Iot: Addressing Security Challenges and Possible Solutions

About this sample

About this sample


Words: 2327 |

Pages: 5|

12 min read

Published: Nov 8, 2019

Words: 2327|Pages: 5|12 min read

Published: Nov 8, 2019

Table of contents

  1. Introduction
  2. Scope of work
  3. Main Layers of IoT
  4. Functions/Responsibilities of IoT Layers
  5. Perception Layer
    Network Layer
    Support Layer
    Application Layer
    Device-tampering/Node -capturing
    Node Outage
  6. Security issues in Network Layer
  7. Sybil Attack
  8. Security Issues In Support Layer
  9. Session Hijacking
  10. Security measures at Perception Layer
  11. Security measures at Network Layer
  12. Conclusion

With the passage of time and increasing human population there is rapid growth in the data as well as allowing them to interact with each other, devices and networks on a broader scale provide number of benefits like easy access to related information, portability, automation, environmental and weather monitoring. In the future, hundreds of billions of networks and devices will interact with each other without human intervention.

'Why Violent Video Games Shouldn't Be Banned'?

However, due to large and complex data and networks involvement there are many open challenges related to security. Therefore, it becomes very important that we study how the current security approaches in this field that can be improved, and better understanding of possible solutions so that this study may contribute to the field of IoT for research purposes.


The Internet of Things (IoT) refers to an area where anything can connect and communicate with anything over the internet. There can be various types of things it can be ranges from a human to a mirror in washroom, it can be anything like an animal, microwave oven, toothbrush or any physical thing one can imagine. These things can connect and communicate with each other any time (i.e. day, night) and anyplace (i.e. Inside, outside, on the way). In today’s world we can see many smart things around us for example Smart phones, smart locks, smart cars, smart TVs, smart ACs and smart camera etc. These smart things have actually started the journey towards smart word which was imaginary few years earlier.

A simple example where these smart things can be utilized is “Smart Home” which may detect occupancy of the rooms and can control lightening, heating and cooling system etc. accordingly and as this whole system can be connect to the internet so one can monitor or manage it remotely anywhere in the world.

According to industry experts by year 2020, it is estimated that more than 50 billion things (not necessarily devices) will connect to the Internet which is seven times of our human population. This shows immense growth in IoT field as more and more users from different walks for life are shifting to IoT.

The importance of security and privacy cannot be ignored in this whole scenario as most of the communication is being done without any physical medium (i.e wireless).

Anyone can hack into security system of the home and get the information like if there is anyone at home or not? In the same way any unknown person or thief may get into the database system of bank or any office and may get financial and personal information of customers or employees etc. These are some common examples of security breaches. However these breaches may be more serious when may be done on the systems of an hospital where medical devices are attached or on the system of smart car controlling its braking and accelerating system where security breach can be a matter of life and death for someone.

Scope of work

The Internet of Things (IoT) is hot topic in the field of networks and main topic of discussion and research now-a-days as its practical implementation can be seen in the recent years and more will be seen in the years to rapid growth in IoT field can be seen the question arises that “Does security has improved on the same phase specially for IoT devices and system? “Definitely Not, more work and improvement needed to be done towards privacy and security related to IoT.

According to report by Hewlett-Packard in a 2015 on IoT research

  1. 6 out of 10 device user interfaces (UI) means almost 60% of devices were vulnerable to threats (such as weak credentials etc.).
  2. 8 out of 10 devices of devices in wireless communication could not get passwords with minimum required complexity.
  3. 7 out of 10 devices in wireless communication enabled an attacker to detect valid user accounts.
  4. 7 out of 10 devices used network services which are not encrypted.
  5. 9 out of 10 of devices in wireless communication collected at least one piece of personally identifiable information

The IoT devices are mostly controlled and managed by web interface which is itself not fully secure medium to use even most of the time hackers break into the system or network using web interface.

The Open Web Application Security Project (OWASP) (“OWASP Internet of Things Project - OWASP,” n.d.) has listed the following top 10 IoT vulnerabilities:

  1. Web Interface not secure
  2. Authentication/Authorization not sufficient
  3. Network Services not secure
  4. Lack of Transport Encryption
  5. Concerns related to privacy
  6. Cloud Interface not secure
  7. Mobile Interface not secure
  8. Security Configurability not sufficient
  9. Software or Firmware not secure
  10. Physical Security not sufficient

To enhance security and privacy of IoT devices and system layer based (i.e. Application Layer, Perception Layer, Network Layer and Physical Layer) security system can be implemented, security on each layer needs to be improved as well as security of the data transfer technologies need to be improved (i.e. ZigBee, Wifi, Bluetooth etc.

3. Security in terms of IoT:

For this purpose, we need to understand following two terms first:

A secure system: a system is said to be secure when it achieves all the security requirements (Mosenia & Jha, 2017).

A security attack: an attack is said to be security attack when at least one of the security requirements (Mosenia & Jha, 2017).

Main Layers of IoT

Architecture of IoT mainly consist of following four layers

  • Perception Layer
  • Network Layer
  • Support Layer
  • Application Layer

Functions/Responsibilities of IoT Layers

Perception Layer

This layer is consist of different sensory technologies, like sensors related to vibration, temperature etc. In these devices RFID sensors are used for sensing other objects.

Network Layer

This layer is consisting of network communication as well as network related physical components.

Support Layer

This layer consists of information processing system used for communication purposes.

Application Layer

Consists of different IoT related applications and services including smart homes and cities, transportation and health sector.

With rapid growth of IoT enabled smart world more and more devices connected to internet everyday vulnerable to security attacks more than internet has to date. Above mentioned four layers plays an important role as for as IoT security is concerned. Security on each level/layer need to confirm in order to secure whole IoT system/Network secure.

In this section we will see the security issues/attacks in depth for each IoT layer and countermeasures to deal with issues.

Simply it is defined as “Cloning and Unauthorized Access” in this type of attack attacker send false broadcast message to network. Falsely defacing its originality which falsely shows it appearing from the original or real source. It usually results of an un-authorize access of the attacker. Signal /Radio Jamming It is a type of Denial-of-service (DoS) attacks that it captures channel used for communication and blocks its communication.

Device-tampering/Node -capturing

The attacker get access to the sensor node physically exchanges with the node which is malicious. It has been done to harm the target after getting un-authorize access.

Node Outage

The attack is done to the network and it stops from performing basic network related functions.

This term is used when attacker sniffs the information which is personal such as passwords or other confidential data.

Security issues in Network Layer

Time and security is very important in any sort of communication wither it is a wired network or wireless. This is type DOS attack in which packet or massage is not fully deliver to destination rather drops selectively or drops whole packet due to malicious node as a result message may not delivered completely and properly to the destination.

Sybil Attack

The name is derived from the case study of a woman who has multiple personality disorder. This attack almost does as its name. Multiple identities represented by a malicious node resulting an attacker can be at multiple places at a result network may not be able to identify these multiple notes creating disruption in overall communication of the network.

It refers to strong resource confliction between nearby nodes of the malicious node which low down bandwidth and channel access. It results in overcrowding which can increase battery usage of nodes. Which leads to other DOS attacks as well.

Another type of DoS attack which changes data at bit level and it is done by using tunneling.

This Attack is occurred when an unauthorized node is placed in the path of actual communication of two nodes by using that unauthorized node an attacker may try to sniff or listen the data by using some tools resulting in disturbance in overall communication.

Security Issues In Support Layer

Data is said to be tempered when it is intentionally changed or deleted using unauthorized access.

DoS Attack:It closes down the system by engaging its resources due to which services does not work anymore.

Unauthorized Access: it is very simple terminology as name is when attacker gains access to any node or computing resource using someone else’s account or other methods. For example, if attacker keep trying guessing someone else’s password or using some tool for this purpose and gaining access it will be said to an unauthorized access.

It is the program used to sniff network traffic which is used to steal passwords and other sensitive and confidential data etc.

Malicious code or programming instructions has been entered into the target system to gain unauthorized access.

Session Hijacking

It is the misuse of a valid computer session to gain unauthorized to access confidential and sensitive data .It is also known as cookie hijacking.

Almost same as DOS,but multiple usually infected computer systems engages in it to hit the target.

Social Engineering: In this type of threat where attackers can get information from users of social media etc.

Security measures at Perception Layer

Physical security (“OWASP Internet of Things Project - OWASP,” n.d.) is one of the most important steps that can be taken to secure IoT or any security system that is why OWASP (Open Web Application Security Project) has listed weak physical security in the top 10 IoT vulnerabilities.

Authentication and authorization is another important thing to focus means that only authorized users may have access to any important or sensitive data.

Data collection is also done on this layer so data collected must be secure in all sense. Different security techniques may be applied for this purpose like multimedia compression, image compression, water marking and CRC etc.

Risk Assessment is also important for IoT security point of view. Different cryptographic algorithms may be applied on the data obtained from IoT for security purposes as shown in the following table (Leloglu, 2016).

Security measures at Network Layer

This layer is consisting of two sub layers i.e. layer for wired communication and layer for wireless communication, different protocols are used for security purpose in wireless sub layer. Like IP Sec security protocol. Another protocol specially used for sensors or other devices connected to the network is Private Pre-Shared Key which is also called PPSK.

As for as wired sub layer is concerned firewall and IPS (Intrusion Prevention System) are mostly used to provide security. But there is no proper firewall or IPS specifically developed for IoT environment. However research is on its way to develop suitable Firewall or IPS which use minimum resources.

Sub layer having local applications for security purpose encryption techniques is used by Transportation system and Steganography techniques is used by smart homes etc.

This sub layer is related to applications anti-virus, intrusion detection and firewall etc.

  • Changing default username and password of network devices like routers and gateways
  • Latest Software and Hardware up gradation
  • Check and apply login lock settings
  • Applying Encryption
  • Secure Wi-Fi Network by changing or hiding SSID
  • Disconnect Devices (during idle time)
  • Applying up to date security application and patches
  • Installing latest hardware Firewall and software firewall where necessary
  • Read software and Hardware manuals for further security instructions


IoT is a new age’s developing field many scientists and researchers are working on it but still there is much work need to be done in different areas including IoT security.

Security is very important as more and more devices are connecting to internet day by day so before coming to IoT people are more concerned about privacy and security.

Get a custom paper now from our expert writers.

In this paper we have discussed key security issues/threads and discussed their solutions layer by layer so that after studying all these more secure IoT system may be developed.

Image of Dr. Oliver Johnson
This essay was reviewed by
Dr. Oliver Johnson

Cite this Essay

Iot: Addressing Security Challenges and Possible Solutions. (2019, September 13). GradesFixer. Retrieved June 21, 2024, from
“Iot: Addressing Security Challenges and Possible Solutions.” GradesFixer, 13 Sept. 2019,
Iot: Addressing Security Challenges and Possible Solutions. [online]. Available at: <> [Accessed 21 Jun. 2024].
Iot: Addressing Security Challenges and Possible Solutions [Internet]. GradesFixer. 2019 Sept 13 [cited 2024 Jun 21]. Available from:
Keep in mind: This sample was shared by another student.
  • 450+ experts on 30 subjects ready to help
  • Custom essay delivered in as few as 3 hours
Write my essay

Still can’t find what you need?

Browse our vast selection of original essay samples, each expertly formatted and styled


Where do you want us to send this sample?

    By clicking “Continue”, you agree to our terms of service and privacy policy.


    Be careful. This essay is not unique

    This essay was donated by a student and is likely to have been used and submitted before

    Download this Sample

    Free samples may contain mistakes and not unique parts


    Sorry, we could not paraphrase this essay. Our professional writers can rewrite it and get you a unique paper.



    Please check your inbox.

    We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!


    Get Your
    Personalized Essay in 3 Hours or Less!

    We can help you get a better grade and deliver your task on time!
    • Instructions Followed To The Letter
    • Deadlines Met At Every Stage
    • Unique And Plagiarism Free
    Order your paper now