(PDF) Computer System Security (CSS) - Assignment
VerifiedAdded on 2021/06/17
|13
|5316
|21
AI Summary
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Running Head: COMPUTER SYSTEMS SECURITY
Computer Systems Security
Name of the Student
Name of the University
Author Note
Computer Systems Security
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1COMPUTER SYSTEMS SECURITY
Table of Contents
Introduction..........................................................................................................................2
Risk......................................................................................................................................2
Risk analysis in IoT based devices......................................................................................3
Evaluation of legal, social and ethical issues in secure systems..........................................4
Past work reviews................................................................................................................5
Perception Layer Challenges...............................................................................................6
Cryptographic approaches and its application.....................................................................8
References:..........................................................................................................................9
Table of Contents
Introduction..........................................................................................................................2
Risk......................................................................................................................................2
Risk analysis in IoT based devices......................................................................................3
Evaluation of legal, social and ethical issues in secure systems..........................................4
Past work reviews................................................................................................................5
Perception Layer Challenges...............................................................................................6
Cryptographic approaches and its application.....................................................................8
References:..........................................................................................................................9
2COMPUTER SYSTEMS SECURITY
Introduction
Technology is playing a very vital role in the sphere of the life of the common people. It
can be stated here that technology can be implemented in different areas and advantage can be
gain from the concept. In recent times the technology of internet of things is being one of the
most important sectors which is enhancing the use of technology. The definition of internet of
things it refers to objects which are connected through the concept of technology. Example of
field which can be referred to the concept may be the smart TV, smart lock and many more. The
implementation of the internet of things can be directed towards the health care sector even.
Different types of future implementation can be dominated to the area and advantage can be
gained from the concept. It can be stated here that in any type of technology security always play
a very vital role (Sadeghi, Wachsmann and Waidner 2015). It can be stated here that in the
concept of the internet of things security is also one of the most concern areas. Internet of things
implementation can be widely in most of the area which are related to the common activity of the
people which directly applies to the wide range of benefit for the common people. In the future it
can be stated that the technology of the internet of things (IoT) would be dominating the different
sector of the telecommunication and different approaches which would be related to the aspect of
the generation of security in a system. Researchers have stated that internet of things deployment
can be enhanced in any sector of the choice of implementation.
The main focus point of the report is to take into consideration different aspects which
are related to the concept of the internet of things. In most of the cases the major advantage
which are related to the technology are mainly discussed in the report. On the other hand, the risk
which are associated with the concept are also discussed as in any technology risk factors may
form a degradation factor relating to the technology.
Technology of IoT
In any type of technology, it can be stated that risk factors are highly indulged into the
concept and would be dominating the sector of implementation of the technology. Risk factors
can be very much genuine in most of the cases which can occur due to the aspect of the human
oriented conditions or external and internal risk factors (Sajid, Abbas and Saleem 2016). The
main factor which can be applied to the concept is that the identification of the factor of the risk.
It should be taken into consideration that the factor of risk should not get indulged into the
system which would be disrupting the normal functionality of the system. The mitigation aspect
of the risk plays a very dominating role in the scenario and should involve the sector of carrying
the risk oriented aspect towards the initiation of the system (Sadeghi, Wachsmann and Waidner
2015). Moreover, it can be stated that the system implementation of the concept is very much
crucial which would be including the aspect of the security of the system.
Introduction
Technology is playing a very vital role in the sphere of the life of the common people. It
can be stated here that technology can be implemented in different areas and advantage can be
gain from the concept. In recent times the technology of internet of things is being one of the
most important sectors which is enhancing the use of technology. The definition of internet of
things it refers to objects which are connected through the concept of technology. Example of
field which can be referred to the concept may be the smart TV, smart lock and many more. The
implementation of the internet of things can be directed towards the health care sector even.
Different types of future implementation can be dominated to the area and advantage can be
gained from the concept. It can be stated here that in any type of technology security always play
a very vital role (Sadeghi, Wachsmann and Waidner 2015). It can be stated here that in the
concept of the internet of things security is also one of the most concern areas. Internet of things
implementation can be widely in most of the area which are related to the common activity of the
people which directly applies to the wide range of benefit for the common people. In the future it
can be stated that the technology of the internet of things (IoT) would be dominating the different
sector of the telecommunication and different approaches which would be related to the aspect of
the generation of security in a system. Researchers have stated that internet of things deployment
can be enhanced in any sector of the choice of implementation.
The main focus point of the report is to take into consideration different aspects which
are related to the concept of the internet of things. In most of the cases the major advantage
which are related to the technology are mainly discussed in the report. On the other hand, the risk
which are associated with the concept are also discussed as in any technology risk factors may
form a degradation factor relating to the technology.
Technology of IoT
In any type of technology, it can be stated that risk factors are highly indulged into the
concept and would be dominating the sector of implementation of the technology. Risk factors
can be very much genuine in most of the cases which can occur due to the aspect of the human
oriented conditions or external and internal risk factors (Sajid, Abbas and Saleem 2016). The
main factor which can be applied to the concept is that the identification of the factor of the risk.
It should be taken into consideration that the factor of risk should not get indulged into the
system which would be disrupting the normal functionality of the system. The mitigation aspect
of the risk plays a very dominating role in the scenario and should involve the sector of carrying
the risk oriented aspect towards the initiation of the system (Sadeghi, Wachsmann and Waidner
2015). Moreover, it can be stated that the system implementation of the concept is very much
crucial which would be including the aspect of the security of the system.
3COMPUTER SYSTEMS SECURITY
Security analysis
Risk assists
There can be different types of risk mitigation strategy which can be implemented in the
process of the technology. The strategy can be implemented for a means of detection of the risk
factors and how they can be implemented in order to directly safe guard the system and its
different components. It can be indicated from the aspect of the technology that safeguarding the
system can be one of the prime factors which can be related to the aspect of the internet of
things. Different strategy such as appointment of trained personal who can indulge into the
working of the system in an ethical manner which would be focusing on the aspect of the
securing the data of the organization. Security of the data is always a prime factor in the aspect
of the security of the data. The person who are involved into the working of the organization
should have appropriate training which would be directly securing the data of the system so that
it is not accessed by any other person expect the authorized persons.
Risk Vulnerability
Risk factors can come in different forms depending upon the circumstances the system is
under and the condition it is facing. The risk factors can be categorized accordingly and
mitigation strategy can be implemented accordingly. Most of risk factors can be stated to be
originated with a motive and factors which indulge into the systems operation mainly to gain
control over the system or gain control over the data of the system. In most of the cases it can be
stated that unauthorized access to the data can be one of the prime factors which can be related to
the aspect of the risk and security of the data (Sajid, Abbas and Saleem 2016). Proper mitigation
strategy in such types of situation are very much important which directly help in the aspect of
the generation of the security of the data. In crucial situation it can be stated that the risk factors
can directly indulge into the system and abrupt the normal functionality of the system and put the
data of the system at a position of risk (Sadeghi, Wachsmann and Waidner 2015).
Risk (Analysis in IoT based devices)
Internet of things (IoT) is considered to be well known platform which is mainly used for
creating large number of opportunities in various domains like business, government and
education. Along with the various advantage the IoT security solution comes up with various
kinds of security issues which needs to be mitigated (Hossain, Fotouhi and Hasan 2015).
Extended kind of cyber security solution is various kinds of IoT environment and physical
environment which can be easily helpful in analyzing various kinds of issues in IT environment.
Establishment of connection with previous kinds of unconnected devices to internet can be
considered as a useful way for improving the way the people work. People round the globe can
easily find and reserve for opening space of their smartphone. Different cities round the globe
can easily conserve water by proper monitoring of soil moisture over the network and easily
control on various kinds of sprinklers. Various utilities can easily monitor smart meters which
can easily detect various kinds of outage before the consumer can detect outages before
Security analysis
Risk assists
There can be different types of risk mitigation strategy which can be implemented in the
process of the technology. The strategy can be implemented for a means of detection of the risk
factors and how they can be implemented in order to directly safe guard the system and its
different components. It can be indicated from the aspect of the technology that safeguarding the
system can be one of the prime factors which can be related to the aspect of the internet of
things. Different strategy such as appointment of trained personal who can indulge into the
working of the system in an ethical manner which would be focusing on the aspect of the
securing the data of the organization. Security of the data is always a prime factor in the aspect
of the security of the data. The person who are involved into the working of the organization
should have appropriate training which would be directly securing the data of the system so that
it is not accessed by any other person expect the authorized persons.
Risk Vulnerability
Risk factors can come in different forms depending upon the circumstances the system is
under and the condition it is facing. The risk factors can be categorized accordingly and
mitigation strategy can be implemented accordingly. Most of risk factors can be stated to be
originated with a motive and factors which indulge into the systems operation mainly to gain
control over the system or gain control over the data of the system. In most of the cases it can be
stated that unauthorized access to the data can be one of the prime factors which can be related to
the aspect of the risk and security of the data (Sajid, Abbas and Saleem 2016). Proper mitigation
strategy in such types of situation are very much important which directly help in the aspect of
the generation of the security of the data. In crucial situation it can be stated that the risk factors
can directly indulge into the system and abrupt the normal functionality of the system and put the
data of the system at a position of risk (Sadeghi, Wachsmann and Waidner 2015).
Risk (Analysis in IoT based devices)
Internet of things (IoT) is considered to be well known platform which is mainly used for
creating large number of opportunities in various domains like business, government and
education. Along with the various advantage the IoT security solution comes up with various
kinds of security issues which needs to be mitigated (Hossain, Fotouhi and Hasan 2015).
Extended kind of cyber security solution is various kinds of IoT environment and physical
environment which can be easily helpful in analyzing various kinds of issues in IT environment.
Establishment of connection with previous kinds of unconnected devices to internet can be
considered as a useful way for improving the way the people work. People round the globe can
easily find and reserve for opening space of their smartphone. Different cities round the globe
can easily conserve water by proper monitoring of soil moisture over the network and easily
control on various kinds of sprinklers. Various utilities can easily monitor smart meters which
can easily detect various kinds of outage before the consumer can detect outages before
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4COMPUTER SYSTEMS SECURITY
customers makes a power loss. Manufacturing operators can easily receive alerts on real time
basis when various kinds of equipment’s can easily start rising so that they can easily make
various kinds of repairing which can be used for prevention of interruptions (Bekara 2014).
Mining companies can easily improve their safety procedure or methods by proper kind of
tracking of location of equipment’s and miners. Connection previously to various kinds of
unconnected device to internet is considered as a proper kind of method which can be used for
improving the way people work and live. The large number of devices can easily bring new kind
of connected devices which is inclusive of countless number of devices. For a sample various
kinds of environmental factors are included like wearable kind of electronic devices, parking
space sensors. With growth in number of data which is travelling on the network can easily
originate outside the given network. Some of these devices are unsecured location in roadsides,
railways and bridges. IoT in smart phone are increasing on everyday interval due to digital
devices which can effectively establish communication with each other by making use of
Internet protocol address (Sicari et al. 2015). Various kinds of IoT security solutions are
increasing on everyday interval and along with this chances of various malicious attacks are also
increasing on everyday interval. If the number of smart phone which can operate independently
and chances of various kinds of malicious attack can also decrease. Currently various kinds of
smart devices which are home based can be easily used or accessed by the help of internet
connection at and at any time interval. So as a result chances of various malicious codes can
easily increase on this particular type of devices. A smart home generally comprises of different
four parts that is service platform, home gateway, smart devices and home based network
(Farooq et al., 2015). In smart home various kinds of smart devices are mainly connected which
smartly shares information by making use of a home based network. Apart from this it also
comprises of home gateway which can easily control the flow of information among various
information which can easily be used for establishing connection to an external network. Various
kinds of platform can easily make use of service or service providers which can easily deliver
different kind of service to given some network (Sajid, Abbas and Saleem 2016). Most of the
given devices which are connected to the internet network are not properly equipped with any
kind of security mechanism and are mainly vulnerable to various kinds of issues related to any
kind of security and privacy. For some of the IoT security solutions, some of the requirement
must be properly analyzed for preventing the network from kind of malicious attacks.
customers makes a power loss. Manufacturing operators can easily receive alerts on real time
basis when various kinds of equipment’s can easily start rising so that they can easily make
various kinds of repairing which can be used for prevention of interruptions (Bekara 2014).
Mining companies can easily improve their safety procedure or methods by proper kind of
tracking of location of equipment’s and miners. Connection previously to various kinds of
unconnected device to internet is considered as a proper kind of method which can be used for
improving the way people work and live. The large number of devices can easily bring new kind
of connected devices which is inclusive of countless number of devices. For a sample various
kinds of environmental factors are included like wearable kind of electronic devices, parking
space sensors. With growth in number of data which is travelling on the network can easily
originate outside the given network. Some of these devices are unsecured location in roadsides,
railways and bridges. IoT in smart phone are increasing on everyday interval due to digital
devices which can effectively establish communication with each other by making use of
Internet protocol address (Sicari et al. 2015). Various kinds of IoT security solutions are
increasing on everyday interval and along with this chances of various malicious attacks are also
increasing on everyday interval. If the number of smart phone which can operate independently
and chances of various kinds of malicious attack can also decrease. Currently various kinds of
smart devices which are home based can be easily used or accessed by the help of internet
connection at and at any time interval. So as a result chances of various malicious codes can
easily increase on this particular type of devices. A smart home generally comprises of different
four parts that is service platform, home gateway, smart devices and home based network
(Farooq et al., 2015). In smart home various kinds of smart devices are mainly connected which
smartly shares information by making use of a home based network. Apart from this it also
comprises of home gateway which can easily control the flow of information among various
information which can easily be used for establishing connection to an external network. Various
kinds of platform can easily make use of service or service providers which can easily deliver
different kind of service to given some network (Sajid, Abbas and Saleem 2016). Most of the
given devices which are connected to the internet network are not properly equipped with any
kind of security mechanism and are mainly vulnerable to various kinds of issues related to any
kind of security and privacy. For some of the IoT security solutions, some of the requirement
must be properly analyzed for preventing the network from kind of malicious attacks.
5COMPUTER SYSTEMS SECURITY
Fig 1: Relationship between various terms in Security
(Source: Created by Author)
Risk mitigation/Protection
Major requirements required kind of capabilities of secure network has been discussed
below
Resilience to attacks: Various system should be enough capable so that it can easily
recover itself from various kinds of crashes which may take place during transmission of data
(Sadeghi, Wachsmann and Waidner 2015). A server which is used in working with multiuser
environment should be enough strong for protecting itself from various kinds of intruders.
Data Authentication: Data containing important information should be authenticated. A
proper kind of authentication mechanism mainly allows transmission of data from only
authenticated devices.
Access Control: Various authorized person should be provided to various kinds of access
control. It is the duty of system administrator to gain control access to large number of users by
properly managing of the usernames and passwords (Stojmenovic and Wen 2014). Along with it
also focus on defining some kind of rights which can be used by different users who can easily
have access to relevant kind of information from the part of database or any kind of programs.
Client privacy: The information and data should be considered to be placed at safe
location. Personal data containing important information should be only accessed by some
limited and authorized person only, so the privacy of the client can be easily maintained (Tao et
Fig 1: Relationship between various terms in Security
(Source: Created by Author)
Risk mitigation/Protection
Major requirements required kind of capabilities of secure network has been discussed
below
Resilience to attacks: Various system should be enough capable so that it can easily
recover itself from various kinds of crashes which may take place during transmission of data
(Sadeghi, Wachsmann and Waidner 2015). A server which is used in working with multiuser
environment should be enough strong for protecting itself from various kinds of intruders.
Data Authentication: Data containing important information should be authenticated. A
proper kind of authentication mechanism mainly allows transmission of data from only
authenticated devices.
Access Control: Various authorized person should be provided to various kinds of access
control. It is the duty of system administrator to gain control access to large number of users by
properly managing of the usernames and passwords (Stojmenovic and Wen 2014). Along with it
also focus on defining some kind of rights which can be used by different users who can easily
have access to relevant kind of information from the part of database or any kind of programs.
Client privacy: The information and data should be considered to be placed at safe
location. Personal data containing important information should be only accessed by some
limited and authorized person only, so the privacy of the client can be easily maintained (Tao et
6COMPUTER SYSTEMS SECURITY
al. 2014). It ultimately focuses on the fact authenticated users for the given system or various
other type of client which can easily have access to private information of various client .
Evaluation of legal, social and ethical issues in secure systems
Information system round the globe have made various business much successful.
Improper kind of IoT security solutions can easily result in creation of large number of problem
for both organization and employees (Gope and Hwang 2016). Various criminals can easily get
access to the information of credit card which can ultimately lead to various financial loss to
various kinds of owners.
Cyber-crime: Cybercrime mainly refers to use of various kinds of information
technology which is used for committing large number of crimes (Zhou et al. 2017).
Cybercrimes can easily range from simple kind of computers to users which can result in
financial losses along with loss of human life. The development of various smartphones and kind
of high end devices can easily result in easy access to internet and can also contributed to growth
of various kinds of cyber-crimes.
Theft: It can easily occur when cyber-criminal crimes which can easily identify various
kinds of practices which are malfunction. It is mainly done for accessing some kind of personal
information (Al-Fuqaha et al. 2015). The details can be easily used in large number of crimes
like security numbers and passport number. As soon as the information has been acquired by
various kinds of cyber criminals, it can be easily used for making some kind of online purchase
while impersonation himself. One of the useful ways for obtaining personal information is
phishing. It mainly involves creation of fake websites which is considered to be similar to
various kinds of business websites or emails (Al-Fuqaha et al. 2015). Some other kind of
phishing techniques mainly involves the use of some kind of fake websites which mainly looks
like the legitimate one. This particular technology is more common in some of public places like
restaurants as well as airports.
Copyright infringement: Privacy is mainly considered as one of the biggest problem
with various kinds of digital technology. Websites like pirate bay can be easily be easily used for
distributing various kinds of copyright materials like video, software etc. Copyright infringement
can easily refer to some kind of unauthorized kind of use of copyright materials (Flauzac et al.
2015). Fast kind of internet access and minimizing of cost of storage can easily contribute to the
proper growth of copyright infringements crimes.
Hacking: Hacking is mainly used for by passing various kinds of security controls which
is mainly used for gaining some kind of unauthorized kind of access to various system. As soon
as attackers have gained access to system they can easily do anything as per the wish (Flauzac et
al. 2015). Some of the common kind of steps done by hacker are installation of programs which
mainly allows attackers to easily spy on various kinds of users or even control on their system.
Apart from this they can also do some kind of activity like stealing of information. Stealing can
be easily by making use of technique like SQL injection, exploration of vulnerabilities in the
database software for gaining an easy kind of access.
Data loss: If the data centre can catch fire or was flooded then the hardware can be easily
damaged with the data loss and all the data stored in it can be easily lost (Flauzac et al. 2015).
al. 2014). It ultimately focuses on the fact authenticated users for the given system or various
other type of client which can easily have access to private information of various client .
Evaluation of legal, social and ethical issues in secure systems
Information system round the globe have made various business much successful.
Improper kind of IoT security solutions can easily result in creation of large number of problem
for both organization and employees (Gope and Hwang 2016). Various criminals can easily get
access to the information of credit card which can ultimately lead to various financial loss to
various kinds of owners.
Cyber-crime: Cybercrime mainly refers to use of various kinds of information
technology which is used for committing large number of crimes (Zhou et al. 2017).
Cybercrimes can easily range from simple kind of computers to users which can result in
financial losses along with loss of human life. The development of various smartphones and kind
of high end devices can easily result in easy access to internet and can also contributed to growth
of various kinds of cyber-crimes.
Theft: It can easily occur when cyber-criminal crimes which can easily identify various
kinds of practices which are malfunction. It is mainly done for accessing some kind of personal
information (Al-Fuqaha et al. 2015). The details can be easily used in large number of crimes
like security numbers and passport number. As soon as the information has been acquired by
various kinds of cyber criminals, it can be easily used for making some kind of online purchase
while impersonation himself. One of the useful ways for obtaining personal information is
phishing. It mainly involves creation of fake websites which is considered to be similar to
various kinds of business websites or emails (Al-Fuqaha et al. 2015). Some other kind of
phishing techniques mainly involves the use of some kind of fake websites which mainly looks
like the legitimate one. This particular technology is more common in some of public places like
restaurants as well as airports.
Copyright infringement: Privacy is mainly considered as one of the biggest problem
with various kinds of digital technology. Websites like pirate bay can be easily be easily used for
distributing various kinds of copyright materials like video, software etc. Copyright infringement
can easily refer to some kind of unauthorized kind of use of copyright materials (Flauzac et al.
2015). Fast kind of internet access and minimizing of cost of storage can easily contribute to the
proper growth of copyright infringements crimes.
Hacking: Hacking is mainly used for by passing various kinds of security controls which
is mainly used for gaining some kind of unauthorized kind of access to various system. As soon
as attackers have gained access to system they can easily do anything as per the wish (Flauzac et
al. 2015). Some of the common kind of steps done by hacker are installation of programs which
mainly allows attackers to easily spy on various kinds of users or even control on their system.
Apart from this they can also do some kind of activity like stealing of information. Stealing can
be easily by making use of technique like SQL injection, exploration of vulnerabilities in the
database software for gaining an easy kind of access.
Data loss: If the data centre can catch fire or was flooded then the hardware can be easily
damaged with the data loss and all the data stored in it can be easily lost (Flauzac et al. 2015).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7COMPUTER SYSTEMS SECURITY
For standard security kind of test most of the organization can easily keep various backups of
data in remote places.
Biometric authentication: Currently it is becoming very common with various kinds of
mobile devices like smartphone. The phone can easily record the fingerprint of user and use it for
authentication purpose.
Past work reviews
Mahmoud et al. (2015), “the more objects get linked via the Internet of Things, the
greater becomes the possibility of digital mischief or mayhem.” The statement above can be
taken as evidence to state the crucial value of the need of research work and in the process an
adequate mitigation strategy for the security and privacy threats posed by the IoT to its users.
The subject of the paper though offers crucial value to the ease and smartness in use of everyday
instruments and works associated with them however, the challenges that they offer are also
prominent. Hence, Farooq et al. (2015), also focused on the same subject and divided the
security challenges associated with the IoT in the following challenges according to their
sources:
Perception Layer Challenges
Sharma, Zawar and Patil (2016), defines perception layer of the IoT architecture as the
layer of the architecture that consists of the data sensors and fulfil the purpose of identifying the
objects according to their unique code and takes consideration of the data through the sensors in
real life scenario. The definition of the discussed layer can be taken in consideration to
understand the vitality of security for the discussed layer. However, despite of attention to its
security there are certain security vulnerabilities to the discussed layer and they can further be
classified in the following sub-categories:
Unauthorised accessing of the tags: The discussed layer lacks adequate security
measures in the RFID system, the tags or unique ids of all the systems connected within an IoT
network are at threat of unauthorized accessing. The malefactors utilize this vulnerability and
gains access to the tags and it may result in catastrophic situation in context to the data. The
malefactors can steal the data that are associated with the accessed tag and if desires can
manipulate or even delete the data which can prove to be of crucial for the system owner. The
discussed scenario is a threat to privacy of individual, threat to organizational strategy, threat to
financial records and many more crucial data associated plans records.
Tag Cloning: Another potential threat posed at the discussed layer is the cloning of the
tag through which the cyber criminals can access secure access points of the users. Additionally,
cloning of the tag may stay unnoticed by the user for a long time or forever depending upon the
security audit conducted by the user.
Spoofing: Spoofing is another potential threat at the discussed level because as the
malefactors are capable of gaining access to the tags they can broadcast fake notifications &
messages that may develop chaotic situation for the user.
For standard security kind of test most of the organization can easily keep various backups of
data in remote places.
Biometric authentication: Currently it is becoming very common with various kinds of
mobile devices like smartphone. The phone can easily record the fingerprint of user and use it for
authentication purpose.
Past work reviews
Mahmoud et al. (2015), “the more objects get linked via the Internet of Things, the
greater becomes the possibility of digital mischief or mayhem.” The statement above can be
taken as evidence to state the crucial value of the need of research work and in the process an
adequate mitigation strategy for the security and privacy threats posed by the IoT to its users.
The subject of the paper though offers crucial value to the ease and smartness in use of everyday
instruments and works associated with them however, the challenges that they offer are also
prominent. Hence, Farooq et al. (2015), also focused on the same subject and divided the
security challenges associated with the IoT in the following challenges according to their
sources:
Perception Layer Challenges
Sharma, Zawar and Patil (2016), defines perception layer of the IoT architecture as the
layer of the architecture that consists of the data sensors and fulfil the purpose of identifying the
objects according to their unique code and takes consideration of the data through the sensors in
real life scenario. The definition of the discussed layer can be taken in consideration to
understand the vitality of security for the discussed layer. However, despite of attention to its
security there are certain security vulnerabilities to the discussed layer and they can further be
classified in the following sub-categories:
Unauthorised accessing of the tags: The discussed layer lacks adequate security
measures in the RFID system, the tags or unique ids of all the systems connected within an IoT
network are at threat of unauthorized accessing. The malefactors utilize this vulnerability and
gains access to the tags and it may result in catastrophic situation in context to the data. The
malefactors can steal the data that are associated with the accessed tag and if desires can
manipulate or even delete the data which can prove to be of crucial for the system owner. The
discussed scenario is a threat to privacy of individual, threat to organizational strategy, threat to
financial records and many more crucial data associated plans records.
Tag Cloning: Another potential threat posed at the discussed layer is the cloning of the
tag through which the cyber criminals can access secure access points of the users. Additionally,
cloning of the tag may stay unnoticed by the user for a long time or forever depending upon the
security audit conducted by the user.
Spoofing: Spoofing is another potential threat at the discussed level because as the
malefactors are capable of gaining access to the tags they can broadcast fake notifications &
messages that may develop chaotic situation for the user.
8COMPUTER SYSTEMS SECURITY
RF Jamming: The attackers can also jam the Radio frequency of RFID by developing
extra noise in the communication channel which is undesirable.
Network layer challenges:
The discussed layer is the layer which holds responsibility for the communication
between the network associated systems and the server or user (Sharma, Zawar and Patil 2016).
The threats associated with the layer has been listed as follows:
Sybil attack: In the discussed attack the malefactors manipulates the access nodes to cite
multiple identities for a node. The discussed threat is capable of compromising the system and
cite false data about that are relevant to the redundancy of the system (Sadeghi, Wachsmann and
Waidner 2015).
Sinkhole attack: The discussed attack can be considered as a smart attack because the
malefactors in the discussed attack makes one of the node attractive due to which the system
diverts all the data towards the node in consideration. It results in making the system believe that
the data has been received however, the fact is adverse in nature than the visible.
Sleep deprivation attack: The attack in consideration deprives the nodes from sleeping
which leads to consumption of more power from the battery and ultimately exhausts the battery
life resulting in the shutting down of the node interrupting the operations.
DoS (Denial of Service) attack: One of the most well-known attack in which the system
is over trafficked which leads to exhaustion of network & system resources and in the process
disrupting the user from accessing the system.
Malicious code injection: The system is injected with a malicious code that results in
either shutdown of the system or complete access of the system to the attacker.
Man-in-the-Middle attack: The communication channel is targeted in the discussed
scenario which enables the malefactor to gain access to the conversation over the communication
channel.
Middle-ware Layer challenges:
The layer in consideration holds responsibility of the processing of the data and
storing it adequately in the database and hence can be stated that the layer consists of processing
units and association with database (Mahmoud et al. 2015). The threats for the discussed layer
has been listed as follows:
Unauthorised access: The malefactors in the discussed attacks gains access to the
processing units and the database which they can use to halt the system and its operations or
even delete the data stored in the database which is very much undesirable for the user and
network owners.
DoS attack: The discussed threat as discussed above is capable of shutting the system
which leads to service unavailability.
RF Jamming: The attackers can also jam the Radio frequency of RFID by developing
extra noise in the communication channel which is undesirable.
Network layer challenges:
The discussed layer is the layer which holds responsibility for the communication
between the network associated systems and the server or user (Sharma, Zawar and Patil 2016).
The threats associated with the layer has been listed as follows:
Sybil attack: In the discussed attack the malefactors manipulates the access nodes to cite
multiple identities for a node. The discussed threat is capable of compromising the system and
cite false data about that are relevant to the redundancy of the system (Sadeghi, Wachsmann and
Waidner 2015).
Sinkhole attack: The discussed attack can be considered as a smart attack because the
malefactors in the discussed attack makes one of the node attractive due to which the system
diverts all the data towards the node in consideration. It results in making the system believe that
the data has been received however, the fact is adverse in nature than the visible.
Sleep deprivation attack: The attack in consideration deprives the nodes from sleeping
which leads to consumption of more power from the battery and ultimately exhausts the battery
life resulting in the shutting down of the node interrupting the operations.
DoS (Denial of Service) attack: One of the most well-known attack in which the system
is over trafficked which leads to exhaustion of network & system resources and in the process
disrupting the user from accessing the system.
Malicious code injection: The system is injected with a malicious code that results in
either shutdown of the system or complete access of the system to the attacker.
Man-in-the-Middle attack: The communication channel is targeted in the discussed
scenario which enables the malefactor to gain access to the conversation over the communication
channel.
Middle-ware Layer challenges:
The layer in consideration holds responsibility of the processing of the data and
storing it adequately in the database and hence can be stated that the layer consists of processing
units and association with database (Mahmoud et al. 2015). The threats for the discussed layer
has been listed as follows:
Unauthorised access: The malefactors in the discussed attacks gains access to the
processing units and the database which they can use to halt the system and its operations or
even delete the data stored in the database which is very much undesirable for the user and
network owners.
DoS attack: The discussed threat as discussed above is capable of shutting the system
which leads to service unavailability.
9COMPUTER SYSTEMS SECURITY
Malicious insider: The discussed attack is an inside attack in which the attacker who are
authorised by the system & network manipulates with the data to fulfil their personal agenda or
offer benefit to the third party.
Application layer challenge
The layer in consideration is the layer that is responsible for citing the results that
the user deems to be of need (Hossain, Fotouhi and Hasan 2015). The threats associated with the
discussed layer are listed as follows:
Malicious code infection: The attackers in the discussed attack hack the system and
injects it with some malicious codes that enable them to manipulate or steal the data that are
relevant to the user (Sadeghi, Wachsmann and Waidner 2015).
DoS attack: In the discussed layer the method of attack is common as discussed before
however, the approach is different because the user or defensive walls are made to be believe
that the attacks are being carried out at a different node which provides the attackers enough time
and opportunity to get in the system.
Spear-phishing attack: The discussed attack is carried out through e-mails. The high
officials of a network are delivered a phishing mail and when they access the mail, the attackers
gain access to the credentials of the network and becomes a significant threat.
Sniffing attack: A sniffer application is introduced in the system in the attack in
consideration which authorizes the attackers to corrupt the system.
Cryptographic approaches and its application
The section above took account of the literary work of the past to cite the threats that are
associated with the IoT network and it has also been identifies that no absolute solution exists
that is capable of mitigating the discussed threat. However, one of the potential solution to the
discussed technology is the cryptographic approach. Cryptography is one of the most disruptive
technology and have proved itself to be of prominent advantage in different fields and one of
such field is the security in IoT. The reason associated with the security benefits offered by the
cryptography to the subject is that most of the threats that are associated with the subject are
similar to the internet attacks and hence can be assessed. Though, it should also be noted that the
remedial strategy for the internet attacks and the IoT attacks differ in nature because the
consequences of the attacks differ according to the subject.
The discussed threats cab be mitigated by the adoption of lightweight cryptography. The
term ‘lightweight’ here has association with the nature of less consumption of the system &
network resources. The cryptographic approach of security can be classified in two different
categories as symmetric and asymmetric cryptographic approach. The symmetric cryptographic
approach follows a likelihood method for the security. In the discussed scenario the data are
encrypted with a key before sharing or storing and the same key is used to decrypt the data to
gain access to the system. The encryption makes it difficult for the malefactors to gain access to
the system and network which mitigates the threat to the IoT (Sadeghi, Wachsmann and Waidner
2015).
Malicious insider: The discussed attack is an inside attack in which the attacker who are
authorised by the system & network manipulates with the data to fulfil their personal agenda or
offer benefit to the third party.
Application layer challenge
The layer in consideration is the layer that is responsible for citing the results that
the user deems to be of need (Hossain, Fotouhi and Hasan 2015). The threats associated with the
discussed layer are listed as follows:
Malicious code infection: The attackers in the discussed attack hack the system and
injects it with some malicious codes that enable them to manipulate or steal the data that are
relevant to the user (Sadeghi, Wachsmann and Waidner 2015).
DoS attack: In the discussed layer the method of attack is common as discussed before
however, the approach is different because the user or defensive walls are made to be believe
that the attacks are being carried out at a different node which provides the attackers enough time
and opportunity to get in the system.
Spear-phishing attack: The discussed attack is carried out through e-mails. The high
officials of a network are delivered a phishing mail and when they access the mail, the attackers
gain access to the credentials of the network and becomes a significant threat.
Sniffing attack: A sniffer application is introduced in the system in the attack in
consideration which authorizes the attackers to corrupt the system.
Cryptographic approaches and its application
The section above took account of the literary work of the past to cite the threats that are
associated with the IoT network and it has also been identifies that no absolute solution exists
that is capable of mitigating the discussed threat. However, one of the potential solution to the
discussed technology is the cryptographic approach. Cryptography is one of the most disruptive
technology and have proved itself to be of prominent advantage in different fields and one of
such field is the security in IoT. The reason associated with the security benefits offered by the
cryptography to the subject is that most of the threats that are associated with the subject are
similar to the internet attacks and hence can be assessed. Though, it should also be noted that the
remedial strategy for the internet attacks and the IoT attacks differ in nature because the
consequences of the attacks differ according to the subject.
The discussed threats cab be mitigated by the adoption of lightweight cryptography. The
term ‘lightweight’ here has association with the nature of less consumption of the system &
network resources. The cryptographic approach of security can be classified in two different
categories as symmetric and asymmetric cryptographic approach. The symmetric cryptographic
approach follows a likelihood method for the security. In the discussed scenario the data are
encrypted with a key before sharing or storing and the same key is used to decrypt the data to
gain access to the system. The encryption makes it difficult for the malefactors to gain access to
the system and network which mitigates the threat to the IoT (Sadeghi, Wachsmann and Waidner
2015).
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10COMPUTER SYSTEMS SECURITY
On the contrary the asymmetric cryptography takes account of the non-likelihood
method. The discussed approach also adopts the encryption process to safe keep the data
however, the key used to encrypt the data differs in nature from the key that is used for the
decryption.
Both the security methods are great to protect the system and the network from the
attacks however, the asymmetric cryptographic approach can prove to be of great prominence
against the malicious insiders. The reason for the above made statement lays base on the fact that
the insider may have access to the encryption key which will enable the attacker to gain access to
data if the symmetric cryptographic approach is adopt. While in asymmetric cryptographic
approach the attacker needs to gain access to the decryption key as well to successfully deploy
their attack.
On the contrary the asymmetric cryptography takes account of the non-likelihood
method. The discussed approach also adopts the encryption process to safe keep the data
however, the key used to encrypt the data differs in nature from the key that is used for the
decryption.
Both the security methods are great to protect the system and the network from the
attacks however, the asymmetric cryptographic approach can prove to be of great prominence
against the malicious insiders. The reason for the above made statement lays base on the fact that
the insider may have access to the encryption key which will enable the attacker to gain access to
data if the symmetric cryptographic approach is adopt. While in asymmetric cryptographic
approach the attacker needs to gain access to the decryption key as well to successfully deploy
their attack.
11COMPUTER SYSTEMS SECURITY
References:
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M. and Ayyash, M., 2015. Internet of
things: A survey on enabling technologies, protocols, and applications. IEEE Communications
Surveys & Tutorials, 17(4), pp.2347-2376.
Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing: Opportunities and
challenges. Information sciences, 305, pp.357-383.
Barker, E., 2017. SP 800-67 Rev. 2, Recommendation for Triple Data Encryption Algorithm
(TDEA) Block Cipher. NIST special publication, 800, p.67.
Bekara, C., 2014. Security issues and challenges for the IoT-based smart grid. Procedia
Computer Science, 34, pp.532-537.
Burbank, J.L., 2016. Security in Cognitive Radio Networks. Chap, 6, pp.161-182.
Farooq, M.U., Waseem, M., Khairi, A. and Mazhar, S., 2015. A critical analysis on the security
concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).
Flauzac, O., Gonzalez, C., Hachani, A. and Nolot, F., 2015, March. SDN based architecture for
IoT and improvement of the security. In Advanced Information Networking and Applications
Workshops (WAINA), 2015 IEEE 29th International Conference on (pp. 688-693). IEEE.
Gope, P. and Hwang, T., 2016. BSN-Care: A secure IoT-based modern healthcare system using
body sensor network. IEEE Sensors Journal, 16(5), pp.1368-1376.
Hawblitzel, C., Howell, J., Lorch, J.R., Narayan, A., Parno, B., Zhang, D. and Zill, B., 2014,
October. Ironclad Apps: End-to-End Security via Automated Full-System Verification. In OSDI
(Vol. 14, pp. 165-181).
Hossain, M.M., Fotouhi, M. and Hasan, R., 2015, June. Towards an analysis of security issues,
challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE
World Congress on (pp. 21-28). IEEE.
Jacobsson, A., Boldt, M. and Carlsson, B., 2016. A risk analysis of a smart home automation
system. Future Generation Computer Systems, 56, pp.719-733.
Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering
attacks. Journal of Information Security and applications, 22, pp.113-122.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education
India.
Lowry, P.B. and Moody, G.D., 2015. Proposing the control‐reactance compliance model
(CRCM) to explain opposing motivations to comply with organisational information security
policies. Information Systems Journal, 25(5), pp.433-463.
References:
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M. and Ayyash, M., 2015. Internet of
things: A survey on enabling technologies, protocols, and applications. IEEE Communications
Surveys & Tutorials, 17(4), pp.2347-2376.
Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing: Opportunities and
challenges. Information sciences, 305, pp.357-383.
Barker, E., 2017. SP 800-67 Rev. 2, Recommendation for Triple Data Encryption Algorithm
(TDEA) Block Cipher. NIST special publication, 800, p.67.
Bekara, C., 2014. Security issues and challenges for the IoT-based smart grid. Procedia
Computer Science, 34, pp.532-537.
Burbank, J.L., 2016. Security in Cognitive Radio Networks. Chap, 6, pp.161-182.
Farooq, M.U., Waseem, M., Khairi, A. and Mazhar, S., 2015. A critical analysis on the security
concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).
Flauzac, O., Gonzalez, C., Hachani, A. and Nolot, F., 2015, March. SDN based architecture for
IoT and improvement of the security. In Advanced Information Networking and Applications
Workshops (WAINA), 2015 IEEE 29th International Conference on (pp. 688-693). IEEE.
Gope, P. and Hwang, T., 2016. BSN-Care: A secure IoT-based modern healthcare system using
body sensor network. IEEE Sensors Journal, 16(5), pp.1368-1376.
Hawblitzel, C., Howell, J., Lorch, J.R., Narayan, A., Parno, B., Zhang, D. and Zill, B., 2014,
October. Ironclad Apps: End-to-End Security via Automated Full-System Verification. In OSDI
(Vol. 14, pp. 165-181).
Hossain, M.M., Fotouhi, M. and Hasan, R., 2015, June. Towards an analysis of security issues,
challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE
World Congress on (pp. 21-28). IEEE.
Jacobsson, A., Boldt, M. and Carlsson, B., 2016. A risk analysis of a smart home automation
system. Future Generation Computer Systems, 56, pp.719-733.
Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering
attacks. Journal of Information Security and applications, 22, pp.113-122.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education
India.
Lowry, P.B. and Moody, G.D., 2015. Proposing the control‐reactance compliance model
(CRCM) to explain opposing motivations to comply with organisational information security
policies. Information Systems Journal, 25(5), pp.433-463.
12COMPUTER SYSTEMS SECURITY
Mahmoud, R., Yousuf, T., Aloul, F. and Zualkernan, I., 2015, December. Internet of things (IoT)
security: Current status, challenges and prospective measures. In Internet Technology and
Secured Transactions (ICITST), 2015 10th International Conference for (pp. 336-341). IEEE.
Mao, W., Cai, Z., Towsley, D., Feng, Q. and Guan, X., 2017. Security importance assessment for
system objects and malware detection. Computers & Security, 68, pp.47-68.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through
employee education, training and awareness. Routledge.
Papp, D., Ma, Z. and Buttyan, L., 2015, July. Embedded systems security: Threats,
vulnerabilities, and attack taxonomy. In Privacy, Security and Trust (PST), 2015 13th Annual
Conference on (pp. 145-152). IEEE.
Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in
industrial internet of things. In Proceedings of the 52nd annual design automation conference (p.
54). ACM.
Sajid, A., Abbas, H. and Saleem, K., 2016. Cloud-assisted iot-based scada systems security: A
review of the state of the art and future challenges. IEEE Access, 4, pp.1375-1384.
Sharma, M.P., Zawar, M.S. and Patil, S.B., 2016. Ransomware Analysis: Internet of Things (Iot)
Security Issues, Challenges and Open Problems Inthe Context of Worldwide Scenario of
Security of Systems and Malware Attacks. Int. J. Innov. Res. n Sci. Eng, 2(3), pp.177-184.
Sicari, S., Rizzardi, A., Grieco, L.A. and Coen-Porisini, A., 2015. Security, privacy and trust in
Internet of Things: The road ahead. Computer networks, 76, pp.146-164.
Stojmenovic, I. and Wen, S., 2014, September. The fog computing paradigm: Scenarios and
security issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated
Conference on (pp. 1-8). IEEE.
Tao, F., Cheng, Y., Da Xu, L., Zhang, L. and Li, B.H., 2014. CCIoT-CMfg: cloud computing
and internet of things-based cloud manufacturing service system. IEEE Transactions on
Industrial Informatics, 10(2), pp.1435-1442.
Zhou, J., Cao, Z., Dong, X. and Vasilakos, A.V., 2017. Security and privacy for cloud-based IoT:
Challenges. IEEE Communications Magazine, 55(1), pp.26-33.
Mahmoud, R., Yousuf, T., Aloul, F. and Zualkernan, I., 2015, December. Internet of things (IoT)
security: Current status, challenges and prospective measures. In Internet Technology and
Secured Transactions (ICITST), 2015 10th International Conference for (pp. 336-341). IEEE.
Mao, W., Cai, Z., Towsley, D., Feng, Q. and Guan, X., 2017. Security importance assessment for
system objects and malware detection. Computers & Security, 68, pp.47-68.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through
employee education, training and awareness. Routledge.
Papp, D., Ma, Z. and Buttyan, L., 2015, July. Embedded systems security: Threats,
vulnerabilities, and attack taxonomy. In Privacy, Security and Trust (PST), 2015 13th Annual
Conference on (pp. 145-152). IEEE.
Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in
industrial internet of things. In Proceedings of the 52nd annual design automation conference (p.
54). ACM.
Sajid, A., Abbas, H. and Saleem, K., 2016. Cloud-assisted iot-based scada systems security: A
review of the state of the art and future challenges. IEEE Access, 4, pp.1375-1384.
Sharma, M.P., Zawar, M.S. and Patil, S.B., 2016. Ransomware Analysis: Internet of Things (Iot)
Security Issues, Challenges and Open Problems Inthe Context of Worldwide Scenario of
Security of Systems and Malware Attacks. Int. J. Innov. Res. n Sci. Eng, 2(3), pp.177-184.
Sicari, S., Rizzardi, A., Grieco, L.A. and Coen-Porisini, A., 2015. Security, privacy and trust in
Internet of Things: The road ahead. Computer networks, 76, pp.146-164.
Stojmenovic, I. and Wen, S., 2014, September. The fog computing paradigm: Scenarios and
security issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated
Conference on (pp. 1-8). IEEE.
Tao, F., Cheng, Y., Da Xu, L., Zhang, L. and Li, B.H., 2014. CCIoT-CMfg: cloud computing
and internet of things-based cloud manufacturing service system. IEEE Transactions on
Industrial Informatics, 10(2), pp.1435-1442.
Zhou, J., Cao, Z., Dong, X. and Vasilakos, A.V., 2017. Security and privacy for cloud-based IoT:
Challenges. IEEE Communications Magazine, 55(1), pp.26-33.
1 out of 13
Related Documents
![[object Object]](/_next/image/?url=%2F_next%2Fstatic%2Fmedia%2Flogo.6d15ce61.png&w=640&q=75){kind=small}
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.