Comprehensive Report on Security and Privacy Issues in IoT
VerifiedAdded on 2023/06/14
|5
|4067
|208
Report
AI Summary
This report provides a comprehensive overview of the security and privacy challenges within the Internet of Things (IoT). It begins by highlighting the increasing significance of IoT and the associated security concerns that affect both virtual and physical infrastructures. The report delves into specific security issues such as insecure web interfaces, insufficient authorization, insecure network services, and the lack of transport encryption, providing detailed explanations of each vulnerability. For each identified issue, the report offers practical recommendations to mitigate the risks, including strengthening password policies, implementing granular access control, securing network ports, and utilizing encryption protocols like TLS and SSL. The analysis draws upon existing literature and research in the field, emphasizing the importance of robust security measures to protect user data and maintain the integrity of IoT systems. The overall aim is to inform and guide developers, service providers, and users in addressing the security and privacy challenges inherent in the expanding IoT landscape.
Security and Privacy Issues in Internet of Things
Name of the Student
Name of the University
Name of the Student
Name of the University
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
ABSTRACT – The Internet of things has been an ever-evolving process that has gained significance since the last decade. With
the increase in use of the technology the security issues of the technology has been the only instance of problem for this
platform. The internet engineer task force members have been trying to design an authentication and authorization mechanism
for the devices that use Internet of Things as a platform for their mode of operation. The main reason of concern regarding the
security of Internet of Things is that the attacks possessed on the Internet of Things platform affects the virtual as well as the
physical infrastructure.
Introduction
Rapid development in the advancement in the
infrastructure of the hardware and software has been the major
reason behind the emergence of internet serving devices that
provides complete connectivity f the computing devices
(Alrawais, Alhothaily, & Cheng, 2017). The total number of
devices utilizing internet is expected to increase by a huge
number in the next 20 years (Oravec, 2017, July). With an
increase in growth of the Internet using devices the usage of
the platform of Internet of Things has increased to a great
extent. The emergence of internet of things has brought in
several advantages like that of increase in the connectivity
among the computers that are connected in the same
networking module (Li & Da Xu, 2017). With the advantage
of increased connectivity, the disadvantage of less robustness
of the platform comes in disguise. Despite the advantages, that
the Internet of Things the only aspect of concern of this
platform is the security of the platform. The aspect of data
being accessed by unauthorized personnel acts to be the major
threat. The challenges thrown by the cyber criminal on the
platform of Internet of Things can be dethroned by the
methodologies that are being used in daily basis. The security
aspect of the data base seems to be the major concern in
today’s world. The security problem regarding the social
networking comes in disguise with the advantages that are
been enjoyed due to the platform of Internet of things. These
challenges caused by the cyber criminals in the platform of the
Internet of things are both physical as well as virtual in nature.
The security problems that are physical in nature consist of the
hacks that include the hardware terminology and controlling
the hardware without proper authentication of the user. The
virtual hacks include gaining access to the personal portal of
an individual without proper authentication and modulating
the data in accord to harm the personnel. After performing
rigorous experiments regarding the aspect of security in the
field of Internet of things, procedures of facing these cyber
criminals have been found out with the help of the usage of
the platform of Internet of Things. After the advancement in
the process of retaining, the services of the security processes
in the field of Internet of Things the privacy of the users and
the clients are at a better security stature. This advancement in
the technology still yields loopholes that must be incarnated
by the service providers or the clients in order to stay
protected from the cyber criminals.
Literature Review
According to Li & Da Xu, 2017, Internet of things
has been gaining the global acceptance from the audience all
over the globe. This global acceptance increases the usage of
the technology Internet of Thing are nothing but simple
electronic devices which has the transmitter and the receiver
embedded in the electronic device that enables them to
communicate and transact over the platform of the digital
communication and the internet. With the benefit of gaining
the advantage of gaining communication through put the
globe comes the disadvantage of security in disguise. Security
of the data base has been the major issue for the application of
the Internet of things in regular life.
Security Issues
1) Insecure Web Interface
According to O’Neill, M. 2016, the most important
aspect that affects the infrastructure of the computing system
is the Web Interface of the company. The security aspect of
the Web Interface is also the major concern for the
organizations that are dependent on this feature as their
networking system. Web interface proves to be important as it
cuts as the link between the user and the computing device.
An attack on the web interface allows the cyber criminal to
get access on the direct interface of the networking system.
Modulations made on the interface reflects instantly on the
web media and the clients of the database and the web service
aces a lot of problem as the data that is to be present in the
web is modulated and wrong information is posted in the web
leading to the conflict between the user and the employees of
the organization who provide the web services.
Recommendation
According to Kraijak & Tuwanut, 2015, the
methodologies that are undertaken to prevent the attack on the
Web Interfaces are setting up of password and user name
different from the initial username and the password that was
already set during the installation if the web services. This
aspect of changing the initial password and the username
gives the web services robustness in the accounting of the
database of the web. Another methodology that is being used
in the process to protecting the web interface from the cyber
criminals are by processing of the password recovery method
as in case the password of the web service is changed by the
cyber criminal then the genuine client can gain access of the
the increase in use of the technology the security issues of the technology has been the only instance of problem for this
platform. The internet engineer task force members have been trying to design an authentication and authorization mechanism
for the devices that use Internet of Things as a platform for their mode of operation. The main reason of concern regarding the
security of Internet of Things is that the attacks possessed on the Internet of Things platform affects the virtual as well as the
physical infrastructure.
Introduction
Rapid development in the advancement in the
infrastructure of the hardware and software has been the major
reason behind the emergence of internet serving devices that
provides complete connectivity f the computing devices
(Alrawais, Alhothaily, & Cheng, 2017). The total number of
devices utilizing internet is expected to increase by a huge
number in the next 20 years (Oravec, 2017, July). With an
increase in growth of the Internet using devices the usage of
the platform of Internet of Things has increased to a great
extent. The emergence of internet of things has brought in
several advantages like that of increase in the connectivity
among the computers that are connected in the same
networking module (Li & Da Xu, 2017). With the advantage
of increased connectivity, the disadvantage of less robustness
of the platform comes in disguise. Despite the advantages, that
the Internet of Things the only aspect of concern of this
platform is the security of the platform. The aspect of data
being accessed by unauthorized personnel acts to be the major
threat. The challenges thrown by the cyber criminal on the
platform of Internet of Things can be dethroned by the
methodologies that are being used in daily basis. The security
aspect of the data base seems to be the major concern in
today’s world. The security problem regarding the social
networking comes in disguise with the advantages that are
been enjoyed due to the platform of Internet of things. These
challenges caused by the cyber criminals in the platform of the
Internet of things are both physical as well as virtual in nature.
The security problems that are physical in nature consist of the
hacks that include the hardware terminology and controlling
the hardware without proper authentication of the user. The
virtual hacks include gaining access to the personal portal of
an individual without proper authentication and modulating
the data in accord to harm the personnel. After performing
rigorous experiments regarding the aspect of security in the
field of Internet of things, procedures of facing these cyber
criminals have been found out with the help of the usage of
the platform of Internet of Things. After the advancement in
the process of retaining, the services of the security processes
in the field of Internet of Things the privacy of the users and
the clients are at a better security stature. This advancement in
the technology still yields loopholes that must be incarnated
by the service providers or the clients in order to stay
protected from the cyber criminals.
Literature Review
According to Li & Da Xu, 2017, Internet of things
has been gaining the global acceptance from the audience all
over the globe. This global acceptance increases the usage of
the technology Internet of Thing are nothing but simple
electronic devices which has the transmitter and the receiver
embedded in the electronic device that enables them to
communicate and transact over the platform of the digital
communication and the internet. With the benefit of gaining
the advantage of gaining communication through put the
globe comes the disadvantage of security in disguise. Security
of the data base has been the major issue for the application of
the Internet of things in regular life.
Security Issues
1) Insecure Web Interface
According to O’Neill, M. 2016, the most important
aspect that affects the infrastructure of the computing system
is the Web Interface of the company. The security aspect of
the Web Interface is also the major concern for the
organizations that are dependent on this feature as their
networking system. Web interface proves to be important as it
cuts as the link between the user and the computing device.
An attack on the web interface allows the cyber criminal to
get access on the direct interface of the networking system.
Modulations made on the interface reflects instantly on the
web media and the clients of the database and the web service
aces a lot of problem as the data that is to be present in the
web is modulated and wrong information is posted in the web
leading to the conflict between the user and the employees of
the organization who provide the web services.
Recommendation
According to Kraijak & Tuwanut, 2015, the
methodologies that are undertaken to prevent the attack on the
Web Interfaces are setting up of password and user name
different from the initial username and the password that was
already set during the installation if the web services. This
aspect of changing the initial password and the username
gives the web services robustness in the accounting of the
database of the web. Another methodology that is being used
in the process to protecting the web interface from the cyber
criminals are by processing of the password recovery method
as in case the password of the web service is changed by the
cyber criminal then the genuine client can gain access of the
data in the web service with the help of the restoring password
methodology. Another way of terminating the risk of ten
cyber attack in the web interface is by setting reference for the
password so that the password that is set is well strong for the
cyber criminals to harm the web interface and the gain access
to the front end of the web interface.
2) Insufficient authorization
According to Hahn 2017, the inefficient
methodology that is applied in the usage of the process from
securing the web services has been acting as one of the major
causes for the security issues in the field of Internet of things.
The computing devices that deploy the methodology of the
authentication of the user of the web services is very
inefficient as the imposters can use the identity of the genuine
clients and gain access to the web services and modulate the
information that harms the clients who use the web service.
This security problems faced is due to the fact that the
password complexity of the web services are not as strong as
it is required for preventing the imposters to gain access to the
personal accent source data that are private in nature. Another
reason of insufficient authentication problem is that
credentials of the data base are very poorly protected which
matches the credentials vulnerable to the imposters. The
authentication systems that are applied in the data base are one
factor authentication system. The ability of the one factor
authentication is limited and v the robustness of the platform
is affected due to this terminology of one factor authentication
methodology. Insecurity in the password recovery
methodology is availed due to the fact the lack of robustness
in the setting of the password. The control of rile based access
is not well maintained which leads to the fact of lack of
authentication robustness of the data base.
Recommendation
According to Hu, 2016, The password that is being
set for the database has to be strong enough to be cracked by
the imposters in order to keep the database protected from the
imposters are by ensuring that the password that s et for the
data base is strong enough to be cracked. To prevent the
access of the imposters the most important thing that should
be checked is the positioning of the granular access control.
To keep the data base protected the granular access control
must be placed in the right place and the use of the granular
access control, us be made efficiently. The password that is set
for the database must be recoverable by the client in case of
misplacing the password.
3) Insecure Network Services
According to Li & Da Xu, 2017, Insecure Network
services deals with the methodologies that are caused due to
the vulnerabilities of the networking system that requires
Internet of Things in the process of the infrastructural
methodology. The platform of Internet of Things provides the
intruders the access in an unauthorized manner to the data that
is associate in nature. Vulnerable services that are provided by
the Internet of Things are proven to be the main reason behind
the lack of robustness of the network services. Another main
reason of this lack of robustness of the platform is the buffer
over flow of the networking services. The overflow of the
buffer provides the imposters an opportunity to gain access t
the personal data of the clients who has been using the
platform network services for the transaction purpose. The
major reason behind the improper access of data in the
networking services are the opening of the ports that are
accessible by the means of UPnP. The UDP services that are
exploitable in nature also acts as the gateway for the imposters
to gain access to the data as the imposters exploits the UDP
gateway to enter into the database of the clients and modulate
the same. Usage of the DOS via Network Fuzzing is also the
major reason of the data insecurity of the Insecure Networking
services. This fuzzing of the networking infrastructure via the
DS infrastructure has attracted many cyber criminals to poach
against the databases that are stored in the network services.
Recommendation
According to O’Neill, M. 2016, the
recommendations that are required for the protection of the
data from the in secured data services is by the means of the
fact that the ports that are needed and the ports that are not in
use must be closed as the data that is present in the networking
system will ensure the fact that the leakage of the data from
the other ports are minimized and the data security and
privacy is maintained. In case the ports of the database that are
not in use cannot be closed due to the complications in the
infrastructure of the system the entire data is passed through
the UPnP. This also ensures that the data that is passed
through the network is secured and the encryption of the data
is efficient. The strategy of fuzzing attacks ensure the fact are
diminished and the concern for the buffer over flow is taken
into consideration. These recommendation ensures the fact
that the data that si stored in the processing of the overflow of
the buffer. .
4) Lack of Transport Encryption
According to Hahn 2017, this exchanges data with
the Internet of Things device. In order to do this it follows an
unencrypted format. This leads a way for cyber criminals to
steal the data for ill purposes. Some security susceptibilities
that could lead to this particular issue are as follows. The
services that are unencrypted via the internet.SSL or TLS that
are poorly implemented.SSL or TLS that are misconfigured.
Recommendation
According to Hanck & Markantonakis, 2015, the
recommendations that must be taken in order secure the data
that are in the processing of the database is by the
methodologies that will include the fact that the encryption of
the data includes the protocols. The mostly used protocols are
namely the TLS and the SSL. This fact ensures the processing
of the data that will ensure that thee encryption of the data is
performed with efficiency .hence it is ensured that the data is
methodology. Another way of terminating the risk of ten
cyber attack in the web interface is by setting reference for the
password so that the password that is set is well strong for the
cyber criminals to harm the web interface and the gain access
to the front end of the web interface.
2) Insufficient authorization
According to Hahn 2017, the inefficient
methodology that is applied in the usage of the process from
securing the web services has been acting as one of the major
causes for the security issues in the field of Internet of things.
The computing devices that deploy the methodology of the
authentication of the user of the web services is very
inefficient as the imposters can use the identity of the genuine
clients and gain access to the web services and modulate the
information that harms the clients who use the web service.
This security problems faced is due to the fact that the
password complexity of the web services are not as strong as
it is required for preventing the imposters to gain access to the
personal accent source data that are private in nature. Another
reason of insufficient authentication problem is that
credentials of the data base are very poorly protected which
matches the credentials vulnerable to the imposters. The
authentication systems that are applied in the data base are one
factor authentication system. The ability of the one factor
authentication is limited and v the robustness of the platform
is affected due to this terminology of one factor authentication
methodology. Insecurity in the password recovery
methodology is availed due to the fact the lack of robustness
in the setting of the password. The control of rile based access
is not well maintained which leads to the fact of lack of
authentication robustness of the data base.
Recommendation
According to Hu, 2016, The password that is being
set for the database has to be strong enough to be cracked by
the imposters in order to keep the database protected from the
imposters are by ensuring that the password that s et for the
data base is strong enough to be cracked. To prevent the
access of the imposters the most important thing that should
be checked is the positioning of the granular access control.
To keep the data base protected the granular access control
must be placed in the right place and the use of the granular
access control, us be made efficiently. The password that is set
for the database must be recoverable by the client in case of
misplacing the password.
3) Insecure Network Services
According to Li & Da Xu, 2017, Insecure Network
services deals with the methodologies that are caused due to
the vulnerabilities of the networking system that requires
Internet of Things in the process of the infrastructural
methodology. The platform of Internet of Things provides the
intruders the access in an unauthorized manner to the data that
is associate in nature. Vulnerable services that are provided by
the Internet of Things are proven to be the main reason behind
the lack of robustness of the network services. Another main
reason of this lack of robustness of the platform is the buffer
over flow of the networking services. The overflow of the
buffer provides the imposters an opportunity to gain access t
the personal data of the clients who has been using the
platform network services for the transaction purpose. The
major reason behind the improper access of data in the
networking services are the opening of the ports that are
accessible by the means of UPnP. The UDP services that are
exploitable in nature also acts as the gateway for the imposters
to gain access to the data as the imposters exploits the UDP
gateway to enter into the database of the clients and modulate
the same. Usage of the DOS via Network Fuzzing is also the
major reason of the data insecurity of the Insecure Networking
services. This fuzzing of the networking infrastructure via the
DS infrastructure has attracted many cyber criminals to poach
against the databases that are stored in the network services.
Recommendation
According to O’Neill, M. 2016, the
recommendations that are required for the protection of the
data from the in secured data services is by the means of the
fact that the ports that are needed and the ports that are not in
use must be closed as the data that is present in the networking
system will ensure the fact that the leakage of the data from
the other ports are minimized and the data security and
privacy is maintained. In case the ports of the database that are
not in use cannot be closed due to the complications in the
infrastructure of the system the entire data is passed through
the UPnP. This also ensures that the data that is passed
through the network is secured and the encryption of the data
is efficient. The strategy of fuzzing attacks ensure the fact are
diminished and the concern for the buffer over flow is taken
into consideration. These recommendation ensures the fact
that the data that si stored in the processing of the overflow of
the buffer. .
4) Lack of Transport Encryption
According to Hahn 2017, this exchanges data with
the Internet of Things device. In order to do this it follows an
unencrypted format. This leads a way for cyber criminals to
steal the data for ill purposes. Some security susceptibilities
that could lead to this particular issue are as follows. The
services that are unencrypted via the internet.SSL or TLS that
are poorly implemented.SSL or TLS that are misconfigured.
Recommendation
According to Hanck & Markantonakis, 2015, the
recommendations that must be taken in order secure the data
that are in the processing of the database is by the
methodologies that will include the fact that the encryption of
the data includes the protocols. The mostly used protocols are
namely the TLS and the SSL. This fact ensures the processing
of the data that will ensure that thee encryption of the data is
performed with efficiency .hence it is ensured that the data is
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
encrypted using various protocols. Such protocols include
TLS and SSL while transmitting them through networks.
Another mode of prevention of the task is that the entire
proprietary of the encryption mode is controlled by the
accepted module of the TLS and the SSL module. To ensure
that the encryption techniques used for protecting data while
transporting are accepted and not proprietary encryption
protocols.
5) Privacy Concerns
According to Premnath & Haas, 2015, privacy
concerns are faced when personal data is collected but not
well secured. It can be discovered by reviewing the data that
has been collected and activates the device. The security
vulnerability, which can lead to such issues, is the collection
of useless personal information. The privacy concern acts to
be the major problem as the data that are stored in the
processing of the data by the imposters. This fact ensures the
feature that the data that is present in the database gets
accessed by the imposters.
Recommendation:
According to Kraijak & Tuwanut, 2015, the recommendations
that are will act helpful for the progression of the data privacy
and the security of the data regarding the identification of the
source of the access as this will help on tracking of the lost
data and regaining the data might also be possible for the
progression of the privacy. This will ensure that the data
collected is de-identified this will ensure that a specific
retention limit is set for collected data. The encryption of the
data must be done properly. This will ensure that the data
collected is protected by encryption.
6) Insecure Cloud Interface
According to Kraija & Tuwanut, 2015, it is
concerned with the issues related to cloud interface which is
used to interact with Internet of Things device. This would
result in poor data transporting in unencrypted format. This
allows an attacker the access to the data. Factors that can lead
to these issues are enumeration of account, details exposed in
network traffic. The traffic that is made to pass through the
cloud computing networking system ensures the fact that the
interface that the cloud computing format is using lacks the
robustness of the infrastructure. This ensures the fact that the
data stored in the cloud will ensure the fact that the data will
regain the progression of the data.
Recommendation:
According to Premnath & Haas, 2015, some measures that can
be taken to prevent them include the methodology that intend
on the methodology of the resetting the password and the
security instances of the database. This includes setting new
passwords and the passwords resetting from that which are
applied in default mode. The changing to default users and
default passwords during initial setup acts helpful in the
purpose of the detection of the problems. The number of
attempts must be fixed in order to set the security tire for the
organization. By setting the bar for the processing of the
security chain it disables the imposters to guess the password
of the account which in turn helps the organization to keep the
database protected. This fact ensure that account logs out after
several failed to login. For securing the access to the database
of the system it enables the factor that the data that is stored in
the data base is supported with 2 way authentication system.
This includes the factor that the data that are stored in the
database of the organization is secured and the processing of
the data is more difficult because of the lack of prevention of
the data with respect to the processing of the security. This
fact will help to ensure that personal information is not shared
via internet, implement 2 factor authentication for better
security.
7) Insecure Mobile Interface
According to Li & Da Xu, 2017, unencrypted data or
weak authentication can let the attackers have the access to the
data of an Internet of Things device. Factors that can lead to
these factors include enumeration of account and personal
details exposed in network traffic.
Recommendation:
According to Hahn 2017, some measures to be taken to
prevent these threats includes ensuring that personal
information is not shared via internet. Default passwords and
usernames must changed while initial setup.
8) Insufficient Security Configurability
According to Lee & Lee, 2015, it is present when the
users of device have no ability to change its security controls.
The risk is that the Internet of Things device can be easily too
attacked. This can be done by unauthorized access to the data.
Factors that can lead to this threat is the lack of options in
password security, no security monitoring and no security
logging.
Recommendation:
According to Hahn 2017, some measures that can be
taken to prevent this kind of threats are that it separates
administrative users from normal users. This will help in
ensuring the ability to notify the end users of security events.
This factor will also help in ensuring the ability to provide
strong passwords.
Insecure Software
According to Bertino & Ferrari, 2018, software is
insecure when they contain hardcoded data such as
credentials. The inability of a software to get updated means
that the device is vulnerable to the security issue. The factors
leading to these threats are the updated file that is not
encrypted, the update is not verified before an upload and
when there is no update functionality.
TLS and SSL while transmitting them through networks.
Another mode of prevention of the task is that the entire
proprietary of the encryption mode is controlled by the
accepted module of the TLS and the SSL module. To ensure
that the encryption techniques used for protecting data while
transporting are accepted and not proprietary encryption
protocols.
5) Privacy Concerns
According to Premnath & Haas, 2015, privacy
concerns are faced when personal data is collected but not
well secured. It can be discovered by reviewing the data that
has been collected and activates the device. The security
vulnerability, which can lead to such issues, is the collection
of useless personal information. The privacy concern acts to
be the major problem as the data that are stored in the
processing of the data by the imposters. This fact ensures the
feature that the data that is present in the database gets
accessed by the imposters.
Recommendation:
According to Kraijak & Tuwanut, 2015, the recommendations
that are will act helpful for the progression of the data privacy
and the security of the data regarding the identification of the
source of the access as this will help on tracking of the lost
data and regaining the data might also be possible for the
progression of the privacy. This will ensure that the data
collected is de-identified this will ensure that a specific
retention limit is set for collected data. The encryption of the
data must be done properly. This will ensure that the data
collected is protected by encryption.
6) Insecure Cloud Interface
According to Kraija & Tuwanut, 2015, it is
concerned with the issues related to cloud interface which is
used to interact with Internet of Things device. This would
result in poor data transporting in unencrypted format. This
allows an attacker the access to the data. Factors that can lead
to these issues are enumeration of account, details exposed in
network traffic. The traffic that is made to pass through the
cloud computing networking system ensures the fact that the
interface that the cloud computing format is using lacks the
robustness of the infrastructure. This ensures the fact that the
data stored in the cloud will ensure the fact that the data will
regain the progression of the data.
Recommendation:
According to Premnath & Haas, 2015, some measures that can
be taken to prevent them include the methodology that intend
on the methodology of the resetting the password and the
security instances of the database. This includes setting new
passwords and the passwords resetting from that which are
applied in default mode. The changing to default users and
default passwords during initial setup acts helpful in the
purpose of the detection of the problems. The number of
attempts must be fixed in order to set the security tire for the
organization. By setting the bar for the processing of the
security chain it disables the imposters to guess the password
of the account which in turn helps the organization to keep the
database protected. This fact ensure that account logs out after
several failed to login. For securing the access to the database
of the system it enables the factor that the data that is stored in
the data base is supported with 2 way authentication system.
This includes the factor that the data that are stored in the
database of the organization is secured and the processing of
the data is more difficult because of the lack of prevention of
the data with respect to the processing of the security. This
fact will help to ensure that personal information is not shared
via internet, implement 2 factor authentication for better
security.
7) Insecure Mobile Interface
According to Li & Da Xu, 2017, unencrypted data or
weak authentication can let the attackers have the access to the
data of an Internet of Things device. Factors that can lead to
these factors include enumeration of account and personal
details exposed in network traffic.
Recommendation:
According to Hahn 2017, some measures to be taken to
prevent these threats includes ensuring that personal
information is not shared via internet. Default passwords and
usernames must changed while initial setup.
8) Insufficient Security Configurability
According to Lee & Lee, 2015, it is present when the
users of device have no ability to change its security controls.
The risk is that the Internet of Things device can be easily too
attacked. This can be done by unauthorized access to the data.
Factors that can lead to this threat is the lack of options in
password security, no security monitoring and no security
logging.
Recommendation:
According to Hahn 2017, some measures that can be
taken to prevent this kind of threats are that it separates
administrative users from normal users. This will help in
ensuring the ability to notify the end users of security events.
This factor will also help in ensuring the ability to provide
strong passwords.
Insecure Software
According to Bertino & Ferrari, 2018, software is
insecure when they contain hardcoded data such as
credentials. The inability of a software to get updated means
that the device is vulnerable to the security issue. The factors
leading to these threats are the updated file that is not
encrypted, the update is not verified before an upload and
when there is no update functionality.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Recommendation:
According to Hahn 2017, some measures that can be
taken to prevent these threats are also ensures that the update
server is secured. This will also help to ensure that the data
has the ability to update. This will help to ensure that the
updated file does not reveal any sensitive data. The factor will
help ensure that the file is transmitted via an encrypted
connection.
9) Poor Physical Security
According to O’Neill, M. 2016, Poor physical
security takes place when an attacker is able to disassemble a
device in order to get access to the storage medium as well as
the data stored in it. The weakness can also be detected when
an USB port is used to access a device that uses features
intended for maintenance. The factors that causes these threats
are getting access to software with the help of USB ports and
removing storage media.
Recommendation:
According to Kraijak & Tuwanut, 2015, measures to be taken
to prevent these threats are ensuring that the data storage
medium is not easily removed. Ensuring that the device
cannot be easily disassembled is also required. Ensuring that
the product has the ability to limit the capabilities of
administrative is also required for the processing of the data.
Ensuring that the product has the ability to limit the
capabilities of administrative is also required for the
processing of the data framework.
According to Li & Da Xu, 2017, Internet of Things has been
here, and will be here. By 2020, Gartner predicts that the
Internet of Things would be made up of 26 billion “units.”
The measures stated above will be nothing if
the manufacturers of Internet of Things devices do not
consider them.
References
[1.] Bertino, E. (2016, June). Data security and privacy: concepts,
approaches, and research directions. In Computer Software and
Applications Conference (COMPSAC), 2016 IEEE 40th
Annual (Vol. 1, pp. 400-407). IEEE.
[2.] Bertino, E., & Ferrari, E. (2018). Big Data Security and Privacy.
In A Comprehensive Guide through the Italian Database Research
over the Last 25 Years (pp. 425-439). Springer, Cham.
[3.] Dalipi, F., & Yayilgan, S. Y. (2016, August). Security and privacy
considerations for IoT application on smart grids: Survey and
research challenges. In Future Internet of Things and Cloud
Workshops (FiCloudW), IEEE International Conference on (pp.
63-68). IEEE.
[4.] Hahn, J. (2017). Security and privacy for location services and the
internet of things. Library Technology Reports, 53(1), 23.
[5.] Hancke, G. P., & Markantonakis, K. (Eds.). (2017). Radio
Frequency Identification and IoT Security: 12th International
Workshop, RFIDSec 2016, Hong Kong, China, November 30--
December 2, 2016, Revised Selected Papers (Vol. 10155).
Springer.
[6.] Hu, F. (2016). Security and privacy in Internet of things (IoTs):
Models, Algorithms, and Implementations. CRC Press.
[7.] Kraijak, S., & Tuwanut, P. (2015). A survey on IoT architectures,
protocols, applications, security, privacy, real-world
implementation and future trends.
[8.] Lee, I., & Lee, K. (2015). The Internet of Things (IoT):
Applications, investments, and challenges for enterprises. Business
Horizons, 58(4), 431-440.
[9.] Li, S., & Da Xu, L. (2017). Securing the internet of things.
Syngress.
[10.] Maras, M. H. (2015). Internet of Things: security and privacy
implications. International Data Privacy Law, 5(2), 99.
[11.] O’Neill, M. (2016). Insecurity by design: Today’s IoT device
security problem. Engineering, 2(1), 48-49.
[12.] Oravec, J. A. (2017, July). Emerging “cyber hygiene” practices for
the Internet of Things (IoT): Professional issues in consulting
clients and educating users on IoT privacy and security.
In Professional Communication Conference (ProComm), 2017
IEEE International (pp. 1-5). IEEE.
[13.] Premnath, S. N., & Haas, Z. J. (2015). Security and privacy in the
internet-of-things under time-and-budget-limited adversary
model. IEEE Wireless Communications Letters, 4(3), 277-280.
[14.] Roy, S., & Manoj, B. S. (2016). IoT enablers and their security
and privacy issues. In Internet of Things (IoT) in 5G Mobile
Technologies (pp. 449-482). Springer, Cham.
[15.] Sajid, A., Abbas, H., & Saleem, K. (2016). Cloud-assisted iot-
based scada systems security: A review of the state of the art and
future challenges. IEEE Access, 4, 1375-1384.
[16.] Zhou, W., & Piramuthu, S. (2014, June). Security/privacy of
wearable fitness tracking IoT devices. In Information Systems and
Technologies (CISTI), 2014 9th Iberian Conference on(pp. 1-5).
IEEE.
According to Hahn 2017, some measures that can be
taken to prevent these threats are also ensures that the update
server is secured. This will also help to ensure that the data
has the ability to update. This will help to ensure that the
updated file does not reveal any sensitive data. The factor will
help ensure that the file is transmitted via an encrypted
connection.
9) Poor Physical Security
According to O’Neill, M. 2016, Poor physical
security takes place when an attacker is able to disassemble a
device in order to get access to the storage medium as well as
the data stored in it. The weakness can also be detected when
an USB port is used to access a device that uses features
intended for maintenance. The factors that causes these threats
are getting access to software with the help of USB ports and
removing storage media.
Recommendation:
According to Kraijak & Tuwanut, 2015, measures to be taken
to prevent these threats are ensuring that the data storage
medium is not easily removed. Ensuring that the device
cannot be easily disassembled is also required. Ensuring that
the product has the ability to limit the capabilities of
administrative is also required for the processing of the data.
Ensuring that the product has the ability to limit the
capabilities of administrative is also required for the
processing of the data framework.
According to Li & Da Xu, 2017, Internet of Things has been
here, and will be here. By 2020, Gartner predicts that the
Internet of Things would be made up of 26 billion “units.”
The measures stated above will be nothing if
the manufacturers of Internet of Things devices do not
consider them.
References
[1.] Bertino, E. (2016, June). Data security and privacy: concepts,
approaches, and research directions. In Computer Software and
Applications Conference (COMPSAC), 2016 IEEE 40th
Annual (Vol. 1, pp. 400-407). IEEE.
[2.] Bertino, E., & Ferrari, E. (2018). Big Data Security and Privacy.
In A Comprehensive Guide through the Italian Database Research
over the Last 25 Years (pp. 425-439). Springer, Cham.
[3.] Dalipi, F., & Yayilgan, S. Y. (2016, August). Security and privacy
considerations for IoT application on smart grids: Survey and
research challenges. In Future Internet of Things and Cloud
Workshops (FiCloudW), IEEE International Conference on (pp.
63-68). IEEE.
[4.] Hahn, J. (2017). Security and privacy for location services and the
internet of things. Library Technology Reports, 53(1), 23.
[5.] Hancke, G. P., & Markantonakis, K. (Eds.). (2017). Radio
Frequency Identification and IoT Security: 12th International
Workshop, RFIDSec 2016, Hong Kong, China, November 30--
December 2, 2016, Revised Selected Papers (Vol. 10155).
Springer.
[6.] Hu, F. (2016). Security and privacy in Internet of things (IoTs):
Models, Algorithms, and Implementations. CRC Press.
[7.] Kraijak, S., & Tuwanut, P. (2015). A survey on IoT architectures,
protocols, applications, security, privacy, real-world
implementation and future trends.
[8.] Lee, I., & Lee, K. (2015). The Internet of Things (IoT):
Applications, investments, and challenges for enterprises. Business
Horizons, 58(4), 431-440.
[9.] Li, S., & Da Xu, L. (2017). Securing the internet of things.
Syngress.
[10.] Maras, M. H. (2015). Internet of Things: security and privacy
implications. International Data Privacy Law, 5(2), 99.
[11.] O’Neill, M. (2016). Insecurity by design: Today’s IoT device
security problem. Engineering, 2(1), 48-49.
[12.] Oravec, J. A. (2017, July). Emerging “cyber hygiene” practices for
the Internet of Things (IoT): Professional issues in consulting
clients and educating users on IoT privacy and security.
In Professional Communication Conference (ProComm), 2017
IEEE International (pp. 1-5). IEEE.
[13.] Premnath, S. N., & Haas, Z. J. (2015). Security and privacy in the
internet-of-things under time-and-budget-limited adversary
model. IEEE Wireless Communications Letters, 4(3), 277-280.
[14.] Roy, S., & Manoj, B. S. (2016). IoT enablers and their security
and privacy issues. In Internet of Things (IoT) in 5G Mobile
Technologies (pp. 449-482). Springer, Cham.
[15.] Sajid, A., Abbas, H., & Saleem, K. (2016). Cloud-assisted iot-
based scada systems security: A review of the state of the art and
future challenges. IEEE Access, 4, 1375-1384.
[16.] Zhou, W., & Piramuthu, S. (2014, June). Security/privacy of
wearable fitness tracking IoT devices. In Information Systems and
Technologies (CISTI), 2014 9th Iberian Conference on(pp. 1-5).
IEEE.
1 out of 5
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.