Beruflich Dokumente
Kultur Dokumente
I. INTRODUCTION
Internet of Things (IoT) paradigm was care, introduced by
Kevin Ashton in the year 1998 [1][2][3][4]. He states that IoT
is the computers that knew everything about things and
using data that they collected without any help from a human
then interconnected to each other with the internet. IoT refers
to the interconnectivity among our frequently used electronic
devices along with the sensing capability and contextual
awareness [1][5][6].Given the efficiency and economic
benefits of IoT technology, IoT devices are developed widely
and rapidly across the nation. IoT applications are popular
worldwide with the term smart such as smart home, smart
watch, and smart city.
China introduced the concept of Sensing China as an
initiative to accelerate the development of IoT across the
country [3][4]. IoT components usually consist of sensors and
actuators which collect contextual information and perform
actions respectively. For example in a smart watch, a sensor
records the time for exercises, and an actuator calculates the
calories during activities. Another component is a coordinator,
which acts as a device manager that monitors the status and
operations of the smart things. It also sends an accumulated
report of their activities to IoT service provider. Local IoT
network and IoT cloud service are connected through a sensor
bridge.
321
2016 3rd International Conference on Electronic Design (ICED), August 11-12, 2016, Phuket, Thailand
322
2016 3rd International Conference on Electronic Design (ICED), August 11-12, 2016, Phuket, Thailand
Attack
Target
Weaknesses
Denial of
Service (DoS)
attacks
IoT devices
that
connected
via the
Internet.
Reduction in
networks
capacity
Disable the
network
Wormholes
Location of
the packets
Problematic
in checking
the routing
information
Spoofed, alter
or replayed
routing
information
Routing
information
Detectable
of IoT
devices.
High end to
end latency
Routes
sources might
be extended
or shorten
Sybil
Integrity of
data
security and
resource
utilization
Launch
threat to
geographic
routing
protocol
Costly
network
Technique
IP enable status
contributes to a
pool thing.
Distributed
attack utilized
and auto shut the
IoT system.
Record the
packets at one
location then
tunnel it to a
different
location.
First, spoofer
only listens.
Only act when
the transmitter
stops sending a
signal, then
unreliable signal
send.
Propagate
malware to a
website. The
adversary is
masquerading
the normal users.
B. Sybil Attack
The emerging of IoT exposes a system to Sybil attack,
which is a single node that has multiple identities [17]. That
means adversary can be in more than one location at a time. It
is to degrade the integrity of data security and resource
utilization. In the year 2012, the statistics records of Sybil
attack in the online social network (OSNs), about 76 million
(72%) fake users on Facebook and 20 million Sybil on Twitter
per week [10].
Sybil attacks are launched to steal the information by
propagating malware to a website. Comprehensively, Sybil is
like a masquerade, which looks like ordinary users but it is
not. New media like Facebook, Twitter, and Instagram, are
prone Sybil attacks. Therefore, it is important to have a
security defense to maintain the IoT system so that it can keep
working correctly.
C. Denial of Service (DoS)
Blackmailer or activist endeavors to mess up or terminate
the network by launching the Denial of Service attack. DoS
attack is a particular attack on a network or a computational
resource, and the effect of DoS attack may contribute to the
reduction in network capacity.
There are two categories of DoS attack in IoT; Distributed
Denial Of Service (DDoS) and Ordinary DoS [11][12]. For
common DoS attack, a tool is required to send packets to an
intended system that crash the network or sometimes force the
system to restart. Meanwhile, DDoS can be a single attacker
but not powerful as a proxy attacker. From that, the impact of
this attack not only disabled the network but also prevent it to
be accessible to a very large network.
D. Attacks based on Device Property
Device property can be low-end devices class or high-end
devices class. These types of attacks give a different impact
toward the IoT system. IoT might result in a fatal error or only
a part of the system might act in abnormal behavior due to the
power of device property.
1) Low-end device class attack
Low-end devices class attack is an attack that involves
low power devices to attack the IoT system. By that, this class
is low cost by only connecting the system to outside via radio
link. They are same potential and network configuration that
act in a similar way. It is accessible to few sensor nodes of IoT
devices. For an example, the smartwatch can control remotely
any devices in home appliances like smart TV, and smart
refrigerator.
2) High-end device class attacks
Unlikely to the low-end device, high-end device class
attacks involves full-fledged devices to launch the attacks on
IoT system. This class connects their IoT devices via the
Internet so it can be accessed by a laptop (powerful device)
that has better CPU from anywhere and anytime.
323
2016 3rd International Conference on Electronic Design (ICED), August 11-12, 2016, Phuket, Thailand
1) Physical attacks
One strategy to blunt the IoT devices successful is by
the physical attack on the infrastructure of an IoT. For
example, adversary changes the behavior or structure of
devices that involve in IoT system.
2) Logical attacks
A logical attack is an attack when the communication
channel dysfunction after the adversary launched attacks on
the IoT system. Attackers do not harm the physical devices to
launch their attack.
Fig. 3. Man in the middle attacks.
324
2016 3rd International Conference on Electronic Design (ICED), August 11-12, 2016, Phuket, Thailand
I. Host-based attacks
The types of host involve in launch upon security attacks
of IoT are users, software, and hardware compromise. IoT
devices are embedded devices where they consist of operating
system and system software inside them. Therefore, the IoT
devices can be attacks through the host of the IoT system.
Attacks
Jamming
Tampering
Collision
Data Link
1) User-compromise
A user may reveal the information or data such as
password or keys about the security credentials. For example,
a building insider gives a password of that building to be
accessible the IoT devices by an unauthorized user.
Exhaustion
Unfairness
Spoofed, altered or
replayed
routing
information
Selective
forwarding
2) Software-compromise
Software vulnerability where the attacker pushes the
IoT device to be in exhaustion state or resources buffer
overflows. For example, the laptop can be suddenly shutting
down due to the low battery. By that, other things cannot be
interoperability due to most of the system in sleeping mode.
Sinkhole
Network
Sybil
Wormholes
HELLO flood
3) Hardware-compromise
Within an IoT device, tampering with hardware is the
way adversary launch their host-based attacks. The host-based
attack on hardware compromise, where attackers inject
malicious code or stealing the actual driver or connecting to a
device. Moreover, an iPhone may be exploited by using a
malicious duplicate charger which installs a Trojan into that
device [18].
Acknowledgement
spoofing
Flooding
Transport
De-synchronization
Attacks
on
reliability and Clone
attack:
Application
Clock
skewing,
Selective message
forwarding,
Data
aggregation
distortion
2) Protocol disruption
In the security of IoT context, the availability is one of
security attribute. This functional security requirement is
important to have a great IoT system. Unfortunately, attackers
can attack the protocol by disrupt either from inside or outside
the native network of IoT and bring up the issues on the
availability of IoT.
325
2016 3rd International Conference on Electronic Design (ICED), August 11-12, 2016, Phuket, Thailand
V. CONCLUSION
Considering a significant amount of sensitive data to be
put online and the enabling of remote access of smart devices
across the world, security flaws within Internet of Things may
bring a huge drawback to the entire world. Such security
failures may disrupt the whole network of devices and may
cause fatal effects to the users. Therefore, security concern is a
major part that needs to be well studied before developing
more advanced Internet of Things (IoT) systems. In this paper,
we attempt to outline various attacks within IoT systems into a
well-structured taxonomy to assist researchers and developers
to plan appropriate security measures in their IoT
developments.
ACKNOWLEDGMENT
The research reported in this paper is supported by
Research Acculturation Grant Scheme (RAGS). The authors
would also like to express gratitude to the Malaysian Ministry
of Education (MOE) and University Malaysia Perlis for the
facilities provided.
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[17]
[18]
[19]
[20]
[21]
326