Abstract

Internet of Things (IoT) plays a well-known role in the interconnection of the physical and virtual objects for the purpose of exchanging information. IoT environment can connect billions of devices or objects, each one has an ID for identification proof. The IoT system is considered one of the most important technologies in recent decades, and the focus of attention in many fields including healthcare, industry, agriculture, military applications, and space science. Thus, it is more attractive for cyber-attacks. The IoT requires multi-dimensional security solutions such as confidentiality, integrity, and authentication services. In this paper, we address different security challenges, threats, and defenses in the layers of IoT systems. It is known that the IoT system architecture consists of three layers: physical/sensor layer, network layer, and application layer. To be comprehensive and to facilitate comparative methods, the security problems of each layer separately and the suggested solutions have been analyzed. Moreover, the challenges of the IoT especially big data and also the evaluation strategies of the IoT system and their effects on the security operations have been evaluated.

Keyword

Internet of things (IoT), Radio frequency identification (RFID), Big data analytics, Distributed denial of services (DDoS).

Cite this article

Ahmed HI, Nasr AA, Abdel-Mageid S, Aslan HK

Refference

[1][1]Tsai CW, Lai CF, Vasilakos AV. Future internet of things: open issues and challenges. Wireless Networks. 2014; 20(8):2201-17.

[2][2]https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide. Accessed 27 December 2018.

[3][3]http://www.cisco.com/web/about/ac79/index.html. Accessed 13 March 2018.

[4][4]Jing Q, Vasilakos AV, Wan J, Lu J, Qiu D. Security of the internet of things: perspectives and challenges. Wireless Networks. 2014; 20(8):2481-501.

[5][5]Sonar K, Upadhyay H. A survey: DDOS attack on internet of things. International Journal of Engineering Research and Development. 2014; 10(11):58-63.

[6][6]Suo H, Wan J, Zou C, Liu J. Security in the internet of things: a review. In international conference on computer science and electronics engineering 2012 (pp. 648-51). IEEE.

[7][7]Alansari Z, Anuar NB, Kamsin A, Soomro S, Belgaum MR, Miraz MH, et al. Challenges of internet of things and big data integration. In international conference for emerging technologies in computing 2018 (pp. 47-55). Springer, Cham.

[8][8]Weber RH. Internet of things–new security and privacy challenges. Computer Law & Security Review. 2010; 26(1):23-30.

[9][9]http://www.centrenational-rfid.com/introduction-to-the-rfid-article-15-gb-ruid-202.html. Accessed 17 April 2018.

[10][10]Liu Y, Zhou G. Key technologies and applications of internet of things. In fifth international conference on intelligent computation technology and automation 2012 (pp. 197-200). IEEE.

[11][11]Oracevic A, Dilek S, Ozdemir S. Security in internet of things: a survey. In international symposium on networks, computers and communications (ISNCC) 2017 (pp. 1-6). IEEE.

[12][12]Li S, Tryfonas T and Li H. The internet of things: a security point of view. Internet Research. 2016; 26(2):337-59.

[13][13]Yousuf T, Mahmoud R, Aloul F, Zualkernan I. Internet of things (IoT) security: current status, challenges and countermeasures. International Journal for Information Security Research. 2015; 5(4):608-16.

[14][14]Cai H, Da Xu L, Xu B, Xie C, Qin S, Jiang L. IoT-based configurable information service platform for product lifecycle management. IEEE Transactions on Industrial Informatics. 2014; 10(2):1558-67.

[15][15]Atzori L, Iera A, Morabito G. The internet of things: a survey. Computer Networks. 2010; 54(15):2787-805.

[16][16]Trappe W, Howard R, Moore RS. Low-energy security: limits and opportunities in the internet of things. IEEE Security & Privacy. 2015; 13(1):14-21.

[17][17]Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W. A survey on internet of things: architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal. 2017; 4(5):1125-42.

[18][18]Shafagh H, Hithnawi A, Droescher A, Duquennoy S, Hu W. Talos: encrypted query processing for the internet of things. In proceedings of the ACM conference on embedded networked sensor systems 2015 (pp. 197-210). ACM.

[19][19]Stephen E. Internet protocol, version 6 (IPv6) specification. RFC2460. 1998.

[20][20]Kushalnagar N, Montenegro G, Schumacher C. IPv6 over low-power wireless personal area networks (6LoWPANs): overview, assumptions, problem statement, and goals.2007.

[21][21]Ning H, Liu H, Yang LT. Cyberentity security in the internet of things. Computer. 2013; 46(4):46-53.

[22][22]Yang Y, Wu L, Yin G, Li L, Zhao H. A survey on security and privacy issues in Internet-of-Things. IEEE Internet of Things Journal. 2017; 4(5):1250-8.

[23][23]http://www.internet-of-things-research.eu/. Accessed 17 April 2018.

[24][24]Singh S, Singh N. Internet of things (IoT): security challenges, business opportunities & reference architecture for e-commerce. In international conference on green computing and internet of things (ICGCIoT) 2015 (pp. 1577-81). IEEE.

[25][25]Borgohain T, Kumar U, Sanyal S. Survey of security and privacy issues of internet of things. arXiv preprint arXiv:1501.02211. 2015.

[26][26]Gavrilut D, Cimpoesu M, Anton D, Ciortuz L. Malware detection using perceptrons and support vector machines. In computation world: future computing, service computation, cognitive, adaptive, content, patterns 2009 (pp. 283-8). IEEE.

[27][27]Kolter JZ, Maloof MA. Learning to detect and classify malicious executables in the wild. Journal of Machine Learning Research. 2006:2721-44.

[28][28]More SS, Gaikwad PP. Trust-based voting method for efficient malware detection. Procedia Computer Science. 2016; 79:657-67.

[29][29]Loukas G, Öke G. Protection against denial of service attacks: a survey. The Computer Journal. 2010; 53(7):1020-37.

[30][30]Chandola V, Banerjee A, Kumar V. Anomaly detection: a survey. ACM Computing Surveys. 2009; 41(3).

[31][31]Medaglia CM, Serbanati A. An overview of privacy and security issues in the internet of things. In the internet of things 2010 (pp. 389-95). Springer, New York, NY.

[32][32]Bugenhagen MK, Wiley WL. Pin-hole firewall for communicating data packets on a packet network. United States Patent US 8,015,294. 2011.

[33][33]Shin Y, Meneely A, Williams L, Osborne JA. Evaluating complexity, code churn, and developer activity metrics as indicators of software vulnerabilities. IEEE Transactions on Software Engineering. 2010; 37(6):772-87.

[34][34]Abomhara M. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility. 2015; 4(1):65-88.

[35][35]Zhou W, Jia Y, Peng A, Zhang Y, Liu P. The effect of IoT new features on security and privacy: new threats, existing solutions, and challenges yet to be solved. IEEE Internet of Things Journal. 2018; 6(2):1606-16.

[36][36]Guo L, Dong M, Ota K, Li Q, Ye T, Wu J, et al. A secure mechanism for big data collection in large scale internet of vehicle. IEEE Internet of Things Journal. 2017; 4(2):601-10.

[37][37]https://www.veracode.com/security/buffer-overflow. Accessed 26 May 2018.

[38][38]https://resources.altium.com/pcb-design-blog/internet-of-things-security-vulnerabilities-all-about-buffer-overflow. Accessed 26 May 2018.

[39][39]https://www.techrepublic.com/blog/it-security/what-is-cross-site-scripting. Accessed 29 May 2018.

[40][40]Millar S. Network security issues in the Internet of Things (IoT). Queens University Belfast. 2016.

[41][41]Uke SN, Mahajan AR, Thool RC. UML modeling of physical and data link layer security attacks in WSN. International Journal of Computer Applications. 2013; 70(11).

[42][42]Ahemd MM, Shah MA, Wahid A. IoT security: a layered approach for attacks & defenses. In international conference on communication technologies 2017 (pp. 104-10). IEEE.

[43][43]Pongle P, Chavan G. A survey: attacks on RPL and 6LoWPAN in IoT. In international conference on pervasive computing 2015 (pp. 1-6). IEEE.

[44][44]Sharmila S, Umamaheswari G. Detection of sinkhole attack in wireless sensor networks using message digest algorithms. In international conference on process automation, control and computing 2011 (pp. 1-6). IEEE.

[45][45]Stephen R, Arockiam L. Intrusion detection system to detect sinkhole attack on RPL protocol in internet of things. International Journal of Electrical Electronics and Computer Science. 2017; 4(4):16-20.

[46][46]Kaur P, Gurm JS. Detect and prevent HELLO FLOOD attack using centralized technique in WSN. International Journal of Computer Science & Engineering Technology. 2016;7(8):379-81.

[47][47]Magotra S, Kumar K. Detection of HELLO flood attack on LEACH protocol. In international advance computing conference 2014 (pp. 193-8). IEEE.

[48][48]Aljumah A, Ahanger TA. Futuristic method to detect and prevent blackhole attack in wireless sensor networks. International Journal of Computer Science and Network Security. 2017; 17(2):194-201.

[49][49]Zandiyan S, Fotohi R, Koravand M. P-method: improving AODV routing protocol for against network layer attacks in mobile ad-hoc networks. International Journal of Computer Science and Information Security. 2016; 14(6):95-103.

[50][50]Nisha SK, Arora SK. Analysis of black hole effect and prevention through IDs in manet. American Journal of Engineering Research. 2013; 2(10):214-20.

[51][51]Cekerevac Z, Dvorak Z, Prigoda L, Cekerevac P. Internet of things and the man-in-the-middle attacks–security and economic risks. MEST Journal. 2017; 5(2):15-25.

[52][52]https://www.globalsign.com/en/blog/man-in-the-middle-attacks-iot/. Accessed 04 July 2018.

[53][53]Balachandran N, Sanyal S. A review of techniques to mitigate sybil attacks. IJANA. 2012.

[54][54]Dhamodharan US, Vayanaperumal R. Detecting and preventing sybil attacks in wireless sensor networks using message authentication and passing method. The Scientific World Journal. 2015.

[55][55]Li H, Chen Y, He Z. The survey of RFID attacks and defenses. In international conference on wireless communications, networking and mobile computing 2012 (pp. 1-4). IEEE.

[56][56]Raymond DR, Midkiff SF. Denial-of-service in wireless sensor networks: attacks and defenses. IEEE Pervasive Computing. 2008; 7(1):74-81.

[57][57]https://www.spamlaws.com/jamming-attacks.html. Accessed 17 July 2018.

[58][58]Panyim K, Hayajneh T, Krishnamurthy P, Tipper D. On limited-range strategic/random jamming attacks in wireless ad hoc networks. In conference on local computer networks 2009 (pp. 922-9). IEEE.

[59][59]Xu W, Ma K, Trappe W, Zhang Y. Jamming sensor networks: attack and defense strategies. IEEE Network. 2006; 20(3):41-7.

[60][60]Tang X, Ren P, Han Z. Jamming mitigation via hierarchical security game for IoT communications. IEEE Access. 2018; 6:5766-79.

[61][61]Millar S. Network security issues in the Internet of Things (IoT). Queen s University Belfast. 2016.

[62][62]Sunitha K, Chandrakanth H. A survey on security attacks in wireless sensor network. International Journal of Engineering Research and Applications. 2012; 2(4):1684-91.

[63][63]Liu AX, Bailey LA. PAP: a privacy and authentication protocol for passive RFID tags. Computer Communications. 2009; 32(7-10):1194-9.

[64][64]Tehranipoor M, Koushanfar F. A survey of hardware trojan taxonomy and detection. IEEE Design & Test of Computers. 2010; 27(1):10-25.

[65][65]Deogirikar J, Vidhate A. Security attacks in IoT: a survey. In international conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) 2017 (pp. 32-7). IEEE.

[66][66]https://www.guru99.com/learn-everything-about-trojans-viruses-and-worms.html. Accessed 13 August 2018.

[67][67]Yatagai T, Isohara T, Sasase I. Detection of HTTP-GET flood attack based on analysis of page access behavior. In pacific RIM conference on communications, computers and signal processing 2007 (pp. 232-5). IEEE.

[68][68]Xie Y, Yu SZ. A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Transactions on Networking. 2008; 17(1):54-65.

[69][69]Devi SR, Yogesh P. Detection of application layer DDoS attacks using information theory based metrics. CS & IT-CSCP. 2012; 10:217-23.

[70][70]Ye C, Zheng K, She C. Application layer DDoS detection using clustering analysis. In proceedings of international conference on computer science and network technology 2012 (pp. 1038-41). IEEE.

[71][71]Li P, Cui B. A comparative study on software vulnerability static analysis techniques and tools. In international conference on information theory and information security 2010 (pp. 521-4). IEEE.

[72][72]Amankwah R, Kudjo PK, Antwi SY. Evaluation of software vulnerability detection methods and tools: a review. International Journal of Computer Applications. 2017; 169(8):22-7.

[73][73]Freitez WR, Mammar A, Cavalli AR. Software vulnerabilities, prevention and detection methods: a review. SEC-MDA 2009 (pp. 1-11).

[74][74]https://www.cso.com.au/article/575407/internet-things-iot-threats-countermeasures/. Accessed 16 September 2018.

[75][75]Teixeira FA, Pereira FM, Wong HC, Nogueira JM, Oliveira LB. SIoT: securing internet of things through distributed systems analysis. Future Generation Computer Systems. 2019; 92:1172-86.

[76][76]Chun S, Jing C, ChangZhen H, JingFeng X, Hao W, Raphael M. A XSS attack detection method based on skip list. International Journal of Security and its Applications. 2008; 10(5):95-106.

[77][77]Khin SL. Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques (Doctoral Dissertation). 2013.

[78][78]Athanasopoulos E, Krithinakis A, Markatos EP. Hunting cross-site scripting attacks in the network. In proceedings of the workshop on web 2010 (pp. 1-8).

[79][79]Caselli M, Kargl F. A security assessment methodology for critical infrastructures. In international conference on critical information infrastructures security 2014 (pp. 332-43). Springer, Cham.

[80][80]Wurzinger P, Platzer C, Ludl C, Kirda E, Kruegel C. SWAP: mitigating XSS attacks using a reverse proxy. In proceedings of the ICSE workshop on software engineering for secure systems 2009 (pp. 33-9). IEEE Computer Society.

[81][81]Chakravarty S. Traffic analysis attacks and defenses in low latency anonymous communication (Doctoral Dissertation, Columbia University). 2014.

[82][82]Devi PK, Manavalan R. Spoofing attack detection and localization in wireless sensor network: a review. International Journal of Computer Science & Engineering Technology. 2014; 5(9): 877–86, 2014.

[83][83]Cervantes C, Poplade D, Nogueira M, Santos A. Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for internet of things. In international symposium on integrated network management 2015 (pp. 606-11). IEEE.

[84][84]Raza S, Wallgren L, Voigt T. SVELTE: real-time intrusion detection in the internet of things. Ad HOC Networks. 2013; 11(8):2661-74.

[85][85]Dvir A, Buttyan L. VeRA-version number and rank authentication in RPL. In international conference on mobile Ad-Hoc and sensor systems 2011 (pp. 709-14). IEEE.

[86][86]Le A, Loo J, Chai K, Aiash M. A specification-based IDS for detecting attacks on RPL-based network topology. Information. 2016; 7(2):1-19.

[87][87]Singh VP, Ukey AS, Jain S. Signal strength based hello flood attack detection and prevention in wireless sensor networks. International Journal of Computer Applications. 2013; 62(15):1-6.

[88][88]Khosravi H, Azmi R, Sharghi M. Adaptive detection of hello flood attack in wireless sensor networks. International Journal of Future Computer and Communication. 2016; 5(2):99-103.

[89][89]Sherasiya T, Upadhyay H. Intrusion detection system for internet of things. International Journal of Advance Research and Innovative Ideas in Education. 2016; 2(3):2244-9.

[90][90]Raj PN, Swadas PB. Dpraodv: a dyanamic learning system against blackhole attack in AODV based MANET. International Journal of Computer Science. 2009; 2:54-9.

[91][91]Baghel L, Mishra P, Samvatsar M, Singh U. Detection of black hole attack in mobile ad hoc network using adaptive approach. In international conference of electronics, communication and aerospace technology 2017 (pp. 626-30). IEEE.

[92][92]Panos C, Ntantogian C, Malliaros S, Xenakis C. Analyzing, quantifying, and detecting the blackhole attack in infrastructure-less networks. Computer Networks. 2017; 113:94-110.

[93][93]Chauhan RK. An assessment based approach to detect black hole attack in MANET. In international conference on computing, communication & automation 2015 (pp. 552-7). IEEE.

[94][94]Lee J, Tu C, Jung S. Man-in-the-middle attacks detection scheme on smartphone using 3G network. In the fourth international conference on evolving internet 2012 (pp. 65-70).

[95][95]Zhang K, Liang X, Lu R, Shen X. Sybil attacks and their defenses in the internet of things. IEEE Internet of Things Journal. 2014; 1(5):372-83.

[96][96]Evangelista D, Mezghani F, Nogueira M, Santos A. Evaluation of sybil attack detection approaches in the internet of things content dissemination. In wireless days 2016 (pp. 1-6). IEEE.

[97][97]Shaikh M, Syed AH. A survey on jamming attacks, detection and defending strategies in wireless sensor networks. International Journal of Research in Engineering and Technology. 2014; 3(3): 558-61.

[98][98]King A, Brown J, Roedig U. DCCA: differentiating clear channel assessment for improved 802.11/802.15. 4 coexistence. In international conference on wireless and mobile computing, networking and communications 2014 (pp. 45-50). IEEE.

[99][99]Sparber T, Boano CA, Kanhere SS, Römer K. Mitigating radio interference in large IoT networks through dynamic CCA adjustment. Open Journal of Internet of Things. 2017; 3(1):103-13.

[100][100]Elngar AA. IoT-based efficient tamper detection mechanism for healthcare application. IJ Network Security. 2018; 20(3):489-95.

[101][101]Aman MN, Javed K, Sikdar B, Chua KC. Detecting data tampering attacks in synchrophasor networks using time hopping. In PES innovative smart grid technologies conference Europe (ISGT-Europe) 2016 (pp. 1-6). IEEE.

[102][102]Sei Y, Honiden S. Distributed detection of node replication attacks resilient to many compromised nodes in wireless sensor networks. In proceedings of the international conference on wireless internet 2008.

[103][103]Khan WZ, Aalsalem MY, Saad MN, Xiang Y. Detection and mitigation of node replication attacks in wireless sensor networks: a survey. International Journal of Distributed Sensor Networks. 2013; 9(5):1-22.

[104][104]Ku Z, Hu Z. Camouflage attack detection based on KMOD kernel function. In international conference on computer science and software engineering 2008 (pp. 1031-4). IEEE.

[105][105]Gu Z, Pei K, Wang Q, Si L, Zhang X, Xu D. Leaps: detecting camouflaged attacks with statistical learning guided by program analysis. In international conference on dependable systems and networks 2015 (pp. 57-68). IEEE.

[106][106]Yimin G, Shundong L, Jiawei D, Sufang Z. Deterministic cloned tag detection protocol for anonymous radio-frequency identification systems. IET Information Security. 2016; 10(1):28-32.

[107][107]Bu K, Xu M, Liu X, Luo J, Zhang S, Weng M. Deterministic detection of cloning attacks for anonymous RFID systems. IEEE Transactions on Industrial Informatics. 2015; 11(6):1255-66.

[108][108]Bu K, Liu X, Luo J, Xiao B, Wei G. Unreconciled collisions uncover cloning attacks in anonymous RFID systems. IEEE Transactions on Information Forensics and Security. 2013; 8(3):429-39.

[109][109]Huang J, Li X, Xing CC, Wang W, Hua K, Guo S. DTD: a novel double-track approach to clone detection for RFID-enabled supply chains. IEEE Transactions on Emerging Topics in Computing. 2015; 5(1):134-40.

[110][110]Sui Q, Wu Z, Li J, Li S. A detection method of hardware Trojan based on two-dimension calibration. In international conference on computer and communications 2016 (pp. 2795-9). IEEE.

[111][111]Kulkarni A, Pino Y, Mohsenin T. SVM-based real-time hardware Trojan detection for many-core platform. In international symposium on quality electronic design 2016 (pp. 362-7). IEEE.

[112][112]Hasegawa K, Yanagisawa M, Togawa N. Trojan-feature extraction at gate-level netlists and its application to hardware-Trojan detection using random forest classifier. In international symposium on circuits and systems 2017 (pp. 1-4). IEEE.

[113][113]Kasinathan P, Pastrone C, Spirito MA, Vinkovits M. Denial-of-service detection in 6LoWPAN based Internet of Things. In international conference on wireless and mobile computing, networking and communications 2013 (pp. 600-7). IEEE.

[114][114]Amaral JP, Oliveira LM, Rodrigues JJ, Han G, Shu L. Policy and network-based intrusion detection system for IPv6-enabled wireless sensor networks. In international conference on communications 2014 (pp. 1796-801). IEEE.

[115][115]Pongle P, Chavan G. Real time intrusion and wormhole attack detection in internet of things. International Journal of Computer Applications. 2015; 121(9):1-9.

[116][116]Brown J, Du X. Detection of selective forwarding attacks in heterogeneous sensor networks. In international conference on communications 2008 (pp. 1583-7). IEEE.

[117][117]Ghorbani HR, Ahmadzadegan MH. Security challenges in internet of things: survey. In conference on wireless sensors 2017 (pp. 1-6). IEEE.

[118][118]Marjani M, Nasaruddin F, Gani A, Karim A, Hashem IA, Siddiqa A, et al. Big IoT data analytics: architecture, opportunities, and open research challenges. IEEE Access. 2017; 5:5247-61.

[119][119]Kumar MP, Santhoshkumar SP, Gowdhaman T, Shajahaan SS. A survey on IoT performances in big data. International Journal of Computer Science and Mobile Computing. 2017; 6(10):26-34.

[120][120]https://azure.microsoft.com/en-us/overview/iot/?site=mscom_iot. Accessed 13 June 2018.

[121][121]Kumar G. Evaluation metrics for intrusion detection systems-a study. Evaluation. 2014; 2(11):11-7.