Paul Kariuki,Lizzy Oluwatoyin Ofusori,Prabhakar Rontala Subramaniam

DOI: https://doi.org/10.1057/s41284-023-00378-1

2023-06-10

Security Journal

Abstract:Cybersecurity threats have increased as the world becomes increasingly interconnected. Whilst the use of technology to facilitate commercial activities is now common practice, there is a need to limit exposure to these threats so that traders can transact safely. This study aimed to identify and analyse common cybersecurity vulnerabilities and threats experienced by small-scale African migrant traders in Southern Africa. A qualitative approach was employed and semi-structured and key informant interviews were conducted to gather the primary data, with secondary data sourced from the relevant literature. The study found that the majority of the small-scale traders experienced hacking while using their mobile devices for transacting. Moreover, most reported a lack of knowledge of cybersecurity and were therefore vulnerable to further threats. It is recommended that small-scale traders be capacitated with relevant technical information to enhance their understanding of cybersecurity risks that can negatively affect their commercial activities. There is also a need for further research to identify mitigation techniques and infrastructure to protect small-scale traders.

criminology & penology

Binbin Zhao,Shouling Ji,Wei-Han Lee,Changting Lin,Haiqin Weng,Jingzheng Wu,Pan Zhou,Liming Fang,Raheem Beyah

DOI: https://doi.org/10.1109/tdsc.2020.3037908

2020-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The Internet of Things (IoT) has become ubiquitous and greatly affected peoples' daily lives. With the increasing development of IoT devices, the corresponding security issues are becoming more and more challenging. Such a severe security situation raises the following questions that need urgent attention: What are the primary security threats that IoT devices face currently? How do vendors and users deal with these threats? In this article, we aim to answer these critical questions through a large-scale systematic study. Specifically, we perform a ten-month-long empirical study on the vulnerability of 1,362,906 IoT devices varying from six types. The results show sufficient evidence that N-days vulnerability is seriously endangering the IoT devices: 385,060 (28.25 percent) devices suffer from at least one N-days vulnerability. Moreover, 2669 of these vulnerable devices may have been compromised by botnets. We further reveal the massive differences among five popular IoT search engines: Shodan [1], Censys [2], [3], Zoomeye [4], Fofa [5], and NTI [6]. To study whether vendors and users adopt defenses against the threats, we measure the security of MQTT [7] servers, and identify that 12740 (88 percent) MQTT servers have no password protection. Our analysis can serve as an important guideline for investigating the security of IoT devices, as well as advancing the development of a more secure environment for IoT systems.

Xinbo Ban,Ming Ding,Shigang Liu,Chao Chen,Jun Zhang

DOI: https://doi.org/10.1007/978-3-031-23020-2_15

2022-01-01

Abstract:The introduction of the Internet of Things (IoT) ecosystem into public and private sectors has markedly changed the way people live, work, and entertain through integrating the digital system with the physical world. However, the production of new scenarios and architectures in IoT ecosystems introduces previously unknown security threats due to the vulnerabilities in the IoT software. Since various vulnerabilities lead to unexpected consequences in different parts of the IoT ecosystem, we propose 'security domain' to categorize the origin of the threats properly, including 'physical device', 'operation rule', and 'communication'. The research community has conducted a significant amount of work in the area of vulnerability discovery by utilizing 'code intelligence', representing code analysis techniques based on different types of code. With the focus on the security domains, we review recent representative work published in the dominant time to investigate the emerging research. Also, we summarize the research methodology commonly adopted in this fast-growing area. In consonance with the phases of the research methodology, each paper that discovers IoT vulnerabilities is comprehensively studied. Challenges and future work in this area have been discussed as well.

Muath A. Obaidat,Suhaib Obeidat,Jennifer Holst,Abdullah Al Hayajneh,Joseph Brown

DOI: https://doi.org/10.3390/computers9020044

2020-05-30

Computers

Abstract:The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem.

Yasmine Harbi,Zibouda Aliouat,Allaoua Refoufi,Saad Harous

DOI: https://doi.org/10.1109/access.2021.3103725

IF: 3.9

2021-01-01

IEEE Access

Abstract:The Internet of Things (IoT) aims to transform everyday physical objects into an interconnected ecosystem with digital data accessible anywhere and anytime. “Things” in IoT are embedded with sensing, processing, and actuating capabilities and cooperate in providing smart and innovative services autonomously. The rapid spread of IoT services arises different security vulnerabilities that need to be carefully addressed. Several emerging and promising technologies and techniques are introduced to improve the security of IoT. This paper aims to provide an up-to-date vision of the current research topics related to IoT security. Initially, we introduce common elements and protocols of IoT to demystify the origins of threats in IoT. Then, we propose a taxonomy of IoT attacks and analyze the security vulnerabilities of IoT at different layers. Subsequently, we provide a comparison of recent security schemes based on emerging solutions including fog computing, edge computing, software-defined networking (SDN), blockchain, lightweight cryptography, homomorphic and searchable encryption, and machine learning. Finally, security challenges are discussed and future directions are highlighted for future interested researchers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Washington Okori,Sarah Buteraba

DOI: https://doi.org/10.32996/jcsts.2024.6.4.10

2024-10-05

Journal of Computer Science and Technology Studies

Abstract:This study examined the risks faced by telecommunication companies due to cyber-attacks and threats to their critical information infrastructure. It suggests control measures to avert the vulnerabilities of such infrastructure to cyber attackers. Critical information infrastructure is important to the companies as a revenue enabler and reputation identifier. However, the infrastructure, if not well protected, can be a national security threat, affect the national economy, and disrupt societal integration and business globally. Cyber security is the protection of internet-connected systems, including hardware, software, people, and data, from cyber-attacks. Its threat exploits the increased complexity and connectivity of critical infrastructure systems. The identification of the critical information infrastructure was done through document analysis and discussion with the network technical teams. The infrastructure systems, such as devices, servers, data, database, firewall, and network, were identified in this study as vulnerable to attack. This study suggests a framework to support timely intrusion detection and for the protection of critical information infrastructure. To secure and safeguard the critical information infrastructure from inherent vulnerabilities, it is recommended that continuous monitoring of the critical infrastructure attack gates should be made part of the overall risk management of a telecommunication company, and innovations in cyber security detection and prevention should be harnessed.

Ezekia Gilliard,Abdul Maziko,Gideon Rwechungura,Ahmed Abubakar Aliyu,Erasto Kayumbe

2024-09-20

Abstract:Today, children across Africa are at a growing risk from the Internet. Dangers include harmful content, violence, exploitation, abuse, and neglect. All these have increased due to increased mobile and Internet technology use, which not only places their safety at risk but also affects their ability to learn essential skills for their future. This paper provides an overview of the unique challenges faced by third-world African countries in ensuring the online safety of children while also supporting their developmental needs. It highlights effective practices and policies adopted by other nations to safeguard children from online threats and enhance their digital literacy. We are focusing on sharing the best practices and policies other countries have used to protect children from abuse and help them succeed in the digital world. The study emphasizes the online safety strategies, legal frameworks, and recommendations specific to the United Republic of Tanzania, along with the significance of international collaborations with organizations like UNICEF and the UN. The goal is to provide African policymakers, educators, and cybersecurity professionals with practical guidance and recommendations to strengthen child online safety initiatives both within and beyond the continent.

Computers and Society,Emerging Technologies

Pintu Kumar Sadhu,Venkata P. Yanambaka,Ahmed Abdelgawad

DOI: https://doi.org/10.3390/s22197433

IF: 3.9

2022-10-01

Sensors

Abstract:The overwhelming acceptance and growing need for Internet of Things (IoT) products in each aspect of everyday living is creating a promising prospect for the involvement of humans, data, and procedures. The vast areas create opportunities from home to industry to make an automated lifecycle. Human life is involved in enormous applications such as intelligent transportation, intelligent healthcare, smart grid, smart city, etc. A thriving surface is created that can affect society, the economy, the environment, politics, and health through diverse security threats. Generally, IoT devices are susceptible to security breaches, and the development of industrial systems could pose devastating security vulnerabilities. To build a reliable security shield, the challenges encountered must be embraced. Therefore, this survey paper is primarily aimed to assist researchers by classifying attacks/vulnerabilities based on objects. The method of attacks and relevant countermeasures are provided for each kind of attack in this work. Case studies of the most important applications of the IoT are highlighted concerning security solutions. The survey of security solutions is not limited to traditional secret key-based cryptographic solutions, moreover physical unclonable functions (PUF)-based solutions and blockchain are illustrated. The pros and cons of each security solution are also discussed here. Furthermore, challenges and recommendations are presented in this work.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Bhaskar Tejaswi,Mohammad Mannan,Amr Youssef

2023-07-26

Abstract:A diverse set of Internet of Things (IoT) devices are becoming an integrated part of daily lives, and playing an increasingly vital role in various industry, enterprise and agricultural settings. The current IoT ecosystem relies on several IoT management platforms to manage and operate a large number of IoT devices, their data, and their connectivity. Considering their key role, these platforms must be properly secured against cyber attacks. In this work, we first explore the core operations/features of leading platforms to design a framework to perform a systematic security evaluation of these platforms. Subsequently, we use our framework to analyze a representative set of 52 IoT management platforms, including 42 web-hosted and 10 locally-deployable platforms. We discover a number of high severity unauthorized access vulnerabilities in 9/52 evaluated IoT management platforms, which could be abused to perform attacks such as remote IoT SIM deactivation, IoT SIM overcharging and IoT device data forgery. More seriously, we also uncover instances of broken authentication in 13/52 platforms, including complete account takeover on 8/52 platforms along with remote code execution on 2/52 platforms. In effect, 17/52 platforms were affected by vulnerabilities that could lead to platform-wide attacks. Overall, vulnerabilities were uncovered in 33 platforms, out of which 28 platforms responded to our responsible disclosure. We were also assigned 11 CVEs and awarded bounty for our findings.

Cryptography and Security

Usman Tariq,Irfan Ahmed,Ali Kashif Bashir,Kamran Shaukat

DOI: https://doi.org/10.3390/s23084117

IF: 3.9

2023-04-20

Sensors

Abstract:The emergence of the Internet of Things (IoT) technology has brought about tremendous possibilities, but at the same time, it has opened up new vulnerabilities and attack vectors that could compromise the confidentiality, integrity, and availability of connected systems. Developing a secure IoT ecosystem is a daunting challenge that requires a systematic and holistic approach to identify and mitigate potential security threats. Cybersecurity research considerations play a critical role in this regard, as they provide the foundation for designing and implementing security measures that can address emerging risks. To achieve a secure IoT ecosystem, scientists and engineers must first define rigorous security specifications that serve as the foundation for developing secure devices, chipsets, and networks. Developing such specifications requires an interdisciplinary approach that involves multiple stakeholders, including cybersecurity experts, network architects, system designers, and domain experts. The primary challenge in IoT security is ensuring the system can defend against both known and unknown attacks. To date, the IoT research community has identified several key security concerns related to the architecture of IoT systems. These concerns include issues related to connectivity, communication, and management protocols. This research paper provides an all-inclusive and lucid review of the current state of anomalies and security concepts related to the IoT. We classify and analyze prevalent security distresses regarding IoT's layered architecture, including connectivity, communication, and management protocols. We establish the foundation of IoT security by examining the current attacks, threats, and cutting-edge solutions. Furthermore, we set security goals that will serve as the benchmark for assessing whether a solution satisfies the specific IoT use cases.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Imran Ashraf,Yongwan Park,Soojung Hur,Sung Won Kim,Roobaea Alroobaea,Yousaf Bin Zikria,Summera Nosheen

DOI: https://doi.org/10.1109/tits.2022.3164678

IF: 8.5

2022-01-01

IEEE Transactions on Intelligent Transportation Systems

Abstract:Impressive technological advancements over the past decades commenced significant advantages in the maritime industry sector and elevated commercial, operational, and financial benefits. However, technological development introduces several novel risks that pose serious and potential threats to the maritime industry and considerably impact the maritime industry. Keeping in view the importance of maritime cyber security, this study presents the cyber security threats to understand their impact and loss scale. It serves as a guideline for the stakeholders to implement effective preventive and corrective strategies. Cyber security risks are discussed concerning maritime security, confidentiality, integrity, and availability, and their impact is analyzed. The proneness of the digital transformation is analyzed regarding the use of internet of things (IoT) devices, modern security frameworks for ships, and sensors and devices used in modern ships. In addition, risk assessment methods are discussed to determine the potential threat and severity along with the cyber risk mitigation schemes and frameworks. Possible recommendations and countermeasures are elaborated to alleviate the impact of cyber security breaches. Finally, recommendations about the future prospects to safeguard the maritime industry from cyber-attacks are discussed, and the necessity of efficient security policies is highlighted.

engineering, electrical & electronic,transportation science & technology, civil

Mohammed Aziz Al Kabir,Wael Elmedany,Mhd Saeed Sharif

DOI: https://doi.org/10.1080/23742917.2023.2228053

2023-07-13

Journal of Cyber Security Technology

Abstract:The increasing prevalence of IoT devices has brought about numerous security challenges due to their relatively simple internal architecture and low-powered hardware warranted by their small footprint requirement. As there are billions of IoT devices in use today, the sheer number of such devices pose a great security challenge as they are often constrained by a number of hardware and software limitations in addition to being designed with a focus on convenience, ease of use, mass production, and low cost, rather than security. The seemingly exponentially increasing number of such devices make it harder to keep track of – and patch – insecure IoT devices. This paper explores the common security threats, attacks, and vulnerabilities relating to IoT devices and highlights the challenges associated with securing them against emerging security threats and cyberattacks. Due to their role as gateways to connected devices and susceptibility to forming botnets or facilitating man-in-the-middle attacks, IoT devices are a lucrative target for cybercriminals. The paper discusses various remediation and mitigation techniques that can be implemented to better secure IoT devices, including access control mechanisms, secure communication protocols, and regular updates and patches. By better understanding the security challenges associated with IoT devices and implementing effective mitigation techniques, individuals and businesses can ensure the safety, security, and privacy of their connected devices and networks.

Simon Daniel Duque Anton,Daniel Fraunholz,Daniel Krohmer,Daniel Reti,Daniel Schneider,Hans Dieter Schotten

DOI: https://doi.org/10.1109/jiot.2021.3081741

IF: 10.6

2021-12-15

IEEE Internet of Things Journal

Abstract:Operational Technology (OT) networks and devices, i.e., all components used in industrial environments, were not designed with security in mind. Efficiency and ease of use were the most important design characteristics. However, due to the digitization of industry, an increasing number of devices and industrial networks are opened up to public networks. This is beneficial for the administration and organization of the industrial environments. However, it also increases the attack surface, providing possible points of entry for an attacker. Originally, breaking into production networks meant to break an information technology (IT)-perimeter first, such as a public Website, and then to move laterally to industrial control systems (ICSs) to influence the production environment. However, many OT-devices are connected directly to the Internet, which drastically increases the threat of compromise, especially since OT-devices contain several vulnerabilities. In this work, the presence of OT-devices in the Internet is analyzed from an attacker's perspective. Publicly available tools, such as the search engine Shodan and vulnerability databases, are employed to find commonly used OT-devices and map vulnerabilities to them. These findings are grouped according to the country of origin, manufacturer, and number as well as severity of vulnerability. More than 13000 devices were found, almost all contained at least one vulnerability. European and Northern American countries are by far the most affected ones.

computer science, information systems,telecommunications,engineering, electrical & electronic

Ayyoob Hamza,Hassan Habibi Gharakheili,Vijay Sivaraman

DOI: https://doi.org/10.48550/arXiv.2008.09339

2020-08-21

Abstract:IoT devices are increasingly utilized in critical infrastructure, enterprises, and households. There are several sophisticated cyber-attacks that have been reported and many networks have proven vulnerable to both active and passive attacks by leaking private information, allowing unauthorized access, and being open to denial of service attacks. This paper aims firstly, to assist network operators to understand the need for an IoT network security solution, and then secondly, to survey IoT network attack vectors, cyber threats, and countermeasures with a focus on improving the robustness of existing security solutions. Our first contribution highlights viewpoints on IoT security from the perspective of stakeholders such as manufacturers, service providers, consumers, and authorities. We discuss the differences between IoT and IT systems, the need for IoT security solutions, and we highlight the key components required for IoT network security system architecture. For our second contribution, we survey the types of IoT attacks by grouping them based on their impact. We discuss various attack techniques, threats, and shortfalls of existing countermeasures with an intention to enable future research into improving IoT network security.

Cryptography and Security,Networking and Internet Architecture

Miao Yu,Jianwei Zhuge,Ming Cao,Zhiwei Shi,Lin Jiang

DOI: https://doi.org/10.3390/fi12020027

2020-01-01

Future Internet

Abstract:With the prosperity of the Internet of Things (IoT) industry environment, the variety and quantity of IoT devices have grown rapidly. IoT devices have been widely used in smart homes, smart wear, smart manufacturing, smart cars, smart medical care, and many other life-related fields. With it, security vulnerabilities of IoT devices are emerging endlessly. The proliferation of security vulnerabilities will bring severe risks to users’ privacy and property. This paper first describes the research background, including IoT architecture, device components, and attack surfaces. We review state-of-the-art research on IoT device vulnerability discovery, detection, mitigation, and other related works. Then, we point out the current challenges and opportunities by evaluation. Finally, we forecast and discuss the research directions on vulnerability analysis techniques of IoT devices.

Amit Kumar Sikder,Giuseppe Petracca,Hidayet Aksu,Trent Jaeger,A. Selcuk Uluagac

DOI: https://doi.org/10.48550/arXiv.1802.02041

2018-02-07

Abstract:The concept of Internet of Things (IoT) has become more popular in the modern era of technology than ever before. From small household devices to large industrial machines, the vision of IoT has made it possible to connect the devices with the physical world around them. This increasing popularity has also made the IoT devices and applications in the center of attention among attackers. Already, several types of malicious activities exist that attempt to compromise the security and privacy of the IoT devices. One interesting emerging threat vector is the attacks that abuse the use of sensors on IoT devices. IoT devices are vulnerable to sensor-based threats due to the lack of proper security measurements available to control use of sensors by apps. By exploiting the sensors (e.g., accelerometer, gyroscope, microphone, light sensor, etc.) on an IoT device, attackers can extract information from the device, transfer malware to a device, or trigger a malicious activity to compromise the device. In this survey, we explore various threats targeting IoT devices and discuss how their sensors can be abused for malicious purposes. Specifically, we present a detailed survey about existing sensor-based threats to IoT devices and countermeasures that are developed specifically to secure the sensors of IoT devices. Furthermore, we discuss security and privacy issues of IoT devices in the context of sensor-based threats and conclude with future research directions.

Cryptography and Security

Aejaz Nazir Lone,Suhel Mustajab,Mahfooz Alam

DOI: https://doi.org/10.1002/spy2.318

2023-04-14

Security and Privacy

Abstract:It has become possible to link anything and everything to the Internet in recent decades due to the expanding Internet of Things (IoT). As a result, our usage of technology has changed a lot, causing digital disruption in the real world. IoT allows drones, sensors, digital set‐top boxes, surveillance cameras, wearable technology, and medical equipment to be connected to the internet. Healthcare, manufacturing, utilities, transportation, and housing are among the various sectors that has become intelligent. Recently, we have seen a surge in cybersecurity challenges and opportunities for the improvement of various IoT applications. Although cybersecurity and the IoT are extensively researched, there is a dearth of studies that exclusively focus on the evolution of cybersecurity challenges in the area of AI and machine learning, blockchain and zero trust, lightweight security, integration of IoT with 5G networks, and many more in the IoT world. The availability of environment‐capturing sensors and internet‐connected tracking devices allows for private life surveillance and cloud data transmission. Therefore, a significant problem for researchers and developers is to ensure the CIA (Confidentiality, Integrity, and Availability) security triangle for people. This paper presents a comprehensive study of cybersecurity applications, challenges, and opportunities in the IoT world. The IoT architectural layer, attacks against the IoT layer, and related issues are highlighted. Furthermore, cybersecurity issues and challenges in IoT along with the strength and weaknesses of existing techniques are discussed in detail. Our study will provide insight into various current cybersecurity research trends in the IoT world.

Mohamed Amine Ben Farah,Elochukwu Ukwandu,Hanan Hindy,David Brosset,Miroslav Bures,Ivan Andonovic,Xavier Bellekens

DOI: https://doi.org/10.3390/info13010022

2022-01-06

Information

Abstract:The paper presents a classification of cyber attacks within the context of the state of the art in the maritime industry. A systematic categorization of vessel components has been conducted, complemented by an analysis of key services delivered within ports. The vulnerabilities of the Global Navigation Satellite System (GNSS) have been given particular consideration since it is a critical subcategory of many maritime infrastructures and, consequently, a target for cyber attacks. Recent research confirms that the dramatic proliferation of cyber crimes is fueled by increased levels of integration of new enabling technologies, such as IoT and Big Data. The trend to greater systems integration is, however, compelling, yielding significant business value by facilitating the operation of autonomous vessels, greater exploitation of smart ports, a reduction in the level of manpower and a marked improvement in fuel consumption and efficiency of services. Finally, practical challenges and future research trends have been highlighted.

Elochukwu A. Ukwandu,Ephraim N.C. Okafor,Charles Ikerionwu,Comfort Olebara,Celestine Ugwu

DOI: https://doi.org/10.48550/arXiv.2109.05821

2021-09-13

Abstract:The fourth industrial revolution (4IR) is a revolution many authors believe have come to stay. It is a revolution that has been fast blurring the line between physical, digital and biological technologies. These disruptive technologies largely rely on high-speed internet connectivity, Cloud technologies, Augmented Reality, Additive Manufacturing, Data science and Artificial Intelligence. Most developed economies have embraced the it while the developing economies are struggling to adopt 4IR because they lack the requisite skills, knowledge and technology. Thus, this study investigates Nigeria as one of the developing economies to understand her readiness for 4IR and the level of preparedness to mitigate the sophisticated cyber-attacks that comes with it. The investigation adopted quantitative research approach and developed an online questionnaire that was shared amongst the population of interest that includes academic, industry experts and relevant stakeholders. The questionnaire returned 116 valid responses which were analysed with descriptive statistical tools in SPSS. Results suggest that 60 of the respondents opined that Nigerian government at are not showing enough evidence to demonstrate her preparedness to leverage these promised potentials by developing 4IR relevant laws, strong institutional frameworks and policies. They lack significant development capacity to mitigate risks associated with digital ecosystem and cyber ecosystem that are ushered in by the 4IR. In the universities, 52 of the courses offered at the undergraduate and 42 at the post-graduate levels are relevant in the development of skills required in the revolution. The study recommends that the government at all levels make adequate efforts in developing the countrys intangible assets. In all, this paper posits that successful implementation of these could equip Nigeria to embrace the 4IR in all its aspects.

Computers and Society

Marwa Salayma

2023-10-03

Abstract:Security in the Internet of Things (IoT) remains a predominant area of concern. This survey updates the state of the art covered in previous surveys and focuses on defending against threats rather than on the threats alone. This area is less extensively covered by other surveys and warrants particular attention. A life-cycle approach is adopted, articulated to form a "defence in depth" strategy against malicious actors compromising an IoT network laterally within it and from it. This study highlights the challenges of each mitigation step, emphasises novel perspectives, and reconnects the discussed mitigation steps to the ground principles they seek to implement.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture