Chapter-08-IoT-Security.pdf

Full Transcript

173

8

IoT Security

LEARNING OBJECTIVES
After studying this chapter, students will be able to:
describe security constraints in IoT systems
elaborate security requirements of IoT systems
classify the nature of IoT attacks
analyze the security threats at each layer of IoT architecture
design secure IoT system for specific application

8.1 ­IoT Systems and Security Constraints

With the proliferation and increased utilization of low cost IoT devices, societies will
become more connected and hence will be more susceptible to cyber‐attacks. The imple-
mentation of security mechanism in IoT systems is different and more challenging than
application of security in conventional wired and wireless networks. For better compre-
hension about the issues of IoT security, as a prerequisite it is essential to overview the
working and connectivity of fundamental components of IoT ecosystems (i.e. smart things,
coordinator, IoT gateway, network [internet/Internet], IoT Cloud, IoT applications, and
end‐user devices) as shown in Figure 8.1.
IoT Smart Thing: Smart things (consisting of sensors, communication interfaces, operating
systems, and actuators) are mainly responsible for the collection of sensor data and its
transmission to the connected coordinator or gateway.
Coordinator: Coordinator is responsible for the management of associated multiple smart
devices (or sometimes sensors).
Networking Infrastructure: Different types of wired and wireless networks including Wi‐Fi,
Bluetooth, ZigBee, LoRAWAN, etc. enable the connectivity and communication of smart
things to the Internet Protocol (IP)‐based network infrastructure through IoT Gateways.
IoT Gateway: IoT gateway can be a dedicated physical device or software that assists con-
nectivity between devices and Cloud. At one end, IoT gateway is connected to sensor
devices or coordinator and on the other side with the IoT Cloud. Sensor‐acquired data

Enabling the Internet of Things: Fundamentals, Design, and Applications, First Edition.
Muhammad Azhar Iqbal, Sajjad Hussain, Huanlai Xing, and Muhammad Ali Imran.
© 2021 John Wiley & Sons Ltd. Published 2021 by John Wiley & Sons Ltd.
174 8 IoT Security

moving toward the IoT Cloud passes through the gateway that preprocesses the sensor
data at the edge. Preprocessing on large volumes of sensor data involves the compression
of aggregated data to reduce transmission costs. IoT gateway performs the translation of
different network protocols to support interoperability of smart things and connected
devices.
In literature, sometimes the terms coordinator and gateway have been used interchangea-
bly, and sometimes coordinator also performs the job of gateway, i.e. preprocessing and
transmission of data to the Cloud.
IoT Cloud: IoT Cloud is a network of high‐performance servers that stores, processes, and
manages massive amounts of data for analysis.
End‐User Devices: IoT applications are accessible to the user on mobile and other comput-
ing devices. Modern technology related to mobile and web interfaces has high signifi-
cance as it offers a considerable interactive and user‐friendly style to improve customer
experience.
IoT Applications: IoT applications available on IoT Cloud are globally accessible to users.
Covering all domains of IoT applications (e.g. from simple home/building automation to
complex industrial automation), IoT security includes the physical device security, data
security, network security, and Cloud security to protect IoT systems from a broad spec-
trum of IoT specific attacks. However, the actual practice of security approaches on
diverse range of IoT devices is challenging and demands the acquaintance of associated
security constrains.
Concerning the implication of security in IoT systems, besides the identification of IoT
system components, it is also important to consider the end‐to‐end view of IoT systems to

IoT System End Users

INTERNET SERVICE

IoT Cloud

IoT Gateways/Edge/Fog Computing

IoT coordinator

IP-Based and Non-IP-Based Smart Things
OBU
AU

Figure 8.1 IoT ecosystem.
 ­IoT Systems and Security Constraint 175

identify the correspondence of basic functionalities to various components of IoT Systems
, for example:
Upgrading of smart thing firmware (e.g. any piece of code for sensing)
Pairing of smart things with concerned controller device (e.g. IoT Coordinator)
Binding involves the configuration of smart things through controller (binding of thing
to the Internet through controller)
Local Authentication of controller to a port that is open on a smart thing
Local Control of smart things through commands from controller (e.g. IoT Coordinator
and local wireless connection)
Remote Authentication and Remote Control are required in case the controller is con-
nected to smart things through the Internet
Sensing and Notification of smart things to controller
Data Analytics performed on Edge devices or Fog nodes
BigData Analytics performed on Cloud
Considering functionalities of IoT components, it becomes evident that IoT systems are
exposed to two types of threats, i.e. threats against IoT and threats from IoT, and are espe-
cially very attractive for hackers.
Examples of threats against IoT includes:
IP camera hacking through buffer overflow attacks
A Distributed Denial‐of‐Service (DDoS) attack on Dyn Servers
Botnet attack to hack IoT devices
SQL injection attacks
Threats from IoT include cross‐site scripting attack that are launched to access private
data/resources in IoT systems and privacy risk of people from Unmanned Aerial Vehicle
(UAV).
In addition to these two types of threats, IoT devices at sensing level are fundamentally
resource‐constrained in terms of hardware, software, and communication. These limita-
tions of IoT devices must be taken into account before developing security mechanisms in
IoT system. Moreover, these limitations hinder the employment of traditional crypto-
graphic algorithms in IoT systems. The main security constraints are based on limitation of
associated IoT hardware, software, and network/communication equipment.

8.1.1 IoT Security Constraints Based on Hardware Limitations
IoT sensing devices have energy and computing limitation in terms of small battery and
low‐power CPU with low clock rate, respectively. Therefore, computationally expensive
security algorithms cannot be implemented on these devices.
Sensing devices in IoT systems have limited storage capacity and hence demand memory
efficient security approaches.
Tamper‐resistant security algorithms are preferred for remotely deployed unattended
IoT devices.
176 8 IoT Security

8.1.2 IoT Security Constraints Based on Software Limitations
Robust communication protocol stack and dynamic security patches are difficult to be
implemented on thin embedded operating systems installed on IoT sensing devices.

8.1.3 IoT Security Constraints Based on Communication Limitations
Device heterogeneity, scalability, presence of multiple communication interfaces/proto-
cols, and portability/mobility characteristics limit the employment of conventional secu-
rity protocols in IoT systems.
These IoT security constraints of exclusive nature are required to be addressed to prevent
the risks and threats of personal information misuse. In addition to the consideration of
these limitations of IoT devices, numerous other IoT security requirements are essential to
be addressed [7–9].

8.2 ­IoT Security Requirements

IoT security requirements can be of different types, i.e. :
Information‐level security requirements
Access‐level security requirements
Functional‐level security requirements

8.2.1 Information-level Security Requirements
Confidentiality: Data accessibility to only authorized individuals and assurance about the
protection of data privacy and proprietary information (anonymity or hiding data source)
is known as confidentiality. It hinders the eavesdropping and interference of unauthor-
ized users. In IoT systems, data confidentiality is essential as the sources of large vol-
umes of data are RFID devices that are exposed to neighboring devices. Several
approaches of secure key management have been proposed in literature to achieve data
confidentiality in IoT systems [10, 11].
Integrity: Integrity prevents the tampering of sensor data and modifications of IoT devices
by unauthorized individuals and other smart objects. Due to the sensitivity of sensed
data, integrity is crucial in IoT applications because the forged data or incorrect feedback
can be hazardous for the normal operation of IoT systems. To implement integrity, a
number of secure data schemes (i.e. false data filtering techniques and blockchain‐
based integrity) have been proposed in literature. Due to high overhead, conven-
tional integrity approaches are not suitable for energy‐constrained IoT sensing devices.
Therefore, low‐power data integrity techniques are also proposed.
Non‐repudiation: Non‐repudiation ensures the certainty against the denial of sent mes-
sages/data claims.
Freshness: It confirms the recency of sent or received messages/data in IoT systems.
 ­Security Challenge 177

8.2.2 Access-level Security Requirements
Authorization: Authorization guarantees the access of authorized users/devices to access
resources.
Identification and Authenticity: Identification ensures the authorization of devices in an
IoT system, and authentication ensures the credibility of information/transaction and
legitimacy of requester’s IoT applications/devices. Due to the involvement of various
factors (i.e. device heterogeneity, scalability, and complexity), conventional authentica-
tion approaches (i.e. password‐protection, preshared secrets, and public‐key cryptosys-
tems) are not feasible to implement in IoT systems. Therefore, for the identification and
authentication of IoT devices/information, different mechanisms have been developed
[14–16].
Access control: It confirms the authenticated IoT devices’ ability of accessing authorized
resources only.

8.2.3 Functional Security Requirements
Availability: Availability refers to the assurance of IoT information and computing
resources’ (i.e. sensors, computing system, network, and storage) availability at the time
of demand or in the case of power loss and failures. In IoT systems, availability is critical
as IoT services are required to provide and receive data in real time. Secured and efficient
routing techniques have been proposed for guaranteed delivery of messages in IoT sys-
tems. Few routing schemes have been proposed to avoid Denial‐of‐Service (DoS)
attacks.
Exception Handling and Resiliency: Exception handling and resiliency ensures liveliness
and normal working of IoT devices in case of hardware malfunctioning and software
glitches.
Self‐organization: This confirms the adequate level of security in IoT systems even in cases
of devices’ failure or energy drainage.

8.3 ­Security Challenges

Considering the security constraints and requirements of machine‐to‐machine and
human‐to‐machine interactions in IoT systems, several challenges are required to be
addressed:
Efficient Cryptography Techniques: Cryptographic algorithms/techniques must be effi-
cient enough to execute on resource‐constrained IoT devices.
Interoperability: Security procedure must not limit the functional capability of IoT device.
Scalable Solution: Security mechanism must be able to cope with the scalability of IoT
systems.
Privacy Protection: Personal data must not be identifiable to attackers.
178 8 IoT Security

Resilience to Physical Attacks: Protection is required from hardware theft/damage and
natural disaster.
Autonomous Control: Autonomous configuration settings mechanism of IoT devices is
required to be developed.
Cloud Security: Large volumes of personal information stored on IoT devices demand
high security

8.4 ­Taxonomy of IoT Security Threats/Attacks

IoT security attacks and threats have been classified in a number of ways. Figure 8.2 pro-
vides a comprehensive classification of IoT security attacks [6, 19, 20].

8.4.1 IoT Security Attacks Based on Device Category
IoT devices can be categorized as low‐power devices and high‐power devices. IoT attack
launched with low‐power devices can be disastrous enough to change the normal behav-
ior of devices in IoT system. For example, home appliances can be controlled remotely
through short‐range wireless capabilities of low‐power smart watches. On the other
hand, high‐power devices (workstations, laptops, desktops, etc.) are also capable to
launch attacks from anywhere through the use of the Internet which result in fatal errors
in IoT systems.

8.4.2 Attacks Based on Access Level
Passive and active security attacks affect the confidentiality and integrity of IoT systems,
respectively. Passive attacks threaten the confidentiality of IoT system through the moni-
toring of ongoing transmission and eavesdropping without an interruption. Active attacks
are launched to disrupt the network communication and alter the information of ongoing
transmission. In other words, active attacks threaten both the confidentiality and integrity
of IoT systems [6, 21, 22].

8.4.3 Attacks Based on Attacker’s Location
Internal attacks are launched by attackers that are residing inside the network of IoT sys-
tem and execute malicious programs of different nature. On the other hand, external
attacks are launched outside of native network (through public network) with unauthor-
ized remote access.

8.4.4 Attacks Based on Attack Strategy
Physical attacks include the physical impairment or damage to devices’ configuration and
properties in IoT system. Contrary, logical attacks affect the functionality of IoT system
without physical involvement.
 IoT Security Attacks

Attacks Based on
Attacks Based on Attacks Based on Attacks Based on Attacks Based on Host-based Protocol-based
Information
Device Category Access Level Attacker Location Attack Strategy Attacks Attacks
Damage Level
Low-power Devices Attacks Active Attacks Internal Attacks Physical Attacks Eavesdropping H/W Compromise Jamming
Alteration Tampering
High-power Devices Attacks Passive Attacks External Attacks Logical Attacks S/W Compromise
Message Replay Flooding
User Compromise
Interruption
Unfair Channel Access

Packet Collision

Figure 8.2 Classification of IoT security attacks.
180 8 IoT Security

8.4.5 Attacks Based on Information Damage Level
Information damage at different levels is possible through man‐in‐the‐middle attack, i.e.:
Eavesdropping: Passive listening of ongoing transmission.
Alteration: Unauthorized access and tampering of information.
Fabrication: Deliberate way of introducing false information to create misperception in
ongoing communication.
Message Replay: Affects the communication in terms of message freshness.
Interruption: Unavailability of services through disruption or disaster.

8.4.6 Host-based IoT Attacks
These attacks target private sensitive information that is part of hardware and embedded
software on IoT devices including:
User Compromise: Entrapping of user to disclose security credentials.
Software Compromise: Exploiting the vulnerabilities of system’s software on IoT device.
Hardware Compromise: Tampering of IoT device hardware to extract embedded
information.

8.4.7 Protocol-based Attacks
These types of attacks imperil service availability by deviating either from the normal
working of standard communication protocols, i.e. at different layers of Transmission
Control Protocol (TCP)/IP or from communication stack (including Physical, Data Link,
Network, Transport, and Application). Jamming, tampering, packet collision, unfairness of
channel access, wormhole, and flooding are examples of these kinds of attacks [7, 23]. In
addition, attacks related to the disruption of standard protocol (i.e. malicious attack on data
aggregation protocol, key management protocol, information extraction protocol, etc.) are
also part of this category.

8.5 ­IoT Architecture and IoT Security

Concerning the requisites of specific IoT application, a robust security mechanism is
required to be identified and developed. However, IoT security problems and possible solu-
tions can be best described at different layers of IoT architecture. Therefore, the three‐layer
IoT architecture (consisting of Perception, Network, and Application layers) mentioned in
Chapter 1 of this book has been taken to explain IoT security problems and possible coun-
termeasures as shown in Figure 8.3.

8.5.1 Perception Layer Security
Perception layer at the bottom of IoT architecture is responsible for the collection of vari-
ous types of information through physical sensors or components of smart things (i.e.
 Issues
–Unauthorized Access
Attacks
–Malicious Insider –Malicious Script

–Insecure Software Services –Phishing Attack

Application Layer
–Data Security –Virus Attack

Attacks
–Jamming Attacks

–Selective Forwarding Attacks
Issues
–Internet Security –Wormhole Attacks

–Ad hoc Network Security –Sinkhole Attacks

Network Layer
–WLAN Security –Sybil Attacks

–WPAN Security –Man-in-the-middle Attack

–3G/4G/5G Security –Traffic Analysis Attacks

Multilayer Security Attacks
– DoS Attack
– Cryptanalysis Attack
– Botnets
– Rootkit
RFID Security WSN Security Attacks
–Discovery of Anomalous Sensor nodes –Node Capture Attacks
–Reader security
–Physical/MAC/Routing Protocol Security –Malicious Code Injection
–Tag encoding security
–Sensor GPS Security –Malicious Data Injection
–Tag counterfeit security –Security Key Management –Replay Attacks

Perception Layer
–Privacy of Sensitive Data –Eavesdropping and Interference

Figure 8.3 IoT architecture and security issues/attacks.
182 8 IoT Security

RFID, sensors, Implantable Medical Devices [IMDs], Global Positioning System [GPS],
etc.). In other words, the main functionality at perception layer is related to the recognition
and perception of environmental factors (i.e. temperature, humidity, pressure, light, sound,
etc.) through the use of low‐power and nanoscale technology in smart things. Moreover,
this layer controls the transmission or exchange of processed information to upper network
layer via service interfaces. Perception node and perception network are two parts of per-
ception layer that is used for data acquisition and communication, respectively.
Concerning security, following challenges are required to be addressed at perception
layer:
RFID Security Issues:
◦ Reader security
◦ Tag encoding security
◦ Tag counterfeit security
Wireless Sensor Network (WSN) security issues
◦ Discovery of physically attacked anomalous (or faulty) sensor nodes to restrict further
degradation of sensor network by using faulty node detection algorithm and decen-
tralized intrusion detection algorithm
◦ Physical/Medium Access Control (MAC)/Routing Protocol Security
◦ Sensor GPS security
◦ Management of security key (including key generation, storage, distribution, updat-
ing, and destruction of security key)
◦ Selection/Implementations of appropriate cryptographic algorithms (i.e. Low‐power
public key algorithms), e.g. NtruEncrypt and Elliptic Curve Cryptography
◦ Privacy of sensitive data (i.e. medical data from body sensors and IMD devices) while
preserving anonymity
RFID‐Sensor Network (RSN) security issues:
◦ Sensor + tag security
◦ Sensor + RFID tag reader security
Prevention from damage in case of natural disasters
Prevention from damage/misuse of physical infrastructure from human activity
The following are the types of attacks that can be launched at perception layer , for
example,
Node Capture Attacks: Include the controlling of IoT device(s) via hardware tampering or
physical node replacement to capture sensitive and important information of IoT system.
Malicious Code Injection Attacks: Attacker injects malicious code that changes the execu-
tion course to perform illegal functions in IoT system, i.e. controlling of system and
transmission of sensitive information to the outside network. These attacks are possible
through improper handling and validation of inputs and outputs of a system.
Malicious Data Injection Attacks: Injection of false data in captured node to affect the
normal working of IoT system.
Replay Attacks: Adversary exploits malicious node in IoT system to steal and transmit
legitimate identification information to the destination host for further correspondence.
 ­IoT Architecture and IoT Securit 183

Eavesdropping and Interference: Wireless communication among various IoT devices is
serious vulnerability in terms of eavesdropping and interference. Through eavesdrop-
ping, unauthorized users or malicious nodes are able to retrieve private and sensitive
information. Encryption, key management, and noise filtering techniques can protect
system from these types of attacks.
Sleep Deprivation Attacks: Sensing devices in IoT system are energy‐constrained and are
automated to follow alternate sleeping and awaking period to save energy. Sleep depriva-
tion attacks disrupt the sleeping schedule and keep the node awake till the drainage of
whole node energy. Energy‐harvesting techniques can be implemented to utilize energy
from environmental sources.
Concerning security implementation at perception layer, human‐based physical attacks
and natural disaster threats are required to be addressed and managed in the follow-
ing ways:
Secure sensor design
Secure sensor deployment
Secure infrastructure
Efficient user authentication approach (biometric or smart card) to implement for legiti-
mate access to physical devices and confidential information
Implement efficient accessibility control mechanisms
Efficient implementation of trust management
Efficient hardware failure recovery schemes

8.5.2 Network Layer Security
The middle layer in a three‐layer IoT architecture is Network (also known as Communication)
layer. Network layer accepts processed information from perception layer and reroutes the
received data to distant application interface(s) by using integrated networks, the Internet
and other communication technologies. A number of communication technologies (i.e.
WLAN, Wi‐Fi, Long‐Term Evolution [LTE], Bluetooth Low Energy [BLE], Bluetooth,
3G/4G/5G, PSTN, etc.) is integrated in IoT gateways that handle heterogenous types of data
to or from different things to applications and vice versa. In addition to network operations,
the Network layer in some cases enhances to perform information operations within the
Cloud. Regardless of the presence of appropriate encryption techniques at IoT Perception
layer, it is indispensable to deal network attacks that are responsible for the exchange of
messages between different components of IoT systems.
The well‐known IoT network layer attacks are:
Jamming Attacks: Any kind of these attacks (constant, reactive, random, and deceptive)
hampers node communication through the utilization of communication channel.
Selective Forwarding Attacks: Malicious devices are used to demolish the established
routing paths in network through planned prohibition of the transmission of few pack-
ets, for example:
◦ Blackhole attack (malicious nodes do not allow passing of any packet through them)
◦ Neglect and Greed attack (malicious nodes restrict the forwarding of few packets)
184 8 IoT Security

Sinkhole Attacks: Endanger the availability of services/system by advertising a certain
path in network to directing all communication traffic on that path.
Wormhole Attacks: Like Sinkhole attacks, these target the availability of the system where
two malicious nodes start communication directly (ignoring intermediate relay nodes)
with private links to accomplish deceitful one‐hop transmission.
Sybil Attacks: Malicious devices create multiple legitimate identities and through their
false impersonation control the network and able to transmit wrong information in
IoT system.
Hello Flood Attacks: Malicious nodes exploit specific network joining “hello” packet for-
mats to claim itself a legal neighbor in IoT system.
Traffic Analysis Attacks: Various software analysis packages (i.e. Wireshark, Cloudshark,
Omnipeek, Kismet, etc.) consist of two components, i.e. sniffer and protocol analyzer
that are used to capture network traffic and to perform decoding of packets for analysis
purposes. These tools can be used by adversaries to get confidential information of IoT
system. Strong encryption schemes can prevent the leakage of confidential information
in an IoT system.
Man‐in‐The‐Middle (MiTM) Attacks: Several attacks of these types (i.e. session hijacking,
Address Resolution Protocol [ARP] poisoning, Domain Name Server [DNS] spoofing,
Secure Socket Layer [SSL] spoofing, etc.) can be launched by an intruder for the purpose
of illegal monitoring of ongoing transmission between two nodes in IoT system. Through
the implication of encryption mechanisms and Intrusion Detection and Prevention
System (IDPS), these attacks can be prevented.
Spoofing Attacks: In IP spoofing and RFID spoofing attacks, the attacker spoofs valid
network IP address and valid RFID tag information, respectively, to gain full control of
IoT system to interrupt its normal working. Through secure identification, authentica-
tion, and trust management, spoofing problems can be handled.
Routing Protocol Attacks: The adversary manipulates the available routing information at
IoT devices to create routing loops that eventually causes either increase network latency
or failure of packet delivery at destination in an IoT system. Secure routing and securing
of node identification or IP addresses information leakage can protect IoT system from
such attacks.
IoT protocols are implemented by different technologies or at different layers of TCP/IP
protocol stack, i.e. IEEE 802.15.4, ZigBee, RPL, LoRaWAN, etc. to ensure confidentiality
and integrity of devices’ communication in IoT system.
IEEE 802.15.4 provides security mechanism at MAC layer by utilizing Advanced
Encryption Standard (AES) to ensure ultimate security of higher layers of TCP/IP proto-
col stack. In addition, related to access control, 802.15.4 has implemented access con-
trol lists.
ZigBee along with the utilization of 802.15.4 at MAC layer has also implemented security
mechanism at network and application layers.
In addition, ZigBee offers two security modes, i.e. standard security mode (without net-
work key encryption) and high security mode (with network key encryption).
RPL has provided routing security through the utilization of secure RPL packets and
ensures the authenticity of information.
 ­IoT Architecture and IoT Securit 185

LoRaWAN has provided security through the provisioning of two security layers which
deal with the authenticity and privacy issues of end nodes.

8.5.3 IoT Application Layer Security
The application layer at the top of the three‐layer IoT architecture is responsible for the
provisioning of services requested by the users of any IoT‐based smart system (smart health
system, intelligent transportation system, smart building, smart industry, and smart city,
etc.). In addition to the user‐requested services, application layer provides data services (i.e.
BigData storage, data mining, data management, predictive modeling, etc.) to perform
semantic data analysis. Therefore, IoT application layer can further be divided into two
sublayers, i.e. support layer and service layer.

8.5.3.1 Security Threats at Support Layer of IoT Applications
The main technologies at IoT Application Support sublayer are Fog and Cloud computing
and main security issues are discussed as follows :
Unauthorized Access: Concerns with the theft of authorized users’ credential information
to access and utilize IoT system resources illegally. Secure authentication and efficient
access control techniques can be used to inhibit these attacks.
Malicious Insider: This kind of security issue arises due to granting of unusual level of trust
on Edge resources and Cloud provider.
Insecure Software Services: Provisioning of services (VMs, APIs, web applications, etc.) can
be affected by malwares. However, these services are required to be protected by Cloud
providers.
Data Storage Risk: Data stored at edge and Cloud is prone to high security and privacy
threats.

8.5.3.2 Security Threats at Service Layer of IoT Applications
The security of IoT applications is highly dependent on all security mechanisms existing at
the lower layers of IoT security architecture. However, the well‐known IoT Application
layer attacks are given in the following:
Malicious Scripts: Several online malicious scripts (in JavaScript, Active‐X) are commonly
used to affect the normal functioning of IoT systems. Static/dynamic malicious code
script detection schemes (i.e. honeypot) are used to protect IoT system against these
kinds of attacks.
Phishing Attacks: These include the spoofing of user credentials (i.e. used identification,
password, credit card information, etc.) through the use of phishing websites and
infected e‐mails in IoT systems. Secure authorization and intelligent vigilant surfing
techniques can be applied to mitigate the effect of these kind of attacks.
Virus Attacks: Malicious virus attacks (i.e. Trojan Horse) can be controlled through antivi-
rus programs and firewall protection mechanisms in IoT systems.
The support sublayer security mechanism controls the legitimacy of authorized users
(through authentication and access control systems), which are interested to utilize available
186 8 IoT Security

services. The service layer security mechanism includes the protection of application software,
OS, and end‐user interfaces through the utilization of high‐level programming languages, i.e.
Java, JavaScript, C++, and Python, etc. which assists to avoid insecure programming.

8.6 ­Multilayer Security Attacks

DoS Attacks: By immense consumption of available resources, a perpetrator can render
IoT services unavailable to genuine users of the IoT system.
Cryptanalysis Attacks: Adversary obtained plain and ciphertext to infer the process and
use of encryption keys.
Spyware is a kind of malware attack that can be performed at all layers of IoT architec-
ture stack and used to gather sensitive information (i.e. network traffic, confidential user
credentials, and internal usage habits) of IoT systems.
Botnets: A bot (robot) can be used as malware to perform DoS and payload attacks at lay-
ers of IoT architecture stack.
Rootkit: This is a kind of malware that can be installed on an IoT device and grant admin-
istrator access privileges to an unauthorized user of IoT system. It may consist of antivi-
rus disablers, password stealers, keystroke loggers, etc. and can be executed in all layers
of IoT stack.

8.7 ­IoT Application Scenarios and IoT Security

IoT application scenarios encompass different domain of real life, i.e. smart home, smart
healthcare, smart vehicle, and smart city. Depending upon the nature of hardware, soft-
ware, communication techniques, and integration of different technologies, security
attacks can be launched in a variety of ways on these application scenarios. Moreover, in
each IoT scenario, the attacker/hacker’s motivation is unique, and its severity depends on
the nature of motivation that may range from simple data access to safety of human life in
healthcare and automotive application domains. Discussion about IoT‐specific attacks
is complementary to IoT security attacks that have been mentioned in previous sections.

8.7.1 Smart Home Security
Home automation is possible through connection of several digital appliances through the
use of IoT. IoT technology (consisting of sensors and communication) related to home
automation may involve (local or remote) management of home devices to provide comfort
and safety to home residents. Mostly, end users communicate through smart phones to
control home appliances. Exploiting security breaches related to involved communication
technologies, attacker can easily compromise the users’ security and privacy of home
devices and related data, respectively. Table 8.1 illustrates security issues of smart
home in terms of the vulnerabilities associated with few smart home devices.
 ­IoT Application Scenarios and IoT Securit 187

Table 8.1 Smart home devices, functionality, and associated security threats.

Smart device Functionality Potential security threat

Smart Lock Lock/unlock without physical key Lock/unlock by attackers to
Lock/unlock through mobile device or enter/exit from home
web interface Changing of lock/unlock
Automatically lock after a specified password remotely
period of time Turn off the alarm in case of
Alarms ringing on forced entry or break‐in
break‐ins
Smart Bulb Light bulb controllable remotely through Control the turning on and off
mobile application behavior of lights
Scheduling of turning on/off and Overload power system by
coloring of light bulbs turning on unnecessary lights
Voice Turn devices on or off based on voice Steal private credentials from
Automated Commands voice data
Device Issue voice commands to order
unwanted stocks by voice
commands
Steal voice data as credentials for
use in other voice command
systems
Smart Vacuum Automatically map home layout and Monitor room activities and
Cleaner conduct automatic and scheduled stealing of home layout
cleaning in dry or wet mopping modes
Smart Create grocery list and send order to Send order with modified
Refrigerator shops through the Internet grocery list
Set expiration data and send related Modify expiration date of food
alerts to residents items in refrigerator or ruin food
Suggest recipes based on available items by changing temperature
ingredients
Smart Toilet Allow users to remotely set water Turn water tap on and leave
temperature and pressure water flowing without any need
Sense and adjust right water amount to Remotely control smart toilet’s
clean itself or for flushing wastes lid and flush nozzles
Notify residents about needed supplies
(e.g. toilet paper, soap, and air freshener)

8.7.2 Smart Healthcare Security
The implication of IoT in healthcare provides several opportunities to help patients, doc-
tors, caregivers, pharmacies, research organizations, and government healthcare authori-
ties by offering different services; for example:
patient monitoring
real‐time data sharing in emergency situations
sharing of medical/device/drug/patient data by hospitals
sharing of medical supplies record in case of epidemic by pharmacies
188 8 IoT Security

collection, analysis, management, and sharing of healthcare data by hospitals and gov-
ernment authorities
Concerning smart healthcare realization, RFID, body sensors, and various communica-
tion technologies have been used for :
the identification of patients and doctors
locating patients and doctors
collection, processing, transmission, and storage of patients’ vital sign data in real time
by means of implanted/wearable devices
Nevertheless, these IoT‐based healthcare systems are vulnerable to attacks that can even
endanger patient’s life if security mechanism is not effectively implemented. The following
are the main factors that make these system more appealing targets for attackers [26, 27]:
Existence of wireless communications between implanted and wearable devices
Pervasive usage of RFID technology (tags and readers)
Lacking support of complex security algorithms due to the scarcity of energy and com-
puting resources of IoT devices
To empower the usage of IoT devices in smart health, it is important to understand the
types of attacks and respective countermeasures from healthcare perspective. Concerning
IoT healthcare system, attacks can be launched either by internal or external attackers
which are mostly interested to get private information of patients or to make system una-
vailable through DOS attacks. Table 8.2 presents the types of different security attacks
on healthcare system with associated consequences.

Table 8.2 Security attacks and potential threats to healthcare systems.

Attack Approach Potential security threat

DoS Attack Overburdens the healthcare IoT services become unavailable to genuine
system with unknown traffic that users (patients, caregivers, doctors, etc.) of
consumes available resources healthcare system
Sensor Control sensor activity Engage sensors in frequently joining and
Attack Replaces real sensor nodes with leaving of networks to drain out the energy
fake nodes of network nodes
The tampering of patients’ data
Routing Modify routing table information Delivery of patient information to false
Attack destination (i.e. fake doctor or fake hospital)
Drop packets to not reach to intended
destination
Replay Malicious node evaluates the system Build trust and get unauthorized access to
Attack to steal legitimate identification healthcare system to access private data
information
Select Malicious devices pretend as Drops data packets or do not allow passing
Forwarding destination nodes of any packet through them
Attack
 ­IoT Application Scenarios and IoT Securit 189

8.7.3 Smart Vehicle Security
Smart cars, besides ensuring comfort and safety of drivers and passengers, improve road
safety. Smart cars contain several electronic control units (ECU), i.e. engine control unit,
on‐board diagnostics port, telematics unit and wireless communication unit to support het-
erogenous connectivity with other vehicles, RSUs, and vehicular Cloud via gateways.
Concerning the aspects of vehicle security threats, these elements can be grouped into
three categories , i.e.:
Under the hood elements including ECU, communication unit, and gateway. The ele-
ments include in this category can be used at the preparation phase of the attack for
reverse engineering purposes.
Devices connected to car including mobile phone belonging to car owner/service user
and third‐party user devices (in case of car sharing). Especially the mobile devices con-
nected to vehicles are potential threat points to car security. For example, rooting or jail-
breaking of mobile devices lead to the option of ongoing communication eavesdropping
that ultimately enable direct‐access attacks.
Communication technologies (i.e. WiFi, GSM, etc.) have vulnerabilities that can be
exploited to perform spoofing and/or MiTM attacks to extort personal information from
vehicular Cloud.
Table 8.3 provides summary of the functionalities of few security attacks that can be
launched in vehicular environment.

Table 8.3 Security attack functionality in smart vehicle environment.

Attack type Functionality

MiTM Attack Session hijacking (obtain legitimate key to steal smart car, network data
collection, etc.)
DoS, DDoS Leads to Network failure or take over the control of smart car
Attack
Relay Attack Launch Passive Keyless Entry and Start (PKES) systems for theft. Messages
are relayed between smart key and the smart car
Jamming Attack Communication channel of smart vehicle is disturbed through heavily
powered signal of equivalent frequency
Blackhole Attack Suspected smart car receives the packets but declines to forward to other
vehicles
Eavesdropping Attacker obtains the confidential details of smart vehicles (vehicle identity,
Attack owner identity, data location, etc.) and may disclose to nonregistered users
GPS Spoofing Attacker creates false GPS location information to hide its position and to
dodge other vehicles about its availability at a particular location
Sybil Attack A suspected node produces many fake identities to manipulate other vehicles
behavior

Source: Based on Sheikh et al..
190 8 IoT Security

8.7.4 Smart City Security/Privacy Concerns
The conception of smart cities encompasses the monitoring, administration, management,
and governance of whole city infrastructures related to health, education, traffic, energy
resources, and natural environment through integrated IoT systems. These IoT systems
ultimately consist of highly advanced integrated technologies (i.e. sensor, wireless net-
works, embedded systems, Fog and Cloud computing, etc.) which are linked with end‐user
devices. Therefore, the security and privacy of information flow within smart cities is
important and difficult to implement. Influencing factors that mainly identify issues of
information security and privacy in smart cities include Technological, Governance, and
Socioeconomic factors. Security and privacy concerns related to these factors have
been summarized in Table 8.4.

Review Questions

8.1 Explain the categories of security constraints of IoT systems.

8.2 How are the information‐level security requirements different from functional‐level
security requirements?

8.3 Describe the classification of security attacks in IoT systems.

8.4 Explain the types and functionality of security attacks at Perception, Network, and
Application layers of IoT architecture.

Table 8.4 Influencing factors and security/privacy concerns in smart cities.

IoT Technological RFID Technology Eavesdropping, Spoofing, Jamming, DoS
Factors WSN Technology DoS, MiTM, Relay Attacks
Communication Authentication Attacks in Wi‐Fi, Bluetooth, ZigBee,
Technology etc., Protocol Attacks, DoS, MiTM
Mobile Phones Threats from GPS, Bluetooth, Wi‐Fi, etc., Threats
Technology from Social Networking, Botnets, Malwares
Smart Grid DoS, Message Replay Attacks, Malicious Data
Injection Attacks
Governance Factors Critical Infrastructure Threats to Health Sector, Threats to Energy and
Power Supply, Disaster Management Issues
Mobility Location privacy
Utility Misuse of data, exploitation of resources
Socioeconomic Individual Privacy Social Networking Issues, Smart Phone Usage,
Factors Location Privacy
E‐Commerce Cyber Attacks, Spoofing, Frauds, Data Integrity
Banking Cyber Crimes, Phishing, Frauds, Data Integrity
 ­IoT Application Scenarios and IoT Securit 191

8.5 Briefly describe the functionality of three multilayer security attacks.

8.6 Illustrate security issues of smart home devices (shown in Figure 8.4) in terms of
associated vulnerabilities.

8.7 Consider that attackers exploit the vulnerability in keyless entry/start systems using
a digital theft technique called the relay attack (as shown in Figure 8.5).
A Explain the step‐by‐step working of a relay attack in this scenario.
B How you can secure smart vehicles from a relay attack?
C How will security be enabled when the key is lost temporarily or
permanently?

Figure 8.4 Figure for review question 8.6. Source: Sicari et al..

Figure 8.5 Figure for review question 8.7. Source: Evans.
192 8 IoT Security

8.8 Considering IoT‐complaint keyless entry systems for smart home:
Explain how it works with WiFi and Bluetooth enabled communication devices.
Explain how security would be enabled if the key is damaged or lost temporarily/
permanently.
Describe how this scenario is different from smart key fob for vehicles.

References

1 Ling, Z., Liu, K., Xu, Y. et al. (2017). An end‐to‐end view of IoT security and privacy. In:
IEEE Global Communications (GLOBECOM) Conference, 1–7. IEEE.
2 Chirgwin, R.(2016). Get pwned: Web CCTV cams can be hijacked by single HTTP request‐
server buffer overflow equals remote control. www.theregister.co.uk/2016/11/30/
iot_cameras_compromised_by_long_url.
3 Hilton, S. (2016). Dyn analysis summary of Friday October 21 attack. https://dyn.com/
blog/dyn‐analysis‐summary‐of‐friday‐october‐21‐attack.
4 Antonakakis, M., April, T., and Bailey, M. (2017). Understanding the mirai botnet. In: 26th
USENIX Security Symposium, 1093–1110. USENIX Association.
5 Ling, Z., Liu K., Xu Y. et al. (2018). IoT security: an end‐to‐end view and case study. arXiv
preprint arXiv:1805.05853, 2018.
6 Hossain, M.M., Fotouhi, M., and Hasan, R. (2015). Towards an analysis of security issues,
challenges, and open problems in the internet of things. In: IEEE World Congress on
Services, 21–28. IEEE.
7 Grammatikis, P.I.R., Sarigiannidis, P.G., and Moscholios, I.D. (2019). Securing the Internet
of Things: challenges, threats and solutions. Internet of Things 5: 41–70.
8 Kharchenko, V., Kolisnyk, M., Piskachova, I. et al. (2016). Reliability and security issues for
IoT‐based smart business center: architecture and Markov model. In: 2016 Third
International Conference on Mathematics and Computers in Sciences and in Industry
(MCSI), 313–318. IEEE.
9 Hassan, W.H. (2019). Current research on internet of things (IoT) security: a survey.
Computer Networks 148: 283–294.
10 Lin, J., Yu, W., Zhang, N. et al. (2017). A survey on internet of things: architecture, enabling
technologies, security and privacy, and applications. IEEE Internet of Things Journal 4 (5):
1125–1142.
11 Capkun, S., Buttyán, L., and Hubaux, J.‐P. (2003). Self‐organized public‐key management
for mobile ad hoc networks. IEEE Transactions on Mobile Computing 2 (1): 52–64.
12 Yang, X., Lin, J., Yu, W. et al. (2013). A novel en‐route filtering scheme against false data
injection attacks in cyber‐physical networked systems. IEEE Transactions on Computers 64
(1): 4–18.
13 Aman, M.N., Sikdar, B., Chua, K.C. et al. (2018). Low power data integrity in IoT systems.
IEEE Internet of Things Journal 5 (4): 3102–3113.
14 Wachter, S. (2018). Normative challenges of identification in the Internet of Things:
privacy, profiling, discrimination, and the GDPR. Computer Law and Security Review 34 (3):
436–449.
 ­IoT Application Scenarios and IoT Securit 193

15 Liu, J., Xiao, Y., and Chen, C.P. (2012). Authentication and access control in the internet of
things. In: IEEE 32nd International Conference on Distributed Computing Systems
Workshops, 58–592. IEEE.
16 Chuang, M.‐C. and Lee, J.‐F. (2013). TEAM: trust‐extended authentication mechanism for
vehicular ad hoc networks. IEEE Systems Journal 8 (3): 749–758.
17 Airehrour, D., Gutierrez, J., and Ray, S.K. (2016). Secure routing for internet of things: a
survey. Journal of Network and Computer Applications 66: 198–213.
18 Maheswari, S.U., Usha, N., Anita, E.M. et al. (2016). A novel robust routing protocol
RAEED to avoid DoS attacks in WSN. In: IEEE International Conference on Information
Communication and Embedded Systems (ICICES), 1–5. IEEE.
19 Rizvi, S., Kurtz, A., Pfeffer, J. et al. (2018). Securing the internet of things (IoT): a security
taxonomy for IoT. In: IEEE 17th International Conference on Trust, Security and Privacy in
Computing and Communications/12th IEEE International Conference on Big Data Science
and Engineering (TrustCom/BigDataSE), 163–168. IEEE.
20 Yang, Y., Wu, L., Yin, G. et al. (2017). A survey on security and privacy issues in internet‐of‐
things. IEEE Internet of Things Journal 4 (5): 1250–1258.
21 Alam, S. and De, D. (2014), Analysis of security threats in wireless sensor network. arXiv
preprint arXiv:1406.0298.
22 Mayzaud, A., Badonnel, R., and Chrisment, I. (2016, 2016). A taxonomy of attacks in
RPL‐based Internet of Things. International Journal of Network Security, ACEEE a Division
of Engineers Network 18 (3): 459–473.
23 Mahmood, Z. (2019). Security, Privacy and Trust in the IoT Environment. Springer.
24 Chen, K., Zhang, S., Li, Z. et al. (2018). Internet‐of‐things security and vulnerabilities:
taxonomy, challenges, and practice. Journal of Hardware and Systems Security 2 (2): 97–110.
25 Chang, Z. (2019). IoT device security locking out risks and threats to smart homes. In:
Trend Micro Research. https://documents.trendmicro.com/assets/white_papers/IoT‐
Device‐Security.pdf.
26 Poslad, S. (2011). Ubiquitous Computing: Smart Devices, Environments and
Interactions. Wiley.
27 Abie, H. and Balasingham, I. (2012). Risk‐based adaptive security for smart IoT in eHealth.
In: Proceedings of the 7th International Conference on Body Area Networks, 269–275.
28 Butt, S.A., Diaz‐Martinez, J.L., Jamal, T. et al. (2019). IoT smart health security threats. In:
IEEE 19th International Conference on Computational Science and Its Applications (ICCSA),
26–31. IEEE.
29 Bécsi, T., Aradi, S., and Gáspár, P. (2015). Security issues and vulnerabilities in connected
car systems. In: IEEE International Conference on Models and Technologies for Intelligent
Transportation Systems (MT‐ITS), 477–482. IEEE.
30 Sheikh, M.S., Liang, J., and Wang, W. (2019). A survey of security services, attacks, and
applications for vehicular ad hoc networks (VANETs). Sensors 19 (16): 3589.
31 Ijaz, S., Shah, M.A., Khan, A. et al. (2016). Smart cities: a survey on security concerns.
International Journal of Advanced Computer Science and Applications 7 (2): 612–625.
32 Sicari, S., Rizzardi, A., Miorandi, D. et al. (2018). Securing the smart home: a real case
study. Internet Technology Letters 1 (3): e22.
33 Evans, C., Keyless car theft: what is a relay attack, how can you prevent it, and will your
car insurance cover it? (2020). https://leasing.com/car‐leasing‐news/
relay‐car‐theft‐what‐is‐it‐and‐how‐can‐you‐avoid‐it.