Internet tasks and responsibilities by using intelligent devices for

Internet of things (IoT) is a collection of objects, services and devices which are connected via a network and can communicate and share information to achieve a common goal in different areas and applications.

{4} In other words it is a technological revolution which represents the future of computing, communications and its development in upcoming days depends on the innovation of dynamic technology from wireless sensor to nanotechnology. {15} The architecture of IoT mainly based on two things. One is data communication tools and another one is radio frequency identification (RFID). {15} IoT can be implemented in different field such as agriculture, healthcare, distribution etc. The purpose of IoT is to perform daily tasks and responsibilities by using intelligent devices for changing humans’ usual lifestyle.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!

order now

{4} Devices used in IoT are arranged with sensors and processing power which qualify them that to be fitted in many environments. {1} Fig.1 is a representation of some common applications of IoT in different environments such as smart healthcare, wearable technology, smart home, smart transport etc.

Services provided by IoT applications is a blessing of modern technology as it provides great benefit for humans’ life. As every advantage have some disadvantage like that those benefits have some security and privacy concern. {1} In recent years IoT applications have a huge expansion due to the rapid development of technology especially in Radio Frequency Identification (RFID) and Wireless Sensor Network (WSN).

{4} The RFID enables the tagging or labeling of every single device. On the other hand, due to WSN people, devices, objects etc. becomes a wireless recognizable object and can communicate with each other in the physical, cyber and virtual world.

{4} The rest of this paper is organized as follows. Section II describes the architecture of IoT. In section III, IoT security principles discussed. Section IV organized by the classification of IoT security attacks and threats.

The section also contains the security issues that are associated with each layer of IoT. Section V gives the big picture of comparison and criticism of existing research work of IoT. Finally, the paper is concluded in Section VI. Different researcher gives different opinion regarding the number of layers in IoT. However, majority number of researcher declared that IoT mainly has three layers.

They are: Perception layer, Network layer and Application layers. 12 13 15 These layers are isolated by their functions and the devices that are used with them. Each layer has some security issues associated with it. Fig. 2 shows the general architecture of IoT. {4} Perception layer also referred as a “Device layer” in IoT.

It contains the physical objects and sensor devices such as RFID, camera, Bluetooth etc. mainly based on object detection method. This layer detects, collects and process information and transmits it to the network layer. The transmitted information may vary due to the different type of sensor. It can be about location, temperature, motion etc. {8} The main purpose of the network layer is to transmit the information due to that we can call it “Transmission Layer”.

It securely transfers the information from sensors to different IoT hubs or devices over the internet. The transmission medium can be wired or wireless. Internet gateways, routing devices etc. perform the transmission by using the modern technology such as WIFI, 3G, LTE etc. depending on the sensor.

{8 + 4} The application layer provides the security that means authenticity, integrity, and confidentiality of the data. In this layer, the main purpose of IoT which is the establishment of a smart environment is achieved. {4} Except those three commonly used architecture, some researcher declared that in IoT architecture some other layer also exists. Such as, M. Wu et al.

15 8 develop a new IoT architecture by adding two more layers with the existing IoT architecture one is Middleware layer and another one is business layer. The function of middleware layer is to receive information from network layer and store them in the database. Correspondingly, the business layer has the responsibility for the whole IoT system including application and services.

Hui Suo et al. 9 describes one extra layer Support layer with the three general layers. Support layer work as a support platform for the application layer. Here all kind of computing power is organized through network grid and cloud computing. It combines the application layer upward and network layer downward. As IoT is a comparatively new concept, there is a need to define the security principle that should be enforced to achieve a secure communication. All the security challenges and threats of each layer in IoT system mainly utilize the network technologies used here. However, there are some additional issues and threats can be arising from the collaboration of different technologies in IoT.

The main objective of the security protocol of IoT is to protect the data which contains sensitive information about the user. Basic security principle of any system contains confidentiality, integrity, and availability. The details are given below: Confidentiality means to restrict the disclosure of information to unauthorized individuals, entities, or processes”. https://en. To maintain the confidentiality its required to keep the data secret and prevent unauthorized access to the data. In IoT system, the user can be either human or sensor, machine and sometimes internal or external object. It’s essential for the user of IoT system to aware of the data management mechanism which will be applied in the system to ensure that data will be protected in the process.  Secrecy of message transfer between nodes should be maintained properly however sometimes it’s difficult to make sure that the sensor will not reveal the information to neighboring nodes. To maintain the confidentiality message can be encrypted before transmission.

And before transmitting the identity of the sender must be verified so no attacker will not be able to provide wrong information in the system. In WSN to implement the forward secrecy and backward secrecy can maintain the confidentiality of data. {4 +2}    In IoT, the information is the exchange between many different devices and sensors and due to that it is very important to make sure that the data will be accurate, and it’s coming from the actual sender and not altered during the transmission process by an invader. Integrity can be maintained by the end-to-end security in IoT communication.

Also by using firewalls and security protocols, it can be managed however it’s not guaranteed for all scenario. To keep the system, secure in IoT each object must be identified and authenticate other objects. It’s a very challenging procedure because of the nature of IoT. Here a huge number of people, service, devices, processing units etc. are involved with each other and issues with authentication is happened when the first time an object want to interact with other objects. Due to this issue, a mechanism for mutual authentication for each interaction is needed in IoT.

   Except for this three-basic principle, some other security principle may consider by the researcher like availability, lightweight solution, heterogeneity, policies etc. {2+3+4+9} With the increasing popularity of IoT, the security issues and threats are also increasing. A huge number of the researcher working to minimize and prevent those security issues. To prevent the security vulnerabilities and attacks in IoT system the first step is to classify the different attacks in different categories and then implement a security system to prevent the attack. As IoT is implemented by using different modern network technologies (WSN, RFID, Internet etc.) for this reason it is required a proper categorization of the attacks and threats, so that a better security system can be developed and implemented. {3} Different scholars classified attacks in different ways. Some may have classified them as per architectural layer whereas some classify them as per attacks type.

Also, some of them classified them attacks on the specific device basis. However, maybe their categorization is different, but the attack is almost same everywhere. Some most frequently attacks for IoT system are discussed below: Denial-of-Service (DoS) is one of the most common attacks. In DoS, the attacker makes the system inaccessible to the legitimate user by jamming the network using bogus traffic. It can occur in multiple layers of WSN.

  In the physical layer, it can be happened by node jamming and tampering attack. Whereas in network layer the attack can be black hole, hello flood attack. At transport layer 2 it can be performed by flooding attack. For this attack the attacker need to be physically close to the IoT system.

An attacker can be violating the privacy by accessing and restricted data and interfering between two sensors. The interfering can be done by data monitoring, snooping and controlling the communication between the two sensor nodes. The attacker convinces the user of IoT system, to extract the confidential information or to perform a certain action to achieve their goal.  Like the man-in-middle attack for this attack, the attacker needs to be physically close to doing the attack.  An attacker spoofs an RFID signal to get access to reading and record the transmitted data from an RFID tag. RFID cloning means copying data from one RFID victim tag to another RFID tag. Though two RFID tag contains same data, this method cannot replicate the original id of RFID.

 Due to the lack of authentication mechanism most of the RFID systems can be accessible to attackers. And attacker can read, modify and even delete information from nodes through this attack. Sinkhole attack may breach the confidentiality of data and denies services by dropping all the packet instead of forwarding them to the destination.

This attack attracts a maximum number of traffic through a malicious node. If the sensor network has one base station, then this attack can be very dangerous. In Sybil attack a single node has claimed the identities of many nodes and may mislead other nodes of the network.

The attacker gets the access to confidential data by spoofing the authentication credential of a user through phishing websites or infected emails. An attacker can infect the system by using malicious software or by the malicious activity and can steal information, modify them or denial of services. Attacker guess the ciphertext or plaintext in this attack and try their level best to find out the encryption key to break the security scheme and get the information. In IoT, the example of cryptosystem attack can be the known-plaintext attack, chosen-plaintext attack, chosen-ciphertext attack and ciphertext-only attack. Identification of security attacks is a stairway to successfully protect the IoT system. An IoT system consists of three different layers each with security limitations which increase the chance for security attacks. IoT requires security in all its three layers; at physical layer for data collection, at network layer for data transmission and an application layer to maintain CIA. In this section, some security approaches are mainly discussed.

  {3+4} To keep the system, secure the first step is to ensure the secure booting of the system. Authentication and data integrity of a system must be verified using a cryptographic hash algorithm. In case of a new device, when it wants to communicate first time with other devices it should authenticate itself before sending and receiving data. To maintain the data integrity some error detection mechanism should be introduced for ensuring that data is not altered in a transferring way. Checksum, parity bit as well as a hash function can be used for this purpose. Finally, for the confidentiality data should be encrypted in each device before the communication.

Due to the low power consumption, strong encryption algorithm like AES cannot be used instead of AES blowfish or RSA can be used as the consumed less power. 3 To main the privacy of sensor nodes, we need to use proper authentication along point to point encryption. Another important thing we need to keep in mind is secure routing for data transfer. Though most of the application does not have secure route however the security of a route can be ensured by providing multiple paths for data routing. It will improve the possibility of detecting an error in the system.

As mentioned earlier section for data integrity hash function can be used. Data security is most critical in this layer. It difficult to provide an authentication and integrity mechanism in this layer which will ensure the privacy and protect data from tampering or theft. To maintain the privacy and protect the data encryption mechanism can be used here. Also setting up an Access Control List (ACL) is a very effective way to protect the data. By setting up an access control list we can define who can have access to the system. ACL can block or allow the incoming and outgoing traffic. However, it’s a very crucial job to set up an ACL.

For the extra level of security firewall and antivirus can be used. A firewall can block the attack which cannot be blocked by authentication, encryption or ACL. It filters all the received packets and take a decision which will pass, and which will drop.

Also, it can prevent the system from unwanted login and DoS attack.  Security software such as antivirus, anti-spyware is also played an important role to provide the security, integrity and confidentiality of the IoT system. My survey was based on the security and privacy issues of Internet-of-Things. It’s not easy job to define a standard security principle and to suggest the countermeasures of security attacks and threats. Different scholars research on their own way to identify the issues and provide solution. A glimpse of their research is provided below.  Ioannis Andrea et al.

3 believes that the IoT system needs to be robust for data-related attacks and must provide data security and privacy. As per their view, the IoT system needs to provide confidentiality, integrity, and availability (CIA). And it can be achieved through the authentication, access control, data encryption etc. Also, the emphasis on an IoT system that must have trust between each layer, security, and privacy in each layer and trust between the user and the IoT system. Rwan Mahmoud et al. 4 mentioned that for a strong and secured IoT system CIA is the most compulsory security goals.

Along with this typical security goals, they mentioned about the availability, policy, heterogeneity, key management system etc. Hui Suo et al. 9 mentioned the security requirements as per the architectural layer of IoT system. As per their research, in perceptual layer first, they want authentication of access, second data confidentiality by encrypting the data. For data encryption, they prefer lightweight cryptographic algorithm and protocol.

As they believe to apply the security mechanism is quite difficult in the network layer. For that they refer identity authentication between nodes is required to maintain confidentiality and integrity. Also, they highlight on to prevent the DDoS attack. For cloud computing and secure multiparty computation strong encryption algorithm and protocol, strong system security technology and antivirus suggest by them. To solve the security problem of the application layer, we need two aspects. One is the authentication and key agreement across the heterogeneous network, the other is user’s privacy protection.

Monika Bhalla et al. 2 also refereed the CIA requirements for a secured system but they mainly emphasis on the security of wireless sensor networks instead of whole IoT system. Andrea et al. 3 classified the IoT attacks in four distinct classes: physical, network, software and encryption attacks.

Physical attacks are mainly focused on the hardware components of an IoT system. To attack the system attacker, need to be physically close or reside within the system. Whereas for the network attack attacker need not be closed on the system. It mainly manipulates the network system of IoT network for damage. Software attack makes the security vulnerabilities of IoT system. It exploits the system by the attack of trojan horse, worm, spyware or any other malicious activities. Due to these types of activities, it can steal information from the system some time it may damage the devices also. Encryption attack breaks the encryption scheme of the system and attacks the system.

  Man-in-the-middle attack, cryptoanalysis attack etc. are varieties of encryption attack. {1} Xu Xingmei et al. 6 defines security problem covers in each layer of IoT system.  In the perception layer, the main threat is the RFID and WSN security.

Many types of attack can happen in this network such as replication attack, channel blocking attack, flooding attack etc. Consequently, in the network layer, the common security attacks are the DDOS attack, middleman attack, heterogeneous network attack etc. Finally, in the application layer, the security challenge is to provide user privacy for information protection, prohibit illegal access to the database, prevent information leakage of system etc. Weizhe Zhang et al. 5 also explains different type of threats for the different architectural layer of IoT. In the perceptual layer the node resource is limited, a versatile network topology and distributed organized structure is present but still, it has some security threats like brute force attack, routing attack, clone node etc.

the main security concern of network layer are DoS attack, data attack or session attack. Whereas in application layer security attack can be done by privacy leak, malicious activities or social engineering.