A survey on Iot security: Application Areas, Security Threats, and Solution Architectures
tải về 6.16 Mb. Chế độ xem pdf
|
thong-tin-so bao-cao-qpsk-1 - [cuuduongthancong.com]
| INDEX TERMS
IoT, IoT Security, Blockchain, Fog Computing, Edge Computing, Machine Learning, IoT applications, Distributed Systems. I. INTRODUCTION T HE pace of connecting physical devices around us to the Internet is increasing rapidly. According to a recent Gartner report, there will be around 8.4 billion connected things worldwide in 2020. This number is expected to grow to 20.4 billion by 2022 [1]. The use of IoT applications is increasing in all parts of the world. The major driving countries in this include western Europe, North America, and China [1]. The number of machine to machine (M2M) connections is expected to grow from 5.6 billion in 2016 to 27 billion in 2024 [1]. This leap in numbers itself declares IoT to be one of the major upcoming markets that could form a cornerstone of the expanding digital economy. The IoT industry is expected to grow in terms of revenue from $892 billion in 2018 to $4 trillion by 2025 [2]. M2M connections cover a broad range of applications like smart cities, smart environment, smart grids, smart retail, smart farming, etc. [3]. Figure 1 shows the past, present and future architecture of IoT. In future, the devices are not only expected to be connected to the Internet and other local devices but are also expected to communicate with other devices on the Internet directly. Apart from the devices or things being connected, the concept of social IoT (SIoT) is also emerging. SIoT will enable different social networking users to be connected to the devices and users can share the devices over the Internet [4]. With all this vast spectrum of IoT applications comes the issue of security and privacy. Without a trusted and interoperable IoT ecosystem, emerging IoT applications can- not reach high demand and may lose all their potential. Along with the security issues faced generally by the Inter- net, cellular networks, and WSNs, IoT also has its special security challenges such as privacy issues, authentication issues, management issues, information storage and so on. Table 1 summarizes various factors due to which securing IoT environment is much more challenging than securing VOLUME x, 2019 1 This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2019.2924045, IEEE Access Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures FIGURE 1: Present and Future Architecture of IoT. TABLE 1: Comparison of Security of IT devices and IoT devices. Widespread IT Security IoT security Widespread IT has devices which is resource rich IoT devices need to be carefully provisioned with security measures Widespread IT is based on resource rich devices IoT system are composed of devices having limitation in terms of their software and hardware For wide security and lower capabilities complex algorithm are implemented only lightweight algorithms are preferred Homogeneous technology is responsible for high security IoT with heterogeneous technology produce large amount of heterogeneous data increasing the attack surface normal information technology (IT) devices. Due to all these issues and vulnerabilities, the IoT applications create a fertile ground for different kinds of cyber threats. There have been various security and privacy attacks on the already deployed IoT applications worldwide. Mirai attack in the last quarter of 2016 was estimated to infect around 2.5 million devices connected to the Internet and launch distributed denial of service (DDoS) attack [5]. After Mirai, Hajime and Reaper are the other big botnet attacks launched against a large number of IoT devices [5]. IoT devices, being low powered and less secure, provide a gateway to the adversaries for entering into home and corporate networks, thereby giving easy access to the user’s data. Also, the domain of IoT is expanding beyond mere things or objects. There have been various successful attempts to implant IoT devices into the human body to monitor the live condition of various organs [6]. Attackers can target such devices to track the location of a particular individual or falsify data. Such an attack has not taken place yet in real life but can be highly dangerous, if such devices are compromised. Cyber Physical Systems (CPS) is another area benefitting from the growth of IoT. In CPS physical objects in the environment are monitored, and actions are taken based on the physical changes. Since CPS encompass assets of crit- ical importance (e.g., power grids, transportation systems), security vulnerabilities in such systems have serious conse- quences. However, security challenges for CPS have their unique characteristics and are outside the scope of this paper. In any IoT ecosystem or environment, there are four im- portant layers. The first layer includes the use of various sensors and actuators to perceive the data or information to perform various functionalities. Based on that, in the second layer, a communication network is used to transmit the collected data. Most of the evolving IoT applications deploy the third layer, called a middleware layer, to act as a bridge between the network and application layer. Finally, on the fourth layer, there are various IoT based end-to-end applications like smart grids, smart transport, smart factories, etc. All of these four layers have security problems specific to them. Apart from these layers, various gateways connect these layers and help in the data movement. There are certain security threats specific to these gateways as well. In this paper, a detailed survey of IoT security solutions in the existing literature is presented. First of all, the fundamen- tal constraints to achieve high levels for security in IoT ap- plications are presented. The goal of this paper is to highlight 2 VOLUME x, 2019 This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2019.2924045, IEEE Access Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures the major existing and upcoming solutions for IoT security. Specifically, the four major classes of IoT security solutions namely: (1) blockchain based solutions; (2) fog computing based solutions; (3) machine learning based solutions and (4) edge computing based solutions are highlighted. Table 3 gives a list of acronyms related to IoT used in this paper. tải về 6.16 Mb. Chia sẻ với bạn bè của bạn:
|