A Comprehensive and Systematic Survey on the Internet of Things: Security and Privacy Challenges, Security Frameworks, Enabling Technologies, Threats, Vulnerabilities and Countermeasures

The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem.

Download Full-text

Predicting Internet of Things (IOT) Security and Privacy Risks – A Proposal Model: توقع مخاطر أمن وخصوصية إنترنت الأشياء (IOT) – نموذج مقترح بحثي

Journal of engineering sciences and information technology - مجلة العلوم الهندسية و تكنولوجيا المعلومات ◽

10.26389/ajsrp.q070621 ◽

2021 ◽

Vol 5 (3) ◽

pp. 133-112

Author(s):

Awad Saad Al-Qahtani, Mohammad Ayoub Khan Awad Saad Al-Qahtani, Mohammad Ayoub Khan

Keyword(s):

Internet Of Things ◽

Security Management ◽

Cyber Attacks ◽

Security Requirements ◽

Security And Privacy ◽

The Internet ◽

Security Risks ◽

Iot Security ◽

Iot Devices ◽

The Internet Of Things

The Internet of things (IOT) users lack awareness of IOT security infrastructure to handle the risks including Threats, attack and penetration associated with its use. IOT devices are main targets for cyber-attacks due to variable personally identifiable information (PII) stored and transmit in the cyber centers. The security risks of the Internet of Things aimed to damage user's security and privacy. All information about users can be collected from their related objects which are stored in the system or transferred through mediums among diverse smart objects and may exposed to exposed dangerous of attacks and threats if it lack authentication so there are essential need to make IOT security requirements as important part of its efficient implementation. These requirements include; availability, accountability, authentication, authorization, privacy and confidentiality, Integrity and Non-repudiation. The study design is a survey research to investigate the visibility of the proposed model of security management for IOT uses, the security risks of IOT devices, and the changes IOT technology on the IT infrastructure of IOT users through answering of the research questionnaires. This work proposes a model of security management for IOT to predict IOT security and privacy threats, protect IOT users from any unforeseen dangers, and determine the right security mechanisms and protocols for IOT security layers, as well as give the most convenient security mechanisms. Moreover, for enhancing the performance of IOT networks by selecting suitable security mechanisms for IOT layers to increase IOT user's security satisfaction.

Download Full-text

A Survey of Authentication Schemes in the Internet of Things

International Journal of Smart Security Technologies ◽

10.4018/ijsst.2019010102 ◽

2019 ◽

Vol 6 (1) ◽

pp. 15-30 ◽

Cited By ~ 1

Author(s):

Yasmine Labiod ◽

Abdelaziz Amara Korba ◽

Nacira Ghoualmi-Zine

Keyword(s):

Internet Of Things ◽

Security Requirements ◽

Security And Privacy ◽

The Internet ◽

Privacy And Security ◽

Depth Study ◽

Authentication Schemes ◽

Iot Devices ◽

Privacy Issues ◽

The Internet Of Things

In the recent years, the Internet of Things (IoT) has been widely deployed in different daily life aspects such as home automation, electronic health, the electric grid, etc. Nevertheless, the IoT paradigm raises major security and privacy issues. To secure the IoT devices, many research works have been conducted to counter those issues and discover a better way to remove those risks, or at least reduce their effects on the user's privacy and security requirements. This article mainly focuses on a critical review of the recent authentication techniques for IoT devices. First, this research presents a taxonomy of the current cryptography-based authentication schemes for IoT. In addition, this is followed by a discussion of the limitations, advantages, objectives, and attacks supported of current cryptography-based authentication schemes. Finally, the authors make in-depth study on the most relevant authentication schemes for IoT in the context of users, devices, and architecture that are needed to secure IoT environments and that are needed for improving IoT security and items to be addressed in the future.

Download Full-text

Botnet and Internet of Things (IoTs)

Security, Privacy, and Forensics Issues in Big Data - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9742-1.ch013 ◽

2020 ◽

pp. 304-316

Author(s):

Kamal Alieyan ◽

Ammar Almomani ◽

Rosni Abdullah ◽

Badr Almutairi ◽

Mohammad Alauthman

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

The Internet ◽

Ddos Attacks ◽

Botnet Detection ◽

The Public ◽

Detection Techniques ◽

Channel Information ◽

Iot Devices ◽

The Internet Of Things

In today's internet world the internet of things (IoT) is becoming the most significant and developing technology. The primary goal behind the IoT is enabling more secure existence along with the improvement of risks at various life levels. With the arrival of IoT botnets, the perspective towards IoT products has transformed from enhanced living enabler into the internet of vulnerabilities for cybercriminals. Of all the several types of malware, botnet is considered as really a serious risk that often happens in cybercrimes and cyber-attacks. Botnet performs some predefined jobs and that too in some automated fashion. These attacks mostly occur in situations like phishing against any critical targets. Files sharing channel information are moved to DDoS attacks. IoT botnets have subjected two distinct problems, firstly, on the public internet. Most of the IoT devices are easily accessible. Secondly, in the architecture of most of the IoT units, security is usually a reconsideration. This particular chapter discusses IoT, botnet in IoT, and various botnet detection techniques available in IoT.

Download Full-text

Smart Internet of Things (IoT) Applications

Handbook of Research on Implementation and Deployment of IoT Projects in Smart Cities - Advances in Civil and Industrial Engineering ◽

10.4018/978-1-5225-9199-3.ch003 ◽

2019 ◽

pp. 33-42

Author(s):

Rahul Verma

Keyword(s):

Internet Of Things ◽

Cyber Physical Systems ◽

Security And Privacy ◽

Smart Device ◽

The Internet ◽

Iot Applications ◽

Individual Concepts ◽

The World ◽

Iot Devices ◽

The Internet Of Things

The internet of things (IoT) is the new buzzword in technological corridors with most technology companies announcing a smart device of sorts that runs on internet of things (IoT). Cities around the world are getting “smarter” every day through the implementation of internet of things (IoT) devices. Cities around the world are implementing individual concepts on their way to becoming smart. The services are automated and integrated end to end using internet of things (IoT) devices. The chapter presents an array of internet of things (IoT) applications. Also, cyber physical systems are becoming more vulnerable since the internet of things (IoT) attacks are common and threatening the security and privacy of such systems. The main aim of this chapter is to bring more research in the application aspects of smart internet of things (IoT).

Download Full-text

Botnet and Internet of Things (IoTs)

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch007 ◽

2021 ◽

pp. 138-150

Author(s):

Kamal Alieyan ◽

Ammar Almomani ◽

Rosni Abdullah ◽

Badr Almutairi ◽

Mohammad Alauthman

Keyword(s):

Internet Of Things ◽

Cyber Attacks ◽

The Internet ◽

Ddos Attacks ◽

Botnet Detection ◽

The Public ◽

Detection Techniques ◽

Channel Information ◽

Iot Devices ◽

The Internet Of Things

Download Full-text

A Novel Insider Attack and Machine Learning Based Detection for the Internet of Things

ACM Transactions on Internet of Things ◽

10.1145/3466721 ◽

2021 ◽

Vol 2 (4) ◽

pp. 1-23

Author(s):

Morshed Chowdhury ◽

Biplob Ray ◽

Sujan Chowdhury ◽

Sutharshan Rajasegarar

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Network Traffic ◽

The Internet ◽

Traffic Data ◽

Lossy Networks ◽

Insider Attack ◽

Iot Devices ◽

The Impact ◽

The Internet Of Things

Due to the widespread functional benefits, such as supporting internet connectivity, having high visibility and enabling easy connectivity between sensors, the Internet of Things (IoT) has become popular and used in many applications, such as for smart city, smart health, smart home, and smart vehicle realizations. These IoT-based systems contribute to both daily life and business, including sensitive and emergency situations. In general, the devices or sensors used in the IoT have very limited computational power, storage capacity, and communication capabilities, but they help to collect a large amount of data as well as maintain communication with the other devices in the network. Since most of the IoT devices have no physical security, and often are open to everyone via radio communication and via the internet, they are highly vulnerable to existing and emerging novel security attacks. Further, the IoT devices are usually integrated with the corporate networks; in this case, the impact of attacks will be much more significant than operating in isolation. Due to the constraints of the IoT devices, and the nature of their operation, existing security mechanisms are less effective for countering the attacks that are specific to the IoT-based systems. This article presents a new insider attack, named loophole attack , that exploits the vulnerabilities present in a widely used IPv6 routing protocol in IoT-based systems, called RPL (Routing over Low Power and Lossy Networks). To protect the IoT system from this insider attack, a machine learning based security mechanism is presented. The proposed attack has been implemented using a Contiki IoT operating system that runs on the Cooja simulator, and the impacts of the attack are analyzed. Evaluation on the collected network traffic data demonstrates that the machine learning based approaches, along with the proposed features, help to accurately detect the insider attack from the network traffic data.

Download Full-text

Influence of Montoring: Fog and Edge Computing

Scalable Computing Practice and Experience ◽

10.12694/scpe.v20i2.1533 ◽

2019 ◽

Vol 20 (2) ◽

pp. 365-376 ◽

Cited By ~ 12

Author(s):

Vivek Kumar Prasad ◽

Madhuri D Bhavsar ◽

Sudeep Tanwar

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

The Internet ◽

Cloud Platform ◽

The World ◽

Iot Devices ◽

Edge And Fog Computing ◽

The Impact ◽

The Internet Of Things

The evolution of the Internet of Things (IoT) has augmented the necessity for Cloud, edge and fog platforms. The chief benefit of cloud-based schemes is they allow data to be collected from numerous services and sites, which is reachable from any place of the world. The organizations will be benefited by merging the cloud platform with the on-site fog networks and edge devices and as result, this will increase the utilization of the IoT devices and end users too. The network traffic will reduce as data will be distributed and this will also improve the operational efficiency. The impact of monitoring in edge and fog computing can play an important role to efficiently utilize the resources available at these layers. This paper discusses various techniques involved for monitoring for edge and fog computing and its advantages. The paper ends with a case study to demonstarte the need of monitoring in fog and edge in the healthcare system.

Download Full-text

Middleware Approach to Enhance the Security and Privacy in the Internet of Things

Security and Privacy Issues in Sensor Networks and IoT - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-0373-7.ch007 ◽

2020 ◽

pp. 169-192

Author(s):

Vikash ◽

Lalita Mishra ◽

Shirshu Varma

Keyword(s):

Internet Of Things ◽

Secure Communication ◽

Basic Feature ◽

Security And Privacy ◽

The Internet ◽

End User ◽

Future Directions ◽

Research Areas ◽

Pervasive Environment ◽

The Internet Of Things

Internet of things is one of the most rapidly growing research areas. Nowadays, IoT is applicable in various diverse areas because of its basic feature i.e., anything would be available to anyone at anytime. Further, IoT aims to provide service in a pervasive environment, although different problems crop up when the researchers move towards pervasiveness. Security and Privacy are the most intense problems in the field of IoT. There are various approaches available to handle these issues: Architectural security, Database security, Secure communication, and Middleware approaches. This chapter's authors concentrate on middleware approach from the security and privacy perceptive. Middleware can provide security by separating the end user from the actual complex system. Middleware also hides the actual complexity of the system from the user. So, the user will get the seamless services with no threats to security or privacy. This chapter provides a brief overview of secure middlewares and suggests the current research gaps as future directions.

Download Full-text

IoT and Cyber Security

Quantum Cryptography and the Future of Cyber Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2253-0.ch010 ◽

2020 ◽

pp. 203-235

Author(s):

Keyurbhai Arvindbhai Jani ◽

Nirbhay Chaubey

Keyword(s):

Internet Of Things ◽

Cyber Security ◽

Cyber Attacks ◽

The Internet ◽

Smart Objects ◽

The Third ◽

Different Types ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) connects different IoT smart objects around people to make their life easier by connecting them with the internet, which leads IoT environments vulnerable to many attacks. This chapter has few main objectives: to understand basics of IoT; different types of attacks possible in IoT; and prevention steps to secure IoT environment at some extent. Therefore, this chapter is mainly divided into three parts. In first part discusses IoT devices and application of it; the second part is about cyber-attacks possible on IoT environments; and in the third part is discussed prevention and recommendation steps to avoid damage from different attacks.

Download Full-text

The Future of Low-End Motes in the Internet of Things: A Prospective Paper

Electronics ◽

10.3390/electronics9010111 ◽

2020 ◽

Vol 9 (1) ◽

pp. 111 ◽

Cited By ~ 1

Author(s):

Daniel Oliveira ◽

Miguel Costa ◽

Sandro Pinto ◽

Tiago Gomes

Keyword(s):

Internet Of Things ◽

Reconfigurable Computing ◽

Sensor Nodes ◽

Security And Privacy ◽

The Internet ◽

Wireless Sensor Nodes ◽

Privacy Concerns ◽

Energy Needs ◽

Iot Devices ◽

The Internet Of Things

Undeniably, the Internet of Things (IoT) ecosystem continues to evolve at a breakneck pace, exceeding all growth expectations and ubiquity barriers. From sensor to cloud, this giant network keeps breaking technological bounds in several domains, and wireless sensor nodes (motes) are expected to be predominant as the number of IoT devices grows towards the trillions. However, their future in the IoT ecosystem still seems foggy, where several challenges, such as (i) device’s connectivity, (ii) intelligence at the edge, (iii) security and privacy concerns, and (iv) growing energy needs, keep pulling in opposite directions. This prospective paper offers a succinct and forward-looking review of recent trends, challenges, and state-of-the-art solutions of low-end IoT motes, where reconfigurable computing technology plays a key role in tomorrow’s IoT devices.

Download Full-text