 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3387 Internet of Things (IoT), and the Security Issues Surrounding It: A Study Pratik Vaity1, Anushree Goud2 1Pratik Vaity (Student) & BVIMIT, Navi Mumbai 2Anushree Goud (Prof) & BVIMIT, Navi Mumbai ---------------------------------------------------------------------***---------------------------------------------------------------------- Abstract - The Internet of Things (IoT) concept has gained popularity in modern years. At a theoretical level, IoT is the interconnectivity among our day to day devices. Whilevarious researchers have identified security challenges and problems in IOT, there is a lack a precise study of security issues in IOT. In this paper we focus on bridging the gap by giving attention to the challenges and problems of IOT Security. Key Words: Internet of Things, Security Issues, IOT Hardware, IOT Software. 1. INTRODUCTION Internet of things (IoT) is referred as uniquely identified objects, and their virtual representationinaninternet-based arrangement. This was proposed in 1998[1]. TheInternetof Things (IoT) concept has gained popularity inmodernyears. At a conceptual level, IoT refers to the interconnectivity among our everyday devices, along with device autonomy, sensing capability, and contextual awareness. IoT devices include personal computers, laptops, tablets, smartphones, PDAs, and other hand-held embedded devices. Device scan communicate smartly to each other or to usintoday’sworld. Connected devices are equipped with sensors and actuators perceive their surroundings, understand what is going on and perform accordingly [2] Fig.1 shows smart home with inter-connected things. We cannot say that the IOT is the future of Internet because of various security it has. Till the InternetofThingshasthese security issues, it cannot be the future of internet.[3]. Fig.1 Smart home with inter-connected things 2. Encouragement: To understand the importance of security and privacy issues in IoT, we first take a look at the present state of the IoT device in the world.[4] Attackers have used household “smart” appliances to launch an IoT based attack, where everyday consumer gadgets such as connected multi-media centres, televisions, and refrigerators had been negotiated and used as a platform to send thousands of spam emails [5]. We argue that the incidentscoupledwiththeinsecurityofIoT device systems show a threat to the success of the emerging IoT. Hence, it is important to examine and understand the serious security issues in IoT. In this paper, we motivate and educate researchers about the multiple security issues and threats. 3. Background: Prior to understanding IoT security issues, firstly we need to examine what are the components of the IoT network& how they work together. The IOT system comprises of five components. Fig.2 shows connection between the following components. -IOTDevices -SensorBridge -Controller -IOTService -Coordinator. IOT Device. It consists of actuators,sensors, communication interface, OS, system software and pre-loaded applications. The main work of a smart device is to collect information using sensors and to carry out actions using actuators. IoT services. Mainly, IoT services are hosted on cloud i.e. online that users can use IoT things anytime. The work of these include IoT process automation, device management, etc. Sensor bridge. It acts as a bridge between the local IoT network and cloud services. It also works asajoinerbetween local IoT networks.
- 2. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 06 | June 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3388 Controllers. IoT devices arecontrolled usingthecontrollers. Coordinator. A coordinator device behaves as a device manager. The main work of acoordinatoristokeepaneyeon health and work of the smart things. 4. Security Problems: 1. Hardware Based Limitations. a. Energy Constraint. IoT devices are battery directed and are using CPUs which have less clock rate. Therefore, expensive algorithms that require very fast computational power, cannot be attached directly to such less powered devices. b. Memory Constraint. IoT devices are built with RAM that is limited and Flash memory compared to the old digital system (e.g. PC.), and make use of Real Time Operating System. They also run system software’s. Therefore,securityideasmustbememory active. However, old security algorithms are not made considering the memory efficiency, because the old digital system uses much more RAM and hard drive. 2. Software Based Limitations. a. Dynamic security patch: Remote reprogramming is not totally possible for the IoT devices, as the operating system or protocol stack may not have the ability receiving and attaching new code or library. b. Embedded software constraint: IoT operatingsystems,havethinnetworkprotocolstacksand may lack enough security. Therefore, the security module designed forthe protocol stack should be thin, but tough and should tolerate any fault. 3. Limitations based on network: a. Mobility: Mobility is one of the main attributes of the IoT devices, where the devices join network without previous configuration. This mobility nature raises the need to produce mobility flexible security algorithms for the IoT devices. b. Scalability: The number of IoT devices is growing day by day and more devices are getting connected with. The global information networks. Latest security schemes don’t have scalability property; therefore, such schemes are not proper for IoT devices. c. Multi-Protocol Networking: IoT devices might use a proprietary network protocol for communication invastnetworks.Atthesamemoment,itmay communicatewithan IoT serviceproviderontheIPnetwork. These multi-protocol communication characteristics make traditional security schemes not suitable for IoT devices. 5. Security Requirements: There are many factors which need to be taken care of while computing a security solution for the IoT devices. The Security requirements that are expected to be met by the IoT security as given below. 1. Information security requirements. a. Integrity: Any condition can change the dataandchangetheintegrityof an IoT system. Thus, integrity ensures that the received data has not been tampered in transit. b. Information protection: The confidentiality of the stored information should be conserved. For example, an IoT network should not disclose the sensor readings to its neighbours. C. Non-repudiation: Non-repudiation is the guarantee that someone cannot rule out the validity of something. An IoT node cannot refuse sending a message it sends previously. d. Freshness: It is necessary to ensure the freshness of each message. Freshnessassures that thedataisrecentandnooldmessages have been replayed. 2. Access level security requirements. a. Authentication: It enables an IoT device to ensure the identity of the node with which it communicates. It also requires to ensure that valid users get access to the IoT devices for administrative tasks. b. Access control: It is the act of ensuring that an authenticated IoT node accesses only what it is authorized to, and nothing else. 3. Functional security requirements. a. Exception handling: Exception handling confirms that network is alive and keeps on serving even in the not so good situations like node compromise, malfunctioninghardware,softwareglitchesetc. Hence it assures robustness. b. Availability: Availability ensures the survivability of IoT services to authorized parties when needed despite DOS attacks. It also ensures that it has the ability to provide a minimum level of service in the presence of power loss and failures.
- 3. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 06 | June 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3389 6. Different types of attacks making IoT assets as targets.: 1. Device property-based attack. a. Low End Device Attack: The contender can attack using IoT devices with similar capabilities and configurations to native network’s IoT devices. A contender with malicious wearable device which contains malicious applications – might get unauthorized access to smart TV and launch different types of attacks which threatens communication, message integrity, privacy, etc. Here, capabilities of wearable device and smart home- devices are more or less similar. b. High End Device Attack. Here, the attacker uses more powerful devices – personal- computer, cloud PC– to get to access to native IoT network and device from anywhere and launch severe attacks. 2. Access Level Based attack a. Active attacks: When the aggress or does activities in order to disturb the normal functionality of IoT device, then those hateful activitiesare referred as active attacks. Forexampledenialof service (DoS), etc. b. Passive attacks: In this case, it is alike to the official IoT device and performs unlawful activities to gather informationfromthetrustedIoT devices and networks, however communication is not disturbed. This type of attacks is againsttheconfidentialityof IoT. 3. Information damage level Based attacks: a. Interruption: Other than interruptions that may happen ordinarily like power outages or service shut downs,DoSattacksareusedto cause resourceexhaustionandhencemakesomeservicesnot available. Disaster recovery mechanisms are important to implement here. b. Man in the middle attack: Thisattack is acyber-attackwhere a harmful impersonateor injects himself into a conversation between two nodes, impersonates both nodes and gains access to information that the two nodes were trying to send to each other. A man- in-the-middle attack gives access to a malicious actor to intercept, send and receive data meant for someoneother,or not meant to be sent at all. c. Eavesdropping: An eavesdropping attack, that are also called as a sniffing or snooping attack, is an attack where someone tries to steal information from computers, smartphones, or other devices over a network. This attack takes advantage of network communications that are not secured so that the sent and received data cannot be accessed. These attacks are not easy to detect because they don’t cause network transmission to appear to be operating not casually. d. Alteration: Alteration attacks involve misusing or destroying with our asset. If we access a document in a manner that is not authorized and alter the data itcontains,wehaveaffectedthe integrity of the data contained in the document. e. Fabrication: In this attack a fake message is injected into the network by an user who is not authorized as if the user is valid. This results in the loss of confidentiality,authenticityandintegrity of the message. 4. Protocol Based Attack: a. Deviation from protocol: An attacker goes away from standard protocols (e.g. application protocols, networking protocols) becoming an insider and acts dangerously. b. Protocol disruption: An attacker might be sent inside or outside the network and perform not legal actions on standard protocols: synchronization protocol, etc. 7. CONCLUSION In this paper, we have seen the most crucial security aspects of the IOT with focus on what is being carried out and what issues require further more research. We also perform a deep analysis of the problems of the inter-connectedobjects by looking for their limitation, energy limitation, resource limitation etc. This work analyses previous research problems and challenges and gives opportunities for future research in this field. In conclusion, we believe this survey has given a valuablecontributiontotheresearchcommunity, by stating the current security problems of this very vast area of research and encouraging researchers interested in developing new protocols to address security in the background of the IOT. REFERENCES [1] R. H. Weber, “Internet of things – new security and privacy challenges,” Computer Law & Security Review, vol. 26, pp. 23-30, 2010. [2] Q. Zhou and J. Zhang, “Research prospect of Internet of Things geography,” in Proceedings of the 19th International Conference on Geoinformatics. IEEE, 2011, pp. 1–5. [3] Y. Yu, J. Wang, and G. Zhou, “The exploration in the education of professionals in applied Internet of Things engineering,” in Proceedings
- 4. International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395-0056 Volume: 06 Issue: 06 | June 2019 www.irjet.net p-ISSN: 2395-0072 © 2019, IRJET | Impact Factor value: 7.211 | ISO 9001:2008 Certified Journal | Page 3390 of the 4th International Conference on Distance Learning and Education (ICDLE). IEEE, 2010, pp. 74–77. [4] “Internet of Things research study,” 2014, accessed on 19-April- 2014.[Online]. Available: http://www8.hp.com/h20195/V2/GetPDF.aspx/ 4AA5- 4759ENW.pdf [5] “Proofpoint uncovers Internet of Things cyberattack,” 2014, accessed on 19-April-2015. [Online]. Available: http://investors.proofpoint.com/ releasedetail.cfm?releaseid=819799