Security and Privacy Issues in Internet of Things (IoT) Essay Example
Recently it is observed, the concept of Internet of Things (IoT) has become attracting due to interconnection of various kinds of ‘things’ enabling to their promising paradigm to integration of several technologies devices and providing communication solutions, resulted into facing many problems related to security and privacy of IoT domain.
The objective of Internet of Things is to identifying and tracking technologies, connecting active and passive components with wired and wireless sensor, actuator networks, enhanced communication protocols and distributed intelligence for different smart objects, so that the sensor objects can be interconnected over the glob.
Internet of Things paradigm are reported to become a glorious fields because of enabling several different technologies of knowledge, such as telecommunications, informatics, electronics and social science are combined. Its prime focus is to provide smart and seamless services at the user end
...without any interruption.
Collecting information from different nodes and maintaining their confidentiality of an independent entity, and running together with privacy and security provision in IoT is the main concerning issues. The new epoch of creativity is boundless, that provide us amazing potential to improve of our modern lives. I would like to conclude this IoT vision by extending of Wireless Sensor Network (WSN), Radio Frequency Identification (RFID), the Internet and introduces several unique security threats over the distributed computing at technological research community.
IoT is an interconnection of everyday objects in a network that surrounded around us and connected by the network from one to another. Radio Frequency Identification, Wireless Sensor Network use the technology which will rise to meet the new challenge in the environment, in which information and communication systems are invisibly around us and intercommunication each other
by transmitting signal among the devices.
When the devices exchanging informatics, it is generating enormous amounts of data which have to be stored, processed, passed and presented in a seamless, efficient and easily interpretable structured form of data. It can also visualize services, monitor and manage various devices.
Interconnection of everyday objects in the network, which are usually equipped with tremendous intelligence level which leads to a highly dispersed network of devices communicating with human beings as well as electronic devices which support internet. Day by day numbers of internet users are increasing, as a result quality of lives will be improved and IoT will be the center of attraction of researchers and general professional person, throughout all over the world.
For security, there is a need of an advanced prototype which considers the security issues from a normal user perspective to comprising with the advanced users, by which they will intercommunication using this technology. Internet is the primary element of IoT, hence there can be security loophole issue. Securing intercommunication over the networks is a crucial issue for all the paradigms that are developing based on sensing programming for IoT applications.
Loopholes of security can be found in presentation layer, physical layer, network layer and application layer. At present times, IP- based intercommunication paradigm of Internet Architecture plays a crucial role in developing the ubiquitous interconnectivity of users and devices through IoT. For example, Smart Health Care, Transport, Industrialists, Policy Makers, Smart Homes, Smart Cities etc., Concepts like WSN, M2M and LoW PAN, RDIF are basis of IoT.
Threats to the Security in Internet of Things
Possible threats to the IoT are basically classified into the three types. They are
— Attacks against an IoT device, Attacks against the communication channel and Attacks against the server. Security is critical to any network, whenever a large scale networks are deployed then the security will be one of the major concerning issue.
There are many ways that the system could be attacked –by disabling the network availability; accessing personal information; pushing erroneous data into the network; Phishing is a fraudulent attempt, usually made through email, phone calls, SMS etc seeking your personal and confidential information. Physical components of IoT such as RFID, WSN and cloud are vulnerable to such attacks. The complex problems of security however have solutions which can be provided using cryptographic methods and deserves more research before they are widely accepted.
To block attackers against the outsider, the system have to ensures the confidentiality of encryption data, whereas message authentication codes ensure data integrity and authenticity. However, encryption does not protect against insider malicious attacks, to address which non-cryptographic means are needed, particularly in WSNs.
Also secure your IoT devices, new sensor applications need to be installed or existing ones to be updated periodically. A secure reprogramming protocol allows the nodes to authenticate every code update and prevent malicious installation. Most such protocols are based on the benchmark protocol and we need cryptographic add-ons and more sophisticated algorithms to be developed.
Security in the cloud is another important area of research which will need more attention. Along with the presence of the data and tools, cloud also handles economics of IoT which will make it a bigger threat from attackers. Security and identity protection becomes critical in hybrid clouds where a private as well as public clouds will
be used by businesses.
Attacks on Conceptual Layer. This is lowest layer in IoT and it is source of data in which information collected by the device. Security issues can be found in physical sending devices and security related attacks on WSN, which sense and control the environment can be secrecy and authentication, service integrity and network availability.
Security attack on RFID are common, like information leakage, replay attacks, information tracking, tampering, cloning attacks and capture gateway node, physical capture, unfair attacks, congestion attack, DoS attacks node replication attack and forward attack, respectively.
Attacks on Physical Layer. Selection of packages over the IoT devices and generation of carrier frequency is performed by this layer. Jamming and Node Tampering are being used to attack physical layer.
Attacks on Network Layer. Unlawful access of device information, eavesdropping of confidential data, virus etc. are done in network layer. IoT is connected to large number of devices, so different formats are used to collect data, and data is massive and collected from multi-sources. Network congestion can be occurred during the data transfer on the network, which results make a Dos type of attacks.
Attacks in Application Layer. Main major security issues in application layer are eavesdropping and tampering. Traffic management policy is implemented in this layer.
Trust, privacy and security management. Automatic communication of objects in our lives represents a danger for our future world due to deploying the IoT devices around our environment. Indeed, unseen by users, embedded RFID tags in our personal devices, clothes, and groceries can unknowingly be triggered to reply with their ID and other information.
The middle-ware must then include functions related to the management of the trust, privacy and security
of all the exchanged data. The architecture for medium and large scale wireless sensor networks, with a particular attention to the security issues so as to provide a trusted and secure environment for all applications. The middle-ware layer in this architecture mostly focuses on:
- the secure long-term logging of the collected environmental data over time and over some regions,
- functions that provides the nodes in the network with the abstraction of shared memory,
- the implementation of distributed information storage and collection (DISC) protocol for wireless sensor networks.
Security and Privacy
People will stand against the IoT as long as there is no public confidence that it will not cause serious threats to privacy. Lot of public concerns are indeed likely to focus on a certain number of security and privacy issues which are highly protect the devices of IoT and build up confidence of IoT users.
Security
The IoT is extremely vulnerable to attacks for several reasons. First, it is observed that its components spend most of the time unattended; and thus, it is easy to physically attack them. Second, most of the communications are wireless, so it is extremely simple to make eavesdropping. Finally, most of the IoT components are characterized by low capabilities in terms of both energy and computing resources and thus, they cannot implement complex schemes supporting security.
More specifically, the authentication and data integrity are major problems related to security. Authentication is difficult as it usually requires appropriate authentication infrastructures and servers that achieve their goal through the exchange of appropriate messages with other nodes. In this context, note that several solutions have been proposed for sensor networks in the recent past.
However, existing solutions can
be applied when sensor nodes are considered as part of a sensor network connected to the rest of the Internet via some nodes using the gateways. In the IoT scenarios, sensor nodes must be seen as nodes of the Internet, so that it becomes necessary to authenticate them even from nodes not belonging to the same sensor network.
Finally, none of the existing solutions can help in solving the proxy attack problem, also known as the man-in-the-middle attack problem. In this case, a node is utilized to identify something or someone and provides access to a certain service or a certain area, such types of attack could be successfully performed.
Privacy
People concerns about privacy should be well justified. In fact, there are many different ways in which data collection, mining, and provisioning will be accomplished in the IoT are completely different and there will be an amazing number of occasions for personal data to be collected using various type of devices.
Therefore, for human individuals it will be not possible to personally control the disclosure of their personal information due to lack of knowledge, important of information and compromise data security because of lack of awareness. It follows that the IoT really represents an environment in which privacy of individuals is seriously menaced in several ways.
Furthermore, while in the traditional Internet problems of privacy arise mostly for Internet users, in the IoT scenarios privacy problems arise even for people not using any IoT service. Accordingly, privacy should be protected by ensuring that individuals can control which of their personal data is being collected, who is collecting such data, and when this is happening.
Furthermore, the personal data collected should
be used only in the aim of supporting authorized services by authorized service providers; and finally, the above data should be stored only until it is strictly needed.
