A survey on Iot security: Application Areas, Security Threats, and Solution Architectures
III. SOURCES OF SECURITY THREATS IN IOT
tải về 6.16 Mb. Chế độ xem pdf
|
thong-tin-so bao-cao-qpsk-1 - [cuuduongthancong.com]
- Điều hướng trang này:
- A. SECURITY ISSUES AT SENSING LAYER
| III. SOURCES OF SECURITY THREATS IN IOT
APPLICATIONS As discussed in Section I, any IoT application can be divided into four layers: (1) sensing layer; (2) network layer; (3) mid- dleware layer; and (4) application layer. Each of these layers in an IoT application uses diverse technologies that bring a number of issues and security threats. Figure 2 shows various technologies, devices, and applications at these four layers. This section discusses various possible security threats in IoT applications for these four layers. Figure 3 shows the possible attacks on these four layers. The special security issues associated with the gateways that connect these layers are also discussed in this section. A. SECURITY ISSUES AT SENSING LAYER The sensing layer mainly deals with physical IoT sensors and actuators. Sensors sense the physical phenomenon happening around them [21]–[23]. Actuators, on the other hand, perform a certain action on the physical environment, based on the sensed data. There are various kinds of sensors for sens- ing different kinds of data, e.g., ultrasonic sensors, camera sensors, smoke detection sensors, temperature and humidity VOLUME x, 2019 5 This work is licensed under a Creative Commons Attribution 3.0 License. For more information, see http://creativecommons.org/licenses/by/3.0/. This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2019.2924045, IEEE Access Vikas Hassija et al.: A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures FIGURE 3: Types of Attacks on IoT. sensors, etc. There can be mechanical, electrical, electronic or chemical sensors used to sense the physical environment. Various sensing layer technologies are used in different IoT applications like RFID, GPS, WSNs, RSNs, etc. Major secu- rity threats that can be encountered at the sensing layer are as follows: 1. Node Capturing: IoT applications comprise of sev- eral low power nodes such as sensors and actuators. These nodes are vulnerable to a variety of attacks by the adversaries. The attackers may try to capture or replace the node in the IoT system with a malicious node. The new node may appear to be the part of the system but is controlled by the attacker. This may lead to compromising the security of the complete IoT application [24]. 2. Malicious Code Injection Attack: The attack in- volves the attacker injecting some malicious code in the memory of the node. Generally, the firmware or software of IoT nodes are upgraded on the air, and this gives a gateway to the attackers to inject malicious code. Using such malicious code, the attackers may force the nodes to perform some unintended functions or may even try to access the complete IoT system. 3. False Data Injection Attack: Once the node is cap- tured, the attacker may use it to inject erroneous data onto the IoT system. This may lead to false results and may result in malfunctioning of the IoT application. The attacker may also use this method to cause a DDoS attack. 4. Side-Channel Attacks (SCA): Apart from direct at- tacks on the nodes, various side-channel attacks may lead to leaking of sensitive data. The microarchitec- tures of processors, electromagnetic emanation and their power consumption reveal sensitive information to adversaries. Side channel attacks may be based on power consumption, laser-based attacks, timing attacks or electromagnetic attacks. Modern chips take care of various countermeasures to prevent these side-channel attacks while implementing the cryptographic mod- ules. 5. Eavesdropping and Interference: IoT applications often consist of various nodes deployed in open envi- ronments [25]. As a result, such IoT applications are exposed to eavesdroppers. The attackers may eaves- drop and capture the data during different phases like data transmission or authentication. 6. Sleep Deprivation Attacks: In such type of attacks the adversaries try to drain the battery of the low-powered IoT edge devices. This leads to a denial of service from the nodes in the IoT application due to a dead battery. This can be done by running infinite loops in the edge devices using malicious code or by artificially increasing the power consumption of the edge devices. 7. Booting Attacks: The edge devices are vulnerable to various attacks during the boot process. This is because the inbuilt security processes are not enabled at that point. The attackers may take advantage of this vul- nerability and try to attack the node devices when they are being restarted. As edge devices are typically low powered and at times go through sleep-wake cycles, it is thus essential to secure the boot process in these devices. tải về 6.16 Mb. Chia sẻ với bạn bè của bạn:
|