Internet of things (IoT) security is the process of protecting internet devices and the networks to which they are connected from attacks and threats by defending, recognizing and controlling risk, as well as assisting to resolve vulnerabilities in a variety of devices that present security risks to systems. IoT devices continue to have significant security and privacy issues, which bring in a new level of online privacy problems for consumers. In addition to collecting personal information such as phone numbers and names, these devices can also track user behavior (for example, when users are out having lunch or when they are in their homes).
After a never-ending thread of revelations about significant data theft, consumers are naturally suspicious of putting far too much personal information in public or private clouds. IoT security incorporates a range of abstraction levels and dimensions. The abstraction layers range from the physical layers of computation, communication, sensors and devices to the semantic layer, which interprets and processes all collected data. It is anticipated that a large percentage of security breaches may occur at the software level, as it is the most prevalent and can sequentially affect a wide range of devices and processes. At the research level, the majority of novel attacks target physical signals, specifically semantic attacks throughout data analysis and decision making. It is essential to note that the lowest level of security in any dimension and at any level defines the security level.
Level-wise IoT security threats
Current internet standards applied to smart devices can facilitate the incorporation of envisioned IoT scenarios. But to support IoT applications, the traditional security controls of internet protocols must be improved. Therefore, we will quickly go through the current security issues in four different layers (perception, network, transport and application layer) of IoT that need to be improved in one way or another.
Perception layer
The perception layer encompasses different kinds of controlling and collecting modules, like sound sensors, temperature sensors, pressure sensors and vibration sensors. This layer is often further categorized into a perception network that interacts with transportation systems and a perception node that is utilized for data control and data acquisition. The wireless technologies that are used in the perception layer are mostly RFID, GPS, implantable medical devices and wireless sensor networks.
The identification of the anomalous sensor node is a major perception layer security problem. This could occur if the node is physically attacked (for example, disabled or destroyed) or if cyberattacks intrude/compromise it. Such faulty nodes must be detected and corrected to ensure the continuation of service. Another security problem is in the key management method and cryptography algorithms. Moreover, few IoT users are concerned about their privacy when uploading sensitive information to the collection server. Therefore, before submission, it is crucial to encrypt the data so that the collector cannot identify the submitter.
Network and transport layer
For IoT devices in wireless sensor networks, it is preferable to stretch Internet Protocol Security (IPSec) version 6 over low power wireless personal area networks (LoWPANs) to allow IPSec to communicate with IPv6 nodes. This is advantageous since existing internet endpoints do not need to be altered to securely communicate with the wireless sensor networks, and true end-to-end security is provided without needing a trustworthy gateway. On the other hand, transport layer security is a popularly utilized security method for communications through the internet. It offers three main functions: encryption, authentication and verification. Therefore, it must be ensured that the data is encrypted via a system of keys and certificates.
Application layer
IoT applications include a wide range of applications such as smart bulbs and learning thermostats in smart homes; smart parking and smart lighting systems in smart cities; real-time health control systems in healthcare and medical; smart metering and smart grids in energy management systems; wildlife tracking and climate monitoring in environmental control systems; connected vehicles; and industrial internet. The majority of contemporary IoT devices include configurable embedded computer systems. A few even operate complex software and imitate general-purpose computers; as a result, they confront the same security risks as standard computers. They may become infected with a trojan virus when connected to the internet.
[Discover more about network security software on GlobalSpec.com]
Limitations of applying security in IoT networks
Why is it hard to secure the IoT with the same security features as the traditional internet? The two primary constraints are the capacity of the battery and the computing power. Since some IoT devices are utilized in environments without charging capabilities, they have limited energy to execute the intended functionality, and heavy security commands can deplete their resources. Similarly, lightweight computing power also cannot bear heavy security commands.
Conclusion
The IoT is ubiquitous in our everyday lives. It is used in our homes, hospitals and outdoors to monitor and notify environmental changes, avoid fires and perform a variety of other useful functions. All of these advantages, however, come with substantial risks of security issues and privacy loss. For the purpose of securing IoT devices, a great deal of research must be continued to counteract these issues and find a better way to eliminate or at least mitigate their effects on user security and privacy requirements.
