SlideShare a Scribd company logo

Security Aspects in IoT - A Review

A
Asiri Hewage

In this review paper I have discussed about the security aspects of Internet of things.

Technology
1 of 4
IOT Security: A Review Asiri Hewage, IT17094078, Faculty of Computing, Sri Lanka Institute of Information Technology, New Kandy RD, Malabe, Sri Lanka. Email: asiriofficial@gmail.com Web: www.asirihewage.business.site Abstract — In the past decade, Internet of Things has been a focus of research. Security and privacy are the key issues for Internet of Things applications, and still face some challenges. One of the key challenges for the realization of the Internet of Things includes security challenges, especially in the area of privacy and confidentiality among management of heterogeneities and limitations of network capacities. This review paper gives an insight into the most important security challenges related to Internet of Things. Keywords: security, Internet of Things, challenges, privacy, data, confidentiality, regulation, IoT. INTRODUCTION The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. The Internet of Things concerns the connection of physical devices (cars, thermostats, smartphones, home lighting, tide sensors, smart meters, etc.) to the Internet. A more widely accepted definition is ITU's definition from 2005, which is very general and reads as follows: Internet of Things is a global infrastructure for the modern Society, enabling sophisticated services by interconnecting physical and virtual interoperable information and communication technologies. There are more devices connected to the Internet than people on the planet, and the prediction is that there will be 50 billion devices by 2020. I. THE SECURITY IN IOT The three main points attackers can access IOT devices connected to a network are: 1. The device, 2. The cloud, 3. The network. 1. Securing the Device:
There are some technologies in the industry such as embedded SIM Technology (eUICC), M2M-optimised SIM Technology, SafeNet Hardware Security Modules (HSMs), Trusted Key Manager, IP protection to provide security for embedded devices. My opinion is the IP protection is little bit old. Current IoT ecosystems should move from such security infrastructures to something more advanced with encryption technologies. 2. Securing the cloud infrastructure: This is a major form of threat comes from the enterprise or cloud environment that smart devices are connected to. Data encryption, cloud security and cloud-based licensing helps technology companies leverage the full potential of the cloud environment, ensuring their intellectual property is secured. 3. IoT Security Lifecycle Management. Managing the lifecycle of security components across the device and cloud spectrum is a critical element for a robust and long-term digital security strategy. Security of an Internet of ecosystem is not a one-off activity, but an evolving part of the Internet of ecosystem. Some solutions to build a sustainable security lifecycle management infrastructure, to address current and future security threats are Identity & access management, Crypto management and maintaining Trusted Services Hubs. II. CURRENT STATE There are now more connected cars, meters, machines, wearable devices and similar IoT nodes than there are PCs, laptops, tablets, and smartphones. Exact numbers and estimates vary but the consensus is that there are now close to 8 billion IoT devices in use and around 7 billion non-IoT connected devices. Low bandwidth and/or low latency environments such as oil rigs, mines, or factories are rapidly taking the experience of IoT. It will gain in further importance over time. However, the critical element will be the interconnection between device and cloud, in which the cloud performs many of the non- critical tasks and large-scale data storage. The modern IoT trends are as follows according to the analytics done by iot-analytics.com  Most important government initiative: US IoT Cybersecurity Act  Most important connectivity initiative: NB-IoT roll-out  Most essential technology development: IoT Cloud  Most amazing implementation of IoT- based analytics: Google Waymo  Biggest Consumer IoT Success: Voice- enabled home gateways  Most discussed new trend: Blockchain III.CHANLLENGES  Authentication Now-a-days IoT devices use PKI (public key infrastructure) authentication where digital certificates prove the authenticity of the device. However, IoT devices use few protocols than normal networking devices use and their standards and each authentication method must ensure that each device is capable of authentication in a secure manner. Some may need manual update because lacking OTA functionality and others may have locked settings that cannot be changed from the default.  Access Control My opinion is that organizations better to have an automated and integrated security framework that secures network access,
monitors traffic and behaviors because Access control systems play a major role in security of Internet of Things, it should ensure that access controls are universally applied and devices are removable with minimal impact to critical business transactions and workflows.  Privacy As an example, Internet of Things is being used to monitor infants’ health and activities, thus enabling them to live safely and independently at home. However, Internet of Things create privacy challenges that need to be addressed. There are some other aspects of privacy such as confidentiality and secondary use of users' information. The developers of Internet of Things should adopt an expanded view of privacy. This will ensure that safeguards are built in to Internet of Things devices to protect and maintain users' privacy while also enabling the appropriate sharing of data to support the users’ safety and wellbeing.  Policy Enforcement Governments and regulators can help unlock socio-economic benefits by implementing policies that promote innovation and investment, as well as introducing regulatory frameworks that build trust and are technology neutral. But in Sri Lanka there no any active policies yet under the IoT ecosystem because that is still not yet touched by public. So startups and new inventors are capable in nature to try anything using IoT technologies because those technologies are not yet regulated by the government. I suggest that the government of Sri Lanka should adapt to those technologies and make rules and regulations before going it viral in the country.  Trust As a user I may consider Trust as the most important thing before interacting with an IoT devices because I’m going to share my data with those tiny devices. The security and privacy requirements including privacy and trust management among users and things are playing a fundamental role to detect malicious nodes in IoT. According to my experience an IoT service provider should do surveys continuously on trust evaluation under some specified criteria to provide a trustworthy service.  Mobile Security There are so many types of attacks could be performed via next generation IMSI catchers just like fake mobile. They will open back doors to monitor users’ IoT activities (e.g., home automation activities, daily routine automations), Create fake nodes based on that information, using these profiles to monitor their activity and behavior remotely even if the users move away from the area. So the current IoT in fractures should pay more attention on mobile devices because it is the device acting as middle person to inter connect the IoT device and the user.  Secure Middleware The middleware for IoT acts as a bond joining the nodes through interfaces. Sometimes middleware acts like a software layer interposed between the infrastructure and the applications using it to support important requirements for these applications. To track issues of middleware, first we should have a better understanding of the current gap and future directions of existing middleware systems. Second, fundamental functional features should be classified on the existing IoT-middleware. Then we can analyze and research the issues to optimize the system
security. As a theory no any system is secure within a network.  Confidentiality IoT interconnections generate a huge amount of private data, which needs to be processed, communicated and stored. Using normal security solutions to ensure data confidentiality is challenging. So my opinion is that we should discuss further more to build up a standardized infrastructure with more secure protocols for the future. Otherwise the developers and innovators will have to do more effort to communicate and promote their product within a society affected by IoT phobias. IV. CONCLUSION Internet of Things represents a new, interesting direction in the development of the Internet. It refers to unique identification of objects and their virtual representation in the structure of the Internet and they may communicate with each other, provide information about itself and accept data collected by other objects. This emerging domain for the Internet of Things has been attracting the significant interest in last few years, and will continue for the years to come The development of Internet of Things depends on the dynamics of innovations in numerous technical fields, from wireless sensors to nanotechnology. Capacities, such as the monitoring of changes in the environment or communication between devices, represent high priority in the development of Internet of Things. One of the key challenges for the realization of the Internet of Things include security, privacy and confidentiality, management of heterogeneities, limitations of network capacities, management and processing of large quantities of data in order to provide useful information / service and enable an efficient regulatory policy in the area of Internet of Things. According to the Gartner’s expectations IoT security spending to grow by almost 60 percent in the next two years, reaching around USD 547 million. So we should take the maximum outcome for the spending. Since, protection of privacy is one of the key constitutional rights of European citizens' it is very important to note that Internet of Things will have to be established in Sri Lanka as regulatory frameworks for data and privacy protection, as well as with all legal requirements into a single group of rules in SL and including also revised measures for data transparency and safety issues. REFERENCES [1] Hari and Singh: Security Issues in Wireless Sensor Networks, International Conference on Advances in Computing, Communication, & Automation (ICACCA), Apr. 2016; DOI: 10.1109/ICACCA.2016.7578876 [2] Ferrag M. A., L. A. Maglaras, H. Janicke and J. Jiang: „Authentication Protocols for Internet of Things: A Comprehensive Survey “, arXiv, Dec. 2016 [3] IoT 2017 in review: The 10 most relevant IoT developments of the year, https://iot-analytics.com/iot- 2017-in-review/ [4] Chaqfeh, Moumena. “Challenges in middleware solutions for the internet of things.” International Conference on Collaboration Technologies and Systems (CTS) (2012): 21-26. [5] ABDMEZIEM, Mohammed. (2016). Data Confidentiality in the Internet of Things. 10.13140/RG.2.2.19150.87366. [6] Mario Ballano Barcena and Candid Wueest, Symantec Antivirus,” Insecurity in the Internet of Things, Mar 12 2015 [7] Ericson Corporation, “IOT Security”, Ericson White paper, 284 23-3302 (Uen), February 2017 [8] Gartner, Forecast: IoT Security, Worldwide, 2016, https://www.gartner.com/doc/3277832/forecast-iot- security-worldwide-

Recommended

IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
15CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 315CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 3Syed Mustafa
 
Sdn ppt
Sdn pptSdn ppt
Sdn pptPallavi Chhikara
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
IOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxIOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxDRREC
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)Sanjay Kumar (Seeking options outside India)
 
Current Trends in Internet of Things (IOT)
Current Trends in Internet of Things (IOT)Current Trends in Internet of Things (IOT)
Current Trends in Internet of Things (IOT)Dr. Mazlan Abbas
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsAbdullah Alfadhly
 

Recommended

IoT Security
IoT SecurityIoT Security
IoT SecurityNarudom Roongsiriwong, CISSP
 
15CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 315CS81- IoT- VTU- module 3
15CS81- IoT- VTU- module 3Syed Mustafa
 
Sdn ppt
Sdn pptSdn ppt
Sdn pptPallavi Chhikara
 
IOT Security
IOT SecurityIOT Security
IOT SecuritySylvain Martinez
 
IOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxIOT PROTOCOLS.pptx
IOT PROTOCOLS.pptxDRREC
 
IoT security (Internet of Things)
IoT security (Internet of Things)IoT security (Internet of Things)
IoT security (Internet of Things)Sanjay Kumar (Seeking options outside India)
 
Current Trends in Internet of Things (IOT)
Current Trends in Internet of Things (IOT)Current Trends in Internet of Things (IOT)
Current Trends in Internet of Things (IOT)Dr. Mazlan Abbas
 
Introduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsIntroduction to IoT Architectures and Protocols
Introduction to IoT Architectures and ProtocolsAbdullah Alfadhly
 
security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of thingssreelekha appakondappagari
 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication ProtocolsPradeep Kumar TS
 
Mobile Edge Computing
Mobile Edge ComputingMobile Edge Computing
Mobile Edge ComputingM2M Alliance e.V.
 
IoT Networking
IoT NetworkingIoT Networking
IoT NetworkingHitesh Mohapatra
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Communication technologies
Communication technologiesCommunication technologies
Communication technologiesFabMinds
 
Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt sutrishnakar1995
 
IoT and 5G: Opportunities and Challenges, SenZations 2015
IoT and 5G: Opportunities and Challenges, SenZations 2015IoT and 5G: Opportunities and Challenges, SenZations 2015
IoT and 5G: Opportunities and Challenges, SenZations 2015SenZations Summer School
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Internet of things (IoT)- Introduction, Utilities, Applications
Internet of things (IoT)- Introduction, Utilities, ApplicationsInternet of things (IoT)- Introduction, Utilities, Applications
Internet of things (IoT)- Introduction, Utilities, ApplicationsTarika Verma
 
Iot Security
Iot SecurityIot Security
Iot SecurityMAITREYA MISRA
 
Tutorial on IEEE 802.15.4e standard
Tutorial on IEEE 802.15.4e standardTutorial on IEEE 802.15.4e standard
Tutorial on IEEE 802.15.4e standardGiuseppe Anastasi
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoTsreelesh balan
 
15CS81- IoT Module-2
15CS81- IoT Module-215CS81- IoT Module-2
15CS81- IoT Module-2Syed Mustafa
 
6 g tecnology
6 g tecnology6 g tecnology
6 g tecnologyselvalakshmi24
 
The future of IOT
The future of IOTThe future of IOT
The future of IOTArti Parab Academics
 
DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)Abdullah Ozturk
 
Sensor Networks Introduction and Architecture
Sensor Networks Introduction and ArchitectureSensor Networks Introduction and Architecture
Sensor Networks Introduction and ArchitecturePeriyanayagiS
 
IoT
IoTIoT
IoTMphasis
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog compMahantesh Hiremath
 
Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscapeSamir SEHIL
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineSkillmine Technology Consulting
 

More Related Content

What's hot

IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication ProtocolsPradeep Kumar TS
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIntel® Software
 
Communication technologies
Communication technologiesCommunication technologies
Communication technologiesFabMinds
 
Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt sutrishnakar1995
 
IoT and 5G: Opportunities and Challenges, SenZations 2015
IoT and 5G: Opportunities and Challenges, SenZations 2015IoT and 5G: Opportunities and Challenges, SenZations 2015
IoT and 5G: Opportunities and Challenges, SenZations 2015SenZations Summer School
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Internet of things (IoT)- Introduction, Utilities, Applications
Internet of things (IoT)- Introduction, Utilities, ApplicationsInternet of things (IoT)- Introduction, Utilities, Applications
Internet of things (IoT)- Introduction, Utilities, ApplicationsTarika Verma
 
Tutorial on IEEE 802.15.4e standard
Tutorial on IEEE 802.15.4e standardTutorial on IEEE 802.15.4e standard
Tutorial on IEEE 802.15.4e standardGiuseppe Anastasi
 
15CS81- IoT Module-2
15CS81- IoT Module-215CS81- IoT Module-2
15CS81- IoT Module-2Syed Mustafa
 
DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)Abdullah Ozturk
 
Sensor Networks Introduction and Architecture
Sensor Networks Introduction and ArchitectureSensor Networks Introduction and Architecture
Sensor Networks Introduction and ArchitecturePeriyanayagiS
 

What's hot (20)

security and privacy-Internet of things
security and privacy-Internet of thingssecurity and privacy-Internet of things
security and privacy-Internet of things
 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication Protocols
 
Mobile Edge Computing
Mobile Edge ComputingMobile Edge Computing
Mobile Edge Computing
 
IoT Networking
IoT NetworkingIoT Networking
IoT Networking
 
IoT Security Challenges and Solutions
IoT Security Challenges and SolutionsIoT Security Challenges and Solutions
IoT Security Challenges and Solutions
 
Communication technologies
Communication technologiesCommunication technologies
Communication technologies
 
Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt Internet of Things (IoT) - Introduction ppt
Internet of Things (IoT) - Introduction ppt
 
IoT and 5G: Opportunities and Challenges, SenZations 2015
IoT and 5G: Opportunities and Challenges, SenZations 2015IoT and 5G: Opportunities and Challenges, SenZations 2015
IoT and 5G: Opportunities and Challenges, SenZations 2015
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Internet of things (IoT)- Introduction, Utilities, Applications
Internet of things (IoT)- Introduction, Utilities, ApplicationsInternet of things (IoT)- Introduction, Utilities, Applications
Internet of things (IoT)- Introduction, Utilities, Applications
 
Iot Security
Iot SecurityIot Security
Iot Security
 
Tutorial on IEEE 802.15.4e standard
Tutorial on IEEE 802.15.4e standardTutorial on IEEE 802.15.4e standard
Tutorial on IEEE 802.15.4e standard
 
Fog computing in IoT
Fog computing in IoTFog computing in IoT
Fog computing in IoT
 
15CS81- IoT Module-2
15CS81- IoT Module-215CS81- IoT Module-2
15CS81- IoT Module-2
 
6 g tecnology
6 g tecnology6 g tecnology
6 g tecnology
 
The future of IOT
The future of IOTThe future of IOT
The future of IOT
 
DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)DDS for Internet of Things (IoT)
DDS for Internet of Things (IoT)
 
Sensor Networks Introduction and Architecture
Sensor Networks Introduction and ArchitectureSensor Networks Introduction and Architecture
Sensor Networks Introduction and Architecture
 
IoT
IoTIoT
IoT
 
Seminar ppt fog comp
Seminar ppt fog compSeminar ppt fog comp
Seminar ppt fog comp
 

Similar to Security Aspects in IoT - A Review

Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscapeSamir SEHIL
 
76 s201918
76 s20191876 s201918
76 s201918IJRAT
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTvishal dineshkumar soni
 
A survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusA survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusvivatechijri
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Thingsijsrd.com
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxinfosec train
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptxInfosectrain3
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot securityUsman Anjum
 
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docx
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docxINTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docx
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docxvrickens
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecurityCigniti Technologies Ltd
 
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Eswar Publications
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperMartin Ruubel
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-ReviewAki Koivu
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...cyberprosocial
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTIJEACS
 
IoT Device Management
IoT Device ManagementIoT Device Management
IoT Device ManagementFriendlyTech1
 
Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...IRJET Journal
 
Internet of Things Challenges and Solutions
Internet of Things Challenges and SolutionsInternet of Things Challenges and Solutions
Internet of Things Challenges and Solutionsijtsrd
 

Similar to Security Aspects in IoT - A Review (20)

Smart city landscape
Smart city landscapeSmart city landscape
Smart city landscape
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
76 s201918
76 s20191876 s201918
76 s201918
 
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACTSECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
SECURITY ISSUES IN USING IOT ENABLED DEVICES AND THEIR IMPACT
 
A survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current statusA survey on Internet of Things (IoT) security : Challenges and Current status
A survey on Internet of Things (IoT) security : Challenges and Current status
 
A Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of ThingsA Survey Report on : Security & Challenges in Internet of Things
A Survey Report on : Security & Challenges in Internet of Things
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
IOT and Security.pptx
IOT and Security.pptxIOT and Security.pptx
IOT and Security.pptx
 
Internet & iot security
Internet & iot securityInternet & iot security
Internet & iot security
 
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docx
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docxINTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docx
INTERNET OF THINGS A STUDY ON SECURITY AND PRIVACY THREATSMd .docx
 
Secure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application SecuritySecure your Future with IoT Security Testing | Application Security
Secure your Future with IoT Security Testing | Application Security
 
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
Secure Modern Healthcare System Based on Internet of Things and Secret Sharin...
 
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime WhitepaperKSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
KSI for IoT Security - Turning Defence Into Offence - Guardtime Whitepaper
 
509286-Aki_Koivu-Review
509286-Aki_Koivu-Review509286-Aki_Koivu-Review
509286-Aki_Koivu-Review
 
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
Unlocking the Potential: A Comprehensive Guide to Understanding and Securing ...
 
A Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOTA Novel Security Approach for Communication using IOT
A Novel Security Approach for Communication using IOT
 
iot ppt.pptx
iot ppt.pptxiot ppt.pptx
iot ppt.pptx
 
IoT Device Management
IoT Device ManagementIoT Device Management
IoT Device Management
 
Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...Design of a Hybrid Authentication Technique for User and Device Authenticatio...
Design of a Hybrid Authentication Technique for User and Device Authenticatio...
 
Internet of Things Challenges and Solutions
Internet of Things Challenges and SolutionsInternet of Things Challenges and Solutions
Internet of Things Challenges and Solutions
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Security Aspects in IoT - A Review

  • 1. IOT Security: A Review Asiri Hewage, IT17094078, Faculty of Computing, Sri Lanka Institute of Information Technology, New Kandy RD, Malabe, Sri Lanka. Email: asiriofficial@gmail.com Web: www.asirihewage.business.site Abstract — In the past decade, Internet of Things has been a focus of research. Security and privacy are the key issues for Internet of Things applications, and still face some challenges. One of the key challenges for the realization of the Internet of Things includes security challenges, especially in the area of privacy and confidentiality among management of heterogeneities and limitations of network capacities. This review paper gives an insight into the most important security challenges related to Internet of Things. Keywords: security, Internet of Things, challenges, privacy, data, confidentiality, regulation, IoT. INTRODUCTION The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. The Internet of Things concerns the connection of physical devices (cars, thermostats, smartphones, home lighting, tide sensors, smart meters, etc.) to the Internet. A more widely accepted definition is ITU's definition from 2005, which is very general and reads as follows: Internet of Things is a global infrastructure for the modern Society, enabling sophisticated services by interconnecting physical and virtual interoperable information and communication technologies. There are more devices connected to the Internet than people on the planet, and the prediction is that there will be 50 billion devices by 2020. I. THE SECURITY IN IOT The three main points attackers can access IOT devices connected to a network are: 1. The device, 2. The cloud, 3. The network. 1. Securing the Device:
  • 2. There are some technologies in the industry such as embedded SIM Technology (eUICC), M2M-optimised SIM Technology, SafeNet Hardware Security Modules (HSMs), Trusted Key Manager, IP protection to provide security for embedded devices. My opinion is the IP protection is little bit old. Current IoT ecosystems should move from such security infrastructures to something more advanced with encryption technologies. 2. Securing the cloud infrastructure: This is a major form of threat comes from the enterprise or cloud environment that smart devices are connected to. Data encryption, cloud security and cloud-based licensing helps technology companies leverage the full potential of the cloud environment, ensuring their intellectual property is secured. 3. IoT Security Lifecycle Management. Managing the lifecycle of security components across the device and cloud spectrum is a critical element for a robust and long-term digital security strategy. Security of an Internet of ecosystem is not a one-off activity, but an evolving part of the Internet of ecosystem. Some solutions to build a sustainable security lifecycle management infrastructure, to address current and future security threats are Identity & access management, Crypto management and maintaining Trusted Services Hubs. II. CURRENT STATE There are now more connected cars, meters, machines, wearable devices and similar IoT nodes than there are PCs, laptops, tablets, and smartphones. Exact numbers and estimates vary but the consensus is that there are now close to 8 billion IoT devices in use and around 7 billion non-IoT connected devices. Low bandwidth and/or low latency environments such as oil rigs, mines, or factories are rapidly taking the experience of IoT. It will gain in further importance over time. However, the critical element will be the interconnection between device and cloud, in which the cloud performs many of the non- critical tasks and large-scale data storage. The modern IoT trends are as follows according to the analytics done by iot-analytics.com  Most important government initiative: US IoT Cybersecurity Act  Most important connectivity initiative: NB-IoT roll-out  Most essential technology development: IoT Cloud  Most amazing implementation of IoT- based analytics: Google Waymo  Biggest Consumer IoT Success: Voice- enabled home gateways  Most discussed new trend: Blockchain III.CHANLLENGES  Authentication Now-a-days IoT devices use PKI (public key infrastructure) authentication where digital certificates prove the authenticity of the device. However, IoT devices use few protocols than normal networking devices use and their standards and each authentication method must ensure that each device is capable of authentication in a secure manner. Some may need manual update because lacking OTA functionality and others may have locked settings that cannot be changed from the default.  Access Control My opinion is that organizations better to have an automated and integrated security framework that secures network access,
  • 3. monitors traffic and behaviors because Access control systems play a major role in security of Internet of Things, it should ensure that access controls are universally applied and devices are removable with minimal impact to critical business transactions and workflows.  Privacy As an example, Internet of Things is being used to monitor infants’ health and activities, thus enabling them to live safely and independently at home. However, Internet of Things create privacy challenges that need to be addressed. There are some other aspects of privacy such as confidentiality and secondary use of users' information. The developers of Internet of Things should adopt an expanded view of privacy. This will ensure that safeguards are built in to Internet of Things devices to protect and maintain users' privacy while also enabling the appropriate sharing of data to support the users’ safety and wellbeing.  Policy Enforcement Governments and regulators can help unlock socio-economic benefits by implementing policies that promote innovation and investment, as well as introducing regulatory frameworks that build trust and are technology neutral. But in Sri Lanka there no any active policies yet under the IoT ecosystem because that is still not yet touched by public. So startups and new inventors are capable in nature to try anything using IoT technologies because those technologies are not yet regulated by the government. I suggest that the government of Sri Lanka should adapt to those technologies and make rules and regulations before going it viral in the country.  Trust As a user I may consider Trust as the most important thing before interacting with an IoT devices because I’m going to share my data with those tiny devices. The security and privacy requirements including privacy and trust management among users and things are playing a fundamental role to detect malicious nodes in IoT. According to my experience an IoT service provider should do surveys continuously on trust evaluation under some specified criteria to provide a trustworthy service.  Mobile Security There are so many types of attacks could be performed via next generation IMSI catchers just like fake mobile. They will open back doors to monitor users’ IoT activities (e.g., home automation activities, daily routine automations), Create fake nodes based on that information, using these profiles to monitor their activity and behavior remotely even if the users move away from the area. So the current IoT in fractures should pay more attention on mobile devices because it is the device acting as middle person to inter connect the IoT device and the user.  Secure Middleware The middleware for IoT acts as a bond joining the nodes through interfaces. Sometimes middleware acts like a software layer interposed between the infrastructure and the applications using it to support important requirements for these applications. To track issues of middleware, first we should have a better understanding of the current gap and future directions of existing middleware systems. Second, fundamental functional features should be classified on the existing IoT-middleware. Then we can analyze and research the issues to optimize the system
  • 4. security. As a theory no any system is secure within a network.  Confidentiality IoT interconnections generate a huge amount of private data, which needs to be processed, communicated and stored. Using normal security solutions to ensure data confidentiality is challenging. So my opinion is that we should discuss further more to build up a standardized infrastructure with more secure protocols for the future. Otherwise the developers and innovators will have to do more effort to communicate and promote their product within a society affected by IoT phobias. IV. CONCLUSION Internet of Things represents a new, interesting direction in the development of the Internet. It refers to unique identification of objects and their virtual representation in the structure of the Internet and they may communicate with each other, provide information about itself and accept data collected by other objects. This emerging domain for the Internet of Things has been attracting the significant interest in last few years, and will continue for the years to come The development of Internet of Things depends on the dynamics of innovations in numerous technical fields, from wireless sensors to nanotechnology. Capacities, such as the monitoring of changes in the environment or communication between devices, represent high priority in the development of Internet of Things. One of the key challenges for the realization of the Internet of Things include security, privacy and confidentiality, management of heterogeneities, limitations of network capacities, management and processing of large quantities of data in order to provide useful information / service and enable an efficient regulatory policy in the area of Internet of Things. According to the Gartner’s expectations IoT security spending to grow by almost 60 percent in the next two years, reaching around USD 547 million. So we should take the maximum outcome for the spending. Since, protection of privacy is one of the key constitutional rights of European citizens' it is very important to note that Internet of Things will have to be established in Sri Lanka as regulatory frameworks for data and privacy protection, as well as with all legal requirements into a single group of rules in SL and including also revised measures for data transparency and safety issues. REFERENCES [1] Hari and Singh: Security Issues in Wireless Sensor Networks, International Conference on Advances in Computing, Communication, & Automation (ICACCA), Apr. 2016; DOI: 10.1109/ICACCA.2016.7578876 [2] Ferrag M. A., L. A. Maglaras, H. Janicke and J. Jiang: „Authentication Protocols for Internet of Things: A Comprehensive Survey “, arXiv, Dec. 2016 [3] IoT 2017 in review: The 10 most relevant IoT developments of the year, https://iot-analytics.com/iot- 2017-in-review/ [4] Chaqfeh, Moumena. “Challenges in middleware solutions for the internet of things.” International Conference on Collaboration Technologies and Systems (CTS) (2012): 21-26. [5] ABDMEZIEM, Mohammed. (2016). Data Confidentiality in the Internet of Things. 10.13140/RG.2.2.19150.87366. [6] Mario Ballano Barcena and Candid Wueest, Symantec Antivirus,” Insecurity in the Internet of Things, Mar 12 2015 [7] Ericson Corporation, “IOT Security”, Ericson White paper, 284 23-3302 (Uen), February 2017 [8] Gartner, Forecast: IoT Security, Worldwide, 2016, https://www.gartner.com/doc/3277832/forecast-iot- security-worldwide-