A Study of Threats, Vulnerabilities and Countermeasures: An IoT Perspective

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Download Full-text

COSMOS: Collaborative, Seamless and Adaptive Sentinel for the Internet of Things

Sensors ◽

10.3390/s19071492 ◽

2019 ◽

Vol 19 (7) ◽

pp. 1492 ◽

Cited By ~ 6

Author(s):

Pantaleone Nespoli ◽

David Useche Pelaez ◽

Daniel Díaz López ◽

Félix Gómez Mármol

Keyword(s):

Internet Of Things ◽

Real World ◽

Smart Devices ◽

Raspberry Pi ◽

The Internet ◽

Security Issues ◽

Dynamic Scenario ◽

Computer Based ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) became established during the last decade as an emerging technology with considerable potentialities and applicability. Its paradigm of everything connected together penetrated the real world, with smart devices located in several daily appliances. Such intelligent objects are able to communicate autonomously through already existing network infrastructures, thus generating a more concrete integration between real world and computer-based systems. On the downside, the great benefit carried by the IoT paradigm in our life brings simultaneously severe security issues, since the information exchanged among the objects frequently remains unprotected from malicious attackers. The paper at hand proposes COSMOS (Collaborative, Seamless and Adaptive Sentinel for the Internet of Things), a novel sentinel to protect smart environments from cyber threats. Our sentinel shields the IoT devices using multiple defensive rings, resulting in a more accurate and robust protection. Additionally, we discuss the current deployment of the sentinel on a commodity device (i.e., Raspberry Pi). Exhaustive experiments are conducted on the sentinel, demonstrating that it performs meticulously even in heavily stressing conditions. Each defensive layer is tested, reaching a remarkable performance, thus proving the applicability of COSMOS in a distributed and dynamic scenario such as IoT. With the aim of easing the enjoyment of the proposed sentinel, we further developed a friendly and ease-to-use COSMOS App, so that end-users can manage sentinel(s) directly using their own devices (e.g., smartphone).

Download Full-text

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

Future Internet ◽

10.3390/fi11060127 ◽

2019 ◽

Vol 11 (6) ◽

pp. 127 ◽

Cited By ~ 7

Author(s):

Michele De Donno ◽

Alberto Giaretta ◽

Nicola Dragoni ◽

Antonio Bucchiarone ◽

Manuel Mazzara

Keyword(s):

Cloud Computing ◽

Data Analytics ◽

The Internet ◽

Utility Computing ◽

Security Issues ◽

Potential Impact ◽

Iot Devices ◽

Computational Resources ◽

The Internet Of Things ◽

Security Of Iot

The Internet of Things (IoT) is rapidly changing our society to a world where every “thing” is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

Download Full-text

Addressing Security Issues of the Internet of Things Using Physically Unclonable Functions

Research Anthology on Blockchain Technology in Business, Healthcare, Education, and Government ◽

10.4018/978-1-7998-5351-0.ch020 ◽

2021 ◽

pp. 333-350

Author(s):

Ishfaq Sultan ◽

Mohammad Tariq Banday

Keyword(s):

Internet Of Things ◽

Hardware Implementation ◽

Hardware Security ◽

The Internet ◽

Huge Number ◽

Security Issues ◽

Physically Unclonable Functions ◽

Iot Devices ◽

The Internet Of Things

The spatial ubiquity and the huge number of employed nodes monitoring the surroundings, individuals, and devices makes security a key challenge in IoT. Serious security apprehensions are evolving in terms of data authenticity, integrity, and confidentiality. Consequently, IoT requires security to be assured down to the hardware level, as the authenticity and the integrity need to be guaranteed in terms of the hardware implementation of each IoT node. Physically unclonable functions recreate the keys only while the chip is being powered on, replacing the conventional key storage which requires storing information. Compared to extrinsic key storage, they are able to generate intrinsic keys and are far less susceptible against physical attacks. Physically unclonable functions have drawn considerable attention due to their ability to economically introduce hardware-level security into individual silicon dice. This chapter introduces the notion of physically unclonable functions, their scenarios for hardware security in IoT devices, and their interaction with traditional cryptography.

Download Full-text

Blockchain With the Internet of Things

Advances in Information Security, Privacy, and Ethics - Enabling Blockchain Technology for Secure Networking and Communications ◽

10.4018/978-1-7998-5839-3.ch009 ◽

2021 ◽

pp. 202-228

Author(s):

Kamalendu Pal

Keyword(s):

Information Systems ◽

Internet Of Things ◽

Manufacturing Industry ◽

The Internet ◽

Enterprise Information ◽

Privacy And Security ◽

Security Issues ◽

Iot Applications ◽

Iot Devices ◽

The Internet Of Things

The internet of things (IoT) is ushering a new age of technology-driven automation of information systems into the manufacturing industry. One of the main concerns with IoT systems is the lack of privacy and security preserving schemes for controlling access and ensuring the safety of the data. Many security issues arise because of the centralized architecture of IoT-based information systems. Another concern is the lack of appropriate authentication and access control schemes to moderate the access to information generated by the IoT devices in the manufacturing industry. Hence, the question that arises is how to ensure the identity of the manufacturing machinery or the communication nodes. This chapter presents the advantages of blockchain technology to secure the operation of the modern manufacturing industry in a trustless environment with IoT applications. The chapter reviews the challenges and threats in IoT applications and how integration with blockchain can resolve some of the manufacturing enterprise information systems (EIS).

Download Full-text

Internet of things (IoT): a technology review, security issues, threats, and open challenges

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v20.i3.pp1685-1692 ◽

2020 ◽

Vol 20 (3) ◽

pp. 1685

Author(s):

Alaa Ahmed Abbood ◽

Qahtan Makki Shallal ◽

Mohammed A. Fadhel

Keyword(s):

Internet Of Things ◽

The Internet ◽

Research Focus ◽

Huge Number ◽

Privacy And Security ◽

Security Issues ◽

Iot Devices ◽

Internet Of Things Technology ◽

The Internet Of Things ◽

Technology Review

<p><span>Internet of Things (IoT) devices are spread in different areas such as e-tracking, e-commerce, e-home, and e-health, etc. Thus, during the last ten years, the internet of things technology (IoT) has been a research focus. Both privacy and security are the key concerns for the applications of IoT, and still face a huge number of challenges. There are many elements used to run the IoT technology which include hardware and software such as sensors, GPS, cameras, applications, and so forth. In this paper, we have analyzed and explain the technology of IoT along with its elements, security features, security issues, and threats that attached to each layer of IoT to guide the consideration of researchers into solve and understand the most serious problems in IoT environment.</span></p>

Download Full-text

Securing IoT Applications Using Blockchain

Blockchain Applications in IoT Security - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-2414-5.ch004 ◽

2021 ◽

pp. 56-83

Author(s):

Sreelakshmi K. K. ◽

Ashutosh Bhatia ◽

Ankit Agrawal

Keyword(s):

Internet Of Things ◽

The Internet ◽

Privacy And Security ◽

Security Issues ◽

Iot Applications ◽

Control Schemes ◽

Iot Devices ◽

Smart Computing ◽

The Internet Of Things ◽

Remarkable Progress

The internet of things (IoT) has become a guiding technology behind automation and smart computing. One of the major concerns with the IoT systems is the lack of privacy and security preserving schemes for controlling access and ensuring the security of the data. A majority of security issues arise because of the centralized architecture of IoT systems. Another concern is the lack of proper authentication and access control schemes to moderate access to information generated by the IoT devices. So the question that arises is how to ensure the identity of the equipment or the communicating node. The answer to secure operations in a trustless environment brings us to the decentralized solution of Blockchain. A lot of research has been going on in the area of convergence of IoT and Blockchain, and it has resulted in some remarkable progress in addressing some of the significant issues in the IoT arena. This work reviews the challenges and threats in the IoT environment and how integration with Blockchain can resolve some of them.

Download Full-text

Addressing Security Issues of the Internet of Things Using Physically Unclonable Functions

Cryptographic Security Solutions for the Internet of Things - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-5742-5.ch004 ◽

2019 ◽

pp. 95-116

Author(s):

Ishfaq Sultan ◽

Mohammad Tariq Banday

Keyword(s):

Internet Of Things ◽

Hardware Implementation ◽

Hardware Security ◽

The Internet ◽

Huge Number ◽

Security Issues ◽

Physically Unclonable Functions ◽

Iot Devices ◽

The Internet Of Things

The spatial ubiquity and the huge number of employed nodes monitoring the surroundings, individuals, and devices makes security a key challenge in IoT. Serious security apprehensions are evolving in terms of data authenticity, integrity, and confidentiality. Consequently, IoT requires security to be assured down to the hardware level, as the authenticity and the integrity need to be guaranteed in terms of the hardware implementation of each IoT node. Physically unclonable functions recreate the keys only while the chip is being powered on, replacing the conventional key storage which requires storing information. Compared to extrinsic key storage, they are able to generate intrinsic keys and are far less susceptible against physical attacks. Physically unclonable functions have drawn considerable attention due to their ability to economically introduce hardware-level security into individual silicon dice. This chapter introduces the notion of physically unclonable functions, their scenarios for hardware security in IoT devices, and their interaction with traditional cryptography.

Download Full-text

Side-Channel Attacks in the Internet of Things

Advances in Systems Analysis, Software Engineering, and High Performance Computing - Solutions for Cyber-Physical Systems Ubiquity ◽

10.4018/978-1-5225-2845-6.ch013 ◽

2018 ◽

pp. 325-357 ◽

Cited By ~ 2

Author(s):

Andreas Zankl ◽

Hermann Seuschek ◽

Gorka Irazoqui ◽

Berk Gulmezoglu

Keyword(s):

Internet Of Things ◽

Physical World ◽

The Internet ◽

Side Channel ◽

Sensitive Information ◽

Side Channel Attacks ◽

Subsequent Discussion ◽

Iot Devices ◽

The Internet Of Things ◽

Security Of Iot

The Internet of Things (IoT) rapidly closes the gap between the virtual and the physical world. As more and more information is processed through this expanding network, the security of IoT devices and backend services is increasingly important. Yet, side-channel attacks pose a significant threat to systems in practice, as the microarchitectures of processors, their power consumption, and electromagnetic emanation reveal sensitive information to adversaries. This chapter provides an extensive overview of previous attack literature. It illustrates that microarchitectural attacks can compromise the entire IoT ecosystem: from devices in the field to servers in the backend. A subsequent discussion illustrates that many of today's security mechanisms integrated in modern processors are in fact vulnerable to the previously outlined attacks. In conclusion to these observations, new countermeasures are needed that effectively defend against both microarchitectural and power/EM based side-channel attacks.

Download Full-text

PROBLEMS AND SECURITY THREATS TO IOT DEVICES

Cybersecurity Education Science Technique ◽

10.28925/2663-4023.2021.11.3142 ◽

2021 ◽

Vol 3 (11) ◽

pp. 31-42

Author(s):

Ivan Opirskyy ◽

Roman Holovchak ◽

Iryna Moisiichuk ◽

Tetyana Balianda ◽

Sofiia Haraniuk

Keyword(s):

Internet Of Things ◽

Information Transfer ◽

The Internet ◽

Security Threats ◽

Security Issues ◽

System Protection ◽

Extended Type ◽

Iot Devices ◽

Set Up ◽

The Internet Of Things

The Internet of Things or IoT is billions of physical devices connected to the Internet. Its main premise is simply an extended type of connection, which can then be used as a basis for all kinds of functions. IoT describes a network of physical objects - "things" that are built into sensors, software and other technologies to connect and communicate with other devices and systems over the Internet. Problems of system protection, including the use of IoT devices are studied by many scientists and specialists in this field, but in today's world, not every manufacturer is ready to declare vulnerabilities and general insecurity of their products (devices). Throughout the IoT environment, from manufacturers to users, there are still many IoT security issues, such as manufacturing standards, update management, physical hardening, user knowledge and awareness. This article examines the vulnerabilities of the Internet of Things. The analysis of information transfer technologies of IoT devices (in particular ZigBee, Signfox and Bluetooth) is carried out. The most common threats that a user may encounter have been identified and analyzed. It is also established that usually not only the manufacturer poses a threat to the security of IoT devices. There are also a number of tips for users who want to reduce the risk of data leakage associated with vulnerabilities in the Internet of Things. Unfortunately, it is not uncommon for such devices to be incorrectly set up, used and stored. Extremely common is the user's refusal to update the software, which in turn leaves open those vulnerabilities that the manufacturer is trying to fix. The main purpose of the article is to determine the causes of security threats to the Internet of Things, by analyzing data transmission technologies, analysis of the threats themselves, identifying the most critical of them and ways to reduce the risk of data theft

Download Full-text