Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks
Keywords:Internet of Things, Cyber-attack, Security threats
Internet of Things (IoT) devices are rapidly becoming ubiquitous while IoT services are becoming pervasive. Their success has not gone unnoticed and the number of threats and attacks against IoT devices and services are on the increase as well. Cyber-attacks are not new to IoT, but as IoT will be deeply interwoven in our lives and societies, it is becoming necessary to step up and take cyber defense seriously. Hence, there is a real need to secure IoT, which has consequently resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper is an attempt to classify threat types, besides analyze and characterize intruders and attacks facing IoT devices and services.
L. Atzori, A. Iera, and G. Morabito, “The internet of things: A survey,” Computer networks, vol. 54, no. 15, pp. 2787–2805, 2010.
S. Andreev and Y. Koucheryavy, “Internet of things, smart spaces, and next generation networking,” Springer, LNCS, vol. 7469, p. 464, 2012.
J. S. Kumar and D. R. Patel, “A survey on internet of things: Security and privacy issues,” International Journal of Computer Applications, vol. 90, no. 11, pp. 20–26, March 2014, published by Foundation of Computer Science, New York, USA.
A. Stango, N. R. Prasad, and D. M. Kyriazanos, “A threat analysis methodology for security evaluation and enhancement planning,” in Emerging Security Information, Systems and Technologies, 2009. SECURWARE'09. Third International Conference on. IEEE, 2009, pp. 262–267.
D. Jiang and C. ShiWei, “A study of information security for m2m of iot,” in Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on, vol. 3. IEEE, 2010, pp. V3–576.
B. Schneier, Secrets and lies: digital security in a networked world. John Wiley & Sons, 2011.
J. M. Kizza, Guide to Computer Network Security. Springer, 2013.
M. Taneja, “An analytics framework to detect compromised iot devices using mobility behavior,” in ICT Convergence (ICTC), 2013 International Conference on. IEEE, 2013, pp. 38–43.
G. M. Koien and V. A. Oleshchuk, Aspects of Personal Privacy in Communications-Problems, Technology and Solutions. River Publishers, 2013.
N. R. Prasad, “Threat model framework and methodology for personal networks (pns),” in Communication Systems Software and Middleware, 2007. COMSWARE 2007. 2nd International Conference on. IEEE, 2007, pp. 1–6.
O. Vermesan, P. Friess, P. Guillemin, S. Gusmeroli, H. Sundmaeker, A. Bassi, I. S. Jubert, M. Mazura, M. Harrison, M. Eisenhauer et al. “Internet of things strategic research roadmap,” Internet of Things-Global Technological and Societal Trends, pp. 9–52, 2011.
S. De, P. Barnaghi, M. Bauer, and S. Meissner, “Service modelling for the internet of things,” in Computer Science and Information Systems (FedCSIS), 2011 Federated Conference on. IEEE, 2011, pp. 949–955.
G. Xiao, J. Guo, L. Xu, and Z. Gong, “User interoperability with heterogeneous iot devices through transformation,” 2014.
J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, “Internet of things (iot): A vision, architectural elements, and future directions,” Future Generation Computer Systems, vol. 29, no. 7, pp. 1645–1660, 2013.
M. Zorzi, A. Gluhak, S. Lange, and A. Bassi, “From today's intranet of things to a future internet of things: a wireless-and mobility-related view,” Wireless Communications, IEEE, vol. 17, no. 6, pp. 44–51, 2010.
C. Hongsong, F. Zhongchuan, and Z. Dongyan, “Security and trust research in m2m system,” in Vehicular Electronics and Safety (ICVES), 2011 IEEE International Conference on. IEEE, 2011, pp. 286–290.
I. Cha, Y. Shah, A. U. Schmidt, A. Leicher, and M. V. Meyerstein, “Trust in m2m communication,” Vehicular Technology Magazine, IEEE, vol. 4, no. 3, pp. 69–75, 2009.
J. Lopez, R. Roman, and C. Alcaraz, “Analysis of security threats, requirements, technologies and standards in wireless sensor networks,” in Foundations of Security Analysis and Design V. Springer, 2009, pp. 289–338.
R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, 2013.
Y. Cheng, M. Naslund, G. Selander, and E. Fogelstrom, “Privacy in machine-to-machine communications a state-of-the-art survey,” in Communication Systems (ICCS), 2012 IEEE International Conference on. IEEE, 2012, pp. 75–79.
M. Rudner, “Cyber-threats to critical national infrastructure: An intelligence challenge,” International Journal of Intelligence and CounterIntelligence, vol. 26, no. 3, pp. 453–481, 2013.
R. Kozik and M. Choras, “Current cyber security threats and challenges in critical infrastructures protection,” in Informatics and Applications (ICIA), 2013 Second International Conference on. IEEE, 2013, pp. 93–97.
P. N. Mahalle, N. R. Prasad, and R. Prasad, “Object classification based context management for identity management in internet of things,” International Journal of Computer Applications, vol. 63, no. 12, pp. 1–6, 2013.
A. Gluhak, S. Krco, M. Nati, D. Pfisterer, N. Mitton, and T. Razafindralambo, “A survey on facilities for experimental internet of things research,” Communications Magazine, IEEE, vol. 49, no. 11, pp. 58–67, 2011.
Y. Benazzouz, C. Munilla, O. Gunalp, M. Gallissot, and L. Gurgen, “Sharing user iot devices in the cloud,” in Internet of Things (WF-IoT), 2014 IEEE World Forum on. IEEE, 2014, pp. 373–374.
G. M. Køien, “Reflections on trust in devices: an informal survey of human trust in an internet-of-things context,” Wireless Personal Communications, vol. 61, no. 3, pp. 495–510, 2011.
D. Miorandi, S. Sicari, F. De Pellegrini, and I. Chlamtac, “Internet of things: Vision, applications and research challenges,” Ad Hoc Networks, vol. 10, no. 7, pp. 1497–1516, 2012.
M. Thoma, S. Meyer, K. Sperner, S. Meissner, and T. Braun, “On iot-services: Survey, classification and enterprise integration,” in Green Computing and Communications (GreenCom), 2012 IEEE International Conference on. IEEE, 2012, pp. 257–260.
M. Abomhara and G. Koien, “Security and privacy in the internet of things: Current status and open issues,” in PRISMS 2014 The 2nd International Conference on Privacy and Security in Mobile Systems (PRISMS 2014), Aalborg, Denmark, May 2014.
D. Watts, “Security and vulnerability in electric power systems,” in 35th North American power symposium, vol. 2, 2003, pp. 559–566.
D. L. Pipkin, Information security. Prentice Hall PTR, 2000.
E. Bertino, L. D. Martino, F. Paci, and A. C. Squicciarini, “Web services threats, vulnerabilities, and countermeasures,” in Security for Web Services and Service-Oriented Architectures. Springer, 2010, pp. 25–44.
D. G. Padmavathi, M. Shanmugapriya et al., “A survey of attacks, security mechanisms and challenges in wireless sensor networks,” arXiv preprint arXiv:0909.0576, 2009.
H. G. Brauch, “Concepts of security threats, challenges, vulnerabilities and risks,” in Coping with Global Environmental Change, Disasters and Security. Springer, 2011, pp. 61–106.
K. Dahbur, B. Mohammad, and A. B. Tarakji, “A survey of risks, threats and vulnerabilities in cloud computing,” in Proceedings of the 2011 International conference on intelligent semantic Web-services and applications. ACM, 2011, p. 12.
R. K. Rainer and C. G. Cegielski, Introduction to information systems: Enabling and transforming business. John Wiley & Sons, 2010.
A. J. Duncan, S. Creese, and M. Goldsmith, “Insider attacks in cloud computing,” in Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on. IEEE, 2012, pp. 857–862.
P. Baybutt, “Assessing risks from threats to process plants: Threat and vulnerability analysis,” Process Safety Progress, vol. 21, no. 4, pp. 269–275, 2002.
C. Tankard, “Advanced persistent threats and how to monitor and deter them,” Network security, vol. 2011, no. 8, pp. 16–19, 2011.
F. Li, A. Lai, and D. Ddl, “Evidence of advanced persistent threat: A case study of malware for political espionage,” in Malicious and Unwanted Software (MALWARE), 2011 6th International Conference on. IEEE, 2011, pp. 102–109.
S. Ansari, S. Rajeev, and H. Chandrashekar, “Packet sniffing: a brief introduction,” Potentials, IEEE, vol. 21, no. 5, pp. 17–19, 2002.
M. De Vivo, E. Carrasco, G. Isern, and G. O. de Vivo, “A review of port scanning techniques,” ACM SIGCOMM Computer Communication Review, vol. 29, no. 2, pp. 41–48, 1999.
I. Naumann and G. Hogben, “Privacy features of european eid card specifications,” Network Security, vol. 2008, no. 8, pp. 9–13, 2008.
C. Wilson, “Botnets, cybercrime, and cyberterrorism: Vulnerabilities and policy issues for congress.” DTIC Document, 2008.
A. Daneels and W. Salter, “What is scada,” in International Conference on Accelerator and Large Experimental Physics Control Systems, 1999, pp. 339–343.
A. Nicholson, S. Webber, S. Dyer, T. Patel, and H. Janicke, “Scada security in the light of cyber-warfare,” Computers & Security, vol. 31, no. 4, pp. 418–436, 2012.
V. M. Igure, S. A. Laughter, and R. D. Williams, “Security issues in scada networks,” Computers & Security, vol. 25, no. 7, pp. 498–506, 2006.
M. Kelleye, “Business Insider. The Stuxnet attack on Irans Nuclear Plant was Far more Dangerous Than Previously Thought,” http://www.businessinsider.com/stuxnet-was-far-more-dangerous-than-previous-thought-2013-11/,2013, [Online; accessed 03-Sep-2014].
B. Jung, I. Han, and S. Lee, “Security threats to internet: a korean multi-industry investigation,” Information & Management, vol. 38, no. 8, pp. 487–498, 2001.
C. P. Mayer, “Security and privacy challenges in the internet of things,” Electronic Communications of the EASST, vol. 17, 2009.
A. R. Beresford, “Location privacy in ubiquitous computing,” Computer Laboratory, University of Cambridge, Tech. Rep, vol. 612, 2005.
S. Pramanik, “Threat motivation,” in Emerging Technologies for a Smarter World (CEWIT), 2013 10th International Conference and Expo on. IEEE, 2013, pp. 1–5.
D. Dolev and A. C. Yao, “On the security of public key protocols,” Information Theory, IEEE Transactions on, vol. 29, no. 2, pp. 198–208, 1983.
I. Cervesato, “The dolev-yao intruder is the most powerful attacker,” in 16th Annual Symposium on Logic in Computer ScienceLICS, vol. 1. Citeseer, 2001.
J. Sheldon, “State of the art: Attackers and targets in cyberspace,” Journal of Military and Strategic Studies, vol. 14, no. 2, 2012.
E. M. Archer, “Crossing the rubicon: Understanding cyber terrorism in the european context,” The European Legacy, no. ahead-of-print, pp. 1–16, 2014.
A. K. Al-Rawi, “Cyber warriors in the middle east: The case of the syrian electronic army,” Public Relations Review, 2014.
D. Ball, “Chinas cyber warfare capabilities,” Security Challenges, vol. 7, no. 2, pp. 81–103, 2011.