Beruflich Dokumente
Kultur Dokumente
The term Internet of things is a recent topics in the IT world. Behind this phrase there lies a
true picture of the future of computing for both in technological and social perspective. It is
generally accepted that the (IoT) will provide numerous other, and potentially radical, benefits to
human beings. However, the term Internet of things is recent there are many problems in
security of (IoT) devices which may present a variety of potential security risks that could be
exploited to harm users. Generally, when thinking about Internet of Things devices, it is
important to realize that security of these devices is not complete. These report examines issues
and challenges behind (IoT) privacy and security, current remedies and suitable solution for
future computation.
1. Introduction
The term Internet of Things (IoT) was first used in 1999 by British technology pioneer Kevin
Ashton to describe a system in which objects in the physical world could be connected to the
Internet by sensors.1 (IoT) refers to the capability of routine objects to connect to the Internet and
to send and receive data. Research predicts that there will be more than 2.9 billion connected
(IoT) devices in consumer smart home environments in 2015
2.
provide a much larger surface for attackers to target home and industrial networks.
In the near future, the number of things connected to the Internet will exceed the number of
people and it will added a spread of potential security risks that would be exploited to harm
users.by: (i) enabling misuse of personal information and unauthorized access; (ii) facilitating
attacks on other systems; and (iii) creating risks to personal safety.
Currently, most attacks are centered desktop or laptop computers; it turns into supply of profit for
attackers. This reality shows that attackers will shift their target into (IoT) devices in the near
future. Among, observed security vulnerabilities the use of susceptible passwords is a security
issue that has repeatedly been seen in (IoT) devices.
The purpose of this report is to examine the security and privacy issues on (IoT) device and their
implications for users. Also discussed will be the evolution of the (IoT) and associated security
issues, (IoT) security consideration, and some possible methods to enhance security of (IoT).
The four parts of this report will discuss (1) a technological overview of (IoT), (2) issues on
(IoT) security and privacy (3) Existing security measures, and (4) Proposed security measures.
The technological overview section will show the evolution of (IoT) and related security issues
on (IoT) developmental path. The vulnerability section identify and explains various security
vulnerabilities with regard to (IoT) device. The section covering current security measures
1
2
Gartner Press Release, Gartner Says 4.9 Billion Connected Things Will Be in Use in 2015, published November
11, 2014,http://www.gartner.com/newsroom/id/2905717
examines existing security and how they are currently being used today. Finally, the proposed
solution section includes effective security measures to tackle (IoT) vulnerabilities.
3 https://en.wikipedia.org/wiki/Internet_of_things#cite_note-24
The term (IoT) become popular in 1999 after Kevin Ashton, who is considered as The father of
the Internet of Things & network trailblazer4 , introduce Radio-frequency identification (RFID)
concept. According to Cisco Internet Business Solutions Group (IBSG), the Internet of Things
was born in between 2008 and 2009 at simply the point in time when more things or objects
were connected to the Internet than people.5 In 2011, to address the limitation of IPV4 address
and to include all (IoT) device in the future, IPV6 was introduced.
Now a days (IoT) in the context of integrated location-based implementations such as smart
homes or smart cities.6 Whatever the application, it is clear that (IoT) use cases could extend
to nearly every aspect of our lives. Based on forecasts made by Gartner Inc. (Technology
Research and Advisory Corporation), there will be approximately 20.8 bl. Devices on (IoT) by
2020.7 Governments in developed country has begun to increase their budget towards the
development of (IoT) technology and implementation of smart cities. Generally, (IoT) has
brought a dynamic change on worlds social, technological and industrial fields and involves
inanimate (IoT) devices will change the way we live and work.
(IoT) promises to create a world where all the objects (also called smart objects) around us are
connected to the Internet and communicate with each other with minimum human intervention.
The ultimate goal is to create a better world for human beings, where objects around us know
what we like what we want, and what we need and act accordingly without explicit instructions
[1].
4 https://newsroom.cisco.com/feature-content?articleId=1558161
5 http://www.cisco.com/web/about/ac79/iot/
6 IEEE Smart Cities." IEEE, 2015. Web. 06 Sept. 2015. http://smartcities.ieee.org/
7 http://www.gartner.com/newsroom/id/3165317
Internet of Things integrates multiple wired and wireless communication, control, and IT
technologies, which connect various terminals or subsystems under a unified management
platform that employs open and standardized data presentation technologies.
NETWORK LAYER
APPLICATION LAYER
4G, 3G, 2G, WIFI, Satellite
Access, GSM..
Smart Business, Smart ehealth
NETWORK LAYER
Sensor Network, RFID, M2M, Home,
network.
PERCEPTION LAYER
Figure 1 (IoT) Architecture
Various basic networks including, mobile/ private network, wireless and wired network offers
and affirms the underlying connection. IoTs are set up in this new network which is composed
Business applications of networks [2].
Regarding the IOT Protocol Stack, as shown in the Fig 3.b, from a PHY perspective, the current
IEEE 802.15.4-2006 PHY layer(s) suffice in terms of energy efficiency. Given that a large
amount of IoT applications however will require only a few bits to be send. It may be advisable
to commence looking into a standardized PHY layer which allows ultra-low rate
APPLICATION LAYER
IETF COAP
TRANSPORTATION LAYER
IETF COAP
NETWORK LAYER
IETF 6LOWPAN
MAC LAYER
IEE 802.15.4e
PHYSICAL LAYER
IEE 802.15.4-2006
From a networking perspective, the introduction of the IETF 6LoWPAN protocol family has
been instrumental in connecting the low power radios to the Internet and the work of IETF
ROLL allowed suitable routing protocols to achieve universal connectivity. From the transport
layer and an application perspective, the introduction of the IETF CoAP protocol family has been
instrumental in ensuring that application layers and applications themselves do not need to be reengineered to run over low-power embedded networks [3].
Network
Back-End of IT Systems
Safety Management of
Code Resource
Replacement of Operator
3.2
The Internet security glossary [9] defines privacy as "the right of an entity (normally a person),
acting in its own behalf, to determine the degree to which it will interact with its environment,
including the degree to which the entity is willing to share information about itself with others".
Typically in (IoT)s, the environment is sensed by connected devices. They then broadcast the
gathered information and particular events to the server which carries out the application logic.
This is performed by Mobile or/and fixed communication which takes the responsibility.
Privacy should be protected in the device, in storage during communication and at processing
which helps to disclose the sensitive information [10].The privacy of users and their data
protection have been identified as one of the important challenges which need to be addressed in
the (IoT)s.
Only the least possible amount of information should be stored that is needed.
In case of mandatory then only personal information retained.
To conceal the real identity tied with the stored data Pseudonymization and Anonymization could
be used. Without disclosing any specific record, a database could allow access only to statistical
data (sum, average, count, etc.). To ensure the output (typically aggregate queries) is independent
of the absence or presence of a particular record adds noise called as differential privacy [14]
could be the appropriate technique.
3.2.4 Privacy at Processing
It is mainly of two folds. Firstly, personal data must be treated in a way that it should be
simpatico with the intended purpose. Secondly, without explicit acceptance and the knowledge of
the data owner, their personal data should not be disclosed or retained to third parties.
By considering the above two points, Digital Rights Management (DRM) systems [15] is most
suitable which controls the consumption of commercial media and defends against redistribution illegally. One can define privacy policies for personal data in a rights object or
license instead of exercising principles for commercial media which must be obeyed during the
data processing. DRM requires trusted devices, secure devices to work efficiently and
effectively.
Users permission and their awareness are requirements for distribution of personal data. User
notification aids to avoid abuse.
3.2.5 IoT Security Vulnerabilities
Security vulnerabilities in a particular device may facilitate attacks on the consumers network to
which it is connected, or enable attacks on other systems. Vulnerabilities could enable these
attackers to assemble large numbers of devices to use in such attacks. Another possibility is that a
connected device could be used to send malicious emails.
The Open Web Application Security Projects (OWASP) List of Top Ten Internet of Things
Vulnerabilities sums up most of the concerns and attack vectors surrounding this category of
devices8:
8
https://www.owasp.org/index.php/OWASP_Internet_of_Things_Top_Ten_Project#tab=OWASP_Internet_of_Things_Top_
10_for_2014
In order to address those vulnerabilities, various IoT security considerations must be employed
through effective user account management, applying web application firewall, advanced
authentication and password management, ensure security of network ports, applying advanced
encryption, minimizing collected data, securing cloud and mobile interface, secure login and
secure update.
particular credentials. The principle of least privilege dictates that only the minimal access
required to perform a function should be authorized in order to minimize the effectiveness of
any breach of security.
3. Device authentication: When the device is plugged into the network, it should authenticate
itself prior to receiving or transmitting data. Deeply embedded devices often do not have
users sitting behind keyboards, waiting to input the credentials required to access the
network. How, then, can we ensure that those devices are identified correctly prior to
authorization? Just as user authentication allows a user to access a corporate network based
on user name and password, machine authentication allows a device to access a network
based on a similar set of credentials stored in a secure storage area.
4. Firewalling and IPS: The device also needs a firewall or deep packet inspection capability
to control traffic that is destined to terminate at the device. Why a host-based firewall or IPS
is required if network-based appliances are in place? Deeply embedded devices have unique
protocols, distinct from enterprise IT protocols. For instance, the smart energy grid has its
own set of protocols governing how devices talk to each other. That is why industry-specific
protocol filtering and deep packet inspection capabilities are needed to identify malicious
payloads hiding in non-IT protocols. The device neednt concern itself with filtering higherlevel, common Internet trafficthe network appliances should take care of thatbut it does
need to filter the specific data destined to terminate on that device in a way that makes
optimal use of the limited computational resources available.
5. Updates and patches: Once the device is in operation, it will start receiving hot patches and
software updates. Operators need to roll out patches, and devices need to authenticate them,
in a way that does not consume bandwidth or impair the functional safety of the device. Its
one thing when Microsoft sends updates to Windows users and ties up their laptops for 15
minutes. Its quite another when thousands of devices in the field are performing critical
functions or services and are dependent on security patches to protect against the inevitable
vulnerability that escapes into the wild. Software updates and security patches must be
delivered in a way that conserves the limited bandwidth and intermittent connectivity of an
evolutionary in outlook
5. Targeting the point of maximum impact: think globally, act locally
Generally, these approach can be effective if we use it in securing IoT and its users; therefore,
device manufactures, developer must consider this in order to build their consumers confidence.
In addition, stockholders must take collective responsibility, integrate security solutions with the
important objectives of preserving the fundamental properties of the Internet, experience open
consensus-based participatory approach by making an existing solution responsive to new
challenges and through employing all rounded thought.
9 http://www.internetsociety.org/sites/default/files/CollaborativeSecurity-v1-0.pdf
5 Conclusion
The (IoT) technology draws huge changes in everyones everyday life. In the (IoT)s era, the
short-range mobile transceivers will be implanted in variety of daily requirements. The
connections between people and communications of people will grow and between objects to
objects at any time, in any location. The efficiency of information management and
communications will arise to a new high level. The dynamic environment of (IoT)s introduces
unseen opportunities for communication, which are going to change the perception of computing
and networking. The privacy and security implications of such an evolution should be carefully
considered to the promising technology. The protection of data and privacy of users has been
identified as one of the key challenges in the (IoT).
In this survey, we presented Internet of Things with architecture and design goals. We surveyed
security and privacy concerns at different layers in (IoT)s. In addition, we identified several open
issues related to the security and privacy that need to be addressed by research community to
make a secure and trusted platform for the delivery of future Internet of Things. We also
discussed applications of (IoT)s in real life. In future, research on the (IoT)s will remain a hot
issue. Lot of knotty problems are waiting for researchers to deal with.
REFERENCES
[1] C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, Context Aware Computing for The Internet of Things: A
Survey IEEE Communications Surveys & Tutorials, 2013, pp. 1-41
[2] G. Gang, L. Zeyong, and J. Jun, Internet of Things Security Analysis, 2011 International Conference on Internet
Technology and Applications (iTAP), 2011, pp. 1-4.
[3] M. Palattella, N. Accettura, X. Vilajosana, T. Watteyne, L. Grieco, G. Boggia, and M. Dohler,
"Standardized protocol stack for the internet of (important) things," Proceedings of IEEE, 2012, pp. 118.
[8] D. Jiang, and C. ShiWei, A Study of Information Security for M2M of IoT, 3rd International
Conference on Advanced Computer Theory and Engineering (ICACTE), 2010, pp. 576-579.
[9]
RFC
2828,
Internet
Security
Glossary,
May
2000,
[Online].
Available:
https://www.ietf.org/rfc/rfc2828.txt.
[10] Y. Cheng, M. Naslund, G. Selander, and E. Fogelstrm, Privacy in Machine-to-Machine
Communications: A state-of-the-art survey, International Conference onCommunication Systems
(ICCS),Proceedings of IEEE, 2012, pp. 75-79.
[11] L. Zhou, Q. Wen, and H. Zhang. "Preserving Sensor Location Privacy in Internet of Things." In Computational and
Information Sciences (ICCIS), proceedings of IEEE, 2012, pp. 856-859.
[12] B. Tepekule, U. Yavuz, and A. E. Pusane, "Modern Kodlama Tekniklerinin QR Kod Uygulamalarna Yatknlg, On the Use
of Modern Coding Techniques in QR Applications.", Proceedings of IEEE, 2013. pp.1-4.
[13] M.Giannikos, K. Korina, N. Fotiou, G. F. Marias and G. C. Polyzos, "Towards secure and context-aware information lookup
for the Internet of Things." In Computing, Networking and Communications (ICNC,) Proceedings of IEEE , 2013, pp. 632-636.
[14] R. Hall, A. Rinaldo, and L. Wasserman, "Differential Privacy for Functions and Functional Data," Journal of Machine
Learning Research, 2013, pp.703-727.
[15] E. Liu, Z. Liu, and F. Shao, "Digital Rights Management and Access Control in Multimedia Social
Networks" In Genetic and Evolutionary Computing, Springer International Publishing, 2014,pp.257-266.