A survey on Iot security: Application Areas, Security Threats, and Solution Architectures
E. SECURITY ISSUES AT APPLICATION LAYER
tải về 6.16 Mb. Chế độ xem pdf
|
thong-tin-so bao-cao-qpsk-1 - [cuuduongthancong.com]
| E. SECURITY ISSUES AT APPLICATION LAYER
The application layer directly deals with and provides ser- vices to the end users. IoT applications like smart homes, smart meters, smart cities, smart grids, etc. lie in this layer. This layer has specific security issues that are not present in other layers, such as data theft and privacy issues. The security issues in this layer are also specific to different applications. Many IoT applications also consist of a sub- layer between the network layer and application layer, usu- ally termed as an application support layer or middleware layer. The support layer supports various business services and helps in intelligent resource allocation and computation. Major security issues encountered by the application layer are discussed below. 1. Data Thefts: IoT applications deal with lot of critical and private data. The data in transit is even more vulnerable to attacks than data at rest, and in IoT applications, there is a lot of data movement. The users will be reluctant to register their private data on IoT applications if these applications are vulnerable to data theft attacks. Data encryption, data isolation, user and network authentication, privacy management, etc. are some of the techniques and protocols being used to secure IoT applications against data thefts. 2. Access Control Attacks: Access control is authoriza- tion mechanism that allows only legitimate users or processes to access the data or account. Access control attack is a critical attack in IoT applications because once the access is compromised, then the complete IoT application becomes vulnerable to attacks. 3. Service Interruption Attacks: These attacks are also referred to as illegal interruption attacks or DDoS attacks in existing literature. There have been various instances of such attacks on IoT applications. Such attacks deprive legitimate users from using the services of IoT applications by artificially making the servers or network too busy to respond. 4. Malicious Code Injection Attacks: Attackers gener- ally go for the easiest or simplest method they can use to break into a system or network. If the system is vulnerable to malicious scripts and misdirections due to insufficient code checks, then that would be the first entry point that an attacker would choose. Generally, attackers use XSS (cross-site scripting) to inject some malicious script into an otherwise trusted website. A successful XSS attack can result in the hijacking of an IoT account and can paralyze the IoT system. 5. Sniffing Attacks: The attackers may use sniffer appli- cations to monitor the network traffic in IoT applica- tions. This may allow the attacker to gain access to confidential user data if there are not enough security protocols implemented to prevent it [39]. 6. Reprogram Attacks: If the programming process is not protected, then the attackers can try to reprogram the IoT objects remotely. This may lead to the hijack- ing of the IoT network [40]. tải về 6.16 Mb. Chia sẻ với bạn bè của bạn:
|