The rise of ransomware and emerging security challenges in the Internet of Things

With the increasing miniaturization of smartphones, computers, and sensors in the Internet of Things (IoT) paradigm, strengthening the security and preventing ransomware attacks have become key concerns. Traditional security mechanisms are no longer applicable because of the involvement of resource-constrained devices, which require more computation power and resources. This paper presents the ransomware attacks and security concerns in IoT. We initially discuss the rise of ransomware attacks and outline the associated challenges. Then, we investigate, report, and highlight the state-of-the-art research efforts directed at IoT from a security perspective. A taxonomy is devised by classifying and categorizing the literature based on important parameters (e.g., threats, requirements, IEEE standards, deployment level, and technologies). Furthermore, a few credible case studies are outlined to alert people regarding how seriously IoT devices are vulnerable to threats. We enumerate the requirements that need to be met for securing IoT. Several indispensable open research challenges (e.g., data integrity, lightweight security mechanisms, lack of security softwares upgradability and patchability features, physical protection of trillions of devices, privacy, and trust) are identified and discussed. Several prominent future research directions are provided.

[1]  Dhiren Patel,et al.  A Survey on Internet of Things: Security and Privacy Issues , 2014 .

[2]  Yier Jin,et al.  Privacy and Security in Internet of Things and Wearable Devices , 2015, IEEE Transactions on Multi-Scale Computing Systems.

[3]  Jiafu Wan,et al.  Security in the Internet of Things: A Review , 2012, 2012 International Conference on Computer Science and Electronics Engineering.

[4]  Ludwig Seitz,et al.  S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things , 2016, IEEE Transactions on Automation Science and Engineering.

[5]  Tim Ring,et al.  Connected cars - the next targe tfor hackers , 2015, Netw. Secur..

[6]  Adi Shamir,et al.  Oops!...I think I scanned a malware , 2017, ArXiv.

[7]  M. North,et al.  Ransomware: Evolution, Mitigation and Prevention , 2017 .

[8]  Catalin Lucian Chimirel,et al.  Unleashing Smart Cities efficient and sustainable energy policies with IoT based Unbundled Smart Meters , 2016, 2016 IEEE International Conference on Emerging Technologies and Innovative Business Practices for the Transformation of Societies (EmergiTech).

[9]  Arkady B. Zaslavsky,et al.  Context Aware Computing for The Internet of Things: A Survey , 2013, IEEE Communications Surveys & Tutorials.

[10]  Wojciech Mazurczyk,et al.  Software-Defined Networking-based Crypto Ransomware Detection Using HTTP Traffic Characteristics , 2016, Comput. Electr. Eng..

[11]  Muhammad Imran,et al.  Fortifying Intrusion Detection Systems in Dynamic Ad Hoc and Wireless Sensor Networks , 2014, Int. J. Distributed Sens. Networks.

[12]  Laurence T. Yang,et al.  Data Exfiltration From Internet of Things Devices: iOS Devices as Case Studies , 2017, IEEE Internet of Things Journal.

[13]  Xu Xiaohui,et al.  Study on Security Problems and Key Technologies of the Internet of Things , 2013, 2013 International Conference on Computational and Information Sciences.

[14]  Miss Laiha Mat Kiah,et al.  Host mobility key management in dynamic secure group communication , 2018, Wirel. Networks.

[15]  Jari Veijalainen,et al.  Security and privacy threats in IoT architectures , 2012, BODYNETS.

[16]  Eduardo P. Godoy,et al.  Proposed model to implement high-level Information Security in Internet of Things , 2017, 2017 Second International Conference on Fog and Mobile Edge Computing (FMEC).

[17]  Shahaboddin Shamshirband,et al.  Toward secure group communication in wireless mobile environments: Issues, solutions, and challenges , 2015, J. Netw. Comput. Appl..

[18]  Eric Keller,et al.  CommunityGuard: A Crowdsourced Home Cyber-Security System , 2017, SDN-NFV@CODASPY.

[19]  Norita Md Norwawi,et al.  Internet of Things(IoT) digital forensic investigation model: Top-down forensic approach methodology , 2015, 2015 Fifth International Conference on Digital Information Processing and Communications (ICDIPC).

[20]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[21]  Daniele Miorandi,et al.  A security-and quality-aware system architecture for Internet of Things , 2014, Information Systems Frontiers.

[22]  Ioannis Chatzigiannakis,et al.  A privacy-preserving smart parking system using an IoT elliptic curve based security platform , 2016, Comput. Commun..

[23]  Thiemo Voigt,et al.  Lithe: Lightweight Secure CoAP for the Internet of Things , 2013, IEEE Sensors Journal.

[24]  Habtamu Abie,et al.  Towards metrics-driven adaptive security management in e-health IoT applications , 2012, BODYNETS.

[25]  Zygmunt J. Haas,et al.  Security and Privacy in the Internet-of-Things Under Time-and-Budget-Limited Adversary Model , 2015, IEEE Wireless Communications Letters.

[26]  Rolf H. Weber,et al.  Internet of Things - New security and privacy challenges , 2010, Comput. Law Secur. Rev..

[27]  Mohsen Guizani,et al.  Internet-of-things-based smart environments: state of the art, taxonomy, and open research challenges , 2016, IEEE Wireless Communications.

[28]  Jeffrey M. Voas,et al.  Learning Internet-of-Things Security "Hands-On" , 2016, IEEE Security & Privacy.

[29]  Joonsang Baek,et al.  Lightweight Encryption for Smart Home , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[30]  Jia Guo,et al.  Trust-Based Service Management for Social Internet of Things Systems , 2016, IEEE Transactions on Dependable and Secure Computing.

[31]  D. Kavya Ransomware of Things (RoT) , 2017 .

[32]  Lida Xu,et al.  The internet of things: a survey , 2014, Information Systems Frontiers.

[33]  Antonio Iera,et al.  A systemic and cognitive approach for IoT security , 2014, 2014 International Conference on Computing, Networking and Communications (ICNC).

[34]  Ejaz Ahmed,et al.  Securing software defined networks: taxonomy, requirements, and open issues , 2015, IEEE Communications Magazine.

[35]  Jiong Jin,et al.  Secure Service Virtualization in IoT by Dynamic Service Dependency Verification , 2016, IEEE Internet of Things Journal.

[36]  Sheeraz Akram,et al.  Blind Detection of Copy-Move Forgery in Digital Audio Forensics , 2017, IEEE Access.

[37]  Zou Deqing,et al.  A hierarchical virus immunization method for community networks , 2014, China Communications.

[38]  Rongxing Lu,et al.  Securing the Internet of Things in a Quantum World , 2017, IEEE Communications Magazine.

[39]  Athanasios V. Vasilakos,et al.  The role of big data analytics in Internet of Things , 2017, Comput. Networks.

[40]  Francesco Palmieri,et al.  Multi-layer cloud architectural model and ontology-based security service framework for IoT-based smart homes , 2018, Future Gener. Comput. Syst..

[41]  Ingrid Moerman,et al.  Efficiently Observing Internet of Things Resources , 2012, 2012 IEEE International Conference on Green Computing and Communications.

[42]  M. Prasanth,et al.  Encryption and hash based security in Internet of Things , 2015, 2015 3rd International Conference on Signal Processing, Communication and Networking (ICSCN).

[43]  Mazliza Othman,et al.  Internet of Things security: A survey , 2017, J. Netw. Comput. Appl..

[44]  Daniele Miorandi,et al.  AUPS: An Open Source AUthenticated Publish/Subscribe system for the Internet of Things , 2016, Inf. Syst..

[45]  Mohsen Guizani,et al.  Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications , 2015, IEEE Communications Surveys & Tutorials.

[46]  Karan Mitra,et al.  IReHMo: An efficient IoT-based remote health monitoring system for smart regions , 2015, 2015 17th International Conference on E-health Networking, Application & Services (HealthCom).

[47]  Eun-Jun Yoon,et al.  Secure Signature-Based Authenticated Key Establishment Scheme for Future IoT Applications , 2017, IEEE Access.

[48]  Lisandro Zambenedetti Granville,et al.  A DTLS-based security architecture for the Internet of Things , 2015, 2015 IEEE Symposium on Computers and Communication (ISCC).

[49]  Ramesh Karri,et al.  Hardware and embedded security in the context of internet of things , 2013, CyCAR '13.

[50]  Athanasios V. Vasilakos,et al.  Internet of Vehicles for E-Health Applications: A Potential Game for Optimal Network Capacity , 2017, IEEE Systems Journal.

[51]  Pinyi Ren,et al.  Security Enhancement for IoT Communications Exposed to Eavesdroppers With Uncertain Locations , 2016, IEEE Access.

[52]  Bin Sun,et al.  Trust management mechanism for Internet of Things , 2014 .

[53]  Kai Zhao,et al.  A Survey on the Internet of Things Security , 2013, 2013 Ninth International Conference on Computational Intelligence and Security.

[54]  Ling Liu,et al.  Analysis and design of security in Internet of things , 2015, 2015 8th International Conference on Biomedical Engineering and Informatics (BMEI).

[55]  Xinzheng Dong,et al.  Application of dynamic variable cipher security certificate in Internet of Things , 2012, 2012 IEEE 2nd International Conference on Cloud Computing and Intelligence Systems.

[56]  Alessandro Neri,et al.  Security Access Protocols in IoT Capillary Networks , 2017, IEEE Internet of Things Journal.

[57]  Antonio F. Gómez-Skarmeta,et al.  ARMY: architecture for a secure and privacy-awar e lifecycle of smar t objects in the internet of my things , 2016, IEEE Commun. Mag..

[58]  B Aishwarya,et al.  Security and Privacy Challenges in Internet of Things , 2018, 2018 2nd International Conference on Trends in Electronics and Informatics (ICOEI).

[59]  Francesco Buccafurri,et al.  A Model Implementing Certified Reputation and Its Application to TripAdvisor , 2015, 2015 10th International Conference on Availability, Reliability and Security.

[60]  Mansour Sheikhan,et al.  Hybrid of anomaly-based and specification-based IDS for Internet of Things using unsupervised OPF based on MapReduce approach , 2017, Comput. Commun..

[61]  Jemal H. Abawajy,et al.  Secure Object Tracking Protocol for the Internet of Things , 2016, IEEE Internet of Things Journal.

[62]  Tzonelih Hwang,et al.  BSN-Care: A Secure IoT-Based Modern Healthcare System Using Body Sensor Network , 2016, IEEE Sensors Journal.

[63]  Andreas Jacobsson,et al.  An analysis of malicious threat agents for the smart connected home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[64]  Jorge Sá Silva,et al.  Security for the Internet of Things: A Survey of Existing Protocols and Open Research Issues , 2015, IEEE Communications Surveys & Tutorials.

[65]  Ananda Mohon Ghosh,et al.  Remote health monitoring system through IoT , 2016, 2016 5th International Conference on Informatics, Electronics and Vision (ICIEV).

[66]  Yongqiang Lyu,et al.  Approximate Computing for Low Power and Security in the Internet of Things , 2017, Computer.

[67]  Daniele Miorandi,et al.  A secure and quality-aware prototypical architecture for the Internet of Things , 2016, Inf. Syst..

[68]  Athanasios V. Vasilakos,et al.  A survey on trust management for Internet of Things , 2014, J. Netw. Comput. Appl..

[69]  Elena Simona Lohan,et al.  Robustness, Security and Privacy in Location-Based Services for Future IoT: A Survey , 2017, IEEE Access.

[70]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[71]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[72]  Luigi Alfredo Grieco,et al.  Security, privacy and trust in Internet of Things: The road ahead , 2015, Comput. Networks.

[73]  Richard J. Tobias Wireless communication of real-time ultrasound data and control , 2015, Medical Imaging.

[74]  Pedro Castillejo,et al.  Automated determination of security services to ensure personal data protection in the Internet of Things applications , 2013, Third International Conference on Innovative Computing Technology (INTECH 2013).

[75]  Ragib Hasan,et al.  FAIoT: Towards Building a Forensics Aware Eco System for the Internet of Things , 2015, 2015 IEEE International Conference on Services Computing.

[76]  Salim Hariri,et al.  IoT Security Development Framework for building trustworthy Smart car services , 2016, 2016 IEEE Conference on Intelligence and Security Informatics (ISI).

[77]  B. B. Gupta,et al.  Security in Internet of Things: issues, challenges, taxonomy, and architecture , 2017, Telecommunication Systems.

[78]  Athanasios V. Vasilakos,et al.  Secure Authentication for Remote Patient Monitoring with Wireless Medical Sensor Networks † , 2016, Sensors.

[79]  Hannu Tenhunen,et al.  End-to-end security scheme for mobility enabled healthcare Internet of Things , 2016, Future Gener. Comput. Syst..

[80]  Mohamed Jamal Zemerly,et al.  Security and privacy framework for ubiquitous healthcare IoT devices , 2015, 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST).

[81]  Laurence T. Yang,et al.  Cyberentity Security in the Internet of Things , 2013, Computer.

[82]  Jinjun Chen,et al.  External integrity verification for outsourced big data in cloud and IoT: A big picture , 2015, Future Gener. Comput. Syst..

[83]  Athanasios V. Vasilakos,et al.  Security in Software-Defined Networking: Threats and Countermeasures , 2016, Mobile Networks and Applications.

[84]  Indrakshi Ray,et al.  A Generic Digital Forensic Investigation Framework for Internet of Things (IoT) , 2016, 2016 IEEE 4th International Conference on Future Internet of Things and Cloud (FiCloud).

[85]  Mohsen Guizani,et al.  Internet of Things Architecture: Recent Advances, Taxonomy, Requirements, and Open Challenges , 2017, IEEE Wireless Communications.

[86]  Muhammad Imran,et al.  An Automatic Digital Audio Authentication/Forensics System , 2017, IEEE Access.

[87]  Jaydip Sen,et al.  Embedded security for Internet of Things , 2011, 2011 2nd National Conference on Emerging Trends and Applications in Computer Science.

[88]  Kai Fan,et al.  RFID Secure Application Revocation for IoT in 5G , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[89]  Do-Yeon Kim Cyber security issues imposed on nuclear power plants , 2014 .

[90]  Hyoungshick Kim,et al.  Security and Privacy Challenges in the Internet of Things [Security and Privacy Matters] , 2017, IEEE Consumer Electronics Magazine.