Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks

Internet of Things (IoT) devices are rapidly becoming ubiquitous while IoT services are becoming pervasive. Their success has not gone unnoticed and the number of threats and attacks against IoT devices and services are on the increase as well. Cyber-attacks are not new to IoT, but as IoT will be deeply interwoven in our lives and societies, it is becoming necessary to step up and take cyber defense seriously. Hence, there is a real need to secure IoT, which has consequently resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper is an attempt to classify threat types, besides analyze and characterize intruders and attacks facing IoT devices and services.

[1]  Sarah Pramanik Threat motivation , 2013, 2013 10th International Conference and Expo on Emerging Technologies for a Smarter World (CEWIT).

[2]  Neeli R. Prasad,et al.  A Threat Analysis Methodology for Security Evaluation and Enhancement Planning , 2009, 2009 Third International Conference on Emerging Security Information, Systems and Technologies.

[3]  Neeli R. Prasad,et al.  Threat Model Framework and Methodology for Personal Networks (PNs) , 2007, 2007 2nd International Conference on Communication Systems Software and Middleware.

[4]  Martin Rudner Cyber-Threats to Critical National Infrastructure: An Intelligence Challenge , 2013 .

[5]  Ingoo Han,et al.  Security threats to Internet: a Korean multi-industry investigation , 2001, Inf. Manag..

[6]  Emerald M. Archer Crossing the Rubicon: Understanding Cyber Terrorism in the European Context , 2014 .

[7]  Sonja Meyer,et al.  On IoT-services: Survey, Classification and Enterprise Integration , 2012, 2012 IEEE International Conference on Green Computing and Communications.

[8]  Hans Günter Brauch,et al.  Concepts of Security Threats, Challenges, Vulnerabilities and Risks , 2010, Coping with Global Environmental Change, Disasters and Security.

[9]  Cristina Alcaraz,et al.  Analysis of Security Threats, Requirements, Technologies and Standards in Wireless Sensor Networks , 2009, FOSAD.

[10]  Chen Hongsong,et al.  Security and trust research in M2M system , 2011, Proceedings of 2011 IEEE International Conference on Vehicular Electronics and Safety.

[11]  G. Padmavathi,et al.  A Survey of Attacks, Security Mechanisms and Challenges in Wireless Sensor Networks , 2009, ArXiv.

[12]  Paul Baybutt Assessing risks from threats to process plants: Threat and vulnerability analysis , 2002 .

[13]  Sergey Andreev,et al.  Internet of Things, Smart Spaces, and Next Generation Networking , 2013, Lecture Notes in Computer Science.

[14]  Mukesh Taneja An analytics framework to detect compromised IoT devices using mobility behavior , 2013, 2013 International Conference on ICT Convergence (ICTC).

[15]  Helge Janicke,et al.  SCADA security in the light of Cyber-Warfare , 2012, Comput. Secur..

[16]  Antonio Iera,et al.  The Internet of Things: A survey , 2010, Comput. Networks.

[17]  Geir M. Køien,et al.  Reflections on Trust in Devices: An Informal Survey of Human Trust in an Internet-of-Things Context , 2011, Wirel. Pers. Commun..

[18]  Guangyi Xiao,et al.  User Interoperability With Heterogeneous IoT Devices Through Transformation , 2014, IEEE Transactions on Industrial Informatics.

[19]  H. S. Chandrashekar,et al.  Packet sniffing: a brief introduction , 2003 .

[20]  Michal Choras,et al.  Current cyber security threats and challenges in critical infrastructures protection , 2013, 2013 Second International Conference on Informatics & Applications (ICIA).

[21]  Sadie Creese,et al.  Insider Attacks in Cloud Computing , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[22]  Vinay M. Igure,et al.  Security issues in SCADA networks , 2006, Comput. Secur..

[23]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[24]  Giles Hogben,et al.  Privacy Features: Privacy features of European eID card specifications , 2008 .

[25]  Christoph P. Mayer Electronic Communications of the EASST Volume 17 ( 2009 ) Workshops der Wissenschaftlichen Konferenz Kommunikation in Verteilten Systemen 2009 ( WowKiVS 2009 ) Security and Privacy Challenges in the Internet of Things , 2008 .

[26]  Levent Gürgen,et al.  Sharing user IoT devices in the cloud , 2014, 2014 IEEE World Forum on Internet of Things (WF-IoT).

[27]  Colin Tankard,et al.  Advanced Persistent threats and how to monitor and deter them , 2011, Netw. Secur..

[28]  Rex Kelly Rainer Introduction to Information Systems: Enabling and Transforming Business , 2008 .

[29]  Marco de Vivo,et al.  A review of port scanning techniques , 1999, CCRV.

[30]  Marimuthu Palaniswami,et al.  Internet of Things (IoT): A vision, architectural elements, and future directions , 2012, Future Gener. Comput. Syst..

[31]  Dhiren Patel,et al.  A Survey on Internet of Things: Security and Privacy Issues , 2014 .

[32]  A. Daneels,et al.  Современные SCADA-системы , 2017 .

[33]  Geir M. Køien,et al.  Security and privacy in the Internet of Things: Current status and open issues , 2014, 2014 International Conference on Privacy and Security in Mobile Systems (PRISMS).

[34]  John Sheldon State of the Art: Attackers and Targets in Cyberspace , 2012 .

[35]  Ahmed Al-Rawi Cyber warriors in the Middle East: The case of the Syrian Electronic Army , 2014 .

[36]  Alexander Gluhak,et al.  A survey on facilities for experimental internet of things research , 2011, IEEE Communications Magazine.

[37]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[38]  Anthony Lai,et al.  Evidence of Advanced Persistent Threat: A case study of malware for political espionage , 2011, 2011 6th International Conference on Malicious and Unwanted Software.

[39]  Elisa Bertino,et al.  Web Services Threats, Vulnerabilities, and Countermeasures , 2009 .

[40]  Alessandro Bassi,et al.  From today's INTRAnet of things to a future INTERnet of things: a wireless- and mobility-related view , 2010, IEEE Wireless Communications.

[41]  Imrich Chlamtac,et al.  Internet of things: Vision, applications and research challenges , 2012, Ad Hoc Networks.

[42]  Jiang Du,et al.  A study of information security for M2M of IOT , 2010, 2010 3rd International Conference on Advanced Computer Theory and Engineering(ICACTE).

[43]  Alastair R. Beresford,et al.  Location privacy in ubiquitous computing , 2005 .

[44]  C. Wilson Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress , 2008 .

[45]  Iliano Cervesato,et al.  The Dolev-Yao Intruder is the most Powerful Attacker , 2010 .

[46]  Ramjee Prasad,et al.  Object Classification based Context Management for Identity Management in Internet of Things , 2013 .

[47]  Peter Friess,et al.  Internet of Things Strategic Research Roadmap , 2011 .

[48]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[49]  Kamal Dahbur,et al.  A survey of risks, threats and vulnerabilities in cloud computing , 2011, ISWSA '11.

[50]  Martin Bauer,et al.  Proceedings of the Federated Conference on Computer Science and Information Systems pp. 949–955 ISBN 978-83-60810-22-4 Service Modelling for the Internet of Things , 2022 .

[51]  Mats Näslund,et al.  Privacy in machine-to-machine communications A state-of-the-art survey , 2012, 2012 IEEE International Conference on Communication Systems (ICCS).

[52]  Inhyok Cha,et al.  Trust in M2M communication , 2009, IEEE Vehicular Technology Magazine.