International Journal of Advanced Networking and Applications

Open Access Open Access  Restricted Access Subscription Access

Internet of Things (IoT) Security Status, Challenges and Countermeasures.


Affiliations
1 Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
 

The Internet of Things (IoT) is a vast concept spreading rapidly throughout the world today. Due to their inherent nature, IoT devices are more vulnerable to attacks than other cyber infrastructure. In a typical IoT system, four different types of layers can be identified. Those layers can be specified as the application layer, data processing (software) layer, network layer, and sensing (physical) layer. According tothis architecture, each layer operates under different technologies. Thus, various challenges and vulnerabilities related to security have emerged and exist. Thereby extant and forthcoming IoT applications must comply with standard cyber security guides and regulations to guarantee safety; otherwise, they would jeopardize the lives of people using these IoT applications resulting in chaos. To achieve this, IoT applications can create environments with end-to-end security by adding security measures andthe required adjustment, guaranteeing safety and privacy. By bearing this in mind, this research reviews the different types of security challenges, such as access control attacks and physical security attacks found in each of the four layers of the IoT architecture, along with what countermeasures can be taken to mitigate these attacks. As the main objective of this research is to examine underlying security challenges inthe standard IoT architecture, we examine and categorize IoT vulnerabilities and outline methods used to ensure such IoT systems safety. Further, we also present the future directions in terms of security and privacy of IoT as well.

Keywords

Cybersecurity, Encryption, Internet of Things, IoT, Protocols, Security, Sensors, Internet, Wireless Sensor Networks.
User
Notifications
Font Size

  • Vailshery, L., 2022. Global IoT and non-IoT connections 2010-2025 | Statista. [online] Statista. Available: https://www.statista.com/statistics/1101442/iot-number-of-connected-devices-worldwide/#:~:text=The%20total%20installed%20bas e%20of,that%20are%20expected%20in%202021.

  • IOT - google trends. (n.d.). Available: https://trends.google.com/trends/explore?date=all&q= iot.

  • Hussain, F., Hussain, R., Hassan, S. A., & Hossain, E. (2020). Machine learning in IOT security: Current solutions and future challenges. IEEE Communications Surveys & Tutorials, 22(3), 1686– 1721.

  • Thilakarathne, N. N., Weerasinghe, H. D., Welhenge, A., & Kagita, M. K. (2021). Privacy dilemma in healthcare: A review on Privacy Preserving Medical Internet of Things. 2021 12th International Conference on Computing Communication and Networking Technologies (ICCCNT).

  • Alhalafi, N., & Veeraraghavan, P. (2019). Privacy and security challenges and solutions in IOT: A Review. IOP Conference Series: Earth and Environmental Science, 322(1), 012013.

  • History of I.O.T. Trinity. (2021, July 4). Available: https://www.trinity.co.za/docs/history-of-iot/.

  • The history of IOT security. History in the Making. Available: https://publications.psacertified.org/the-history-of-iot-security/history-in-the-making/.

  • Suresh, P., Daniel, J. V., Parthasarathy, V., & Aswathy, R. H. (2014). A state of the art review on the Internet of things (IOT) history, technology and fields of deployment. 2014 International Conference on Science Engineering and Management Research (ICSEMR).

  • Internet of things (IOT) history. Postscapes. (2019, November 12). Available: https://www.postscapes.com/iot-history/.

  • Ashton, K. (2020, July 1). That ‘Internet of things’ thing. RFID JOURNAL. Available: http://www.rfidjournal.com/articles/view?4986.

  • Gloukhovtsev, M. (2018). IOT security: Challenges, Solutions & Future prospects - dell emc. Available: https://education.dellemc.com/content/dam/dell-emc/documents/en-us/2018KS_Gloukhovtsev-IoT_Security_Challenges_Solutions_and_Future_Pros pects.pdf.

  • Shafique, K., Khawaja, B. A., Sabir, F., Qazi, S., & Mustaqim, M. (2020). Internet of things (IOT) for next-generation smart systems: A review of current challenges, future trends and prospects for emerging 5G-IOT scenarios. IEEE Access, 8, 23022–23040

  • Cyber Hub. (2022, March 8). IOT security issues. Check Point Software. Available: https://www.checkpoint.com/cyber-hub/network-security/what-is-iot-security/iot-security-issues/.

  • “Security challenges of IOT-Enabled Solutions: ISACA Journal,”ISACA [Online]. Available: https://www.isaca.org/resources/isaca-journal/issues/2015/volume-4/security-and-privacy-challenges-of-iot-enabled-solutions.

  • Security Innovation Follow, “Security Testing for IOT Systems,”SlideShare a Scribd company. [Online]. Available: https://www.slideshare.net/SecurityInnovation/securit y-testing-for-iot-systems?next_slideshow=149455670.

  • YashKesharwani2 Follow, “IOT security,”SlideShare a Scribd company. [Online]. Available: https://www.slideshare.net/YashKesharwani2/iot-security-113025045.

  • Somasundaram Jambunathan Follow Associate Director at Cognizant Technology Solutions, “Security and privacy considerations in internet of things,”SlideShare a Scribd company. [Online]. Available: https://www.slideshare.net/somaj/security-and-privacy-considerations-in-internet-of-things-45331113.

  • Radouane Mrabet Follow Président, “IOT security and privacy: Main challenges and how ISOC-Ota Address Th...,”SlideShare a Scribd company. [Online]. Available: https://www.slideshare.net/RadouaneMrabet/iot-security-and-privacy-main-challenges-and-how-isocota-address-them.

  • Emertxe Information Technologies Pvt Ltd Follow, “Design challenges in IOT,”SlideShare a Scribd company. [Online]. Available: https://www.slideshare.net/EmertxeSlides/design-challenges-iotemertxev20?qid=c11b1607-5c74-4bcd-87e4-778fdf2cc7a0&v=&b=&from_search=2.

  • J. Borgini, “Top advantages and disadvantages of IOT in business,”IoT Agenda, 29-Mar-2022. [Online]. Available: https://www.techtarget.com/iotagenda/tip/Top-advantages-and-disadvantages-of-IoT-in-business.

  • Charalampos Doukas Follow Senior Researcher at CREATE-NET, “Hardware challenges for the IOT,” SlideShare a Scribd company. [Online]. Available: https://www.slideshare.net/CharalamposDoukas/hard ware-challenges-for-the-iot?qid=d0841cea-e2f7-4b40-8e46-31091a69737d&v=&b=&from_search=2.

  • Koenig Solutions Ltd. Follow IT Training Institute, “IOT security, threats and challenges by V.P.Prabhakaran,”SlideShare a Scribd company. [Online]. Available: https://www.slideshare.net/KoenigSolutionsLtd/iot-security-threats-and-challenges-by-by-vpprabhakaran?qid=926ab273-5a17-4a51-bf9a-11e916ada512&v=&b=&from_search=4.

  • E. Yang, “15% of IOT devices use default passwords: Research,”The comprehensive security industry platform, 21-Jun-2017. [Online]. Available: https://www.asmag.com/showpost/26498.aspx.

  • “17 biggest security challenges for IOT,”Peerbits, 07-Apr-2022. [Online]. Available: https://www.peerbits.com/blog/biggest-iot-security-challenges.html.

  • “Top 11 IOT cybersecurity challenges facing businesses,”SecurityScorecard. [Online]. Available: https://securityscorecard.com/blog/top-iot-cybersecurity-challenges-facing-businesses.

  • T. D.-J. 20, “The 5 worst examples of IOT hacking and vulnerabilities in recorded history,”IoT For All, 28-Mar-2022. [Online]. Available: https://www.iotforall.com/5-worst-iot-hacking-vulnerabilities.

  • “4 ways cyber attackers may be hacking your IOT devices right now,”Operator by Hologram. [Online]. Available: https://www.hologram.io/blog/4-ways-cyber-attackers-may-be-hacking-your-iot-devices-right-now.

  • N. Kovartovsky, “Brute force attacks on IOT - here to stay?: Allot blog,”ALLOT, 22-Mar-2022. [Online]. Available: https://www.allot.com/blog/brute-force-attacks-iot/#:~:text=Recent%20IoT%20Attacks%3A&text=At %20the%20root%20of%20Mirai,hidden%20and%20d efault%20account%20credentials.

  • M. Noura, M. Atiquzzaman, and M. Gaedke, “Interoperability in internet of things: Taxonomies and open challenges - mobile networks and applications,”SpringerLink, 21-Jul-2018. [Online]. Available: https://link.springer.com/article/10.1007/s11036-018-1089-9.

  • “A survey in Hello Flood attack in wireless sensor networks - I.JERT”[Online]. Available: https://www.ijert.org/research/a-survey-in-hello-flood-attack-in-wireless-sensor-networks-IJERTV3IS10747.pdf.

  • “Top 4 challenges in IOT data collection and management,”FirstPoint, 25-Oct-2021. [Online]. Available: https://www.firstpoint-mg.com/blog/top-4-challenges-in-iot-data-collection-and-management/.

  • “Mirai botnet: Three admit creating and Running Attack Tool,”BBC News, 13-Dec-2017. [Online]. Available: https://www.bbc.com/news/technology-42342221.

  • The FDA confirmed that St. Jude Medical’s implantable cardiac devices have vulnerabilities that could allow a hacker to access a device. Once in, “FDA confirms that St. Jude’s cardiac devices can be hacked,”CNNMoney. [Online]. Available: https://money.cnn.com/2017/01/09/technology/fda-st-jude-cardiac-hack/.

  • I. Thomson, “Wi-Fi Baby Heart Monitor may have the worst IOT security of 2016,”The Register® - Biting the hand that feeds IT, 14-Oct-2016. [Online]. Available: https://www.theregister.com/2016/10/13/possibly_wo rst_iot_security_failure_yet/.

  • L. Kelion, “Trendnet Security cam flaw exposes video feeds on NET,”BBC News, 08-Mar-2012. [Online]. Available: https://www.bbc.com/news/technology-16919664.

  • A. Drozhzhin, Y. Ilyin, L. Grustniy, A. Starikova, and H. Aver, “Black Hat USA 2015: The full story of how that Jeep was hacked,”Daily English Global blogkasperskycom. [Online]. Available: https://www.kaspersky.com/blog/blackhat-jeep-cherokee-hack-explained/9493/.

  • S. Millar, “IOT security challenges and mitigations: An introduction - arxiv,” 29-Dec-2021. [Online]. Available: https://arxiv.org/pdf/2112.14618.pdf.

  • “Lecture 8: IOT security,”YouTube, 26-Oct-2017. [Online]. Available: https://www.youtube.com/watch?v=4YAsAdCa9sU.

  • B. Len Follow Webmaster., “IOT security, internet of things,”SlideShare a Scribd company, 10-Jun-2020. [Online]. Available: https://www.slideshare.net/BryanLen1/iot-security-internet-of-things.

  • E. -Msft, “Internet of things (IOT) security best practices,”Internet of Things (IoT) security best practices | Microsoft Docs, 16-Nov-2021. [Online]. Available: https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices.

  • A. Katrenko and E. Semeniak, “Internet of things (IOT) security: Challenges and best practices,” Apriorit, 17-Feb-2022. [Online]. Available: https://www.apriorit.com/dev-blog/513-iot-security.

  • R. van Kranenburg and A. Bassi, “(PDF) iot challenges - researchgate,”(PDF) IoT Challenges, 2012. [Online]. Available: https://www.researchgate.net/publication/257885103_ IoT_Challenges

  • Liu, X.; Zhao, M.; Li, S.; Zhang, F.; Trappe, W. A security framework for the Internet of things in the future internet architecture. Future Internet 2017, 9, 27. [Google Scholar] [CrossRef].

  • Tawalbeh, Lo’ai, Fadi Muheidat, Mais Tawalbeh, and Muhannad Quwaider. 2020. “IoT Privacy and Security: Challenges and Solutions”Applied Sciences 10, no. 12: 4102.

  • Elhoseny, M., Thilakarathne, N. N., Alghamdi, M. I., Mahendran, R. K., Gardezi, A. A., Weerasinghe, H., & Welhenge, A. (2021, October 21). Security and privacy issues in medical Internet of things: Overview, countermeasures, challenges and future directions. MDPI. Retrieved June 8, 2022, from https://www.mdpi.com/2071-1050/13/21/11645/htm.

  • Design Rush. (2022, January 11). 7 IOT security issues and how to protect your solution. DesignRush. Retrieved June 8, 2022, from :https://www.designrush.com/agency/software-development/trends/iot-security-issues.

  • CD-Team. (2017, April 14). IOT security –challenges and solutions: Internet of things. Electronics For You. Retrieved June 6, 2022, from https://www.electronicsforu.com/technology-trends/iot-security-challenges-solutions/2.

  • Aldowah, Hanan & Rehman, Shafiq & Umar, Irfan. (2019). Security in Internet of Things: Issues, Challenges, and Solutions. 10.1007/978-3-319-99007-1_38.

  • Kumar, Sathish & Vealey, Tyler & Srivastava, Harshit. (2016). Security in Internet of Things: Challenges, Solutions and Future Directions. 5772-5781. 10.1109/HICSS.2016.714.

  • “Welcome to Engineers Australia Portal.” Portal.engineersaustralia.org.au, portal.engineersaustralia.org.au/news/internet-things-poses-security-concerns.

  • admin. “Man-In-The-Middle Attacks in the IoT.” GlobalSign GMO Internet, Inc., 6 Feb. 2020, www.globalsign.com/en/blog/man-in-the-middle-attacks-iot.

  • Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., & Sikdar, B. (2019). A survey on IOT security: Application areas, security threats, and solution architectures. IEEE Access, 7, 82721–82743.

  • Bridgera. “IoT System | Sensors and Actuators Overview - Bridgera.”Bridgera, 24 Sept. 2018, bridgera.com/iot-system-sensors-actuators/.

  • Smarthomeblog. How to Make Your Smoke Detecter Smarter. Available: https://www.smarthomeblog.net/smartsmoke-detector/

  • Tictecbell. Sensor d’Ultrasons. [Online]. Available: https://sites.google.com/site/tictecbell/Arduino/ultraso ns/

  • S. Kumar, S. Sahoo, A. Mahapatra, A. K. Swain, and K. K. Mahapatra, ‘‘Security enhancements to system on chip devices for IoT perception layer,’’in Proc. IEEE Int. Symp. Nanoelectron. Inf. Syst. (iNIS), 2017, pp. 151–156

  • C.-H. Liao, H.-H. Shuai, and L.-C.Wang, ‘‘Eavesdropping prevention for heterogeneous Internet of Things systems,’’in Proc. 15th IEEE Annu. Consum. Commun. Netw. Conf. (CCNC), Jan. 2018, pp. 1–2.

  • APWG Phishing Activity Trends Report. [Online]. Available: https://docs.apwg.org/reports/apwg_trends_ report_q4_2017.pdf.

  • C. Li and C. Chen, ‘‘A multi-stage control method application in the fight against phishing attacks,’’in Proc. 26th Comput. Secur. Acad. Commun. Across Country, 2011, p. 145.

  • C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, ‘‘DDoS in the IoT: Mirai and other Botnets,’’ Computer, vol. 50, no. 7, pp. 80–84, 2017.

  • S. Bandyopadhyay, M. Sengupta, S. Maiti, and S. Dutta, ‘‘A survey of middleware for Internet of Things,’’in Recent Trends in Wireless and Mobile Networks. Springer, 2011, pp. 288–296.

  • Q. Zhang and X. Wang, ‘‘SQL injections through back-end of RFID system,’’in Proc. Int. Symp. Comput. Netw. Multimedia Technol., Jan. 2009, pp. 1–4.

  • M. A. Razzaque, M. Milojevic-Jevric, A. Palade, and S. Clarke, ‘‘Middleware for Internet of Things: A survey,’’IEEE Internet Things J., vol. 3, no. 1, pp. 70–95, Feb. 2016.

  • Acunetix. Insecure Deserialization. [Online]. Available: https://www.acunetix.com/blog/articles/owasp-top-10-2017/

  • J. Kumar, B. Rajendran, B. S. Bindhumadhava, and N. S. C. Babu, ‘‘XML wrapping attack mitigation using positional token,’’in Proc. Int. Conf. Public Key Infrastruct. Appl. (PKIA), Nov. 2017, pp. 36–42.

  • WS-Attacks. Attack Subtypes. [Online]. Available: https://www.ws-attacks.org/XML_Signature_Wrapping

  • C. Fife. Securing the IoT Gateway. [Online]. Available: https://www.citrix.com/blogs/2015/07/24/securing-the-IoTgateway/.

  • A. Stanciu, T.-C. Balan, C. Gerigan, and S. Zamfir, ‘‘Securing the IoT gateway based on the hardware implementation of a multi pattern search algorithm,’’ in Proc. Int. Conf. Optim. Elect. Electron. Equip. (OPTIM) Int. Aegean Conf. Elect. Mach. Power Electron. (ACEMP), May 2017, pp. 1001–1006.

  • S.-C. Cha, J.-F. Chen, C. Su, and K.-H. Yeh, ‘‘A blockchain connected gateway for BLE-based devices in the Internet of Things,’’IEEE Access, vol. 6, pp. 24639–24649, 2018.

  • S. N. Swamy, D. Jadhav, and N. Kulkarni, ‘‘Security threats in the application layer in IoT applications,’’in Proc. Int. Conf. IoT Social, Mobile, Analytics Cloud (I-SMAC), 477–480.

  • H. A. Abdul-Ghani, D. Konstantas, and M. Mahyoub, ‘‘A comprehensive IoT attacks survey based on a building-blocked reference model,’’Int. J. Adv. Comput. Sci. Appl., vol. 9, no. 3, pp. 355–373, 2018.

  • “Ring Hacked: How to Protect Your Ring Smart Device | NordVPN.”Nordvpn.com, 23 Dec. 2021, nordvpn.com/blog/ring-doorbell-hack/#:~:text=In%202019%2C%20more%20than%20 3000.

  • “IoT Security Breaches: 4 Real-World Examples.” Conosco, 28 Jan. 2021, www.conosco.com/blog/iot-security-breaches-4-real-world-examples/#:~:text=In%20fact%2C%2084%25%20of %20surveyed. Accessed 8 June 2022.

  • Eross-Msft, “IOT security architecture,”IoT Security Architecture | Microsoft Docs, 30-Nov-2021. [Online]. Available: https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-architecture.

  • B. Witten, “Internet of things (IOT) cornerstones of security - ppt download,”SlidePlayer, 25-Jun-2015. [Online]. Available: https://slideplayer.com/slide/6216442/.

  • R, Ranjisha, and Sowmya S Gowda. IOT SECURITY: CHALLENGES and FUTURE TRENDS. Dell Technologies, 1 Jan. 2021, education.dellemc.com/content/dam/dell-emc/documents/en-us/2021KS_Ranjisha-IOT_Security_Challenges_and_Future_Trends.pdf.

  • Thilakarathne, N. N., Muneeswari, G., Parthasarathy, V., Alassery, F., Hamam, H., Mahendran, R. K., & Shafiq, M. (2022). Federated Learning for Privacy-Preserved Medical Internet of Things. INTELLIGENT AUTOMATION AND SOFT COMPUTING, 33(1), 157-172.

  • “Blockchain and IoT Security: Everything You Need to Know.”Chakray, 26 Feb. 2019, www.chakray.com/blockchain-iot-security/#:~:text=For%20IoT%20safety%2C%20the %20blockchain.

  • D. Miller, ‘‘Blockchain and the Internet of Things in the industrial sector,’’IT Prof., vol. 20, no. 3, pp. 15– 18, 2018.

  • Thilakarathne, N. N., & Madhuka Priyashan, W. D. (2022). An Overview of Security and Privacy in Smart Cities. IoT and IoE Driven Smart Cities, 21-44.

  • “What Is Homomorphic Encryption, and Why Isn’t It Mainstream?”Keyfactor, www.keyfactor.com/blog/what-is-homomorphic-encryption/.

  • Chamili, Khadijah, et al. “Searchable Encryption: A Review.”International Journal of Security and Its Applications, vol. 11, no. 12, 31 Dec. 2017, pp. 79– 88, article.nadiapub.com/IJSIA/vol11_no12/7.pdf, 10.14257/ijsia.2017.11.12.07. Accessed 3 Mar. 2022.

  • Thilakarathne, N. N., Weerawarna, N. T., & Mahendran, R. K. (2021). Cyber Attacks Evaluation Targeting Internet Facing IoT: An Experimental Evaluation. Journal of Cybersecurity and Information Management (JCIM) Vol, 9(1), 18-26.

  • Alrawais, Arwa, et al. “Fog Computing for the Internet of Things: Security and Privacy Issues.” IEEE Internet Computing, vol. 21, no. 2, Mar. 2017, pp. 34–42, 10.1109/mic.2017.37.

  • Ahmad, Rasheed, and Izzat Alsmadi. “Machine Learning Approaches to IoT Security: A Systematic Literature Review.”Internet of Things, Jan. 2021, p. 100365, 10.1016/j.iot.2021.100365.

  • Ankergård, Sigurd Frej Joel Jørgensen, et al. “State-of-The-Art Software-Based Remote Attestation: Opportunities and Open Issues for Internet of Things.”Sensors, vol. 21, no. 5, 25 Feb. 2021, p. 1598, 10.3390/s21051598.

  • Thilakarathne, N. N. (2020). Security and privacy issues in iot environment. International Journal of Engineering and Management Research, 10.

  • Thilakarathne, N. N., & Wickramaaarachchi, D. (2020). Improved hierarchical role based access control model for cloud computing. arXiv preprint arXiv:2011.07764.

  • Bader, Jawhara, and Anna Lito Michala. “Searchable Encryption with Access Control in Industrial Internet of Things (IIoT).”Wireless Communications and Mobile Computing, vol. 2021, 15 May 2021, pp. 1– 10, 10.1155/2021/5555362.

  • Neranjan Thilakrathne, N., Samarasinghe, R., & Priyashan, M. (2021). Evaluation of Cyber Attacks Targeting Internet Facing IoT: An Experimental Evaluation. arXiv e-prints, arXiv-2201.


Abstract Views: 101

PDF Views: 0




  • Internet of Things (IoT) Security Status, Challenges and Countermeasures.

Abstract Views: 101  |  PDF Views: 0

Authors

Navod neranjan thilakarathne
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
Rohan Samarasinghe
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
DMCK Dasanayake
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
M.F.F. Fasla
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
AMSD. Ananda
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
G.H. Sonnadara
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
M.T. Sahirullah
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
R.G.T.R.L. Wijesekara
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka
DSD. Silva
Department of ICT, Faculty of Technology, University of Colombo., Sri Lanka

Abstract


The Internet of Things (IoT) is a vast concept spreading rapidly throughout the world today. Due to their inherent nature, IoT devices are more vulnerable to attacks than other cyber infrastructure. In a typical IoT system, four different types of layers can be identified. Those layers can be specified as the application layer, data processing (software) layer, network layer, and sensing (physical) layer. According tothis architecture, each layer operates under different technologies. Thus, various challenges and vulnerabilities related to security have emerged and exist. Thereby extant and forthcoming IoT applications must comply with standard cyber security guides and regulations to guarantee safety; otherwise, they would jeopardize the lives of people using these IoT applications resulting in chaos. To achieve this, IoT applications can create environments with end-to-end security by adding security measures andthe required adjustment, guaranteeing safety and privacy. By bearing this in mind, this research reviews the different types of security challenges, such as access control attacks and physical security attacks found in each of the four layers of the IoT architecture, along with what countermeasures can be taken to mitigate these attacks. As the main objective of this research is to examine underlying security challenges inthe standard IoT architecture, we examine and categorize IoT vulnerabilities and outline methods used to ensure such IoT systems safety. Further, we also present the future directions in terms of security and privacy of IoT as well.

Keywords


Cybersecurity, Encryption, Internet of Things, IoT, Protocols, Security, Sensors, Internet, Wireless Sensor Networks.

References