The essay is going to depict different security issues relevant to Internet of Things (IOT) and its mitigation processes. Internet of things is a proposed innovation of internet services in which the daily objectives set an organized network connectivity service (Xu, Wendt and Potkonjak 2014). It is increasing in a rapid manner all over the world in workplaces and also for personal uses. In order to build connectivity between the virtual and the real world IOT is used. Mitigation techniques for IOT are going to be illustrated in this essay and network architecture will be proposed to IOT application.
The security problems relevant to Internet of Things
Every technology has some positive and some negative impact on the field of application. The issues relevant to IOT are provided below:
Constraints of high technical nature: As the system includes many traits those are highly technical in nature. Therefore, it required high level privacy in order to balance the security of the application (Yang et al. 2015). The heterogeneous nature of the system and the objective are coming low resource need to be more secure than any other systems.
Real time analysis threat: Again the system is adopting cloud service technology in order to improve it from all the technical perspectives. Thus, it might face security threats due to the absence of proper infrastructure. Real time analysis of the data stored in the system of Internet of things from different devices requirement of the cloud service is massive (Premnath and Haas 2015). If the system does not use cloud service then, the storage capacity of the system will come as a biggest threat.
Non flexible security: If the security mechanism of the system is not enough updated then, it would not be flexible and reliable from the user aspects. Thus, it can be said that another security relevant issue is the non flexible connectivity of the network. Personal data of the users can be encrypted by the
Pervasive environment: Another major security relevant issue is the environment of Internet of things. A secure channel of communication along with the authenticated devices are needed else during transmission of data it might get hacked by the hackers. Security of the system is the most important thing (Lee, Park and Kim 2015). Thus, cloning of the smart devices by manufacturer may be come up as another major security relevant issue (Refer to Appendix 1).
Reasons of existence of security issues in Internet of Things
There are certain reasons for which the security issue in IOT is found. Applying some of the practices it has been accounted that the substantial reengineering is strictly merged to the devices. In case of factory floor automation systems different programmable logic controllers are embedded to it and finally that operate as a robotic system (Wurm et al. 2016). The robotic system is closely integrated to the IT application field. Unlimited application of various kinds of IOT possesses massive range of security lack. The reasons are as followed:
The security issues or challenges exist in IOT
It is one of the most dedicated sections of technology application. IOT is relevant to security booting of electronic devices (Zheng et al. 2013). At the same time, it can be said that, being the most widely used technologies the chances of issue occurrence is also most in case of IOT application. Among most of the commonly observed security issues certain issues are discussed below:
Hacking: Sometimes, unauthorized people hack user data, password, confidential information etc which is the major security issue of IOT application.
Different devices have different processing capabilities: Internet of things (IOT) provides platforms where the devices, manufactured by different manufacturer, connected via internet sources and are able to communicate with each other.
Lack of common industry based practices: Due to lack of common industry based practices the application of IOT brings a major security challenge to the users as well as to the manufacturer (Tsai et al. 2015). Therefore, while implementing IOT in any particular application field such as smart home, smart wear, and smart city etc the issue occurs.
Connectivity options: As, in case of building of first smart home, a secure network connectivity is required but in most of the cases the network security is found to accessible by unauthorized people. Thus it is another major issue regarding IOT.
No future proof: Though IOT application involves modern emerging technologies but due to lack of expertise teams the application is unable to proof strong and secure future (Wurm et al. 2016). The controlled security system includes evolutionary network system in a parallel manner, thus future security of the network connectivity is another major issue.
Analysis of a major security issue in IOT
The security industry is already familiar to the potential weaknesses such as authentication, encryption etc that affect the IOT system (Ren et al. 2014). Among all the above mentioned security issues the most important issue that is needed to mitigate as soon as possible is authentication issue. In this case unauthorized person can fetch the data from the users without his or her permission.
Analysis of hacking issue in IOT
The behavior of the IOT devices can be changed by the attackers in many ways. The attacks become more and more difficult in case of physical accesses. Existence of other attacks is also dangerous that took place via internet services basically from different remote locations (Riahi et al. 2014). At the same time, attacks through network might also become serious issue of IOT application. Local attacks such as attack through internet, LAN and Ethernet also might hamper the over service of Internet of things (Yousuf et al. 2015). The devices used for the IOT can be accessed by unauthorized people through either internet, WI FI or via any malware attack. In most of the application fields of IOT two device modes are used such as cloud polling and direct polling. Based on the function dependency the devices use their fields. In cloud polling the devices are strictly and continuously get connected to the cloud platform.
During application, the devices are sometimes search for new firmware to apply in the application field and via that version while downloading or installing important software the attackers may attack the device (Suh et al. 2013). Unauthorized users can also become authenticated by using self signed certificate for example SSL (secure socket layer). The certificates will help them to attack the user devices through connections. Some cases the user’s devices uses certain verification protocols (Zheng et al. 2013). The protocols do not allow unauthenticated users to access the data but some devices do not have the license to use the verification protocol. In recent cases it has been found that hackers use some crypto protocols or algorithms that can corrupt the complete user devices of IOT.
In this case, when the server request the clients for a particular website and the user without any verification access the web address, the attackers send a malware virus through The malware then encrypts the programs or files or sometimes the complete OS with its encryption key (Premnath and Haas 2015). The keys used by the attackers are not shared keys these are private key that cannot be access by any other person. This process is known as Crypto Locker process. Therefore, security has become one of the major issues in IOT.
Description and security issue resolving processes of IOT
In order to mitigate these issues some resolving procedures are also provided. The mitigation techniques are as followed:
Effectiveness of advanced resource constraints: IOT is basically resource based constrained network which is efficiently applicable in low bandwidth utilizing communication channels. Firstly, this protocol is able to segment large data packets in small parts and therefore the chances of attacks also reduced in a large rate (Lee, Park and Kim 2015). It consists of advanced cryptographic protocols over the network communication. As the IOT based devices are owned by organizations and by individuals therefore, the data generated by the devices needs proper identity to overcome unauthenticated attacks.
Cost deployment in end to end security in IOT: Though cost deployment is a distinct process that helps to innovate, effective and specified application in the field of IOT but it also provides a secure end to end connectivity over the network. According to Raza, Voigt and Jutvik (2012), sometimes innovations increases the productivity cost but in wireless crypto protocols it always provides a secure end to end communication network to the users.
Proposed IOT architecture
In order to overcome all the security challenges a network architecture model is proposed which is cost effective and efficient as well. In IOT, the systems get attacked by the hackers and at the same time the users are also get affected due to this. During the application of this network model, major security level issues can be reduces in a large amount.
According to the model it is a four layered architecture where the initial layer is strictly connected to the rest of the layers. The root layer is sensor and actuator layer which is bi- directionally connected to the IOT devices (Farooq et al. 2015). As the connection is bi-directional thus both the layers have the capabilities to access each other as per their requirements. Then, the IOT devices are bi-directionally connected to the IOT gateway via z-wave, ZigBee or BLE. The IOT gateway has the accessibility power, which can access the IOT platform (containing DBMS, rules engines, Device management systems, rest services- data straeming) via WI FI, GPRS, CoAP. In this architecture, external access is also possible with the help of Email, Call, SMS and Push thus, this is found to be one of the most efficient and security issue resolving architecture (Refer to appendix 2).
From the above discussion it can be concluded that the security is one of the most important part to be considered while implementing IOT. Several issues and challenges relevant to this are occurring in every day application field. In this essay many security challenges along with security mitigation processes are also illustrated. In addition to this, a new secured architecture is also proposed to IOT.
Elloumi, O., Song, J., Ghamri-Doudane, Y. and Leung, V.C., 2015. IoT/M2M from research to standards: The next steps (part II)[Guest Editorial]. IEEE Communications Magazine, 53(12), pp.10-11.
Farooq, M.U., Waseem, M., Khairi, A. and Mazhar, S., 2015. A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).
Lee, Y., Park, Y. and Kim, D., 2015, November. Security Threats Analysis and Considerations for Internet of Things. In 2015 8th International Conference on Security Technology (SecTech) (pp. 28-30). IEEE.
Premnath, S.N. and Haas, Z.J., 2015. Security and privacy in the internet-of-things under time-and-budget-limited adversary model. IEEE Wireless Communications Letters, 4(3), pp.277-280.
Raza, S., Voigt, T. and Jutvik, V., 2012, March. Lightweight IKEv2: a key management solution for both the compressed IPsec and the IEEE 802.15. 4 security. In Proceedings of the IETF workshop on smart object security.
Ren, K., Samarati, P., Gruteser, M., Ning, P. and Liu, Y., 2014. Guest Editorial Special Issue on Security for IoT: The State of the Art. IEEE Internet of Things Journal, 1(5), pp.369-371.
Riahi, A., Natalizio, E., Challal, Y., Mitton, N. and Iera, A., 2014, February. A systemic and cognitive approach for IoT security. In Computing, Networking and Communications (ICNC), 2014 International Conference on (pp. 183-188). IEEE.
Suh, H.J., Lee, D.G., Choe, J.S. and Kim, H.W., 2013. IoT security technology trends. The Korea Institute of Electromagnetic Engineering and Science, 24(4), pp.27-35.
Tsai, C.R., Hsiao, M.C., Shen, W.C., Wu, A.Y.A. and Cheng, C.M., 2015, May. A 1.96 mm 2 low-latency multi-mode crypto-coprocessor for PKC-based IoT security protocols. In 2015 IEEE International Symposium on Circuits and Systems (ISCAS) (pp. 834-837). IEEE.
Wurm, J., Hoang, K., Arias, O., Sadeghi, A.R. and Jin, Y., 2016, January. Security analysis on consumer and industrial iot devices. In 2016 21st Asia and South Pacific Design Automation Conference (ASP-DAC) (pp. 519-524). IEEE.
Xu, T., Wendt, J.B. and Potkonjak, M., 2014, November. Security of IoT systems: Design challenges and opportunities. In Proceedings of the 2014 IEEE/ACM International Conference on Computer-Aided Design (pp. 417-423). IEEE Press.
Yang, J.S., Lee, H.J., Park, M.W. and Eom, J.H., 2015. Security Threats on National Defense ICT based on IoT. Advanced Science and Technology Letters, 97, pp.94-98.
Yousuf, T., Mahmoud, R., Aloul, F. and Zualkernan, I., 2015. Internet of Things (IoT) Security: Current Status, Challenges and Countermeasures.
Zheng, R., Zhang, M., Wu, Q., Yang, C., Wei, W., Zhang, D. and Ma, Z., 2013. An IOT Security Risk Autonomic Assessment Algorithm. Indonesian Journal of Electrical Engineering and Computer Science, 11(2), pp.819-826.