KEMBAR78
Unit V | PDF | Internet Of Things | Security
Scribd
Upload
23 views4 pages

Unit V

The document discusses the critical importance of securing the Internet of Things (IoT) due to its vast interconnectivity and associated security vulnerabilities. It outlines security requirements across IoT architecture layers, enabling technologies, and specific application risks, emphasizing the need for confidentiality, integrity, authentication, authorization, and availability. Additionally, it highlights common threats and attacks targeting IoT devices, such as botnets and firmware attacks, along with best practices for mitigating these risks.

Uploaded by

vibhashbhandari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
23 views4 pages

Unit V

The document discusses the critical importance of securing the Internet of Things (IoT) due to its vast interconnectivity and associated security vulnerabilities. It outlines security requirements across IoT architecture layers, enabling technologies, and specific application risks, emphasizing the need for confidentiality, integrity, authentication, authorization, and availability. Additionally, it highlights common threats and attacks targeting IoT devices, such as botnets and firmware attacks, along with best practices for mitigating these risks.

Uploaded by

vibhashbhandari
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Unit V – Securing the Internet of Things & Security Architecture

1. Introduction
The Internet of Things (IoT) connects billions of devices, sensors, machines, and
people. While this interconnectivity offers immense advantages, it also
introduces major security vulnerabilities. Devices often operate in unprotected
environments, with limited computing resources, making it hard to apply
traditional security mechanisms.
Why IoT Security is Critical:
Devices collect, process, and share sensitive data.
Many devices have limited computing power, making security difficult.
Lack of standard security practices across manufacturers.
Potential for large-scale attacks (e.g., botnets like Mirai).
IoT devices may be unattended or physically accessible to attackers.

2. Security Requirements in IoT Architecture


IoT architecture typically consists of three layers, each with its own security
requirements:
a) Perception Layer (Device Layer):
Contains sensors, actuators, RFID tags, cameras, etc.
Security Needs:
Physical protection of hardware, Secure boot & firmware, Device
authentication, Tamper detection, Cryptographic capabilities
b) Network Layer:
Responsible for transmitting data from devices to cloud or middleware.
Security Needs:
Data encryption in transit (SSL/TLS), Secure routing protocols, Prevention of
eavesdropping and packet sniffing, DoS/DDoS attack protection, Firewall and
VPN
c) Application Layer:
Interfaces for users and services to interact with IoT systems.
Security Needs:
User authentication and role-based access, Data integrity checks, End-to-end
encryption, Audit logging, Secure APIs

3. Security in Enabling Technologies


IoT solutions are built using various underlying technologies. Each must be
secured:
a) Wireless Communication:
Wi-Fi: Use WPA3, avoid open networks
Bluetooth: Use BLE Secure Connections
ZigBee/Z-Wave: Enable key encryption
LoRaWAN: Use AES-128 for secure transmission
b) Cloud Computing:
Encrypt data at rest and in transit
Access control using tokens and multi-factor authentication
Regular patching of cloud services
c) Edge/Fog Computing:
Secure data preprocessing before cloud transfer
Deploy machine learning-based anomaly detection at the edge
d) Operating Systems:
Use IoT-optimized OS like RIOT OS, Contiki, TinyOS with security modules
Hardened Linux-based platforms (e.g., Ubuntu Core, Raspbian with AppArmor)

4. Security Concerns in IoT Applications


IoT applications vary by domain, and each introduces unique risks:
Domain Security Risk
Smart Homes Device hijacking, eavesdropping, unauthorized access
Healthcare (IoMT) Patient data theft, remote device tampering
Industrial IoT (IIoT) Intellectual property theft, sabotage of production lines
Smart Cities Sensor spoofing, traffic control manipulation
Connected GPS spoofing, car hacking (e.g., brake or steering
Vehicles interference)

5. Security Requirements in IoT


a) Confidentiality:
Ensure that only authorized users can access sensitive data.
Techniques:
AES encryption, Public key infrastructure (PKI), VPN and secure tunnels
b) Integrity:
Ensure data is not tampered with during transit.
Techniques:
Hashing (SHA-256), Digital signatures
c) Authentication:
Verify that the communicating devices or users are legitimate.
Techniques:
Passwords and PINs, Digital certificates, Biometrics.Token-based systems
d) Authorization:
Provide users/devices only the access rights they need.
Techniques:
Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC)
e) Availability:
Systems must be resilient to attacks like DoS/DDoS to ensure 24/7 functionality.
Techniques:
Redundancy and failover, Traffic monitoring and filtering, Load balancing

6. Insufficient Authentication/Authorization
Many IoT devices suffer from:
Default credentials not being changed
Weak or reused passwords
No session timeout
Lack of mutual authentication (device-to-cloud and cloud-to-device)
Impacts:
Devices can be easily hijacked
Attackers gain full control over systems (e.g., baby monitors, cameras)
Best Practices:
Enforce password policies
Implement certificate-based or token-based authentication
Use time-limited access tokens

7. Insecure Access Control


Access control is about defining who can do what in a system. Insecure access
control occurs when:
Users can perform operations they should not
Devices expose unnecessary services (e.g., open ports)
Threats:
Privilege escalation
Unauthorized data access
Remote device control
Preventive Measures:
Principle of least privilege
Access control lists (ACL)
Strong API authentication mechanisms
Secure firmware that validates commands

8. Threats to Access Control, Privacy, and Availability


a) Access Control Threats:
Brute force login attempts
Hardcoded credentials
Lack of granular access control
b) Privacy Threats:
Unauthorized data collection
Data leakage via unsecured storage or transmission
Surveillance via hacked devices (e.g., smart cameras)
c) Availability Threats:
DoS/DDoS attacks (flooding the device or server)
Ransomware targeting critical IoT infrastructure
Battery draining attacks (in wearables)

9. Attacks Specific to IoT


1. Botnets:
IoT devices infected and grouped into a network used to launch massive DDoS
attacks.
Example: Mirai botnet
2. Firmware Attacks:
Inject malicious code into device firmware.
Can survive reboots and factory resets.
3. Side Channel Attacks:
Attackers gain information by analyzing power consumption, timing, or
electromagnetic leaks.
4. Physical Attacks:
If attackers gain physical access, they may:
Extract encryption keys
Replace memory chips
Reset devices
5. Man-in-the-Middle (MitM):
Intercepting communications between device and server.
6. Replay Attacks:
Reusing intercepted data packets to gain unauthorized access or trigger
actions.

You might also like