scispace - formally typeset
Search or ask a question
Journal ArticleDOI

A Comprehensive Study of Security of Internet-of-Things

01 Oct 2017-IEEE Transactions on Emerging Topics in Computing (IEEE)-Vol. 5, Iss: 4, pp 586-602
TL;DR: This survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing.
Abstract: Internet of Things (IoT), also referred to as the Internet of Objects, is envisioned as a transformative approach for providing numerous services. Compact smart devices constitute an essential part of IoT. They range widely in use, size, energy capacity, and computation power. However, the integration of these smart things into the standard Internet introduces several security challenges because the majority of Internet technologies and communication protocols were not designed to support IoT. Moreover, commercialization of IoT has led to public security concerns, including personal privacy issues, threat of cyber attacks, and organized crime. In order to provide a guideline for those who want to investigate IoT security and contribute to its improvement, this survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing. To achieve this goal, we first briefly describe three widely-known IoT reference models and define security in the context of IoT. Second, we discuss the possible applications of IoT and potential motivations of the attackers who target this new paradigm. Third, we discuss different attacks and threats. Fourth, we describe possible countermeasures against these attacks. Finally, we introduce two emerging security challenges not yet explained in detail in previous literature.
Citations
More filters
Journal ArticleDOI
TL;DR: A comprehensive survey, analyzing how edge computing improves the performance of IoT networks and considers security issues in edge computing, evaluating the availability, integrity, and the confidentiality of security strategies of each group, and proposing a framework for security evaluation of IoT Networks with edge computing.
Abstract: The Internet of Things (IoT) now permeates our daily lives, providing important measurement and collection tools to inform our every decision. Millions of sensors and devices are continuously producing data and exchanging important messages via complex networks supporting machine-to-machine communications and monitoring and controlling critical smart-world infrastructures. As a strategy to mitigate the escalation in resource congestion, edge computing has emerged as a new paradigm to solve IoT and localized computing needs. Compared with the well-known cloud computing, edge computing will migrate data computation or storage to the network “edge,” near the end users. Thus, a number of computation nodes distributed across the network can offload the computational stress away from the centralized data center, and can significantly reduce the latency in message exchange. In addition, the distributed structure can balance network traffic and avoid the traffic peaks in IoT networks, reducing the transmission latency between edge/cloudlet servers and end users, as well as reducing response times for real-time IoT applications in comparison with traditional cloud services. Furthermore, by transferring computation and communication overhead from nodes with limited battery supply to nodes with significant power resources, the system can extend the lifetime of the individual nodes. In this paper, we conduct a comprehensive survey, analyzing how edge computing improves the performance of IoT networks. We categorize edge computing into different groups based on architecture, and study their performance by comparing network latency, bandwidth occupation, energy consumption, and overhead. In addition, we consider security issues in edge computing, evaluating the availability, integrity, and the confidentiality of security strategies of each group, and propose a framework for security evaluation of IoT networks with edge computing. Finally, we compare the performance of various IoT applications (smart city, smart grid, smart transportation, and so on) in edge computing and traditional cloud computing architectures.

1,008 citations


Cites background from "A Comprehensive Study of Security o..."

  • ...Reactions: Following from a long history of conventional countermeasures against network threats in cyberphysical systems [106], [107], [109], there are ongoing efforts to assess and prevent cyber-attacks in edge computing environments [116]....

    [...]

Journal ArticleDOI
TL;DR: A detailed review of the security-related challenges and sources of threat in the IoT applications is presented and four different technologies, blockchain, fog computing, edge computing, and machine learning, to increase the level of security in IoT are discussed.
Abstract: The Internet of Things (IoT) is the next era of communication. Using the IoT, physical objects can be empowered to create, receive, and exchange data in a seamless manner. Various IoT applications focus on automating different tasks and are trying to empower the inanimate physical objects to act without any human intervention. The existing and upcoming IoT applications are highly promising to increase the level of comfort, efficiency, and automation for the users. To be able to implement such a world in an ever-growing fashion requires high security, privacy, authentication, and recovery from attacks. In this regard, it is imperative to make the required changes in the architecture of the IoT applications for achieving end-to-end secure IoT environments. In this paper, a detailed review of the security-related challenges and sources of threat in the IoT applications is presented. After discussing the security issues, various emerging and existing technologies focused on achieving a high degree of trust in the IoT applications are discussed. Four different technologies, blockchain, fog computing, edge computing, and machine learning, to increase the level of security in IoT are discussed.

800 citations


Cites background from "A Comprehensive Study of Security o..."

  • ...A lot of private information can be inferred from this data, and that can be another cause of threat for an individual and society at large [7]....

    [...]

  • ...Authors of [7] have discussed vulnerabilities faced by IoT in brief....

    [...]

Journal ArticleDOI
TL;DR: A taxonomy of the security research areas in IoT/IIoT along with their corresponding solutions is designed and several open research directions relevant to the focus of this survey are identified.

476 citations

Journal ArticleDOI
TL;DR: A unique taxonomy is provided, which sheds the light on IoT vulnerabilities, their attack vectors, impacts on numerous security objectives, attacks which exploit such vulnerabilities, corresponding remediation methodologies and currently offered operational cyber security capabilities to infer and monitor such weaknesses.
Abstract: The security issue impacting the Internet-of-Things (IoT) paradigm has recently attracted significant attention from the research community. To this end, several surveys were put forward addressing various IoT-centric topics, including intrusion detection systems, threat modeling, and emerging technologies. In contrast, in this paper, we exclusively focus on the ever-evolving IoT vulnerabilities. In this context, we initially provide a comprehensive classification of state-of-the-art surveys, which address various dimensions of the IoT paradigm. This aims at facilitating IoT research endeavors by amalgamating, comparing, and contrasting dispersed research contributions. Subsequently, we provide a unique taxonomy, which sheds the light on IoT vulnerabilities, their attack vectors, impacts on numerous security objectives, attacks which exploit such vulnerabilities, corresponding remediation methodologies and currently offered operational cyber security capabilities to infer and monitor such weaknesses. This aims at providing the reader with a multidimensional research perspective related to IoT vulnerabilities, including their technical details and consequences, which is postulated to be leveraged for remediation objectives. Additionally, motivated by the lack of empirical (and malicious) data related to the IoT paradigm, this paper also presents a first look on Internet-scale IoT exploitations by drawing upon more than 1.2 GB of macroscopic, passive measurements’ data. This aims at practically highlighting the severity of the IoT problem, while providing operational situational awareness capabilities, which undoubtedly would aid in the mitigation task, at large. Insightful findings, inferences and outcomes in addition to open challenges and research problems are also disclosed in this paper, which we hope would pave the way for future research endeavors addressing theoretical and empirical aspects related to the imperative topic of IoT security.

451 citations


Cites methods from "A Comprehensive Study of Security o..."

  • ...Further, Mosenia and Jha [34] used the Cisco seven-level reference model [41] to present various corresponding attack scenarios....

    [...]

Journal ArticleDOI
TL;DR: A reasoned comparison of the considered IoT technologies with respect to a set of qualifying security attributes, namely integrity, anonymity, confidentiality, privacy, access control, authentication, authorization, resilience, self organization is concluded.
Abstract: The Internet of Things (IoT) is rapidly spreading, reaching a multitude of different domains, including personal health care, environmental monitoring, home automation, smart mobility, and Industry 4.0. As a consequence, more and more IoT devices are being deployed in a variety of public and private environments, progressively becoming common objects of everyday life. It is hence apparent that, in such a scenario, cybersecurity becomes critical to avoid threats like leakage of sensible information, denial of service (DoS) attacks, unauthorized network access, and so on. Unfortunately, many low-end IoT commercial products do not usually support strong security mechanisms, and can hence be target of—or even means for—a number of security attacks. The aim of this article is to provide a broad overview of the security risks in the IoT sector and to discuss some possible counteractions. To this end, after a general introduction to security in the IoT domain, we discuss the specific security mechanisms adopted by the most popular IoT communication protocols. Then, we report and analyze some of the attacks against real IoT devices reported in the literature, in order to point out the current security weaknesses of commercial IoT solutions and remark the importance of considering security as an integral part in the design of IoT systems. We conclude this article with a reasoned comparison of the considered IoT technologies with respect to a set of qualifying security attributes, namely integrity, anonymity, confidentiality, privacy, access control, authentication, authorization, resilience, self organization.

415 citations


Cites background from "A Comprehensive Study of Security o..."

  • ...Fremantle and Scott [17] and Mosenia and Jha [23] presented an in-depth analysis of all these aspects, where they discuss some of the major vulnerabilities presented above, proposing solutions at different layers, from the device side...

    [...]

References
More filters
Journal ArticleDOI
01 Aug 1996
TL;DR: Tests on real and simulated data sets using classification and regression trees and subset selection in linear regression show that bagging can give substantial gains in accuracy.
Abstract: Bagging predictors is a method for generating multiple versions of a predictor and using these to get an aggregated predictor. The aggregation averages over the versions when predicting a numerical outcome and does a plurality vote when predicting a class. The multiple versions are formed by making bootstrap replicates of the learning set and using these as new learning sets. Tests on real and simulated data sets using classification and regression trees and subset selection in linear regression show that bagging can give substantial gains in accuracy. The vital element is the instability of the prediction method. If perturbing the learning set can cause significant changes in the predictor constructed, then bagging can improve accuracy.

16,118 citations

Journal ArticleDOI
TL;DR: This survey is directed to those who want to approach this complex discipline and contribute to its development, and finds that still major issues shall be faced by the research community.

12,539 citations


"A Comprehensive Study of Security o..." refers background in this paper

  • ...The five-level model [2] is an alternative that has been proposed to facilitate interactions among different sections of an...

    [...]

  • ...where the term entity refers to a human, sensor, or potentially anything that may request/provide a service [2]....

    [...]

  • ...enterprise by decomposing complex systems into simplified applications consisting of an ecosystem of simpler and welldefined components [2]....

    [...]

Journal ArticleDOI
TL;DR: In this article, the authors present a cloud centric vision for worldwide implementation of Internet of Things (IoT) and present a Cloud implementation using Aneka, which is based on interaction of private and public Clouds, and conclude their IoT vision by expanding on the need for convergence of WSN, the Internet and distributed computing directed at technological research community.

9,593 citations

Book ChapterDOI
John R. Douceur1
07 Mar 2002
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Abstract: Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.

4,816 citations


"A Comprehensive Study of Security o..." refers background in this paper

  • ...5) Sybil: In a Sybil attack, the attacker adds/uses Sybil nodes, which are nodes with fake identities....

    [...]

  • ...Sybil nodes can out-vote honest nodes in the system....

    [...]

  • ..., Black Hole [67], [68], Gray Hole [68], Worm Hole [69], Hello Flood [70], [71], and Sybil [72]....

    [...]

  • ...In addition to altering attacks, several other serious attacks have been proposed, e.g., Black Hole [67], [68], Gray Hole [68], Worm Hole [69], Hello Flood [70], [71], and Sybil [72]....

    [...]

Book
14 Feb 2002
TL;DR: The underlying mathematics and the wide trail strategy as the basic design idea are explained in detail and the basics of differential and linear cryptanalysis are reworked.
Abstract: 1. The Advanced Encryption Standard Process.- 2. Preliminaries.- 3. Specification of Rijndael.- 4. Implementation Aspects.- 5. Design Philosophy.- 6. The Data Encryption Standard.- 7. Correlation Matrices.- 8. Difference Propagation.- 9. The Wide Trail Strategy.- 10. Cryptanalysis.- 11. Related Block Ciphers.- Appendices.- A. Propagation Analysis in Galois Fields.- A.1.1 Difference Propagation.- A.l.2 Correlation.- A. 1.4 Functions that are Linear over GF(2).- A.2.1 Difference Propagation.- A.2.2 Correlation.- A.2.4 Functions that are Linear over GF(2).- A.3.3 Dual Bases.- A.4.2 Relationship Between Trace Patterns and Selection Patterns.- A.4.4 Illustration.- A.5 Rijndael-GF.- B. Trail Clustering.- B.1 Transformations with Maximum Branch Number.- B.2 Bounds for Two Rounds.- B.2.1 Difference Propagation.- B.2.2 Correlation.- B.3 Bounds for Four Rounds.- B.4 Two Case Studies.- B.4.1 Differential Trails.- B.4.2 Linear Trails.- C. Substitution Tables.- C.1 SRD.- C.2 Other Tables.- C.2.1 xtime.- C.2.2 Round Constants.- D. Test Vectors.- D.1 KeyExpansion.- D.2 Rijndael(128,128).- D.3 Other Block Lengths and Key Lengths.- E. Reference Code.

3,444 citations


"A Comprehensive Study of Security o..." refers methods in this paper

  • ...Several encryption methods have been proposed to address security issues in communication [136], [137]....

    [...]