A Review on Security and Privacy Issues in IoT Devices
DOI:
https://doi.org/10.25007/ajnu.v10n4a1245Keywords:
Internet of things, IoT privacy, IoT security, IoT technology, hardware security, IoT attacksAbstract
In our everyday lives, the IoT is everywhere. They are used for the monitoring and documentation of environmental improvements, fire safety and even other useful roles in our homes, hospitals and the outdoors. IoT-enabled devices that are linked to the internet transmit and receive a large amount of essential data over the network. This provides an opportunity for attackers to infiltrate IoT networks and obtain sensitive data. However, the risk of a loss of privacy and security could outweigh any of these benefits. Many tests have been carried out in order to solve these concerns and find a safer way to minimize or remove the effect of IoT technologies on privacy and security practices in order to protect them. The issue with IoT devices is that they have small output modules, making it impossible to adapt current protection methods to them. This constraint necessitates the presentation of lightweight algorithms that enable IoT devices. In this article, investigated the context and identify different safety, protection, and approaches for securing components of IoT-based ecosystems and systems, as well as evolving security solutions. In addition, several proposed algorithms and authentication methods in IoT were discussed in order to avoid various types of attacks while keeping the limitations of the IoT framework in mind. Also discuss some hardware security in IoT devices.
Downloads
References
I. Analytics, "Why the internet of things is called internet of things: Definition, history, disambiguation," ed, 2014.
V. M. Kumar, N. Yamsani, S. N. Korra, A. Harshavardhan, and B. V. Kumar, "A Scope on Auspices and Seclusion Issues in Internet of Things."
B. Lam and C. Larose, "How did the internet of things allow the latest attack on the internet?," ed, 2016.
S. Chaudhary, "Privacy and security issues in Internet of Things," Int. Educ. Res. J., vol. 3, pp. 2433-2436, 2017.
J. Granjal, E. Monteiro, and J. S. Silva, "Security for the internet of things: a survey of existing protocols and open research issues," IEEE Communications Surveys & Tutorials, vol. 17, pp. 1294-1312, 2015.
S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer networks, vol. 76, pp. 146-164, 2015.
R. Roman, J. Zhou, and J. Lopez, "On the features and challenges of security and privacy in distributed internet of things," Computer Networks, vol. 57, pp. 2266-2279, 2013.
I. Ahmad, T. Kumar, M. Liyanage, J. Okwuibe, M. Ylianttila, and A. Gurtov, "Overview of 5G security challenges and solutions," IEEE Communications Standards Magazine, vol. 2, pp. 36-43, 2018.
L. a. Tawalbeh, F. Muheidat, M. Tawalbeh, and M. Quwaider, "IoT Privacy and security: Challenges and solutions," Applied Sciences, vol. 10, p. 4102, 2020.
L. Li, "Study on security architecture in the Internet of Things," in Proceedings of 2012 international conference on measurement, information and control, 2012, pp. 374-377.
R. H. Weber, "Internet of Things–New security and privacy challenges," Computer law & security review, vol. 26, pp. 23-30, 2010.
S. Kraijak and P. Tuwanut, "A survey on internet of things architecture, protocols, possible applications, security, privacy, real-world implementation and future trends," in 2015 IEEE 16th International Conference on Communication Technology (ICCT), 2015, pp. 26-31.
C. Qiang, G.-r. Quan, B. Yu, and L. Yang, "Research on security issues of the internet of things," International Journal of Future Generation Communication and Networking, vol. 6, pp. 1-10, 2013.
M. Burmester and B. De Medeiros, "RFID security: attacks, countermeasures and challenges," in The 5th RFID academic convocation, the RFID journal conference, 2007.
X. Xingmei, Z. Jing, and W. He, "Research on the basic characteristics, the key technologies, the network architecture and security problems of the internet of things," in Proceedings of 2013 3rd International Conference on Computer Science and Network Technology, 2013, pp. 825-828.
A. Kamble and S. Bhutad, "Survey on Internet of Things (IoT) security issues & solutions," in 2018 2nd International Conference on Inventive Systems and Control (ICISC), 2018, pp. 307-312.
A. K. Hussain, "A modified RSA algorithm for security enhancement and redundant messages elimination using K-nearest neighbor algorithm," IJISET-International Journal of Innovative Science, Engineering & Technology, vol. 2, pp. 858-862, 2015.
M. Nawir, A. Amir, N. Yaakob, and O. B. Lynn, "Internet of Things (IoT): Taxonomy of security attacks," in 2016 3rd International Conference on Electronic Design (ICED), 2016, pp. 321-326.
F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, "Internet of Things security: A survey," Journal of Network and Computer Applications, vol. 88, pp. 10-28, 2017.
J. Choi, S. Li, X. Wang, and J. Ha, "A general distributed consensus algorithm for wireless sensor networks," in 2012 Wireless Advanced (WiAd), 2012, pp. 16-21.
A. V. Singh, V. Juyal, and R. Saggar, "Trust based intelligent routing algorithm for delay tolerant network using artificial neural network," Wireless Networks, vol. 23, pp. 693-702, 2017.
Z. Bi, L. Da Xu, and C. Wang, "Internet of things for enterprise systems of modern manufacturing," IEEE Transactions on industrial informatics, vol. 10, pp. 1537-1546, 2014.
H. Song, G. Fink, and S. Jeschke, Security and privacy in cyber-physical systems: Wiley Online Library, 2017.
M. Medwed, "Iot security challenges and ways forward," in Proceedings of the 6th International Workshop on Trustworthy Embedded Devices, 2016, pp. 55-55.
M. Conti, N. Dragoni, and V. Lesyk, "A survey of man in the middle attacks," IEEE Communications Surveys & Tutorials, vol. 18, pp. 2027-2051, 2016.
M. A. Khan and K. Salah, "IoT security: Review, blockchain solutions, and open challenges," Future Generation Computer Systems, vol. 82, pp. 395-411, 2018.
D. Zaldivar, A. T. Lo'ai, and F. Muheidat, "Investigating the security threats on networked medical devices," in 2020 10th Annual Computing and Communication Workshop and Conference (CCWC), 2020, pp. 0488-0493.
X. Liu, M. Zhao, S. Li, F. Zhang, and W. Trappe, "A security framework for the internet of things in the future internet architecture," Future Internet, vol. 9, p. 27, 2017.
A. T. Lo'ai and T. F. Somani, "More secure Internet of Things using robust encryption algorithms against side channel attacks," in 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA), 2016, pp. 1-6.
F. Dalipi and S. Y. Yayilgan, "Security and privacy considerations for iot application on smart grids: Survey and research challenges," in 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW), 2016, pp. 63-68.
W. Trappe, R. Howard, and R. S. Moore, "Low-energy security: Limits and opportunities in the internet of things," IEEE Security & Privacy, vol. 13, pp. 14-21, 2015.
Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, "A survey on security and privacy issues in Internet-of-Things," IEEE Internet of Things Journal, vol. 4, pp. 1250-1258, 2017.
R. Kotamsetty and M. Govindarasu, "Adaptive latency-aware query processing on encrypted data for the Internet of Things," in 2016 25th International Conference on Computer Communication and Networks (ICCCN), 2016, pp. 1-7.
H. Shafagh, A. Hithnawi, A. Dröscher, S. Duquennoy, and W. Hu, "Talos: Encrypted query processing for the internet of things," in Proceedings of the 13th ACM conference on embedded networked sensor systems, 2015, pp. 197-210.
S. Al Salami, J. Baek, K. Salah, and E. Damiani, "Lightweight encryption for smart home," in 2016 11th International Conference on Availability, Reliability and Security (ARES), 2016, pp. 382-388.
A. Abdullah, "Advanced encryption standard (aes) algorithm to encrypt and decrypt data," Cryptography and Network Security, vol. 16, 2017.
I. Andrea, C. Chrysostomou, and G. Hadjichristofi, "Internet of Things: Security vulnerabilities and challenges," in 2015 IEEE symposium on computers and communication (ISCC), 2015, pp. 180-187.
S. Babar, A. Stango, N. Prasad, J. Sen, and R. Prasad, "Proposed embedded security framework for internet of things (iot)," in 2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011, pp. 1-5.
M. U. Farooq, M. Waseem, A. Khairi, and S. Mazhar, "A critical analysis on the security concerns of internet of things (IoT)," International Journal of Computer Applications, vol. 111, 2015.
S. Uke, A. Mahajan, and R. Thool, "UML modeling of physical and data link layer security attacks in WSN," International Journal of Computer Applications, vol. 70, 2013.
H. Li, Y. Chen, and Z. He, "The survey of RFID attacks and defenses," in 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing, 2012, pp. 1-4.
F. Kandah, Y. Singh, W. Zhang, and C. Wang, "Mitigating colluding injected attack using monitoring verification in mobile ad‐hoc networks," Security and Communication Networks, vol. 6, pp. 539-547, 2013.
Q. Gou, L. Yan, Y. Liu, and Y. Li, "Construction and strategies in IoT security system," in 2013 IEEE international conference on green computing and communications and IEEE internet of things and IEEE cyber, physical and social computing, 2013, pp. 1129-1132.
F. Salahdine and N. Kaabouch, "Social engineering attacks: a survey," Future Internet, vol. 11, p. 89, 2019.
A. Wahid and P. Kumar, "A survey on attacks, challenges and security mechanisms in wireless sensor network," International Journal for Innovative Research in Science and Technology, vol. 1, pp. 189-196, 2015.
M. I. Abdullah, M. M. Rahman, and M. C. Roy, "Detecting sinkhole attacks in wireless sensor network using hop count," IJ Computer Network and Information Security, vol. 3, pp. 50-56, 2015.
P. Jain and A. Sardana, "Defending against internet worms using honeyfarm," in Proceedings of the CUBE International Information Technology Conference, 2012, pp. 795-800.
M. Zulkifli and Z. W. Mohd, "Attack on cryptography," Comput. Secur, vol. 12, pp. 33-45, 2008.
V. Venugopalan and C. D. Patterson, "Surveying the hardware trojan threat landscape for the internet-of-things," Journal of Hardware and Systems Security, vol. 2, pp. 131-141, 2018.
A. Al-Omary, A. Othman, H. M. AlSabbagh, and H. Al-Rizzo, "Survey of hardware-based security support for IoT/CPS systems," KnE Engineering, pp. 52–70-52–70, 2018.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2022 Reben Mohammed Saleem Kurda, Umran Abdullah Haje, Muhamad Hussein Abdulla, Zhwan Mohammed Khalid
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Authors retain copyright
The use of a Creative Commons License enables authors/editors to retain copyright to their work. Publications can be reused and redistributed as long as the original author is correctly attributed.
- Copyright
- The researcher(s), whether a single or joint research paper, must sell and transfer to the publisher (the Academic Journal of Nawroz University) through all the duration of the publication which starts from the date of entering this Agreement into force, the exclusive rights of the research paper/article. These rights include the translation, reuse of papers/articles, transmit or distribute, or use the material or parts(s) contained therein to be published in scientific, academic, technical, professional journals or any other periodicals including any other works derived from them, all over the world, in English and Arabic, whether in print or in electronic edition of such journals and periodicals in all types of media or formats now or that may exist in the future. Rights also include giving license (or granting permission) to a third party to use the materials and any other works derived from them and publish them in such journals and periodicals all over the world. Transfer right under this Agreement includes the right to modify such materials to be used with computer systems and software, or to reproduce or publish it in e-formats and also to incorporate them into retrieval systems.
- Reproduction, reference, transmission, distribution or any other use of the content, or any parts of the subjects included in that content in any manner permitted by this Agreement, must be accompanied by mentioning the source which is (the Academic Journal of Nawroz University) and the publisher in addition to the title of the article, the name of the author (or co-authors), journal’s name, volume or issue, publisher's copyright, and publication year.
- The Academic Journal of Nawroz University reserves all rights to publish research papers/articles issued under a “Creative Commons License (CC BY-NC-ND 4.0) which permits unrestricted use, distribution, and reproduction of the paper/article by any means, provided that the original work is correctly cited.
- Reservation of Rights
The researcher(s) preserves all intellectual property rights (except for the one transferred to the publisher under this Agreement).
- Researcher’s guarantee
The researcher(s) hereby guarantees that the content of the paper/article is original. It has been submitted only to the Academic Journal of Nawroz University and has not been previously published by any other party.
In the event that the paper/article is written jointly with other researchers, the researcher guarantees that he/she has informed the other co-authors about the terms of this agreement, as well as obtaining their signature or written permission to sign on their behalf.
The author further guarantees:
- The research paper/article does not contain any defamatory statements or illegal comments.
- The research paper/article does not violate other's rights (including but not limited to copyright, patent, and trademark rights).
This research paper/article does not contain any facts or instructions that could cause damages or harm to others, and publishing it does not lead to disclosure of any confidential information.
