1. IOT Security: A Review
Asiri Hewage, IT17094078,
Faculty of Computing, Sri Lanka Institute of Information Technology,
New Kandy RD, Malabe, Sri Lanka.
Email: asiriofficial@gmail.com Web: www.asirihewage.business.site
Abstract — In the past decade, Internet of
Things has been a focus of research. Security
and privacy are the key issues for Internet of
Things applications, and still face some
challenges. One of the key challenges for the
realization of the Internet of Things includes
security challenges, especially in the area of
privacy and confidentiality among
management of heterogeneities and limitations
of network capacities. This review paper gives
an insight into the most important security
challenges related to Internet of Things.
Keywords: security, Internet of Things,
challenges, privacy, data, confidentiality,
regulation, IoT.
INTRODUCTION
The Internet of Things (IoT) is the
interconnection of uniquely identifiable
embedded computing devices within the
existing Internet infrastructure. The Internet of
Things concerns the connection of physical
devices (cars, thermostats, smartphones, home
lighting, tide sensors, smart meters, etc.) to the
Internet. A more widely accepted definition is
ITU's definition from 2005, which is very
general and reads as follows:
Internet of Things is a global infrastructure for
the modern Society, enabling sophisticated
services by interconnecting physical and
virtual interoperable information and
communication technologies.
There are more devices connected to the
Internet than people on the planet, and the
prediction is that there will be 50 billion
devices by 2020.
I. THE SECURITY IN IOT
The three main points attackers can access
IOT devices connected to a network are:
1. The device,
2. The cloud,
3. The network.
1. Securing the Device:
2. There are some technologies in the industry
such as embedded SIM Technology (eUICC),
M2M-optimised SIM Technology, SafeNet
Hardware Security Modules (HSMs), Trusted
Key Manager, IP protection to provide
security for embedded devices. My opinion is
the IP protection is little bit old. Current IoT
ecosystems should move from such security
infrastructures to something more advanced
with encryption technologies.
2. Securing the cloud infrastructure:
This is a major form of threat comes from the
enterprise or cloud environment that smart
devices are connected to. Data encryption,
cloud security and cloud-based licensing helps
technology companies leverage the full
potential of the cloud environment, ensuring
their intellectual property is secured.
3. IoT Security Lifecycle Management.
Managing the lifecycle of security components
across the device and cloud spectrum is a
critical element for a robust and long-term
digital security strategy. Security of an
Internet of ecosystem is not a one-off activity,
but an evolving part of the Internet of
ecosystem. Some solutions to build a
sustainable security lifecycle management
infrastructure, to address current and future
security threats are Identity & access
management, Crypto management and
maintaining Trusted Services Hubs.
II. CURRENT STATE
There are now more connected cars, meters,
machines, wearable devices and similar IoT
nodes than there are PCs, laptops, tablets, and
smartphones. Exact numbers and estimates
vary but the consensus is that there are now
close to 8 billion IoT devices in use and
around 7 billion non-IoT connected devices.
Low bandwidth and/or low latency
environments such as oil rigs, mines, or
factories are rapidly taking the experience of
IoT. It will gain in further importance over
time. However, the critical element will be the
interconnection between device and cloud, in
which the cloud performs many of the non-
critical tasks and large-scale data storage. The
modern IoT trends are as follows according to
the analytics done by iot-analytics.com
Most important government initiative:
US IoT Cybersecurity Act
Most important connectivity initiative:
NB-IoT roll-out
Most essential technology
development: IoT Cloud
Most amazing implementation of IoT-
based analytics: Google Waymo
Biggest Consumer IoT Success: Voice-
enabled home gateways
Most discussed new trend: Blockchain
III.CHANLLENGES
Authentication
Now-a-days IoT devices use PKI (public key
infrastructure) authentication where digital
certificates prove the authenticity of the
device. However, IoT devices use few
protocols than normal networking devices use
and their standards and each authentication
method must ensure that each device is
capable of authentication in a secure manner.
Some may need manual update because
lacking OTA functionality and others may
have locked settings that cannot be changed
from the default.
Access Control
My opinion is that organizations better to have
an automated and integrated security
framework that secures network access,
3. monitors traffic and behaviors because Access
control systems play a major role in security
of Internet of Things, it should ensure that
access controls are universally applied and
devices are removable with minimal impact to
critical business transactions and workflows.
Privacy
As an example, Internet of Things is being
used to monitor infants’ health and activities,
thus enabling them to live safely and
independently at home. However, Internet of
Things create privacy challenges that need to
be addressed. There are some other aspects of
privacy such as confidentiality and secondary
use of users' information. The developers of
Internet of Things should adopt an expanded
view of privacy. This will ensure that
safeguards are built in to Internet of Things
devices to protect and maintain users' privacy
while also enabling the appropriate sharing of
data to support the users’ safety and
wellbeing.
Policy Enforcement
Governments and regulators can help unlock
socio-economic benefits by implementing
policies that promote innovation and
investment, as well as introducing regulatory
frameworks that build trust and are technology
neutral. But in Sri Lanka there no any active
policies yet under the IoT ecosystem because
that is still not yet touched by public. So
startups and new inventors are capable in
nature to try anything using IoT technologies
because those technologies are not yet
regulated by the government. I suggest that the
government of Sri Lanka should adapt to those
technologies and make rules and regulations
before going it viral in the country.
Trust
As a user I may consider Trust as the most
important thing before interacting with an IoT
devices because I’m going to share my data
with those tiny devices. The security and
privacy requirements including privacy and
trust management among users and things are
playing a fundamental role to detect malicious
nodes in IoT. According to my experience an
IoT service provider should do surveys
continuously on trust evaluation under some
specified criteria to provide a trustworthy
service.
Mobile Security
There are so many types of attacks could be
performed via next generation IMSI catchers
just like fake mobile. They will open back
doors to monitor users’ IoT activities (e.g.,
home automation activities, daily routine
automations), Create fake nodes based on that
information, using these profiles to monitor
their activity and behavior remotely even if the
users move away from the area. So the current
IoT in fractures should pay more attention on
mobile devices because it is the device acting
as middle person to inter connect the IoT
device and the user.
Secure Middleware
The middleware for IoT acts as a bond joining
the nodes through interfaces. Sometimes
middleware acts like a software layer
interposed between the infrastructure and the
applications using it to support important
requirements for these applications. To track
issues of middleware, first we should have a
better understanding of the current gap and
future directions of existing middleware
systems. Second, fundamental functional
features should be classified on the existing
IoT-middleware. Then we can analyze and
research the issues to optimize the system
4. security. As a theory no any system is secure
within a network.
Confidentiality
IoT interconnections generate a huge amount
of private data, which needs to be processed,
communicated and stored. Using normal
security solutions to ensure data
confidentiality is challenging. So my opinion
is that we should discuss further more to build
up a standardized infrastructure with more
secure protocols for the future. Otherwise the
developers and innovators will have to do
more effort to communicate and promote their
product within a society affected by IoT
phobias.
IV. CONCLUSION
Internet of Things represents a new,
interesting direction in the development of the
Internet. It refers to unique identification of
objects and their virtual representation in the
structure of the Internet and they may
communicate with each other, provide
information about itself and accept data
collected by other objects. This emerging
domain for the Internet of Things has been
attracting the significant interest in last few
years, and will continue for the years to come
The development of Internet of Things
depends on the dynamics of innovations in
numerous technical fields, from wireless
sensors to nanotechnology. Capacities, such as
the monitoring of changes in the environment
or communication between devices, represent
high priority in the development of Internet of
Things. One of the key challenges for the
realization of the Internet of Things include
security, privacy and confidentiality,
management of heterogeneities, limitations of
network capacities, management and
processing of large quantities of data in order
to provide useful information / service and
enable an efficient regulatory policy in the
area of Internet of Things. According to the
Gartner’s expectations IoT security spending
to grow by almost 60 percent in the next two
years, reaching around USD 547 million. So
we should take the maximum outcome for the
spending. Since, protection of privacy is one
of the key constitutional rights of European
citizens' it is very important to note that
Internet of Things will have to be established
in Sri Lanka as regulatory frameworks for data
and privacy protection, as well as with all
legal requirements into a single group of rules
in SL and including also revised measures for
data transparency and safety issues.
REFERENCES
[1] Hari and Singh: Security Issues in Wireless Sensor
Networks, International Conference on Advances in
Computing, Communication, & Automation (ICACCA),
Apr. 2016; DOI: 10.1109/ICACCA.2016.7578876
[2] Ferrag M. A., L. A. Maglaras, H. Janicke and J.
Jiang: „Authentication Protocols for Internet of Things:
A Comprehensive Survey “, arXiv, Dec. 2016
[3] IoT 2017 in review: The 10 most relevant IoT
developments of the year, https://iot-analytics.com/iot-
2017-in-review/
[4] Chaqfeh, Moumena. “Challenges in middleware
solutions for the internet of things.” International
Conference on Collaboration Technologies and Systems
(CTS) (2012): 21-26.
[5] ABDMEZIEM, Mohammed. (2016). Data
Confidentiality in the Internet of Things.
10.13140/RG.2.2.19150.87366.
[6] Mario Ballano Barcena and Candid Wueest,
Symantec Antivirus,” Insecurity in the Internet of
Things, Mar 12 2015
[7] Ericson Corporation, “IOT Security”, Ericson
White paper, 284 23-3302 (Uen), February 2017
[8] Gartner, Forecast: IoT Security, Worldwide, 2016,
https://www.gartner.com/doc/3277832/forecast-iot-
security-worldwide-