Identifying the common threats and vulnerabilities in the Internet of Things (IoT) and offering security policies for confronting them
Subject Areas : Journal of Knowledge Studiessafiyeh tahmasebi limooni 1 , Shahrzad Ghasemi 2 , Roghayeh Ghorbanloo 3
1 - Department of Knowledge & Information Science, Babol Branch, Islamic Azad University, Babol, Iran
2 - Department of Information Science and Dentistry, Babol Islamic Azad University, Babol, Iran
3 - Iran Telecommunication Research Center, Tehran, Iran
Keywords: Vulnerability, Research centers, IoT, security threat, security requirement,
Abstract :
Objective: the objective of this research is to identify the common threats and vulnerabilities in IoT and offering security policies to cope with them. Methods: the methodology of this research is applied based on its objective, and descriptive-surveying based on data collection. The statistical population includes all exerts and professors of IoT in universities of Tehran with 50 members. The sampling method was convenience non-random. The sample volume detected was similar to the statistical population. The research tool was the researcher-made questionnaire from the systematic study of thematic literature. The validity of the questionnaires was obtained by referring to the experts of the IoT field. The reliability of the tool was 0.88 using Cronbach’s alpha coefficient for the questionnaire. Data was analyzed using descriptive and inferential statistics by SPSS software. Results: Although various standards have been developed in the field of security and confidentiality in IoT, the security needs of IoT and even its risks have not been still identified and analyzed. In addition, it needs confidentiality mechanisms, accuracy, authentication, and access control precisely. According to the findings of the tests of this research, vulnerabilities can be classified and cited in 21 groups. Conclusion: the results of tests show that various experts based on their landscapes and activity fields determined a varied set of security policies to cope with Internet threats in the IoT field. However, the most important security policies against the security threats in IoT include mutual and efficient authentication, access control, secure architecture configuration, encryption of communications and data, chronology, and monitoring by concluding the provided ideas.
A. Bassi, G. H. Sintef and E. Hitachi,(2008). Internet of Things in 2020: A Roadmap for the future. European Commission/ EPoSS Expert workshop on RFID/ Internet of Things, Brussels, 2008.
Ahmad, W. A., & Andrew, M. (2014). Threat-Based Security Analysisfor the Internet of Things. In Secure Internet of Things (SIoT). IEEE, 35–43
Alam, S.; Chowdhury, M., & Noll, J. (2010). Senaas: An event-driven sensor virtualization approach for internet of things cloud. IEEE International Conference, 1-6
Antonio, I.; Morabito, G., & Iera, L. (2010). The Internet of Things: A survey. Computer Networks, 54, 2787-2805.
Arbia R.; Enrico N.; Yacine Ch.; and et. al. (2014). A systemic and cognitive approach for IoT security. International Conference on Computing, Networking and Communications (ICNC).
Ashton, K. (2009). That ‘‘Internet of Things’’ thing. RFiD Journal.
Bansal, A.; Arora, D.; Suri, A. (2018). Internet of Things: Beginning of New Era for Library. Library Philsophy and Practicec e-Journal.
Bhunia, S.; and et al.(2014). Hardware Trojan attacks: threat analysis and countermeasures. Proceedings of the IEEE 102.8, 1229-1247.
CASAGRAS, "Final Report, RFID and Inclusive Model for the Internet of Things," Coordination and support action for global RFID-related activities and standardization (EU Framework 7 Project), 2009.
Changmin L.; Luca Z.; Kwanghee Ch.; and Hyeong-Ah Ch. (2014). Securing Smart Home: Technologies, Security Challenges, and Security Requirements, IEEE Conference on Communications and Network Security (CNS).
Cisco System. (2011). http://www.cisco.com/IoT. Retrieved from http://www.cisco.com.
Forrester Research Council. (2010). https://www.forrester.com/IoT. Retrieved from https://www.forrester.com.
Gao, Y., Peng, Y., Xie, F., Zhao, W., Wang, D., Han, X., Li, Z. (12-13 Oct. 2013). Analysis of security threats and vulnerability for cyber-physical systems. Paper presented at the Proceedings of 2013 3rd International Conference on Computer Science and Network Technology
Hui L. and Xin Z. (2011). Study on Security Architecture for Internet of Things. International Conference, ICAIC.
ITU Telecommunication Standardization, "ITU-T Recommendation database," 15 06 2012. [Online].
Kombade, R. D., & Meshram, B. (2012). CSRF Vulnerabilities and Defensive Techniques. International Journal of Computer Network and Information Security, 4(1), 31.
Md. Mahmud Hossain, Fotouhi, M.; and Ragib Hasan, (2015). Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things. IEEE World Congress on Services (SERVICES).
Modoff, B.; Bhagavath, V.; & Clifton, K. (2014). The Internet of Things. Retrieved from www.db.com.
Abomhara m.; Køien,G. M. (2014). Security and Privacy in the Internet of Things: Current Status and Open Issues. IEEE, 2014.
Mukherjee, A. (2015). Physical-layer security in the internet of things: Sensing and communication confidentiality under resource constraints. Proceedings of the IEEE 103, 1747-1761.
Pejang, A.; Abtahi, A., Rajabzadeh, A. (2016). Examining the challenges of Internet connection integrity in the Internet of Things. Fourth International Conference on Electrical, Computer and Electronics Engineering,Ahar.
Qazi, M. A.; Mohamed, H. H. (2014). Autonomic schemes for threat mitigation in Internet of Things. Elsevier Ltd, (49), 112-127.
RFID Research Group. (2009). http://www.fridjournalevents.com/IoT. Retrieved from http://www.fridjournalevents.com.
Sachin, B.; Parikshit, M.; Antonietta, S.; Neeli, P., & Ramjee, P. (2010). Proposed security model and threat taxonomy for the Internet of Things (IoT). Springer Berlin Heidelberg,(89), 420-429.
Shafi'i, S.(2016). Analysis of challenges to the development of IoT technology. Security threats and digital divide. Monthly short article.,1(7), 1-8
Qusay Idrees, S. (2013). Security Attacks and Countermeasures for Wireless Sensor Networks: Survey. International Journal of Current Engineering and Technology ,3.2, 628-635.
Manikantan, S. D.; Venugopal V.(2014). Design, implementation and security analysis of hardware Trojan threats in FPGA. Communications (ICC), IEEE International Conference on. IEEE, 2014.
Sun, Y.; Yan, H.; Lu, C. and et. al. (2012). A holistic approach to visualizing business models for the internet of things. Communications in Mobile Computing.
Suo, H.; Wan, J.; Zou, C.; & et. al (2012). Security in the internet of things: a review (2012). Paper presented at the Computer Science and Electronics Engineering (ICCSEE), 2012 international conference on.
Tapalina B.; Rituparna C.; and Nabendu C. (2013). Study of Security Issues in Pervasive Environment of Next Generation Internet of Things. Computer Information Systems and Industrial Management,Volume 8104 of the series Lecture Notes in Computer Science pp 206-217.
Tehranipoor, M.; Koushanfar, F. (2010). A survey of hardware trojan taxonomy and detection." IEEE Design & Test of Computers 27.1
Vandana, C. P. M.; Bhattacharjee, M. A..; Gopta, M. A. (2017). library management system Based on IOT. TJRDO-Journal of Computer Science Engineering, 3 (4).
Vermesan, O.; Friess, P. (2013). Internet of Things: Converging Technologies for Smart Environments and Integrated Ecosystems. Denmark: River Publishers.
Xu Xingmei; Zhou Jing, Wang He, (2013). Research on the Basic Characteristics, the Key Technologies, the Network Architecture and Security Problems of the Internet of Things. 3rd International Conference on Computer Science and Network Technology (ICCSNT).
Yazdanpanah, H.; Hasana Ahangar, M.(2016). Internet of Things (IoT): Applications, technologies and challenges discussed. 8th International Conference on Information Technology and Knowledge. Hamedan.
Yenumula B Reddy, (2014). Cloud-based Cyber Physical Systems: Design Challenges and Security Needs. 10th International Conference on Mobile Ad-hoc and Sensor Networks (MSN).
Zargar, M. (2019). Assessment of Barriers to Establishing the Internet of Things in Libraries in Iran based on a Combined Approach. Iranian Journal of Infornation Processing and Management., 34(3),1371-1398.
Zhi, K. Z.; Michael, C. Y.; Shiuhpyng, S.; IEEE, f. (2015). Emerging Security Threats and Countermeasures in IoT. ACM ,1-6.
_||_