Existing IoT Security Models and Current Issues

A breadth of research has been conducted on IoT-related issues, including security and privacy [17]. There are numerous high-quality papers that can be found in the literature, and most of them are available as open access. The literature can be reviewed and categorized by the objective methods used as well as the tools used to validate results [18]. There are various simulation tools, as well as modelers. Moreover, there are many platforms available for producing novel protocols for IoT security. Thus, there is have been advances in IoT security research, supported by many different implementation and simulation environments.

One major concern for the IoT is how to ensure confidentiality and privacy, mainly by using cryptographic functions [19,20]. Also, infrastructures must be configured and implemented so as to maintain the IoT system’s service availability. Current research regarding IoT cybersecurity shows that several issues are present that can compromise privacy and cybersecurity. These issues include:

Irregular update: There must be regular updates for the operating systems and applications used in an IoT system. The firmware of the IoT device itself should also be updated, which makes keeping an eye on recent patches and downloading them crucial to maintaining the IoT system’s security against possible vulnerabilities, which might be explored by hackers seeking to launch attacks.

Automation: Most individuals and organizations using IoT services select the automation feature to collect, send, and analyze data, or execute a variety of other tasks. Nowadays, artificial intelligence techniques can be used to gain unauthorized access to these automated systems and launch automated attacks, due to the lack of human interaction with the IoT devices [21].

Weak Authentication: Among other factors, this is due to the fact that an IoT system uses applications from different vendors, with different authentication and security settings, which might not be as secure as they should be. Moreover, users access IoT devices from different platforms (PCs, laptops, and mobile devices), using different communications protocols. These factors contribute to distributing the authentication process, which can make it as weak as its weakest link [22].

Remote connectivity: High-speed network connectivity with powerful computing ability is enabling systems to communicate efficiently with other systems on the same network or even on other networks. But at the same time, this means that if any of the devices/systems are connected to the internet, it might be vulnerable to cyberattacks.

The recent rapid adoption of IoT devices in almost every aspect of our lives has helped increase the efficiency of executing tasks in different sectors, from homes to energy grids. But at the same time, it has also increased vulnerabilities and possible attacks that could compromise the security of these connected IoT devices, affecting our privacy as a result. Research shows that more than 90 percent of IoT device users are unsure of their devices’ security levels [23]. This research also indicates that sophisticated security measures are necessary to protect data security and privacy.

In another context, researchers proposed using recent advanced technologies for security in IoT systems, among which are cloud and fog computing and blockchain. The authors in [24] proposed that two mechanisms be used in cloud-enabled fog computing in IoT systems: incentive and feedback mechanisms. These techniques allow a cloud provider to eliminate fake edge servers. In other words, cloud servers utilize these two mechanisms to determine which are illegitimate edge nodes and eliminate them. However, the authentication process for IoT devices is not proposed, and the authors assume that all connected devices are trustworthy. In order to reduce latency and increase performance for the two models discussed, the research in [24] used a Proof of Authority algorithm (PoA) for authentication purposes in blockchain, validating every single block in the chain, and thus avoiding unauthorized access to system resources.

As a different attempt to propose security solutions for IoT architectures, the researchers in [25] found that machine learning will be prominently featured in IoT data analytics. The authors in [26] stated that the software program could learn and enhance itself from experience, examples, and analogies. In addition, some common tasks provided by the machine learning, such as features extraction and pattern recognition, are helpful in proposing secure IoT solutions [27]. In [28], the researchers indicated that network architecture consists of three layers to provide intelligent data processing inside the network. These are the application layer, the transport layer, and the sensing layer. Similar parts of the architecture are discussed in [24]. The authors in [28] define the artificial neural network algorithm (part of machine learning) in the transport layer. This algorithm is proposed to build a system that can detect fake data. The researchers go into detail about their approach using mini architecture. This consists of edge devices with low power and low resources, such as sensors, actuators, etc., and gateway devices with greater abilities and resources. Temperature sensors are added for collecting data, while gateway devices aggregate data to enter it into the artificial neural network for processing. The first version of the model uses Device ID and Sensor value as inputs to the ANN, and the output determines whether the record is valid or not. The training and testing processes are completed by four thousand records of valid and invalid data. The second version is done in the same way, except one value is added to the ANN input, which is a delayed time. The proposed neural network was designed to simulate and detect a man-in-the-middle attack.

Authorization and authentication issues are starting points for security issues in the IoT framework [29]. IoT smart devices have the ability to sense, collect and send data, and communicate with each other. So, it is very important to control who can access the device and what they can do with it. In order to conserve data confidentiality, integrity, and availability, authorization and authentication methods must be excellent. In addition, these methods should be suitable to work with devices from different vendors. The authorization and authentication processes can be determined by many techniques. One of these techniques is implementing an access control mechanism, to provide authorization in IoT systems. There are many models that provide access control in IoT systems. One model is Role-Based Access Control (RBAC), in which certain rules are predefined for each network object. Another scheme is Capability-Based Access Control (CapBAC), in which the privilege of the object will determine if it will be enabled or not in a particular network [30]. Moreover, there is a model that uses predefined attributes to grant access for each network object. This model is called Attribute-Based Access Control (ABAC) [31]. Some models consist of a combination of other models. For example, the ARBHAC model [32] combines both the ABAC and RBAC models. The researchers in [33] propose and analyze the suitability of different models of access control to IoT systems.

< Prev   CONTENTS   Source   Next >