Chapter-08-IoT-Security.pdf

Full Transcript

173 8 IoT Security LEARNING OBJECTIVES After studying this chapter, students will be able to: describe security constraints in IoT systems elaborate security requirements of IoT systems...

173 8 IoT Security LEARNING OBJECTIVES After studying this chapter, students will be able to: describe security constraints in IoT systems elaborate security requirements of IoT systems classify the nature of IoT attacks analyze the security threats at each layer of IoT architecture design secure IoT system for specific application 8.1 ­IoT Systems and Security Constraints With the proliferation and increased utilization of low cost IoT devices, societies will become more connected and hence will be more susceptible to cyber‐attacks. The imple- mentation of security mechanism in IoT systems is different and more challenging than application of security in conventional wired and wireless networks. For better compre- hension about the issues of IoT security, as a prerequisite it is essential to overview the working and connectivity of fundamental components of IoT ecosystems (i.e. smart things, coordinator, IoT gateway, network [internet/Internet], IoT Cloud, IoT applications, and end‐user devices) as shown in Figure 8.1. IoT Smart Thing: Smart things (consisting of sensors, communication interfaces, operating systems, and actuators) are mainly responsible for the collection of sensor data and its transmission to the connected coordinator or gateway. Coordinator: Coordinator is responsible for the management of associated multiple smart devices (or sometimes sensors). Networking Infrastructure: Different types of wired and wireless networks including Wi‐Fi, Bluetooth, ZigBee, LoRAWAN, etc. enable the connectivity and communication of smart things to the Internet Protocol (IP)‐based network infrastructure through IoT Gateways. IoT Gateway: IoT gateway can be a dedicated physical device or software that assists con- nectivity between devices and Cloud. At one end, IoT gateway is connected to sensor devices or coordinator and on the other side with the IoT Cloud. Sensor‐acquired data Enabling the Internet of Things: Fundamentals, Design, and Applications, First Edition. Muhammad Azhar Iqbal, Sajjad Hussain, Huanlai Xing, and Muhammad Ali Imran. © 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd. 174 8 IoT Security moving toward the IoT Cloud passes through the gateway that preprocesses the sensor data at the edge. Preprocessing on large volumes of sensor data involves the compression of aggregated data to reduce transmission costs. IoT gateway performs the translation of different network protocols to support interoperability of smart things and connected devices. In literature, sometimes the terms coordinator and gateway have been used interchangea- bly, and sometimes coordinator also performs the job of gateway, i.e. preprocessing and transmission of data to the Cloud. IoT Cloud: IoT Cloud is a network of high‐performance servers that stores, processes, and manages massive amounts of data for analysis. End‐User Devices: IoT applications are accessible to the user on mobile and other comput- ing devices. Modern technology related to mobile and web interfaces has high signifi- cance as it offers a considerable interactive and user‐friendly style to improve customer experience. IoT Applications: IoT applications available on IoT Cloud are globally accessible to users. Covering all domains of IoT applications (e.g. from simple home/building automation to complex industrial automation), IoT security includes the physical device security, data security, network security, and Cloud security to protect IoT systems from a broad spec- trum of IoT specific attacks. However, the actual practice of security approaches on diverse range of IoT devices is challenging and demands the acquaintance of associated security constrains. Concerning the implication of security in IoT systems, besides the identification of IoT system components, it is also important to consider the end‐to‐end view of IoT systems to IoT System End Users INTERNET SERVICE IoT Cloud IoT Gateways/Edge/Fog Computing IoT coordinator IP-Based and Non-IP-Based Smart Things OBU AU Figure 8.1 IoT ecosystem. ­IoT Systems and Security Constraint 175 identify the correspondence of basic functionalities to various components of IoT Systems , for example: Upgrading of smart thing firmware (e.g. any piece of code for sensing) Pairing of smart things with concerned controller device (e.g. IoT Coordinator) Binding involves the configuration of smart things through controller (binding of thing to the Internet through controller) Local Authentication of controller to a port that is open on a smart thing Local Control of smart things through commands from controller (e.g. IoT Coordinator and local wireless connection) Remote Authentication and Remote Control are required in case the controller is con- nected to smart things through the Internet Sensing and Notification of smart things to controller Data Analytics performed on Edge devices or Fog nodes BigData Analytics performed on Cloud Considering functionalities of IoT components, it becomes evident that IoT systems are exposed to two types of threats, i.e. threats against IoT and threats from IoT, and are espe- cially very attractive for hackers. Examples of threats against IoT includes: IP camera hacking through buffer overflow attacks A Distributed Denial‐of‐Service (DDoS) attack on Dyn Servers Botnet attack to hack IoT devices SQL injection attacks Threats from IoT include cross‐site scripting attack that are launched to access private data/resources in IoT systems and privacy risk of people from Unmanned Aerial Vehicle (UAV). In addition to these two types of threats, IoT devices at sensing level are fundamentally resource‐constrained in terms of hardware, software, and communication. These limita- tions of IoT devices must be taken into account before developing security mechanisms in IoT system. Moreover, these limitations hinder the employment of traditional crypto- graphic algorithms in IoT systems. The main security constraints are based on limitation of associated IoT hardware, software, and network/communication equipment. 8.1.1 IoT Security Constraints Based on Hardware Limitations IoT sensing devices have energy and computing limitation in terms of small battery and low‐power CPU with low clock rate, respectively. Therefore, computationally expensive security algorithms cannot be implemented on these devices. Sensing devices in IoT systems have limited storage capacity and hence demand memory efficient security approaches. Tamper‐resistant security algorithms are preferred for remotely deployed unattended IoT devices. 176 8 IoT Security 8.1.2 IoT Security Constraints Based on Software Limitations Robust communication protocol stack and dynamic security patches are difficult to be implemented on thin embedded operating systems installed on IoT sensing devices. 8.1.3 IoT Security Constraints Based on Communication Limitations Device heterogeneity, scalability, presence of multiple communication interfaces/proto- cols, and portability/mobility characteristics limit the employment of conventional secu- rity protocols in IoT systems. These IoT security constraints of exclusive nature are required to be addressed to prevent the risks and threats of personal information misuse. In addition to the consideration of these limitations of IoT devices, numerous other IoT security requirements are essential to be addressed [7–9]. 8.2 ­IoT Security Requirements IoT security requirements can be of different types, i.e. : Information‐level security requirements Access‐level security requirements Functional‐level security requirements 8.2.1 Information-level Security Requirements Confidentiality: Data accessibility to only authorized individuals and assurance about the protection of data privacy and proprietary information (anonymity or hiding data source) is known as confidentiality. It hinders the eavesdropping and interference of unauthor- ized users. In IoT systems, data confidentiality is essential as the sources of large vol- umes of data are RFID devices that are exposed to neighboring devices. Several approaches of secure key management have been proposed in literature to achieve data confidentiality in IoT systems [10, 11]. Integrity: Integrity prevents the tampering of sensor data and modifications of IoT devices by unauthorized individuals and other smart objects. Due to the sensitivity of sensed data, integrity is crucial in IoT applications because the forged data or incorrect feedback can be hazardous for the normal operation of IoT systems. To implement integrity, a number of secure data schemes (i.e. false data filtering techniques and blockchain‐ based integrity) have been proposed in literature. Due to high overhead, conven- tional integrity approaches are not suitable for energy‐constrained IoT sensing devices. Therefore, low‐power data integrity techniques are also proposed. Non‐repudiation: Non‐repudiation ensures the certainty against the denial of sent mes- sages/data claims. Freshness: It confirms the recency of sent or received messages/data in IoT systems. ­Security Challenge 177 8.2.2 Access-level Security Requirements Authorization: Authorization guarantees the access of authorized users/devices to access resources. Identification and Authenticity: Identification ensures the authorization of devices in an IoT system, and authentication ensures the credibility of information/transaction and legitimacy of requester’s IoT applications/devices. Due to the involvement of various factors (i.e. device heterogeneity, scalability, and complexity), conventional authentica- tion approaches (i.e. password‐protection, preshared secrets, and public‐key cryptosys- tems) are not feasible to implement in IoT systems. Therefore, for the identification and authentication of IoT devices/information, different mechanisms have been developed [14–16]. Access control: It confirms the authenticated IoT devices’ ability of accessing authorized resources only. 8.2.3 Functional Security Requirements Availability: Availability refers to the assurance of IoT information and computing resources’ (i.e. sensors, computing system, network, and storage) availability at the time of demand or in the case of power loss and failures. In IoT systems, availability is critical as IoT services are required to provide and receive data in real time. Secured and efficient routing techniques have been proposed for guaranteed delivery of messages in IoT sys- tems. Few routing schemes have been proposed to avoid Denial‐of‐Service (DoS) attacks. Exception Handling and Resiliency: Exception handling and resiliency ensures liveliness and normal working of IoT devices in case of hardware malfunctioning and software glitches. Self‐organization: This confirms the adequate level of security in IoT systems even in cases of devices’ failure or energy drainage. 8.3 ­Security Challenges Considering the security constraints and requirements of machine‐to‐machine and human‐to‐machine interactions in IoT systems, several challenges are required to be addressed: Efficient Cryptography Techniques: Cryptographic algorithms/techniques must be effi- cient enough to execute on resource‐constrained IoT devices. Interoperability: Security procedure must not limit the functional capability of IoT device. Scalable Solution: Security mechanism must be able to cope with the scalability of IoT systems. Privacy Protection: Personal data must not be identifiable to attackers. 178 8 IoT Security Resilience to Physical Attacks: Protection is required from hardware theft/damage and natural disaster. Autonomous Control: Autonomous configuration settings mechanism of IoT devices is required to be developed. Cloud Security: Large volumes of personal information stored on IoT devices demand high security 8.4 ­Taxonomy of IoT Security Threats/Attacks IoT security attacks and threats have been classified in a number of ways. Figure 8.2 pro- vides a comprehensive classification of IoT security attacks [6, 19, 20]. 8.4.1 IoT Security Attacks Based on Device Category IoT devices can be categorized as low‐power devices and high‐power devices. IoT attack launched with low‐power devices can be disastrous enough to change the normal behav- ior of devices in IoT system. For example, home appliances can be controlled remotely through short‐range wireless capabilities of low‐power smart watches. On the other hand, high‐power devices (workstations, laptops, desktops, etc.) are also capable to launch attacks from anywhere through the use of the Internet which result in fatal errors in IoT systems. 8.4.2 Attacks Based on Access Level Passive and active security attacks affect the confidentiality and integrity of IoT systems, respectively. Passive attacks threaten the confidentiality of IoT system through the moni- toring of ongoing transmission and eavesdropping without an interruption. Active attacks are launched to disrupt the network communication and alter the information of ongoing transmission. In other words, active attacks threaten both the confidentiality and integrity of IoT systems [6, 21, 22]. 8.4.3 Attacks Based on Attacker’s Location Internal attacks are launched by attackers that are residing inside the network of IoT sys- tem and execute malicious programs of different nature. On the other hand, external attacks are launched outside of native network (through public network) with unauthor- ized remote access. 8.4.4 Attacks Based on Attack Strategy Physical attacks include the physical impairment or damage to devices’ configuration and properties in IoT system. Contrary, logical attacks affect the functionality of IoT system without physical involvement. IoT Security Attacks Attacks Based on Attacks Based on Attacks Based on Attacks Based on Attacks Based on Host-based Protocol-based Information Device Category Access Level Attacker Location Attack Strategy Attacks Attacks Damage Level Low-power Devices Attacks Active Attacks Internal Attacks Physical Attacks Eavesdropping H/W Compromise Jamming Alteration Tampering High-power Devices Attacks Passive Attacks External Attacks Logical Attacks S/W Compromise Message Replay Flooding User Compromise Interruption Unfair Channel Access Packet Collision Figure 8.2 Classification of IoT security attacks. 180 8 IoT Security 8.4.5 Attacks Based on Information Damage Level Information damage at different levels is possible through man‐in‐the‐middle attack, i.e.: Eavesdropping: Passive listening of ongoing transmission. Alteration: Unauthorized access and tampering of information. Fabrication: Deliberate way of introducing false information to create misperception in ongoing communication. Message Replay: Affects the communication in terms of message freshness. Interruption: Unavailability of services through disruption or disaster. 8.4.6 Host-based IoT Attacks These attacks target private sensitive information that is part of hardware and embedded software on IoT devices including: User Compromise: Entrapping of user to disclose security credentials. Software Compromise: Exploiting the vulnerabilities of system’s software on IoT device. Hardware Compromise: Tampering of IoT device hardware to extract embedded information. 8.4.7 Protocol-based Attacks These types of attacks imperil service availability by deviating either from the normal working of standard communication protocols, i.e. at different layers of Transmission Control Protocol (TCP)/IP or from communication stack (including Physical, Data Link, Network, Transport, and Application). Jamming, tampering, packet collision, unfairness of channel access, wormhole, and flooding are examples of these kinds of attacks [7, 23]. In addition, attacks related to the disruption of standard protocol (i.e. malicious attack on data aggregation protocol, key management protocol, information extraction protocol, etc.) are also part of this category. 8.5 ­IoT Architecture and IoT Security Concerning the requisites of specific IoT application, a robust security mechanism is required to be identified and developed. However, IoT security problems and possible solu- tions can be best described at different layers of IoT architecture. Therefore, the three‐layer IoT architecture (consisting of Perception, Network, and Application layers) mentioned in Chapter 1 of this book has been taken to explain IoT security problems and possible coun- termeasures as shown in Figure 8.3. 8.5.1 Perception Layer Security Perception layer at the bottom of IoT architecture is responsible for the collection of vari- ous types of information through physical sensors or components of smart things (i.e. Issues –Unauthorized Access Attacks –Malicious Insider –Malicious Script –Insecure Software Services –Phishing Attack Application Layer –Data Security –Virus Attack Attacks –Jamming Attacks –Selective Forwarding Attacks Issues –Internet Security –Wormhole Attacks –Ad hoc Network Security –Sinkhole Attacks Network Layer –WLAN Security –Sybil Attacks –WPAN Security –Man-in-the-middle Attack –3G/4G/5G Security –Traffic Analysis Attacks Multilayer Security Attacks – DoS Attack – Cryptanalysis Attack – Botnets – Rootkit RFID Security WSN Security Attacks –Discovery of Anomalous Sensor nodes –Node Capture Attacks –Reader security –Physical/MAC/Routing Protocol Security –Malicious Code Injection –Tag encoding security –Sensor GPS Security –Malicious Data Injection –Tag counterfeit security –Security Key Management –Replay Attacks Perception Layer –Privacy of Sensitive Data –Eavesdropping and Interference Figure 8.3 IoT architecture and security issues/attacks. 182 8 IoT Security RFID, sensors, Implantable Medical Devices [IMDs], Global Positioning System [GPS], etc.). In other words, the main functionality at perception layer is related to the recognition and perception of environmental factors (i.e. temperature, humidity, pressure, light, sound, etc.) through the use of low‐power and nanoscale technology in smart things. Moreover, this layer controls the transmission or exchange of processed information to upper network layer via service interfaces. Perception node and perception network are two parts of per- ception layer that is used for data acquisition and communication, respectively. Concerning security, following challenges are required to be addressed at perception layer: RFID Security Issues: ◦ Reader security ◦ Tag encoding security ◦ Tag counterfeit security Wireless Sensor Network (WSN) security issues ◦ Discovery of physically attacked anomalous (or faulty) sensor nodes to restrict further degradation of sensor network by using faulty node detection algorithm and decen- tralized intrusion detection algorithm ◦ Physical/Medium Access Control (MAC)/Routing Protocol Security ◦ Sensor GPS security ◦ Management of security key (including key generation, storage, distribution, updat- ing, and destruction of security key) ◦ Selection/Implementations of appropriate cryptographic algorithms (i.e. Low‐power public key algorithms), e.g. NtruEncrypt and Elliptic Curve Cryptography ◦ Privacy of sensitive data (i.e. medical data from body sensors and IMD devices) while preserving anonymity RFID‐Sensor Network (RSN) security issues: ◦ Sensor + tag security ◦ Sensor + RFID tag reader security Prevention from damage in case of natural disasters Prevention from damage/misuse of physical infrastructure from human activity The following are the types of attacks that can be launched at perception layer , for example, Node Capture Attacks: Include the controlling of IoT device(s) via hardware tampering or physical node replacement to capture sensitive and important information of IoT system. Malicious Code Injection Attacks: Attacker injects malicious code that changes the execu- tion course to perform illegal functions in IoT system, i.e. controlling of system and transmission of sensitive information to the outside network. These attacks are possible through improper handling and validation of inputs and outputs of a system. Malicious Data Injection Attacks: Injection of false data in captured node to affect the normal working of IoT system. Replay Attacks: Adversary exploits malicious node in IoT system to steal and transmit legitimate identification information to the destination host for further correspondence. ­IoT Architecture and IoT Securit 183 Eavesdropping and Interference: Wireless communication among various IoT devices is serious vulnerability in terms of eavesdropping and interference. Through eavesdrop- ping, unauthorized users or malicious nodes are able to retrieve private and sensitive information. Encryption, key management, and noise filtering techniques can protect system from these types of attacks. Sleep Deprivation Attacks: Sensing devices in IoT system are energy‐constrained and are automated to follow alternate sleeping and awaking period to save energy. Sleep depriva- tion attacks disrupt the sleeping schedule and keep the node awake till the drainage of whole node energy. Energy‐harvesting techniques can be implemented to utilize energy from environmental sources. Concerning security implementation at perception layer, human‐based physical attacks and natural disaster threats are required to be addressed and managed in the follow- ing ways: Secure sensor design Secure sensor deployment Secure infrastructure Efficient user authentication approach (biometric or smart card) to implement for legiti- mate access to physical devices and confidential information Implement efficient accessibility control mechanisms Efficient implementation of trust management Efficient hardware failure recovery schemes 8.5.2 Network Layer Security The middle layer in a three‐layer IoT architecture is Network (also known as Communication) layer. Network layer accepts processed information from perception layer and reroutes the received data to distant application interface(s) by using integrated networks, the Internet and other communication technologies. A number of communication technologies (i.e. WLAN, Wi‐Fi, Long‐Term Evolution [LTE], Bluetooth Low Energy [BLE], Bluetooth, 3G/4G/5G, PSTN, etc.) is integrated in IoT gateways that handle heterogenous types of data to or from different things to applications and vice versa. In addition to network operations, the Network layer in some cases enhances to perform information operations within the Cloud. Regardless of the presence of appropriate encryption techniques at IoT Perception layer, it is indispensable to deal network attacks that are responsible for the exchange of messages between different components of IoT systems. The well‐known IoT network layer attacks are: Jamming Attacks: Any kind of these attacks (constant, reactive, random, and deceptive) hampers node communication through the utilization of communication channel. Selective Forwarding Attacks: Malicious devices are used to demolish the established routing paths in network through planned prohibition of the transmission of few pack- ets, for example: ◦ Blackhole attack (malicious nodes do not allow passing of any packet through them) ◦ Neglect and Greed attack (malicious nodes restrict the forwarding of few packets) 184 8 IoT Security Sinkhole Attacks: Endanger the availability of services/system by advertising a certain path in network to directing all communication traffic on that path. Wormhole Attacks: Like Sinkhole attacks, these target the availability of the system where two malicious nodes start communication directly (ignoring intermediate relay nodes) with private links to accomplish deceitful one‐hop transmission. Sybil Attacks: Malicious devices create multiple legitimate identities and through their false impersonation control the network and able to transmit wrong information in IoT system. Hello Flood Attacks: Malicious nodes exploit specific network joining “hello” packet for- mats to claim itself a legal neighbor in IoT system. Traffic Analysis Attacks: Various software analysis packages (i.e. Wireshark, Cloudshark, Omnipeek, Kismet, etc.) consist of two components, i.e. sniffer and protocol analyzer that are used to capture network traffic and to perform decoding of packets for analysis purposes. These tools can be used by adversaries to get confidential information of IoT system. Strong encryption schemes can prevent the leakage of confidential information in an IoT system. Man‐in‐The‐Middle (MiTM) Attacks: Several attacks of these types (i.e. session hijacking, Address Resolution Protocol [ARP] poisoning, Domain Name Server [DNS] spoofing, Secure Socket Layer [SSL] spoofing, etc.) can be launched by an intruder for the purpose of illegal monitoring of ongoing transmission between two nodes in IoT system. Through the implication of encryption mechanisms and Intrusion Detection and Prevention System (IDPS), these attacks can be prevented. Spoofing Attacks: In IP spoofing and RFID spoofing attacks, the attacker spoofs valid network IP address and valid RFID tag information, respectively, to gain full control of IoT system to interrupt its normal working. Through secure identification, authentica- tion, and trust management, spoofing problems can be handled. Routing Protocol Attacks: The adversary manipulates the available routing information at IoT devices to create routing loops that eventually causes either increase network latency or failure of packet delivery at destination in an IoT system. Secure routing and securing of node identification or IP addresses information leakage can protect IoT system from such attacks. IoT protocols are implemented by different technologies or at different layers of TCP/IP protocol stack, i.e. IEEE 802.15.4, ZigBee, RPL, LoRaWAN, etc. to ensure confidentiality and integrity of devices’ communication in IoT system. IEEE 802.15.4 provides security mechanism at MAC layer by utilizing Advanced Encryption Standard (AES) to ensure ultimate security of higher layers of TCP/IP proto- col stack. In addition, related to access control, 802.15.4 has implemented access con- trol lists. ZigBee along with the utilization of 802.15.4 at MAC layer has also implemented security mechanism at network and application layers. In addition, ZigBee offers two security modes, i.e. standard security mode (without net- work key encryption) and high security mode (with network key encryption). RPL has provided routing security through the utilization of secure RPL packets and ensures the authenticity of information. ­IoT Architecture and IoT Securit 185 LoRaWAN has provided security through the provisioning of two security layers which deal with the authenticity and privacy issues of end nodes. 8.5.3 IoT Application Layer Security The application layer at the top of the three‐layer IoT architecture is responsible for the provisioning of services requested by the users of any IoT‐based smart system (smart health system, intelligent transportation system, smart building, smart industry, and smart city, etc.). In addition to the user‐requested services, application layer provides data services (i.e. BigData storage, data mining, data management, predictive modeling, etc.) to perform semantic data analysis. Therefore, IoT application layer can further be divided into two sublayers, i.e. support layer and service layer. 8.5.3.1 Security Threats at Support Layer of IoT Applications The main technologies at IoT Application Support sublayer are Fog and Cloud computing and main security issues are discussed as follows : Unauthorized Access: Concerns with the theft of authorized users’ credential information to access and utilize IoT system resources illegally. Secure authentication and efficient access control techniques can be used to inhibit these attacks. Malicious Insider: This kind of security issue arises due to granting of unusual level of trust on Edge resources and Cloud provider. Insecure Software Services: Provisioning of services (VMs, APIs, web applications, etc.) can be affected by malwares. However, these services are required to be protected by Cloud providers. Data Storage Risk: Data stored at edge and Cloud is prone to high security and privacy threats. 8.5.3.2 Security Threats at Service Layer of IoT Applications The security of IoT applications is highly dependent on all security mechanisms existing at the lower layers of IoT security architecture. However, the well‐known IoT Application layer attacks are given in the following: Malicious Scripts: Several online malicious scripts (in JavaScript, Active‐X) are commonly used to affect the normal functioning of IoT systems. Static/dynamic malicious code script detection schemes (i.e. honeypot) are used to protect IoT system against these kinds of attacks. Phishing Attacks: These include the spoofing of user credentials (i.e. used identification, password, credit card information, etc.) through the use of phishing websites and infected e‐mails in IoT systems. Secure authorization and intelligent vigilant surfing techniques can be applied to mitigate the effect of these kind of attacks. Virus Attacks: Malicious virus attacks (i.e. Trojan Horse) can be controlled through antivi- rus programs and firewall protection mechanisms in IoT systems. The support sublayer security mechanism controls the legitimacy of authorized users (through authentication and access control systems), which are interested to utilize available 186 8 IoT Security services. The service layer security mechanism includes the protection of application software, OS, and end‐user interfaces through the utilization of high‐level programming languages, i.e. Java, JavaScript, C++, and Python, etc. which assists to avoid insecure programming. 8.6 ­Multilayer Security Attacks DoS Attacks: By immense consumption of available resources, a perpetrator can render IoT services unavailable to genuine users of the IoT system. Cryptanalysis Attacks: Adversary obtained plain and ciphertext to infer the process and use of encryption keys. Spyware is a kind of malware attack that can be performed at all layers of IoT architec- ture stack and used to gather sensitive information (i.e. network traffic, confidential user credentials, and internal usage habits) of IoT systems. Botnets: A bot (robot) can be used as malware to perform DoS and payload attacks at lay- ers of IoT architecture stack. Rootkit: This is a kind of malware that can be installed on an IoT device and grant admin- istrator access privileges to an unauthorized user of IoT system. It may consist of antivi- rus disablers, password stealers, keystroke loggers, etc. and can be executed in all layers of IoT stack. 8.7 ­IoT Application Scenarios and IoT Security IoT application scenarios encompass different domain of real life, i.e. smart home, smart healthcare, smart vehicle, and smart city. Depending upon the nature of hardware, soft- ware, communication techniques, and integration of different technologies, security attacks can be launched in a variety of ways on these application scenarios. Moreover, in each IoT scenario, the attacker/hacker’s motivation is unique, and its severity depends on the nature of motivation that may range from simple data access to safety of human life in healthcare and automotive application domains. Discussion about IoT‐specific attacks is complementary to IoT security attacks that have been mentioned in previous sections. 8.7.1 Smart Home Security Home automation is possible through connection of several digital appliances through the use of IoT. IoT technology (consisting of sensors and communication) related to home automation may involve (local or remote) management of home devices to provide comfort and safety to home residents. Mostly, end users communicate through smart phones to control home appliances. Exploiting security breaches related to involved communication technologies, attacker can easily compromise the users’ security and privacy of home devices and related data, respectively. Table 8.1 illustrates security issues of smart home in terms of the vulnerabilities associated with few smart home devices. ­IoT Application Scenarios and IoT Securit 187 Table 8.1 Smart home devices, functionality, and associated security threats. Smart device Functionality Potential security threat Smart Lock Lock/unlock without physical key Lock/unlock by attackers to Lock/unlock through mobile device or enter/exit from home web interface Changing of lock/unlock Automatically lock after a specified password remotely period of time Turn off the alarm in case of Alarms ringing on forced entry or break‐in break‐ins Smart Bulb Light bulb controllable remotely through Control the turning on and off mobile application behavior of lights Scheduling of turning on/off and Overload power system by coloring of light bulbs turning on unnecessary lights Voice Turn devices on or off based on voice Steal private credentials from Automated Commands voice data Device Issue voice commands to order unwanted stocks by voice commands Steal voice data as credentials for use in other voice command systems Smart Vacuum Automatically map home layout and Monitor room activities and Cleaner conduct automatic and scheduled stealing of home layout cleaning in dry or wet mopping modes Smart Create grocery list and send order to Send order with modified Refrigerator shops through the Internet grocery list Set expiration data and send related Modify expiration date of food alerts to residents items in refrigerator or ruin food Suggest recipes based on available items by changing temperature ingredients Smart Toilet Allow users to remotely set water Turn water tap on and leave temperature and pressure water flowing without any need Sense and adjust right water amount to Remotely control smart toilet’s clean itself or for flushing wastes lid and flush nozzles Notify residents about needed supplies (e.g. toilet paper, soap, and air freshener) 8.7.2 Smart Healthcare Security The implication of IoT in healthcare provides several opportunities to help patients, doc- tors, caregivers, pharmacies, research organizations, and government healthcare authori- ties by offering different services; for example: patient monitoring real‐time data sharing in emergency situations sharing of medical/device/drug/patient data by hospitals sharing of medical supplies record in case of epidemic by pharmacies 188 8 IoT Security collection, analysis, management, and sharing of healthcare data by hospitals and gov- ernment authorities Concerning smart healthcare realization, RFID, body sensors, and various communica- tion technologies have been used for : the identification of patients and doctors locating patients and doctors collection, processing, transmission, and storage of patients’ vital sign data in real time by means of implanted/wearable devices Nevertheless, these IoT‐based healthcare systems are vulnerable to attacks that can even endanger patient’s life if security mechanism is not effectively implemented. The following are the main factors that make these system more appealing targets for attackers [26, 27]: Existence of wireless communications between implanted and wearable devices Pervasive usage of RFID technology (tags and readers) Lacking support of complex security algorithms due to the scarcity of energy and com- puting resources of IoT devices To empower the usage of IoT devices in smart health, it is important to understand the types of attacks and respective countermeasures from healthcare perspective. Concerning IoT healthcare system, attacks can be launched either by internal or external attackers which are mostly interested to get private information of patients or to make system una- vailable through DOS attacks. Table 8.2 presents the types of different security attacks on healthcare system with associated consequences. Table 8.2 Security attacks and potential threats to healthcare systems. Attack Approach Potential security threat DoS Attack Overburdens the healthcare IoT services become unavailable to genuine system with unknown traffic that users (patients, caregivers, doctors, etc.) of consumes available resources healthcare system Sensor Control sensor activity Engage sensors in frequently joining and Attack Replaces real sensor nodes with leaving of networks to drain out the energy fake nodes of network nodes The tampering of patients’ data Routing Modify routing table information Delivery of patient information to false Attack destination (i.e. fake doctor or fake hospital) Drop packets to not reach to intended destination Replay Malicious node evaluates the system Build trust and get unauthorized access to Attack to steal legitimate identification healthcare system to access private data information Select Malicious devices pretend as Drops data packets or do not allow passing Forwarding destination nodes of any packet through them Attack ­IoT Application Scenarios and IoT Securit 189 8.7.3 Smart Vehicle Security Smart cars, besides ensuring comfort and safety of drivers and passengers, improve road safety. Smart cars contain several electronic control units (ECU), i.e. engine control unit, on‐board diagnostics port, telematics unit and wireless communication unit to support het- erogenous connectivity with other vehicles, RSUs, and vehicular Cloud via gateways. Concerning the aspects of vehicle security threats, these elements can be grouped into three categories , i.e.: Under the hood elements including ECU, communication unit, and gateway. The ele- ments include in this category can be used at the preparation phase of the attack for reverse engineering purposes. Devices connected to car including mobile phone belonging to car owner/service user and third‐party user devices (in case of car sharing). Especially the mobile devices con- nected to vehicles are potential threat points to car security. For example, rooting or jail- breaking of mobile devices lead to the option of ongoing communication eavesdropping that ultimately enable direct‐access attacks. Communication technologies (i.e. WiFi, GSM, etc.) have vulnerabilities that can be exploited to perform spoofing and/or MiTM attacks to extort personal information from vehicular Cloud. Table 8.3 provides summary of the functionalities of few security attacks that can be launched in vehicular environment. Table 8.3 Security attack functionality in smart vehicle environment. Attack type Functionality MiTM Attack Session hijacking (obtain legitimate key to steal smart car, network data collection, etc.) DoS, DDoS Leads to Network failure or take over the control of smart car Attack Relay Attack Launch Passive Keyless Entry and Start (PKES) systems for theft. Messages are relayed between smart key and the smart car Jamming Attack Communication channel of smart vehicle is disturbed through heavily powered signal of equivalent frequency Blackhole Attack Suspected smart car receives the packets but declines to forward to other vehicles Eavesdropping Attacker obtains the confidential details of smart vehicles (vehicle identity, Attack owner identity, data location, etc.) and may disclose to nonregistered users GPS Spoofing Attacker creates false GPS location information to hide its position and to dodge other vehicles about its availability at a particular location Sybil Attack A suspected node produces many fake identities to manipulate other vehicles behavior Source: Based on Sheikh et al.. 190 8 IoT Security 8.7.4 Smart City Security/Privacy Concerns The conception of smart cities encompasses the monitoring, administration, management, and governance of whole city infrastructures related to health, education, traffic, energy resources, and natural environment through integrated IoT systems. These IoT systems ultimately consist of highly advanced integrated technologies (i.e. sensor, wireless net- works, embedded systems, Fog and Cloud computing, etc.) which are linked with end‐user devices. Therefore, the security and privacy of information flow within smart cities is important and difficult to implement. Influencing factors that mainly identify issues of information security and privacy in smart cities include Technological, Governance, and Socioeconomic factors. Security and privacy concerns related to these factors have been summarized in Table 8.4. Review Questions 8.1 Explain the categories of security constraints of IoT systems. 8.2 How are the information‐level security requirements different from functional‐level security requirements? 8.3 Describe the classification of security attacks in IoT systems. 8.4 Explain the types and functionality of security attacks at Perception, Network, and Application layers of IoT architecture. Table 8.4 Influencing factors and security/privacy concerns in smart cities. IoT Technological RFID Technology Eavesdropping, Spoofing, Jamming, DoS Factors WSN Technology DoS, MiTM, Relay Attacks Communication Authentication Attacks in Wi‐Fi, Bluetooth, ZigBee, Technology etc., Protocol Attacks, DoS, MiTM Mobile Phones Threats from GPS, Bluetooth, Wi‐Fi, etc., Threats Technology from Social Networking, Botnets, Malwares Smart Grid DoS, Message Replay Attacks, Malicious Data Injection Attacks Governance Factors Critical Infrastructure Threats to Health Sector, Threats to Energy and Power Supply, Disaster Management Issues Mobility Location privacy Utility Misuse of data, exploitation of resources Socioeconomic Individual Privacy Social Networking Issues, Smart Phone Usage, Factors Location Privacy E‐Commerce Cyber Attacks, Spoofing, Frauds, Data Integrity Banking Cyber Crimes, Phishing, Frauds, Data Integrity ­IoT Application Scenarios and IoT Securit 191 8.5 Briefly describe the functionality of three multilayer security attacks. 8.6 Illustrate security issues of smart home devices (shown in Figure 8.4) in terms of associated vulnerabilities. 8.7 Consider that attackers exploit the vulnerability in keyless entry/start systems using a digital theft technique called the relay attack (as shown in Figure 8.5). A Explain the step‐by‐step working of a relay attack in this scenario. B How you can secure smart vehicles from a relay attack? C How will security be enabled when the key is lost temporarily or permanently? Figure 8.4 Figure for review question 8.6. Source: Sicari et al.. Figure 8.5 Figure for review question 8.7. Source: Evans. 192 8 IoT Security 8.8 Considering IoT‐complaint keyless entry systems for smart home: Explain how it works with WiFi and Bluetooth enabled communication devices. Explain how security would be enabled if the key is damaged or lost temporarily/ permanently. Describe how this scenario is different from smart key fob for vehicles. References 1 Ling, Z., Liu, K., Xu, Y. et al. (2017). An end‐to‐end view of IoT security and privacy. In: IEEE Global Communications (GLOBECOM) Conference, 1–7. IEEE. 2 Chirgwin, R.(2016). Get pwned: Web CCTV cams can be hijacked by single HTTP request‐ server buffer overflow equals remote control. www.theregister.co.uk/2016/11/30/ iot_cameras_compromised_by_long_url. 3 Hilton, S. (2016). Dyn analysis summary of Friday October 21 attack. https://dyn.com/ blog/dyn‐analysis‐summary‐of‐friday‐october‐21‐attack. 4 Antonakakis, M., April, T., and Bailey, M. (2017). Understanding the mirai botnet. In: 26th USENIX Security Symposium, 1093–1110. USENIX Association. 5 Ling, Z., Liu K., Xu Y. et al. (2018). IoT security: an end‐to‐end view and case study. arXiv preprint arXiv:1805.05853, 2018. 6 Hossain, M.M., Fotouhi, M., and Hasan, R. (2015). Towards an analysis of security issues, challenges, and open problems in the internet of things. In: IEEE World Congress on Services, 21–28. IEEE. 7 Grammatikis, P.I.R., Sarigiannidis, P.G., and Moscholios, I.D. (2019). Securing the Internet of Things: challenges, threats and solutions. Internet of Things 5: 41–70. 8 Kharchenko, V., Kolisnyk, M., Piskachova, I. et al. (2016). Reliability and security issues for IoT‐based smart business center: architecture and Markov model. In: 2016 Third International Conference on Mathematics and Computers in Sciences and in Industry (MCSI), 313–318. IEEE. 9 Hassan, W.H. (2019). Current research on internet of things (IoT) security: a survey. Computer Networks 148: 283–294. 10 Lin, J., Yu, W., Zhang, N. et al. (2017). A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal 4 (5): 1125–1142. 11 Capkun, S., Buttyán, L., and Hubaux, J.‐P. (2003). Self‐organized public‐key management for mobile ad hoc networks. IEEE Transactions on Mobile Computing 2 (1): 52–64. 12 Yang, X., Lin, J., Yu, W. et al. (2013). A novel en‐route filtering scheme against false data injection attacks in cyber‐physical networked systems. IEEE Transactions on Computers 64 (1): 4–18. 13 Aman, M.N., Sikdar, B., Chua, K.C. et al. (2018). Low power data integrity in IoT systems. IEEE Internet of Things Journal 5 (4): 3102–3113. 14 Wachter, S. (2018). Normative challenges of identification in the Internet of Things: privacy, profiling, discrimination, and the GDPR. Computer Law and Security Review 34 (3): 436–449. ­IoT Application Scenarios and IoT Securit 193 15 Liu, J., Xiao, Y., and Chen, C.P. (2012). Authentication and access control in the internet of things. In: IEEE 32nd International Conference on Distributed Computing Systems Workshops, 58–592. IEEE. 16 Chuang, M.‐C. and Lee, J.‐F. (2013). TEAM: trust‐extended authentication mechanism for vehicular ad hoc networks. IEEE Systems Journal 8 (3): 749–758. 17 Airehrour, D., Gutierrez, J., and Ray, S.K. (2016). Secure routing for internet of things: a survey. Journal of Network and Computer Applications 66: 198–213. 18 Maheswari, S.U., Usha, N., Anita, E.M. et al. (2016). A novel robust routing protocol RAEED to avoid DoS attacks in WSN. In: IEEE International Conference on Information Communication and Embedded Systems (ICICES), 1–5. IEEE. 19 Rizvi, S., Kurtz, A., Pfeffer, J. et al. (2018). Securing the internet of things (IoT): a security taxonomy for IoT. In: IEEE 17th International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), 163–168. IEEE. 20 Yang, Y., Wu, L., Yin, G. et al. (2017). A survey on security and privacy issues in internet‐of‐ things. IEEE Internet of Things Journal 4 (5): 1250–1258. 21 Alam, S. and De, D. (2014), Analysis of security threats in wireless sensor network. arXiv preprint arXiv:1406.0298. 22 Mayzaud, A., Badonnel, R., and Chrisment, I. (2016, 2016). A taxonomy of attacks in RPL‐based Internet of Things. International Journal of Network Security, ACEEE a Division of Engineers Network 18 (3): 459–473. 23 Mahmood, Z. (2019). Security, Privacy and Trust in the IoT Environment. Springer. 24 Chen, K., Zhang, S., Li, Z. et al. (2018). Internet‐of‐things security and vulnerabilities: taxonomy, challenges, and practice. Journal of Hardware and Systems Security 2 (2): 97–110. 25 Chang, Z. (2019). IoT device security locking out risks and threats to smart homes. In: Trend Micro Research. https://documents.trendmicro.com/assets/white_papers/IoT‐ Device‐Security.pdf. 26 Poslad, S. (2011). Ubiquitous Computing: Smart Devices, Environments and Interactions. Wiley. 27 Abie, H. and Balasingham, I. (2012). Risk‐based adaptive security for smart IoT in eHealth. In: Proceedings of the 7th International Conference on Body Area Networks, 269–275. 28 Butt, S.A., Diaz‐Martinez, J.L., Jamal, T. et al. (2019). IoT smart health security threats. In: IEEE 19th International Conference on Computational Science and Its Applications (ICCSA), 26–31. IEEE. 29 Bécsi, T., Aradi, S., and Gáspár, P. (2015). Security issues and vulnerabilities in connected car systems. In: IEEE International Conference on Models and Technologies for Intelligent Transportation Systems (MT‐ITS), 477–482. IEEE. 30 Sheikh, M.S., Liang, J., and Wang, W. (2019). A survey of security services, attacks, and applications for vehicular ad hoc networks (VANETs). Sensors 19 (16): 3589. 31 Ijaz, S., Shah, M.A., Khan, A. et al. (2016). Smart cities: a survey on security concerns. International Journal of Advanced Computer Science and Applications 7 (2): 612–625. 32 Sicari, S., Rizzardi, A., Miorandi, D. et al. (2018). Securing the smart home: a real case study. Internet Technology Letters 1 (3): e22. 33 Evans, C., Keyless car theft: what is a relay attack, how can you prevent it, and will your car insurance cover it? (2020). https://leasing.com/car‐leasing‐news/ relay‐car‐theft‐what‐is‐it‐and‐how‐can‐you‐avoid‐it.

Use Quizgecko on...
Browser
Browser