The Challenges in the Internet of Things - Research Paper Example

THE CHALLENGES IN INTERNET OF THING By Name Course Instructor Institution City/State Date Table of Contents THE CHALLENGES IN INTERNET OF THING 1 Table of Contents 2 1.0 Introduction 3 1.1 Background 3 1.2 Significance 5 1.3 Research Focus 5 1.3.1 Research Problem 6 1.3.2 Research Question 6 1.3.3 Research Aim 6 2.0 Literature Review 7 3.0 Research Methodology 11 3.1 Qualitative Research 11 3.2 Quantitative Research 12 3.3 Data Collection 12 3.4 Data Analysis 13 4.0 Evaluation of Results & Findings 13 4.1 Results & Findings 13 4.2 Discussion 15 5.0 Conclusion 17 References 19 Appendices 22 The Challenges in Internet of Thing – Security Perspective 1.0 Introduction Internet of Things (IOT) can be defined as everyday objects’ networked interconnection that are normally seen a sensors’ self -configuring wireless network for interconnecting all ‘things’ (see Appendix One). Nowadays, the world completely relies on information offered on the internet that is captured through text or by taking images. Evidently, this outlines the major participation of people in gathering information. Still, involving people can result in some problems considering that they have less accuracy and limited time, which results in inconsistent and inappropriate data. Therefore, there is a need for a system that can automatically capture and transfer data to the internet devoid of any human to machine interaction. Therefore, the IoT is a state whereby there is a connection of all ‘things’ in the internet sensors for management as well as intelligent identification. Such things according to Bhabad and Bagade (2015, p.1) when offered with unique identifiers may be read using radio-frequency identification (RFID) tags together with information sensing devices (sensors). Therefore, the thing in the IoT could be a human being having a heart for monitoring an implant, a car with in-built sensors that monitors the pressure and alert the driver when it is low, or other manufactured objects having a unique Internet Protocol (IP) address that can be connected to the network to facilitate transfer. Basically, the increasing utilisation of IoT system creates the need for powerful protection against any potential vulnerability or attacks. 1.1 Background Given that the nodes of IoT are of low communication speed, less computation power, low storage, and naturally heterogeneous, it requires forward and backward secrecy, smooth control of the data access, confidentiality, integrity, and scalable security algorithms. The phrase ‘security’ normally involves different concepts; for instance, security connotes the basic security services provision, which involves availability, confidentiality, non-repudiation, authorisation, integrity as well as authentication. Such services could be implemented through various cryptographic mechanisms, like signature algorithms, hash functions, or block ciphers. All of the aforementioned mechanisms need a solid infrastructure for key management so as to manage the needed cryptographic keys. However, in the IoT context, security should focus on both the needed security services and how the services would be achieved in the entire system as well as how to execute the security functionalities. Even though security considerations have been there in the IT context, the features of various IoT executions bring about unique and new security challenges. Therefore, managing such challenges and making sure IoT services and products are protected should be the main priority. The IoT devices as well as the associated data services should be protected from vulnerabilities, particularly because this technology has turned out to be pervasive and integrated and pervasive into people’s day-to-day lives. This research report focus challenges in IoT with focus on the security perspective. The report determines how security challenges in IoT can be managed in the present and future systems. Using a document analysis research method, the existing IoT devices have been analysed with the objective of creating a clear, perceptible depiction of the challenges as well as solutions existing in the IoT today. 1.2 Significance This research report is important because it creates a perceptible picture of the security challenges in the IoT. The report shows why it is essential to implement security features in the IoT systems, even if the features stretch the devices’ capabilities. It is exceedingly challenging to automate key management, but it is important that the IoT systems not to depend on pre-shared keys. As it will be evidenced in this research report, privacy issues can offer incentives for espousing technologies intended for preventing leakage of information in the intelligence environments. More importantly, IoT security has become a prerequisite of the time. The security should offer information flows’ authentication, confidentiality, integrity and non-repudiation. This report shows how IoT communications/systems security can be managed effectively in different environments. In addition, other requirements for IoT security have to be considered, especially on the subject of communications with sensors. This report indicates various mechanisms that can be used to implement protection so as to enable the IoT systems to function normally. Generally, this paper contributes to the existing literature on the issue of the current state of IoT systems and different security challenges affecting the systems. 1.3 Research Focus The focus of this research is on the concept of IOT as well as the security challenges. Basically, it is challenging to see the IoT devices’ resource-limited behaviour in the actual scenario since a large-scale IoT networks like the forest’s fire warning system have a lot of tiny temperature sensors which provide a weak point for a malicious attacker to intrude the system. 1.3.1 Research Problem This research paper focus on how attackers exploit the IoT weak points for their own benefits. This research also focuses on why the existing security models have failed to accurately describe the IoT paradigm. Aside from outlining the major IoT components, the research will focus on describing the IoT security requirements as well as classifying the threats for all the IoT components. The security challenges associated with IoT are derived from the utilisation of the standard protocols as well as the very nature of the objects. Therefore, the security requirements as well as challenges for IoT are presented by examining the Internet protocols that are applied to the IoT as well as the problems and limitations introduced by the existing solutions. 1.3.2 Research Question What are the security challenges and existing countermeasures in the Internet of Things? 1.3.3 Research Aim 1. To identify and classify different security challenges in IoT systems and applications. 2. To present an IoT security issues and challenges, attack surfaces, and threat models 3. To categorise the major components in the IoT domain 4. To identify the privacy issues associated with the IoT applications 5. To present viable security solutions for the IoT applications 2.0 Literature Review As identified in Farooq et al. (2015, p.2) study, the IoT has four key levels (see Appendix Two): Perception Layer, which involves various forms of data sensors such as Barcodes, RFID as well as other sensor network. The Perception Layer main objective is identifying the unique objects as well as managing the gathered data acquired from the real world. The second layer is the Network Layer, which focuses on transmitting the collected information to the information processing system using the available and reliable communication networks such as Mobile Network or the internet. The third layer is the Middle-ware Layer, which has information processing systems which take automatic actions with the view to the processed data results and also connects the system with a database that stores the gathered data. The last layer is the application Layer, which recognised different IoT practical applications anchored on the needs of the users as well as various forms of industries like the Smart Transportation, Smart Environment, and so forth. (Farooq et al., 2015, p.2). As cited by Farooq et al. (2015, p.3), a number of research have been carried out with the objective of offering a security architecture that is well-defined and reliable that can offer data privacy and security confidentiality. For this reason, a security architecture that protects the IoT from possible security threats has been proposed (see Appendix Three). The increasing utilisation of IoT systems according to Bhabad and Bagade (2015, p.3), has created a need for a powerful security architecture so as to protect IoT from vulnerability or possible attacks. Therefore, all layers of the IOT system must be protected since every layer has different security issues. For instance, the Perception Layer has terminal and sensor network security issues. Because of the IoT system’s wireless communication nature, the system faces a number of threats from virus attacks and hackers. Bhabad and Bagade (2015) established that the main challenges that existed in the perception terminals include terminal virus, tampering, confidential information leakage, as well as other issues. The sensor nodes in the sensor Perception Layer are used to transmit data, acquire data, integrate and collaborate. Given that the security nodes have their own batteries that are less protected; they face serious security challenges such as malicious programs as well as defect of the tag. On the Network layer, Farooq et al. (2015, p.4) posits that the layers faces a number of security issues like hacker intrusion, network content security as well as unauthorised access. On the application layer, some of the security issues include database access control, privacy protection, information leakage, as well as the software intellectual property (Bhabad & Bagade, 2015, p.3). In their study, Das and Sharma (2016, p.26), noted that the there are problems associated with information gathering in the IoT, especially in terms of massive gathered information. According to Das and Sharma (2016, p.26), the IoT has millions of unique objects, which emanate information that result in the problems of transmission, processing as well as storing. There is no guarantee that ‘all things’ data can be transmitted in real time owing to the bandwidth bottlenecks. In terms of security and privacy, Das and Sharma (2016, p.27) posit that IoT face a number of threats like wireless information attack, physical attack, low self-defence as well as snooping. For instance, a malicious intruder can tamper the unprotected IoT devices; thus, obtaining information before reaching the required destination. The main challenges of IoT are security issues, data integrity and authentication bearing in mind that the number of smart objects within the wireless network is increasing. Using solutions such as the Keyed-Hash Message Authentication Code (HMAC) as mentioned by Das and Sharma (2016) in protecting the data from attacks has been proposed widely. Given that security has become an important component for allowing increased adoption of IoT applications and technologies, there is a need for a system-level privacy, authentication and, confidentiality. Therefore, with no innovative security measures and suitable inventions, the IoT security threats are inclined to persist. While evaluating the effect of resource constraints on the IoT devices, Heer et al. (2011, p.533) observed that the IoT is a network that is constrained with resources and depends on low-bandwidth and lossy communication channels between small nodes. Therefore, such attributes have a direct effect on the threats to IoT devices’ security protocols. They further established that utilising the small packets can lead to the larger packets fragmentation of the IoT security protocols. As a result, this could open new vectors of attack which could be very tragic, especially if the fragmentation is attributed to the large exchange of key messages in the IoT security protocols. Borgohain et al. (2015, p.2376)while surveying the security flaws that exist in the IoT, found out that adopting sound security measures that could counter the IoT security flaws and implementing different systems for intrusion detection and utilising effective communication techniques can result in more robust and secure IoT infrastructure. Mondal et al. (2015, p.10) pointed out that location-based mobile attack and homogeneity attack normally affects the road networks and result i the leakage of privacy. Adding a Wi-Fi enabled devices into the LANs (local area networks) with no consideration to the proper security can pose a major threat to the IoT security. According to Rajeswari (2016, p.394), when the IoT users allow the TCP/IP-based endpoints onto the LAN devoid of implementing security protocols, they will be posing a serious security threat to the IoT device. Most hackers normally exploit all networks they come across and the challenge attributed to the Network Address Translation (NAT) boxes is that they are the first line of network defence against different forms of attacks. Therefore, when a Wi-Fi enabled device is added into the LAN, it can likely connect to the malicious servers (Rajeswari, 2016, p.394). According to Chasaki and Mansour (2015, p.142), the common characteristics of IoT components is that they have unique identifiers that makes them easily identified, positioned and eventually controlled by means of the internet. The majority of the remotely controlled and interconnected devices have inbuilt intelligence such as sensors used for collecting the environment information. Chasaki and Mansour (2015, p.142) posit that combining response and sensing actions in the IoT with the communication and processing functionality within the computational domain can enable the device to offer innovation in the application domains like manufacturing, home automation, healthcare, smart appliances and so forth. Even though IoT devices can help solve different societal problems, Subramanian et al. (2015, p.35) established that the unlimited access to a lot of data can result in major privacy and security challenges such as insufficient authentication (many users of IoT devices depend on simple and weak passwords that can be compromised easily). They further established that the majority of IoT-based solutions have a mobile/web interface for consuming aggregated data or device management, but the web interface is vulnerable to the various vulnerabilities, like cross-site scripting vulnerabilities, weak default credentials as well as poor session management. On the other hand, the privacy risk crops up from the smart = objects in the IoT that gather and aggregate data fragments, which are associated with their service (Subramanian et al., 2015, p.35). In Fremantle and Scott (2015, p.9) study, they reviewed the existing literature with regard to the approaches and challenges to security in IoT, with emphasis on IoT middleware. They define Middleware as computer software having an intermediary function between different computer applications as well as its operating system. They established that there was no comprehensive analysis of the security for all the middleware systems. 3.0 Research Methodology In this research report, a mixed research methodology is used to conduct the research, and in involves gathering, examining as well as integrating both qualitative and quantitative research. This mixed research methodology is used to create a better understanding of the research problem. 3.1 Qualitative Research Qualitative research is the process of collecting information, which is not in numerical form.  For this research report, document analysis will be used to systematically review and analyse both electronic and printed document material. Akin to other qualitative research, the document analysis will be used to examine and interpret date with the objective of gaining understanding, eliciting meaning as well as develop empirical knowledge. For this reason, prior literature will be reviewed as part of the study and the collected information will be incorporated in the report. As mentioned by Bowen (2009, p.28), document analysis normally generate data, which are organised into major case examples, categories, and themes. Document analysis method will be used to examine the security and privacy issues that exist in the IoT and effective countermeasure to the examined security challenges. 3.2 Quantitative Research On the other hand, quantitative research involves gathering information in the numerical form so as to place them in rank order or categories, or to measure the date in measurement units.  Normally, this form of data is utilised to construct tables or graphs of raw data. The quantitative method used in this study is the causal-comparative research method, which could help uncover the ‘cause and effect’ relationship with the view to IoT security challenges. The research will solely look for a statistical relationship between security challenges and privacy issues with the objective of trying to identify how different layers of IoT are affected by a similar circumstance. Therefore, the causal-comparative research will involve comparing security challenges associated with IoT. Statistical analysis will be used in order to synthesise data clearly for presentation. 3.3 Data Collection As mentioned earlier, document analysis is the research method that will be used in the report, and will involve examining the existing documents that focus on security challenges of IoT. The objective of collecting data from the existing literature will be to create an understanding of the substantive content of the research problem and illuminate deeper meanings. Data will be collected from conference papers, research papers, working papers, and journal. The literature research will allow the previous work to be used in this report; thus, creating an understanding of the previous findings and experiences with regard to the research problem. 3.4 Data Analysis The Analysis of the collected data will involve a between-study literature analysis, which will involve contrasting as well as comparing information from different literature sources. Furthermore, factor analysis will be used to identify the internal structure of various security variables associated with IoT. Factor analysis was considered important because it does not require that the criterion and predictor variables to be defined. Therefore, factor analysis is utilised with the objective of identifying the relationship between every security variable involved in the analysis set. The objective of factor analysis will be to determine the number of factors required to explain the set of security variables and will help offer interpretation with regard to the common factors. 4.0 Evaluation of Results & Findings 4.1 Results & Findings With the view to the existing literature, it was determined that anonymity was a major risk given that most smartphones, PCs as well as other devices normally leave behind unique ‘fingerprints’ after their utilisation. The research further demonstrated that a malicious attacker can gather the devices’ properties such as versions of installed software, screen size, and also the installed fonts so as to generate unique devices’ identifiers that could be used to track users’ online activities. The research also demonstrated that connecting a lot of heterogeneous objects into the internet could increase the attack surface since when the number of connected objects are many it becomes challenging to implement security mechanisms. The document analysis also showed that the traditional attacks such as password cracking. Furthermore, implementations of IoT can result in vulnerability to different forms of attacks; for instance, the smart objects and things are susceptible to attacks associated with reliability and availability such as denial-of-service (DoS) attacks. Additionally, smart things are vulnerable to disruption and capturing attacks whereby the intruder tries to take control and bring about a malfunction. It was also determined that computing devices and data storage, which are the main IoT components are vulnerable to different categories of attacks such as DoS attacks, tampering as well as illegal access. Some of security issues, as well as solution, for every layer in IoT were determined through the document analysis (see Appendix Four). With the view to Suchitra and Vandana (2016, p.139) it was determined that the IoT information flows’ security should offer confidentiality, integrity, authentication as well as non-repudiation. 4.2 Discussion Scores of IoT devices as evidenced in Das and Sharma (2016) study are not reachable since the devices are mostly disconnected or lose connection. This creates a security challenge because the expectation of security is hard to achieve without the processing power. Therefore, the IoT security depends on the users’ ability to trust their environment. When the IoT devices are secured poorly they can act as the ingress points for malicious programmers who can easily re-program the device; thus, intentionally making them to malfunction. Furthermore, when the IoT devices are designed poorly, they can expose the users to data theft since the objects and data streams are left unattended. The existing strategies, methods, and tools related to IoT needs new consideration with the view to the conventional strategies and system. Some of the IoT problems normally arise from backgrounds such as devices evolution and reconfiguration. As mentioned by Das and Sharma (2016), appropriate and effective IoT security solutions may only be realised if the users come up with a mutual security. Therefore, Das and Sharma proposed a collaborative model is a suitable approach that could help IoT users to secure its components. With the view to Abomhara and Køien (2014) study, it is evident that the IoT exponential growth of has brought about enormous security as well as privacy risks. The majority of these risks are caused by device vulnerabilities, which originate from the improper utilisation of system resources as well as cybercrime. Abomhara and Køien noted that understanding the potential attacks on IoT can help the system developers to find where to focus on. The most common attacks on IoT include physical attacks, DoS, as well as privacy attacks. Hossain et al. (2015 , p.3) provide evidence showing that IoT devices are characteristically resource-constrained; therefore, the major security challenges related to IoT devices are computational constraint, tamper-resistant packaging, and memory constraint. Hossain et al. (2015) further IoT attack surfaces and determine the possible vulnerabilities related to these attacks (see Appendix Four). While determining the security challenges in the Industrial IoT, Meltzer (2015, p.24) noted that the industrial IoT is evolving and growing rapidly. They further established that the Industrial IoT systems’ attack vectors, as well as threats related to them, are very different. Even though different standard concepts of IT security may be used, much emphasis should be placed on the constraints and requirements in such environments. Bekara (2014, p.536) echoed these sentiments, arguing that when managing security policies, protocols and algorithms, a number of challenges should be considered: scalability, mobility, deployment, legacy systems, constrained resources, and heterogeneity. As the IoT continues to advance, Covington and Carskadden (2013, p.10) assert that they will become more and more distributed and mobile; therefore, scores of contemporary security tools and processes depending on information density will have to be changed considerably. A number of the analysed studies such as Hancke et al. (2010) and Cirani et al. (2013) maitained that the widespread acceptance of IoT relies heavily on strong operational and technical, privacy and security solutions. There are many security countermeasures to the IOT security challenges; access control, certification, cloud computing as well as data encryption. Access control is an important way of providing a secure environment of IOT through the limitation of the access control for people, objects or machines that have no authorisation to access the resources. Certification is also a secure mechanism that can be used to confirm the true identity of the communicating parties. Therefore, utilisation of the Public Key Infrastructure (PKI) can help the IoT users to realise a strong authentication through two-way certification of the public key that could protect IOT system confidentiality as well as authenticity (van Tilborg & Jajodia, 2014, p.585). Data encryption is a technique that could be utilised to prevent the tampering of information as well as protect integrity and confidentiality of the information. Encryption could prevent attackers from deciphering the data. Lastly, the cloud computing is a suitable measure in IOT security challenges because it offers in enormous data storage capacity for a large number of IoT sensor nodes that gather and analyse large amount of data. 5.0 Conclusion In conclusion, this report has identified the security challenges in the IoT. As mentioned in the report, the security at every layer of IoT is expository to the general functioning of the IoT. Therefore, security is required at all layers of the IoT system; each layer has networks, applications or devices. Because of different communication standards and overloads, the traditional security measures cannot be used on the IoT because the loopholes in the technology results in generated malicious data and the devices could be compromised. Therefore, a flexible way of managing the security threats in the dynamic IoT environment as well as new ideas and nonstop researchers must be regulated occasionally for the different surfacing challenges. When the IoT devices are poorly secured, it can act as a potential cyber-attack entry point; thus, exposing users’ data to infringement since the data streams have not been secured adequately. As it will be evidenced in this research report, the IoT devices’ interconnected nature signify that all devices that are connected online but poorly protected can adversely affect resilience and security of the Internet. This security challenge is exacerbated by other factors such as deploying homogenous IoT devices in a mass-scale, capability of some devices to connect automatically with other devices, as well as the probability of fielding such devices in environments that are not secure. Evidently, the IoT brings about many challenges and constraints that must be secured. Although modern-day systems utilise standards, which can be implemented easily and focus on different forms of storage and communication, there exists no standard solution that is suitable for all device in the IoT, owing to the different constraints sandwiched between different devices, lead to cataloguing in the IoT. References Abomhara, M. & Køien, G.M., 2014. Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks. Journal of Cyber Security, vol. 4, pp.65–88. Bekara, C., 2014. Security Issues and Challenges for the IoT-based Smart Grid. Procedia Computer Science, vol. 34, pp.532 – 537. Bhabad, M.A. & Bagade, S.T., 2015. Internet of Things: Architecture, Security Issues and Countermeasures. International Journal of Computer Applications, vol. 125, no. 14, pp.1-4. Borgohain, T., Kumar, U. & Sanyal, S., 2015. Survey of Security and Privacy Issues of Internet of Things. The International Journal of Advanced Networking and Application, vol. 6, no. 4, pp.2372-78. Bowen, G.A., 2009. Document Analysis as a Qualitative Research Method Glenn A. Bowen WESTERN CAROLINA UNIVERSITY ABSTRACT. Qualitative Research Journal, vol. 9, no. 2, pp.27-40. Chasaki, D. & Mansour, C., 2015. Security challenges in the internet of things. Int. J. Space-Based and Situated Computing, vol. 5, no. 3, pp.141-49. Cirani, S., Ferrari, G. & Veltri, L., 2013. Enforcing Security Mechanisms in the IP-Based Internet of Things: An Algorithmic Overview. Algorithms, vol. 6, pp.197-226. Covington, M.J. & Carskadden, R., 2013. Threat implications of the Internet of Things. In 5th International Conference on Cyber Conflict. Austin, Texas, 2013. IEEE. Das, D. & Sharma, B., 2016. General Survey on Security Issues on Internet of Things. International Journal of Computer Applications , vol. 139, no. 2, pp.23-29. Farooq, M.U., Waseem, M., Khairi, A. & Mazhar, S., 2015. A Critical Analysis on the Security Concerns of Internet of Things (IoT). International Journal of Computer Applications, vol. 111, no. 7, pp.1-6. Fremantle, P. & Scott, P., 2015. A security survey of middleware for the Internet of Things. PeerJ PrePrints , vol. 3, pp.1-23. Hancke, G.P., Markantonakis, K. & Mayes, K.E., 2010. Security Challenges for User-Oriented RFID Applications within the "Internet of Things. Journal of Internet Technology, vol. 11, no. 3, pp.307-13. Heer, T. et al., 2011. Security Challenges in the IP-based Internet of Things. Wireless Personal Communications, vol. 61, no. 3, pp.527–42. Hossain, M., Fotouhi, M. & Hasan, R., 2015. Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things. In IEEE World Congress on Services. Birmingham, 2015. Meltzer, D., 2015. Securing the Industrial Internet of Things. ISSA Journal, pp.24-30. Mondal, B., Kumar, D. & Mandal, T., 2015. Security Challenges in Internet of Things (IoT). International Journal of Software and Web Sciences, vol. 13, no. 1, pp.8-12. Rajeswari, B., 2016. Addressing Security Challenges In Internet of Things. International Journal of Scientific Engineering and Applied Science. vol, 2, no. 3, pp.393-95. Subramanian, S., Gopal, V.V. & Muthusamy, M., 2015. Security and Privacy Challenges of IoT-enabled Solutions. ISACA Journal, vol. 4, pp.33-36. Suchitra, C. & Vandana, C.P., 2016. Internet of Things and Security Issues. International Journal of Computer Science and Mobile Computing, vol. 5, no. 1, pp.133 – 139. van Tilborg, H.C.A. & Jajodia, S., 2014. utilisation of the Public Key Infrastructure (PKI) can help the IoT users to realise a strong authentication. New York: Springer Science & Business Media. Appendices Appendix One: Internet of things Appendix Two: Generic Architecture of IoT Appendix Three: Security Architecture of IoT Appendix Four: IoT Security Issues and Solutions Read More