DOI QR코드

DOI QR Code

Security Threats and Attacks in Internet of Things (IOTs)

  • Received : 2021.01.05
  • Published : 2021.01.30

Abstract

The term Internet of Things (IoTs) refers to the future where things are known daily through the Internet, whether in one way or another, as it is done by the method of collecting various information from various sensors to form a huge network through which people, things and machines are helped to make a link between them at all time and anywhere. The IoTs is everywhere around us such as connected appliances, smart homes security systems and wearable health monitors. However, the question is what if there is a malfunction or outside interference that affects the work of these IoTs based devises? This is the reason of the spread of security causes great concern with the widespread availability of the Internet and Internet devices that are subject to many attacks. Since there aren't many studies that combines requirements, mechanisms, and the attacks of the IoTs, this paper which explores recent published studies between 2017 and 2020 considering different security approaches of protection related to the authentication, integrity, availability and confidentiality Additionally, the paper addresses the different types of attacks in IoTs. We have also addressed the different approaches aim to prevention mechanisms according to several researchers' conclusions and recommendations.

Keywords

References

  1. Abbasi, M., Yaghmaee, M. H., & Rahnama, F. (2019, April). Internet of Things in agriculture: a survey. In 2019 3rd International Conference on Internet of Things and Applications (IoT) (pp. 1-12). IEEE.
  2. Jaladi, A. R., Khithani, K., Pawar, P., Malvi, K., & Sahoo, G. (2017). Environmental monitoring using wireless sensor networks (WSN) based on IOT. Int. Res. J. Eng. Technol, 4(1), 1371-1378.
  3. Li, J., Yi, X., & Wei, S. (2020, June). A Study of Network Security Situational Awareness in Internet of Things. In 2020 International Wireless Communications and Mobile Computing (IWCMC) (pp. 1624-1629). IEEE.
  4. Kocakulak, M., & Butun, I. (2017, January). An overview of Wireless Sensor Networks towards internet of things. In 2017 IEEE 7th Annual Computing and Communication Workshop and Conference (CCWC) (pp. 1-6). IEEE.
  5. Loukil, F. (2019). Towards a new data privacy-based approach for IoT (Doctoral dissertation, Universite Jean Moulin Lyon 3)
  6. Tabari, A. Z., & Ou, X. (2020). A First Step Towards Understanding Real-world Attacks on IoT Devices. arXiv preprint arXiv:2003.01218.
  7. Grammatikis, P. I. R., Sarigiannidis, P. G., & Moscholios, I. D. (2019). Securing the Internet of Things: Challenges, threats and solutions. Internet of Things, 5, 41-70. https://doi.org/10.1016/j.iot.2018.11.003
  8. Jabangwe, R., & Nguyen-Duc, A. (2020). SIoT Framework: Towards an Approach for Early Identification of Security Requirements for Internet-of-things Applications. e-Informatica Software Engineering Journal, 14(1), 77-95.
  9. Dammak, M., Boudia, O. R. M., Messous, M. A., Senouci, S. M., & Gransart, C. (2019, January). Token-based lightweight authentication to secure IoT networks. In 2019 16th IEEE Annual Consumer Communications & Networking Conference (CCNC) (pp. 1-4). IEEE.
  10. Esfahani, A., Mantas, G., Matischek, R., Saghezchi, F. B., Rodriguez, J., Bicaku, A., ... & Bastos, J. (2017). A lightweight authentication mechanism for M2M communications in industrial IoT environment. IEEE Internet of Things Journal, 6(1), 288-296. https://doi.org/10.1109/jiot.2017.2737630
  11. Gope, P., & Sikdar, B. (2018). Lightweight and privacy-preserving two-factor authentication scheme for IoT devices. IEEE Internet of Things Journal, 6(1), 580-589. https://doi.org/10.1109/jiot.2018.2846299
  12. Jan, M. A., Khan, F., Alam, M., & Usman, M. (2019). A payload-based mutual authentication scheme for Internet of Things. Future Generation Computer Systems, 92, 1028-1039. https://doi.org/10.1016/j.future.2017.08.035
  13. Zhang, G., Kou, L., Zhang, L., Liu, C., Da, Q., & Sun, J. (2017). A new digital watermarking method for data integrity protection in the perception layer of IoT. Security and Communication Networks, 2017.
  14. Wang, Y., Chen, C., Chen, Z., & He, J. (2020). Attribute-Based User Revocable Data Integrity Audit for Internet-of-Things Devices in Cloud Storage. Security and Communication Networks, 2020.
  15. Lu, X., Pan, Z., & Xian, H. (2020). An integrity verification scheme of cloud storage for internet-of-things mobile terminal devices. Computers &Security,92,101686. https://doi.org/10.1016/j.cose.2019.101686
  16. Zhu, H., Yuan, Y., Chen, Y., Zha, Y., Xi, W., Jia, B., & Xin, Y. (2019). A secure and efficient data integrity verification scheme for cloud-IoT based on short signature. IEEE Access, 7, 90036-90044. https://doi.org/10.1109/ACCESS.2019.2924486
  17. Zhang, Y., He, Q., Chen, G., Zhang, X., & Xiang, Y. (2019). A Low-Overhead, Confidentiality-Assured, and Authenticated Data Acquisition Framework for IoT. IEEE Transactions on Industrial Informatics.
  18. Chanal, P. M., & Kakkasageri, M. S. (2019, July). Hybrid Algorithm for Data Confidentiality in Internet of Things. In 2019 10th International Conference on Computing, Communication and Networking Technologies (ICCCNT) (pp. 1-5). IEEE.
  19. Lin, C. H., Hsieh, W. S., Mo, F., & Chang, M. H. (2016, March). A PTC scheme for internet of things: Private-trust-confidentiality. In 2016 30th International Conference on Advanced Information Networking and Applications Workshops (WAINA) (pp. 969-974). IEEE.
  20. Purohit, K. C., Bisht, S., Joshi, A., & Bhatt, J. (2017, September). Hybrid approach for securing IoT communication using authentication and data confidentiality. In 2017 3rd International Conference on Advances in Computing, Communication & Automation (ICACCA)(Fall) (pp. 1-6). IEEE.
  21. Bahgat, M. M., Farag, H. H., & Mokhtar, B. (2018, December). IoT-Based Online Access Control System for Vehicles in Truck-Loading Fuels Terminals. In 2018 30th International Conference on Microelectronics (ICM) (pp. 1-4). IEEE.
  22. Wei, M., Liang, E., & Nie, Z. (2020, January). A SDN-based IoT Fine-grained Access Control Method. In 2020 International Conference on Information Networking (ICOIN) (pp. 637-642). IEEE.
  23. Boudguiga, A., Bouzerna, N., Granboulan, L., Olivereau, A., Quesnel, F., Roger, A., & Sirdey, R. (2017, April). Towards better availability and accountability for IoT updates by means of a blockchain. In 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW) (pp. 50-58). IEEE.
  24. Volochiy, B., Yakovyna, V., & Mulyak, O. (2017, September). Queueing networks for availability and safety assessment of the IoT data service. In 2017 12th International Scientific and Technical Conference on Computer Sciences and Information Technologies (CSIT) (Vol. 1, pp.393-396).IEEE.
  25. Razzaq, M. A., Gill, S. H., Qureshi, M. A., & Ullah, S. (2017). Security issues in the Internet of Things (IoT): a comprehensive study. International Journal of Advanced Computer Science and Applications, 8(6), 383.
  26. Almogren, A., Mohiuddin, I., Din, I. U., Al Majed, H., & Guizani, N. (2020). FTM-IoMT: Fuzzy-based Trust Management for Preventing Sybil Attacks in Internet of Medical Things. IEEE Internet of Things Journal.
  27. Mishra, A. K., Tripathy, A. K., Puthal, D., & Yang, L. T. (2018). Analytical model for sybil attack phases in internet of things. IEEE Internet of Things Journal, 6(1), 379-387. https://doi.org/10.1109/jiot.2018.2843769
  28. Lao, L., Dai, X., Xiao, B., & Guo, S. (2020, May). G-PBFT: A Location-based and Scalable Consensus Protocol for IoT-Blockchain Applications. In 2020 IEEE International Parallel and Distributed Processing Symposium (IPDPS) (pp. 664-673). IEEE.
  29. Haripriya, A. P., & Kulothungan, K. (2019). Secure-MQTT: an efficient fuzzy logic-based approach to detect DoS attack in MQTT protocol for internet of things. EURASIP Journal on Wireless Communications and Networking, 2019(1), 90. https://doi.org/10.1186/s13638-019-1402-8
  30. Sicari, S., Rizzardi, A., Miorandi, D., & Coen-Porisini, A. (2018). REATO: REActing TO Denial of Service attacks in the Internet of Things. Computer Networks, 137, 37-48. https://doi.org/10.1016/j.comnet.2018.03.020
  31. Shurman, M. M., Khrais, R. M., & Yateem, A. A. (2019, December). IoT Denial-of-Service Attack Detection and Prevention Using Hybrid IDS. In 2019 International Arab Conference on Information Technology (ACIT)(pp.252-254).IEEE.
  32. Rajendran, G., Nivash, R. R., Parthy, P. P., & Balamurugan, S. (2019, October). Modern security threats in the Internet of Things (IoT): Attacks and Countermeasures. In 2019 International Carnahan Conference on Security Technology (ICCST) (pp. 1-6). IEEE.
  33. Feng, Y., Wang, W., Weng, Y., & Zhang, H. (2017, July). A replay-attack resistant authentication scheme for the internet of things. In 2017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC) (Vol. 1, pp. 541-547). IEEE.
  34. Khan, S., Alzahrani, A. I., Alfarraj, O., Alalwan, N., & Al-Bayatti, A. H. (2019). Resource Efficient Authentication and Session Key Establishment Procedure for Low-Resource IoT Devices. IEEE Access, 7, 170615-170628. https://doi.org/10.1109/ACCESS.2019.2955604
  35. Ghugar, U., & Pradhan, J. (2020). Survey of wormhole attack in wireless sensor networks. Computer Science and Information Technologies, 2(1), 33-42. https://doi.org/10.11591/csit.v2i1.p33-42
  36. Deshmukh-Bhosale, S., & Sonavane, S. S. (2019). A real-time intrusion detection system for wormhole attack in the RPL based Internet of Things. Procedia Manufacturing, 32, 840-847. https://doi.org/10.1016/j.promfg.2019.02.292
  37. Chehida, S., Baouya, A., Bozga, M., & Bensalem, S. (2020, June). Exploration of Impactful Countermeasures on IoT Attacks. In 2020 9th Mediterranean Conference on Embedded Computing (MECO) (pp. 1-4). IEEE.
  38. Chen, Y. W., Sheu, J. P., Kuo, Y. C., & Van Cuong, N. (2020, June). Design and Implementation of IoT DDoS Attacks Detection System based on Machine Learning. In 2020 European Conference on Networks and Communications (EuCNC) (pp. 122-127). IEEE
  39. Kajwadkar, S., & Jain, V. K. (2018, October). A Novel Algorithm for DoS and DDoS attack detection in Internet of Things. In 2018 Conference on Information and Communication Technology (CICT) (pp. 1-4). IEEE.
  40. Singh, R., Tanwar, S., & Sharma, T. P. (2020). Utilization of blockchain for mitigating the distributed denial of service attacks. Security and Privacy, 3(3), e96.
  41. Nicula, s., & Zota, R. D. (2019). Exploiting stack-based buffer overflow using modern day techniques. Procedia Computer Science, 160, 9-14. https://doi.org/10.1016/j.procs.2019.09.437
  42. Xu, B., Wang, W., Hao, Q., Zhang, Z., Du, P., Xia, T., ... & Wang, X. (2018). A security design for the detecting of buffer overflow attacks in IoT device. IEEE Access, 6, 72862-72869. https://doi.org/10.1109/ACCESS.2018.2881447
  43. Hamidouche, R., Aliouat, Z., Ari, A. A. A., & Gueroui, M. (2019). An efficient clustering strategy avoiding buffer overflow in IoT sensors: a bio-inspired based approach. IEEE Access, 7, 156733-156751. https://doi.org/10.1109/ACCESS.2019.2943546
  44. Cekerevac, Z., Dvorak, Z., Prigoda, L., & Cekerevac, P. (2017). Internet of things and the man-in-the-middle attacks-security and economic risks. MEST Journal, 5(2), 15-25. https://doi.org/10.12709/mest.05.05.02.03
  45. Kang, J. J., Fahd, K., Venkatraman, S., Trujillo-Rasua, R., & Haskell-Dowland, P. (2019, November). Hybrid Routing for Manin-the-Middle (MITM) Attack Detection in IoT Networks. In 2019 29th International Telecommunication Networks and Applications Conference (ITNAC) (pp. 1-6). IEEE.
  46. Mustafa, K. A. R. A., & Furat, M. U. R. A. T. (2018). Client-Server Based Authentication Against MITM Attack via Fast Communication for IIoT Devices. Balkan Journal of Electrical and Computer Engineering, 6(2), 88-93.