Connecting the World: Opportunities and Challenges in IoT
The advent of the Internet initially facilitated the connection of individuals with static information.
Contents
Abstract
However, its role has evolved to assist in establishing dynamic connections between individuals, as well as between people and physical objects. In the modern technological landscape, the Internet of Things (IoT) emerges as a versatile domain, offering a spectrum of business opportunities while simultaneously posing significant risks. By enabling data transfer from physical devices to the internet, IoT has transformed how smart devices communicate. This essay delves into the fundamental concepts of IoT, its inherent security challenges, and distinctive characteristics.
Introduction
The exponential growth of unsecured Internet of Things (IoT) devices, which often boast high computational power, presents an appealing target for cyber attackers. These malicious entities seek to exploit vulnerabilities in these devices, frequently converting them into components of substantial botnets. A botnet is essentially a network of compromised devices, or bots, that operate under a centralized command system. Such networks are leveraged for various nefarious activities, including but not limited to distributed denial-of-service (DDoS) attacks.
One notable instance of such exploitation occurred in November 2013 when Symantec scientists uncovered the Linux.Darlloz worm. This worm capitalized on a PHP vulnerability, spreading across IoT devices like home routers, TV set-top boxes, surveillance cameras, printers, and industrial control systems. A variant of this worm, identified in January 2014, incorporated a cryptocurrency mining tool, further highlighting the evolving threats IoT devices face. Fast forward to September 2016, and the emergence of the Mirai malware created perhaps the largest botnet on record, illustrating the potential scale of IoT-based cyber threats.
IoT Security Risks
The surge in DDoS attacks linked to IoT devices was entirely predictable. A comparative analysis of conventional computing systems reveals that IoT systems are inherently more susceptible to security risks. This vulnerability stems from several factors: the absence of well-defined perimeters, constant changes due to device and user mobility, and the heterogeneity of IoT frameworks in terms of communication protocols and devices.
Furthermore, IoT devices often operate autonomously, controlling other devices without human intervention. These systems may consist of entities that were not initially designed for internet connectivity. Many IoT systems, or components thereof, are physically unprotected and managed by various parties. Unlike smartphone applications that require user authorizations for installation, IoT devices lack granular permission requests due to their sheer number. Consequently, fundamental security measures are often overlooked in IoT systems.
According to a July 2014 report by HP, IoT devices, on average, exhibited 25 vulnerabilities each. Alarming statistics revealed that 80% of devices failed to enforce robust password policies, 70% did not encrypt communications, and 60% had vulnerable interfaces or weak firmware. These findings underscore the urgent need for enhanced security practices in the IoT domain.
Protection Techniques
Preventing IoT devices from being misused within botnets requires implementing well-established security techniques that address common vulnerabilities. An October 2016 alert by the US Computer Emergency Readiness Team (US-CERT) regarding the Mirai botnet enumerated several such practices. These include changing all default passwords to complex ones, installing timely security patches, and disabling Universal Plug and Play (UPnP) on routers unless absolutely necessary.
Additionally, it is critical to scrutinize IP ports, such as 2323/TCP and 23/TCP, to thwart unauthorized access attempts. Monitoring port 48101 is equally essential, as it is frequently exploited by malicious devices to communicate with hackers. While these measures provide a foundational level of security, the need for scalable, automated security solutions remains pressing. Given that many IoT devices may not receive timely updates for known vulnerabilities, intrusion detection systems become vital, often necessitating deployment at gateway devices due to limited device resources.
System Architecture
The Unit and Ubiquitous IoT (U2IoT) architecture comprises three layers: the perception layer, the network layer, and the application layer. The perception layer encompasses advancements that transform physical objects into cyber-entities through technologies like radio-frequency identification (RFID), radar, infrared detection, GPS, Wi-Fi, Bluetooth, and ZigBee. Additionally, this layer includes mechanical and electronic actuators that execute sensor instructions.
The network layer encompasses routers, interfaces, communication channels, and gateways. It ensures reliable data transfer via secure data coding, integration, mining, and aggregation-based algorithms. Management and data centers serve as network nodes, categorized as local (lM&DC), industrial (iM&DC), and national (nM&DC) entities.
The application layer supports IoT applications across local, industrial, and national levels, utilizing standard protocols like the Constrained Application Protocol (CoAP) and Wireless Application Protocol (WAP). Service-oriented architectures and cloud computing are employed to facilitate service integration, transnational supervision, and global coordination.
Securing Cyberentity Interaction
The interaction scenarios among U2IoT cyber entities are depicted through three RFID-based scenarios. Scenario 1, Secure Data Access, involves mutual authentication between a tag (T) and a reader (R), facilitated by a local management and data center (uM&DCl). Scenario 2, Privacy-Preserving Data Sharing, entails interactions between local and industrial IoTs, managed by lM&DC and iM&DC, respectively, ensuring user privacy through autonomous data access.
Scenario 3, Secure Access Authority Transfer, involves a hierarchical exchange of authority among local, industrial, and national IoTs, overseen by lM&DC, iM&DC, and nM&DC. The proposed solution satisfies essential security properties, including session freshness, mutual authentication, hierarchical access control, and privacy preservation.
In conclusion, the Internet of Things presents both opportunities and challenges. While it enhances connectivity and enables innovative applications, it also necessitates robust security measures to safeguard against emerging threats. By understanding and addressing these challenges, we can harness the full potential of IoT while ensuring the safety and privacy of users.
Connecting the World: Opportunities and Challenges in IoT. (2019, Mar 31). Retrieved from https://papersowl.com/examples/security-in-internet-of-things/
