Internet of things security vulnerabilities and recommended solutions
-
2019-02-26 https://doi.org/10.14419/ijet.v7i4.23147 -
Internet of Things (IoT), IoT Security, Authentication, Key Management, Signcryption. -
Abstract
The applications based on IoT are ubiquitous in providing passive user involvement on the collective approach of sensor technology, embedded system, networking and communication convergence with analytical computing. The application framework of IoT comprises of devices that are highly heterogeneous and compute migrations from sensor to IoT gateways to edge/fog computing to the cloud and then back to the client along with various alarming components. As observed from the review work, providing security for such networks is in its young stage in the form of an integrated architecture offering perfect security together with network and application possibilities although the shortcomings of IEFT and IEEE contribute more towards the same. Besides, the present researchers have not yet achieved the actual threshold of real-time performance potentials with respect to lesser computational complexity, usage of smaller key size, conformable security, lesser memory overheads, smaller ciphertext size, speedy processing time of algorithms, robust to possible threats and reduced communication/network overhead for ensuring a lighter security mechanism. This paper focusses on the security issues posed by large-scale heterogeneous IoT paradigm and arriving at a secure architectural framework adoptable by a variety of applications that include smart transportation, smart cities, smart healthcare, etc. based on IoT.
Â
Â
-
References
[1] Mukherjee S & Biswas GP (2018), Networking for IoT and applications using existing communication technology. Egyptian Informatics Journal 19(2), 107-127. https://doi.org/10.1016/j.eij.2017.11.002.
[2] Dorsemaine B, Gaulier JP, Wary JP, Kheir N & Urien P (2015), Internet of things: a definition & taxonomy. In Next Generation Mobile Applications, Services and Technologies, 2015 9th International Conference on, 72-77, IEEE. https://doi.org/10.1109/NGMAST.2015.71.
[3] Liu X & Baiocchi O (2016), A comparison of the definitions for smart sensors, smart objects and Things in IoT. In Information Technology, Electronics and Mobile Communication Conference (IEMCON), 2016 IEEE 7th Annual, 1-4, IEEE. https://doi.org/10.1109/IEMCON.2016.7746311.
[4] Voas J, Agresti B & Laplante P (2018), A closer look at IoT 's things. IT Professional 20(3), 11-14. https://doi.org/10.1109/MITP.2018.032501741
[5] Al Rabaiei KA & Harous S (2016), Internet of things: Applications and challenges. In Innovations in Information Technology (IIT), 2016 12th International Conference on, 1-6, IEEE. https://doi.org/10.1109/INNOVATIONS.2016.7880054.
[6] Miorandi D, Sicari S, De Pellegrini F & Chlamtac I (2012), Internet of things: Vision, applications and research challenges. Ad hoc networks 10(7), 1497-1516. https://doi.org/10.1016/j.adhoc.2012.02.016.
[7] Bandyopadhyay D & Sen J (2011), Internet of things: Applications and challenges in technology and standardization. Wireless Personal Communications 58(1), 49-69. https://doi.org/10.1007/s11277-011-0288-5.
[8] Al-Fuqaha A, Guizani M, Mohammadi M, Aledhari M & Ayyash M (2015), Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials. 17(4), 2347-2376. https://doi.org/10.1109/COMST.2015.2444095.
[9] Talavera JM, Tobón LE, Gómez JA, Culman MA, Aranda JM, Parra DT, Quiroz LA, Hoyos A & Garreta LE (2017), Review of IoT applications in agro-industrial and environmental fields. Computers and Electronics in Agriculture 142, 283-297. https://doi.org/10.1016/j.compag.2017.09.015.
[10] Weber RH (2010), Internet of Things–New security and privacy challenges. Computer law & security review 26(1), 23-30. https://doi.org/10.1016/j.clsr.2009.11.008.
[11] Roman R, Zhou J & Lopez J (2013), On the features and challenges of security and privacy in distributed internet of things. Computer Networks 57(10), 2266-2279. https://doi.org/10.1016/j.comnet.2012.12.018.
[12] Jing Q, Vasilakos AV, Wan J, Lu J & Qiu D (2014), Security of the Internet of Things: perspectives and challenges. Wireless Networks 20(8), 2481-2501. https://doi.org/10.1007/s11276-014-0761-7.
[13] Khan BUI, Baba AM, Olanrewaju RF, Lone SA & Zulkurnain NF (2015), SSM: Secure-Split-Merge data distribution in cloud infrastructure. In Open Systems (ICOS), 2015 IEEE Conference on, 40-45, IEEE. https://doi.org/10.1109/ICOS.2015.7377275.
[14] Khan BUI, Olanrewaju RF, Anwar F, Mir RN & Najeeb AR, A critical insight into the effectiveness of research methods evolved to secure IoT ecosystem. International Journal of Information and Computer Security, in press.
[15] Khan BUI, Olanrewaju RF & Habaebi MH (2013), Malicious behaviour of node and its significant security techniques in MANET-A review. Australian Journal of Basic and Applied Sciences 7(12), 286-293.
[16] Olanrewaju RF, Khan BUI, Mir RN & Shah A (2015), Behaviour visualization for malicious-attacker node collusion in MANET based on probabilistic approach. American Journal of Computer Science and Engineering 2(3), 10-19.
[17] Mir MS, Suhaimi B, Adam M, Khan BUI, Mattoo MMUI & Olanrewaju RF (2017), Critical security challenges in cloud computing environment: an appraisal. Journal of Theoretical & Applied Information Technology 95(10), 2234-2248.
[18] Flauzac O, Gonzalez C & Nolot F (2015), Original secure architecture for IoT based on SDN. In Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), 2015 International Conference on, 1-6, IEEE. https://doi.org/10.1109/NOTERE.2015.7293481.
[19] Li L (2012), Study on security architecture in the Internet of Things. In Measurement, Information and Control (MIC), 2012 International Conference on, vol. 1, 374-377, IEEE. https://doi.org/10.1109/MIC.2012.6273274.
[20] An Internet of Things Reference Architecture. Symantec. https://www.symantec.com/content/dam/symantec/docs/white-papers/iot-security-reference-architecture-en.pdf. 2016. Accessed October 8, 2018.
[21] Olanrewaju RF, Khan BUI, Baba A, Mir RN & Lone SA (2016), RFDA: Reliable framework for data administration based on split-merge policy. In SAI Computing Conference (SAI), 545-552, IEEE. https://doi.org/10.1109/SAI.2016.7556033.
[22] Olivier F, Carlos G & Florent N (2015), New security architecture for IoT network. Procedia Computer Science 52, 1028-1033. https://doi.org/10.1016/j.procs.2015.05.099.
[23] Qian J, Xu H & Li P (2016), A novel secure architecture for the Internet of Things. In Intelligent Networking and Collaborative Systems (INCoS), 2016 International Conference on, 398-401, IEEE. https://doi.org/10.1109/INCoS.2016.36.
[24] Zhao G, Si X, Wang J, Long X & Hu T (2011), A novel mutual authentication scheme for Internet of Things. In Modelling, Identification and Control (ICMIC), Proceedings of 2011 International Conference on, 563-566, IEEE. https://doi.org/10.1109/ICMIC.2011.5973767.
[25] Ye N, Zhu Y, Wang RC, Malekian R & Qiao-min L (2014), An efficient authentication and access control scheme for perception layer of internet of things. Applied Mathematics & Information Sciences 8(4), 1617-1624. https://doi.org/10.12785/amis/080416.
[26] Hu T, Wang J, Zhao G & Long X (2012), An improved mutual authentication and key update scheme for multi-hop relay in Internet of Things. In Industrial Electronics and Applications (ICIEA), 2012 7th IEEE Conference on, 1024-1029, IEEE. https://doi.org/10.1109/ICIEA.2012.6360873.
[27] Patel S, Patel DR & Navik AP (2016), Energy efficient integrated authentication and access control mechanisms for Internet of Things. In Internet of Things and Applications (IOTA), International Conference on, 304-309, IEEE. https://doi.org/10.1109/IOTA.2016.7562742.
[28] Ma H & Chen B (2016), An authentication protocol based on quantum key distribution using decoy-state method for heterogeneous IoT. Wireless Personal Communications 91(3), 1335-1344. https://doi.org/10.1007/s11277-016-3531-2.
[29] Barreto PS, Libert B, McCullagh N & Quisquater JJ (2005), Efficient and provably-secure identity-based signatures and signcryption from bilinear maps. In International Conference on the Theory and Application of Cryptology and Information Security, 515-532, Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593447_28.
[30] Li CK, Yang G, Wong DS, Deng X & Chow SS (2010), An efficient signcryption scheme with key privacy and its extension to ring signcryption. Journal of Computer Security 18(3), 451-473. https://doi.org/10.3233/JCS-2009-0374.
[31] Sun Y & Li H (2010), Efficient signcryption between TPKC and IDPKC and its multi-receiver construction. Science China Information Sciences 53(3), 557-566. https://doi.org/10.1007/s11432-010-0061-5.
[32] Huang Q, Wong DS & Yang G (2011), Heterogeneous signcryption with key privacy. The Computer Journal 54(4), 525-536. https://doi.org/10.1093/comjnl/bxq095.
[33] Li F & Xiong P (2013), Practical secure communication for integrating wireless sensor networks into the internet of things. IEEE Sensors Journal 13(10), 3677-3684. https://doi.org/10.1109/JSEN.2013.2262271.
[34] Li F, Han Y & Jin C (2016), Practical signcryption for secure communication of wireless sensor networks. Wireless Personal Communications 89(4), 1391-1412. https://doi.org/10.1007/s11277-016-3327-4.
[35] Rahayu TM, Lee SG & Lee HJ (2014), Security analysis of secure data aggregation protocols in wireless sensor networks. In Advanced Communication Technology (ICACT), 2014 16th International Conference on, 471-474, IEEE. https://doi.org/10.1109/ICACT.2014.6779005.
[36] George N & Parani TK (2014), Detection of node clones in wireless sensor network using detection protocols. International Journal of Engineering Trends and Technology 8(6), 286-291. https://doi.org/10.14445/22315381/IJETT-V8P253.
[37] Sundaram BV, Ramnath M, Prasanth M & Sundaram V (2015), Encryption and hash based security in internet of things. In Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, 1-6, IEEE. https://doi.org/10.1109/ICSCN.2015.7219926.
[38] Bellavista P, Cardone G, Corradi A & Foschini L (2013), Convergence of MANET and WSN in IoT urban scenarios. IEEE Sensors Journal 13(10), 3558-3567. https://doi.org/10.1109/JSEN.2013.2272099.
[39] Granjal J, Monteiro E & Silva JS (2015), Security for the internet of things: a survey of existing protocols and open research issues. IEEE Communications Surveys & Tutorials 17(3), 1294-1312. https://doi.org/10.1109/COMST.2015.2388550.
[40] Crossman MA & Liu H (2015), Study of authentication with IoT testbed. In Technologies for Homeland Security (HST), 2015 IEEE International Symposium on, 1-7, IEEE. https://doi.org/10.1109/THS.2015.7225303.
[41] Sharaf-Dabbagh Y & Saad W (2016), On the authentication of devices in the Internet of Things. In 2016 IEEE 17th International Symposium on, 1-3, IEEE. https://doi.org/10.1109/WoWMoM.2016.7523532.
[42] Ravindranath M. Why the Internet of Things Needs Different Encryption. Nextgov.com. https://www.nextgov.com/cybersecurity/2016/08/internet-things-needs-newer-lighter-cryptography/130946/. 2016. Accessed October 8, 2018.
[43] Raza S, Seitz L, Sitenkov D & Selander G (2016), S3K: scalable security with symmetric keys—DTLS key establishment for the Internet of things. IEEE Transactions on Automation Science and Engineering 13(3), 1270-1280. http://dx.doi.org/10.1109/TASE.2015.2511301.
[44] Nadir I, Zegeye WK, Moazzami F & Astatke Y (2016), Establishing symmetric pairwise-keys using public-key cryptography in Wireless Sensor Networks (WSN). In Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), IEEE Annual, 1-6, IEEE. https://doi.org/10.1109/UEMCON.2016.7777838.
-
Downloads
-
How to Cite
F.Olanrewaju, R., Ul Islam Khan, B., Anwar, F., & Naaz Mir, R. (2019). Internet of things security vulnerabilities and recommended solutions. International Journal of Engineering & Technology, 7(4), 4899-4904. https://doi.org/10.14419/ijet.v7i4.23147Received date: 2018-12-04
Accepted date: 2019-01-13
Published date: 2019-02-26