Automatic Vulnerability Detection in Embedded Devices and Firmware

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

Download Full-text

Intrusion Detection in IoT based Smart Networks using Fuzzy Brain Storm Optimization Technique

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f8651.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 3066-3071

Keyword(s):

Embedded Systems ◽

Optimization Technique ◽

Security And Privacy ◽

Smart Devices ◽

Software Systems ◽

Security Risks ◽

Security Vulnerabilities ◽

Brain Storm Optimization ◽

Fuzzy C Means Clustering ◽

The Internet Of Things

The Internet of Things (IoT) is characterized as an approach where objects are outfitted with sensors, processors, and actuators which include design of hardware board and development, protocols, web APIs, and software systems, which combined to make an associated architecture of embedded systems. This connected environment enables technologies to get associated with different networks, platforms, and devices, making a web of communication which is reforming the manner in which we communicate with the world digitally. These connected embedded systems are changing behaviour and interactions with our environment, networks, and homes, and also with our own bodies in terms of smart devices. Security and privacy are the most significant consideration in the field of real-world communication and mainly on IoTs. With the evolution of IoT the network layer security in the IoT has drawn greater focus. The security vulnerabilities in the IoT system could make security risks based on any application. Therefore there is an essential requirement for IDS for the IoT based systems for avoiding security attacks based on security vulnerabilities. This paper proposed a fuzzy c-means clustering with brain storm optimization algorithm (FBSO) for IDS based on IoT system. The NSL-KDD dataset is utilized to evaluate and simulate the proposed algorithm. The results demonstrate that the proposed technique efficiently recognize intrusion attacks and decrease the network difficulties

Download Full-text

RELATIONSHIP IN IOT AND BIG DATA ANALYTICS: THE OPPORTUNITIES AND OPEN CHALLENGES

Statistika, učet i audit ◽

10.51579/1563-2415.2021-4.16 ◽

2021 ◽

Vol 83 (4) ◽

pp. 100-111

Author(s):

Ahmad Anwar Zainuddin ◽

Keyword(s):

Big Data ◽

Internet Of Things ◽

Data Analytics ◽

Big Data Analytics ◽

Physical World ◽

Future Directions ◽

Wide Range ◽

Time Utilization ◽

Relationship Of ◽

The Internet Of Things

Internet of Things (IoT) is an up-and-coming technology that has a wide variety of applications. It empowers physical objects to be organized in a specialized framework to grow its convenience in terms of ease and time utilization. It is to convert the thought of bridging the crevice between the physical world and the machine world. It is also being use in the wide range of the technology in this current situation. One of its applications is to monitor and store data over time from numerous devices allows for easy analysis of the dataset. This analysis can then be the basis of decisions made on the same. In this study, the concept, architecture, and relationship of IoT and Big Data are described. Next, several use cases in IoT and big data in the research methodology are studied. The opportunities and open challenges which including the future directions are described. Furthermore, by proposing a new architecture for big data analytics in the Internet of Things, this paper adds value. Overall, the various types of big IoT data analytics, their methods, and associated big data mining technologies are discussed.

Download Full-text

Analysis of Vulnerabilities in IoT and Its Solutions

Managing Resources for Futuristic Wireless Networks - Advances in Wireless Technologies and Telecommunication ◽

10.4018/978-1-5225-9493-2.ch007 ◽

2021 ◽

pp. 157-177

Author(s):

Puspanjali Mallik

Keyword(s):

Security And Privacy ◽

Heterogeneous Structure ◽

Privacy Concern ◽

Security Vulnerabilities ◽

Smart Vehicles ◽

Security Issues ◽

Smart Healthcare ◽

Wide Range ◽

Main Motive ◽

Iot Devices

The internet of things (IoT) fulfils abundant demands of present society by facilitating the services of cutting-edge technology in terms of smart home, smart healthcare, smart city, smart vehicles, and many more, which enables present day objects in our environment to have network communication and the capability to exchange data. These wide range of applications are collected, computed, and provided by thousands of IoT elements placed in open spaces. The highly interconnected heterogeneous structure faces new types of challenges from a security and privacy concern. Previously, security platforms were not so capable of handling these complex platforms due to different communication stacks and protocols. It seems to be of the utmost importance to keep concern about security issues relating to several attacks and vulnerabilities. The main motive of this chapter is to analyze the broad overview of security vulnerabilities and its counteractions. Generally, it discusses the major security techniques and protocols adopted by the IoT and analyzes the attacks against IoT devices.

Download Full-text

CSAP

Examining the Impact of Deep Learning and IoT on Multi-Industry Applications - Advances in Web Technologies and Engineering ◽

10.4018/978-1-7998-7511-6.ch014 ◽

2021 ◽

pp. 249-269

Author(s):

Marius Iulian Mihailescu ◽

Stefania Loredana Nita

Keyword(s):

Embedded Systems ◽

Programming Language ◽

User Interfaces ◽

Current Work ◽

Embedded Devices ◽

Security Vulnerabilities ◽

Software Applications ◽

Comprehensive Survey ◽

Software And Hardware ◽

Research Analysis

The current proposal of C++20 features suggests that the coroutines will have dedicated support for the native language. This chapter will provide an analysis that is performed based on a comprehensive survey of coroutines that are used in the development process of the embedded systems and how they are used on dedicated platforms based on their constrained resources. Another important aspect of the work consists of analyzing the performance of designing and implementation of coroutines in software applications related to IoT and embedded devices focusing on the security vulnerabilities of the devices within an IoT ecosystem. The research analysis that forms the basis of the current work is based on metrics, such as software and hardware platform requirements, computation power, scenarios, advantages, and designing user interfaces based on the programming language used. The current work will be completed by adding a comparison with C# 8 programming language and C++20.

Download Full-text

Erratum to “Text Data Security and Privacy in the Internet of Things: Threats, Challenges, and Future Directions”

Wireless Communications and Mobile Computing ◽

10.1155/2021/4127341 ◽

2021 ◽

Vol 2021 ◽

pp. 1-1

Author(s):

Umair Khadam ◽

Muhammad Munwar Iqbal ◽

Meshrif Alruily ◽

Mohammed A. Al Ghamdi ◽

Muhammad Ramzan ◽

...

Keyword(s):

Internet Of Things ◽

Data Security ◽

Security And Privacy ◽

The Internet ◽

Text Data ◽

Future Directions ◽

The Internet Of Things

Download Full-text

Threat Modeling—How to Visualize Attacks on IOTA?

Sensors ◽

10.3390/s21051834 ◽

2021 ◽

Vol 21 (5) ◽

pp. 1834

Author(s):

Ikram Ullah ◽

Gerard de Roode ◽

Nirvana Meratnia ◽

Paul Havinga

Keyword(s):

Security And Privacy ◽

Security Vulnerabilities ◽

Vast Number ◽

Threat Modeling ◽

Iot Applications ◽

Distributed Ledger ◽

Distributed Ledger Technology ◽

Wide Range ◽

Iot Devices ◽

Privacy Breaches

Internet of Things (IoT) has been deployed in a vast number of smart applications with the aim to bring ease and comfort into our lives. However, with the expansion of IoT applications, the number of security and privacy breaches has also increased, which brings into question the resilience of existing security and trust mechanisms. Furthermore, the contemporaneous centralized technology is posing significant challenges viz scalability, transparency and efficiency to wide range of IoT applications such as smart logistics, where millions of IoT devices need to be connected simultaneously. Alternatively, IOTA is a distributed ledger technology that offers resilient security and trust mechanisms and a decentralized architecture to overcome IoT impediments. IOTA has already been implemented in many applications and has clearly demonstrated its significance in real-world applications. Like any other technology, IOTA unfortunately also encounters security vulnerabilities. The purpose of this study is to explore and highlight security vulnerabilities of IOTA and simultaneously demonstrate the value of threat modeling in evaluating security vulnerabilities of distributed ledger technology. IOTA vulnerabilities are scrutinized in terms of feasibility and impact and we have also presented prevention techniques where applicable. To identify IOTA vulnerabilities, we have examined existing literature and online blogs. Literature available on this topic is very limited so far. As far as we know IOTA has barely been addressed in the traditional journals, conferences and books. In total we have identified six vulnerabilities. We used Common Vulnerability Scoring System (CVSS v3.0) to further categorize these vulnerabilities on the basis of their feasibility and impact.

Download Full-text

Middleware Approach to Enhance the Security and Privacy in the Internet of Things

Security and Privacy Issues in Sensor Networks and IoT - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-0373-7.ch007 ◽

2020 ◽

pp. 169-192

Author(s):

Vikash ◽

Lalita Mishra ◽

Shirshu Varma

Keyword(s):

Internet Of Things ◽

Secure Communication ◽

Basic Feature ◽

Security And Privacy ◽

The Internet ◽

End User ◽

Future Directions ◽

Research Areas ◽

Pervasive Environment ◽

The Internet Of Things

Internet of things is one of the most rapidly growing research areas. Nowadays, IoT is applicable in various diverse areas because of its basic feature i.e., anything would be available to anyone at anytime. Further, IoT aims to provide service in a pervasive environment, although different problems crop up when the researchers move towards pervasiveness. Security and Privacy are the most intense problems in the field of IoT. There are various approaches available to handle these issues: Architectural security, Database security, Secure communication, and Middleware approaches. This chapter's authors concentrate on middleware approach from the security and privacy perceptive. Middleware can provide security by separating the end user from the actual complex system. Middleware also hides the actual complexity of the system from the user. So, the user will get the seamless services with no threats to security or privacy. This chapter provides a brief overview of secure middlewares and suggests the current research gaps as future directions.

Download Full-text

Integration of Internet Protocol and Embedded System On IoT Device Automation

10.21203/rs.3.rs-947704/v1 ◽

2021 ◽

Author(s):

Yousef MethkalAbd Algani ◽

Balaji S ◽

AlbertRaj A. ◽

Elangovan G. ◽

Sathish Kumar P.J. ◽

...

Keyword(s):

Internet Of Things ◽

Embedded Systems ◽

Embedded System ◽

Internet Protocol ◽

Smart Devices ◽

The Internet ◽

Human Beings ◽

Wide Range ◽

Smart Technologies ◽

The Internet Of Things

Abstract The integration of Internet Protocol and Embedded Systems can enhance the communication platform. This paper describes the emerging smart technologies based on Internet of Things (IOT) and internet protocols along with embedded systems for monitoring and controlling smart devices with the help of Wi-Fi technology and web applications. The internet protocol (IP) address has been assigned to the things to control and operate the devices via remote network that facilitates the interoperability and end-to-end communication among various devices c,onnected over a network. The HTTP POST and HTTP GET command that supports the RESTful service have been used to ensure the transmission and reception of packets between the IOT Gateway and Cloud Database. The emerging smart technologies based on the Internet of Things (IoT) facilitated features like automation, controllability, interconnectivity, reliability which in turn turn paved the way for a wide range of acceptance amongst the masses. The Internet of Things (IoT) has brought in many new emerging technologies into varoius field like our daily lives, industry, agricultural sector, and many more. The world is experiencing the explosive growth with the advent of Internet of Things (IoT) these years. The potential growth of IoT is enoromous which is evidenced by all the human beings in our day to day life.

Download Full-text

Security of RPL based 6LoWPAN Networks in the Internet of Things: A Review

10.36227/techrxiv.12121971.v1 ◽

2020 ◽

Author(s):

Abhishek Verma ◽

Virender Ranga

Keyword(s):

Internet Of Things ◽

Embedded System ◽

Routing Protocol ◽

Security And Privacy ◽

Smart Devices ◽

Resource Constrained ◽

Future Directions ◽

Research Issues ◽

Open Research ◽

The Internet Of Things

<div>Internet of Things (IoT) is one of the fastest emerging networking paradigms enabling a large number of applications for the benefit of mankind. Advancements in embedded system technology and compressed IPv6 have enabled the support of IP stack in resource constrained heterogeneous smart devices. However, global connectivity and resource constrained characteristics of smart devices have exposed them to different insider and outsider attacks, which put users’ security and privacy at risk. Various risks associated with IoT slow down its growth and become an obstruction in the worldwide adoption of its applications. In RFC 6550, the IPv6 Routing Protocol for Low Power and Lossy Network (RPL) is specified by IETF’s ROLL working group for facilitating efficient routing in 6LoWPAN networks, while considering its limitations. Due to resource constrained nature of nodes in the IoT, RPL is vulnerable to many attacks that consume the node’s resources and degrade the network’s performance. In this paper, we present a study on</div><div>various attacks and their existing defense solutions, particularly to RPL. Open research issues, challenges, and future directions specific to RPL security are also discussed. A taxonomy of RPL attacks, considering the essential attributes like resources, topology, and traffic, is shown for better understanding. In addition, a study of existing cross-layered and RPL specific network layer based defense solutions suggested in the literature is also carried out.</div>

Download Full-text

An Examination of Security and Privacy Challenges in Internet of Things

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.d1001.0484s19 ◽

2020 ◽

Vol 8 (4S) ◽

pp. 1-5

Keyword(s):

Internet Of Things ◽

Cyber Security ◽

Security And Privacy ◽

The Internet ◽

Security Threats ◽

Large Network ◽

Iot Security ◽

Security Issues ◽

Wide Range ◽

The Internet Of Things

The Internet of Things (IoT) has been growing to market from the past several years with great potential. Many several devices have been now available in the market based on IoT, which enables it to connect with your smart phones or with any other kind of smart resources, and then that device is ready to perform smart work via the Internet. With the help of IoT, we are now able to make our devices connect with the internet and then can be operated from anywhere from the geo location as well as it can store and retrieve a large amount of data for better communication between the end-user and the device. IoT also has a wide range of applications that are being used on many platforms. However, this great technology also has to face many problems and among all the problems the main issue arises with its security aspects. The major concern on using IoT security is the hacker wants to enter into the large network system using a particular device as all the devices are connected over the network. Not only this, many other security threats and malware are also a major concern in IoT. So taking these security aspects as a major concern this research paper reviews several security issues and challenges that occur in IoT. As there in every field when it comes to cyber security for any kind of data, we need to follow CIA Security Triangle i.e., Confidentiality, Integrity, and Availability of data. CIA security triangle is the most important concept in terms of security and also must be taken into consideration in the IoT domain. Therefore, considering all these facts and reviewing some of the latest documents as well as researches in the field of IoT, this paper has been based on all the facts related to IoT security issues and its desirable solution which is needed to be done and should follow the security triangle to an extent.

Download Full-text