Add to collection(s) Add to saved
  1. No category
Uploaded by Gustavo Cardenas

Security of IoT

advertisement 
Gustavo Cardenas
November 4th, 2019
Udo: CIS 4385
The Internet of Things: Security Design
Defining IoT
The Internet of Things, informally referred to as IoT, has become a popular mechanic for
the centralization and acquisition of digital information of the modern age. IoT presents
opportunities for corporations and institutions alike to accrue data that was previously
unavailable. The definition of IoT is flexible - use cases range from smartphones to electronic
refrigerators to smart watches to many other modern digital devices. A proper theoretical
definition of IoT is the following: “sensor-equipped devices know how to deliver lightweight
data around the physical world, authorizing cloud-based resources to extract data and make
choices from the extracted data by using actuator-equipped devices” (Borgia, 2016).
Security Concerns
IoT comes at the heels of digital revolution, and along with this transformation come
new security issues. New security concerns in technology are difficult to manage as they present
two unique challenges:
First and foremost, they are susceptible to any attacks of novelty. Protecting against a
hacked refrigerator that can listen to a family at home is not a challenge most experts are
prepared to deal with, and finding people with the right mix of hardware and software expertise
can be difficult. Security comes second to innovation in the minds of inventors. It seems there is
a new digital application for a hardware device every day; each new modification requires
updated security.
Secondly, the defense protocols against such attacks are unproven and are accompanied
by generally ambiguous standards. IoT, in its short lifespan, does not yet have proper security
standard administration or security policy. As we have learned in our information security class,
it takes time for new policy to accrue credibility and earn the trust of digital users around the
world. Without the right digital standards and protocols, it is not only difficult to protect IoT
devices, it is difficult to enforce modernized security protocols.
Security of IoT Devices
The security of IoT devices has become an imperative issue and has led to modern
research on its applications and development. IoT security can be broken down into three
composite layers (Alaba et al, 2016), which are descriptive of the functions they provide:
Application layer security, perception layer security, and network layer security. Each will be
broken down.
The application layer is the most visible layer. This is what end users see and what is
most often attacked by hackers or social engineers. The application layer varies depending on the
device's function or usability, but it is generally what promotes the functionality of the app.
Breaches in the application layer usually lead to a stoppage in the application service, but do not
generally penetrate into the core of the device or client-side system. The security protocols in
place for the application layer include passwords, facial ID, two-step authentication, fingertip
authorization, and other methods. Most are key-authenticated methods. Few have encryption
standards enforced. There exists a facility for bypassing most of these through social
engineering. In the application layer, “data sharing is the main feature” (Li, et al 2016), which
makes it a target. Further authentication methods such as voice and DNA activation are required
for some advanced medical IoT devices.
Perception layer security presents the greatest challenge to today’s security experts.
This layer is the intersection where hardware and software meet, and requires expertise at both
ends to functionally secure. In an IoT device, the perception layer is what allows a device to
transmit physical stimuli into data. Most perception devices are electrical or mechanical, and not
easily hacked through non-physical means. When designing IoT devices, the perception layer is
the hardest to secure. RFID technology, sensor protection (IDSL), sensor nodes, and sensor
gateways are all methods of security at this level. Figure 1 details a comparative analysis of the
different kinds of security strengths for each of these technologies.
Network layer security is challenging in itself, but is the most feasible and important
security component of today’s IoT devices. The network layer by definition “provides network
transmission and data information and delivers pervasive access to the perception layer” (Borgia
2016). of Network security standards, such as ISC 270003 make it easy to predefine how to
implement network connectivity standards. IoT devices typically require active connection to a
network, whether that be port connections, 3G, 4G, 5G, WiFi, or ethernet. All of the listed
connections have predefined security standards that are easily enforced. Smart card readers,
distributed cloud security, IP security, and device constraints are all ways in which security can
be enforced at the network layer. Most network security comes pre-installed or is required to
even activate IoT devices; some layer of network security is required for all legally
commercialized IoT devices. This layer is ultimately what helps protect server-side applications
from being hacked and is a key feature of the revolution of IoT. Without this, most technological
advancement in IoT devices would not be possible.
Summary
IoT security is necessary for IoT devices to keep growing. There are three main
components to IoT security, and each is essential to an IoT feature. The security industry is
moving towards the establishment of a security protocol that will cover all phases of IoT in the
future as the application and perception layers are lacking. IoT experts are working to ensure the
safety of a society with increasingly personalized digital devices.
Resources
Borgia, E., Gomes, D. G., Lagesse, B., Lea, R., and Puccinelli, D., 2016. Special issue on
“Internet of Things: Research challenges and Solutions, 90, 1–4.
Fadele Ayotunde, Alabaa, Mazliza, Othmana, Ibrahim Abaker Targio, Hashema, Faiz Alotaibi.
2016. Special Issue on “Internet of Things: A Survey”.
Li, Mih Na, Melchizedek, Alipio Nestor, Michael, Tiglao, Antonio Grilo, Fawaz, Bokhari,
Umair, Chaudhry, ShavezQureshi. 2017. “Cache-based transport protocols in wireless sensor
networks”.
(All sources from ResearchGate)
Appendix
Figure 1: The security measures of the perception layer
Related documents
GLOBAL BENEFITS: INTERNET OF THINGS Abstract
GLOBAL BENEFITS: INTERNET OF THINGS Abstract
Making Money in IoT: is open source a Help...
Making Money in IoT: is open source a Help...
Download
advertisement