Review on security and privacy concerns in Internet of Things

Internet of Things (IoT) is associate degree rising conception which can interconnect billions of devices (such as smartphones, sensors and alternative networking devices), to speak with one another. IoT may be a system wherever objects embedded with detector technology to act with one another over wireless communication medium to come up with, exchange and transfer knowledge without human interaction. This interconnection is relevant in many ways like timely coordination with many simple devices such as sensors, thermostats, fitbits, routers etc. Due to open and heterogeneous nature of these networks, they are highly prone to vulnerable attacks. So privacy and security is the biggest concern in this technology. This paper focuses on common IoT vulnerabilities like Distributed Denial of Service (DDoS), Data modification attacks in background section. It covers privacy and security concerns in different segments like web interface vulnerabilities, device connections, spamming, data storage issues, IoT network related problems like Sybil attacks, cloud connectivity considerations, Industrial IoT attacks. There have been many privacy preserving mechanisms discovered (like Learning Automata based solution, disabling Universal Plug and Play, DDOS ALERT mechanisms, Rigorous Testing etc.) and related research is still going on. The goal of this paper to present the security and privacy concerns that IoT environment is facing and existing mechanisms to protect it.

[1]  Michael Koch,et al.  Ubiquitous Computing , 2001, CSCW-Kompendium.

[2]  M. Weiser,et al.  Hot topics-ubiquitous computing , 1993 .

[3]  Domenico Rotondi,et al.  A capability-based security approach to manage access control in the Internet of Things , 2013, Math. Comput. Model..

[4]  P. Venkata Krishna,et al.  An adaptive learning routing protocol for the prevention of distributed denial of service attacks in wireless mesh networks , 2010, Comput. Math. Appl..

[5]  Pascal Urien,et al.  A new approach to investigate IoT threats based on a four layer model , 2016, 2016 13th International Conference on New Technologies for Distributed Systems (NOTERE).

[6]  Mayank Upadhyay,et al.  Authentication at Scale , 2013, IEEE Security & Privacy.

[7]  P. Venkata Krishna,et al.  A Learning Automata Based Solution for Preventing Distributed Denial of Service in Internet of Things , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[8]  Ahmad-Reza Sadeghi,et al.  Security and privacy challenges in industrial Internet of Things , 2015, 2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC).

[9]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[10]  Antoine Bagula,et al.  Using exponentially weighted moving average algorithm to defend against DDoS attacks , 2016, 2016 Pattern Recognition Association of South Africa and Robotics and Mechatronics International Conference (PRASA-RobMech).

[11]  Jeyavijayan Rajendran,et al.  Shielding and securing integrated circuits with sensors , 2014, 2014 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[12]  Karim Eldefrawy SMART: Secure and Minimal Architecture for (Establishing a Dynamic) Root of Trust , 2012, NDSS 2012.

[13]  Aurélien Francillon,et al.  A Large-Scale Analysis of the Security of Embedded Firmwares , 2014, USENIX Security Symposium.

[14]  Nicolas Sklavos,et al.  Cryptography and Security in Internet of Things (IoTs): Models, Schemes, and Implementations , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[15]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[16]  Frank Piessens,et al.  Efficient Isolation of Trusted Subsystems in Embedded Systems , 2010, SecureComm.

[17]  David M. Eyers,et al.  Twenty Security Considerations for Cloud-Supported Internet of Things , 2016, IEEE Internet of Things Journal.

[18]  P. Venkata Krishna,et al.  Adaptive link-state routing and intrusion detection in wireless mesh networks , 2010, IET Inf. Secur..

[19]  Thomas Morris,et al.  Trusted Platform Module , 2011, Encyclopedia of Cryptography and Security.

[20]  Kang Yen,et al.  Sensor network security: a survey , 2009, IEEE Communications Surveys & Tutorials.

[21]  Oscar Garcia-Morchon,et al.  Security Considerations in the IP-based Internet of Things , 2013 .

[22]  Elisa Bertino,et al.  Botnets and Internet of Things Security , 2017, Computer.

[23]  Frank Piessens,et al.  Sancus: Low-cost Trustworthy Extensible Networked Devices with a Zero-software Trusted Computing Base , 2013, USENIX Security Symposium.