Aniruddha Bhattacharjya,Xiaofeng Zhong,Jing Wang,Xing Li

DOI: https://doi.org/10.1007/978-3-030-18732-3_9

IF: 5.711

2019-07-23

Internet of Things

Abstract:The Constrained Application Protocol (CoAP) is a standard web transfer protocol. The CoAP runs over UDP, resulting in an unreliable message transport. CoAP offers a request/response communication model among application endpoints. The Internet Protocol Security (IPsec) can offer various security services like limited traffic flow confidentiality, anti-replay mechanism, access control, confidentiality, connection-less integrity, and data origin authentication. One way to use IPSec to secure the CoAP transactions can be Encapsulating Security Payload Protocol [RFC 2406] (IPSec-ESP). It can be a special case, if the hardware provisions encryption at layer 2 (it is the situation with some IEEE 802.15.4 radio chips). Another way can be, the 6LowPAN (IPv6 over Low-power Wireless Personal Area Networks) extension, for using the IPSec with Authentication Header (AH) [RFC 2402] and Encapsulation Security Payload (ESP). To give more security to the major User Datagram Protocol (UDP) well-known applications, Datagram Transport Layer Security (DTLS) runs on top of UDP instead of Transmission Control Protocol (TCP). The DTLS offers automatic key management, confidentiality, authentication, and data integrity. It also provisions wide range of dissimilar cryptographic algorithms. We have found that providing end-to-end security is not so easy, so we have developed a Secure Hybrid RSA (SHRSA) cipher. At present, we are using it in personal messaging scheme, and it is able to provide end-to-end security with efficiency and lightweight features. Later, this cipher can be used in lightweight and efficient communication scenario of Internet of Things (IoT) and Internet of Everything (IoE).

Omerah Yousuf,Roohie Naaz Mir

DOI: https://doi.org/10.1108/ICS-07-2018-0084

2019-10-07

Information and Computer Security

Abstract:Internet of Things (IoT) is a challenging and promising system concept and requires new types of architectures and protocols compared to traditional networks. Security is an extremely critical issue for IoT that needs to be addressed efficiently. Heterogeneity being an inherent characteristic of IoT gives rise to many security issues that need to be addressed from the perspective of new architectures such as software defined networking, cryptographic algorithms, federated cloud and edge computing. The paper analyzes the IoT security from three perspectives: three-layer security architecture, security issues at each layer and security countermeasures. The paper reviews the current state of the art, protocols and technologies used at each layer of security architecture. The paper focuses on various types of attacks that occur at each layer and provides the various approaches used to countermeasure such type of attacks. The data exchanged between the different devices or applications in the IoT environment are quite sensitive; thus, the security aspect plays a key role and needs to be addressed efficiently. This indicates the urgent needs of developing general security policy and standards for IoT products. The efficient security architecture needs to be imposed but not at the cost of efficiency and scalability. The paper provides empirical insights about how the different security threats at each layer can be mitigated. The paper fulfills the need of having an extensive and elaborated survey in the field of IoT security, along with suggesting the countermeasures to mitigate the threats occurring at each level of IoT protocol stack.

Tingxuan Tang

DOI: https://doi.org/10.56028/aetr.11.1.589.2024

2024-07-18

Abstract:Recent years have witnessed that Internet of Things (IoT) became more and more popular in many technical fields. Due to its high utility, IoT is closely linked with a number of domains in people’s daily life; hence, it is really crucial and necessary to reinforce and maintain the security of IoT. In fact, there are numerous protocols proposed to protect it, and these researches aim to find an effective way to resist attacks from hackers. In order to improve safety index of the existing models and build a nearly brilliant model. This paper analyzes and compares three published studies which are relevant to this topic through several factors. This paper describes these protocols from an understandable and explicit perspective which makes readers easy to catch the main idea of each protocol. After detailed explanation of the algorithm and analysis of several safety indicators, according to several comparison tables and bar charts, we finally figure out the best protocol among these three studies, and specific results are showed in the paper. Furthermore, we also give some available and useful suggestions about the future work to optimize the protocol in this industry.

Jared Mathews,Prosenjit Chatterjee,Shankar Banik

DOI: https://doi.org/10.48550/arXiv.2206.14341

2022-06-29

Cryptography and Security

Abstract:The need for secure Internet of Things (IoT) devices is growing as IoT devices are becoming more integrated into vital networks. Many systems rely on these devices to remain available and provide reliable service. Denial of service attacks against IoT devices are a real threat due to the fact these low power devices are very susceptible to denial-of-service attacks. Machine learning enabled network intrusion detection systems are effective at identifying new threats, but they require a large amount of data to work well. There are many network traffic data sets but very few that focus on IoT network traffic. Within the IoT network data sets there is a lack of CoAP denial of service data. We propose a novel data set covering this gap. We develop a new data set by collecting network traffic from real CoAP denial of service attacks and compare the data on multiple different machine learning classifiers. We show that the data set is effective on many classifiers.

Usman Tariq,Irfan Ahmed,Ali Kashif Bashir,Kamran Shaukat

DOI: https://doi.org/10.3390/s23084117

IF: 3.9

2023-04-20

Sensors

Abstract:The emergence of the Internet of Things (IoT) technology has brought about tremendous possibilities, but at the same time, it has opened up new vulnerabilities and attack vectors that could compromise the confidentiality, integrity, and availability of connected systems. Developing a secure IoT ecosystem is a daunting challenge that requires a systematic and holistic approach to identify and mitigate potential security threats. Cybersecurity research considerations play a critical role in this regard, as they provide the foundation for designing and implementing security measures that can address emerging risks. To achieve a secure IoT ecosystem, scientists and engineers must first define rigorous security specifications that serve as the foundation for developing secure devices, chipsets, and networks. Developing such specifications requires an interdisciplinary approach that involves multiple stakeholders, including cybersecurity experts, network architects, system designers, and domain experts. The primary challenge in IoT security is ensuring the system can defend against both known and unknown attacks. To date, the IoT research community has identified several key security concerns related to the architecture of IoT systems. These concerns include issues related to connectivity, communication, and management protocols. This research paper provides an all-inclusive and lucid review of the current state of anomalies and security concepts related to the IoT. We classify and analyze prevalent security distresses regarding IoT's layered architecture, including connectivity, communication, and management protocols. We establish the foundation of IoT security by examining the current attacks, threats, and cutting-edge solutions. Furthermore, we set security goals that will serve as the benchmark for assessing whether a solution satisfies the specific IoT use cases.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Carlotta Tagliaro,Martina Komsic,Andrea Continella,Kevin Borgolte,Martina Lindorfer

DOI: https://doi.org/10.1145/3678890.3678899

2024-10-01

Abstract:Internet-of-Things (IoT) devices, ranging from smart home assistants to health devices, are pervasive: Forecasts estimate their number to reach 29 billion by 2030. Understanding the security of their machine-to-machine communication is crucial. Prior work focused on identifying devices' vulnerabilities or proposed protocol-specific solutions. Instead, we investigate the security of backends speaking IoT protocols, that is, the backbone of the IoT ecosystem. We focus on three real-world protocols for our large-scale analysis: MQTT, CoAP, and XMPP. We gather a dataset of over 337,000 backends, augment it with geographical and provider data, and perform non-invasive active measurements to investigate three major security threats: information leakage, weak authentication, and denial of service. Our results provide quantitative evidence of a problematic immaturity in the IoT ecosystem. Among other issues, we find that 9.44% backends expose information, 30.38% CoAP-speaking backends are vulnerable to denial of service attacks, and 99.84% of MQTT- and XMPP-speaking backends use insecure transport protocols (only 0.16% adopt TLS, of which 70.93% adopt a vulnerable version).

Cryptography and Security,Networking and Internet Architecture

Aliya Tabassum,Wadha Lebda

DOI: https://doi.org/10.48550/arXiv.1912.01712

2019-11-26

Cryptography and Security

Abstract:Internet of Things (IoT) is the interconnection of heterogeneous smart devices through the Internet with diverse application areas. The huge number of smart devices and the complexity of networks has made it impossible to secure the data and communication between devices. Various conventional security controls are insufficient to prevent numerous attacks against these information-rich devices. Along with enhancing existing approaches, a peripheral defence, Intrusion Detection System (IDS), proved efficient in most scenarios. However, conventional IDS approaches are unsuitable to mitigate continuously emerging zero-day attacks. Intelligent mechanisms that can detect unfamiliar intrusions seems a prospective solution. This article explores popular attacks against IoT architecture and its relevant defence mechanisms to identify an appropriate protective measure for different networking practices and attack categories. Besides, a security framework for IoT architecture is provided with a list of security enhancement techniques.

Jung Tae (Steve) Kim

DOI: https://doi.org/10.5772/intechopen.97851

2022-01-07

Abstract:A lot of communication are developed and advanced with different and heterogeneous communication techniques by integration of wireless and wire connection. Conventional technology is mainly focus on information technology based on computer techniques in the field of industry, manufacture and automation fields. It consists of individual skill and technique. As new technologies are developed and enhanced with conventional techniques, a lot of new application is emerged and merged with previous mechanism and skills. The representative application is internet of things services and applications. Internet of things is breakthrough technologies and one of the innovation industries which are called 4 generation industry revolution. Many different types of object and devices are embedded in sensor node. They are inter-connected with optimized open system interconnection protocol over internet, wireless and wire medium. Most of communication is fully inter-connected with conventional techniques at point to point and end to application in general. Most of information in internet of things is weak against attack. This may induce vulnerable features to unauthorized and outside attacker over internet protocol, Bluetooth, Wi-Fi, and so forth. As high and low efficient equipment are merged into heterogeneous infrastructure, IoT communication surroundings has become more complex, Due to limited resources in IoT such as small memory, low power and computing power, IoT devices are vulnerable and disclosed with security problems. In this chapter, we analyzed security challenges and threats based on smart home network under IoT service.

Muath A. Obaidat,Suhaib Obeidat,Jennifer Holst,Abdullah Al Hayajneh,Joseph Brown

DOI: https://doi.org/10.3390/computers9020044

2020-05-30

Computers

Abstract:The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem.

Bruce Ndibanje,Hoon-Jae Lee,Sang-Gon Lee

DOI: https://doi.org/10.3390/s140814786

IF: 3.9

2014-08-13

Sensors

Abstract:Internet of Things is a ubiquitous concept where physical objects are connected over the internet and are provided with unique identifiers to enable their self-identification to other devices and the ability to continuously generate data and transmit it over a network. Hence, the security of the network, data and sensor devices is a paramount concern in the IoT network as it grows very fast in terms of exchanged data and interconnected sensor nodes. This paper analyses the authentication and access control method using in the Internet of Things presented by Jing et al. (Authentication and Access Control in the Internet of Things. In Proceedings of the 2012 32nd International Conference on Distributed Computing Systems Workshops, Macau, China, 18-21 June 2012, pp. 588-592). According to our analysis, Jing et al.'s protocol is costly in the message exchange and the security assessment is not strong enough for such a protocol. Therefore, we propose improvements to the protocol to fill the discovered weakness gaps. The protocol enhancements facilitate many services to the users such as user anonymity, mutual authentication, and secure session key establishment. Finally, the performance and security analysis show that the improved protocol possesses many advantages against popular attacks, and achieves better efficiency at low communication cost.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Ayyoob Hamza,Hassan Habibi Gharakheili,Vijay Sivaraman

DOI: https://doi.org/10.48550/arXiv.2008.09339

2020-08-21

Abstract:IoT devices are increasingly utilized in critical infrastructure, enterprises, and households. There are several sophisticated cyber-attacks that have been reported and many networks have proven vulnerable to both active and passive attacks by leaking private information, allowing unauthorized access, and being open to denial of service attacks. This paper aims firstly, to assist network operators to understand the need for an IoT network security solution, and then secondly, to survey IoT network attack vectors, cyber threats, and countermeasures with a focus on improving the robustness of existing security solutions. Our first contribution highlights viewpoints on IoT security from the perspective of stakeholders such as manufacturers, service providers, consumers, and authorities. We discuss the differences between IoT and IT systems, the need for IoT security solutions, and we highlight the key components required for IoT network security system architecture. For our second contribution, we survey the types of IoT attacks by grouping them based on their impact. We discuss various attack techniques, threats, and shortfalls of existing countermeasures with an intention to enable future research into improving IoT network security.

Cryptography and Security,Networking and Internet Architecture

Aniruddha Bhattacharjya,Xiaofeng Zhong,Jing Wang,Xing Li

DOI: https://doi.org/10.1007/978-3-319-92564-6_7

2018-01-01

Abstract:The Internet of Things (IoT) signifies the interconnection of exceedingly heterogeneous networked entities, for instance, sensors, actuators, smart phones, etc. In accord with concrete functions, the network structure of the IoT is divided into three hierarchies: the bottom hierarchy is the sensing equipment for information acquisition; the middle hierarchy is the network for data transmission, whereas the top hierarchy is intended for applications and middleware. The uniqueness of the IoT proclaims new challenges to security requirements, dissimilar from previous technology trends. Moreover, to guarantee resilience, fail-over and recovery mechanisms must be provided to uphold operations under failure or attacks, and to return to normal operations (failure/attack mitigation). To uphold the end-to-end method, the gateway requirements to endure invisible to the communicating endpoints. The Constrained …

Mohammed Aziz Al Kabir,Wael Elmedany,Mhd Saeed Sharif

DOI: https://doi.org/10.1080/23742917.2023.2228053

2023-07-13

Journal of Cyber Security Technology

Abstract:The increasing prevalence of IoT devices has brought about numerous security challenges due to their relatively simple internal architecture and low-powered hardware warranted by their small footprint requirement. As there are billions of IoT devices in use today, the sheer number of such devices pose a great security challenge as they are often constrained by a number of hardware and software limitations in addition to being designed with a focus on convenience, ease of use, mass production, and low cost, rather than security. The seemingly exponentially increasing number of such devices make it harder to keep track of – and patch – insecure IoT devices. This paper explores the common security threats, attacks, and vulnerabilities relating to IoT devices and highlights the challenges associated with securing them against emerging security threats and cyberattacks. Due to their role as gateways to connected devices and susceptibility to forming botnets or facilitating man-in-the-middle attacks, IoT devices are a lucrative target for cybercriminals. The paper discusses various remediation and mitigation techniques that can be implemented to better secure IoT devices, including access control mechanisms, secure communication protocols, and regular updates and patches. By better understanding the security challenges associated with IoT devices and implementing effective mitigation techniques, individuals and businesses can ensure the safety, security, and privacy of their connected devices and networks.

Samundra Deep,Xi Zheng,Alireza Jolfaei,Dongjin Yu,Pouya Ostovari,Ali Kashif Bashir

DOI: https://doi.org/10.1002/ett.3935

IF: 3.6

2020-03-16

Transactions on Emerging Telecommunications Technologies

Abstract:<p>Internet of Things (IoT) is a novel paradigm, which not only facilitates a large number of devices to be ubiquitously connected over the Internet but also provides a mechanism to remotely control these devices. The IoT is pervasive and is almost an integral part of our daily life. These connected devices often obtain user's personal data and store it online. The security of collected data is a big concern in recent times. As devices are becoming increasingly connected, privacy and security issues become more and more critical and these need to be addressed on an urgent basis. IoT implementations and devices are eminently prone to threats that could compromise the security and privacy of the consumers, which, in turn, could influence its practical deployment. In recent past, some research has been carried out to secure IoT devices with an intention to alleviate the security concerns of users. There have been research on blockchain technologies to tackle the privacy and security issues of the collected data in IoT. The purpose of this paper is to highlight the security and privacy issues in IoT systems. To this effect, the paper examines the security issues at each layer in the IoT protocol stack, identifies the under‐lying challenges and key security requirements and provides a brief overview of existing security solutions to safeguard the IoT from the layered context.</p>

telecommunications

Abhishek Verma,Virender Ranga

DOI: https://doi.org/10.1109/JSEN.2020.2973677

2023-03-01

Abstract:Internet of Things (IoT) is one of the fastest emerging networking paradigms enabling a large number of applications for the benefit of mankind. Advancements in embedded system technology and compressed IPv6 have enabled the support of IP stack in resource constrained heterogeneous smart devices. However, global connectivity and resource constrained characteristics of smart devices have exposed them to different insider and outsider attacks, which put users' security and privacy at risk. Various risks associated with IoT slow down its growth and become an obstruction in the worldwide adoption of its applications. In RFC 6550, the IPv6 Routing Protocol for Low Power and Lossy Network (RPL) is specified by IETF's ROLL working group for facilitating efficient routing in 6LoWPAN networks, while considering its limitations. Due to resource constrained nature of nodes in the IoT, RPL is vulnerable to many attacks that consume the node's resources and degrade the network's performance. In this paper, we present a study on various attacks and their existing defense solutions, particularly to RPL. Open research issues, challenges, and future directions specific to RPL security are also discussed. A taxonomy of RPL attacks, considering the essential attributes like resources, topology, and traffic, is shown for better understanding. In addition, a study of existing cross-layered and RPL specific network layer based defense solutions suggested in the literature is also carried out.

Networking and Internet Architecture,Cryptography and Security

Aejaz Nazir Lone,Suhel Mustajab,Mahfooz Alam

DOI: https://doi.org/10.1002/spy2.318

2023-04-14

Security and Privacy

Abstract:It has become possible to link anything and everything to the Internet in recent decades due to the expanding Internet of Things (IoT). As a result, our usage of technology has changed a lot, causing digital disruption in the real world. IoT allows drones, sensors, digital set‐top boxes, surveillance cameras, wearable technology, and medical equipment to be connected to the internet. Healthcare, manufacturing, utilities, transportation, and housing are among the various sectors that has become intelligent. Recently, we have seen a surge in cybersecurity challenges and opportunities for the improvement of various IoT applications. Although cybersecurity and the IoT are extensively researched, there is a dearth of studies that exclusively focus on the evolution of cybersecurity challenges in the area of AI and machine learning, blockchain and zero trust, lightweight security, integration of IoT with 5G networks, and many more in the IoT world. The availability of environment‐capturing sensors and internet‐connected tracking devices allows for private life surveillance and cloud data transmission. Therefore, a significant problem for researchers and developers is to ensure the CIA (Confidentiality, Integrity, and Availability) security triangle for people. This paper presents a comprehensive study of cybersecurity applications, challenges, and opportunities in the IoT world. The IoT architectural layer, attacks against the IoT layer, and related issues are highlighted. Furthermore, cybersecurity issues and challenges in IoT along with the strength and weaknesses of existing techniques are discussed in detail. Our study will provide insight into various current cybersecurity research trends in the IoT world.

Yasmine Harbi,Zibouda Aliouat,Allaoua Refoufi,Saad Harous

DOI: https://doi.org/10.1109/access.2021.3103725

IF: 3.9

2021-01-01

IEEE Access

Abstract:The Internet of Things (IoT) aims to transform everyday physical objects into an interconnected ecosystem with digital data accessible anywhere and anytime. “Things” in IoT are embedded with sensing, processing, and actuating capabilities and cooperate in providing smart and innovative services autonomously. The rapid spread of IoT services arises different security vulnerabilities that need to be carefully addressed. Several emerging and promising technologies and techniques are introduced to improve the security of IoT. This paper aims to provide an up-to-date vision of the current research topics related to IoT security. Initially, we introduce common elements and protocols of IoT to demystify the origins of threats in IoT. Then, we propose a taxonomy of IoT attacks and analyze the security vulnerabilities of IoT at different layers. Subsequently, we provide a comparison of recent security schemes based on emerging solutions including fog computing, edge computing, software-defined networking (SDN), blockchain, lightweight cryptography, homomorphic and searchable encryption, and machine learning. Finally, security challenges are discussed and future directions are highlighted for future interested researchers.

computer science, information systems,telecommunications,engineering, electrical & electronic

Kim Jae-Dong

2024-10-17

Abstract:The rapid expansion of the Internet of Things (IoT) has revolutionized various domains, offering significant benefits through enhanced interconnectivity and data exchange. However, the security challenges associated with IoT networks have become increasingly prominent owing to their inherent vulnerability. This paper provides an in-depth analysis of the network layer in IoT architectures, highlighting the potential risks posed by routing attacks, such as blackholes, wormholes, sinkholes, Sybil, and selective forwarding attacks. This study explores the unique challenges posed by the constrained resources, heterogeneity, and dynamic topology of IoT networks, which complicate the implementation of robust security measures. Various countermeasures, including trust-based mechanisms, Intrusion Detection Systems (IDS), and routing protocols, are evaluated for their effectiveness in mitigating these threats. This study also emphasizes the importance of considering misbehavior observation, trust management, and lightweight defense strategies in the design of secure IoT networks. These findings contribute to the development of comprehensive defense mechanisms tailored to the specific challenges of IoT environments.

Cryptography and Security

Hichem Mrabet,Sana Belguith,Adeeb Alhomoud,Abderrazak Jemai

DOI: https://doi.org/10.3390/s20133625

2020-06-28

Abstract:The Internet of Things (IoT) is leading today's digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond.

Qi Jing,Athanasios V. Vasilakos,Jiafu Wan,Jingwei Lu,Dechao Qiu

DOI: https://doi.org/10.1007/s11276-014-0761-7

IF: 2.701

2014-01-01

Wireless Networks

Abstract:Internet of Things (IoT) is playing a more and more important role after its showing up, it covers from traditional equipment to general household objects such as WSNs and RFID. With the great potential of IoT, there come all kinds of challenges. This paper focuses on the security problems among all other challenges. As IoT is built on the basis of the Internet, security problems of the Internet will also show up in IoT. And as IoT contains three layers: perception layer, transportation layer and application layer, this paper will analyze the security problems of each layer separately and try to find new problems and solutions. This paper also analyzes the cross-layer heterogeneous integration issues and security issues in detail and discusses the security issues of IoT as a whole and tries to find solutions to them. In the end, this paper compares security issues between IoT and traditional network, and discusses opening security issues of IoT.