IoT Security and Threats Quiz

Questions and Answers

Cross-site scripting attacks can be used to access private data/resources in IoT systems.

True

Confidentiality in IoT security refers to the integrity of sensor data.

False

Active attacks only threaten the confidentiality of IoT systems, not their integrity.

False

Physical attacks involve damaging the physical devices in an IoT system.

True

Low power attacks in IoT can change the normal behavior of devices within the system.

True

Passive attacks interfere directly with the functioning of IoT systems.

False

Eavesdropping in the context of attacks refers to the unauthorized alteration of transmitted messages.

False

Logical attacks do not involve any physical damage to the IoT system.

True

Access control is an example of functional-level security requirements in IoT.

False

Packet collision is a form of host-based attack.

False

Study Notes

IoT Threats and Security Requirements

• LoT threats include cross-site scripting attacks targeting private data in IoT systems.
• Unmanned Aerial Vehicles (UAVs) pose privacy risks to individuals.

Types of IoT Security Requirements

• Information-level:

  • Confidentiality: Ensures data accessibility to authorized individuals while protecting privacy.
  • Integrity: Prevents unauthorized modifications or tampering of sensor data.
  • Non-repudiation: Guarantees certainty against denial of sent messages/data claims.
  • Freshness: Confirms recency of sent or received messages/data.

• Access-level:

  • Authorization: Legitimation for users to access resources.
  • Identification and Authenticity: Validating user identities.
  • Access Control: Management of permissions for resource usage.
  • Availability: Ensures systems are operational and accessible.
  • Exception Handling: Processes for managing errors or irregularities.
  • Self-organization: Ability of IoT systems to adapt autonomously.

Classification of IoT Security Attacks

• Based on device category:

  • Low Power Attacks: Utilize low-powered devices, like smartwatches, to control home appliances unexpectedly.
  • High Power Attacks: Use devices like workstations and laptops for far-reaching attacks leading to critical failures in IoT systems.

• Based on access level:

  • Passive Attacks: Threaten confidentiality through eavesdropping on ongoing transmissions.
  • Active Attacks: Disrupt network communications and alter information, compromising both confidentiality and integrity.

• Based on attacker location:

  • Internal Attacks: Originating from within the IoT ecosystem.
  • External Attacks: Launched from outside the system.

• Based on attack strategy:

  • Physical Attacks: Damage to device configuration or physical properties.
  • Logical Attacks: Disrupt functionality without physical interference.

Information Damage Levels

• Eavesdropping: Passive monitoring of data transmissions.
• Alteration: Unauthorized changes to the data.
• Fabrication: Introduction of false information to mislead communication.
• Message Replay: Impacts the freshness of exchanged messages.
• Interruption: Causes service unavailability through disruptions.

Host-based and Protocol-based Attacks

• Host-based Attacks:

  • Hardware compromise: Intrusion or damage to physical devices.
  • Software compromise: Alteration or corruption of software systems.
  • User compromise: Unauthorized access to user accounts.

• Protocol-based Attacks:

  • Jamming: Disruption of communication channels.
  • Tampering: Unauthorized modifications to data packets.
  • Flooding: Overwhelming the network with excessive traffic.
  • Unfair Channel Access: Manipulation of communication protocols.
  • Packet Collision: Interference during data transmission.

Description

Explore the various security threats facing IoT systems, including cross-site scripting attacks and privacy risks associated with UAVs. This quiz covers different types of IoT security requirements such as information-level, access-level, and functional-level security needs.