About this sample
About this sample
Words: 2327 |
Pages: 5|
12 min read
Published: Nov 8, 2019
Words: 2327|Pages: 5|12 min read
Published: Nov 8, 2019
With the passage of time and increasing human population there is rapid growth in the data as well as allowing them to interact with each other, devices and networks on a broader scale provide number of benefits like easy access to related information, portability, automation, environmental and weather monitoring. In the future, hundreds of billions of networks and devices will interact with each other without human intervention.
However, due to large and complex data and networks involvement there are many open challenges related to security. Therefore, it becomes very important that we study how the current security approaches in this field that can be improved, and better understanding of possible solutions so that this study may contribute to the field of IoT for research purposes.
The Internet of Things (IoT) refers to an area where anything can connect and communicate with anything over the internet. There can be various types of things it can be ranges from a human to a mirror in washroom, it can be anything like an animal, microwave oven, toothbrush or any physical thing one can imagine. These things can connect and communicate with each other any time (i.e. day, night) and anyplace (i.e. Inside, outside, on the way). In today’s world we can see many smart things around us for example Smart phones, smart locks, smart cars, smart TVs, smart ACs and smart camera etc. These smart things have actually started the journey towards smart word which was imaginary few years earlier.
A simple example where these smart things can be utilized is “Smart Home” which may detect occupancy of the rooms and can control lightening, heating and cooling system etc. accordingly and as this whole system can be connect to the internet so one can monitor or manage it remotely anywhere in the world.
According to industry experts by year 2020, it is estimated that more than 50 billion things (not necessarily devices) will connect to the Internet which is seven times of our human population. This shows immense growth in IoT field as more and more users from different walks for life are shifting to IoT.
The importance of security and privacy cannot be ignored in this whole scenario as most of the communication is being done without any physical medium (i.e wireless).
Anyone can hack into security system of the home and get the information like if there is anyone at home or not? In the same way any unknown person or thief may get into the database system of bank or any office and may get financial and personal information of customers or employees etc. These are some common examples of security breaches. However these breaches may be more serious when may be done on the systems of an hospital where medical devices are attached or on the system of smart car controlling its braking and accelerating system where security breach can be a matter of life and death for someone.
The Internet of Things (IoT) is hot topic in the field of networks and main topic of discussion and research now-a-days as its practical implementation can be seen in the recent years and more will be seen in the years to come.as rapid growth in IoT field can be seen the question arises that “Does security has improved on the same phase specially for IoT devices and system? “Definitely Not, more work and improvement needed to be done towards privacy and security related to IoT.
According to report by Hewlett-Packard in a 2015 on IoT research
The IoT devices are mostly controlled and managed by web interface which is itself not fully secure medium to use even most of the time hackers break into the system or network using web interface.
The Open Web Application Security Project (OWASP) (“OWASP Internet of Things Project - OWASP,” n.d.) has listed the following top 10 IoT vulnerabilities:
To enhance security and privacy of IoT devices and system layer based (i.e. Application Layer, Perception Layer, Network Layer and Physical Layer) security system can be implemented, security on each layer needs to be improved as well as security of the data transfer technologies need to be improved (i.e. ZigBee, Wifi, Bluetooth etc.
3. Security in terms of IoT:
For this purpose, we need to understand following two terms first:
A secure system: a system is said to be secure when it achieves all the security requirements (Mosenia & Jha, 2017).
A security attack: an attack is said to be security attack when at least one of the security requirements (Mosenia & Jha, 2017).
Architecture of IoT mainly consist of following four layers
This layer is consist of different sensory technologies, like sensors related to vibration, temperature etc. In these devices RFID sensors are used for sensing other objects.
This layer is consisting of network communication as well as network related physical components.
This layer consists of information processing system used for communication purposes.
Consists of different IoT related applications and services including smart homes and cities, transportation and health sector.
With rapid growth of IoT enabled smart world more and more devices connected to internet everyday vulnerable to security attacks more than internet has to date. Above mentioned four layers plays an important role as for as IoT security is concerned. Security on each level/layer need to confirm in order to secure whole IoT system/Network secure.
In this section we will see the security issues/attacks in depth for each IoT layer and countermeasures to deal with issues.
Simply it is defined as “Cloning and Unauthorized Access” in this type of attack attacker send false broadcast message to network. Falsely defacing its originality which falsely shows it appearing from the original or real source. It usually results of an un-authorize access of the attacker. Signal /Radio Jamming It is a type of Denial-of-service (DoS) attacks that it captures channel used for communication and blocks its communication.
The attacker get access to the sensor node physically exchanges with the node which is malicious. It has been done to harm the target after getting un-authorize access.
The attack is done to the network and it stops from performing basic network related functions.
This term is used when attacker sniffs the information which is personal such as passwords or other confidential data.
Time and security is very important in any sort of communication wither it is a wired network or wireless. This is type DOS attack in which packet or massage is not fully deliver to destination rather drops selectively or drops whole packet due to malicious node as a result message may not delivered completely and properly to the destination.
The name is derived from the case study of a woman who has multiple personality disorder. This attack almost does as its name. Multiple identities represented by a malicious node resulting an attacker can be at multiple places at onces.as a result network may not be able to identify these multiple notes creating disruption in overall communication of the network.
It refers to strong resource confliction between nearby nodes of the malicious node which low down bandwidth and channel access. It results in overcrowding which can increase battery usage of nodes. Which leads to other DOS attacks as well.
Another type of DoS attack which changes data at bit level and it is done by using tunneling.
This Attack is occurred when an unauthorized node is placed in the path of actual communication of two nodes by using that unauthorized node an attacker may try to sniff or listen the data by using some tools resulting in disturbance in overall communication.
Data is said to be tempered when it is intentionally changed or deleted using unauthorized access.
DoS Attack:It closes down the system by engaging its resources due to which services does not work anymore.
Unauthorized Access: it is very simple terminology as name describes.it is when attacker gains access to any node or computing resource using someone else’s account or other methods. For example, if attacker keep trying guessing someone else’s password or using some tool for this purpose and gaining access it will be said to an unauthorized access.
It is the program used to sniff network traffic which is used to steal passwords and other sensitive and confidential data etc.
Malicious code or programming instructions has been entered into the target system to gain unauthorized access.
It is the misuse of a valid computer session to gain unauthorized to access confidential and sensitive data .It is also known as cookie hijacking.
Almost same as DOS,but multiple usually infected computer systems engages in it to hit the target.
Social Engineering: In this type of threat where attackers can get information from users of social media etc.
Physical security (“OWASP Internet of Things Project - OWASP,” n.d.) is one of the most important steps that can be taken to secure IoT or any security system that is why OWASP (Open Web Application Security Project) has listed weak physical security in the top 10 IoT vulnerabilities.
Authentication and authorization is another important thing to focus means that only authorized users may have access to any important or sensitive data.
Data collection is also done on this layer so data collected must be secure in all sense. Different security techniques may be applied for this purpose like multimedia compression, image compression, water marking and CRC etc.
Risk Assessment is also important for IoT security point of view. Different cryptographic algorithms may be applied on the data obtained from IoT for security purposes as shown in the following table (Leloglu, 2016).
This layer is consisting of two sub layers i.e. layer for wired communication and layer for wireless communication, different protocols are used for security purpose in wireless sub layer. Like IP Sec security protocol. Another protocol specially used for sensors or other devices connected to the network is Private Pre-Shared Key which is also called PPSK.
As for as wired sub layer is concerned firewall and IPS (Intrusion Prevention System) are mostly used to provide security. But there is no proper firewall or IPS specifically developed for IoT environment. However research is on its way to develop suitable Firewall or IPS which use minimum resources.
Sub layer having local applications for security purpose encryption techniques is used by Transportation system and Steganography techniques is used by smart homes etc.
This sub layer is related to applications anti-virus, intrusion detection and firewall etc.
IoT is a new age’s developing field many scientists and researchers are working on it but still there is much work need to be done in different areas including IoT security.
Security is very important as more and more devices are connecting to internet day by day so before coming to IoT people are more concerned about privacy and security.
In this paper we have discussed key security issues/threads and discussed their solutions layer by layer so that after studying all these more secure IoT system may be developed.
Get high-quality help
+120 experts online
Remember! This is just a sample.
You can get your custom paper by one of our expert writers.
Get custom essay121 writers online
Browse our vast selection of original essay samples, each expertly formatted and styled
Where do you want us to send this sample?
Be careful. This essay is not unique
This essay was donated by a student and is likely to have been used and submitted before
Download this Sample
Free samples may contain mistakes and not unique parts
Thanks!
Please check your inbox.
We can write you a custom essay that will follow your exact instructions and meet the deadlines. Let's fix your grades together!
