A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

Ritu Chauhan; Gatha Tanwar

doi:10.4018/ijda.2020070101

A Machine Learning-Based Exploration of Relationship Between Security Vulnerabilities of IoT Devices and Manufacturers

International Journal of Data Analytics ◽

10.4018/ijda.2020070101 ◽

2020 ◽

Vol 1 (2) ◽

pp. 1-12

Author(s):

Ritu Chauhan ◽

Gatha Tanwar

Keyword(s):

Cyber Security ◽

Automated System ◽

Smart Devices ◽

Protocol Stack ◽

Security Vulnerabilities ◽

Local Networks ◽

Daily Lives ◽

Security Issues ◽

Iot Devices ◽

The Internet Of Things

The internet of things has brought in innovations in the daily lives of users. The enthusiasm and openness of consumers have fuelled the manufacturers to dish out new devices with more features and better aesthetics. In an attempt to keep up with the competition, the manufacturers are not paying enough attention to cyber security of these smart devices. The gravity of security vulnerabilities is further aggravated due to their connected nature. As a result, a compromised device would not only stop providing the intended service but could also act as a host for malware introduced by an attacker. This study has focused on 10 manufacturers, namely Fitbit, D-Link, Edimax, Ednet, Homematic, Smarter, Osram, Belkin Wemo, Philips Hue, and Withings. The authors studied the security issues which have been raised in the past and the communication protocols used by devices made by these brands. It was found that while security vulnerabilities could be introduced due to lack of attention to details while designing an IoT device, they could also get introduced by the protocol stack and inadequate system configuration. Researchers have iterated that protocols like TCP, UDP, and mDNS have inherent security shortcomings and manufacturers need to be mindful of the fact. Furthermore, if protocols like EAPOL or Zigbee have been used, then the device developers need to be aware of safeguarding the keys and other authentication mechanisms. The authors also analysed the packets captured during setup of 23 devices by the above-mentioned manufacturers. The analysis gave insight into the underlying protocol stack preferred by the manufacturers. In addition, they also used count vectorizer to tokenize the protocols used during device setup and use them to model a multinomial classifier to identify the manufacturers. The intent of this experiment was to determine if a manufacturer could be identified based on the tokenized protocols. The modelled classifier could then be used to drive an algorithm to checklist against possible security vulnerabilities, which are characteristic of the protocols and the manufacturer history. Such an automated system will be instrumental in regular diagnostics of a smart system. The authors then wrapped up this report by suggesting some measures a user can take to protect their local networks and connected devices.

Download Full-text

INTERNET OF THINGS SECURITY FRAMEWORK

STRATEGIES XXI - Security and Defense Faculty ◽

10.53477/2668-2001-21-36 ◽

2021 ◽

Vol 17 (1) ◽

pp. 287-293

Author(s):

Dorin IORDACHE

Keyword(s):

Internet Of Things ◽

Cyber Security ◽

Smart Devices ◽

Daily Lives ◽

Long Run ◽

New Meanings ◽

Iot Devices ◽

E Mail ◽

Access Data ◽

The Internet Of Things

It was unimaginable for a non-professional user that access data to personal e-mail, bank or identity accounts could be stolen via a mobile phone interface or connection, no more than twenty years ago. Nowadays, people with bad intentions – hacker – can use smart devices, such as: webcams, microwaves, refrigerators, door controllers, and others, generically we named it IoT[1], to access accounts like the ones mentioned above, without much effort. The Internet of Things is the place where devices are digitally interconnected, interacts with almost every domain. IoT development is closely correlated with growing of Internet. These issues have generated an unprecedented upward trend in Wi-Fi and IoT interconnecting networks. Cyber-security has gained new meanings because of the increasing number and scope of IoT devices. By developing these devices, especially among regular users, it is necessary to improve their security more than ever. How prepared are regular users and how can they protect themselves in the context of IoT penetration into their daily lives? it is a question that needs to be answered, in terms of the actions it can take immediately or in the long run. [1] IoT - Internet of Things

Download Full-text

COSMOS: Collaborative, Seamless and Adaptive Sentinel for the Internet of Things

Sensors ◽

10.3390/s19071492 ◽

2019 ◽

Vol 19 (7) ◽

pp. 1492 ◽

Cited By ~ 6

Author(s):

Pantaleone Nespoli ◽

David Useche Pelaez ◽

Daniel Díaz López ◽

Félix Gómez Mármol

Keyword(s):

Internet Of Things ◽

Real World ◽

Smart Devices ◽

Raspberry Pi ◽

The Internet ◽

Security Issues ◽

Dynamic Scenario ◽

Computer Based ◽

Iot Devices ◽

The Internet Of Things

The Internet of Things (IoT) became established during the last decade as an emerging technology with considerable potentialities and applicability. Its paradigm of everything connected together penetrated the real world, with smart devices located in several daily appliances. Such intelligent objects are able to communicate autonomously through already existing network infrastructures, thus generating a more concrete integration between real world and computer-based systems. On the downside, the great benefit carried by the IoT paradigm in our life brings simultaneously severe security issues, since the information exchanged among the objects frequently remains unprotected from malicious attackers. The paper at hand proposes COSMOS (Collaborative, Seamless and Adaptive Sentinel for the Internet of Things), a novel sentinel to protect smart environments from cyber threats. Our sentinel shields the IoT devices using multiple defensive rings, resulting in a more accurate and robust protection. Additionally, we discuss the current deployment of the sentinel on a commodity device (i.e., Raspberry Pi). Exhaustive experiments are conducted on the sentinel, demonstrating that it performs meticulously even in heavily stressing conditions. Each defensive layer is tested, reaching a remarkable performance, thus proving the applicability of COSMOS in a distributed and dynamic scenario such as IoT. With the aim of easing the enjoyment of the proposed sentinel, we further developed a friendly and ease-to-use COSMOS App, so that end-users can manage sentinel(s) directly using their own devices (e.g., smartphone).

Download Full-text

Centralized, Distributed, and Everything in between

ACM Computing Surveys ◽

10.1145/3465170 ◽

2022 ◽

Vol 54 (7) ◽

pp. 1-34

Author(s):

Sophie Dramé-Maigné ◽

Maryline Laurent ◽

Laurent Castillo ◽

Hervé Ganem

Keyword(s):

Access Control ◽

Future Research ◽

The Internet ◽

Research Directions ◽

Security Issues ◽

Security Properties ◽

Future Research Directions ◽

Iot Devices ◽

The Internet Of Things ◽

Security Of Iot

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Download Full-text

Design a blockchain-based middleware layer in the Internet of Things Architecture

JOIV International Journal on Informatics Visualization ◽

10.30630/joiv.4.1.334 ◽

2020 ◽

Vol 4 (1) ◽

Author(s):

Tanweer Alam

Keyword(s):

Internet Of Things ◽

Fog Computing ◽

Smart Devices ◽

The Internet ◽

Novel Approach ◽

Generation Computing ◽

Critical Issues ◽

Iot Devices ◽

The Internet Of Things

In next-generation computing, the role of cloud, internet and smart devices will be capacious. Nowadays we all are familiar with the word smart. This word is used a number of times in our daily life. The Internet of Things (IoT) will produce remarkable different kinds of information from different resources. It can store big data in the cloud. The fog computing acts as an interface between cloud and IoT. The extension of fog in this framework works on physical things under IoT. The IoT devices are called fog nodes, they can have accessed anywhere within the range of the network. The blockchain is a novel approach to record the transactions in a sequence securely. Developing a new blockchains based middleware framework in the architecture of the Internet of Things is one of the critical issues of wireless networking where resolving such an issue would result in constant growth in the use and popularity of IoT. The proposed research creates a framework for providing the middleware framework in the internet of smart devices network for the internet of things using blockchains technology. Our main contribution links a new study that integrates blockchains to the Internet of things and provides communication security to the internet of smart devices.

Download Full-text

Analysis of Vulnerabilities in IoT and Its Solutions

Managing Resources for Futuristic Wireless Networks - Advances in Wireless Technologies and Telecommunication ◽

10.4018/978-1-5225-9493-2.ch007 ◽

2021 ◽

pp. 157-177

Author(s):

Puspanjali Mallik

Keyword(s):

Security And Privacy ◽

Heterogeneous Structure ◽

Privacy Concern ◽

Security Vulnerabilities ◽

Smart Vehicles ◽

Security Issues ◽

Smart Healthcare ◽

Wide Range ◽

Main Motive ◽

Iot Devices

The internet of things (IoT) fulfils abundant demands of present society by facilitating the services of cutting-edge technology in terms of smart home, smart healthcare, smart city, smart vehicles, and many more, which enables present day objects in our environment to have network communication and the capability to exchange data. These wide range of applications are collected, computed, and provided by thousands of IoT elements placed in open spaces. The highly interconnected heterogeneous structure faces new types of challenges from a security and privacy concern. Previously, security platforms were not so capable of handling these complex platforms due to different communication stacks and protocols. It seems to be of the utmost importance to keep concern about security issues relating to several attacks and vulnerabilities. The main motive of this chapter is to analyze the broad overview of security vulnerabilities and its counteractions. Generally, it discusses the major security techniques and protocols adopted by the IoT and analyzes the attacks against IoT devices.

Download Full-text

Securing Over-the-Air Code Updates in Wireless Sensor Networks

Harnessing the Internet of Everything (IoE) for Accelerated Innovation Opportunities - Advances in Computer and Electrical Engineering ◽

10.4018/978-1-5225-7332-6.ch013 ◽

2019 ◽

pp. 302-328

Author(s):

Christian Wittke ◽

Kai Lehniger ◽

Stefan Weidling ◽

Mario Schoelzel

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Wireless Sensor ◽

Wireless Devices ◽

Security Vulnerabilities ◽

Iot Security ◽

Software Bugs ◽

Security Issues ◽

The Right ◽

The Internet Of Things

With the growing number of wireless devices in the internet of things (IoT), maintenance and management of these devices has become a key issue. In particular, the ability to wirelessly update devices is a must in order to fix security issues and software bugs, or to extend firmware functionality. Code update mechanisms in wireless sensor networks (WSNs), a subset of IoT networks, must handle limited resources and strict constraints. Also, over-the-air (OTA) code updates in the context of an IoT ecosystem may open new security vulnerabilities. An IoT security framework should therefore be extended with additional mechanisms to secure the OTA code update functionality. The chapter presents an overview of various OTA code update techniques for WSNs and their security flaws along with some existing attacks and possible countermeasures. It is discussed which attacks can be used more easily with the code update functionality. Countermeasures are compared as to whether they secure the weakened security objectives, giving a guideline to choose the right combination of countermeasures.

Download Full-text

Intrusion Detection in IoT based Smart Networks using Fuzzy Brain Storm Optimization Technique

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.f8651.088619 ◽

2019 ◽

Vol 8 (6) ◽

pp. 3066-3071

Keyword(s):

Embedded Systems ◽

Optimization Technique ◽

Security And Privacy ◽

Smart Devices ◽

Software Systems ◽

Security Risks ◽

Security Vulnerabilities ◽

Brain Storm Optimization ◽

Fuzzy C Means Clustering ◽

The Internet Of Things

The Internet of Things (IoT) is characterized as an approach where objects are outfitted with sensors, processors, and actuators which include design of hardware board and development, protocols, web APIs, and software systems, which combined to make an associated architecture of embedded systems. This connected environment enables technologies to get associated with different networks, platforms, and devices, making a web of communication which is reforming the manner in which we communicate with the world digitally. These connected embedded systems are changing behaviour and interactions with our environment, networks, and homes, and also with our own bodies in terms of smart devices. Security and privacy are the most significant consideration in the field of real-world communication and mainly on IoTs. With the evolution of IoT the network layer security in the IoT has drawn greater focus. The security vulnerabilities in the IoT system could make security risks based on any application. Therefore there is an essential requirement for IDS for the IoT based systems for avoiding security attacks based on security vulnerabilities. This paper proposed a fuzzy c-means clustering with brain storm optimization algorithm (FBSO) for IDS based on IoT system. The NSL-KDD dataset is utilized to evaluate and simulate the proposed algorithm. The results demonstrate that the proposed technique efficiently recognize intrusion attacks and decrease the network difficulties

Download Full-text

Analysis of Security Issues of Edge Computing Based Internet of Things Applications

10.31219/osf.io/8wzha ◽

2020 ◽

Author(s):

Shamim Muhammad ◽

Inderveer Chana ◽

Supriya Thilakanathan

Keyword(s):

Internet Of Things ◽

Edge Computing ◽

The Internet ◽

Security Vulnerabilities ◽

Computing Power ◽

Security Issues ◽

Computing Paradigm ◽

Improved Performance ◽

The Internet Of Things ◽

Common Security

Edge computing is a technology that allows resources to be processed or executed close to the edge of the internet. The interconnected network of devices in the Internet of Things has led to an increased amount of data, increasing internet traffic usage every year. Also, edge computing is driving applications and computing power away from the integrated points to areas close to users, leading to improved performance of the application. Despite the explosive growth of the edge computing paradigm, there are common security vulnerabilities associated with the Internet of Things applications. This paper will evaluate and analyze some of the most common security issues that pose a serious threat to the edge computing paradigm.

Download Full-text

Cyber-Storms Come from Clouds: Security of Cloud Computing in the IoT Era

Future Internet ◽

10.3390/fi11060127 ◽

2019 ◽

Vol 11 (6) ◽

pp. 127 ◽

Cited By ~ 7

Author(s):

Michele De Donno ◽

Alberto Giaretta ◽

Nicola Dragoni ◽

Antonio Bucchiarone ◽

Manuel Mazzara

Keyword(s):

Cloud Computing ◽

Data Analytics ◽

The Internet ◽

Utility Computing ◽

Security Issues ◽

Potential Impact ◽

Iot Devices ◽

Computational Resources ◽

The Internet Of Things ◽

Security Of Iot

The Internet of Things (IoT) is rapidly changing our society to a world where every “thing” is connected to the Internet, making computing pervasive like never before. This tsunami of connectivity and data collection relies more and more on the Cloud, where data analytics and intelligence actually reside. Cloud computing has indeed revolutionized the way computational resources and services can be used and accessed, implementing the concept of utility computing whose advantages are undeniable for every business. However, despite the benefits in terms of flexibility, economic savings, and support of new services, its widespread adoption is hindered by the security issues arising with its usage. From a security perspective, the technological revolution introduced by IoT and Cloud computing can represent a disaster, as each object might become inherently remotely hackable and, as a consequence, controllable by malicious actors. While the literature mostly focuses on the security of IoT and Cloud computing as separate entities, in this article we provide an up-to-date and well-structured survey of the security issues of cloud computing in the IoT era. We give a clear picture of where security issues occur and what their potential impact is. As a result, we claim that it is not enough to secure IoT devices, as cyber-storms come from Clouds.

Download Full-text

Improving the Bluetooth Hopping Sequence for Better Security in IoT Devices

International Journal of Software Innovation ◽

10.4018/ijsi.2018100109 ◽

2018 ◽

Vol 6 (4) ◽

pp. 117-131

Author(s):

Matt Sinda ◽

Tyler Danner ◽

Sean O'Neill ◽

Abeer Alqurashi ◽

Haeng-Kon Kim

Keyword(s):

The Internet ◽

Random Pattern ◽

Market Demand ◽

Daily Lives ◽

Current Algorithm ◽

Small Footprint ◽

Iot Devices ◽

Work Done ◽

The Internet Of Things ◽

New Framework

The Internet of Things (IoT) is becoming more pervasive in our daily lives and is being used to add conveniences to our everyday items. There are several standards that are allowing these devices to communicate with each other and ultimately, with our mobile devices. However, in a rush to meet market demand, security was not considered until after the device had already been placed on the market. Most of the work done in improving security has been in the area of encryption. However, with the relatively small footprint of IoT devices, this makes strong encryption difficult. The authors' method will show that the current algorithm used to determine the next Bluetooth frequency hop is vulnerable to attack, and will suggest a novel algorithm to more securely select the next frequency to use. They will simulate their solution algorithmically to showcase their approach and in so doing demonstrate that it moves to the next frequency in a more random pattern than the existing model achieves. In this article, the authors present a new framework for improving security that focuses on the timing of frequency hopping, particularly in Bluetooth. The results show that focusing on different timing sequences for how long a device stays on a particular frequency both fits the current Bluetooth Lite architecture and provides adequate security for IoT devices, as it is demonstrably more random that the existing architecture.

Download Full-text