Scribd Logo
Upload

Welcome to Scribd!

  • Litreview

    Uploaded by

    api-301875468
    34 views7 pages
    The Internet of things(iot) is a term used to describe the ability to send and receive digital data into everyday objects. To be considered a smart object, it needs to satisfy the following requirements: it needs to physically exist, can communicate with other devices, can run computations, and able to detect changes and perform an action. The security issues unique with the IoT stems from it's core characteristic: it being a distributed system.

    Original Description:

    Original Title

    litreview

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The Internet of things(iot) is a term used to describe the ability to send and receive digital data into everyday objects. To be considered a smart object, it needs to satisfy the following requirements: it needs to physically exist, can communicate with other devices, can run computations, and able to detect changes and perform an action. The security issues unique with the IoT stems from it's core characteristic: it being a distributed system.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    34 views7 pages

    Litreview

    Uploaded by

    api-301875468
    The Internet of things(iot) is a term used to describe the ability to send and receive digital data into everyday objects. To be considered a smart object, it needs to satisfy the following requirements: it needs to physically exist, can communicate with other devices, can run computations, and able to detect changes and perform an action. The security issues unique with the IoT stems from it's core characteristic: it being a distributed system.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

    TheInternetofThings:

    SecurityIssues

    CalvinKwok
    CSE300:TechnicalCommunications
    November15th,2015

    Theinternetofthings(IoT)isatermusedtodescribeaparadigminwhichhousehold
    substancesarounduswithembeddedcomputationalcompetencesandcapableofproducing
    anddistributinginformation(SajjadandYousaf2014,9).In
    otherwords,itisusedtodescribe
    whenweimplementtheabilitytosendandreceivedigitaldataintoeverydayobjects.Overthe
    yearsastechnologyadvances,theinternetofthingshasseengrowingpopularity,withthemost
    recentConsumerElectronicsShow(CES2015)havingitasitstheme.However,thisgrowing
    interconnectivityofeverydayobjectsraisessomesecurityissues.Thesedays,computersareall
    equippedwithantivirussoftwarewhicharemadetoprotectourdevices.However,these
    protectionsoftwareisabletobegeneralizedduetoageneraloperatingsystemthatenablesthe
    devicestofunctioninastandardway.Innontraditionalobjects,theirsoftwarewasdesigned
    withfunctionalityinmind,notsecurity.Assuch,alargenumberoflowsecurityobjectsareput
    outintotheworld,openingalargevenueformaliciousattacks.
    Theseobjectsthatareabletosendandreceivevirtualdataarecommonlyknownas
    smartobjects.Tobeconsideredasmartobject,itneedstosatisfythefollowingrequirements:
    i)
    Hasphysicalessence
    ii)
    Hasestablishedlinksofphysicalfeatureswithnominalandconventional

    communicationcapabilities
    iii)
    Isinapossessionofdistinctiveidentifier
    iv)
    Hasanassociationofoneaddressandnameatminimum
    v)
    Holdssomecomputingcompetenciesand
    vi)
    Ownspropertiesofsensingphysicalspectaclesandgeneratesactionsobligating
    anoutcomeonthephysicalcertainty(actuators).(
    SajjadandYousaf2014,9
    )

    Tosummarize,asmartobjectneedstophysicallyexist,cancommunicatewithotherdevices,
    canbeuniquelyidentified,canruncomputations,andabletodetectchangesandperforman
    actionwhichwouldincludedisplayingtheinformation.Intodaystimes,youwillseethatagreat
    numberofeverydayobjectsqualifyassmartobjectsandmanyothershavebeguntotransition
    intobecomingsmartobjects.

    Gang,Zeyong,andJunassertthatthesecurityissuesuniquewiththeInternetofThings
    stemsfromitscorecharacteristic:itbeingalargenetworkofmachineswhichlackeffective
    monitoringandmanagement(Gan,Lu,andJiang2011,227).Incontrast,ourtraditional
    networksaremadeupofourcomputersandtheinternetrouterwhichconnectstotheinternet.
    Gang,Zeyong,andJun(2011)describethreesecurityissuesresultfromthis:localnodesafety,
    sensornetworkissues,andcorenetworkissues.Localnodesafetyissuecomesfromdevices
    thataredeployedandleftunattendedoutdoorswhichleavesitopentophysicaltamperingsuch
    asinstallingTrojansthroughachiporreplacingpartsoftheequipment.Thesensornetwork
    vulnerabilitiesoftheInternetofThingsistheresultofthesmartobjectssensorswhich
    accordingtoGang,Zeyong,andJun(2011),nodesusuallyhavesinglefunctionastemperature
    measurementandcarrylessenergy,makingtheirhavenotcomplexmonitoringandlackingof
    defensecapacity(Gan,Lu,andJiang2011,228).Asmentionedpreviously,developersdesign
    withmostlyfunctioninmind,rarelythinkingaboutsecurity.Incomputers,securityishandledby
    otherdevelopers,butasmanysmartobjectsareunique,allsoftwarethatisusedcomedirectly
    fromthedeveloper.Thecorenetworkissuestemsfromthefactthatmanysmartobjects
    connecttoacentralobject,suchasasmartphone.Whilethecoresmartobjectisusually
    secure,theobjecthastoopenitselftomanyothersmartobjectswhichleavesitvulnerableto
    denialofservice(DOS)attacksbyusingtheopenchannelstooverloadthecoreobject.
    AgeneralnetworkarchitectureforanInternetofThingsdeviceiscomposedofthree
    layers:thesensinglayerwhichcontainsallthesensors,thetransportlayerwhichhandles
    communications,andtheapplicationlayerwhichprocessesdataandprovidesinformation.
    Althoughtheselayersaresomewhatprotectedbyageneralsecurity,Xingmei,Jing,andHe
    arguethateachofthesethreelayersarestillvulnerabletospecificformsofattack.Accordingto
    Xingmei,Jing,andHe,thesensinglayersmajorvulnerabilityliesinitsRFIDlabelandWireless

    sensornetwork.AnRFIDlabelcanbecopiedorcounterfeitedwhichenablestheattackerto
    impersonateasalegitimatedevice,whiletheWirelesssensornetworkcanhaveitschannels
    blockedorhaveitsinformationcominginorgoingoutmodified.Thetransportlayeris
    vulnerabletoattackswhichcomeinbetweenthedeviceandanetworkitistryingto
    communicatewith,thisincludesDOSattacks,impersonationattacks,andmiddlemanattacks.
    Lastly,theapplicationlayer,whichisnotablymorecomplexandvariedthantheothertwo
    layers,hassecurityproblemsinprotectinguserprivacyinformation,leakageofinformation
    tracking,anddestroyingcomputerdata.Foreachoftheseslayers,Xingmei,Jing,andHe
    (2011)suggestthefollowingsolutions:RFIDprotection,encryptionforthetransportlayer,and
    establishingacomprehensive,unified,andefficientsafetymanagementplatformforthe
    applicationlayer.
    Manysmartobjectscommunicatetoothernearbysmartdevicessmallamountsofdata
    onafrequentbasisusinglowratewirelesspersonalareanetworks.Itistomanagedthistypeof
    communication,thatIEEEdevelopedIEEE802.15.4whichisastandardforWPANthatfocuses
    onlowcostandlowspeedcommunicationbetweendevices.However,SyedandMuhammad
    notethattherearesomesecurityissueswithIEEE802.15.4,notingthatthestandarddoesnot
    clarifycertaincrucialaspectseventhoughitdescribes,withahighlevelofaccuracy,procedures
    andparameterstobefollowedwhilehandlingsecuredMACframes(SajjadandYousaf2014,
    13).Thesedangerouslyambiguousaspectspertainingtosecurityincludehowtocreateanew
    andcompletelysecureIEEE802.15.4area,howtocreatethekeysusedfordevice
    communication,howtointerchangethesekeys,howtoconstructthemacKeyTablewhich
    organizesthesekeys,andthenetworkjoiningproceduretoanewnodelackingsecurity
    capabilities.Morespecificityisneededtostandardizethesecrucialaspectsandincreasethe
    overallsecurityoftheIEEE802.15.4standard.

    OneofthemajorsecurityconcernsoftheInternetofThingsisprivacy.Whilemalicious
    attacksoncomputersaremeanttodisruptserviceorstealvaluabledatasuchasbank
    accounts,deviceswithintheInternetofThingsdealmainlywithpersonaldatasuchasaddress
    orGPSlocation.LouisandJohanwrite,Theindividual'srighttoprivacyneedstobeprotected.
    Theindividual'strustintheIoTshouldbefundamentalandcomplete,knowingthatinformation
    willnotimpactnegativelyonanyindividualorsociety(CoetzeeandEksteen2011,5).
    Additionally,Currently,manymanufacturersarecreatingverticalsolutions(asliceintheIoT
    applicationspace),usingtheirowntechnologiesandinaccessibleservices.Standardsneedto
    becreatedtochangethisIntranetofThingsintothemorecompleteInternetofThings.
    (CoetzeeandEksteen2011,5).Thethreattoauserspersonalinformationisacknowledgedas
    beingvulnerabletounauthorizedaccessaswellasstandardizationtotechnologiesinsmart
    objects.TheprivacyissueisgreaterinthecontextoftheInternetofThings,duetoentitiesthat
    requestsuchinformationmaybeotherInternetofThingsdevicesbutsincetheyisno
    standardization,itisunclearwhetherthisinformationshouldbesharedornot.LouisandJohan
    arguethattheInternetofThingshastobegovernedsuchthatstandardizationiscreatedand
    privacyisassured.
    AttleearguesthatSecurityinIoTdesignmainlyfocusesontheendtoend
    communicationlinksamongtheparticipatingnodes.Howeverconsideringthearchitecturalview
    ofIoTaspresentedbyITU,thesecuritylevelsforIoTneedtobefocusedonthemiddleware
    level,sincethisiswheretheinteractionamongstvariousnodeconnectionstakes
    place.(Gamnundani2015,116117)Thisisbestimplementedbyinstallingthesecurityinside
    thenodesthemselves,ratherthanoutsideit.AnexampleofsuchasecurityisaIntrusion
    DetectionSystemwhich.However,doingsowillaffectthesize,memoryandstoragecapacityof
    thenodemakingtheimplementationsuchasecurityfeatureincrediblycomplicated.Assuch,

    thereiscurrentlynocurrentIntrusionDetectionSystemsthatmeettherequirementsofIPv6
    connectedtotheInternetofThings.
    ThegeneralconsensusappearstobethattheInternetofThingsisindeedvulnerableto
    attacksandmuchmoreworkneedstobedoneinordertoachieveahighamountofsecurity.As
    wecansee,therearemanydifferentwaysasmartobjectcanbeinfiltratedorattacked.Eachof
    thesevulnerabilitiesneedtobeprotectedandeachtypeofattackneedstobeabletobe
    blocked.However,sincethereexistsnostandardconcerningsmartobjectsintheInternetof
    Things,suchafeatwillbehardtoaccomplish.Muchlikeintheearlyyearsofthecomputer,a
    groupofprofessionalsneedstogrouptogetheranddecideonstandardsconcerningtheInternet
    ofThings.

    References

    Sajjad,S.M.Yousaf,M.,"SecurityanalysisofIEEE802.15.4MACinthecontextof
    InternetofThings(IoT),"in
    InformationAssuranceandCyberSecurity(CIACS),2014
    Conferenceon
    ,vol.,no.,pp.914,1213June2014

    Gamundani,A.M.,"Animpactreviewoninternetofthingsattacks,"in
    EmergingTrends
    inNetworksandComputerCommunications(ETNCC),2015InternationalConference
    on
    ,vol.,no.,pp.114118,1720May2015

    Coetzee,L.Eksteen,J.,"TheInternetofThingspromiseforthefuture?An
    introduction,"in
    ISTAfricaConferenceProceedings,2011
    ,vol.,no.,pp.19,1113May
    2011

    XuXingmeiZhouJingWangHe,"Researchonthebasiccharacteristics,thekey
    technologies,thenetworkarchitectureandsecurityproblemsoftheInternetofthings,"in
    ComputerScienceandNetworkTechnology(ICCSNT),20133rdInternational
    Conferenceon
    ,vol.,no.,pp.825828,1213Oct.2013

    GanGangLuZeyongJiangJun,"InternetofThingsSecurityAnalysis,"in
    Internet
    TechnologyandApplications(iTAP),2011InternationalConferenceon
    ,vol.,no.,
    pp.14,1618Aug.2011

    You might also like