IoT Security

July 24, 2018

 

An Article written by Trainee Rouqaiah Alrefai From Imam Abdulrahman Bin Faisal University about Internet Of Things in Cybersecurity.

   Technology keeps evolving each day to keep up with the fast development of sophisticated lifestyles that people are living nowadays. Internet is getting involved in every little thing people do. The smallest example is ordering an Uber to get to a specific place. Internet of things or the abbreviated saying IoT is one of the latest technologies that is spreading fast. Now you get to see IoT in houses, cars, airports, cities and many other places. It may seem a weird idea to have your things understand you, but who doesn’t want his/her coffee maker to understand his/her mood especially in the morning?

 

 

IoT (Internet of Things)

 


Understanding the meaning of IoT is important to secure it. Internet of things is simply having a network of devices that can communicate with each other and the internet with or without any involvement. [1] Technically, it holds a deeper meaning which is a wired or wireless network of connected devices, things and objects which contain sensors and actuators embedded within. These devices are identifiable through a unique addressing schema that allows them to interact with each other. Moreover, the computing capabilities in the devices allow them to process data through generating, exchanging and consuming it with or without human intervention. Then transfer it to the cloud for storage and analysis. [1][2][3][4]

 

Figure 1:Simple Internet of Things structure (IoT)

 

 

IoT security issues and challenges

 

All new technologies are Double-edged, they have a lot of benefits, but they also have flaws. IoT is vulnerable to all types of threats and attacks, attacks on devices, objects, systems, networks and connections. Protecting the security and privacy of IoT users is very important and it becomes the main concern of IoT developers. There are many security issues and challenges that circle the security of IoT. IoT embedded computational capabilities collect a massive amount of sensitive data that is being stored and processed in the cloud which is also vulnerable to a lot of threats and flaws. Securing the big data that is being collected and securing the cloud can be very expensive and requires large effort to secure all parts of the IoT network.

Businesses are moving toward including the internet of things in their infrastructure and work environment. Therefore, it is advised that they understand the issues of security, privacy and anonymity that comes with the use of this technology.

 


One of these issues or challenges is the popular and known attack DDoS attack (Denial of Service). It is an attack that allows an adversary to control IoT based devices and use them to overwhelm a website or server with a large amount of data traffic coming from the controlled objects/things, so that any content or database information can be leaked out. [5] Mirai malware is a malware or worm that targets smart devices in the network and turns them into botnets that are used to perform DDoS attacks. Multiple businesses were attacked by Mirai and DDoS in 2016.


Another issue that challenges the security of IoT is the lack of protection in both hardware and software. There are no embedded safeguards in the hardware that could ensure its security. Moreover, the built-in software may be outdated or doesn’t have any security countermeasures.

 

Figure 2:Mirai DDoS attack

 

like antiviruses and antimalwares that alerts the user and protect the IoT devices. [5] lack of protection can lead to many attacks on them like unauthorized access, Eavesdropping and Spoofing. [6]

 

One issue that IoT users will encounter is the heavy load of traffic, that needs to be collected, processed, stored, monitored and analyzed. Which leads to increase the bandwidth of the data traffic, cost of smart devices and the need to secure IoT technology and its components. Monitoring the behavior of IoT devices traffic will be a must for businesses in the future to ensure the safety of IoT technology used. [5]

 

Security of network and network devices are another concern in the process of securing IoT infrastructure, since it is one of the most important elements in IoT structure. There are many attacks that targets the data while it is being transferred from sensors in devices to the gateway of the network in addition to DDoS and Man in the Middle attacks, such as Sinkhole Attack where an attacker makes a compromised node look attractive to other nodes by making all the data flow from any node directed towards the compromised node resulting in packets drop. [6]

 

Another example is the Sybil Attack where an attacker makes particular node present multiple identities for another single node, and because the compromised node is considered as part of the system, it can be compromised which result in false information about the redundancy. [6]

 

IoT Security in the future

 

Smart devices usage is increasing every day and there are expectations of having a large owning and using of IoT technology by more individuals and businesses in all different sectors. Security might not be the main concern at the beginning, but the increase usage leads to consider it from many different perspectives. Analyzing the structure of IoT network and components, clarify the level of security that should be applied to this technology and where security measures are necessary.

 

There are many searches that are trying to provide a complete well-defined security architecture that aim to protect the security and privacy of IoT technology. Dividing the IoT structure and components to multiple layers can help to divide the security safeguards and goals that should be considered for each part. Hardware devices and built in softwares can be protected using Hash algorithms, encryption mechanisms, risk assessments, intrusion detection and anonymity approaches to achieve data and sensitive information privacy in addition to the authentication. [6]

 

On the other hand, network protection through data privacy and routing security could be achieved by using P2P Encryption, intrusion detection and ensuring data integrity so that data received from one device is the same as the one sent. [6]

 

At last, the security of cloud storage and applications should not be forgotten. Integrated identity identification and firewalls are examples on the security measures that could be considered to ensure the security of user’s sensitive data. [6]

 

Achieving an acceptable level of security can promote the use of Internet of things to higher level and provide a safe environment for use by common users and business developers.

 

Finally, living in this environment and this century requires moving fast and keeping up with the development. Security nowadays is a necessity following what Duke-Woolley, CEO at Beecham Research said in one of the articles:

 

 “Data must be protected within the system, in transit or at rest and significant evolution is required in the identification, authentication and authorization of devices and people.”

 

References:

 

 1. Corser, G. (2017). INTERNET OF THINGS (IOT) SECURITY BEST PRACTICES (white paper). IEEE.

https://internetinitiative.ieee.org/images/files/resources/white_papers/internet_of_things_may_2017.pdf

 

 2.Rose, K., Eldridge, S., & Chapin, L. (2015). The Internet of Things: An Overview. The Internet Society (ISOC). Retrieved July 17, 2018, from

https://www.internetsociety.org/resources/doc/2015/iot-overview

 

3.Patel, K., & Patel, S. (2016). Internet of Things-IOT: Definition, Characteristics, Architecture, Enabling Technologies, Application & Future Challenges. International Journal of Engineering Science and Computing, 6(5), 6122-6131.

 

4.G. (2014). Understanding the Internet of Things (IoT).

https://www.gsma.com/iot/wp-content/uploads/2014/08/cl_iot_wp_07_14.pdf

 

5.Vardomatskaya, Y. (2017, April 21). Five IoT security risks and ways to secure yourself. Retrieved from

http://www.bizcommunity.com/Article/196/661/160705.html

 

6.U.farooq, M., Waseem, M., Khairi, A., & Mazhar, S. (2015). A Critical Analysis on the Security Concerns of Internet of Things (IoT). International Journal of Computer Applications, 111(7), 1-6. doi:10.5120/19547-1280

 

7.IoT multiplies risk of attack. (2015, May 22). Retrieved from https://www.sciencedirect.com/science/article/pii/S1353485815300416

 

 

 

 

 

 

 

 

 

Share on Facebook
Share on Twitter