Analysis of Vulnerabilities in IoT and Its Solutions

2021 ◽  
pp. 157-177
Author(s):  
Puspanjali Mallik
Keyword(s):  
Security And Privacy ◽  
Heterogeneous Structure ◽  
Privacy Concern ◽  
Security Vulnerabilities ◽  
Smart Vehicles ◽  
Security Issues ◽  
Smart Healthcare ◽  
Wide Range ◽  
Main Motive ◽  
Iot Devices

The internet of things (IoT) fulfils abundant demands of present society by facilitating the services of cutting-edge technology in terms of smart home, smart healthcare, smart city, smart vehicles, and many more, which enables present day objects in our environment to have network communication and the capability to exchange data. These wide range of applications are collected, computed, and provided by thousands of IoT elements placed in open spaces. The highly interconnected heterogeneous structure faces new types of challenges from a security and privacy concern. Previously, security platforms were not so capable of handling these complex platforms due to different communication stacks and protocols. It seems to be of the utmost importance to keep concern about security issues relating to several attacks and vulnerabilities. The main motive of this chapter is to analyze the broad overview of security vulnerabilities and its counteractions. Generally, it discusses the major security techniques and protocols adopted by the IoT and analyzes the attacks against IoT devices.

scholarly journals Threat Modeling—How to Visualize Attacks on IOTA?

Sensors ◽  
2021 ◽  
Vol 21 (5) ◽  
pp. 1834
Author(s):  
Ikram Ullah ◽  
Gerard de Roode ◽  
Nirvana Meratnia ◽  
Paul Havinga
Keyword(s):  
Security And Privacy ◽  
Security Vulnerabilities ◽  
Vast Number ◽  
Threat Modeling ◽  
Iot Applications ◽  
Distributed Ledger ◽  
Distributed Ledger Technology ◽  
Wide Range ◽  
Iot Devices ◽  
Privacy Breaches

Internet of Things (IoT) has been deployed in a vast number of smart applications with the aim to bring ease and comfort into our lives. However, with the expansion of IoT applications, the number of security and privacy breaches has also increased, which brings into question the resilience of existing security and trust mechanisms. Furthermore, the contemporaneous centralized technology is posing significant challenges viz scalability, transparency and efficiency to wide range of IoT applications such as smart logistics, where millions of IoT devices need to be connected simultaneously. Alternatively, IOTA is a distributed ledger technology that offers resilient security and trust mechanisms and a decentralized architecture to overcome IoT impediments. IOTA has already been implemented in many applications and has clearly demonstrated its significance in real-world applications. Like any other technology, IOTA unfortunately also encounters security vulnerabilities. The purpose of this study is to explore and highlight security vulnerabilities of IOTA and simultaneously demonstrate the value of threat modeling in evaluating security vulnerabilities of distributed ledger technology. IOTA vulnerabilities are scrutinized in terms of feasibility and impact and we have also presented prevention techniques where applicable. To identify IOTA vulnerabilities, we have examined existing literature and online blogs. Literature available on this topic is very limited so far. As far as we know IOTA has barely been addressed in the traditional journals, conferences and books. In total we have identified six vulnerabilities. We used Common Vulnerability Scoring System (CVSS v3.0) to further categorize these vulnerabilities on the basis of their feasibility and impact.

scholarly journals On Blockchain and IoT Integration Platforms: Current Implementation Challenges and Future Perspectives

2021 ◽  
Vol 2021 ◽  
pp. 1-25
Author(s):  
Clement Nartey ◽  
Eric Tutu Tchao ◽  
James Dzisi Gadze ◽  
Eliel Keelson ◽  
Griffith Selorm Klogo ◽  
...  
Keyword(s):  
Fog Computing ◽  
Security And Privacy ◽  
Control Mechanisms ◽  
Security Vulnerabilities ◽  
Implementation Challenges ◽  
Security Issues ◽  
Integration Schemes ◽  
Current Implementation ◽  
Integration Architecture ◽  
Iot Devices

Digitization and automation have engulfed every scope and sphere of life. Internet of Things (IoT) has been the main enabler of the revolution. There still exist challenges in IoT that need to be addressed such as the limited address space for the increasing number of devices when using IPv4 and IPv6 as well as key security issues such as vulnerable access control mechanisms. Blockchain is a distributed ledger technology that has immense benefits such as enhanced security and traceability. Thus, blockchain can serve as a good foundation for applications based on transaction and interactions. IoT implementations and applications are by definition distributed. This means blockchain can help to solve most of the security vulnerabilities and traceability concerns of IoTs by using blockchain as a ledger that can keep track of how devices interact, in which state they are and how they transact with other IoT devices. IoT applications have been mainly implemented with technologies such as cloud and fog computing, and AI to help address some of its key challenges. The key implementation challenges and technical choices to consider in making a successful blockchain IoT (BIoT) project are clearly outlined in this paper. The security and privacy aspect of BIoT applications are also analyzed, and several relevant solutions to improve the scalability and throughput of such applications are proposed. The paper also reviews integration schemes and monitoring frameworks for BIoT applications. A hybrid blockchain IoT integration architecture that makes use of containerization is proposed.

A Survey on Emerging Security Issues, Challenges, and Solutions for Internet of Things (IoTs)

2022 ◽  
pp. 148-175
Author(s):  
Anish Khan ◽  
Dragan Peraković
Keyword(s):  
Internet Of Things ◽  
Security And Privacy ◽  
Future Research ◽  
Security Issues ◽  
Digital World ◽  
Private Data ◽  
Wide Range ◽  
Future Research Directions ◽  
Iot Devices ◽  
Privacy Issues

The internet of things is a cutting-edge technology that is vulnerable to all sorts of fictitious solutions. As a new phase of computing emerges in the digital world, it intends to produce a huge number of smart gadgets that can host a wide range of applications and operations. IoT gadgets are a perfect target for cyber assaults because of their wide dispersion, availability/accessibility, and top-notch computing power. Furthermore, as numerous IoT devices gather and investigate private data, they become a gold mine for hostile actors. Hence, the matter of fact is that security, particularly the potential to diagnose compromised nodes, as well as the collection and preservation of testimony of an attack or illegal activity, have become top priorities. This chapter delves into the timeline and the most challenging security and privacy issues that exist in the present scenario. In addition to this, some open issues and future research directions are also discussed.

Automatic Vulnerability Detection in Embedded Devices and Firmware

2021 ◽  
Vol 54 (2) ◽  
pp. 1-42
Author(s):  
Abdullah Qasem ◽  
Paria Shirani ◽  
Mourad Debbabi ◽  
Lingyu Wang ◽  
Bernard Lebel ◽  
...  
Keyword(s):  
Embedded Systems ◽  
Symbolic Execution ◽  
Vital Role ◽  
Security And Privacy ◽  
Embedded Devices ◽  
Security Vulnerabilities ◽  
Future Directions ◽  
Hybrid Approaches ◽  
Wide Range ◽  
The Internet Of Things

In the era of the internet of things (IoT), software-enabled inter-connected devices are of paramount importance. The embedded systems are very frequently used in both security and privacy-sensitive applications. However, the underlying software (a.k.a. firmware) very often suffers from a wide range of security vulnerabilities, mainly due to their outdated systems or reusing existing vulnerable libraries; which is evident by the surprising rise in the number of attacks against embedded systems. Therefore, to protect those embedded systems, detecting the presence of vulnerabilities in the large pool of embedded devices and their firmware plays a vital role. To this end, there exist several approaches to identify and trigger potential vulnerabilities within deployed embedded systems firmware. In this survey, we provide a comprehensive review of the state-of-the-art proposals, which detect vulnerabilities in embedded systems and firmware images by employing various analysis techniques, including static analysis, dynamic analysis, symbolic execution, and hybrid approaches. Furthermore, we perform both quantitative and qualitative comparisons among the surveyed approaches. Moreover, we devise taxonomies based on the applications of those approaches, the features used in the literature, and the type of the analysis. Finally, we identify the unresolved challenges and discuss possible future directions in this field of research.

IoT in Healthcare

2020 ◽  
pp. 1-22
Author(s):  
V. Jeevika Tharini ◽  
S. Vijayarani
Keyword(s):  
Health Sector ◽  
Information Privacy ◽  
Security And Privacy ◽  
Healthcare Industry ◽  
Security Attacks ◽  
Privacy And Security ◽  
Privacy Concerns ◽  
Security Issues ◽  
Iot Devices ◽  
Individual Information

One of the best-known features of IoT is automation. Because of this, IoT is a much-needed field for many applications, namely emergency and healthcare domains. IoT has made many revolutionary changes in the healthcare industry. IoT paves the way to numerous advancements for healthcare. The possibilities of IoT have reached their peak in the commercial industry and health sector. In recent years, serious concerns have been raised over the control and access of one's individual information. Privacy and security of the IoT devices can be compromised by intruders. Apart from the numerous benefits of IoTs, there are several security and privacy concerns to consider. A brief overview of different kinds of security attacks, solution for the attacks, privacy and security issues are discussed in this chapter.

Study and Survey on Blockchain Privacy and Security Issues

2021 ◽  
pp. 169-191
Author(s):  
Sourav Banerjee ◽  
Debashis Das ◽  
Manju Biswas ◽  
Utpal Biswas
Keyword(s):  
Data Storage ◽  
Security And Privacy ◽  
Sensitive Information ◽  
Privacy And Security ◽  
Unauthorized Access ◽  
Security Issues ◽  
Blockchain Technology ◽  
Targeted Attacks ◽  
Wide Range ◽  
Financial Transactions

Blockchain-based technology is becoming increasingly popular and is now used to solve a wide range of tasks. And it's not all about cryptocurrencies. Even though it's based on secure technology, a blockchain needs protection as well. The risks of exploits, targeted attacks, or unauthorized access can be mitigated by the instant incident response and system recovery. Blockchain technology relies on a ledger to keep track of all financial transactions. Ordinarily, this kind of master ledger would be a glaring point of vulnerability. Another tenet of security is the chain itself. Configuration flaws, as well as insecure data storage and transfers, may cause leaks of sensitive information. This is even more dangerous when there are centralized components within the platform. In this chapter, the authors will demonstrate where the disadvantages of security and privacy in blockchain are currently and discuss how blockchain technology can improve these disadvantages and outlines the requirements for future solution.

A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

2020 ◽  
Vol 1 (2) ◽  
pp. 1-12
Author(s):  
Ritu Chauhan ◽  
Gatha Tanwar
Keyword(s):  
Cyber Security ◽  
Automated System ◽  
Smart Devices ◽  
Protocol Stack ◽  
Security Vulnerabilities ◽  
Local Networks ◽  
Daily Lives ◽  
Security Issues ◽  
Iot Devices ◽  
The Internet Of Things

The internet of things has brought in innovations in the daily lives of users. The enthusiasm and openness of consumers have fuelled the manufacturers to dish out new devices with more features and better aesthetics. In an attempt to keep up with the competition, the manufacturers are not paying enough attention to cyber security of these smart devices. The gravity of security vulnerabilities is further aggravated due to their connected nature. As a result, a compromised device would not only stop providing the intended service but could also act as a host for malware introduced by an attacker. This study has focused on 10 manufacturers, namely Fitbit, D-Link, Edimax, Ednet, Homematic, Smarter, Osram, Belkin Wemo, Philips Hue, and Withings. The authors studied the security issues which have been raised in the past and the communication protocols used by devices made by these brands. It was found that while security vulnerabilities could be introduced due to lack of attention to details while designing an IoT device, they could also get introduced by the protocol stack and inadequate system configuration. Researchers have iterated that protocols like TCP, UDP, and mDNS have inherent security shortcomings and manufacturers need to be mindful of the fact. Furthermore, if protocols like EAPOL or Zigbee have been used, then the device developers need to be aware of safeguarding the keys and other authentication mechanisms. The authors also analysed the packets captured during setup of 23 devices by the above-mentioned manufacturers. The analysis gave insight into the underlying protocol stack preferred by the manufacturers. In addition, they also used count vectorizer to tokenize the protocols used during device setup and use them to model a multinomial classifier to identify the manufacturers. The intent of this experiment was to determine if a manufacturer could be identified based on the tokenized protocols. The modelled classifier could then be used to drive an algorithm to checklist against possible security vulnerabilities, which are characteristic of the protocols and the manufacturer history. Such an automated system will be instrumental in regular diagnostics of a smart system. The authors then wrapped up this report by suggesting some measures a user can take to protect their local networks and connected devices.

Security and Privacy Issues in Wireless Networks

2020 ◽  
Author(s):  
Nurul Fatini Azhar ◽  
Qi Jie Ngoo ◽  
Tae Hyun Kim ◽  
Kohei Dozono ◽  
Fatima tuz Zahra
Keyword(s):  
Wireless Networks ◽  
Fog Computing ◽  
Security And Privacy ◽  
Ddos Attacks ◽  
Vehicle To Grid ◽  
Network Location ◽  
Security Issues ◽  
Privacy Laws ◽  
Iot Devices ◽  
Privacy Issues

Communication between devices has transitioned from wired to unwired. Wireless networks have been in use widely around the globe since the advent of smartphones, IoT devices and other technologies that are compatible with wireless mode of communication. At the same time security issues have also increased in such communication methods. The aim of this paper is to propose security and privacy issues of the wireless networks and present them through comprehensive surveys. In context of security issues, there are 2 typical DDoS attacks - HTTP flood and SYN flood. Other than DDoS attacks, there are several other threats to wireless networks. One of the most prevalent include security issues in Internet of Things. In terms of privacy issues in a wireless network, location-based applications, individual data, cellular network and V2G (Vehicle to Grid) network are surveyed. The survey is hosted using questionnaire and responses of 70 participants is recorded. It is observed from the survey results that many groups of people lack the knowledge of security and privacy of wireless technologies and networks despite their increased use, however, students are relatively more aware and have strong knowledge of those issues. It is concluded from the results that an effective solution to these problems can be hosting campaigns for spreading the security and privacy laws to help the groups of people who are lagging behind in this domain of knowledge become more aware. A unique solution is also presented to overcome the security issues which include implementation of detection and mitigation techniques, implementing Blockchain in the IoT devices and implementing fog computing solutions. The unique solutions to overcome the privacy issues are proposed in the form of a privacy approach from the LBS server between pairs of users to increase the implementation of DSPM and blockchain as a solution.

scholarly journals Security, Privacy, and Reliability in Digital Healthcare Systems Using Blockchain

Electronics ◽  
2021 ◽  
Vol 10 (16) ◽  
pp. 2034
Author(s):  
Aitizaz Ali ◽  
Hasliza A. Rahim ◽  
Muhammad Fermi Pasha ◽  
Rafael Dowsley ◽  
Mehedi Masud ◽  
...  
Keyword(s):  
Digital Health ◽  
Healthcare Systems ◽  
Security And Privacy ◽  
Security Vulnerabilities ◽  
Healthcare Data ◽  
Security Issues ◽  
Security Algorithm ◽  
Privacy Issues ◽  
Digital Healthcare ◽  
Centralized System

According to the security breach level index, millions of records are stolen worldwide on every single day. Personal health records are the most targeted records on the internet, and they are considered sensitive, and valuable. Security and privacy are the most important parameters of cryptography and encryption. They reduce the availability of data on patients and healthcare to the appropriate personnel and ultimately lead to a barrier in the transfer of healthcare into a digital health system. Using a permission blockchain to share healthcare data can reduce security and privacy issues. According to the literature, most healthcare systems rely on a centralized system, which is more prone to security vulnerabilities. The existing blockchain-based healthcare schemes provide only a data-sharing framework, but they lack security and privacy. To cope with these kinds of security issues, we have designed a novel security algorithm that provides security as well as privacy with much better efficiency and a lower cost. Hence, in this research, we have proposed a patient healthcare framework that provides greater security, reliability, and authentication compared to existing blockchain-based access control.

Analysis of Data Validation Techniques for Online Banking Services

2017 ◽  
pp. 127-139 ◽  
Author(s):  
Shadi A. Aljawarneh
Keyword(s):  
Information And Communication Technologies ◽  
Communication Technologies ◽  
Online Banking ◽  
Security And Privacy ◽  
Data Validation ◽  
Security Vulnerabilities ◽  
Validation Data ◽  
Banking Services ◽  
Security Issues ◽  
Information And Communication

The insufficient preparation for the information and communication technologies revolution led to few offering online transaction platforms, information security features, and credit facilities. One of the security concerns is a lack of data validation. Data that is not validated or not properly validated is the main issue for serious security vulnerabilities affecting online banking applications. In this chapter, the influences of security issues on world banks will be discussed. A number of data validation methods will be also reviewed to date to provide a systematic summary to banking environment. Based on the advantages and disadvantages of each method, the IT developer will decide which is best suited to develop the systematic online banking application. From this analysis, a global view of the current and future tendencies of data validation will be obtained and therefore provision of possible recommendations for solving the security and privacy issues for the online banking services.

Sign in / Sign up

Export Citation Format

Share Document