What Is The Security Privacy Issues All Domains Of Iot?
Internet of Things is one of the most emerging techniques Internet of things has been gaining the global acceptance from the audience all over the globe. This global acceptance increases the usage of the psychology Internet of Thing are nothing but simple electronic devices which has the transmitter and the receiver embedded in the electronic device that enables them to communicate and transact over the platform of the digital communication and the internet. With the benefit of gaining, the advantage of gaining communication through the entire globe comes the disadvantage of security in disguise. Security of the database has been the major issue for the application of the Internet of things in regular life.
Along with the evolution of the IT infrastructure and the networking technologies, there would be numerous number of barrier, which would be encountered by the IoT technology. The key challenges faced by IoT is regarding its privacy and security. As more and more devices are being connected to the network the decentralized entry points for the malwares is also increasing. Main tampering occurs in the devices which are less expensive and are located in area which are mostly compromised. Different types of new software’s integration of the middleware and many more things are mainly responsible for creating new complexities and new security risks as well. Along with this the compliances is also going to a major issue for the fields when the personal data of an individual is involved and there are no such IoT devices that does not consists of any personal data of the user. It is better to say that almost every IoT device is associated with collection of at least one personal data of the user. Security and privacy measures for the IoT is very important, as this would affect the lives of the people along with various economic activities.
IoT or Internet of Things can be termed as an network of physical things which are generally embedded with various sensors, electronics, software and connectivity so as to allow the device perform in better way by exchanging the information with the other devices connected to it or with the operator or with the manufacturer. Simply it can stated that IoT is a network where the physical devices are capable of exchanging the data in an internal way or with the other devices connected to it. IoT has made out life much more easier but despite of all this there are certain risks associated with the use of IoT and the most important concern is regarding the various security and the privacy challenges faced by IoT. The report mainly aims at discussing the various security and privacy challenges faced by IoT in all domains of IoT. The use of IoT has been adopted in almost every domain. Along with creating new opportunities, the implementation of IoT has also brought various risks associated with it.
Bekara, 2014, in his journal stated that the most important aspect that affects the infrastructure of the computing system is the Web Interface of the company. The security aspect of the Web Interface is also the major concern for the organizations that are dependent on this feature as their networking system [9]. Web interface proves to be important as it as the link between the user and the computing device. An attack on the web interface allows the cyber criminal to get access on the direct interface of the networking system. Modulations made on the interface reflects instantly on the web media and the clients of the database and the web service aces a lot of problem as the data that is to be present in the web is modulated and wrong information is posted in the web leading to the conflict between the user and the employees of the organization who provide the web services.
According to Andrea, Chrysostomou & Hadjichristofi, 2015, the methodologies that are undertaken to prevent the attack on the Web Interfaces are setting up of password and user name different from the initial username and the password that was already set during the installation if the web services [8]. This aspect of changing the initial password and the username gives the web services a robustness in the accounting of the database of the web. Another methodology that is being used in the process to protecting the web interface from the cyber criminals are by processing of the password recovery method as in case the password of the web service is changed by the cyber criminal then the genuine client can gain access of the data in the web service with the help of the restoring password methodology. Another way of terminating the risk of ten cyber attack in the web interface is by setting reference for the password so that the password that is set is well strong for the cyber criminals to harm the web interface and the gain access to the front end of the web interface.
Gatsis & Pappas, 2017, in their book stated that the inefficient methodology that is applied in the usage of the process from securing the web services has been acting as one of the major causes for the security issues in the field of Internet of things [6]. The computing devices that deploy the methodology of the authentication of the user of the web service is very inefficient as the imposters can use the identity of the genuine clients and gain access to the web services and modulate the information that harms the clients who use the web service. This security problems faced is due to the fact that the password complexity of the web services are not as strong as it is required for preventing the imposters to gain access to the personal accounts or the data that are private in nature. Again according to Sridhar & Smys, 2017, another reason of insufficient authentication problem is that credentials of the database are very poorly protected which makes the credentials vulnerable to the imposters. The authentication systems that are applied in the database are one factor authentication system. The liability of the one factor authentication is limited and the robustness of the platform is affected due to this terminology of one factor authentication methodology [11]. Insecurity in the password recovery methodology is availed due to the fact the lack of robustness in the setting of the password. The control of the rile based access is not well maintained which leads to the fact of lack of authentication robustness of the database.
According to Pacheco & Hariri, 2016, the password that is being set for the database has to be strong enough to be cracked by the imposters in order to keep the database protected from the imposters are by ensuring that the password that set for the data base is strong enough to be cracked [5]. To prevent the access of the imposters the most important thing that should be checked is the positioning of the granular access control. To keep the data base protected the granular access control must be placed in the right place and the use of the granular access control must be made efficiently. The password that are set for the database must be recoverable by the client in case of misplacing the password.
Lee & Lee, 2015, in their book stated that insecure network services deals with the methodologies that are caused due to the vulnerabilities of the networking system that requires Internet of Things in the process of the infrastructural methodology [3]. The platform of Internet of Things provides the intruders the access in an unauthorized manner to the data that is associate in nature. Vulnerable services that are provided by the Internet of Things are proven to be the main reason behind the lack of robustness of the network services. According to Abomhara & Køien, 2014, another main reason of this lack of robustness of the platform is the buffer over flow of the networking services. The overflow of the buffer provides the imposters an opportunity to gain access to the personal data of the clients who has been using the platform network services from the transaction purpose. The major reason behind the improper access of data in the networking services are the opening of the ports that are accessible by the means of UPnP [10]. The UDP services that are exploitable in nature also acts as the gateway for t imposters to gain access to the data as the imposters exploits the UDP gateway to enter into the database of the clients and modulate the same. Usage of the DOS via Network Fizzing is also the major reason of the data insecurity of the Insecure Networking services. This fizzing of the networking infrastructure via the DS infrastructure has attracted many cyber criminals to poach against the databases that are stored in the network services.
According to Bertino, 2017, The major security steps that are taken to prevent the security issues of the Internet of things in the field of unsecured networking services are by ensuring the facts that the ports are necessarily exposed the ports and get the ports available in the fact of the data must be secured and the ports of the networking services. another technical strategy to prevent the security issues are by having an access to the buffer system. The overflow of the buffer system acts as the fact of that overflowing of the buffer embarks the fact that the network security stays protected [4]. Ensuring the services which are not vulnerable in nature as the fact that the DoS services the attacks to the networking services. this affects the computing system itself. The local devices are also affected by the DoS attack.
According to Li & Da Xu, 2017, the main function of the Internet of Things is to communicate and transact with the computing services. But the data that have been transacted through the networking services must be encrypted in order to keep the data robust and protected from the imposters and keep the data secured [1]. The major issues are regarding the unencrypted data that is being distributed via the global networking services as well as the local networking service. The security issues are also due to the fact of lack of implementation of the SSL/TLS. Another reason for the lack of security is due to the fact of the mismatched state of the SSL/TLS.
Again according to Hwang, 2015, the measures that must be taken in order to keep the data secured from the encryption issues are by the fact by ensuring that the data is encrypted efficiently using the data protocols which uses the technology of the SSL and the technology of the TTL during the process of transiting networks [2]. Another major process that must be taken in order to keep the data protected from the lack of encryption of the data is by ensuring the fact that the data that is to be encrypted must be encrypted using the technology of the standard encryption technique in case the SSL and the TTL technique is not available for the encryption of the data. SSL and the TTL technique are the best strategy to encrypt the data that is being transacted. Another technology that is being used for the encryption of the data is by accepting the strategic technique of the standard transcription technique and the major source is due to the fact of avoiding the proprietary encryption protocol.
The use of IoT has brought various types of benefits but there also exists certain types of security challenges. The security challenges faced by IoT can be categorized into three types.
Challenges faced by front-end sensors and equipment’s: Front-end sensors and equipment’s are responsible for the receiving of data and this done by a built-in sensor. Moreover, once the data is received they are responsible for transferring of the data by making use of the modules or machine-to-machine devices, which initially helps in the achievement of network services of the various sensors. The security of the machines along with the implementation of the business and connectivity of the nodes are involved in this methodology [12]. In case when the monitoring scenario is absent then it is seen that the machine or the perception nodes are mostly distributed. In such cases, it becomes very much easy for an intruder to get an easy access of the devices. After getting, the access damage can be easily done to the device or performing of illegal actions can also be done in a very easy way. Other type of possible threats which are related to the front end sensors and equipment’s are listed below:
Along with this, there also exists other attacks like the attacks and privacy analysis of the machine to machine or contact information, and many more.
Network: A vital role is played by the networks by providing a comprehensive interconnection capability, which is effectualness and thriftiness. Along with this this also provides an authentic quality of service for the IoT technology. The devices are responsible for sending of large number of data to the congested attack and along with this there also exists larger number of nodes and groups in the IoT which ultimately results in the various types of attack like the denial of service attack or DoS attack [15]. Other concerns regarding the security of the networks involve the authorised access of the data, unauthorized access of the various services, stealing or changing of the information related to communication, attacks of the malware or viruses and many more.
The Web Interfaces are Insecure: The web interfaces are included in the IoT devices to make the use of this device easy for the users while interacting. However, along with this this also allows the attackers to gain unauthorized access to the IoT devices [16]. Some of the security vulnerabilities associated with this security issue involves the enumeration of the accounts, weakening of the default credentials, exposing of the credentials in the network traffic, Cross-site Scripting or XSS, injection of the SQL, management od sessions becomes difficult and many more.
Existence of insufficient amount of authentication and authorization process: The main reason for this type of security issue includes the lack of proper password, poor protection of the various credentials, absence of the two factor authentication, the recovery of password is insecure, escalations in the privileges, and lastly due to lack of the role based access control [17].
Physical security of the devices: In the IoT technology the devices are responsible for the collection of the devices by interacting with other devices or with humans and this initially makes them vulnerable to concerns regarding the physical security [18]. Despite of the presence of a robust network there exists the possibility of unauthorized physical access to the IoT devices and this can ultimately result in a catastrophic system failure.
Network related security challenges: Even before the advent of the IoT technology, the networks were prone to hacks. Various security analysts that network acts as the weakest link in the flow of data before reaching the final destination argue it [19].
Security of the data: The data in the IoT is to be categorized into two types and this includes the stored data and the data, which is present in the transmission process. There exists a need of high-level encryption in both types of data in order to maintain the data integrity. The problem again arises due to fact that the data collected by the IoT devices is huge in size [20]. It becomes impossible to create a size, which would be fitting with all the standards of data encryption process because there exists a large variety of IoT devices and all this devices have different hardware specifications. Each Iot device is responsible for collecting at least one personal information of the user and any breach of such data might lead to devastating effects.
Security challenges of the operating system: Operating systems acts as the primary target of the attackers. In case if an attacker gains access of the operating system of an cluster of IoT or even a single device then it can be said that the attacker or the hacker is capable of exploiting the whole system and also compromises the codes of the system so as to own the system [21]. The recovery process from any type of operating system is almost impossible and very much costly. This type of attack might lead to partial or complete compromise of the data. The restoring of the operating system to its full efficiency requires a lot of time.
Security of the servers: one of the biggest art of the IoT technology is when it communicates with the cloud servers. Dos or the denial of service acts as one of the major attack to the server and is associated with afflicting the servers. This includes the use of large number of proxy devices in order to generate fake requests to the server, which initially makes the server to respond to the actual requests by the users [22]. This ultimately results in the crippling down of the system because of the sheer overheads that are created.
Security challenge due to connection of new devices: The increasing of the number of devices behind the firewall of the network is the fundamental weakness of the IoT. Because of the existence of new devices which are getting connected to the network the risk related to hacking is also increasing. The hackers may use devices which seem to be less important like the baby monitoring devices or the thermostat so as to uncover the information which are private and ruin the whole day of the user [23].
Lack of updates challenges the security of the IoT devices: The IoT is becoming the reality so it is very much essential to think about the security of the devices. The major reason lying behind this risk is that the tech companies are not associated with updating the devices while manufacturing them. This means that the IoT, which was considered to safe at a point of time, might become unsecure when new vulnerabilities are discovered [17].
Privacy challenges: Concern regarding the privacy is generated when the collection of private data is done with lack of proper protection of the data. According to the glossary of Internet Security privacy can be defined as the “the right of an entity (normally a person), acting in its own behalf, to determine the degree to which it will interact with its environment, including the degree to which the entity is willing to share information about itself with others”. It is very essential to protect the privacy in the device. The privacy is to be protected at the storage and during the process of communication as well as the processing process [24]. In case of any privacy breach the sensitive data would be disclosed. The privacy of the user and the protection of the data has been identified as one of major challenge which need to be addressed. The major privacy challenges includes the following:
Privacy challenges for the devices: There might occur leakage of the sensitive information when manipulation of the hardware or the software is done bone by the unauthorized entities. So it is very much important to secure the privacy of the devices which are associated with gathering of the sensitive data. There exists several way in, which the IoT security can be ensured, and this includes the use of device integrity validation, temper-resistant modules and many more [25]. For providing privacy to the devices, there exists the need of addressing serval problems. There are several ways of solving the privacy issues according to the nature of the problem.
Privacy in the process of communication: Breach of data might occur any time during the transmission process if they are not encrypted. Encryption is best way of protecting the data while transmission. On certain occasions, the encryption process is associated with adding of data to the packets, which initially provides a way for the tracing. Ultimately, this type of data might be victimized for the linking of the packets to the analysis of the same traffic flow. The communications pseudonyms can be replaced for the encryption in situations when it is not feasible to the identity of the device or the users [26]. This is done in order to decrease the vulnerabilities.
Amount of data is too high: The data generated by the IoT devices is increasing day by day so the risk of breach in privacy is also increases. According to the report named “Internet of Things: Privacy & Security in a Connected World” by Federal Trade Commission states that there exists fewer than 10,000 households are associated with the generation of about 150million data points per day. This initially results in the formation of more entry points for the hackers and ultimately the sensitive information become vulnerable [27].
Eavesdropping: This is the process in the manufacturers or the hackers makes use of the connected devices in order to invade the house of an individual virtually [28].
Form the above discussed literature review some of the best practices for facing the security and the privacy challenges by IoT has been identified and this practices has been discussed below:
Making the Hardware resistant to any kind of tamper: There Exists many IoT devices which are operating for a long period of time and has also not been attended and the security has also been not been implied on them. Generally it is preferred that the IoT devices are kept relative away from any kind of physical access except few authorised persons who would be handling the devices physically. Making the IoT devices temper resistant can be very much advantageous. By this process oh hardening the end point can greatly help in the blocking of the potential intruders from reaching the data. This can also prevent the device form any type of hacking attack. The general things that are to be included in the endpoint security mainly includes the use of small devices made of plastic, locks at the ports, cover of the camera and many more. Blocking of the ports can greatly help in the prevention of the incoming of the unwanted malware. The endpoint hardening is likely to be implying a layer approach and this makes the attacker face a series of obstacles which are generally designed for the purpose of protecting the device and the data present [29]. Besides all this at the hardware or the boot-software level, a strong boot-level password might be required by the device in order to boot from the local storage. All the vulnerabilities that are known must be stopped. While shipping a device temper evident packing will greatly help in the enabling of the owners to know whether their device has reached the desired location or not and could also check if the package has been open before the delivery or not.
Once a device is deployed several vulnerabilities would be identified which are almost inevitable. So from this it can be concluded that there is a need of modifying the firmware by making use of proper digital signatures. There is a very little amount of financial incentives by the device vendors and the manufacturers which ensure the ongoing upgrade of the IoT patches. And this happens mainly due to the fact that revenue is collected only by selling the devices and not from the maintenance of the devices. Up keeping of the IoT devices might lead to detracting from revenue. Besides this the vendors cannot be legally held accountable for any kind of ongoing maintenance of the devices and beyond the initial process of sales including the drivers of competition in order to cut down the corners. Associated with this is the negating on the quality regarding the speed and the efficiency of releasing the devices in the market. Previously this factors were not considered as critical [30]. The Interconnected nature of the IoT devices has greatly helped in the raising of the bars to a whole new level in terms of the functionality and accountability. Detrimental is also considered as one of the tendency of the vendors for the planned obsolescence of eth devices and this is done for the purpose of increasing the profits by means of continued sales rather than the up keeping of the devices which are existing. The IoT devices are also not deigned in an efficient and are also not configured in order to respond to the various over the air updates. This ultimately results in the best or the worst procedures which are almost unmanageable. It has been observed by various researches as well that the ubiquitous advancement of the IoT along wit the placement of the unsecured and unattended devices would increase at an exponential rate which would be opening up the gates for the hackers to exploit the various data. Additionally some of the IoT devices are having a lifespan of limited time. It is possible to legally held the companies accounting for the monitoring and maintenance of the devices for the prescribed or agreed lifecycles. And for this there is an need of establishing various standards and legislation. Associated with this needs the vendors should also remain transparent and forthcoming regarding the lifecycle of the various devices, and this is to be done in terms of services and the policies needs to be upkeep and also including the length of the plan that is needed for supporting the devices [1]. The vendors need to put an extra effort on playing an active role while providing the details about the patches along with the updates which might include the security risks and the privacy concerns which would be responsible for ensuring the fact that the customers are kept informed about the various activities related to the security and privacy. Besides this the deliberations should also be associated with integrating the lifecycle of eth original manufacturers. In cases when the original vendor is absent then it will become impossible to trace down the credentials for the purpose of patching the vulnerabilities and the breach of security.
It is very much essential to make the IoT devices undergo the testing process and establish a minimum baseline regarding the security of the devices. The static form of testing is generally not designed or configured for the purpose of detecting the various types of vulnerabilities which are existing in the off-the-shelf components and this might include the components like the processor or the memory. Whereas the dynamic process is capable of exposing the weakness in the codes and any type of underlying defects or the vulnerabilities which are generally introduced by the hardware and might be discoverable to the static analysis [5]. The dynamic analysis also identifies the various vulnerabilities which are generally created whenever a new code is used on the older processors. So it is recommended to the vendors associated with purchasing of the hardware and the software form any other dynamic testing in order to ensure that the item are secure.
As time passes by the devices would beome obsolete and this would ultimately make many of the users throw away the devices. It isvery much essential to discard a device without any exposure of the private data. This considered as one of the major security issue as improper disposal of the discarded device might lead to conversion of the data for various malicious activities. Along with security issues this is also one of the major privacy issue as the obsolete or disposed device can be used for the purpose of revealing of the personal information [21]. The manufacturers should be associated with preparing a formal plan in order to make the users sanitize and dispose the obsolete devices in a proper way without any exposure of the private data. The other field are generally associated ith prescribing a DRD policy which is reviewed periodically in order to identify the devices which requires disposal and in what way it should be disposed. Many of the manufacturers are associated with encouraging the users to dispose th products directly by their manufacturer. For the IoT devices this are very small and cheap. Individual users when purchase an second hand IoT device might make an attempt of identifying the personally identifiable information PII or the authentic information which might include the username or password which has been stored in the device.
It is not recommended to use an easy guess password or username credentials. Along with this the use of default credentials is also not suggested. Each of the IoT device must have an unique username and password which might be printed on the casings and this password is resettable by the users [6]. The passwords should be provided in such a way that this is sophisticated enough in order to resist arbitrary guessing. It is also suggested to provide a two-way authentication whenever possible and this would be requiring the users to employee the password as well as an authentication form which is generally not relayed upon the knowledge of the user which is a random code that is generated by SMS text messaging.
Despite of protecting the devices with password the communication that exist between two or more device might get hacked. In IoT there exists various protocols and depending on the protocol and the computing resources might be more or less capable of using the encryption [20]. It is the responsibility of the manufacturers to examine their own situations on a case-by-case basis and by using the strongest encryption possible.
It is generally recommended to divide the network into numerous small local networks by making use of the VLANs, IP address ranges ora combination. The next generation firewall security policies utilizes the network segmentation in order to clearly identify the sources and the destination interfaces on a platform [3]. Interfaces are to be assigned to a specific security zone before it is capable of processing the traffic. This initially allows various organizations to create a security zone in order to represent the different segments which are being connected to the firewall and would also be controlled by the firewall as well. The solution has been very much helpful for the industrial applications but may be useful for other broader circumstances.
As stated earlier IoT is an emerging technology which is associated with connecting the devices to each other by making use of Internet or ad-hoc-network. The services that are provided by the IoT devices are discoverable by other IoT devices as well. And most of the protocols are associated with leaking the sensitive PII which might be capable of linking an individual. So there is essential need of service mechanism and authentic protocols in order to protect the device and provide proper authentication.
Conclusion:
This report mainly helps in understanding the basic security and the privacy challenges that are faced by the IoT devices in all domains. The introduction portion of the report provides an wide description about the IoT and from there it can be easily understood that the IoT is mainly associated with using a wide variety of information sensing identification devices and information processing equipment’s and then combines it with the internet to form an network which is extensive in nature. This is mainly done in order to provide the objects or the entities with an identity. The report firstly discusses about the various security and the privacy issues faced by the IoT. This is followed by providing a literature review bout the present and the past works done regarding the technology. And lastly discusses about the various methods that can be adopted in order to overcome this problems or the challenges that are faced by the IoT. The practices provided above can be considered as the best practices for the purpose of elimination of the security and the privacy challenges. It is very much essential to improve the security and the privacy of the IoT because there exists many cases where an individual or an organization has faced a lot of security and privacy breaches. The current and issues regarding the security and the privacy should be considered as an opportunity for improvement which can be achieved by undergoing an rigorous process which incorporates the security objectives at the early stage of any research project. By efficient and effective application of the security standards would be greatly helpful in the future.
References:
Li, S., & Da Xu, L. (2017). Securing the internet of things. Syngress.
Hwang, Y. H. (2015, April). Iot security & privacy: threats and challenges. In Proceedings of the 1st ACM Workshop on IoT Privacy, Trust, and Security(pp. 1-1). ACM.
Lee, I., & Lee, K. (2015). The Internet of Things (IoT): Applications, investments, and challenges for enterprises. Business Horizons, 58(4), 431-440.
Bertino, E. (2017, October). Keynote: Research Challenges and Opportunities in IoT Security. In Proceedings of the 2017 Workshop on Women in Cyber Security (pp. 5-5). ACM.
Pacheco, J., & Hariri, S. (2016, September). IoT security framework for smart cyber infrastructures. In Foundations and Applications of Self* Systems, IEEE International Workshops on (pp. 242-247). IEEE.
Gatsis, K., & Pappas, G. J. (2017, April). Wireless Control for the IoT: Power, Spectrum, and Security Challenges. In Proceedings of the Second International Conference on Internet-of-Things Design and Implementation(pp. 341-342). ACM.
Gierlichs, B., & Poschmann, A. Y. (2017). Introduction to the CHES 2016 special issue. Journal of Cryptographic civil Engineering, 7(2), 97-98.
Andrea, I., Chrysostomou, C., & Hadjichristofi, G. (2015, July). Internet of Things: Security vulnerabilities and challenges. In Computers and Communication (ISCC), 2015 IEEE Symposium on(pp. 180-187). IEEE.
Bekara, C. (2014). Security issues and challenges for the IoT-based smart grid. Procedia Computer Science, 34, 532-537.
Abomhara, M., & Køien, G. M. (2014, May). Security and privacy in the Internet of Things: Current status and open issues. In Privacy and Security in Mobile Systems (PRISMS), 2014 International Conference on(pp. 1-8). IEEE.
Sridhar, S., & Smys, S. (2017, January). Intelligent security framework for iot devices cryptography based end-to-end security architecture. In Inventive Systems and Control (ICISC), 2017 International Conference on (pp. 1-5). IEEE.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download