شناسایی تهدیدها و آسیبپذیریهای رایج در فضای اینترنت اشیاء و ارائه راهکارهای امنیتی جهت مواجهه با آنها
محورهای موضوعی : دانش شناسی
صفیه طهماسبی لیمونی
1
,
شهرزاد قاسمی
2
,
رقیه قربانلو
3
1 - گروه علم اطلاعات و دانش شناسی، واحد بابل، دانشگاه آزاد اسلامی ، بابل، ایران
2 - گروه علم اطلاعات و دانششناسی، واحد بابل، دانشگاه آزاد اسلامی، بابل، ایران
3 - پژوهشگاه ارتباطات و فناوری اطلاعات، تهران، ایران
کلید واژه: آسیبپذیری, اینترنت اشیاء, تهدید امنیتی, الزام امنیتی,
چکیده مقاله :
هدف: هدف از این پژوهش، شناسایی تهدیدها و آسیبپذیریهای رایج اینترنت اشیاءو ارائه راهکارهای امنیتی جهت مواجهه با آن ها است. روش پژوهش: روش پژوهش ازنظر هدف کاربردی و ازنظر گردآوری داده توصیفی - پیمایشی است. جامعه آماری شامل کلیه اساتید و متخصصان حوزه اینترنت اشیاء در دانشگاههای شهر تهران به تعداد 50 نفر بودند. روش نمونه گیری از نوع نمونه گیری غیرتصادفی در دسترس بود. حجم نمونه برابر با جامعه آماری مشخص شد. ابزار پژوهش پرسشنامه محقق ساخته از مطالعه سیستماتیک ادبیات موضوعی بود. اعتبار پرسشنامه ها با رجوع به متخصصان درحوزه اینترنت اشیاء اخذ گردید. پایایی ابزار با استفاده از آلفای کرونباخ برای پرسشنامه 88/0 بود. تحلیل داده ها با استفاده از آمار توصیفی و استنباطی توسط نرمافزار اس.پی. اس. اس انجام شد. یافته ها: با اینکه استانداردهای مختلفی در حوزه مسئله امنیت و محرمانگی در اینترنت اشیاء در حال توسعه است ولی همچنان نیازمندیهای امنیتی اینترنت اشیاء و حتی مخاطرههای آن بهخوبی شناسایی و تحلیل نشدهاست و نیازمند سازوکارهای محرمانگی، صحت، احرازهویت و کنترلدسترسی بهصورت دقیق است. بر اساس یافته های حاصل از آزمون های این پزوهش آسیبپذیریها در 21 گروه قابل طبقه بندی و استناد خواهند بود. نتیجه گیری: نتایج آزمون ها نشان دهنده آن است خبرگان مختلف حسب دیدگاه و حوزه فعالیت خود، مجموعه متنوعی را بهعنوان راهکارهای امنیتی جهت مواجهه با تهدیدهای امنیتی در حوزه اینترنت اشیاء تبیین نمودهاند، اما با جمعبندی نظرات ارائهشده توسط شرکتکنندگان میتوان مهمترین راهکارهای امنیتی در برابر تهدیدهای امنیتی در فضای اینترنت اشیاء را شامل احراز و تصدیق هویت کارآمد دوطرفه، کنترلدسترسی، پیکربندی معماری امن، رمزنگاری ارتباطات و دادهها و وقایعنگاری و مانیتورینگ دانست.
Objective: the objective of this research is to identify the common threats and vulnerabilities in IoT and offering security policies to cope with them. Methods: the methodology of this research is applied based on its objective, and descriptive-surveying based on data collection. The statistical population includes all exerts and professors of IoT in universities of Tehran with 50 members. The sampling method was convenience non-random. The sample volume detected was similar to the statistical population. The research tool was the researcher-made questionnaire from the systematic study of thematic literature. The validity of the questionnaires was obtained by referring to the experts of the IoT field. The reliability of the tool was 0.88 using Cronbach’s alpha coefficient for the questionnaire. Data was analyzed using descriptive and inferential statistics by SPSS software. Results: Although various standards have been developed in the field of security and confidentiality in IoT, the security needs of IoT and even its risks have not been still identified and analyzed. In addition, it needs confidentiality mechanisms, accuracy, authentication, and access control precisely. According to the findings of the tests of this research, vulnerabilities can be classified and cited in 21 groups. Conclusion: the results of tests show that various experts based on their landscapes and activity fields determined a varied set of security policies to cope with Internet threats in the IoT field. However, the most important security policies against the security threats in IoT include mutual and efficient authentication, access control, secure architecture configuration, encryption of communications and data, chronology, and monitoring by concluding the provided ideas.
A. Bassi, G. H. Sintef and E. Hitachi,(2008). Internet of Things in 2020: A Roadmap for the future. European Commission/ EPoSS Expert workshop on RFID/ Internet of Things, Brussels, 2008.
Ahmad, W. A., & Andrew, M. (2014). Threat-Based Security Analysisfor the Internet of Things. In Secure Internet of Things (SIoT). IEEE, 35–43
Alam, S.; Chowdhury, M., & Noll, J. (2010). Senaas: An event-driven sensor virtualization approach for internet of things cloud. IEEE International Conference, 1-6
Antonio, I.; Morabito, G., & Iera, L. (2010). The Internet of Things: A survey. Computer Networks, 54, 2787-2805.
Arbia R.; Enrico N.; Yacine Ch.; and et. al. (2014). A systemic and cognitive approach for IoT security. International Conference on Computing, Networking and Communications (ICNC).
Ashton, K. (2009). That ‘‘Internet of Things’’ thing. RFiD Journal.
Bansal, A.; Arora, D.; Suri, A. (2018). Internet of Things: Beginning of New Era for Library. Library Philsophy and Practicec e-Journal.
Bhunia, S.; and et al.(2014). Hardware Trojan attacks: threat analysis and countermeasures. Proceedings of the IEEE 102.8, 1229-1247.
CASAGRAS, "Final Report, RFID and Inclusive Model for the Internet of Things," Coordination and support action for global RFID-related activities and standardization (EU Framework 7 Project), 2009.
Changmin L.; Luca Z.; Kwanghee Ch.; and Hyeong-Ah Ch. (2014). Securing Smart Home: Technologies, Security Challenges, and Security Requirements, IEEE Conference on Communications and Network Security (CNS).
Cisco System. (2011). http://www.cisco.com/IoT. Retrieved from http://www.cisco.com.
Forrester Research Council. (2010). https://www.forrester.com/IoT. Retrieved from https://www.forrester.com.
Gao, Y., Peng, Y., Xie, F., Zhao, W., Wang, D., Han, X., Li, Z. (12-13 Oct. 2013). Analysis of security threats and vulnerability for cyber-physical systems. Paper presented at the Proceedings of 2013 3rd International Conference on Computer Science and Network Technology
Hui L. and Xin Z. (2011). Study on Security Architecture for Internet of Things. International Conference, ICAIC.
ITU Telecommunication Standardization, "ITU-T Recommendation database," 15 06 2012. [Online].
Kombade, R. D., & Meshram, B. (2012). CSRF Vulnerabilities and Defensive Techniques. International Journal of Computer Network and Information Security, 4(1), 31.
Md. Mahmud Hossain, Fotouhi, M.; and Ragib Hasan, (2015). Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things. IEEE World Congress on Services (SERVICES).
Modoff, B.; Bhagavath, V.; & Clifton, K. (2014). The Internet of Things. Retrieved from www.db.com.
Abomhara m.; Køien,G. M. (2014). Security and Privacy in the Internet of Things: Current Status and Open Issues. IEEE, 2014.
Mukherjee, A. (2015). Physical-layer security in the internet of things: Sensing and communication confidentiality under resource constraints. Proceedings of the IEEE 103, 1747-1761.
Pejang, A.; Abtahi, A., Rajabzadeh, A. (2016). Examining the challenges of Internet connection integrity in the Internet of Things. Fourth International Conference on Electrical, Computer and Electronics Engineering,Ahar.
Qazi, M. A.; Mohamed, H. H. (2014). Autonomic schemes for threat mitigation in Internet of Things. Elsevier Ltd, (49), 112-127.
RFID Research Group. (2009). http://www.fridjournalevents.com/IoT. Retrieved from http://www.fridjournalevents.com.
Sachin, B.; Parikshit, M.; Antonietta, S.; Neeli, P., & Ramjee, P. (2010). Proposed security model and threat taxonomy for the Internet of Things (IoT). Springer Berlin Heidelberg,(89), 420-429.
Shafi'i, S.(2016). Analysis of challenges to the development of IoT technology. Security threats and digital divide. Monthly short article.,1(7), 1-8
Qusay Idrees, S. (2013). Security Attacks and Countermeasures for Wireless Sensor Networks: Survey. International Journal of Current Engineering and Technology ,3.2, 628-635.
Manikantan, S. D.; Venugopal V.(2014). Design, implementation and security analysis of hardware Trojan threats in FPGA. Communications (ICC), IEEE International Conference on. IEEE, 2014.
Sun, Y.; Yan, H.; Lu, C. and et. al. (2012). A holistic approach to visualizing business models for the internet of things. Communications in Mobile Computing.
Suo, H.; Wan, J.; Zou, C.; & et. al (2012). Security in the internet of things: a review (2012). Paper presented at the Computer Science and Electronics Engineering (ICCSEE), 2012 international conference on.
Tapalina B.; Rituparna C.; and Nabendu C. (2013). Study of Security Issues in Pervasive Environment of Next Generation Internet of Things. Computer Information Systems and Industrial Management,Volume 8104 of the series Lecture Notes in Computer Science pp 206-217.
Tehranipoor, M.; Koushanfar, F. (2010). A survey of hardware trojan taxonomy and detection." IEEE Design & Test of Computers 27.1
Vandana, C. P. M.; Bhattacharjee, M. A..; Gopta, M. A. (2017). library management system Based on IOT. TJRDO-Journal of Computer Science Engineering, 3 (4).
Vermesan, O.; Friess, P. (2013). Internet of Things: Converging Technologies for Smart Environments and Integrated Ecosystems. Denmark: River Publishers.
Xu Xingmei; Zhou Jing, Wang He, (2013). Research on the Basic Characteristics, the Key Technologies, the Network Architecture and Security Problems of the Internet of Things. 3rd International Conference on Computer Science and Network Technology (ICCSNT).
Yazdanpanah, H.; Hasana Ahangar, M.(2016). Internet of Things (IoT): Applications, technologies and challenges discussed. 8th International Conference on Information Technology and Knowledge. Hamedan.
Yenumula B Reddy, (2014). Cloud-based Cyber Physical Systems: Design Challenges and Security Needs. 10th International Conference on Mobile Ad-hoc and Sensor Networks (MSN).
Zargar, M. (2019). Assessment of Barriers to Establishing the Internet of Things in Libraries in Iran based on a Combined Approach. Iranian Journal of Infornation Processing and Management., 34(3),1371-1398.
Zhi, K. Z.; Michael, C. Y.; Shiuhpyng, S.; IEEE, f. (2015). Emerging Security Threats and Countermeasures in IoT. ACM ,1-6.
_||_