IOT: Addressing Security Challenges And Possible Solutions: [Essay Example], 2327 words GradesFixer
exit-popup-close

Haven't found the right essay?

Get an expert to write your essay!

exit-popup-print

Professional writers and researchers

exit-popup-quotes

Sources and citation are provided

exit-popup-clock

3 hour delivery

exit-popup-persone
close
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.

Iot: Addressing Security Challenges and Possible Solutions

Download Print

Pssst… we can write an original essay just for you.

Any subject. Any type of essay.

We’ll even meet a 3-hour deadline.

Get your price

121 writers online

blank-ico
Download PDF

Abstract

With the passage of time and increasing human population there is rapid growth in the data as well as allowing them to interact with each other, devices and networks on a broader scale provide number of benefits like easy access to related information, portability, automation, environmental and weather monitoring. In the future, hundreds of billions of networks and devices will interact with each other without human intervention.

However, due to large and complex data and networks involvement there are many open challenges related to security. Therefore, it becomes very important that we study how the current security approaches in this field that can be improved, and better understanding of possible solutions so that this study may contribute to the field of IoT for research purposes.

Introduction:

The Internet of Things (IoT) refers to an area where anything can connect and communicate with anything over the internet. There can be various types of things it can be ranges from a human to a mirror in washroom, it can be anything like an animal, microwave oven, toothbrush or any physical thing one can imagine. These things can connect and communicate with each other any time (i.e. day, night) and anyplace (i.e. Inside, outside, on the way). In today’s world we can see many smart things around us for example Smart phones, smart locks, smart cars, smart TVs, smart ACs and smart camera etc. These smart things have actually started the journey towards smart word which was imaginary few years earlier.

A simple example where these smart things can be utilized is “Smart Home” which may detect occupancy of the rooms and can control lightening, heating and cooling system etc. accordingly and as this whole system can be connect to the internet so one can monitor or manage it remotely anywhere in the world.

According to industry experts by year 2020, it is estimated that more than 50 billion things (not necessarily devices) will connect to the Internet which is seven times of our human population. This shows immense growth in IoT field as more and more users from different walks for life are shifting to IoT.

The importance of security and privacy cannot be ignored in this whole scenario as most of the communication is being done without any physical medium (i.e wireless).

Anyone can hack into security system of the home and get the information like if there is anyone at home or not? In the same way any unknown person or thief may get into the database system of bank or any office and may get financial and personal information of customers or employees etc. These are some common examples of security breaches. However these breaches may be more serious when may be done on the systems of an hospital where medical devices are attached or on the system of smart car controlling its braking and accelerating system where security breach can be a matter of life and death for someone.

Scope of work:

The Internet of Things (IoT) is hot topic in the field of networks and main topic of discussion and research now-a-days as its practical implementation can be seen in the recent years and more will be seen in the years to come.as rapid growth in IoT field can be seen the question arises that “Does security has improved on the same phase specially for IoT devices and system? “Definitely Not, more work and improvement needed to be done towards privacy and security related to IoT.

According to report by Hewlett-Packard in a 2015 on IoT research

  1. 6 out of 10 device user interfaces (UI) means almost 60% of devices were vulnerable to threats (such as weak credentials etc.).
  2. 8 out of 10 devices of devices in wireless communication could not get passwords with minimum required complexity.
  3. 7 out of 10 devices in wireless communication enabled an attacker to detect valid user accounts.
  4. 7 out of 10 devices used network services which are not encrypted.
  5. 9 out of 10 of devices in wireless communication collected at least one piece of personally identifiable information

The IoT devices are mostly controlled and managed by web interface which is itself not fully secure medium to use even most of the time hackers break into the system or network using web interface.

The Open Web Application Security Project (OWASP) (“OWASP Internet of Things Project – OWASP,” n.d.) has listed the following top 10 IoT vulnerabilities:

  1. Web Interface not secure
  2. Authentication/Authorization not sufficient
  3. Network Services not secure
  4. Lack of Transport Encryption
  5. Concerns related to privacy
  6. Cloud Interface not secure
  7. Mobile Interface not secure
  8. Security Configurability not sufficient
  9. Software or Firmware not secure
  10. Physical Security not sufficient

To enhance security and privacy of IoT devices and system layer based (i.e. Application Layer, Perception Layer, Network Layer and Physical Layer) security system can be implemented, security on each layer needs to be improved as well as security of the data transfer technologies need to be improved (i.e. ZigBee, Wifi, Bluetooth etc.

3. Security in terms of IoT:

For this purpose, we need to understand following two terms first:

A secure system: a system is said to be secure when it achieves all the security requirements (Mosenia & Jha, 2017).

A security attack: an attack is said to be security attack when at least one of the security requirements (Mosenia & Jha, 2017).

Main Layers of IoT:

Architecture of IoT mainly consist of following four layers:

  • Perception Layer
  • Network Layer
  • Support Layer
  • Application Layer

Functions/Responsibilities of IoT Layers:

Perception Layer:

This layer is consist of different sensory technologies, like sensors related to vibration, temperature etc. In these devices RFID sensors are used for sensing other objects.

Network Layer:

This layer is consisting of network communication as well as network related physical components.

Support Layer:

This layer consists of information processing system used for communication purposes.

Application Layer:

Consists of different IoT related applications and services including smart homes and cities, transportation and health sector.

Security issues/threats on IoT (layer wise):

With rapid growth of IoT enabled smart world more and more devices connected to internet everyday vulnerable to security attacks more than internet has to date. Above mentioned four layers plays an important role as for as IoT security is concerned. Security on each level/layer need to confirm in order to secure whole IoT system/Network secure.

In this section we will see the security issues/attacks in depth for each IoT layer and countermeasures to deal with issues.

Security issues in Perception Layer:

Spoofing:

Simply it is defined as “Cloning and Unauthorized Access” in this type of attack attacker send false broadcast message to network. Falsely defacing its originality which falsely shows it appearing from the original or real source. It usually results of an un-authorize access of the attacker.

Signal /Radio Jamming:

It is a type of Denial-of-service (DoS) attacks that it captures channel used for communication and blocks its communication.

Device-tampering/Node -capturing :

The attacker get access to the sensor node physically exchanges with the node which is malicious. It has been done to harm the target after getting un-authorize access.

Node Outage :

The attack is done to the network and it stops from performing basic network related functions.

Eavesdropping:

This term is used when attacker sniffs the information which is personal such as passwords or other confidential data.

Security issues in Network Layer:

Selective Forwarding Attack (Sharma, 2012)

Time and security is very important in any sort of communication wither it is a wired network or wireless. This is type DOS attack in which packet or massage is not fully deliver to destination rather drops selectively or drops whole packet due to malicious node as a result message may not delivered completely and properly to the destination.

Sybil Attack (Leloglu, 2016):

The name is derived from the case study of a woman who has multiple personality disorder. This attack almost does as its name. Multiple identities represented by a malicious node resulting an attacker can be at multiple places at onces.as a result network may not be able to identify these multiple notes creating disruption in overall communication of the network.

Sinkhole Attack (Blackhole):

It refers to strong resource confliction between nearby nodes of the malicious node which low down bandwidth and channel access. It results in overcrowding which can increase battery usage of nodes. Which leads to other DOS attacks as well.

Wormhole:

Another type of DoS attack which changes data at bit level and it is done by using tunneling.

Man-in -the -Middle Attack:

This Attack is occurred when an unauthorized node is placed in the path of actual communication of two nodes by using that unauthorized node an attacker may try to sniff or listen the data by using some tools resulting in disturbance in overall communication.

Security Issues In Support Layer:

Tampering with Data:

Data is said to be tempered when it is intentionally changed or deleted using unauthorized access.

DoS Attack:It closes down the system by engaging its resources due to which services does not work anymore.

Unauthorized Access: it is very simple terminology as name describes.it is when attacker gains access to any node or computing resource using someone else’s account or other methods. For example, if attacker keep trying guessing someone else’s password or using some tool for this purpose and gaining access it will be said to an unauthorized access.

Threats of Application Layer

Sniffer /Loggers:

It is the program used to sniff network traffic which is used to steal passwords and other sensitive and confidential data etc.

Injection:

Malicious code or programming instructions has been entered into the target system to gain unauthorized access.

Session Hijacking(“Session hijacking,” 2018):

It is the misuse of a valid computer session to gain unauthorized to access confidential and sensitive data .It is also known as cookie hijacking.

DDoS (Distributed Denial of Service ):

Almost same as DOS,but multiple usually infected computer systems engages in it to hit the target.

Social Engineering: In this type of threat where attackers can get information from users of social media etc.

Countermeasures for IoT Protection:

Security measures at Perception Layer:

Physical security (“OWASP Internet of Things Project – OWASP,” n.d.) is one of the most important steps that can be taken to secure IoT or any security system that is why OWASP (Open Web Application Security Project) has listed weak physical security in the top 10 IoT vulnerabilities.

Authentication and authorization is another important thing to focus means that only authorized users may have access to any important or sensitive data.

Data collection is also done on this layer so data collected must be secure in all sense. Different security techniques may be applied for this purpose like multimedia compression, image compression, water marking and CRC etc.

Risk Assessment is also important for IoT security point of view. Different cryptographic algorithms may be applied on the data obtained from IoT for security purposes as shown in the following table (Leloglu, 2016).

Security measures at Network Layer:

This layer is consisting of two sub layers i.e. layer for wired communication and layer for wireless communication, different protocols are used for security purpose in wireless sub layer. Like IP Sec security protocol. Another protocol specially used for sensors or other devices connected to the network is Private Pre-Shared Key which is also called PPSK.

As for as wired sub layer is concerned firewall and IPS (Intrusion Prevention System) are mostly used to provide security. But there is no proper firewall or IPS specifically developed for IoT environment. However research is on its way to develop suitable Firewall or IPS which use minimum resources.

Security measures at Support and Application Layer:

There are two sub layers as given below:

Sub layer having local applications for security purpose encryption techniques is used by Transportation system and Steganography techniques is used by smart homes etc.

This sub layer is related to applications anti-virus, intrusion detection and firewall etc.

  • Changing default username and password of network devices like routers and gateways
  • Latest Software and Hardware up gradation
  • Check and apply login lock settings
  • Applying Encryption
  • Secure Wi-Fi Network by changing or hiding SSID
  • Disconnect Devices (during idle time)
  • Applying up to date security application and patches
  • Installing latest hardware Firewall and software firewall where necessary
  • Read software and Hardware manuals for further security instructions

Conclusion:

IoT is a new age’s developing field many scientists and researchers are working on it but still there is much work need to be done in different areas including IoT security.

Security is very important as more and more devices are connecting to internet day by day so before coming to IoT people are more concerned about privacy and security.

In this paper we have discussed key security issues/threads and discussed their solutions layer by layer so that after studying all these more secure IoT system may be developed.

Remember: This is just a sample from a fellow student.

Your time is important. Let us write you an essay from scratch

100% plagiarism free

Sources and citations are provided

Find Free Essays

We provide you with original essay samples, perfect formatting and styling

Cite this Essay

To export a reference to this article please select a referencing style below:

IOT: Addressing Security Challenges And Possible Solutions. (2019, September 13). GradesFixer. Retrieved November 29, 2020, from https://gradesfixer.com/free-essay-examples/iot-addressing-security-challenges-and-possible-solutions/
“IOT: Addressing Security Challenges And Possible Solutions.” GradesFixer, 13 Sept. 2019, gradesfixer.com/free-essay-examples/iot-addressing-security-challenges-and-possible-solutions/
IOT: Addressing Security Challenges And Possible Solutions. [online]. Available at: <https://gradesfixer.com/free-essay-examples/iot-addressing-security-challenges-and-possible-solutions/> [Accessed 29 Nov. 2020].
IOT: Addressing Security Challenges And Possible Solutions [Internet]. GradesFixer. 2019 Sept 13 [cited 2020 Nov 29]. Available from: https://gradesfixer.com/free-essay-examples/iot-addressing-security-challenges-and-possible-solutions/
copy to clipboard
close

Sorry, copying is not allowed on our website. If you’d like this or any other sample, we’ll happily email it to you.

    By clicking “Send”, you agree to our Terms of service and Privacy statement. We will occasionally send you account related emails.

    close

    Attention! this essay is not unique. You can get 100% plagiarism FREE essay in 30sec

    Recieve 100% plagiarism-Free paper just for 4.99$ on email
    get unique paper
    *Public papers are open and may contain not unique content
    download public sample
    close

    Sorry, we cannot unicalize this essay. You can order Unique paper and our professionals Rewrite it for you

    close

    Thanks!

    Your essay sample has been sent.

    Want us to write one just for you? We can custom edit this essay into an original, 100% plagiarism free essay.

    thanks-icon Order now
    boy

    Hi there!

    Are you interested in getting a customized paper?

    Check it out!
    Having trouble finding the perfect essay? We’ve got you covered. Hire a writer

    GradesFixer.com uses cookies. By continuing we’ll assume you board with our cookie policy.