Different types of security attacks in the IoT network
All the IoT devices and humans are interconnected through the Internet to serve and function each other at any time and location. In IoT, all the devices and people are connected with each other to provide services at any time and at any place. Most of the devices connected to the Internet are not equipped with efficient security mechanisms and are vulnerable to various privacy and security issues, e.g., confidentiality, integrity and authenticity, etc. For the IoT, some security requirements must be fulfilled to prevent the network from malicious attacks. Here, some of the most required capabilities of a secure network are briefly discussed.
- • Resilience to attacks: The system should be capable enough to recover itself in case it crashes during data transmission. For example, a server working in a multiuser environment must be intelligent and strong enough to protect itself from intruders or an eavesdropper. In such a case, if it is down it should recover itself without intimating to the users of its down status.
- • Data Authentication: The data and the associated information must be authenticated. An authentication mechanism is used to allow data transmission only from authentic devices.
- • Access control: Only the persons who have authorization must have the access control. The managing of passwords and usernames of respective users must be controlled by the system administrator. The system administrator should define individual access rights so that users will access only the data which is relevant to them so that the privacy of the data will be controlled through access control.
Nowadays, the lifestyle of each individual has changed because of IoT device evaluation. Even though IoT devices are very beneficial to everyone they are vulnerable to security attacks and threats in everyday life. Most of the security issues and threats relate to loss of information and data privacy leakage and loss of information as showm in Figure 3.2. In IoT networks, the physical layer network is mostly affected by the
FIGURE 3.2 Different types of attacks in the IoT system
security threats and physical security risks. The IoT contains various hardware devices and software platforms with various user data credentials, where every IoT device needs its own security requirements and its device characteristics. The privacy of each user is very important because on the IoT platform the user’s private data is shared across all devices. The smart home threats are described as follows in Figure 3.3. Hence the AI/ML learning models are necessary to secure the privacy of the IoT user and user’s personal information. However, all the IoT devices in the network undergo various types of machine-to-machine communication (M2M), which means there are several security attacks and malicious user attacks on different layers of communication protocol: for example, physical layer, application layer, network layer, transportation layer, etc. The sensitive information such as user’s private data will be covered from others using AI/ML encryption algorithms, which are as follows.
- 1) Life cycle protection of E2E Data: To ensure privacy of the data in the IoT network, device to device protection is provided witli end to end (E2E) data protection from sender to receiver through the communication channel in the entire network. The data which is retrieved from various connected IoT devices will be shared with others, such that it demands the data privacy architecture to ensure the privacy and security. So, the entire full cycle of data will be secured and confidential, and the privacy easy to manage.
- 2) Planning of security: The dynamic change in the connections and communication among the IoT devices according to situation. Because of the dynamics, the devices must ensure the security and there is a need for planning. For instance, the external device communication and internal communication security policies of the IoT devices in smart home applications should follow the same policies.
- 3) Visualization of security and privacy: Almost every attack is based on reconfiguration of various users’ databases. It is impossible and unnatural to compile such vast security and privacy mechanisms using traditional models. So, researchers are more focusing on the AI/M1 algorithms.
FIGURE 3.3 Different types of IoT attacks and countermeasures
It is highly recommended to derive some security and privacy models and counter measures which will be deployed automatically based on the type of attacks as shown in Figure 3.3.
Smart Home Security Threats
Due to lack of security models in the security of smart homes they are easily exposed to attacks from malicious users to steal the private information of the user at very early stages. Most of the smart home providers will not consider the security parameters at the initial step of the process. The potential threats and attacks in smart homes are because of stealing the information by eavesdropping and distributed denial of service attacks and sensitive data leakage, and the abnormality of the data. Most of the attacks in smart homes are done by unauthorized data access. The potential security issues in smart homes are discussed below.
- 1) Malicious trespassing: Whenever there is an attack on a door pass code and altering the pass code and entering the correct code using a brute force technique which leads to access by the unauthorized users. In such cases, the malicious user can trespass on smart doors in smart homes without breaking the doorways, which results in loss of valuable property and threat to life, and the affect will be in various forms. To avoid such attacks the pass codes will be changed periodically and should be very complex to crack. The password should contain more than ten characteristics at least. So that the attackers will take a longer time to break the long passwords and they are almost impossible to predict for the unauthorized user. In the same way access control and the authorization mechanisms will be deployed to combat the malicious attacks.
- 2) Personnel data monitoring and leakage of the data: Privacy and safety are the main parameters in smart homes. Because there are many sensors which work simultaneously, these sensors are used for bay monitoring systems, door braking systems, fire alarm sensors, video surveillance cameras, etc. If all these monitoring systems are hacked by the attacker or intruder then the unauthorized users will steal all this personal information without knowledge of the authenticated user. To protect such data and combat the attacks, А1/ ML based data encryption techniques should be applied between IoT device sensor devices and gateway of the network to detect unauthorized users.
- 3) Denial of service attacks (DoS): If an attacker gets a chance to attack the smart home network, they will send many numbers of unknown messages and overwhelm the network with req/ack signals. Attackers are also capable of doing targeted IoT device attacks by using some unique abnormal codes so that there could be a potential case of denial of service to that particular device, which is interconnected with other IoT devices in the smart home.
In this scenario, IoT devices are not able to perform the basic tasks because of scarcity of resources caused by such attacks. To protect from all these attacks, it is essential to apply one authentication protocol to block and identify unauthorized malicious access.
4) Data falsification: Whenever the IoT devices in a smart home communicate with other IoT devices within the server the malicious attacker may retrieve the data pockets by altering the TCP routing table in the network gateway. This is generally described as data falsification so to avoid such attacks the ML/AI algorithms need to be applied to learn and detect such attacks.
Even though security measures such as SSL (secure socket layer) techniques are applied, a malicious user or attacker can find a way and surpass the duplicate certificate. In a way the malicious user can misunderstand the data content, or confidentiality data leakage may occur. To ensure the security and privacy of a smart home from all these attacks, not only SSL but also the SSL with authentication will minimize the severity of the attack and protect the privacy of the data. Such mechanisms should be applied. It is also necessary to avoid and block malicious users and devices in the network, which damage the smart home network with unauthorized access. For instance, as shown in Figure 3.3 there will be a denial of service attack by overwhelming the network. IoT devices are the future of technology where all hardware devices connect to the global Internet and communicate with each other IoT device. The IoT devices include many handheld devices such as smartphones, laptops, and many other intelligent devices. All these systems have the feature of RFID and QR code scanning which is quick response code. And all these work with wireless communication among various devices. The IoT technology serves many sectors and organizations across the globe, it helps in establishing connection between human to human and physical devices to human, device to device and also vehicle to vehicle in the transportation system.