Technology is playing a very vital role in the sphere of the life of the common people. It can be stated here that technology can be implemented in different areas and advantage can be gain from the concept. In recent times the technology of internet of things is being one of the most important sectors which is enhancing the use of technology. The definition of internet of things it refers to objects which are connected through the concept of technology. Example of field which can be referred to the concept may be the smart TV, smart lock and many more. The implementation of the internet of things can be directed towards the health care sector even. Different types of future implementation can be dominated to the area and advantage can be gained from the concept. It can be stated here that in any type of technology security always play a very vital role (Sadeghi, Wachsmann and Waidner 2015). It can be stated here that in the concept of the internet of things security is also one of the most concern areas. Internet of things implementation can be widely in most of the area which are related to the common activity of the people which directly applies to the wide range of benefit for the common people. In the future it can be stated that the technology of the internet of things (IoT) would be dominating the different sector of the telecommunication and different approaches which would be related to the aspect of the generation of security in a system. Researchers have stated that internet of things deployment can be enhanced in any sector of the choice of implementation.
The main focus point of the report is to take into consideration different aspects which are related to the concept of the internet of things. In most of the cases the major advantage which are related to the technology are mainly discussed in the report. On the other hand, the risk which are associated with the concept are also discussed as in any technology risk factors may form a degradation factor relating to the technology.
In any type of technology, it can be stated that risk factors are highly indulged into the concept and would be dominating the sector of implementation of the technology. Risk factors can be very much genuine in most of the cases which can occur due to the aspect of the human oriented conditions or external and internal risk factors (Sajid, Abbas and Saleem 2016). The main factor which can be applied to the concept is that the identification of the factor of the risk. It should be taken into consideration that the factor of risk should not get indulged into the system which would be disrupting the normal functionality of the system. The mitigation aspect of the risk plays a very dominating role in the scenario and should involve the sector of carrying the risk oriented aspect towards the initiation of the system (Sadeghi, Wachsmann and Waidner 2015). Moreover, it can be stated that the system implementation of the concept is very much crucial which would be including the aspect of the security of the system.
Risk assists
There can be different types of risk mitigation strategy which can be implemented in the process of the technology. The strategy can be implemented for a means of detection of the risk factors and how they can be implemented in order to directly safe guard the system and its different components. It can be indicated from the aspect of the technology that safeguarding the system can be one of the prime factors which can be related to the aspect of the internet of things. Different strategy such as appointment of trained personal who can indulge into the working of the system in an ethical manner which would be focusing on the aspect of the securing the data of the organization. Security of the data is always a prime factor in the aspect of the security of the data. The person who are involved into the working of the organization should have appropriate training which would be directly securing the data of the system so that it is not accessed by any other person expect the authorized persons.
Risk Vulnerability
Risk factors can come in different forms depending upon the circumstances the system is under and the condition it is facing. The risk factors can be categorized accordingly and mitigation strategy can be implemented accordingly. Most of risk factors can be stated to be originated with a motive and factors which indulge into the systems operation mainly to gain control over the system or gain control over the data of the system. In most of the cases it can be stated that unauthorized access to the data can be one of the prime factors which can be related to the aspect of the risk and security of the data (Sajid, Abbas and Saleem 2016). Proper mitigation strategy in such types of situation are very much important which directly help in the aspect of the generation of the security of the data. In crucial situation it can be stated that the risk factors can directly indulge into the system and abrupt the normal functionality of the system and put the data of the system at a position of risk (Sadeghi, Wachsmann and Waidner 2015).
Risk (Analysis in IoT based devices)
Internet of things (IoT) is considered to be well known platform which is mainly used for creating large number of opportunities in various domains like business, government and education. Along with the various advantage the IoT security solution comes up with various kinds of security issues which needs to be mitigated (Hossain, Fotouhi and Hasan 2015). Extended kind of cyber security solution is various kinds of IoT environment and physical environment which can be easily helpful in analyzing various kinds of issues in IT environment. Establishment of connection with previous kinds of unconnected devices to internet can be considered as a useful way for improving the way the people work. People round the globe can easily find and reserve for opening space of their smartphone. Different cities round the globe can easily conserve water by proper monitoring of soil moisture over the network and easily control on various kinds of sprinklers. Various utilities can easily monitor smart meters which can easily detect various kinds of outage before the consumer can detect outages before customers makes a power loss. Manufacturing operators can easily receive alerts on real time basis when various kinds of equipment’s can easily start rising so that they can easily make various kinds of repairing which can be used for prevention of interruptions (Bekara 2014). Mining companies can easily improve their safety procedure or methods by proper kind of tracking of location of equipment’s and miners. Connection previously to various kinds of unconnected device to internet is considered as a proper kind of method which can be used for improving the way people work and live. The large number of devices can easily bring new kind of connected devices which is inclusive of countless number of devices. For a sample various kinds of environmental factors are included like wearable kind of electronic devices, parking space sensors. With growth in number of data which is travelling on the network can easily originate outside the given network. Some of these devices are unsecured location in roadsides, railways and bridges. IoT in smart phone are increasing on everyday interval due to digital devices which can effectively establish communication with each other by making use of Internet protocol address (Sicari et al. 2015). Various kinds of IoT security solutions are increasing on everyday interval and along with this chances of various malicious attacks are also increasing on everyday interval. If the number of smart phone which can operate independently and chances of various kinds of malicious attack can also decrease. Currently various kinds of smart devices which are home based can be easily used or accessed by the help of internet connection at and at any time interval. So as a result chances of various malicious codes can easily increase on this particular type of devices. A smart home generally comprises of different four parts that is service platform, home gateway, smart devices and home based network (Farooq et al., 2015). In smart home various kinds of smart devices are mainly connected which smartly shares information by making use of a home based network. Apart from this it also comprises of home gateway which can easily control the flow of information among various information which can easily be used for establishing connection to an external network. Various kinds of platform can easily make use of service or service providers which can easily deliver different kind of service to given some network (Sajid, Abbas and Saleem 2016). Most of the given devices which are connected to the internet network are not properly equipped with any kind of security mechanism and are mainly vulnerable to various kinds of issues related to any kind of security and privacy. For some of the IoT security solutions, some of the requirement must be properly analyzed for preventing the network from kind of malicious attacks.
Fig 1: Relationship between various terms in Security
(Source: Created by Author)
Risk mitigation/Protection
Major requirements required kind of capabilities of secure network has been discussed below
Resilience to attacks: Various system should be enough capable so that it can easily recover itself from various kinds of crashes which may take place during transmission of data (Sadeghi, Wachsmann and Waidner 2015). A server which is used in working with multiuser environment should be enough strong for protecting itself from various kinds of intruders.
Data Authentication: Data containing important information should be authenticated. A proper kind of authentication mechanism mainly allows transmission of data from only authenticated devices.
Access Control: Various authorized person should be provided to various kinds of access control. It is the duty of system administrator to gain control access to large number of users by properly managing of the usernames and passwords (Stojmenovic and Wen 2014). Along with it also focus on defining some kind of rights which can be used by different users who can easily have access to relevant kind of information from the part of database or any kind of programs.
Client privacy: The information and data should be considered to be placed at safe location. Personal data containing important information should be only accessed by some limited and authorized person only, so the privacy of the client can be easily maintained (Tao et al. 2014). It ultimately focuses on the fact authenticated users for the given system or various other type of client which can easily have access to private information of various client .
Evaluation of legal, social and ethical issues in secure systems
Information system round the globe have made various business much successful. Improper kind of IoT security solutions can easily result in creation of large number of problem for both organization and employees (Gope and Hwang 2016). Various criminals can easily get access to the information of credit card which can ultimately lead to various financial loss to various kinds of owners.
Cyber-crime: Cybercrime mainly refers to use of various kinds of information technology which is used for committing large number of crimes (Zhou et al. 2017). Cybercrimes can easily range from simple kind of computers to users which can result in financial losses along with loss of human life. The development of various smartphones and kind of high end devices can easily result in easy access to internet and can also contributed to growth of various kinds of cyber-crimes.
Theft: It can easily occur when cyber-criminal crimes which can easily identify various kinds of practices which are malfunction. It is mainly done for accessing some kind of personal information (Al-Fuqaha et al. 2015). The details can be easily used in large number of crimes like security numbers and passport number. As soon as the information has been acquired by various kinds of cyber criminals, it can be easily used for making some kind of online purchase while impersonation himself. One of the useful ways for obtaining personal information is phishing. It mainly involves creation of fake websites which is considered to be similar to various kinds of business websites or emails (Al-Fuqaha et al. 2015). Some other kind of phishing techniques mainly involves the use of some kind of fake websites which mainly looks like the legitimate one. This particular technology is more common in some of public places like restaurants as well as airports.
Copyright infringement: Privacy is mainly considered as one of the biggest problem with various kinds of digital technology. Websites like pirate bay can be easily be easily used for distributing various kinds of copyright materials like video, software etc. Copyright infringement can easily refer to some kind of unauthorized kind of use of copyright materials (Flauzac et al. 2015). Fast kind of internet access and minimizing of cost of storage can easily contribute to the proper growth of copyright infringements crimes.
Hacking: Hacking is mainly used for by passing various kinds of security controls which is mainly used for gaining some kind of unauthorized kind of access to various system. As soon as attackers have gained access to system they can easily do anything as per the wish (Flauzac et al. 2015). Some of the common kind of steps done by hacker are installation of programs which mainly allows attackers to easily spy on various kinds of users or even control on their system. Apart from this they can also do some kind of activity like stealing of information. Stealing can be easily by making use of technique like SQL injection, exploration of vulnerabilities in the database software for gaining an easy kind of access.
Data loss: If the data centre can catch fire or was flooded then the hardware can be easily damaged with the data loss and all the data stored in it can be easily lost (Flauzac et al. 2015). For standard security kind of test most of the organization can easily keep various backups of data in remote places.
Biometric authentication: Currently it is becoming very common with various kinds of mobile devices like smartphone. The phone can easily record the fingerprint of user and use it for authentication purpose.
Past work reviews
Mahmoud et al. (2015), “the more objects get linked via the Internet of Things, the greater becomes the possibility of digital mischief or mayhem.” The statement above can be taken as evidence to state the crucial value of the need of research work and in the process an adequate mitigation strategy for the security and privacy threats posed by the IoT to its users. The subject of the paper though offers crucial value to the ease and smartness in use of everyday instruments and works associated with them however, the challenges that they offer are also prominent. Hence, Farooq et al. (2015), also focused on the same subject and divided the security challenges associated with the IoT in the following challenges according to their sources:
Perception Layer Challenges
Sharma, Zawar and Patil (2016), defines perception layer of the IoT architecture as the layer of the architecture that consists of the data sensors and fulfil the purpose of identifying the objects according to their unique code and takes consideration of the data through the sensors in real life scenario. The definition of the discussed layer can be taken in consideration to understand the vitality of security for the discussed layer. However, despite of attention to its security there are certain security vulnerabilities to the discussed layer and they can further be classified in the following sub-categories:
Unauthorised accessing of the tags: The discussed layer lacks adequate security measures in the RFID system, the tags or unique ids of all the systems connected within an IoT network are at threat of unauthorized accessing. The malefactors utilize this vulnerability and gains access to the tags and it may result in catastrophic situation in context to the data. The malefactors can steal the data that are associated with the accessed tag and if desires can manipulate or even delete the data which can prove to be of crucial for the system owner. The discussed scenario is a threat to privacy of individual, threat to organizational strategy, threat to financial records and many more crucial data associated plans records.
Tag Cloning: Another potential threat posed at the discussed layer is the cloning of the tag through which the cyber criminals can access secure access points of the users. Additionally, cloning of the tag may stay unnoticed by the user for a long time or forever depending upon the security audit conducted by the user.
Spoofing: Spoofing is another potential threat at the discussed level because as the malefactors are capable of gaining access to the tags they can broadcast fake notifications & messages that may develop chaotic situation for the user.
RF Jamming: The attackers can also jam the Radio frequency of RFID by developing extra noise in the communication channel which is undesirable.
Network layer challenges:
The discussed layer is the layer which holds responsibility for the communication between the network associated systems and the server or user (Sharma, Zawar and Patil 2016). The threats associated with the layer has been listed as follows:
Sybil attack: In the discussed attack the malefactors manipulates the access nodes to cite multiple identities for a node. The discussed threat is capable of compromising the system and cite false data about that are relevant to the redundancy of the system (Sadeghi, Wachsmann and Waidner 2015).
Sinkhole attack: The discussed attack can be considered as a smart attack because the malefactors in the discussed attack makes one of the node attractive due to which the system diverts all the data towards the node in consideration. It results in making the system believe that the data has been received however, the fact is adverse in nature than the visible.
Sleep deprivation attack: The attack in consideration deprives the nodes from sleeping which leads to consumption of more power from the battery and ultimately exhausts the battery life resulting in the shutting down of the node interrupting the operations.
DoS (Denial of Service) attack: One of the most well-known attack in which the system is over trafficked which leads to exhaustion of network & system resources and in the process disrupting the user from accessing the system.
Malicious code injection: The system is injected with a malicious code that results in either shutdown of the system or complete access of the system to the attacker.
Man-in-the-Middle attack: The communication channel is targeted in the discussed scenario which enables the malefactor to gain access to the conversation over the communication channel.
The layer in consideration holds responsibility of the processing of the data and storing it adequately in the database and hence can be stated that the layer consists of processing units and association with database (Mahmoud et al. 2015). The threats for the discussed layer has been listed as follows:
Unauthorised access: The malefactors in the discussed attacks gains access to the processing units and the database which they can use to halt the system and its operations or even delete the data stored in the database which is very much undesirable for the user and network owners.
DoS attack: The discussed threat as discussed above is capable of shutting the system which leads to service unavailability.
Malicious insider: The discussed attack is an inside attack in which the attacker who are authorised by the system & network manipulates with the data to fulfil their personal agenda or offer benefit to the third party.
Application layer challenge
The layer in consideration is the layer that is responsible for citing the results that the user deems to be of need (Hossain, Fotouhi and Hasan 2015). The threats associated with the discussed layer are listed as follows:
Malicious code infection: The attackers in the discussed attack hack the system and injects it with some malicious codes that enable them to manipulate or steal the data that are relevant to the user (Sadeghi, Wachsmann and Waidner 2015).
DoS attack: In the discussed layer the method of attack is common as discussed before however, the approach is different because the user or defensive walls are made to be believe that the attacks are being carried out at a different node which provides the attackers enough time and opportunity to get in the system.
Spear-phishing attack: The discussed attack is carried out through e-mails. The high officials of a network are delivered a phishing mail and when they access the mail, the attackers gain access to the credentials of the network and becomes a significant threat.
Sniffing attack: A sniffer application is introduced in the system in the attack in consideration which authorizes the attackers to corrupt the system.
The section above took account of the literary work of the past to cite the threats that are associated with the IoT network and it has also been identifies that no absolute solution exists that is capable of mitigating the discussed threat. However, one of the potential solution to the discussed technology is the cryptographic approach. Cryptography is one of the most disruptive technology and have proved itself to be of prominent advantage in different fields and one of such field is the security in IoT. The reason associated with the security benefits offered by the cryptography to the subject is that most of the threats that are associated with the subject are similar to the internet attacks and hence can be assessed. Though, it should also be noted that the remedial strategy for the internet attacks and the IoT attacks differ in nature because the consequences of the attacks differ according to the subject.
The discussed threats cab be mitigated by the adoption of lightweight cryptography. The term ‘lightweight’ here has association with the nature of less consumption of the system & network resources. The cryptographic approach of security can be classified in two different categories as symmetric and asymmetric cryptographic approach. The symmetric cryptographic approach follows a likelihood method for the security. In the discussed scenario the data are encrypted with a key before sharing or storing and the same key is used to decrypt the data to gain access to the system. The encryption makes it difficult for the malefactors to gain access to the system and network which mitigates the threat to the IoT (Sadeghi, Wachsmann and Waidner 2015).
On the contrary the asymmetric cryptography takes account of the non-likelihood method. The discussed approach also adopts the encryption process to safe keep the data however, the key used to encrypt the data differs in nature from the key that is used for the decryption.
Both the security methods are great to protect the system and the network from the attacks however, the asymmetric cryptographic approach can prove to be of great prominence against the malicious insiders. The reason for the above made statement lays base on the fact that the insider may have access to the encryption key which will enable the attacker to gain access to data if the symmetric cryptographic approach is adopt. While in asymmetric cryptographic approach the attacker needs to gain access to the decryption key as well to successfully deploy their attack.
References:
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M. and Ayyash, M., 2015. Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), pp.2347-2376.
Ali, M., Khan, S.U. and Vasilakos, A.V., 2015. Security in cloud computing: Opportunities and challenges. Information sciences, 305, pp.357-383.
Barker, E., 2017. SP 800-67 Rev. 2, Recommendation for Triple Data Encryption Algorithm (TDEA) Block Cipher. NIST special publication, 800, p.67.
Bekara, C., 2014. Security issues and challenges for the IoT-based smart grid. Procedia Computer Science, 34, pp.532-537.
Burbank, J.L., 2016. Security in Cognitive Radio Networks. Chap, 6, pp.161-182.
Farooq, M.U., Waseem, M., Khairi, A. and Mazhar, S., 2015. A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).
Flauzac, O., Gonzalez, C., Hachani, A. and Nolot, F., 2015, March. SDN based architecture for IoT and improvement of the security. In Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on (pp. 688-693). IEEE.
Gope, P. and Hwang, T., 2016. BSN-Care: A secure IoT-based modern healthcare system using body sensor network. IEEE Sensors Journal, 16(5), pp.1368-1376.
Hawblitzel, C., Howell, J., Lorch, J.R., Narayan, A., Parno, B., Zhang, D. and Zill, B., 2014, October. Ironclad Apps: End-to-End Security via Automated Full-System Verification. In OSDI (Vol. 14, pp. 165-181).
Hossain, M.M., Fotouhi, M. and Hasan, R., 2015, June. Towards an analysis of security issues, challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE World Congress on (pp. 21-28). IEEE.
Jacobsson, A., Boldt, M. and Carlsson, B., 2016. A risk analysis of a smart home automation system. Future Generation Computer Systems, 56, pp.719-733.
Krombholz, K., Hobel, H., Huber, M. and Weippl, E., 2015. Advanced social engineering attacks. Journal of Information Security and applications, 22, pp.113-122.
Laudon, K.C. and Laudon, J.P., 2016. Management information system. Pearson Education India.
Lowry, P.B. and Moody, G.D., 2015. Proposing the control?reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies. Information Systems Journal, 25(5), pp.433-463.
Mahmoud, R., Yousuf, T., Aloul, F. and Zualkernan, I., 2015, December. Internet of things (IoT) security: Current status, challenges and prospective measures. In Internet Technology and Secured Transactions (ICITST), 2015 10th International Conference for (pp. 336-341). IEEE.
Mao, W., Cai, Z., Towsley, D., Feng, Q. and Guan, X., 2017. Security importance assessment for system objects and malware detection. Computers & Security, 68, pp.47-68.
McIlwraith, A., 2016. Information security and employee behaviour: how to reduce risk through employee education, training and awareness. Routledge.
Papp, D., Ma, Z. and Buttyan, L., 2015, July. Embedded systems security: Threats, vulnerabilities, and attack taxonomy. In Privacy, Security and Trust (PST), 2015 13th Annual Conference on (pp. 145-152). IEEE.
Sadeghi, A.R., Wachsmann, C. and Waidner, M., 2015, June. Security and privacy challenges in industrial internet of things. In Proceedings of the 52nd annual design automation conference (p. 54). ACM.
Sajid, A., Abbas, H. and Saleem, K., 2016. Cloud-assisted iot-based scada systems security: A review of the state of the art and future challenges. IEEE Access, 4, pp.1375-1384.
Sharma, M.P., Zawar, M.S. and Patil, S.B., 2016. Ransomware Analysis: Internet of Things (Iot) Security Issues, Challenges and Open Problems Inthe Context of Worldwide Scenario of Security of Systems and Malware Attacks. Int. J. Innov. Res. n Sci. Eng, 2(3), pp.177-184.
Sicari, S., Rizzardi, A., Grieco, L.A. and Coen-Porisini, A., 2015. Security, privacy and trust in Internet of Things: The road ahead. Computer networks, 76, pp.146-164.
Stojmenovic, I. and Wen, S., 2014, September. The fog computing paradigm: Scenarios and security issues. In Computer Science and Information Systems (FedCSIS), 2014 Federated Conference on (pp. 1-8). IEEE.
Tao, F., Cheng, Y., Da Xu, L., Zhang, L. and Li, B.H., 2014. CCIoT-CMfg: cloud computing and internet of things-based cloud manufacturing service system. IEEE Transactions on Industrial Informatics, 10(2), pp.1435-1442.
Zhou, J., Cao, Z., Dong, X. and Vasilakos, A.V., 2017. Security and privacy for cloud-based IoT: Challenges. IEEE Communications Magazine, 55(1), pp.26-3
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download