Investigating IoT Security and Privacy Issues Across All Domains
VerifiedAdded on 2023/06/13
|8
|6752
|306
Report
AI Summary
This report provides an overview of the security and privacy challenges associated with the Internet of Things (IoT) across various domains. It begins by defining IoT as a network of interconnected devices capable of communicating and sharing information, highlighting its increasing global accept...
Security and Privacy Issues in all domains of IoT
[Name of the Author]
[Name of the Author]
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
ABSTRACT – IoT or the Internet of Things can be considered as the system, which, mainly consists of an interrelated
computing devices digital or mechanical machines and many more. This devices are generally provided with an unique
identifier to identify them. These devices also have the capability of transferring data over the network without any involvement
of the human-to-human or human-to-computer interactions. This new emerging technology is being used in almost every field
to make the live of peoples much easier. However, along with benefits there also exists certain risks regarding the use of IoT.
This report would be discussing about the various security and the privacy challenges faced by IoT while implementing in
various domains. Which is followed by a literature review about the topic that is “ security and privacy issues in all domains of
the IoT”. IoT or Internet of Things can be defined as a network, which generally compromises of physical devices that are
capable of communicating with each other by making use of the internet. They are also capable of gathering and sharing
information. This is an emerging technology and consists of different varieties of “smart devices” which are responsible for the
collection of data by making use of different sensors. This report mainly discusses about the use of IoT in different fields and
what are main challenges that are faced by IoT regarding the security and privacy and the data.
Keywords: IoT, security issues, privacy issues, firmware’s, dynamic testing, DoS attack
1. INTRODUCTION
Internet of Things is one of the most emerging techniques
Internet of things has been gaining the global acceptance from
the audience all over the globe. This global acceptance
increases the usage of the technology Internet of Thing are
nothing but simple electronic devices which has the
transmitter and the receiver embedded in the electronic device
that enables them to communicate and transact over the
platform of the digital communication and the internet. With
the benefit of gaining, the advantage of gaining
communication through the entire globe comes the
disadvantage of security in disguise. Security of the database
has been the major issue for the application of the Internet of
things in regular life.
Along with the evolution of the IT infrastructure and the
networking technologies, there would be numerous number of
barrier, which would be encountered by the IoT technology.
The key challenges faced by IoT is regarding its privacy and
security. As more and more devices are being connected to the
network the decentralized entry points for the malwares is also
increasing. Main tampering occurs in the devices which are
less expensive and are located in area which are mostly
compromised. Different types of new software’s integration of
the middleware and many more things are mainly responsible
for creating new complexities and new security risks as well.
Along with this the compliances is also going to a major issue
for the fields when the personal data of an individual is
involved and there are no such IoT devices that does not
consists of any personal data of the user. It is better to say that
almost every IoT device is associated with collection of at
least one personal data of the user. Security and privacy
measures for the IoT is very important, as this would affect
the lives of the people along with various economic activities.
IoT or Internet of Things can be termed as an network of
physical things which are generally embedded with various
sensors, electronics, software and connectivity so as to allow
the device perform in better way by exchanging the
information with the other devices connected to it or with the
operator or with the manufacturer. Simply it can stated that
IoT is a network where the physical devices are capable of
exchanging the data in an internal way or with the other
devices connected to it. IoT has made out life much more
easier but despite of all this there are certain risks associated
with the use of IoT and the most important concern is
regarding the various security and the privacy challenges
faced by IoT. The report mainly aims at discussing the various
security and privacy challenges faced by IoT in all domains of
IoT. The use of IoT has been adopted in almost every domain.
Along with creating new opportunities, the implementation of
IoT has also brought various risks associated with it.
2. LITERATURE REVIEW
2.1 Security Issues
2.1.1 Insecure Web Interface
Bekara, 2014, in his journal stated that the most important
aspect that affects the infrastructure of the computing system
is the Web Interface of the company. The security aspect of
the Web Interface is also the major concern for the
organizations that are dependent on this feature as their
networking system [9]. Web interface proves to be important
as it as the link between the user and the computing device.
An attack on the web interface allows the cyber criminal to
get access on the direct interface of the networking system.
Modulations made on the interface reflects instantly on the
web media and the clients of the database and the web service
aces a lot of problem as the data that is to be present in the
web is modulated and wrong information is posted in the web
leading to the conflict between the user and the employees of
the organization who provide the web services.
According to Andrea, Chrysostomou & Hadjichristofi,
2015, the methodologies that are undertaken to prevent the
attack on the Web Interfaces are setting up of password and
user name different from the initial username and the
password that was already set during the installation if the
web services [8]. This aspect of changing the initial password
and the username gives the web services a robustness in the
accounting of the database of the web. Another methodology
that is being used in the process to protecting the web
interface from the cyber criminals are by processing of the
password recovery method as in case the password of the web
computing devices digital or mechanical machines and many more. This devices are generally provided with an unique
identifier to identify them. These devices also have the capability of transferring data over the network without any involvement
of the human-to-human or human-to-computer interactions. This new emerging technology is being used in almost every field
to make the live of peoples much easier. However, along with benefits there also exists certain risks regarding the use of IoT.
This report would be discussing about the various security and the privacy challenges faced by IoT while implementing in
various domains. Which is followed by a literature review about the topic that is “ security and privacy issues in all domains of
the IoT”. IoT or Internet of Things can be defined as a network, which generally compromises of physical devices that are
capable of communicating with each other by making use of the internet. They are also capable of gathering and sharing
information. This is an emerging technology and consists of different varieties of “smart devices” which are responsible for the
collection of data by making use of different sensors. This report mainly discusses about the use of IoT in different fields and
what are main challenges that are faced by IoT regarding the security and privacy and the data.
Keywords: IoT, security issues, privacy issues, firmware’s, dynamic testing, DoS attack
1. INTRODUCTION
Internet of Things is one of the most emerging techniques
Internet of things has been gaining the global acceptance from
the audience all over the globe. This global acceptance
increases the usage of the technology Internet of Thing are
nothing but simple electronic devices which has the
transmitter and the receiver embedded in the electronic device
that enables them to communicate and transact over the
platform of the digital communication and the internet. With
the benefit of gaining, the advantage of gaining
communication through the entire globe comes the
disadvantage of security in disguise. Security of the database
has been the major issue for the application of the Internet of
things in regular life.
Along with the evolution of the IT infrastructure and the
networking technologies, there would be numerous number of
barrier, which would be encountered by the IoT technology.
The key challenges faced by IoT is regarding its privacy and
security. As more and more devices are being connected to the
network the decentralized entry points for the malwares is also
increasing. Main tampering occurs in the devices which are
less expensive and are located in area which are mostly
compromised. Different types of new software’s integration of
the middleware and many more things are mainly responsible
for creating new complexities and new security risks as well.
Along with this the compliances is also going to a major issue
for the fields when the personal data of an individual is
involved and there are no such IoT devices that does not
consists of any personal data of the user. It is better to say that
almost every IoT device is associated with collection of at
least one personal data of the user. Security and privacy
measures for the IoT is very important, as this would affect
the lives of the people along with various economic activities.
IoT or Internet of Things can be termed as an network of
physical things which are generally embedded with various
sensors, electronics, software and connectivity so as to allow
the device perform in better way by exchanging the
information with the other devices connected to it or with the
operator or with the manufacturer. Simply it can stated that
IoT is a network where the physical devices are capable of
exchanging the data in an internal way or with the other
devices connected to it. IoT has made out life much more
easier but despite of all this there are certain risks associated
with the use of IoT and the most important concern is
regarding the various security and the privacy challenges
faced by IoT. The report mainly aims at discussing the various
security and privacy challenges faced by IoT in all domains of
IoT. The use of IoT has been adopted in almost every domain.
Along with creating new opportunities, the implementation of
IoT has also brought various risks associated with it.
2. LITERATURE REVIEW
2.1 Security Issues
2.1.1 Insecure Web Interface
Bekara, 2014, in his journal stated that the most important
aspect that affects the infrastructure of the computing system
is the Web Interface of the company. The security aspect of
the Web Interface is also the major concern for the
organizations that are dependent on this feature as their
networking system [9]. Web interface proves to be important
as it as the link between the user and the computing device.
An attack on the web interface allows the cyber criminal to
get access on the direct interface of the networking system.
Modulations made on the interface reflects instantly on the
web media and the clients of the database and the web service
aces a lot of problem as the data that is to be present in the
web is modulated and wrong information is posted in the web
leading to the conflict between the user and the employees of
the organization who provide the web services.
According to Andrea, Chrysostomou & Hadjichristofi,
2015, the methodologies that are undertaken to prevent the
attack on the Web Interfaces are setting up of password and
user name different from the initial username and the
password that was already set during the installation if the
web services [8]. This aspect of changing the initial password
and the username gives the web services a robustness in the
accounting of the database of the web. Another methodology
that is being used in the process to protecting the web
interface from the cyber criminals are by processing of the
password recovery method as in case the password of the web
service is changed by the cyber criminal then the genuine
client can gain access of the data in the web service with the
help of the restoring password methodology. Another way of
terminating the risk of ten cyber attack in the web interface is
by setting reference for the password so that the password that
is set is well strong for the cyber criminals to harm the web
interface and the gain access to the front end of the web
interface.
2.1.2 Insufficient authorization
Gatsis & Pappas, 2017, in their book stated that the
inefficient methodology that is applied in the usage of the
process from securing the web services has been acting as one
of the major causes for the security issues in the field of
Internet of things [6]. The computing devices that deploy the
methodology of the authentication of the user of the web
service is very inefficient as the imposters can use the identity
of the genuine clients and gain access to the web services and
modulate the information that harms the clients who use the
web service. This security problems faced is due to the fact
that the password complexity of the web services are not as
strong as it is required for preventing the imposters to gain
access to the personal accounts or the data that are private in
nature. Again according to Sridhar & Smys, 2017, another
reason of insufficient authentication problem is that
credentials of the database are very poorly protected which
makes the credentials vulnerable to the imposters. The
authentication systems that are applied in the database are one
factor authentication system. The liability of the one factor
authentication is limited and the robustness of the platform is
affected due to this terminology of one factor authentication
methodology [11]. Insecurity in the password recovery
methodology is availed due to the fact the lack of robustness
in the setting of the password. The control of the rile based
access is not well maintained which leads to the fact of lack of
authentication robustness of the database.
According to Pacheco & Hariri, 2016, the password that is
being set for the database has to be strong enough to be
cracked by the imposters in order to keep the database
protected from the imposters are by ensuring that the
password that set for the data base is strong enough to be
cracked [5]. To prevent the access of the imposters the most
important thing that should be checked is the positioning of
the granular access control. To keep the data base protected
the granular access control must be placed in the right place
and the use of the granular access control must be made
efficiently. The password that are set for the database must be
recoverable by the client in case of misplacing the password.
2.1.3 Insecure Network Services
Lee & Lee, 2015, in their book stated that insecure network
services deals with the methodologies that are caused due to
the vulnerabilities of the networking system that requires
Internet of Things in the process of the infrastructural
methodology [3]. The platform of Internet of Things provides
the intruders the access in an unauthorized manner to the data
that is associate in nature. Vulnerable services that are
provided by the Internet of Things are proven to be the main
reason behind the lack of robustness of the network services.
According to Abomhara & Køien, 2014, another main reason
of this lack of robustness of the platform is the buffer over
flow of the networking services. The overflow of the buffer
provides the imposters an opportunity to gain access to the
personal data of the clients who has been using the platform
network services from the transaction purpose. The major
reason behind the improper access of data in the networking
services are the opening of the ports that are accessible by the
means of UPnP [10]. The UDP services that are exploitable in
nature also acts as the gateway for t imposters to gain access
to the data as the imposters exploits the UDP gateway to enter
into the database of the clients and modulate the same. Usage
of the DOS via Network Fizzing is also the major reason of
the data insecurity of the Insecure Networking services. This
fizzing of the networking infrastructure via the DS
infrastructure has attracted many cyber criminals to poach
against the databases that are stored in the network services.
According to Bertino, 2017, The major security steps that
are taken to prevent the security issues of the Internet of
things in the field of unsecured networking services are by
ensuring the facts that the ports are necessarily exposed the
ports and get the ports available in the fact of the data must be
secured and the ports of the networking services. another
technical strategy to prevent the security issues are by having
an access to the buffer system. The overflow of the buffer
system acts as the fact of that overflowing of the buffer
embarks the fact that the network security stays protected [4].
Ensuring the services which are not vulnerable in nature as the
fact that the DoS services the attacks to the networking
services. this affects the computing system itself. The local
devices are also affected by the DoS attack.
2.1.4. Lack of transport encryption
According to Li & Da Xu, 2017, the main function of the
Internet of Things is to communicate and transact with the
computing services. But the data that have been transacted
through the networking services must be encrypted in order to
keep the data robust and protected from the imposters and
keep the data secured [1]. The major issues are regarding the
unencrypted data that is being distributed via the global
networking services as well as the local networking service.
The security issues are also due to the fact of lack of
implementation of the SSL/TLS. Another reason for the lack
of security is due to the fact of the mismatched state of the
SSL/TLS.
Again according to Hwang, 2015, the measures that must
be taken in order to keep the data secured from the encryption
issues are by the fact by ensuring that the data is encrypted
efficiently using the data protocols which uses the technology
of the SSL and the technology of the TTL during the process
of transiting networks [2]. Another major process that must be
taken in order to keep the data protected from the lack of
encryption of the data is by ensuring the fact that the data that
is to be encrypted must be encrypted using the technology of
the standard encryption technique in case the SSL and the
TTL technique is not available for the encryption of the data.
SSL and the TTL technique are the best strategy to encrypt the
data that is being transacted. Another technology that is being
client can gain access of the data in the web service with the
help of the restoring password methodology. Another way of
terminating the risk of ten cyber attack in the web interface is
by setting reference for the password so that the password that
is set is well strong for the cyber criminals to harm the web
interface and the gain access to the front end of the web
interface.
2.1.2 Insufficient authorization
Gatsis & Pappas, 2017, in their book stated that the
inefficient methodology that is applied in the usage of the
process from securing the web services has been acting as one
of the major causes for the security issues in the field of
Internet of things [6]. The computing devices that deploy the
methodology of the authentication of the user of the web
service is very inefficient as the imposters can use the identity
of the genuine clients and gain access to the web services and
modulate the information that harms the clients who use the
web service. This security problems faced is due to the fact
that the password complexity of the web services are not as
strong as it is required for preventing the imposters to gain
access to the personal accounts or the data that are private in
nature. Again according to Sridhar & Smys, 2017, another
reason of insufficient authentication problem is that
credentials of the database are very poorly protected which
makes the credentials vulnerable to the imposters. The
authentication systems that are applied in the database are one
factor authentication system. The liability of the one factor
authentication is limited and the robustness of the platform is
affected due to this terminology of one factor authentication
methodology [11]. Insecurity in the password recovery
methodology is availed due to the fact the lack of robustness
in the setting of the password. The control of the rile based
access is not well maintained which leads to the fact of lack of
authentication robustness of the database.
According to Pacheco & Hariri, 2016, the password that is
being set for the database has to be strong enough to be
cracked by the imposters in order to keep the database
protected from the imposters are by ensuring that the
password that set for the data base is strong enough to be
cracked [5]. To prevent the access of the imposters the most
important thing that should be checked is the positioning of
the granular access control. To keep the data base protected
the granular access control must be placed in the right place
and the use of the granular access control must be made
efficiently. The password that are set for the database must be
recoverable by the client in case of misplacing the password.
2.1.3 Insecure Network Services
Lee & Lee, 2015, in their book stated that insecure network
services deals with the methodologies that are caused due to
the vulnerabilities of the networking system that requires
Internet of Things in the process of the infrastructural
methodology [3]. The platform of Internet of Things provides
the intruders the access in an unauthorized manner to the data
that is associate in nature. Vulnerable services that are
provided by the Internet of Things are proven to be the main
reason behind the lack of robustness of the network services.
According to Abomhara & Køien, 2014, another main reason
of this lack of robustness of the platform is the buffer over
flow of the networking services. The overflow of the buffer
provides the imposters an opportunity to gain access to the
personal data of the clients who has been using the platform
network services from the transaction purpose. The major
reason behind the improper access of data in the networking
services are the opening of the ports that are accessible by the
means of UPnP [10]. The UDP services that are exploitable in
nature also acts as the gateway for t imposters to gain access
to the data as the imposters exploits the UDP gateway to enter
into the database of the clients and modulate the same. Usage
of the DOS via Network Fizzing is also the major reason of
the data insecurity of the Insecure Networking services. This
fizzing of the networking infrastructure via the DS
infrastructure has attracted many cyber criminals to poach
against the databases that are stored in the network services.
According to Bertino, 2017, The major security steps that
are taken to prevent the security issues of the Internet of
things in the field of unsecured networking services are by
ensuring the facts that the ports are necessarily exposed the
ports and get the ports available in the fact of the data must be
secured and the ports of the networking services. another
technical strategy to prevent the security issues are by having
an access to the buffer system. The overflow of the buffer
system acts as the fact of that overflowing of the buffer
embarks the fact that the network security stays protected [4].
Ensuring the services which are not vulnerable in nature as the
fact that the DoS services the attacks to the networking
services. this affects the computing system itself. The local
devices are also affected by the DoS attack.
2.1.4. Lack of transport encryption
According to Li & Da Xu, 2017, the main function of the
Internet of Things is to communicate and transact with the
computing services. But the data that have been transacted
through the networking services must be encrypted in order to
keep the data robust and protected from the imposters and
keep the data secured [1]. The major issues are regarding the
unencrypted data that is being distributed via the global
networking services as well as the local networking service.
The security issues are also due to the fact of lack of
implementation of the SSL/TLS. Another reason for the lack
of security is due to the fact of the mismatched state of the
SSL/TLS.
Again according to Hwang, 2015, the measures that must
be taken in order to keep the data secured from the encryption
issues are by the fact by ensuring that the data is encrypted
efficiently using the data protocols which uses the technology
of the SSL and the technology of the TTL during the process
of transiting networks [2]. Another major process that must be
taken in order to keep the data protected from the lack of
encryption of the data is by ensuring the fact that the data that
is to be encrypted must be encrypted using the technology of
the standard encryption technique in case the SSL and the
TTL technique is not available for the encryption of the data.
SSL and the TTL technique are the best strategy to encrypt the
data that is being transacted. Another technology that is being
You're viewing a preview
Unlock full access by subscribing today!
used for the encryption of the data is by accepting the strategic
technique of the standard transcription technique and the
major source is due to the fact of avoiding the proprietary
encryption protocol.
3. SECURITY AND PRIVACY CHALLENGES
3.1 Security challenges:
The use of IoT has brought various types of benefits
but there also exists certain types of security challenges. The
security challenges faced by IoT can be categorized into three
types.
3.1.1 Challenges faced by front-end sensors and
equipment’s: Front-end sensors and
equipment’s are responsible for the
receiving of data and this done by a built-in
sensor. Moreover, once the data is received
they are responsible for transferring of the
data by making use of the modules or
machine-to-machine devices, which initially
helps in the achievement of network
services of the various sensors. The security
of the machines along with the
implementation of the business and
connectivity of the nodes are involved in
this methodology [12]. In case when the
monitoring scenario is absent then it is seen
that the machine or the perception nodes are
mostly distributed. In such cases, it becomes
very much easy for an intruder to get an
easy access of the devices. After getting, the
access damage can be easily done to the
device or performing of illegal actions can
also be done in a very easy way. Other type
of possible threats which are related to the
front end sensors and equipment’s are listed
below:
Unauthorized access to the data:
this is generally happens when
someone rather than the owner or
the authorized person gets access to
the devices [13].
Internet related threats: The devices
makes use of the internet to operate
and exchanging of the data over the
internet brings about various
threats.
Denial of service attacks: This type
of attack occurs when an attacker
gains total access of the devices
and restricts the authorized
personnel from using the device
[14].
Along with this, there also exists other
attacks like the attacks and privacy analysis
of the machine to machine or contact
information, and many more.
3.1.2 Network: A vital role is played by the
networks by providing a comprehensive
interconnection capability, which is
effectualness and thriftiness. Along with this
this also provides an authentic quality of
service for the IoT technology. The devices
are responsible for sending of large number
of data to the congested attack and along
with this there also exists larger number of
nodes and groups in the IoT which
ultimately results in the various types of
attack like the denial of service attack or
DoS attack [15]. Other concerns regarding
the security of the networks involve the
authorised access of the data, unauthorized
access of the various services, stealing or
changing of the information related to
communication, attacks of the malware or
viruses and many more.
3.1.3 The Web Interfaces are Insecure: The web
interfaces are included in the IoT devices to
make the use of this device easy for the
users while interacting. However, along with
this this also allows the attackers to gain
unauthorized access to the IoT devices [16].
Some of the security vulnerabilities
associated with this security issue involves
the enumeration of the accounts, weakening
of the default credentials, exposing of the
credentials in the network traffic, Cross-site
Scripting or XSS, injection of the SQL,
management od sessions becomes difficult
and many more.
3.1.4 Existence of insufficient amount of
authentication and authorization process:
The main reason for this type of security
issue includes the lack of proper password,
poor protection of the various credentials,
absence of the two factor authentication, the
recovery of password is insecure,
escalations in the privileges, and lastly due
to lack of the role based access control [17].
3.1.5 Physical security of the devices: In the IoT
technology the devices are responsible for
the collection of the devices by interacting
with other devices or with humans and this
initially makes them vulnerable to concerns
regarding the physical security [18]. Despite
of the presence of a robust network there
exists the possibility of unauthorized
physical access to the IoT devices and this
can ultimately result in a catastrophic
system failure.
3.1.6 Network related security challenges: Even
before the advent of the IoT technology, the
networks were prone to hacks. Various
security analysts that network acts as the
technique of the standard transcription technique and the
major source is due to the fact of avoiding the proprietary
encryption protocol.
3. SECURITY AND PRIVACY CHALLENGES
3.1 Security challenges:
The use of IoT has brought various types of benefits
but there also exists certain types of security challenges. The
security challenges faced by IoT can be categorized into three
types.
3.1.1 Challenges faced by front-end sensors and
equipment’s: Front-end sensors and
equipment’s are responsible for the
receiving of data and this done by a built-in
sensor. Moreover, once the data is received
they are responsible for transferring of the
data by making use of the modules or
machine-to-machine devices, which initially
helps in the achievement of network
services of the various sensors. The security
of the machines along with the
implementation of the business and
connectivity of the nodes are involved in
this methodology [12]. In case when the
monitoring scenario is absent then it is seen
that the machine or the perception nodes are
mostly distributed. In such cases, it becomes
very much easy for an intruder to get an
easy access of the devices. After getting, the
access damage can be easily done to the
device or performing of illegal actions can
also be done in a very easy way. Other type
of possible threats which are related to the
front end sensors and equipment’s are listed
below:
Unauthorized access to the data:
this is generally happens when
someone rather than the owner or
the authorized person gets access to
the devices [13].
Internet related threats: The devices
makes use of the internet to operate
and exchanging of the data over the
internet brings about various
threats.
Denial of service attacks: This type
of attack occurs when an attacker
gains total access of the devices
and restricts the authorized
personnel from using the device
[14].
Along with this, there also exists other
attacks like the attacks and privacy analysis
of the machine to machine or contact
information, and many more.
3.1.2 Network: A vital role is played by the
networks by providing a comprehensive
interconnection capability, which is
effectualness and thriftiness. Along with this
this also provides an authentic quality of
service for the IoT technology. The devices
are responsible for sending of large number
of data to the congested attack and along
with this there also exists larger number of
nodes and groups in the IoT which
ultimately results in the various types of
attack like the denial of service attack or
DoS attack [15]. Other concerns regarding
the security of the networks involve the
authorised access of the data, unauthorized
access of the various services, stealing or
changing of the information related to
communication, attacks of the malware or
viruses and many more.
3.1.3 The Web Interfaces are Insecure: The web
interfaces are included in the IoT devices to
make the use of this device easy for the
users while interacting. However, along with
this this also allows the attackers to gain
unauthorized access to the IoT devices [16].
Some of the security vulnerabilities
associated with this security issue involves
the enumeration of the accounts, weakening
of the default credentials, exposing of the
credentials in the network traffic, Cross-site
Scripting or XSS, injection of the SQL,
management od sessions becomes difficult
and many more.
3.1.4 Existence of insufficient amount of
authentication and authorization process:
The main reason for this type of security
issue includes the lack of proper password,
poor protection of the various credentials,
absence of the two factor authentication, the
recovery of password is insecure,
escalations in the privileges, and lastly due
to lack of the role based access control [17].
3.1.5 Physical security of the devices: In the IoT
technology the devices are responsible for
the collection of the devices by interacting
with other devices or with humans and this
initially makes them vulnerable to concerns
regarding the physical security [18]. Despite
of the presence of a robust network there
exists the possibility of unauthorized
physical access to the IoT devices and this
can ultimately result in a catastrophic
system failure.
3.1.6 Network related security challenges: Even
before the advent of the IoT technology, the
networks were prone to hacks. Various
security analysts that network acts as the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
weakest link in the flow of data before
reaching the final destination argue it [19].
3.1.7 Security of the data: The data in the IoT is to
be categorized into two types and this
includes the stored data and the data, which
is present in the transmission process. There
exists a need of high-level encryption in
both types of data in order to maintain the
data integrity. The problem again arises due
to fact that the data collected by the IoT
devices is huge in size [20]. It becomes
impossible to create a size, which would be
fitting with all the standards of data
encryption process because there exists a
large variety of IoT devices and all this
devices have different hardware
specifications. Each Iot device is responsible
for collecting at least one personal
information of the user and any breach of
such data might lead to devastating effects.
3.1.8 Security challenges of the operating system:
Operating systems acts as the primary target
of the attackers. In case if an attacker gains
access of the operating system of an cluster
of IoT or even a single device then it can be
said that the attacker or the hacker is capable
of exploiting the whole system and also
compromises the codes of the system so as
to own the system [21]. The recovery
process from any type of operating system is
almost impossible and very much costly.
This type of attack might lead to partial or
complete compromise of the data. The
restoring of the operating system to its full
efficiency requires a lot of time.
3.1.9 Security of the servers: one of the biggest art
of the IoT technology is when it
communicates with the cloud servers. Dos
or the denial of service acts as one of the
major attack to the server and is associated
with afflicting the servers. This includes the
use of large number of proxy devices in
order to generate fake requests to the server,
which initially makes the server to respond
to the actual requests by the users [22]. This
ultimately results in the crippling down of
the system because of the sheer overheads
that are created.
3.1.10 Security challenge due to connection of new
devices: The increasing of the number of
devices behind the firewall of the network is
the fundamental weakness of the IoT.
Because of the existence of new devices
which are getting connected to the network
the risk related to hacking is also increasing.
The hackers may use devices which seem to
be less important like the baby monitoring
devices or the thermostat so as to uncover
the information which are private and ruin
the whole day of the user [23].
3.1.11 Lack of updates challenges the security of
the IoT devices: The IoT is becoming the
reality so it is very much essential to think
about the security of the devices. The major
reason lying behind this risk is that the tech
companies are not associated with updating
the devices while manufacturing them. This
means that the IoT, which was considered to
safe at a point of time, might become
unsecure when new vulnerabilities are
discovered [17].
3.2 Privacy challenges: Concern regarding the privacy is
generated when the collection of private data is done
with lack of proper protection of the data. According
to the glossary of Internet Security privacy can be
defined as the “the right of an entity (normally a
person), acting in its own behalf, to determine the
degree to which it will interact with its environment,
including the degree to which the entity is willing to
share information about itself with others". It is very
essential to protect the privacy in the device. The
privacy is to be protected at the storage and during
the process of communication as well as the
processing process [24]. In case of any privacy
breach the sensitive data would be disclosed. The
privacy of the user and the protection of the data has
been identified as one of major challenge which need
to be addressed. The major privacy challenges
includes the following:
3.2.1 Privacy challenges for the devices: There
might occur leakage of the sensitive
information when manipulation of the
hardware or the software is done bone by
the unauthorized entities. So it is very much
important to secure the privacy of the
devices which are associated with gathering
of the sensitive data. There exists several
way in, which the IoT security can be
ensured, and this includes the use of device
integrity validation, temper-resistant
modules and many more [25]. For providing
privacy to the devices, there exists the need
of addressing serval problems. There are
several ways of solving the privacy issues
according to the nature of the problem.
3.2.2 Privacy in the process of communication:
Breach of data might occur any time during
the transmission process if they are not
encrypted. Encryption is best way of
protecting the data while transmission. On
certain occasions, the encryption process is
associated with adding of data to the
packets, which initially provides a way for
the tracing. Ultimately, this type of data
reaching the final destination argue it [19].
3.1.7 Security of the data: The data in the IoT is to
be categorized into two types and this
includes the stored data and the data, which
is present in the transmission process. There
exists a need of high-level encryption in
both types of data in order to maintain the
data integrity. The problem again arises due
to fact that the data collected by the IoT
devices is huge in size [20]. It becomes
impossible to create a size, which would be
fitting with all the standards of data
encryption process because there exists a
large variety of IoT devices and all this
devices have different hardware
specifications. Each Iot device is responsible
for collecting at least one personal
information of the user and any breach of
such data might lead to devastating effects.
3.1.8 Security challenges of the operating system:
Operating systems acts as the primary target
of the attackers. In case if an attacker gains
access of the operating system of an cluster
of IoT or even a single device then it can be
said that the attacker or the hacker is capable
of exploiting the whole system and also
compromises the codes of the system so as
to own the system [21]. The recovery
process from any type of operating system is
almost impossible and very much costly.
This type of attack might lead to partial or
complete compromise of the data. The
restoring of the operating system to its full
efficiency requires a lot of time.
3.1.9 Security of the servers: one of the biggest art
of the IoT technology is when it
communicates with the cloud servers. Dos
or the denial of service acts as one of the
major attack to the server and is associated
with afflicting the servers. This includes the
use of large number of proxy devices in
order to generate fake requests to the server,
which initially makes the server to respond
to the actual requests by the users [22]. This
ultimately results in the crippling down of
the system because of the sheer overheads
that are created.
3.1.10 Security challenge due to connection of new
devices: The increasing of the number of
devices behind the firewall of the network is
the fundamental weakness of the IoT.
Because of the existence of new devices
which are getting connected to the network
the risk related to hacking is also increasing.
The hackers may use devices which seem to
be less important like the baby monitoring
devices or the thermostat so as to uncover
the information which are private and ruin
the whole day of the user [23].
3.1.11 Lack of updates challenges the security of
the IoT devices: The IoT is becoming the
reality so it is very much essential to think
about the security of the devices. The major
reason lying behind this risk is that the tech
companies are not associated with updating
the devices while manufacturing them. This
means that the IoT, which was considered to
safe at a point of time, might become
unsecure when new vulnerabilities are
discovered [17].
3.2 Privacy challenges: Concern regarding the privacy is
generated when the collection of private data is done
with lack of proper protection of the data. According
to the glossary of Internet Security privacy can be
defined as the “the right of an entity (normally a
person), acting in its own behalf, to determine the
degree to which it will interact with its environment,
including the degree to which the entity is willing to
share information about itself with others". It is very
essential to protect the privacy in the device. The
privacy is to be protected at the storage and during
the process of communication as well as the
processing process [24]. In case of any privacy
breach the sensitive data would be disclosed. The
privacy of the user and the protection of the data has
been identified as one of major challenge which need
to be addressed. The major privacy challenges
includes the following:
3.2.1 Privacy challenges for the devices: There
might occur leakage of the sensitive
information when manipulation of the
hardware or the software is done bone by
the unauthorized entities. So it is very much
important to secure the privacy of the
devices which are associated with gathering
of the sensitive data. There exists several
way in, which the IoT security can be
ensured, and this includes the use of device
integrity validation, temper-resistant
modules and many more [25]. For providing
privacy to the devices, there exists the need
of addressing serval problems. There are
several ways of solving the privacy issues
according to the nature of the problem.
3.2.2 Privacy in the process of communication:
Breach of data might occur any time during
the transmission process if they are not
encrypted. Encryption is best way of
protecting the data while transmission. On
certain occasions, the encryption process is
associated with adding of data to the
packets, which initially provides a way for
the tracing. Ultimately, this type of data
might be victimized for the linking of the
packets to the analysis of the same traffic
flow. The communications pseudonyms can
be replaced for the encryption in situations
when it is not feasible to the identity of the
device or the users [26]. This is done in
order to decrease the vulnerabilities.
3.2.3 Amount of data is too high: The data
generated by the IoT devices is increasing
day by day so the risk of breach in privacy is
also increases. According to the report
named “Internet of Things: Privacy &
Security in a Connected World” by Federal
Trade Commission states that there exists
fewer than 10,000 households are associated
with the generation of about 150million data
points per day. This initially results in the
formation of more entry points for the
hackers and ultimately the sensitive
information become vulnerable [27].
3.2.4 Eavesdropping: This is the process in the
manufacturers or the hackers makes use of
the connected devices in order to invade the
house of an individual virtually [28].
4. Methodology
Form the above discussed literature review some of the best
practices for facing the security and the privacy challenges by
IoT has been identified and this practices has been discussed
below:
4.1 Making the Hardware resistant to any kind of tamper:
There Exists many IoT devices which are operating
for a long period of time and has also not been
attended and the security has also been not been
implied on them. Generally it is preferred that the
IoT devices are kept relative away from any kind of
physical access except few authorised persons who
would be handling the devices physically. Making
the IoT devices temper resistant can be very much
advantageous. By this process oh hardening the end
point can greatly help in the blocking of the potential
intruders from reaching the data. This can also
prevent the device form any type of hacking attack.
The general things that are to be included in the
endpoint security mainly includes the use of small
devices made of plastic, locks at the ports, cover of
the camera and many more. Blocking of the ports can
greatly help in the prevention of the incoming of the
unwanted malware. The endpoint hardening is likely
to be implying a layer approach and this makes the
attacker face a series of obstacles which are generally
designed for the purpose of protecting the device and
the data present [29]. Besides all this at the hardware
or the boot-software level, a strong boot-level
password might be required by the device in order to
boot from the local storage. All the vulnerabilities
that are known must be stopped. While shipping a
device temper evident packing will greatly help in
the enabling of the owners to know whether their
device has reached the desired location or not and
could also check if the package has been open before
the delivery or not.
4.2 Providing of the firmware updates and patches:
Once a device is deployed several
vulnerabilities would be identified which are
almost inevitable. So from this it can be
concluded that there is a need of modifying the
firmware by making use of proper digital
signatures. There is a very little amount of
financial incentives by the device vendors and the
manufacturers which ensure the ongoing upgrade
of the IoT patches. And this happens mainly due
to the fact that revenue is collected only by selling
the devices and not from the maintenance of the
devices. Up keeping of the IoT devices might lead
to detracting from revenue. Besides this the
vendors cannot be legally held accountable for
any kind of ongoing maintenance of the devices
and beyond the initial process of sales including
the drivers of competition in order to cut down
the corners. Associated with this is the negating
on the quality regarding the speed and the
efficiency of releasing the devices in the market.
Previously this factors were not considered as
critical [30]. The Interconnected nature of the IoT
devices has greatly helped in the raising of the
bars to a whole new level in terms of the
functionality and accountability. Detrimental is
also considered as one of the tendency of the
vendors for the planned obsolescence of eth
devices and this is done for the purpose of
increasing the profits by means of continued sales
rather than the up keeping of the devices which
are existing. The IoT devices are also not deigned
in an efficient and are also not configured in order
to respond to the various over the air updates.
This ultimately results in the best or the worst
procedures which are almost unmanageable. It
has been observed by various researches as well
that the ubiquitous advancement of the IoT along
wit the placement of the unsecured and
unattended devices would increase at an
exponential rate which would be opening up the
gates for the hackers to exploit the various data.
Additionally some of the IoT devices are having a
lifespan of limited time. It is possible to legally
held the companies accountable for the
monitoring and maintenance of the devices for the
prescribed or agreed lifecycles. And for this there
is an need of establishing various standards and
legislation. Associated with this needs the
vendors should also remain transparent and
forthcoming regarding the lifecycle of the various
packets to the analysis of the same traffic
flow. The communications pseudonyms can
be replaced for the encryption in situations
when it is not feasible to the identity of the
device or the users [26]. This is done in
order to decrease the vulnerabilities.
3.2.3 Amount of data is too high: The data
generated by the IoT devices is increasing
day by day so the risk of breach in privacy is
also increases. According to the report
named “Internet of Things: Privacy &
Security in a Connected World” by Federal
Trade Commission states that there exists
fewer than 10,000 households are associated
with the generation of about 150million data
points per day. This initially results in the
formation of more entry points for the
hackers and ultimately the sensitive
information become vulnerable [27].
3.2.4 Eavesdropping: This is the process in the
manufacturers or the hackers makes use of
the connected devices in order to invade the
house of an individual virtually [28].
4. Methodology
Form the above discussed literature review some of the best
practices for facing the security and the privacy challenges by
IoT has been identified and this practices has been discussed
below:
4.1 Making the Hardware resistant to any kind of tamper:
There Exists many IoT devices which are operating
for a long period of time and has also not been
attended and the security has also been not been
implied on them. Generally it is preferred that the
IoT devices are kept relative away from any kind of
physical access except few authorised persons who
would be handling the devices physically. Making
the IoT devices temper resistant can be very much
advantageous. By this process oh hardening the end
point can greatly help in the blocking of the potential
intruders from reaching the data. This can also
prevent the device form any type of hacking attack.
The general things that are to be included in the
endpoint security mainly includes the use of small
devices made of plastic, locks at the ports, cover of
the camera and many more. Blocking of the ports can
greatly help in the prevention of the incoming of the
unwanted malware. The endpoint hardening is likely
to be implying a layer approach and this makes the
attacker face a series of obstacles which are generally
designed for the purpose of protecting the device and
the data present [29]. Besides all this at the hardware
or the boot-software level, a strong boot-level
password might be required by the device in order to
boot from the local storage. All the vulnerabilities
that are known must be stopped. While shipping a
device temper evident packing will greatly help in
the enabling of the owners to know whether their
device has reached the desired location or not and
could also check if the package has been open before
the delivery or not.
4.2 Providing of the firmware updates and patches:
Once a device is deployed several
vulnerabilities would be identified which are
almost inevitable. So from this it can be
concluded that there is a need of modifying the
firmware by making use of proper digital
signatures. There is a very little amount of
financial incentives by the device vendors and the
manufacturers which ensure the ongoing upgrade
of the IoT patches. And this happens mainly due
to the fact that revenue is collected only by selling
the devices and not from the maintenance of the
devices. Up keeping of the IoT devices might lead
to detracting from revenue. Besides this the
vendors cannot be legally held accountable for
any kind of ongoing maintenance of the devices
and beyond the initial process of sales including
the drivers of competition in order to cut down
the corners. Associated with this is the negating
on the quality regarding the speed and the
efficiency of releasing the devices in the market.
Previously this factors were not considered as
critical [30]. The Interconnected nature of the IoT
devices has greatly helped in the raising of the
bars to a whole new level in terms of the
functionality and accountability. Detrimental is
also considered as one of the tendency of the
vendors for the planned obsolescence of eth
devices and this is done for the purpose of
increasing the profits by means of continued sales
rather than the up keeping of the devices which
are existing. The IoT devices are also not deigned
in an efficient and are also not configured in order
to respond to the various over the air updates.
This ultimately results in the best or the worst
procedures which are almost unmanageable. It
has been observed by various researches as well
that the ubiquitous advancement of the IoT along
wit the placement of the unsecured and
unattended devices would increase at an
exponential rate which would be opening up the
gates for the hackers to exploit the various data.
Additionally some of the IoT devices are having a
lifespan of limited time. It is possible to legally
held the companies accountable for the
monitoring and maintenance of the devices for the
prescribed or agreed lifecycles. And for this there
is an need of establishing various standards and
legislation. Associated with this needs the
vendors should also remain transparent and
forthcoming regarding the lifecycle of the various
You're viewing a preview
Unlock full access by subscribing today!
devices, and this is to be done in terms of services
and the policies needs to be upkeep and also
including the length of the plan that is needed for
supporting the devices [1]. The vendors need to
put an extra effort on playing an active role while
providing the details about the patches along with
the updates which might include the security risks
and the privacy concerns which would be
responsible for ensuring the fact that the
customers are kept informed about the various
activities related to the security and privacy.
Besides this the deliberations should also be
associated with integrating the lifecycle of eth
original manufacturers. In cases when the original
vendor is absent then it will become impossible to
trace down the credentials for the purpose of
patching the vulnerabilities and the breach of
security.
4.3 Performing the Dynamic tests:
It is very much essential to make the IoT devices
undergo the testing process and establish a
minimum baseline regarding the security of the
devices. The static form of testing is generally not
designed or configured for the purpose of
detecting the various types of vulnerabilities
which are existing in the off-the-shelf components
and this might include the components like the
processor or the memory. Whereas the dynamic
process is capable of exposing the weakness in
the codes and any type of underlying defects or
the vulnerabilities which are generally introduced
by the hardware and might be discoverable to the
static analysis [5]. The dynamic analysis also
identifies the various vulnerabilities which are
generally created whenever a new code is used on
the older processors. So it is recommended to the
vendors associated with purchasing of the
hardware and the software form any other
dynamic testing in order to ensure that the item
are secure.
4.4 Procedures for the protected data when the device is
disposed:
As time passes by the devices would beome
obsolete and this would ultimately make many of
the users throw away the devices. It isvery much
essential to discard a device without any exposure
of the private data. This considered as one of the
major security issue as improper disposal of the
discarded device might lead to conversion of the
data for various malicious activities. Along with
security issues this is also one of the major
privacy issue as the obsolete or disposed device
can be used for the purpose of revealing of the
personal information [21]. The manufacturers
should be associated with preparing a formal plan
in order to make the users sanitize and dispose the
obsolete devices in a proper way without any
exposure of the private data. The other field are
generally associated ith prescribing a DRD policy
which is reviewed periodically in order to identify
the devices which requires disposal and in what
way it should be disposed. Many of the
manufacturers are associated with encouraging
the users to dispose th products directly by their
manufacturer. For the IoT devices this are very
small and cheap. Individual users when purchase
an second hand IoT device might make an attempt
of identifying the personally identifiable
information PII or the authentic information
which might include the username or password
which has been stored in the device.
4.5 Use of the strong authentication codes:
It is not recommended to use an easy guess
password or username credentials. Along with
this the use of default credentials is also not
suggested. Each of the IoT device must have an
unique username and password which might be
printed on the casings and this password is
resettable by the users [6]. The passwords should
be provided in such a way that this is
sophisticated enough in order to resist arbitrary
guessing. It is also suggested to provide a two-
way authentication whenever possible and this
would be requiring the users to employee the
password as well as an authentication form which
is generally not relayed upon the knowledge of
the user which is a random code that is generated
by SMS text messaging.
4.6 Use of the Strong and Secure protocols:
Despite of protecting the devices with password
the communication that exist between two or
more device might get hacked. In IoT there exists
various protocols and depending on the protocol
and the computing resources might be more or
less capable of using the encryption [20]. It is the
responsibility of the manufacturers to examine
their own situations on a case-by-case basis and
by using the strongest encryption possible.
4.7 Dividing of the networks in to segments:
It is generally recommended to divide the
network into numerous small local networks by
making use of the VLANs, IP address ranges ora
combination. The next generation firewall
security policies utilizes the network
segmentation in order to clearly identify the
sources and the destination interfaces on a
platform [3]. Interfaces are to be assigned to a
specific security zone before it is capable of
processing the traffic. This initially allows various
organizations to create a security zone in order to
represent the different segments which are being
connected to the firewall and would also be
controlled by the firewall as well. The solution
has been very much helpful for the industrial
and the policies needs to be upkeep and also
including the length of the plan that is needed for
supporting the devices [1]. The vendors need to
put an extra effort on playing an active role while
providing the details about the patches along with
the updates which might include the security risks
and the privacy concerns which would be
responsible for ensuring the fact that the
customers are kept informed about the various
activities related to the security and privacy.
Besides this the deliberations should also be
associated with integrating the lifecycle of eth
original manufacturers. In cases when the original
vendor is absent then it will become impossible to
trace down the credentials for the purpose of
patching the vulnerabilities and the breach of
security.
4.3 Performing the Dynamic tests:
It is very much essential to make the IoT devices
undergo the testing process and establish a
minimum baseline regarding the security of the
devices. The static form of testing is generally not
designed or configured for the purpose of
detecting the various types of vulnerabilities
which are existing in the off-the-shelf components
and this might include the components like the
processor or the memory. Whereas the dynamic
process is capable of exposing the weakness in
the codes and any type of underlying defects or
the vulnerabilities which are generally introduced
by the hardware and might be discoverable to the
static analysis [5]. The dynamic analysis also
identifies the various vulnerabilities which are
generally created whenever a new code is used on
the older processors. So it is recommended to the
vendors associated with purchasing of the
hardware and the software form any other
dynamic testing in order to ensure that the item
are secure.
4.4 Procedures for the protected data when the device is
disposed:
As time passes by the devices would beome
obsolete and this would ultimately make many of
the users throw away the devices. It isvery much
essential to discard a device without any exposure
of the private data. This considered as one of the
major security issue as improper disposal of the
discarded device might lead to conversion of the
data for various malicious activities. Along with
security issues this is also one of the major
privacy issue as the obsolete or disposed device
can be used for the purpose of revealing of the
personal information [21]. The manufacturers
should be associated with preparing a formal plan
in order to make the users sanitize and dispose the
obsolete devices in a proper way without any
exposure of the private data. The other field are
generally associated ith prescribing a DRD policy
which is reviewed periodically in order to identify
the devices which requires disposal and in what
way it should be disposed. Many of the
manufacturers are associated with encouraging
the users to dispose th products directly by their
manufacturer. For the IoT devices this are very
small and cheap. Individual users when purchase
an second hand IoT device might make an attempt
of identifying the personally identifiable
information PII or the authentic information
which might include the username or password
which has been stored in the device.
4.5 Use of the strong authentication codes:
It is not recommended to use an easy guess
password or username credentials. Along with
this the use of default credentials is also not
suggested. Each of the IoT device must have an
unique username and password which might be
printed on the casings and this password is
resettable by the users [6]. The passwords should
be provided in such a way that this is
sophisticated enough in order to resist arbitrary
guessing. It is also suggested to provide a two-
way authentication whenever possible and this
would be requiring the users to employee the
password as well as an authentication form which
is generally not relayed upon the knowledge of
the user which is a random code that is generated
by SMS text messaging.
4.6 Use of the Strong and Secure protocols:
Despite of protecting the devices with password
the communication that exist between two or
more device might get hacked. In IoT there exists
various protocols and depending on the protocol
and the computing resources might be more or
less capable of using the encryption [20]. It is the
responsibility of the manufacturers to examine
their own situations on a case-by-case basis and
by using the strongest encryption possible.
4.7 Dividing of the networks in to segments:
It is generally recommended to divide the
network into numerous small local networks by
making use of the VLANs, IP address ranges ora
combination. The next generation firewall
security policies utilizes the network
segmentation in order to clearly identify the
sources and the destination interfaces on a
platform [3]. Interfaces are to be assigned to a
specific security zone before it is capable of
processing the traffic. This initially allows various
organizations to create a security zone in order to
represent the different segments which are being
connected to the firewall and would also be
controlled by the firewall as well. The solution
has been very much helpful for the industrial
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
applications but may be useful for other broader
circumstances.
4.8 Protection of the sensitive data:
As stated earlier IoT is an emerging technology
which is associated with connecting the devices to
each other by making use of Internet or ad-hoc-
network. The services that are provided by the
IoT devices are discoverable by other IoT devices
as well. And most of the protocols are associated
with leaking the sensitive PII which might be
capable of linking an individual. So there is
essential need of service mechanism and authentic
protocols in order to protect the device and
provide proper authentication.
5. Conclusion:
This report mainly helps in understanding the basic security
and the privacy challenges that are faced by the IoT devices in
all domains. The introduction portion of the report provides an
wide description about the IoT and from there it can be easily
understood that the IoT is mainly associated with using a wide
variety of information sensing identification devices and
information processing equipment’s and then combines it with
the internet to form an network which is extensive in nature.
This is mainly done in order to provide the objects or the
entities with an identity. The report firstly discusses about the
various security and the privacy issues faced by the IoT. This
is followed by providing a literature review bout the present
and the past works done regarding the technology. And lastly
discusses about the various methods that can be adopted in
order to overcome this problems or the challenges that are
faced by the IoT. The practices provided above can be
considered as the best practices for the purpose of elimination
of the security and the privacy challenges. It is very much
essential to improve the security and the privacy of the IoT
because there exists many cases where an individual or an
organization has faced a lot of security and privacy breaches.
The current and issues regarding the security and the privacy
should be considered as an opportunity for improvement
which can be achieved by undergoing an rigorous process
which incorporates the security objectives at the early stage of
any research project. By efficient and effective application of
the security standards would be greatly helpful in the future.
References:
[1] Li, S., & Da Xu, L. (2017). Securing the internet of things. Syngress.
[2] Hwang, Y. H. (2015, April). Iot security & privacy: threats and
challenges. In Proceedings of the 1st ACM Workshop on IoT Privacy,
Trust, and Security (pp. 1-1). ACM.
[3] Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications,
investments, and challenges for enterprises. Business Horizons, 58(4),
431-440.
[4] Bertino, E. (2017, October). Keynote: Research Challenges and
Opportunities in IoT Security. In Proceedings of the 2017 Workshop on
Women in Cyber Security (pp. 5-5). ACM.
[5] Pacheco, J., & Hariri, S. (2016, September). IoT security framework for
smart cyber infrastructures. In Foundations and Applications of Self*
Systems, IEEE International Workshops on (pp. 242-247). IEEE.
[6] Gatsis, K., & Pappas, G. J. (2017, April). Wireless Control for the IoT:
Power, Spectrum, and Security Challenges. In Proceedings of the
Second International Conference on Internet-of-Things Design and
Implementation (pp. 341-342). ACM.
[7] Gierlichs, B., & Poschmann, A. Y. (2017). Introduction to the CHES
2016 special issue. Journal of Cryptographic Engineering, 7(2), 97-98.
[8] Andrea, I., Chrysostomou, C., & Hadjichristofi, G. (2015, July). Internet
of Things: Security vulnerabilities and challenges. In Computers and
Communication (ISCC), 2015 IEEE Symposium on (pp. 180-187). IEEE.
[9] Bekara, C. (2014). Security issues and challenges for the IoT-based
smart grid. Procedia Computer Science, 34, 532-537.
[10] Abomhara, M., & Køien, G. M. (2014, May). Security and privacy in
the Internet of Things: Current status and open issues. In Privacy and
Security in Mobile Systems (PRISMS), 2014 International Conference
on (pp. 1-8). IEEE.
[11] Sridhar, S., & Smys, S. (2017, January). Intelligent security framework
for iot devices cryptography based end-to-end security architecture. In
Inventive Systems and Control (ICISC), 2017 International Conference
on (pp. 1-5). IEEE.
circumstances.
4.8 Protection of the sensitive data:
As stated earlier IoT is an emerging technology
which is associated with connecting the devices to
each other by making use of Internet or ad-hoc-
network. The services that are provided by the
IoT devices are discoverable by other IoT devices
as well. And most of the protocols are associated
with leaking the sensitive PII which might be
capable of linking an individual. So there is
essential need of service mechanism and authentic
protocols in order to protect the device and
provide proper authentication.
5. Conclusion:
This report mainly helps in understanding the basic security
and the privacy challenges that are faced by the IoT devices in
all domains. The introduction portion of the report provides an
wide description about the IoT and from there it can be easily
understood that the IoT is mainly associated with using a wide
variety of information sensing identification devices and
information processing equipment’s and then combines it with
the internet to form an network which is extensive in nature.
This is mainly done in order to provide the objects or the
entities with an identity. The report firstly discusses about the
various security and the privacy issues faced by the IoT. This
is followed by providing a literature review bout the present
and the past works done regarding the technology. And lastly
discusses about the various methods that can be adopted in
order to overcome this problems or the challenges that are
faced by the IoT. The practices provided above can be
considered as the best practices for the purpose of elimination
of the security and the privacy challenges. It is very much
essential to improve the security and the privacy of the IoT
because there exists many cases where an individual or an
organization has faced a lot of security and privacy breaches.
The current and issues regarding the security and the privacy
should be considered as an opportunity for improvement
which can be achieved by undergoing an rigorous process
which incorporates the security objectives at the early stage of
any research project. By efficient and effective application of
the security standards would be greatly helpful in the future.
References:
[1] Li, S., & Da Xu, L. (2017). Securing the internet of things. Syngress.
[2] Hwang, Y. H. (2015, April). Iot security & privacy: threats and
challenges. In Proceedings of the 1st ACM Workshop on IoT Privacy,
Trust, and Security (pp. 1-1). ACM.
[3] Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications,
investments, and challenges for enterprises. Business Horizons, 58(4),
431-440.
[4] Bertino, E. (2017, October). Keynote: Research Challenges and
Opportunities in IoT Security. In Proceedings of the 2017 Workshop on
Women in Cyber Security (pp. 5-5). ACM.
[5] Pacheco, J., & Hariri, S. (2016, September). IoT security framework for
smart cyber infrastructures. In Foundations and Applications of Self*
Systems, IEEE International Workshops on (pp. 242-247). IEEE.
[6] Gatsis, K., & Pappas, G. J. (2017, April). Wireless Control for the IoT:
Power, Spectrum, and Security Challenges. In Proceedings of the
Second International Conference on Internet-of-Things Design and
Implementation (pp. 341-342). ACM.
[7] Gierlichs, B., & Poschmann, A. Y. (2017). Introduction to the CHES
2016 special issue. Journal of Cryptographic Engineering, 7(2), 97-98.
[8] Andrea, I., Chrysostomou, C., & Hadjichristofi, G. (2015, July). Internet
of Things: Security vulnerabilities and challenges. In Computers and
Communication (ISCC), 2015 IEEE Symposium on (pp. 180-187). IEEE.
[9] Bekara, C. (2014). Security issues and challenges for the IoT-based
smart grid. Procedia Computer Science, 34, 532-537.
[10] Abomhara, M., & Køien, G. M. (2014, May). Security and privacy in
the Internet of Things: Current status and open issues. In Privacy and
Security in Mobile Systems (PRISMS), 2014 International Conference
on (pp. 1-8). IEEE.
[11] Sridhar, S., & Smys, S. (2017, January). Intelligent security framework
for iot devices cryptography based end-to-end security architecture. In
Inventive Systems and Control (ICISC), 2017 International Conference
on (pp. 1-5). IEEE.
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.