Challenges and Issues of the IoT
The IoT has evolved to an extent where every domain looks for a solution through it. Whether for a business model, education, the environment, or health care, the IoT has marked its presence on a large scale. Despite this success, challenges have to be met for successful IoT implementation. The first challenge is the lack of interoperability’ of smart objects. The problems associated with interoperability can be either technical operability, concerning the standards and protocols of individual IoT devices, or semantic and pragmatic issues, concerning the handling and processing of data received during communication. Another possible challenge is the behavior of IoT devices in the network. IoT usage has great possibilities. But these cannot be utilized, unless objects interact appropriately with each other.
Another challenge is associated with scalability dealing with the massive number of nodes, with differences in their communication behavior. It is challenging to handle the demand of rapidly growing nodes in the network. The need is to accelerate the scalability management protocols, to cater to the demand for resources. Security is one of the crucial challenges in the IoT domain. This challenge is due to heterogeneous nodes, each working in its own fashion and interacting with humans and other entities. It is a challenge to secure all the interactions, while preserving optimal system performance. This security concern influences the trust issue associated with the IoT. There should not be stringent government regulations to deal with this issue, as strict regulations would present a barrier to innovation. Instead, defining access control rules, implementing firewalls, and providing end-user authentication could be small steps in this direction. Apart from this, security paradigms need to be followed, including the Low Range Wide-Area Network (LoRaWAN), Bluetooth Low Energy security (BLE), and the Constrained Application Protocol (CoAP) [10].
Another major challenge associated with the IoT. and last in this discussion, is value for users. This significant technological shift has generated great opportunities, but it remains difficult to find an effective business model and an excellent value proposition to support it [11].
Security Issues of the IoT
The drastic increase in the number of smart homes and smart cities has influenced the popularity and acceptance of the IoT in society. Its future importance is evident from the inclusion of smart things in daily life. Due to the growth in hardware technologies pertaining to the communication sector, the IoT is also proliferating [12,13]. The horizon of the IoT has broadened, and technologies such as the wireless sensor network (WSN) and machine-to-machine (M2M) have become an integral part of it.
Along with that, the IoT has inherited the security issues of WSN and M2M. Generally, the things used in the IoT are small, heterogeneous devices with limited battery power and memory. These constraints impose additional challenges for IoT security and require the adaptation of security solutions to these constrained environments [14]. Before delving into security solutions, it is essential to identify the actual security requirements of the IoT.
Security Requirements of the IoT
The very essence of the effort to establish a secure network lies in the identification of parameters that are the most vulnerable and need to be taken into consideration by security protocols.
As the IoT network is composed of a diverse integration of devices, a strong encryption technique is essential, along with the protection of data from malicious efforts at data manipulation. In turn, the confidentiality, integrity, and privacy of data should be maintained.
It is always desirable to have secure communication among the devices in the network. Due to the diverse heterogeneous architecture of the network, it is a challenge to define a global protocol that can be standardized, to create a trustworthy environment with proper authorization and authentication of users. Also, resource usage accounting is needed to provide proper network management.
IoT components can easily become victims of attacks, such as sinkhole attacks, denial of service attacks, and replay attacks [15]. These affect the network at different layers and degrade the network’s quality of service.
Some attacks can directly impact IoT architectures and may increase energy consumption in the network, which will deplete the network’s resources.
Categories of Security Issues
The IoT network encompasses a variety of devices and components, which range from small sensors to large high-end servers. Due to this variability, a single mechanism cannot be devised to handle all the issues. Based on the IoT deployment architecture [ 16], security threats are categorized as low-level security issues, inter- mediate-level security issues, and high-level security issues.
Low-Level Security Issues
The lowest level of security is concerned with the physical and data link layers in the communication network. These issues include:
Jamming adversaries: The jamming attack affects the sending and receiving of data in the network, due to radio interference. This is caused by emitting radio frequency signals without following any protocol [17].
Low-level Sybil and spoofing attack: At the physical layer, Sybil nodes use a fake identity to degrade IoT functionality. These nodes use forged MAC values to pose as a different device. Along with the depletion of resources, these cause a denial of service to legitimate nodes [18].
Denial of sleep attack: The devices in the IoT are forced to keep their radios on by increasing their duty cycle, which exhausts the batteries [19].
Intermediate-Level Security Issues
Intermediate-level security takes control of the network and transport layers of the IoT and is mainly concerned with routing and session management [20]. Some of the attacks at these layers include:
Buffer reservation attacks: The packets transmitted in the network require reassembly at the receiving node, and hence the receiving node has to reserve space for the purpose. The attacker may send incomplete packets that occupy buffer space. This results in the denial of service to other packets, due to a space crunch [21].
Sinkhole attacks: The attacker node responds to a routing request and directs the node to pass through a malicious route, which can then be exploited for security risks [22,23].
Sybil attacks at the intermediate level: At the communication and network layers, Sybil nodes can be deployed to degrade network performance. These nodes can violate data privacy, which could result in phishing attacks and spamming [24].
Transport level attacks: The aim of the IoT network is to provide secure end-to- end transmission, and, for this, the transport layer end-to-end security mechanism uses a comprehensive security mechanism that includes authentication, privacy, and the integrity of data [25].
Session establishment and resumption: The attacker node can hijack a session with the help of forged messages, which result in a denial of service [26,27]. Sometimes, the attacker can force the victim node to continue the session for an extended period, keeping the network busy.
High-Level Security Issues
CoAP security with the internet: The application layer in the network is also vulnerable to attacks. The Constrained Application Protocol (CoAP) is a web transfer protocol of constrained devices [28]. CoAP messages need to be encrypted for secure transmission.
Insecure software and firmware: The codes are written in languages such as JSON, XML, XSS, etc. They should be tested properly, and updates need to be carried out in a secure manner [29]. Insecure software or firmware is equally responsible for vulnerabilities.
Researchers have provided solutions to deal with most of the security issues at the three different levels, in one way or another. The deployment of IoT networks is able to provide secure communication for IoT entities.
