System Hardening and Security Monitoring for IoT Devices to Mitigate IoT Security Vulnerabilities and Threats

Although digital signature has been a fundamental technology for cryptosystems, it still draws considerable attention from both academia and industry due to the recent raising interest in blockchains. This article revisits the subliminal channel existing digital signature and reviews its abuse risk of the constructor’s private key. From a different perspective on the subliminal channel, we find the new concept named the chamber of secrets in blockchains. The found concept, whereby the secret is hidden and later recovered by the constructor from the common transactions in a blockchain, highlights a new way to encourage implementing various applications to benefit efficiency and security. Thus, the proposed scheme benefits from the following advantages: (1) avoiding the high maintenance cost of certificate chain of certificate authority, or public key infrastructure, and (2) seamlessly integrating with blockchains using the property of chamber of secrets. In order to easily understand the superiority of this new concept, a remote authentication scenario is taken as a paradigm of IoT to demonstrate that the further advantages are achieved: (1) avoiding high demand for storage space in IoT devices, and (2) avoiding maintaining a sensitive table in IoT server.

Download Full-text

Honeypots for Internet of Things Research: An Effective Mitigation Tool

10.20944/preprints202109.0461.v1 ◽

2021 ◽

Author(s):

Shen Xin En ◽

Liu Si Ling ◽

Fan Cheng Hao

Keyword(s):

Internet Of Things ◽

Operating Systems ◽

Network Resources ◽

Iot Security ◽

Frequent Use ◽

Attack Patterns ◽

Iot Devices

In recent years, due to their frequent use and widespread use, IoT (Internet of Things) devices have become an attractive target for hackers. As a result of their limited network resources and complex operating systems, they are vulnerable to attacks. Using a honeypot can, therefore, be a very effective way of detecting malicious requests and capturing samples of exploits. The purpose of this article is to introduce honeypots, the rise of IoT devices, and how they can be exploited by attackers. Various honeypot ecosystems will be investigated further for capturing and analyzing information from attacks against these IoT devices. As well as how to leverage proactive strategies in terms of IoT security, it will provide insights on the attack vectors present in most IoT systems, along with understanding attack patterns.

Download Full-text

Analysis of Vulnerabilities in IoT and Its Solutions

Managing Resources for Futuristic Wireless Networks - Advances in Wireless Technologies and Telecommunication ◽

10.4018/978-1-5225-9493-2.ch007 ◽

2021 ◽

pp. 157-177

Author(s):

Puspanjali Mallik

Keyword(s):

Security And Privacy ◽

Heterogeneous Structure ◽

Privacy Concern ◽

Security Vulnerabilities ◽

Smart Vehicles ◽

Security Issues ◽

Smart Healthcare ◽

Wide Range ◽

Main Motive ◽

Iot Devices

The internet of things (IoT) fulfils abundant demands of present society by facilitating the services of cutting-edge technology in terms of smart home, smart healthcare, smart city, smart vehicles, and many more, which enables present day objects in our environment to have network communication and the capability to exchange data. These wide range of applications are collected, computed, and provided by thousands of IoT elements placed in open spaces. The highly interconnected heterogeneous structure faces new types of challenges from a security and privacy concern. Previously, security platforms were not so capable of handling these complex platforms due to different communication stacks and protocols. It seems to be of the utmost importance to keep concern about security issues relating to several attacks and vulnerabilities. The main motive of this chapter is to analyze the broad overview of security vulnerabilities and its counteractions. Generally, it discusses the major security techniques and protocols adopted by the IoT and analyzes the attacks against IoT devices.

Download Full-text

Security Vulnerabilities, Threats, and Attacks in IoT and Big Data

Security, Privacy, and Forensics Issues in Big Data - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-9742-1.ch006 ◽

2020 ◽

pp. 141-167

Author(s):

Prabha Selvaraj ◽

Sumathi Doraikannan ◽

Vijay Kumar Burugari

Keyword(s):

Big Data ◽

Case Studies ◽

Big Data Analytics ◽

Cloud Services ◽

Web Interface ◽

Security Vulnerabilities ◽

New Techniques ◽

Iot Security ◽

Web Interfaces ◽

The Web

Big data and IoT has its impact on various areas like science, health, engineering, medicine, finance, business, and mainly, the society. Due to the growth in security intelligence, there is a requirement for new techniques which need big data and big data analytics. IoT security does not alone deal with the security of the device, but it also has to care about the web interfaces, cloud services, and other devices that interact with it. There are many techniques used for addressing challenges like privacy of individuals, inference, and aggregation, which makes it possible to re-identify individuals' even though they are removed from a dataset. It is understood that a few security vulnerabilities could lead to insecure web interface. This chapter discusses the challenges in security and how big data can be used for it. It also analyzes the various attacks and threat modeling in detail. Two case studies in two different areas are also discussed.

Download Full-text

Healthcare-Internet of Things and Its Components

Advances in Medical Technologies and Clinical Practice - Optimizing Health Monitoring Systems With Wireless Technology ◽

10.4018/978-1-5225-6067-8.ch018 ◽

2021 ◽

pp. 258-277

Author(s):

Aman Tyagi

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Communication Technologies ◽

The Internet ◽

Healthcare Resources ◽

Iot Security ◽

Global Epidemic ◽

Security Issues ◽

Analyse Data ◽

Iot Devices

Elderly population in the Asian countries is increasing at a very fast rate. Lack of healthcare resources and infrastructure in many countries makes the task of provding proper healthcare difficult. Internet of things (IoT) in healthcare can address the problem effectively. Patient care is possible at home using IoT devices. IoT devices are used to collect different types of data. Various algorithms may be used to analyse data. IoT devices are connected to the internet and all the data of the patients with various health reports are available online and hence security issues arise. IoT sensors, IoT communication technologies, IoT gadgets, components of IoT, IoT layers, cloud and fog computing, benefits of IoT, IoT-based algorithms, IoT security issues, and IoT challenges are discussed in the chapter. Nowadays global epidemic COVID19 has demolished the economy and health services of all the countries worldwide. Usefulness of IoT in COVID19-related issues is explained here.

Download Full-text

Securing Over-the-Air Code Updates in Wireless Sensor Networks

Harnessing the Internet of Everything (IoE) for Accelerated Innovation Opportunities - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-7332-6.ch013 ◽

2019 ◽

pp. 302-328

Author(s):

Christian Wittke ◽

Kai Lehniger ◽

Stefan Weidling ◽

Mario Schoelzel

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Wireless Sensor ◽

Wireless Devices ◽

Security Vulnerabilities ◽

Iot Security ◽

Software Bugs ◽

Security Issues ◽

The Right ◽

The Internet Of Things

With the growing number of wireless devices in the internet of things (IoT), maintenance and management of these devices has become a key issue. In particular, the ability to wirelessly update devices is a must in order to fix security issues and software bugs, or to extend firmware functionality. Code update mechanisms in wireless sensor networks (WSNs), a subset of IoT networks, must handle limited resources and strict constraints. Also, over-the-air (OTA) code updates in the context of an IoT ecosystem may open new security vulnerabilities. An IoT security framework should therefore be extended with additional mechanisms to secure the OTA code update functionality. The chapter presents an overview of various OTA code update techniques for WSNs and their security flaws along with some existing attacks and possible countermeasures. It is discussed which attacks can be used more easily with the code update functionality. Countermeasures are compared as to whether they secure the weakened security objectives, giving a guideline to choose the right combination of countermeasures.

Download Full-text

Investigating Brute Force Attack Patterns in IoT Network

Journal of Electrical and Computer Engineering ◽

10.1155/2019/4568368 ◽

2019 ◽

Vol 2019 ◽

pp. 1-13 ◽

Cited By ~ 2

Author(s):

Deris Stiawan ◽

Mohd. Yazid Idris ◽

Reza Firsandaya Malik ◽

Siti Nurmaini ◽

Nizar Alsharif ◽

...

Keyword(s):

Brute Force ◽

File Transfer ◽

Iot Security ◽

Insider Attack ◽

Attack Pattern ◽

Internal Network ◽

Attack Patterns ◽

Iot Devices ◽

Set Up ◽

Brute Force Attack

Internet of Things (IoT) devices may transfer data to the gateway/application server through File Transfer Protocol (FTP) transaction. Unfortunately, in terms of security, the FTP server at a gateway or data sink very often is improperly set up. At the same time, password matching/theft holding is among the popular attacks as the intruders attack the IoT network. Thus, this paper attempts to provide an insight of this type of attack with the main aim of coming up with attack patterns that may help the IoT system administrator to analyze any similar attacks. This paper investigates brute force attack (BFA) on the FTP server of the IoT network by using a time-sensitive statistical relationship approach and visualizing the attack patterns that identify its configurations. The investigation focuses on attacks launched from the internal network, due to the assumption that the IoT network has already installed a firewall. An insider/internal attack launched from an internal network endangers more the entire IoT security system. The experiments use the IoT network testbed that mimic the internal attack scenario with three major goals: (i) to provide a topological description on how an insider attack occurs; (ii) to achieve attack pattern extraction from raw sniffed data; and (iii) to establish attack pattern identification as a parameter to visualize real-time attacks. Experimental results validate the investigation.

Download Full-text

Towards the Integration of Blockchain and IoT for Security Challenges in IoT

Transforming Businesses With Bitcoin Mining and Blockchain Applications - Advances in Finance, Accounting, and Economics ◽

10.4018/978-1-7998-0186-3.ch003 ◽

2020 ◽

pp. 45-67 ◽

Cited By ~ 1

Author(s):

K. Dinesh Kumar ◽

Venkata Rathnam T. ◽

Venkata Ramana R. ◽

M. Sudhakara ◽

Ravi Kumar Poluru

Keyword(s):

Internet Of Things ◽

Security Management ◽

Vital Role ◽

Management Systems ◽

Iot Security ◽

Communication Architecture ◽

Secure Systems ◽

Security Issues ◽

Blockchain Technology ◽

Iot Devices

Internet of things (IoT) technology plays a vital role in the current technologies because IoT develops a network by integrating different kinds of objects and sensors to create the communication among objects directly without human interaction. With the presence of internet of things technology in our daily comes smart thinking and various advantages. At the same time, secure systems have been a most important concern for the protection of information systems and networks. However, adopting traditional security management systems in the internet of things leads several issues due to the limited privacy and policies like privacy standards, protocol stacks, and authentication rules. Usually, IoT devices has limited network capacities, storage, and computing processors. So they are having more chances to attacks. Data security, privacy, and reliability are three main challenges in the IoT security domain. To address the solutions for the above issues, IoT technology has to provide advanced privacy and policies in this large incoming data source. Blockchain is one of the trending technologies in the privacy management to provide the security. So this chapter is focused on the blockchain technologies which can be able to solve several IoT security issues. This review mainly focused on the state-of-the-art IoT security issues and vulnerabilities by existing review works in the IoT security domains. The taxonomy is presented about security issues in the view of communication, architecture, and applications. Also presented are the challenges of IoT security management systems. The main aim of this chapter is to describe the importance of blockchain technology in IoT security systems. Finally, it highlights the future directions of blockchain technology roles in IoT systems, which can be helpful for further improvements.

Download Full-text

Security Assertion of IoT Devices Using Cloud of Things Perception

International Journal of Interdisciplinary Telecommunications and Networking ◽

10.4018/ijitn.2019100102 ◽

2019 ◽

Vol 11 (4) ◽

pp. 17-31

Author(s):

Mamata Rath ◽

Bibudhendu Pati

Keyword(s):

Cloud Computing ◽

Internet Of Things ◽

Communication Systems ◽

Future Internet ◽

Computing Systems ◽

Iot Security ◽

Security Assurance ◽

Iot Applications ◽

The Future ◽

Iot Devices

Adoption of Internet of Things (IoT) and Cloud of Things (CoT) in the current developing technology era are expected to be more and more invasive, making them important mechanism of the future Internet-based communication systems. Cloud of Things and Internet of Things (IoT) are two emerging as well as diversified advanced domains that are diversified in current technological scenario. Paradigm where Cloud and IoT are merged together is foreseen as disruptive and as an enabler of a large number of application scenarios. Due to the adoption of the Cloud and IoT paradigm a number of applications are gaining important technical attention. In the future, it is going to be more complicated a setup to handle security in technology. Information till now will severely get changed and it will be very tough to keep up with varying technology. Organisations will have to repeatedly switch over to new skill-based technology with respect to higher expenditure. Latest tools, methods and enough expertise are highly essential to control threats and vulnerability to computing systems. Keeping in view the integration of Cloud computing and IoT in the new domain of Cloud of things, the said article provides an up-to-date eminence of Cloud-based IoT applications and Cloud of Things with a focus on their security and application-oriented challenges. These challenges are then synthesized in detail to present a technical survey on various issues related to IoT security, concerns, adopted mechanisms and their positive security assurance using Cloud of Things.

Download Full-text

A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

International Journal of Data Analytics ◽

10.4018/ijda.2020070101 ◽

2020 ◽

Vol 1 (2) ◽

pp. 1-12

Author(s):

Ritu Chauhan ◽

Gatha Tanwar

Keyword(s):

Cyber Security ◽

Automated System ◽

Smart Devices ◽

Protocol Stack ◽

Security Vulnerabilities ◽

Local Networks ◽

Daily Lives ◽

Security Issues ◽

Iot Devices ◽

The Internet Of Things

The internet of things has brought in innovations in the daily lives of users. The enthusiasm and openness of consumers have fuelled the manufacturers to dish out new devices with more features and better aesthetics. In an attempt to keep up with the competition, the manufacturers are not paying enough attention to cyber security of these smart devices. The gravity of security vulnerabilities is further aggravated due to their connected nature. As a result, a compromised device would not only stop providing the intended service but could also act as a host for malware introduced by an attacker. This study has focused on 10 manufacturers, namely Fitbit, D-Link, Edimax, Ednet, Homematic, Smarter, Osram, Belkin Wemo, Philips Hue, and Withings. The authors studied the security issues which have been raised in the past and the communication protocols used by devices made by these brands. It was found that while security vulnerabilities could be introduced due to lack of attention to details while designing an IoT device, they could also get introduced by the protocol stack and inadequate system configuration. Researchers have iterated that protocols like TCP, UDP, and mDNS have inherent security shortcomings and manufacturers need to be mindful of the fact. Furthermore, if protocols like EAPOL or Zigbee have been used, then the device developers need to be aware of safeguarding the keys and other authentication mechanisms. The authors also analysed the packets captured during setup of 23 devices by the above-mentioned manufacturers. The analysis gave insight into the underlying protocol stack preferred by the manufacturers. In addition, they also used count vectorizer to tokenize the protocols used during device setup and use them to model a multinomial classifier to identify the manufacturers. The intent of this experiment was to determine if a manufacturer could be identified based on the tokenized protocols. The modelled classifier could then be used to drive an algorithm to checklist against possible security vulnerabilities, which are characteristic of the protocols and the manufacturer history. Such an automated system will be instrumental in regular diagnostics of a smart system. The authors then wrapped up this report by suggesting some measures a user can take to protect their local networks and connected devices.

Download Full-text