The Internet of Things (IoT) has grown rapidly in recent years due to its wide range of usability, flexibility, and smartness. The majority of IoT apps carry out tasks automatically, with no input from humans or physical objects. To deploy such a new technology in a secure manner, present and prospective gadgets must be smart, efficient, and capable of providing services to consumers. As a result, researchers are investigating security concerns on a daily basis. Because IoT devices are most portable and light in nature, they have various concerns such as battery consumption, memory, and the most essential is security. In this survey thesis, we explored security threats with relation to several types of IoT layers. Last but not least, we discussed several IoT applications. This research will help academics and manufacturers analyze and reduce the attack range on IoT devices. Keywords: IoT, Smart Homes, HealthCare, Encryption, Security
The Internet of Things (IoT) is a new trend in the world today. As technology spreads, it has become a critical need for society, health care, universities, homes, and practically everything to be connected to the internet. According to the research, the number of items projected to be linked worldwide in 2020 is 8.4 billion, with this figure expected to rise to 20.4 billion by 2022. Increase in the use of IoT applications in all settings throughout the world, with connections between machines estimated to expand from 5.6 billion to 27 billion between 2016 and 2024. Some privacy and security, authentication, and storage difficulties have been highlighted as a result of the wide variety of IoT Application usage, and it’s a challenging topic, for the time being, between the research community. It is quite impossible to operate an IoT application with full functionality and in a trustworthy way without a secure environment and infrastructure. According to assaults against IoT devices surged by 600% in 2017. Typically, attackers do not target IoT edges directly, but rather use them as a weapon to gain access to other sites. IoT devices will be readily targeted owing to their manufacturer’s nature, since most firms do not address security and forensics for devices, instead focusing on cost, size, and usefulness. If we peek behind the scenes of our daily lives, we will see a plethora of IoT devices, such as smart electricity meters, which are used to regulate power usage, lights, and other resources. Security cameras are another IoT item that will alert you if there is any unwelcome activity at night. Smart fridges will also alert you if there is a scarcity of drinking milk, and sensor doors that open based on your sound and facial recognition. Guess what, if a firm compromises on security in order to save money and space, it will have an impact on all of the physical items with which you interact on a daily basis in the IoT age. Modern automobiles also use sensors, and if the car sensors and algorithms are hacked, your life is in danger. In today’s healthcare, several sensors are utilized to provide reports to doctors if a patient’s life is in danger due to a targeted attack. Not only in the healthcare sector is IoT security more important; in business, criminals may acquire your bank data and make unauthorized activities. Indeed, these sorts of cyberattacks are the most harmful to huge corporations, as demonstrated by one event from US history, which occurred in 2013; a gang of attackers stole $160 million through credit cards. The key contribution of this research is that we have enlarged on the many security challenges associated to the IoT layered infrastructures and some of the IoT age applications. Simply said, in today’s technology day, anything is vulnerable to cyberattack and might pose a hazard.
2. IOT SECURITY:
Because of the billions of IoT smart device communications, IoT security is the most important and difficult challenge for the research community. Because IoT is in its early stages and demand for smart devices is increasing, manufacturers are overlooking security aspects and delivering vulnerable devices to the market. As a result, attackers are easily targeting the devices and performing a large number of DDoS and other types of attacks to steal user personal information and data from IoT devices.
2.1. Physical Assaults:
Physical attacks are those in which the attackers rely on the system hardware rather than software.
- Node Tampering: In this sort of assault, the attackers physically or electrically harm the sensor nodes in order to gain access and edit vital information, such as confessing the shared crypto keys, which may damage the entire sensor network.
- Malicious Node Injection: In this sort of attack, the attackers install the malicious node between two or more nodes and monitor the traffic between the nodes. This form of attack is sometimes referred to as a Man in the Middle-Attack.
- Malicious Code Injection: In this sort of attack, attackers attempt to insert malicious code into the node’s memory. As IoT device software updates in the open, attackers will be able to introduce malicious code into the system, allowing the attacker to seize total control of the IoT system.
- Sleep Deprivation: Because most IoT devices rely on batteries for electricity, they must adhere to the sleep cycle in order to last as long as possible. In a sleep deprivation attack, the attacker keeps the devices active, which consumes more battery life and causes the devices to shut down.
- Physical Damage: As the name implies, in this form of assault, the attackers attempt to obtain data by physical acts. Attackers begin by searching through organization garbage bins for information such as date of birth and security numbers for confirming computer passwords.
- Social Engineering: In these attacks, the attackers target people rather than computer systems in order to obtain information. Attackers are attempting to mold the target into a bogus network and engage in harmful operations in order to get data.
2.2. Software Assaults:
In these sorts of attacks, the attackers utilize viruses, spyware, and other harmful software to steal data or refuse service.
- Viruses, Warms, and Spywares: Attackers are attempting to transmit certain harmful files as an email attachment so that when the receiver gets the email and downloads the attachment or other files from the internet, the system will be harmed. To identify these sorts of assaults, several technologies such as firewalls, antivirus, and other detection systems offered by researchers can be utilized.
- Malicious scripts: In this sort of attack, the adversary uses malicious scripts in conjunction with the standard query. When standard queries are executed, the scripts execute automatically, posing a risk to the users. According to the Imperva Web Application Attack Report (WAAR) round, about 96.15 percent of Web assaults were carried out.
- Phishing attack: This sort of attack is commonly used to steal the user’s sensitive information such as credit card numbers, email passwords, and so on. Emails or websites are utilized in this form of assault. Adversary creates phishing sites that seem just like the originals and tracks users. The enemy can make advantage of emails, websites, and phone calls.
- DoS Attack: A denial of service attack occurs when an adversary sends unexpected traffic to a system, rendering the resources inaccessible to other users. The attacker can potentially deceive the data and modify it for resending in a denial-of-service attack.
2.3. Network Assaults:
Because IoT devices move about and are connected to the internet, they are more vulnerable to attacks. Some network attacks are addressed further below.
- Traffic Analysis: The adversary attempts to get the packet pattern and modify the contents in this sort of attack. Although certain packets are encrypted, we cannot assume that they are secure against assaults.
- RFID Cloning: This sort of assault uses tags to depict specific tags, which might lead to unmanageable dangers.
- RFID Unauthorized Access: Because RFID tags are responsible for sending and receiving data using distinct signals, there is a greater potential that someone will put the RFID card reader and steal the data.
- RFID spoofing: RFID tags are not physically reproduced in this sort of assault. In a spoofing assault, the adversary uses customized equipment with additional functionalities capable of mirroring RFID tags in order to get data. The enemy is attempting to gain access to the original RFID tag and will do so by any means necessary. Using this strategy, the adversary gains complete access to data channels as the original tag.
- Sinkhole Assault: In this attack, the adversary attempts to install a malicious node between the actual nodes in order to broadcast the bogus routes through the RPL routing protocol in IoT. As a result, the attacker node is responsible for the majority of the hops. This sort of assault will also have an impact on the performance of IoT devices.
- MITM Attack: The adversary sits between the nodes and interprets the communication between the two parties in this form of attack. When the sender sends information, the adversary receives it and modifies it before transferring it to the recipient rather than the real value. When the recipient responds, the opponent follows suit and responds to the sender. Most of the time, this sort of attack is used to obtain credit card login information or other personal information.
- Routing Information Attack: In this sort of attack, the adversary attempts to redirect traffic straight through a bogus route in order to obtain access to sensitive data.
2.4. Encryption Attacks:
In this form of attack, the adversary attempts to get access to the plain text by various means such as stealing the key, discovering flaws in the code, cryptographic protocol problems, and so on.
- Side channels attack: In this sort of attack, the adversary targets physical security implementations in order to leak personal and sensitive data. This type of assault has grown in popularity in recent years.
- Cryptanalysis attack: In this form of assault, attackers attempt to discover flaws in crypto algorithms and infer crypto keys.
- MITM Attack: A man in the middle attack in which the attacker attempts to steal public value. Instead of using the original public value, the attackers create their own keys and transmit them to the recipient in reply states.
3. APPLICATION AREAS OF IoT:
Security and privacy are critical criteria for any IoT devices and apps that are already in use or will be in the near future. With the fast advancement of technology, the use of IoT applications is growing by the day. All manufacturers are working to improve device security, but some applications are extremely sensitive, particularly in the health care system, and hence necessitate stringent security standards. The following are some examples of IoT applications.
- Smart Houses: Smart homes are now the most useful and efficient IoT application. According to the study, consumers looked for smart house 60,000 times. Another important note is that approximately 256 firms are engaged in smart home products and startups and are currently bulleting the features for IoT Uses, which aids IoT in quick expansion.
- Smart Cities: Another IoT application that is gaining popularity throughout the world is smart cities.
- One of the most common and sensible applications of IoT in the health system. As we look into the system, wireless sensors are being placed in the patient’s body and connected to the cloud in order to relay patient information to the doctor. If we look at the opposite side, if the doctor got genuine information and referred the medicine, and it was hacked in some manner, and the enemy modified the medicine report, it is also a big danger for the patient.
- Security and Emergencies: Another use in the IoT system is security and emergencies. Today, most army operations, particularly in the demining field, employ most of the machinery for such a work, and they also install wireless sensors to prevent illegal entry to banned areas. Wireless sensors are deployed in most buildings to monitor burglar activity, manage lighting and water systems, and much more.
4. IOT SECURITY:
As we discussed some of the security challenges in the previous part, we will now discuss some of the methods for safeguarding IoT applications and the environment in this area. Edge computing, fog computing, blockchain, and machine learning are the four key strategies for defending the IoT ecosystem. The following are some in-depth explanations of the approaches mentioned.
- Fog Computing for IoT Security: The majority of users and gadgets in the internet of things are portable, and data is kept in cloud computing. As a result, there are additional issues to solve, such as security, power consumption, bandwidth, and dependability. The authors of developed three levels of architecture to operate between the transmitter and recipient to tackle storage, processing overhead, limited resources, and security and privacy challenges in (G.Zhuo, Q.Jia, L.Guo, M.Li, & Pan Li, 2016). (Zhang, J., Li, Q., Wang, X., 2018) adds the COLOR + technique, which is used to execute the majority of the calculation on the terminal node. COLOR + is also used to detect spammers based on suspension.
- Machine Learning for IoT Security: As previously stated, Dos attacks are one of the most common techniques of stealing data in the IoT environment. The Multi-Layer Perceptron (MLP) is utilized to protect against such significant attacks. The authors of (R.V. Kulkarni, G.K.Venayagamoorthy, 2009) introduced particle swarm optimization using the back propagation technique to improve wireless network security. Eavesdropping is another sort of attack that has emerged in IoT. During the communication, the adversary may 50 drop packets. To protect against this form of assault, machine learning approaches like Q-learning-based offloading strategies or non-parametric Bayesian techniques might be applied.
- Edge Computing for IoT Security: As with edge computing, data transfer occurs within the network or within the device. When compared to fog computing, data movement is reduced, which reduces security concerns. Another concern is data compliance in some nations, which refuse to exchange data with other countries and impose limits on it. As a result of adopting edge computing, the data compliance problem will be solved. Another issue that is addressed by edge computing is the question of safety. If the user does not have a fast internet connection, everything will be transferred to the cloud and will wait for a response, which may jeopardize a person’s or group’s safety.
- Block chain approaches for IoT security: Blockchain technology is the most significant advancement in IoT security. Which focuses solely on the secure application of IoT? In a nutshell, Blockchain is a transactional database that stores all transactions as hashes. In (O. Novo, 2018), the author offers a novel access control system that moderates the different concerns associated with IoT devices. The paper’s approach is decentralized and built on Blockchain technology. As a single point system is one of the major difficulties in the IoT ecosystem, the (P.LV, L. WANG, H.ZHU, W. DENG, and L.Gu, 2019) author has presented a novel decentralized method for IoT called privacy-preserving publish/subscribe utilizing Blockchain technology.
- In this article, we emphasized on the security dangers to IoT devices pertaining to several IoT layers, such as physical, software, network, and encryption levels. We’ve also spoken about several IoT applications. We anticipate that this survey will be useful for IoT researchers and manufacturers in improving the security level of future IoT gadgets.
| Ertughrul Gayibov