IoT Security Study

IoT Security Study

Abhilasha S Latha S

Computer Science Department Computer Science Department

AMC Engineering College AMC Engineering College Bangalore, India Bangalore, India

Abstract: IoT is the popular topic to all the researchers which is currently attracting. In recent years, the different aspect of this field has been investigated by large amount of researchers. Meanwhile, providing privacy and security to these devices are integrated part of this technology. Suppose we are not supplying the required security, misuse of the advantages of this devices may happen which is worthless.

This paper is all about the major current challenges of security and privacy that IoT is facing and providing the solutions for these challenges.

Keywords: Internet of things (IoT), Challenges, Security, privacy PKI solutions, Authentication, Encryption.

1. INTRODUCTION

   Now a days IoT devices are getting more popular and the usage of IoT devices are increased in the market. As the IoT devices increased the main burden arises is security problem. The attackers through the susceptible web resources hacking the businesses and these are progressively being violated. Already, re-iteration attacks of interconnected things are registered and it will keep on eventuate if corporation do not shore up discipline in security problems. [2]

   An election of regular purchaser needed to aware of immunity condition of IoT devices and its every outgrowth. Outcome of this survey is that the device builders were not concentrated completely on providing security and it will be letting purchaser to the risk of attacks or sensible obtrusion.

   Fig 1: security needed Iot devices

   From the analysis of all IoT devices we grouped into four various authorities: Its outcome unveils that one device in each group exhibited susceptibilities over maximum groups. So from this analysis we come to know that we need to do survey on security of device designing and come with the solutions to underestimate the danger to purchaser. [2]

   Generation and assay of data is so necessary to the IoT; attention must be given to protecting data throughout its lifecycle. The IoT's essentials can be quickly shift from comforts into the dis-comforters anywhere, anything, anytime, if we wont take care of privacy condition.

2. WHAT DOES IOT MEANS?

   Broadcasting internet computing device encapsulated in everyday phenomenon, enabling them to send and receive data.

   Internet of things(IoT) is a conjoined or inter networking physical device which helps to transmit the data from sender to receiver with exclusive attribute and also it connects the network without calling for user to user or user to system communication. IoT is also referred as connected devices An overview for IoT is its origins, definitions, and technical and logical connectivity models. [4]

   Fig 2: examples of IoT Devices.

   Fault Tolerance on IoT

   The important fact is that, IoT is more susceptibility than the internet since IoT contains billion more devices and there will be chances that directly or indirectly attack of the devices by the attacker. Defined threshold is the separate path to know the reliability check for fault tolerance. To solve this problem condition should be unsubstantial which can be implemented on Internet of things. The result will be, by elaborating the conditions of executing software we need to design all components initially with the immune structure. Each and every element designed by Internet of thigs should have ability to distinguish present condition of each network, it should able to produce feedback to other components.

   The different privacy protocols are advised to the elements for facing network mortification in the execution

   or deficiency in the execution is that all component must able to secure themselves and to recover quickly from this situation. Hence, growth of reformation work is obvious.

   The Automatic services can be provided, the best example is M2M (Machine to Machine) Communication, it is more desperate for providing safety and security. The examples of these devices are health monitoring sensors, car controlling, haptic sensors for navigation, smart locks used in electronics and smart plug switch. We should get proper information about obstruction pattern to understand it clearly. And also how to get more knowledge of all troubling and misusing of IoT devices should be discussed. Accordingly, the biggest amount of fault that is accessible is to be tolerated should be cleared [.1]

   Fig 3: What do you see as the biggest challenges with IoT?

3. CHALLENGES FOR PROVIDING SECURITY [4]

   More targeted attacks can be expected on current and arriving framework, and it also include advanced threatening and rapacity pattern (e.g. deliverance of smart cars), document stealing, death possibilities, physical fracture etc.

   Fig 4: factors involving in the challenges of providing security.

   1. Three keys to IoT security challenges

      1. A trillion points of vulnerability

         IoT represent a potential risk for each and every device and sensor. All these devices will have controls in stored place and have confidentiality of collected input data and also integrity of sent data. So here the question arises is how can the organization be so confident about it?

      2. Trust factor and Integrity of data

         From all aspects of interconnected sensors corporate schemes going to launch by the input in the IoT. But how much confident an organization is that collected information is not leaked or involved with other organization?

         Currently we are able to buy an anti-virus security to a disc by going to street market, and we can also download it through our own PC. But we wont find that IoT device can have protecting ability in so many devices that can become connected immediately.

         So the required security should be made into the design of architecture initially, and it will create trust factor in data integrity which is very important one.

      3. Information collection, protecting data and privacy

         issue

         The main aim of IoT is making everyday lives easier for that it will steps towards quantity, capability of businesses, and also workers. To make smarter decision collected data will be useful to us. This collected data is having the crash on privacy possibilities. The collected information can be involved with connected devices. So that it will ruin under trust factor of the IoT. Before only we have seen that purchaser will be having more expectations on the businesses and government to protect their personal data.

         Recognition of the risks line for their present susceptibility, the businesses need to start to the IoT. And we should think about to where this going in the future.

         Mainly an IoTs foundation is a trust factor, and it is required to predicted under security and privacy things. So now we should start discussing about how to bring betterment in the world of connected devices.

   2. Four critical challenges of IoT security

      Development of the internet of things is facing two critical issues namely security and privacy.

      These are 4 key challenges to making IoT safer.

      1. More devices, more problems

         The Internet of things has major weakness is that behind our networks firewall numbers of devices are increased. Ten years ago, we had to worry how to safeguard our systems. And Five years before, we also worried how to protect our smart phones. But now we should also worry how to protect our vehicles, our home gadgets our wearables, and many other IoT based devices.

         Since the IoT devices are increasing, the devices may be hacked, that means the performance of hackers on those devices will be more. We may have heard that how hackers control the cars and with remote they can increase or decrease the speed of the cars. Though the hackers obviously use insignificant devices like babies monitors or our thermostat to unveil confidential data or just break our

         time. The main thing is to think how to break the security issues what a hacker can do with a device.

         Fig 5: attacks on IoT devices

      2. Updation

         Since the IoT is becoming sensibility, we should think about protecting those devices. Even though we think about securing those devices seriously, the companies which develop these devices are more superior about risks. The main problem is that most of the companies never try to update their devices regularly. This means when the devices are bought first it will be safer, but as the hackers finds new susceptibility it become unsafe.

         To overcome those problems and help the user the automatic updates have been seen in the systems. But most of the companies forced to get their devices stops providing security. Sometime the companies offer inflexible upgrades by this they usually stop focusing the construction of coming up device, and providing outdated hardware to the customers, it will be a security risks.

      3. Protecting data from corporations

         Corporations develop and come out with the mutually connected devices; they can also apply those devices to obtain personal information, especially money transfer which is dangerous.

         Now, when accepting any devices, the users can read and sign the approval certificate. Also we can see how devices corporations policies are regarded for keeping safe and securing data.

      4. Lazy consumer

         As the customers are too lazy to update their devices or perform basic needs to keep their systems safe. And protecting a single computer is easier than protecting the thousands of IoT devices, by which this problem becomes even worse.

         Even though the security risks from hackers or corporations cannot be avoided, there is a more attention on IoT devices.

4. SOLUTIONS

   IoT solutions and implementations must account for the necessary and fundamental needs of secure systems and

   data, including the three core goals of information security, confidentiality, availability and integrity. [5]

   Confidentiality ensures privacy: Access to information must be restricted to those authorized to view the data and the storage, and transmission of the information must be encrypted to prevent unauthorized access to data being communicated between systems and devices.

   Access controls are also part of availability: Availability ensures that hardware, applications, and systems are properly accessible to authorized entities and are performing intended functions.

   Integrity ensures data remains consistent and accurate during transit or as it is accumulated. Integrity ensures data remains consistent and accurate during transit or as it is accumulated. [5]

   Any solution that meets these three goals needs to be able to scale beyond current Internet levels of service. Large-scale IoT deployments often mean more complex requirements or a larger burden on a service providers infrastructure, which makes scalable systems a challenge to on-going data security.

   Fig 6: deployment on IoT solution in an organization.

   PKI (Public key infrastructure) is the best solution for IoT security

   To secure data and connected devices, PKI is the best solution provider. History of PKI tells that the existing standards for Internet security and to accommodate the requirements of diverse IoT organizations.

   In IoT ecosystem security and trust can be built and supported by PKI. The role of PKI in IoT is to provide strong identity authentication for all applications of IoT devices and purchasers to safely interact with sensitive data and to do exchange of data, it creates the foundation of trust.

   By providing the encryption, authentication, and data integrity that creates the foundation of trust, the PKI and other trust communities cover the trust security requirements that IoT projects need. IoT PKI platforms

   also deliver the scalability and flexibility that providers need as they move through testing, production, and deployment requirements. PKI is poised to accommodate and leverage its existing technologies for the specific and increasingly diverse needs of the IoT. [5]

   Fig 7: PKI solutions for IoT security

   1. Identity & Authentication

      Different synopsis occurs for an IoT authentication.

      E.g. machine to machine authentication. Currently some specific authentication of IoT being overburden such as: certificate base authentication, Pre-shared or mutual key secret and token based authentication, and based on these authentications we prefer device constraints. [1]

      One of the IoT security solution called DigiCert, it provides demand on authentication of systems, customers and devices that doesn't required tokens, password policies, or user initiated factors which associated with faithful devices and users. [4]

   2. Encryption

      One more solution which will protect the network or information from the attackers is called information Encryption. And Encryption is a popular, widely used solution to overcome from various attacks. [1]

      DigiCert SSL (secure sockets layer) encryption inherently provides the necessary elements of privacy. SSL certificates are used to encryption of the information in advance and it also protect the information being leaked between devices and systems. [4]

   3. Data and system Integrity

   Data and system integrity are the essential segments of network immunity where the data is stored in database.

   DigiCert provides services maintain that software; which gives the assurance of securing data over its entire life cycle. [4]

5. CONCLUSION

From this paper initially we described about the definition and the important abstraction of IoT and the seriousness to having privacy, security on IoT. And we gone through some examples. Then we went through the real time challenges for providing security which is necessary, because without providing security the technology may be misused and it will be harmful to the humans. Finally, we discussed about providing the best solution for all security challenges of IoT.

In future, study on privacy and security of IoT devices we can conclude, how efficiently we can secure the things in better manner.

REFERENCES

1. Iot security survey paper Maede Zolanvari under the guidance of prof. Raj Jain Olswang publication, Nov. 2014.

2. Survey paper on The Internet of Things: A survey Luigi Atzori DIEE, University of Cagliari, Italy, Antonio Iera University Mediterranea of Reggio Calabria .2010- Elsevier.

3. White Paper from Veracode The Internet of Things:

   Research Study on security

4. Wikipedia.

5. PKI (public key infrastructure): solutions for all security challenges of IoT. Jeremy Rowley, Executive VP of Emerging Markets at DigiCert.