ChapterPDF Available

Security in Internet of Things: Issues, Challenges, and Solutions

Authors:
Hanan Aldowah at Universiti Sains Malaysia
Hanan Aldowah
Shafiq Ul Rehman at The Kingdom University
Shafiq Ul Rehman
Irfan Umar at Universiti Sains Malaysia
Irfan Umar
Download full-text PDF
Read full-text
Download citation

Abstract

In the recent past, Internet of Things (IoT) has been a focus of research. With the great potential of IoT, there comes many types of issues and challenges. Security is one of the main issues for IoT technologies, applications, and platforms. In order to cover this key aspect of IoT, this paper reviews the research progress of IoT, and found that several security issues and challenges need to be considered and briefly outlines them. Efficient and functional security for IoT is required to ensure data anonymity, confidentiality, integrity, authentication, access control, and ability to identify, as well as heterogeneity, scalability, and availability must be taken into the consideration. Considering these facts, by reviewing some of the latest researches in the IoT domain, new IoT solutions from technical, academic, and industry sides are provided and discussed. Based on the findings of this study, desirable IoT solutions need to be designed and deployed, which can guarantee: anonymity, confidentiality, and integrity in heterogeneous environments.
Content uploaded by Shafiq Ul Rehman
Author content
All content in this area was uploaded by Shafiq Ul Rehman on Sep 27, 2021
Content may be subject to copyright.
Security in Internet of Things: Issues,
Challenges and Solutions
Hanan Aldowah
1(&)
, Shaq Ul Rehman
2
, and Irfan Umar
1
1
Universiti Sains Malaysia (USM), Penang, Malaysia
hanan_aldwoah@yahoo.com, irfan@usm.my
2
Singapore University of Technology and Design (SUTD), Tampines,
Singapore
shafiq_rehman@sutd.edu.sg
Abstract. In the recent past, Internet of Things (IoT) has been a focus of
research. With the great potential of IoT, there comes many types of issues and
challenges. Security is one of the main issues for IoT technologies, applications,
and platforms. In order to cover this key aspect of IoT, this paper reviews the
research progress of IoT, and found that several security issues and challenges
need to be considered and briey outlines them. Efcient and functional security
for IoT is required to ensure data anonymity, condentiality, integrity, authen-
tication, access control, and ability to identify, as well as heterogeneity, scala-
bility, and availability must be taken into the consideration. Considering these
facts, by reviewing some of the latest researches in the IoT domain, new IoT
solutions from technical, academic, and industry sides are provided and dis-
cussed. Based on the ndings of this study, desirable IoT solutions need to be
designed and deployed, which can guarantee: anonymity, condentiality, and
integrity in heterogeneous environments.
Keywords: Internet of Things Security threats Challenges
Solutions
1 Introduction
Internet of Things (IoT) is the emerging technology and it is considered to be the future
of Internet [1,2]. By allowing the devices/things self-conguring capabilities based on
standard and interoperable communication protocols to identities, and use intelligent
interfaces, over the dynamic global network infrastructure [1,2]. The concept of IoT
can be considered as an extension of the existing interaction between the humans and
applications communicating through a new dimension [3]. Due to the advancements in
mobile communication, Radio Frequency Identication (RFID) innovation, and
Wireless Sensor Networks (WSNs), things and mechanisms in IoT can communicate
with each other regardless of time, place or form [4]. The major breakthrough of IoT is
in the formation of smart environments: smart homes, smart transport, smart items,
smart cities, smart health, smart living, and etc. [5,6]. Furthermore, in business per-
spective, IoT has enormous potential for various types of organizations and companies,
including IoT applications and service providers, IoT platform providers and
©Springer Nature Switzerland AG 2019
F. Saeed et al. (Eds.): IRICT 2018, AISC 843, pp. 396405, 2019.
https://doi.org/10.1007/978-3-319-99007-1_38
integrators, telecom operators and software vendors [2,3]. Moreover, IoT will have a
major impact in learning experience; especially in higher education system [7].
With the rapid increase in IoT application use, several security issues have raised
sharply. As devices and things are becoming part of Internet infrastructure, therefore
these issues need to be considered. When almost everything will be connected on
Internet, these issues will become more prominent; with continuous Internet global
exposure will literally disclose more security vulnerabilities. Such security aws will be
subsequently exploited by hackers, and later can be misused in uncontrolled envi-
ronments with billions of IoT devices [2]. In addition, the IoT will also increase the
potential attack surfaces for hackers and other cyber criminals.
A study conducted by Hewlett Packard [8] revealed that 70% of the most com-
monly used IoT devices contain serious vulnerabilities. IoT devices are vulnerable to
security threats due to their design by lacking certain security features such as insecure
communication medium, insufcient authentication and authorization congurations.
As a matter of fact, when IoT become everywhere, everyone whether individuals or
companies will be concerned. Additionally, crosslinking of objects presents new
potentials to inuence and to exchange. This leads to a variety of new potential risks
concerning information security and data protection, which should be considered.
Further, lack of security will create resistance to adoption of the IoT by companies and
individuals.
Security issues and challenges can be addressed by providing proper training to the
designers and developers to integrate security solutions into IoT products and thus,
encouraging the users to utilize IoT security features that are built into the devices [2].
Our motivation to conduct this study is that most of the previous studies had focused on
academic solutions only and had ignored other type of solutions from technical and
industrial sides. However, these three sectors should work cooperatively and syn-
chronously in order to reach integrated solutions as well as all the considerations from
the three aspects should be taken into an account. Therefore, this paper provides a
review on the main issues of IoT in terms of security as well as addresses some
considerations that must be taken into account before and during the design stages to
ll the gap of the literature regarding this issue by providing some solutions from three
aspects including technical, academic, and industrial solutions. The main contribution
of this paper is to provide the necessary insights on how certain utilization of such
technologies can be facilitated by certain mechanisms and algorithms. This is believed
to guide future studies to the use of certain solutions for certain problem based on the
suggested algorithms and mechanisms by academic researchers with attention to
technical and industrial solutions too.
The structure of the paper is organized as follows: the main issues and challenges
related to IoT technology and its considerations are discussed in Sect. 2. The solutions
proposed by academic researchers, technician, and industry experts are described in
Sect. 3whereas the discussion of the review ndings is provided in Sect. 4. And
nally, the conclusion, recommendations, and future work are outlined in Sect. 5.
Security in Internet of Things: Issues, Challenges and Solutions 397
2 Security Issues, Challenges and Considerations
IoT started to gain new momentum in current years as the consequence of the rapid
growth of internet connected devices. However, security remains one of the major
issues of the IoT [9] and the foremost concern raised by different stakeholders in
Internet of Things which has the potential to slow down its adoption [10]. Therefore, it
is considered one of the major issue which needs to be addressed to promote the IoT in
real world [11]. Security is a fundamental quality of an IoT system and it is related to
specic security features which are oftentimes a basic prerequisite for enabling Trust
and Privacy qualities in a system [9]. IoT Security is the area to focus on securing the
connected devices, protecting data, and networks in the Internet of things [12]. The
computing devices and embedded sensors used in machine-to-machine (M2M) com-
munication, smart home systems and in wearable devices are the main driving forces of
IoT [13].
Weak security and poor security behaviors need to be considered from the outset
and resilience designed in, in both individual devices and whole systems. Billions of
additional connected devices in new locations and applications mean that the IoT world
has increased the complexity of systems [14]. As the number of connected IoT devices
continually increase, security issues are exponentially multiplied and there are many
security concerns need to be considered as an entire system [15]. Moreover, traditional
security mechanisms cannot be directly implemented to IoT technologies due to their
designed system i.e. limited power as well as these large number of connected devices
raise heterogeneity and scalability issues [9]. The security and safety of such systems
can be endangered by a wide range of risks, both predictable and unpredictable, and
therefore system elasticity should be a strong consideration.
Heterogeneity is one of the most critical issue, alongside with the security mech-
anisms that should be integrated into the IoT and has a considerable impact over the
network security services that have to be implemented in the IoT [11]. Constrained
devices will interact with various heterogeneous devices either directly or through
gateways [16,17]. Heterogeneity needs security to overcome the impossibility of
implementing effective algorithms and protocols on all the devices in the IoT appli-
cation elds [9]. In this case, it is essential to implement effective cryptographic
algorithms that can provide a high throughput and adapt lightweight security protocols
that offer an end-to-end secure communication channel. These protocols require cre-
dentials, thus optimal key management systems must be implemented to distribute
these credentials and to help in establishing the necessary session keys between peers
[11].
Addressing scalability for a large scale IoT deployment is another key issue.
A signicant challenge is to provide reliable solutions, which are scalable for the
billions of things linked to many different local or global networks [9,18]. Addi-
tionally, lots of them are mobile objects and nding the location of and verifying the
correct identity of a specic item will be a major problem for the IoT infrastructure [9,
19]. Therefore, the development of applicable techniques that support heterogeneity
and scalability, to anonymize usersdata are key issues [20]. Moreover, providing
398 H. Aldowah et al.
exible subscription schemas and events management while ensuring scalability with
respect to things and users is still considered an open issue.
Security threats are problematical issue for the IoT deployment as the minimum
capacity of devices being used, as a matter of fact, physical accessibility to sensors,
devices, and the openness of the systems, considering the devices/things will com-
municate wirelessly [21]. Security concerns like DoS/DDoS attacks, man-in-the middle
attacks, heterogeneous network issue, application risk of IPv6, WLAN application
conicts also hinders the deployment of IoT security [2224] as well as the application
security issues including information access and user authentication, information,
platform management and so on [15,2527].
According to the research [15], data security issues can be classied into four types
as: condentiality, integrity, authenticity, and data availability. These security issues
can be resolved by employing security measures: Data condentiality ensures data
protection from unauthorized users, while data integrity maintains correctness/accuracy
of data. Moreover, authenticity makes sure that only authorized entities can access
network resources to restrict any invalid users from the networks, and data availability
guarantees that there is no restrains of authorized access to network resources, services
and applications [28].
Furthermore, a larger number of IoT applications and services are increasingly
vulnerable to attacks or data theft. To secure IoT against such attacks, advanced
technology is required in several elds. The security of information and network should
be equipped with properties such as identication, condentiality, integrality and
availability [29]. More precisely, authentication, condentiality, and data integrity are
the key problems related to IoT security [30]. Authentication is required for building a
connection between devices and the exchange of number of public and private keys
through the node to prevent steal data. In addition, condentiality ensures that the data
inside an IoT device is concealed from unauthorized objects, while data integrity
prevents any modication to data in the middle by safeguarding that the data which
arrived at the receiver node is unchanged and remains as transmitted by the source
(sender) [2].
3 Securing New IoT Solutions from Technical, Academic,
and Industry Sides (Architectures, Approaches,
and Mechanisms)
In this section, we discuss some of the solutions proposed by Academic researchers,
Technician, and Industry experts as counter measures to IoT security threats as follows:
3.1 Academic Solutions
Academics researchers have proposed some solutions in the eld of network security.
These solutions came in the form of architecture, new approaches and models, and
mechanisms through which they endeavor to raise the quality of security in IoT
environment. Some of these proposed solutions are:
Security in Internet of Things: Issues, Challenges and Solutions 399
One of the security solution proposed by [31] namely Dynamic Prime Number
Based Security Verication (DPBSV). This solution is desirable for big data streams; it
uses the concept of sharing a common key which is updated periodically by yielding a
synchronized pair of prime numbers for real time security verication on big data
stream. The study has conducted theoretical analyses and experimental evaluations to
show the efciency of its approach and to prove that DPBSV technique requires less
processing time and can prevent malicious attacks on big data streams.
While most of the security challenges are often addressed by centralized approa-
ches, a recent research work carried out by [32] have proposed an entirely distributed
security approach for IoT. For the design and implementation of this security mech-
anism and its application in IoT environments, authors used an optimized Elliptic
Curve Cryptography approach. Based on a lightweight and exible design, this work
presents an optimum solution for resource-constrained devices, providing the benetof
a distributed security approach for IoT in terms of end-to-end security. According to
authors, this solution has already been tested and validated by using AVISPA tool and
had been implemented on a real scenario over the Jennic/NXP JN5148 chipset based on
a 32-bit RISC CPU [32]. The results have proved the feasibility of this work. There-
fore, DCapBAC can be considered a security solution for IoT environments.
Sicari, Rizzardi [9] emphasized on design and deployment of appropriate solutions,
which are platform independent and can provide resilient security measures. Consid-
ering the authentication and access control an approach has been proposed by [33], to
establish the session key it uses an Elliptic Curve Cryptography (ECC) which is a
lightweight encryption algorithm [34]. This technique species access control policies,
managed by an attribute authority, which ensures to maintain mutual authentication
among the user and the sensor nodes. Hence, can resolve the resource restrained issue
at application level in IoT.
Particularly, in order to maximize the IoT benets, it is mandatory to reduce the
risks involved with security concerns. For that purpose, [35] proposed a comprehensive
architectural design named as (ARMY) which proposed based on the Architectural
Reference Model (ARM) to analyze the main security prerequisites during the design
of IoT devices. The proposed architecture has been designed and implemented within
different European IoT enterprises; to initiate and promote the development of security
based IoT-enabled services.
Recently in 2017 researchers [36] proposed a Secure IoT (SIT) based on 64-bit
block cipher. The architecture of the designed algorithm is integration of feistel cipher
and a substitution-permutation network. Authors claim that SIT is a lightweight
encryption algorithm and it can be deployed in IoT applications.
Moreover, emerging techniques such as software dened networking (SDN) and
blockchain techniques are being adopted to provide security solution for IoT in
heterogonous environments. For instance, In [37] researchers proposed an OpenFlow
based SDN architecture for IoT devices. According to the researches the proposed
architecture can perform anomaly detection to gure out the compromised devices in a
network. To do so, network gateway executes dynamic trafc analysis. In case any
abnormal trafc behavior is detected it will take the mitigation measures accordingly.
Similarly, researchers in [38] proposed a multi-layered security architecture based on
blockchain techniques to share and store the heterogeneous IoT data related to the
400 H. Aldowah et al.
smart city environment. The proposed architecture is designed to address the scalability
and reliability issues that are very challenging in heterogeneous environments
3.2 Technical Solutions
In order to mitigate ever-expanding security threats to companies, organizations, and
governments have to change their perspective towards security. This paradigm shift is
the one that addresses security through an essentially broader scope at every level of the
interaction. Organizations must emphasize the nature of the challenges, risks, and
technological advantages and disadvantages unique to the product or service envi-
ronments. They must understand the internal skills, existing practices, strategies,
governance, and controls related to security, what is lacking, and where the gaps lie. To
support this change, Harbor Research [39] has developed a new approach consists of a
three-step process to guide and help companies, organizations, and governments in
their approach to IoT security. The design of such process is to aid companies in
designing and implementing a comprehensive approach to security in IoT solutions,
including conducting an impact assessment, considering ve primary security func-
tions, and dening lifecycle controls are as follows:
Step 1: Impact of Security Assessment in Heterogeneous Environments
Addressing the impact of security in diverse environments must be the foremost
consideration during the solution design process. The proposed solutions should be
compatible with various applications and platforms. The foundation of any IoT solution
deployment depends on a proper security mechanism. Therefore, before designing and
deploying an IoT security solution for heterogeneous environments, proper information
of customersenvironment, sensitive data, risk assessment, infrastructure etc. related to
organizations need to be considered.
Step 2: Application of Primary Security Functions
To ensure a secure IoT deployment across the entire organizational network, the
designed IoT security solutions must possess ve key functionalities as: data encryp-
tion, network security, identication, user access and management, and analytics. By
doing so, a secure end-to-end communication between the IoT devices, data centers
and cloud architectures can be ensured.
Step 3: Lifecycle Controls
The entire lifecycle of IoT devices in each phase need to be considered as: during the
Deployment phase of security solution, IoT devices need to be authenticated by ver-
ifying its software via digital signatures, certications, and other security methods to
ensure a secure communication across the network. During Operation phase, IoT
devices need to be continuously monitored by the network which is responsible for
penetration testing and vulnerability assessment. The network should provide real-time
monitoring operation and response during the event of an attack. In Incident and
Remediation phase, IoT devices need to be integrated with system-wide incident
response policies. And nally, in Retirement and Disposal phase, IoT devices that
possess sensitive data, information, certications etc. must be deleted securely.
Security in Internet of Things: Issues, Challenges and Solutions 401
In 2014, an online study was conducted by Zebra Technologies on global wide
companies, corresponding to various industrial sectors [40]. The study focused on
identifying the organizations interested in IoT solutions. The results showed that
companies are taking initiatives in deployment of IoT solutions. Moreover, many
organizations consult the IoT experts in deployment of IoT solutions and applications.
IoT solutions provide new opportunities for companies to transform their strategic,
operational, and business activities.
Nevertheless, deploying these IoT solutions are challenging for the companies as
IoT solutions relies on various technical elements one of them is deploying end-to-end
IoT security solutions. Mostly companies design IoT solutions meant for specic
purpose within an organization. Considering IoT as emerging technology, there is a
need for interoperability, so that a unied standard is set to enable seamless integration
across IoT devices, applications, and services among different vendors.
3.3 Industrial Solutions
Security is critical to IoT and need to be taken care of at every stage [10]. Through the
literature review and the recommendations of many workshops and conferences that
emphasized on implementing the proper security measures while designing the IoT
devices. They came to a consensus that while designing the IoT devices companies
should consider three major aspects. First, adopting security by design; second,
engaging in data minimization; and third, increasing transparency among the con-
sumers with notice and choice for unexpected services.
Security by Design
Security for IoT devices depends on various elements, such as the amount of sensitive
data collection and mitigating costs of security vulnerabilities. Ramirez [41] presented
some ideas to address these key issues, as suggested companies should consider follow
key points: (1) perform security risk assessment during the design process; (2) test
device security measures; (3) consider protection of sensitive data while transmission
or storage; and (4) monitor IoT devices and regular software updates. Moreover, to
ensure a desirable security measures, organizations must deploy administrative and
technical privileges by conducting security training sessions for employees. According
to [42], security measures that are considered from initiating a device, establishes a
secure computing environment which are tamper resistant. The article afrmed that
security for IoT device must be addressed for its entire lifespan process, from design to
the operational phases including: (1) Secure booting, (2) Access control, (3) Device
authentication, (4) Firewalling and IPS, and (5) Updates and patches.
Data Minimization
Data minimization is the strategy that organizations can use to maintain the data
repository within organizations by dening its duration. As security and privacy
solution, organizations that gather the personal information should follow this data
minimization concept. In other words, organizations should obtain the data required for
specic purpose and period only and should safely discard it after. Gathering and
maintaining large data repository can induce a risk of data breach.
402 H. Aldowah et al.
Notice and Choice
The aim of a privacy notice is to ensure that customers and users are aware of data
practicing involves personal information. Moreover, users should be aware about the
personal information sharing, gathering, processing, and its retention [43].
4 Discussion
From this study, we found that Internet of Things (IoT) need to be designed in a user-
friendly manner yet with consideration of its security measures. We observed that
security is one of the main issues and challenges in the deployment of IoT in
heterogeneous environments. The concept of IoT is to connect everything to the global
Internet and allow the devices and things remotely to communicate with each other,
which raises new security problems related to the condentiality, integrity, and
authenticity of data being exchanged between the IoT devices. To restrain the adver-
saries to obtain sensitive information while allowing authentic users to share and gather
this information. We found that further research is needed that can focus on designing
security measures in IoT environments. In maintaining the data condentiality,
integrity, and authenticity proper encryption algorithms need to be used, which not
only fullls these security measures yet consumes less data processing time.
In brief, security in the IoT technologies is very important and full of challenges
and intuitively usable solutions are needed as well as these solutions should seamlessly
integrate into the real world.
5 Conclusion, Recommendations and Further Work
The aim of this study was to provide a review of the most critical aspects of IoT with
specic focus on the security issues and challenges involved with IoT devices. Several
problems and challenges related to the security of the IoT are still being faced.
Research focuses are much needed in this area to address these security issues and
challenges in IoT heterogeneous environments so that users can condently use IoT
devices to communicate and share information globally with safety assurance. In
addition, this paper recommended some solutions from academic, technical, and
industrial aspects. These solutions came in the form of architecture, new approaches
and models, and mechanisms through which they aim to increase the quality of security
in IoT environment. Furthermore, data security, and data protection must methodically
be considered and addressed at the design stage. For this, there are three key aspects
that organizations should take into consideration to enhance security in IoT devices:
security by design, data minimization, and providing users with notice and choice for
unexpected services. There are nevertheless remaining numbers of potential gaps in the
overall securityframework where further research will be potentially benecial. As
conclusion, there are still many open questions and problems that need further thinking
and harmonization. The IoT includes a complex set of technological, social, and policy
considerations across various set of stakeholders. The technological developments that
enables the use of IoT are real, growing, and here to stay. Efforts by governments,
Security in Internet of Things: Issues, Challenges and Solutions 403
engineering, production, industry, and academic world to provide processes for the
effective and safe use of these developments clearly need further research work.
Acknowledgment. Authors would like to thank the Institute of Postgraduate Studies (IPS),
Universiti Sains Malaysia (USM) for the nancial support through the USM Fellowship.
References
1. Van Kranenburg, R.: A Critique of Ambient Technology and the All-seeing Network of
RFID. The Netherlands Institute of Network Culture, Amsterdam (2008)
2. Abomhara, M., Køien, G.M.: Security and privacy in the Internet of Things: current status
and open issues. In: International Conference on Privacy and Security in Mobile Systems
(PRISMS). IEEE (2014)
3. Sundmaeker, H., et al.: Vision and Challenges for Realising the Internet of Things. Cluster of
European Research Projects on the Internet of Things. European Commision, Brussels
(2010)
4. Bandyopadhyay, D., Sen, J.: Internet of things: applications and challenges in technology
and standardization. Wirel. Pers. Commun. 58(1), 4969 (2011)
5. Ul Rehman, A., Manickam, S.: A study of smart home environment and its security threats.
Int. J. Reliab. Qual. Saf. Eng. 23(03), 1640005 (2016)
6. Miorandi, D., et al.: Internet of things: vision, applications and research challenges. Ad Hoc
Netw. 10(7), 14971516 (2012)
7. Aldowah, H., et al.: Internet of Things in higher education: a study on future learning. In:
Journal of Physics: Conference Series. IOP Publishing (2017)
8. Gen, H.P.-C.S.A. Controllers, R.: Hewlett-Packard Enterprise Development LP. Citeseer
(2015)
9. Sicari, S., et al.: Security, privacy and trust in Internet of Things: the road ahead. Comput.
Netw. 76, 146164 (2015)
10. Jha, A., Sunil, M.: Security considerations for Internet of Things. L&T Technology Services,
Vadodara (2014)
11. Roman, R., Zhou, J., Lopez, J.: On the features and challenges of security and privacy in
distributed internet of things. Comput. Netw. 57(10), 22662279 (2013)
12. Yue, X., et al.: Cloud-assisted industrial cyber-physical systems: an insight. Microprocess.
Microsyst. 39(8), 12621270 (2015)
13. Minoli, D.: Building the Internet Of Things with IPv6 and MIPv6: The Evolving World of
M2M Communications. Wiley, Hoboken (2013)
14. Jan, S., et al.: Applications and challenges faced by internet of things-a survey. Int. J. Eng.
Trends Appl. ISSN, 23939516 (2016)
15. Jing, Q., et al.: Security of the internet of things: perspectives and challenges. Wirel. Netw.
20(8), 24812501 (2014)
16. Vasilomanolakis, E., et al.: On the security and privacy of internet of things architectures and
systems. In: 2015 International Workshop on Secure Internet of Things (SIoT). IEEE (2015)
17. Botta, A., et al.: Integration of cloud computing and internet of things: a survey. Future
Gener. Comput. Syst. 56, 684700 (2016)
18. Issarny, V., et al.: Service-oriented middleware for the future internet: state of the art and
research directions. J. Internet Serv. Appl. 2(1), 2345 (2011)
19. Gubbi, J., et al.: Internet of Things (IoT): a vision, architectural elements, and future
directions. Future Gener. Comput. Syst. 29(7), 16451660 (2013)
404 H. Aldowah et al.
20. Jara, A.J., Kae, V.P., Skarmeta, A.F.: Secure and scalable mobility management scheme for
the Internet of Things integration in the future internet architecture. Int. J. Ad Hoc
Ubiquitous Comput. 13(34), 228242 (2013)
21. Stankovic, J.A.: Research directions for the internet of things. IEEE Internet Things J. 1(1),
39 (2014)
22. Haitao, L.B.C.H.W., Ying, F.: Security analysis and security model research on IOT.
Comput. Digital Eng. 11, 006 (2012)
23. Tan, Y., Han, J.: Service-oriented middleware model for internet of things. Comput. Sci. 38
(3), 2345 (2011)
24. Henze, M., et al.: A comprehensive approach to privacy in the cloud-based Internet of
Things. Future Gener. Comput. Syst. 56, 701718 (2016)
25. Suo, H., et al:. Security and privacy in mobile cloud computing. In: 2013 9th International
Wireless Communications and Mobile Computing Conference (IWCMC). IEEE (2013)
26. Wan, J., et al.: From machine-to-machine communications towards cyber-physical systems.
Comput. Sci. Inf. Syst. 10(3), 11051128 (2013)
27. Wan, J., et al.: VCMIA: a novel architecture for integrating vehicular cyber-physical systems
and mobile cloud computing. Mob. Netw. Appl. 19(2), 153160 (2014)
28. Ning, H., Liu, H.: Cyber-physical-social based security architecture for future internet of
things. Adv. Internet Things 2(01), 1 (2012)
29. Kim, J.T.: Requirement of security for IoT application based on gateway system.
Communications 9(10), 201208 (2015)
30. Kim, J.T.: Analyses of requirement for secure IoT gateway and assessment. International
information institute (Tokyo). Information 19(3), 833 (2016)
31. Puthal, D., et al.: A dynamic prime number based efcient security mechanism for big
sensing data streams. J. Comput. Syst. Sci. 83(1), 2242 (2017)
32. Hernández-Ramos, J.L., et al.: DCapBAC: embedding authorization logic into smart things
through ECC optimizations. Int. J. Comput. Math. 93(2), 345366 (2016)
33. Ye, N., et al.: An efcient authentication and access control scheme for perception layer of
internet of things. Appl. Math. Inf. Sci. 8(4), 1617 (2014)
34. Szczechowiak, P., et al.: NanoECC: testing the limits of elliptic curve cryptography in sensor
networks. In: Wireless Sensor Networks, pp. 305320. Springer, Berlin (2008)
35. Hernandez-Ramos, J.L., Bernabe, J.B., Skarmeta, A.: ARMY: architecture for a secure and
privacy-aware lifecycle of smart objects in the internet of my things. IEEE Commun. Mag.
54(9), 2835 (2016)
36. Usman, M., et al.: Sit: a lightweight encryption algorithm for secure internet of things. arXiv
preprint arXiv:1704.08688 (2017)
37. Bull, P., et al.: Flow based security for IoT devices using an SDN gateway. In: IEEE 4th
International Conference on Future Internet of Things and Cloud (FiCloud). IEEE (2016)
38. Biswas, K., Muthukkumarasamy, V.: Securing smart cities using blockchain technology. In:
IEEE 18th International Conference on High Performance Computing and Communica-
tions; IEEE 14th International Conference on Smart City; IEEE 2nd International
Conference on Data Science and Systems (HPCC/SmartCity/DSS). IEEE (2016)
39. Harbor White Paper: Security for the internet of things. Harbor Res. 16,116 (2016)
40. Zebra Internet-Of-Things Solution Deployment Gains Momentum Among Firms Globally,
A Forrester Consulting Thought Leadership Paper Commissioned By Zebra Technologies,
October 2014
41. Ramirez, E.: Privacy and the IoT: Navigating Policy Issues. US FTC, Washington (2015)
42. Shipley, A.: Security in the Internet of Things. Wind River, September 2014 (2015)
43. Schaub, F., et al.: A design space for effective privacy notices. In: Eleventh Symposium on
Usable Privacy and Security (SOUPS 2015) (2015)
Security in Internet of Things: Issues, Challenges and Solutions 405
... Passwords that are weak, and the lack of multi factor security authentication are some of the major issues that's it very easy for cyber attackers to hack into these 2 IoT devices. Once these devices have been infiltrated, it can be used as the point of entry into other networks, where damaging attacks can be carried out (Aldowah et al., 2018). ...
... Also, security breaches cause large number of damages. For example, Aldowah et al., (2018) adds that IoT devices that has been compromised used in important infrastructures such as medical gadgets or grid devices can lead to the disruption of services and equipment's not functioning optimally which will lead to accidents with consequences on lives. Added to this, attacks that targets IoT devices that are linked to Industrial control systems tend to lead to disruptions in operations, damage n facilities and even potential environmental hazards. ...
Security of Internet of Things (IoT) Devices and Systems
Article
Full-text available
  • Mar 2024
The proliferation of Internet-connected devices, constituting the Internet of Things (IoT), has transformed modern technology landscapes. IoT encompasses a diverse array of objects embedded with sensors and software facilitating data collection and exchange over the internet. These devices span from household appliances to industrial machinery, collectively forming intricate networks capable of autonomous operation. However, the inherent sensitivity of the data transmitted and processed by IoT devices underscores the paramount importance of security measures. Inadequate security protocols render IoT vulnerable to various threats including data breaches, unauthorized access, and malicious manipulation. Such vulnerabilities not only compromise individual privacy but also pose significant risks to national security and public safety. This paper underscores the critical necessity of robust security frameworks to safeguard IoT ecosystems against emerging cyber threats and ensure the integrity of data transmission and processing.
View
... Among these difficulties, a crucial one is making sure that data is routed securely between devices. However, securing data during routing necessitates sophisticated approach that incorporates strong security methods like encryption, authentication and access control [2]. ...
PathGuard: Trustworthy Routing for Sustainable and Secure IoT-WSN Networks
Article
Full-text available
  • Jun 2024
  • WIRELESS PERS COMMUN
With the rise in technology especially the integration of internet of Things (IoT) with Wireless Sensor Networks (WSNs) an extensive network of interconnected devices and sensors is formed to frequently collect and transmit sensitive data. However, this data may get accessed by unauthorized persons during transmission leading to erroneous decisions and potentially disastrous consequences in domains like healthcare and industrial automation.Considering the importance of protecting data, a security-based route selection model for IoT-WSN is proposed. It involves pre-identification of malicious nodes and calculation of trust using the proposed ITrust mechanism. The IGWO (Improved Grey Wolf Optimization) model weighs nodes according to their trust, energy, and connection request factors. This judgment determines the node’s next hop, guaranteeing secure communication. Using MATLAB software, the suggested trust-based approach’s effectiveness is assessed through Energy consumption, Packet Delivery ratio (PDR) and delay factors. Experimental results show that our approach accurately identifies malicious nodes, ensuring integrity of data transmission. The efficient routing scheme significantly reduces delays and maximizes the PDR, resulting in improved communication efficiency and reliability.
View
... One of the central themes of this chapter is the perpetual evolution of threats and vulnerabilities. Cyber adversaries are becoming increasingly sophisticated, constantly adapting their tactics to exploit weaknesses in cloud and IoT systems (Aldowah et al., 2019). From data breaches to DDoS attacks, the threat landscape is diverse and ever-changing. ...
Enhancing Cloud and IoT Security: Leveraging IoT Technology for Multi-Factor User Authentication
Chapter
Full-text available
  • Feb 2024
As the world becomes increasingly reliant on cloud computing and the internet of things (IoT), ensuring the security of sensitive data and access to cloud resources is paramount. This chapter focuses on innovative approaches to user authentication within the context of “security frameworks for cloud and IoT systems.” The proposed chapter discusses how IoT technology can be harnessed to develop a robust, multi-factor authentication system tailored to manage cloud computing interfaces. The chapter explores the vulnerabilities of traditional single-factor authentication methods, emphasizing the critical need for enhanced security measures. It highlights the integration of biometric authentication, secure communication protocols, and the use of IoT devices for secure user authentication. The chapter also covers topics like behavioral analytics, user-friendly interfaces, and compliance with data privacy regulations to create a comprehensive approach to enhancing security in cloud and IoT environments.
View
... Studies conducted in 2018 [13] and by Hewlett-Packard (HP) reveals an alarming number of vulnerabilities in Internet of Things (IoT) home security systems as 100 percent of the top security systems studied contain significant security deficiencies [14]. The IoT devices are at a higher security risk in comparison to the traditional computing systems due to several reasons [6]: ...
Impact of DoS/DDoS attacks in IoT environment: A study
Conference Paper
Full-text available
  • Jan 2023
The Internet of Things (IoT) envisions an improvement in our everyday lives by providing inexpensive and accessible smart devices for continuous monitoring of real-time events. This revolution increases the number of Internet-connected devices which simultaneously, created a continually expanding pool of attack resources against which attackers can perform mass attacks. The most potent and disastrous attacks deployed on the Internet are Denial of Service (DoS) and Distributed Denial of Service (DDoS), which sends a large traffic volume to a server to make it unavailable for its intended users. In this paper, the concepts of IoT and DoS/DDoS are first introduced and defined. IoT architectures, standards, and the Industrial Internet of Things (IIoT) evolution are then discussed to illustrate IoT’s role in this era further. Several IoT events are classified by the malware types as a DDoS attack vector, namely, Bashlite, Mirai, Leet, and Wifatch, to review the DDoS attack in IoT. The taxonomy of DoS/DDoS attacks in IoT are also elaborated to highlight the attack techniques’ diverseness.
View
Recent Lightweight cryptography (LWC) based security advances for resource-constrained IoT networks
Article
Full-text available
  • Mar 2024
  • WIREL NETW
In today's world, the Internet of Things (IoT) plays a major role to interconnect all the devices and improve the overall Quality of Life (QoL) for people. The main concern among IoT systems revolve around three pillars namely security, confidentiality, and privacy owing to the sensitive nature of the data being transmitted and processed byIoT devices. Traditional cryptographic approaches address these concerns by ensuring the authenticity and confidentiality of IoT systems. However, the majority of IoT devices are resource-constrained, which implies that they operate under significant resource constraints such as limited computational power, constrained battery life, physical compactness, and restricted memory capacity. To this end, Lightweight cryptography (LWC) offers methods specifically designed to accommodate the limitations of resource-constrained IoT devices. This work establishes the role of light weight cryptography for such resource constrained IoT networks in terms of security perspectives. In this work, we explore the security vulnerabilities of IoT systems and the associated lightweight cryptographic methods highlighting four components namely lightweight block ciphers, lightweight stream ciphers, hash functions, and Elliptic Curve Cryptography. The work further discusses the role of LWC and reviews the recent advancements in different sectors of IoT such as smart city, industries, healthcare, smart grids, and agriculture. Finally, several open research directions are highlighted in order to guide future LWC and IoT researchers.
View
IoT Security, Future Challenges, and Open Issues
Chapter
  • Dec 2023
The internet of things (IoT) refers to the network of connected devices embedded in everyday objects that enable digital transformation. The rapid proliferation of IoT devices has led to significant advancements in technology and data exchange capabilities. However, the security of user data and IoT systems has become a paramount concern. This chapter focuses on the security challenges and approaches in IoT. Various attacks, such as denial of service, password guessing, replay, and insider attacks, pose significant threats to IoT security. It investigates the state-of-the-art technologies, future challenges and open issues currently facing IoT security. The findings from this chapter serve as a foundation for future work in improving IoT security and protecting user data effectively.
View
View
View
View
Optimal network intrusion detection assignment in multi-level IoT systems
Article
  • Jun 2023
  • COMPUT NETW
Due to the dynamics of edge–fog computation resource availability and network traffic, it is challenging to best assign network intrusion detection (NID) tasks to the appropriate edge–fog nodes in a multi-level IoT NID system. In this paper, we first propose an integer linear programming (ILP) formulation to find an optimal NID task assignment with the objective of minimizing the NID latency while meeting the NID accuracy requirements and computation resource constraints. Then, we propose three heuristic algorithms which are shortest detection (SD)-based, nearest neighbor (NN)-based, and genetic algorithm (GA)-based assignment to efficiently find the near-optimal solutions. Extensive simulations based on two real-world IoT network attack datasets are conducted to justify the effectiveness of our proposed algorithms in terms of the NID accuracy and latency.
View
Internet of Things in Higher Education: A Study on Future Learning
Article
Full-text available
  • Nov 2017
In the coming years, technology will impact the learning experience in many ways. Internet of Things (IoT) continues to confirm its important position in the context of Information and Communication Technologies and the development of society. With the support of IoT, institutions can enhance learning outcomes by providing more affluent learning experiences, improved operational efficiency, and by gaining real-time, actionable insight into student performance. The purpose of this study is to find out the potential of IoT in higher education and how to maximize its benefits and reducing the risks involved with it. Further efforts are necessary for releasing the full potential of IoT systems and technologies. Therefore, this paper presents a study about the impact of IoT on higher education especially universities. IoT stands to change dramatically the way universities work, and enhance student learning in many disciplines and at any level. It has huge potential for universities or any other educational institutions; if well prepared to ensure widespread and successful implementation by leadership, staff, and students. IoT needs development where universities can lead. Academics, researchers, and students are in a unique place to lead the discovery and development of IoT systems, devices, applications, and services. Moreover, this paper provides an evidences about the future of IoT in the higher education during the next few years, which have offered by a number of research organizations and enterprises. On the other hand, IoT also brings tremendous challenges to higher education. Hence, this paper also presents the perspective on the challenges of IoT in higher education.
View
SIT: A Lightweight Encryption Algorithm for Secure Internet of Things
Article
Full-text available
  • Feb 2017
The Internet of Things (IoT) being a promising technology of the future is expected to connect billions of devices. The increased number of communication is expected to generate mountains of data and the security of data can be a threat. The devices in the architecture are essentially smaller in size and low powered. Conventional encryption algorithms are generally computationally expensive due to their complexity and requires many rounds to encrypt, essentially wasting the constrained energy of the gadgets. Less complex algorithm, however, may compromise the desired integrity. In this paper we propose a lightweight encryption algorithm named as Secure IoT (SIT). It is a 64-bit block cipher and requires 64-bit key to encrypt the data. The architecture of the algorithm is a mixture of feistel and a uniform substitution-permutation network. Simulations result shows the algorithm provides substantial security in just five encryption rounds. The hardware implementation of the algorithm is done on a low cost 8-bit micro-controller and the results of code size, memory utilization and encryption/decryption execution cycles are compared with benchmark encryption algo-rithms. The MATLAB code for relevant simulations is available online at https://goo.gl/Uw7E0W.
View
Securing Smart Cities Using Blockchain Technology
Conference Paper
Full-text available
  • Dec 2016
A smart city uses information technology to integrate and manage physical, social, and business infrastructures in order to provide better services to its dwellers while ensuring efficient and optimal utilization of available resources. With the proliferation of technologies such as Internet of Things (IoT), cloud computing, and interconnected networks, smart cities can deliver innovative solutions and more direct interaction and collaboration between citizens and the local government. Despite a number of potential benefits, digital disruption poses many challenges related to information security and privacy. This paper proposes a security framework that integrates the blockchain technology with smart devices to provide a secure communication platform in a smart city.
View
ARMY: Architecture for a secure and privacy-aware lifecycle of smart objects in the internet of my things
Article
Full-text available
  • Sep 2016
The emergence of the Internet of Things paradigm promises a multi-disciplinary revolution covering different spheres of our daily lives. However, the ubiquitous nature of IoT requires inclusive approaches in order to agree on a common understanding about its implications. Particularly, in order to unlock its huge potential and maximize its benefits, it is necessary to minimize the risks that are associated with security and privacy concerns. In this work, we propose a comprehensive architectural design to capture the main security and privacy requirements during the lifecycle of a smart object. The resulting architecture has been designed, instantiated, and implemented within the scope of different European IoT initiatives, in order to promote the design and development of secure and privacy-aware IoT-enabled services.
View
A Study of Smart Home Environment and it’s Security Threats
Article
Full-text available
  • May 2016
  • Int J Reliab Qual Saf Eng
As the world is moving towards Internet of Things, smart home is now rapidly becoming a reality. Home appliances and devices are interconnected, i.e., home area network, via proprietary or standard TCP/IP protocols allowing for better management and monitoring. Nevertheless, as with any form of network, smart home is also prone to security threats and vulnerabilities. This paper aims at presenting the importance of security in smart home environment. Herein, we will discuss (a) the concepts of smart home environment, (b) various smart home communication mechanisms, (c) security challenges and concerns in smart home environment, (d) security threats in smart home environment, (e) current security measures to encounter such security attacks and finally, conclusion and future work
View
View
Building the Internet of Things with IPv6 and MIPv6: The Evolving World of M2M Communications
Book
  • Jun 2013
"If we had computers that knew everything there was to know about things-using data they gathered without any help from us-we would be able to track and count everything, and greatly reduce waste, loss, and cost. We would know when things needed replacing, repairing or recalling, and whether they were fresh or past their best. The Internet of Things has the potential to change the world, just as the Internet did. Maybe even more so." -Kevin Ashton, originator of the term, Internet of Things. An examination of the concept and unimagined potential unleashed by the Internet of Things (IoT) with IPv6 and MIPv6. What is the Internet of Things? How can it help my organization? What is the cost of deploying such a system? What are the security implications? Building the Internet of Things with IPv6 and MIPv6: The Evolving World of M2M Communications answers these questions and many more. This essential book explains the concept and potential that the IoT presents, from mobile applications that allow home appliances to be programmed remotely, to solutions in manufacturing and energy conservation. It features a tutorial for implementing the IoT using IPv6 and Mobile IPv6 and offers complete chapter coverage that explains: What is the Internet of Things? Internet of Things definitions and frameworks. Internet of Things application examples. Fundamental IoT mechanisms and key technologies. Evolving IoT standards. Layer 1/2 connectivity: wireless technologies for the IoT. Layer 3 connectivity: IPv6 technologies for the IoT. IPv6 over low power WPAN (6lowpan). Easily accessible, applicable, and not overly technical, Building the Internet of Things with IPv6 and MIPv6 is an important resource for Internet and ISP providers, telecommunications companies, wireless providers, logistics professionals, and engineers in equipment development, as well as graduate students in computer science and computer engineering courses.
View
A dynamic prime number based efficient security mechanism for big sensing data streams
Article
  • Mar 2016
  • J COMPUT SYST SCI
Big data streaming has become an important paradigm for real-time processing of massive continuous data flows in large scale sensing networks. While dealing with big sensing data streams, a Data Stream Manager (DSM) must always verify the security (i.e. authenticity, integrity, and confidentiality) to ensure end-to-end security and maintain data quality. Existing technologies are not suitable, because real time introduces delay in data stream. In this paper, we propose a Dynamic Prime Number Based Security Verification (DPBSV) scheme for big data streams. Our scheme is based on a common shared key that updated dynamically by generating synchronized prime numbers. The common shared key updates at both ends, i.e., source sensing devices and DSM, without further communication after handshaking. Theoretical analyses and experimental results of our DPBSV scheme show that it can significantly improve the efficiency of verification process by reducing the time and utilizing a smaller buffer size in DSM.
View
Cloud-Assisted Industrial Cyber-Physical Systems: An Insight
Article
  • Sep 2015
The development of industrialization and information communication technology (ICT) has deeply changed our way of life. In particular, with the emerging theory of "Industry 4.0", the integration of cloud technologies and industrial cyber-physical systems (ICPS) becomes increasingly important, as this will greatly improve the manufacturing chain and business services. In this paper, we first describe the development and character of ICPS. ICPS will inevitably play an important role in manufacturing, sales, and logistics. With the support of the cloud, ICPS development will impact value creation, business models, downstream services, and work organization. Then, we present a service-oriented ICPS model. With the support of the cloud, infrastructure platform and service application, ICPS will promote the manufacturing efficiency, increase quality of production, enable a sustainable industrial system and more environmentally friendly businesses. Thirdly, we focus on some key enabling technologies, which are critical in supporting smart factories. These key enabling technologies will also help companies to realize high quality, high output, and low cost. Finally, we talk about some challenges of ICPS implementation and the future work.
View
Requirement of Security for IoT Application based on Gateway System
Article
  • Oct 2015
An integrated security mechanism is one of the key challenges in the open wireless network architecture because of the diversity of the wireless network in open wireless network and the unique security mechanism used in each one of these networks. The security consideration should satisfy a concise set of cryptographic and security mechanisms, single security policy framework, and configuration parameters policy-dependent. This may require consideration of system perspectives, taking into account the entire system and device lifecycle, ease-of-use and ease-of-deployment. Finally, we analyzed requirement of IoT security gateway system to improve vulnerability of sensor node.
View