scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Modern security threats in the Internet of Things (IoT): Attacks and Countermeasures

TL;DR: The possible vulnerabilities in the modern IoT network along with their countermeasures to prevent them are presented from the perspective of software, hardware, and network infrastructure.
Abstract: The Internet of Things (IoT) is the emerging network of hardware and software components connected to daily life activities for bringing reliability and convenience. The network mostly consists of heterogeneous devices, each having different protocols. The technology is evolving and bringing many new IoT devices into the market. IoT devices help users to lead a convenient life because of their capabilities such as processing, storage, and networking. It also helps in the field of automation, healthcare, and data analytics. However, the security of the IoT network is still a concern for the developers and users. The heterogeneous nature of the network makes it difficult for the developers to safeguard the network. On the other hand, it opens a wide range of opportunity for the attackers to compromise the confidentiality, integrity, or availability of the system. Some of the major attacks are Distributed Denial of Service (DDoS), Man In The Middle (MITM) and replay attacks. As the human elements are integrated with the IoT infrastructure, it is important to consider the security of the data and the operation of the device. The evolution of modern technologies leads to modern threats and attacks on the network, increasing the need for strict security and preventive measures. This paper presents the possible vulnerabilities in the modern IoT network along with their countermeasures to prevent them from the perspective of software, hardware, and network infrastructure. The overview could help the reader to gain insight into the IoT network threats and security.
Citations
More filters
Journal ArticleDOI
01 Jun 2021
TL;DR: This extensive literature survey on the most recent publications in IoT security identified a few key research trends that will drive future research in this field.
Abstract: With the continuous expansion and evolution of IoT applications, attacks on those IoT applications continue to grow rapidly. In this systematic literature review (SLR) paper, our goal is to provide a research asset to researchers on recent research trends in IoT security. As the main driver of our SLR paper, we proposed six research questions related to IoT security and machine learning. This extensive literature survey on the most recent publications in IoT security identified a few key research trends that will drive future research in this field. With the rapid growth of large scale IoT attacks, it is important to develop models that can integrate state of the art techniques and technologies from big data and machine learning. Accuracy and efficiency are key quality factors in finding the best algorithms and models to detect IoT attacks in real or near real-time

109 citations

Book ChapterDOI
05 Nov 2020
TL;DR: In this article, a systemization of knowledge regarding the lightweight cryptographic algorithms area for IoT-based devices has been provided to better understand the limitation of IoT devices and their design constraints.
Abstract: The rate of implementation of the Internet of Things (IoT) devices is increasing drastically. With that, the security issues of these connected devices and their associated network is concerning. In some applications, a security breach in an IoT device can lead to serious ramifications. For instance, hacking into a control system of a manufacturing plant can put the entire production process to a stop; intruding on critical biomedical devices such as a pacemaker or an Implantable Cardioverter Defibrillator can potentially risk the life of the user. Therefore, the security challenges of such devices against cyber-attacks are of paramount importance and critical when it comes to determining the future success of IoT. In this paper, a systemization of knowledge regarding the lightweight cryptographic algorithms area for IoT based devices has been provided to better understand the limitation of IoT devices and their design constraints. We identified in this study not only the real-world applications of IoT devices with their constraint resources but also the security challenges and security threats related to IoT devices. Also, we provided an exhaustive survey of lightweight cryptographic algorithms proposed by various researchers. According to this survey, we recommended two lightweight algorithms to address the security needs of IoT devices.

55 citations

Journal ArticleDOI
TL;DR: A comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented.
Abstract: The Internet of Things (IoT) has experienced constant growth in the number of devices deployed and the range of applications in which such devices are used. They vary widely in size, computational power, capacity storage, and energy. The explosive growth and integration of IoT in different domains and areas of our daily lives has created an Internet of Vulnerabilities (IoV). In the rush to build and implement IoT devices, security and privacy have not been adequately addressed. IoT devices, many of which are highly constrained, are vulnerable to cyber attacks, which threaten the security and privacy of users and systems. This survey provides a comprehensive overview of IoT in regard to areas of application, security architecture frameworks, recent security and privacy issues in IoT, as well as a review of recent similar studies on IoT security and privacy. In addition, the paper presents a comprehensive taxonomy of attacks on IoT based on the three-layer architecture model; perception, network, and application layers, as well as a suggestion of the impact of these attacks on CIA objectives in representative devices, are presented. Moreover, the study proposes mitigations and countermeasures, taking a multi-faceted approach rather than a per layer approach. Open research areas are also covered to provide researchers with the most recent research urgent questions in regard to securing IoT ecosystem.

37 citations

Journal ArticleDOI
TL;DR: The comprehensive taxonomy of security and threats within the IoT paradigm is discussed, and a five-layer and a seven-layer IoT architecture are presented in addition to the existing three-layer architecture, along with the threats and attacks corresponding to these three architectures.
Abstract: The Internet of Things (IoT) plays a vital role in interconnecting physical and virtual objects that are embedded with sensors, software, and other technologies intending to connect and exchange data with devices and systems around the globe over the Internet. With a multitude of features to offer, IoT is a boon to mankind, but just as two sides of a coin, the technology, with its lack of securing information, may result in a big bane. It is estimated that by the year 2030, there will be nearly 25.44 billion IoT devices connected worldwide. Due to the unprecedented growth, IoT is endangered by numerous attacks, impairments, and misuses due to challenges such as resource limitations, heterogeneity, lack of standardization, architecture, etc. It is known that almost 98% of IoT traffic is not encrypted, exposing confidential and personal information on the network. To implement such a technology in the near future, a comprehensive implementation of security, privacy, authentication, and recovery is required. Therefore, in this paper, the comprehensive taxonomy of security and threats within the IoT paradigm is discussed. We also provide insightful findings, presumptions, and outcomes of the challenges to assist IoT developers to address risks and security flaws for better protection. A five-layer and a seven-layer IoT architecture are presented in addition to the existing three-layer architecture. The communication standards and the protocols, along with the threats and attacks corresponding to these three architectures, are discussed. In addition, the impact of different threats and attacks along with their detection, mitigation, and prevention are comprehensively presented. The state-of-the-art solutions to enhance security features in IoT devices are proposed based on Blockchain (BC) technology, Fog Computing (FC), Edge Computing (EC), and Machine Learning (ML), along with some open research problems.

20 citations

Journal ArticleDOI
TL;DR: This study aimed to model a sequence of seven steps to minimize the attack surface by executing hardening processes and defines a proposed methodology to evaluate the security level of an IoT solution by means of a checklist that considers the security aspects in the three layers of the IoT architecture.
Abstract: The inclusion of Internet of Things (IoT) for building smart cities, smart health, smart grids, and other smart concepts has driven data-driven decision making by managers and automation in each domain. However, the hyper-connectivity generated by IoT networks coupled with limited default security in IoT devices increases security risks that can jeopardize the operations of cities, hospitals, and organizations. Strengthening the security aspects of IoT devices prior to their use in different systems can contribute to minimize the attack surface. This study aimed to model a sequence of seven steps to minimize the attack surface by executing hardening processes. Conducted a systematic literature review using Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) techniques. In this way, we were able to define a proposed methodology to evaluate the security level of an IoT solution by means of a checklist that considers the security aspects in the three layers of the IoT architecture. A risk matrix adapted to IoT is established to evaluate the attack surface. Finally, a process of hardening and vulnerability analysis is proposed to reduce the attack surface and improve the security level of the IoT solution.

12 citations

References
More filters
Proceedings ArticleDOI
26 Apr 2004
TL;DR: It is demonstrated that the Sybil attack can be exceedingly detrimental to many important functions of the sensor network such as routing, resource allocation, misbehavior detection, etc.
Abstract: Security is important for many sensor network applications. A particularly harmful attack against sensor and ad hoc networks is known as the Sybil attack based on J.R. Douceur (2002), where a node illegitimately claims multiple identities. This paper systematically analyzes the threat posed by the Sybil attack to wireless sensor networks. We demonstrate that the attack can be exceedingly detrimental to many important functions of the sensor network such as routing, resource allocation, misbehavior detection, etc. We establish a classification of different types of the Sybil attack, which enables us to better understand the threats posed by each type, and better design countermeasures against each type. We then propose several novel techniques to defend against the Sybil attack, and analyze their effectiveness quantitatively.

1,402 citations


Additional excerpts

  • ...Sybil attack Node validation [14]...

    [...]

  • ...Hence, it leads to chaos [14]....

    [...]

Journal ArticleDOI
TL;DR: The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly disruptive distributed denial-of-service attacks.
Abstract: The Mirai botnet and its variants and imitators are a wake-up call to the industry to better secure Internet of Things devices or risk exposing the Internet infrastructure to increasingly disruptive distributed denial-of-service attacks.

1,391 citations


"Modern security threats in the Inte..." refers background in this paper

  • ...It was one of the attacks which shaken the internet [4]....

    [...]

Journal ArticleDOI
TL;DR: An overview of recent advances on security control and attack detection of industrial CPSs is presented, and robustness, security and resilience as well as stability are discussed to govern the capability of weakening various attacks.

663 citations

Journal ArticleDOI
28 Jan 2011-Survival
TL;DR: In this article, the authors discuss the political and strategic context in which new cyber threats are emerging, and the effects the worm has generated in this respect, and suggest that cyber offers great potential for striking at enemies with less risk than using traditional military means, but careful strategic thought is required in comparing the cost and benefits of cyber versus traditional military attack.
Abstract: The discovery in June 2010 that a cyber worm dubbed ‘Stuxnet’ had struck the Iranian nuclear facility at Natanz suggested that, for cyber war, the future is now. Yet more important is the political and strategic context in which new cyber threats are emerging, and the effects the worm has generated in this respect. Perhaps most striking is the confluence between cyber crime and state action. States are capitalising on technology whose development is driven by cyber crime, and perhaps outsourcing cyber attacks to non-attributable third parties, including criminal organisations. Cyber offers great potential for striking at enemies with less risk than using traditional military means. It is unclear how much the Stuxnet program cost, but it was almost certainly less than the cost of single fighter-bomber. Yet if damage from cyber attacks can be quickly repaired, careful strategic thought is required in comparing the cost and benefits of cyber versus traditional military attack. One important benefit of cyber ...

621 citations


"Modern security threats in the Inte..." refers background in this paper

  • ...Antivirus firms unveiled that it was intended to interrupt the Siemens PLC devices [5]....

    [...]

Journal ArticleDOI
TL;DR: After surveying existing solutions for enhancing IoT security, key future requirements for trusted Smart Home systems are identified and a gateway architecture is selected as the most appropriate for resource-constrained devices, and for high system availability.
Abstract: Often the Internet of Things (IoT) is considered as a single problem domain, with proposed solutions intended to be applied across a wide range of applications. However, the privacy and security needs of critical engineering infrastructure or sensitive commercial operations are very different to the needs of a domestic Smart Home environment. Additionally, the financial and human resources available to implement security and privacy vary greatly between application domains. In domestic environments, human issues may be as important as technical issues. After surveying existing solutions for enhancing IoT security, the paper identifies key future requirements for trusted Smart Home systems. A gateway architecture is selected as the most appropriate for resource-constrained devices, and for high system availability. Two key technologies to assist system auto-management are identified. Firstly, support for system auto-configuration will enhance system security. Secondly, the automatic update of system software and firmware is needed to maintain ongoing secure system operation.

308 citations


"Modern security threats in the Inte..." refers background in this paper

  • ...They are evolving rapidly and making it difficult to apply preventive measures [3]....

    [...]