As per R. R. Roman et al. [14] in IoTs, an attacker may control part of the system, but it is not possible for an assailant to completely control the entire system due to the innately distributed existence of IoTs. It helps an intruder to be both “within” and “external.” Therefore, these assailant models are marked as safety risks.

7.3.1 Denial of Service (DoS)

The IoT can be released with a large number of DoS attacks. However, in addition to traditional internet DOS attacks, e.g„ chain jamming, the existing wireless communication system can be attacked on most data acquisition networks. Malicious domestic aggressors who take possession of certain infrastructures may cause even more confusion.

7.3.2 Physical Harm

This hazard can be regarded as part of the DoS hazard. Active attackers can lack technical expertise in this form of threat and can only interfere with provision of IoT services by damaging the actual “stuff.” This is a practical IoT assault, because objects can easily be reached by anyone (e.g., streetlights). The attacker simply aims to damage the hardware module if this is not possible.

7.3.3 Eavesdropping

In this model of attacker, passive attackers target and block different communication channels to eliminate information (e.g., mobiles, wired networks, internet) from the flow of information. In this network, the information circulating can be derived from an internal network intruder, which gains access to the resources within.

7.3.4 Node Capture

As stated earlier, materials (e.g., street lights, appliances) are in a certain setting. A successful attacker may physically attempt to retrieve the data without it being destroyed. Alternatively, active attackers can target other devices and components like data processing and data storing agencies that store data.

7.3.5 Controlling

As long as there is a path to attack, active assailants can try to partly or completely manipulate an IOT entity. The degree to which such attackers can cause harm depends in particular on: (a) importance of data handled by the particular item and system, and (b) the services rendered by the item and appliance. The extent of damage caused by such assailants mainly depends on (a) the value of the data handled by the element or system, and (b) the services supplied by the element and system concerned. As per К. M. Sadique et al. [15], IoT security risks have been identified as (1) distrust of IoT devices by distrusting manufacturers, (2) replacement of things with malicious inferior quality things, (3) middle attack by man due to lack of proper authentication and authorization mechanisms during transmission, (4) malicious code replacement by an attacker; M. Sadique et al. [15] and Internet Engineering Task Force (IETF) IoT safety threats.


According to J. Ahamedand A. V. Rajan [16], IoT security threats continue to grow and mature, and it is a challenge for developers and researchers to address these threats. It is therefore necessary to try all the different ways to protect IoT devices with internet- enabled services. To accomplish this task, the various attack vectors must be studied.

7.4.1 Memory for IoT Device

Many IoT systems have little room for storage, so the applications need external memory. With their open architecture, most IoT equipment would be publicly exposed. This would open up a number of vulnerabilities to the system, for example, by revealing the device ID or the IoT serial number. Compromising and system interference would also have to be addressed.

7.4.2 Web Integration for IoT

Most IoT systems can contain web integration to connect to database servers. Crosssite injection and scripting are among the key safety risks for IoT systems, some of which may have an impact on IoT's web interface.

7.4.3 Services for IoT Devices Network

Another IoT device combat vector is a network services IoT device. IoT devices are very difficult to execute high-level encryption algorithms, making the devices vulnerable to data attacks on discovery. Unable to identify problems with normal data identification, a device can lead to different types of DDoS attacks. Sensor nodes are not needed by resource constraints, like computing power and data storage capacity to perform load testing or integrity tests, which renders the system vulnerable.

7.4.4 IoT Device Cloud Connectivity

Many IoT devices have cloud infrastructure connections that have major concerns about safety. Attackers can analyze the data through compromise of the cloud architecture. If a cloud attacker is able to compromise, one malware could be dangerous because it can be loaded simultaneously into several IoT devices.

7.4.5 IoT Device Software Update

The updating of the program is one process that in an IoT device can never be disrupted or skipped. Manually upgrading the patches one by one would still not be feasible for each IoT system. A cloud-based approach will work. However, there are still security risks to the cloud, and upgrading IoT devices’ software patches is still a research area.

7.4.6 IoT Device to Device Connectivity

Another vector of attack is device-to-IoT computer communication. Hackers use rogue devices to communicate and collect information that is confidential and sensitive with the existing IoT system. For the safeguarding of the IoT systems in terms of the device’s link, efficient authentication and encryption schemes are required.

7.4.7 IoT AAA Services

Services such as Authentication, Authority, and Accounting (AAA) would be a difficult task in IoT. Due to the distributed nature of IoT systems, the AAA device would be more challenging. It still is not clear how the AAA services are performed on the system by a single device or device group. There must be a secure way to communicate the authentication keys and tokens without divulging. The authentication method shall take into account device by device, equipment by device, and cloud authentication tool.

7.4.8 IoT Data Storage Methods

An external system safety vector can be found in IoT devices. Because of restricted computing power and storage space, IoT system management data are unencoded, in order for IoT apps not to verify data integrity. This prevents secrecy and authorization of the device. Most IoT devices could only support symmetric encryption where you can use static keys to encrypt and decrypt. Once the key has been compromised, the system can also affect the current and future scenarios.


The key security attacks in three domains of IoT, such as Cloud domain, fog domain, and sensing domain, have been identified and defined by A. Rayes and S. Salam [17]. For this broad number of servers with fast data processing. Cloud domain includes the IoT applicator and IoT services. In the fog domain, the fog device performs data acquisition operations, including aggregation, preparation, and storage. Fog devices are also linked to another in order to manage communication between intelligent objects and to cooperate how this fog device is responsible for handling what objects will alter their position over time.

All smart objects and devices that can feel the surroundings and record sensed data on fog domain devices are part of the sensing domain. Here are discussed some of the possible security threats in IoT.

Cloud Domain Security Attacks

Hidden-Channel Attacks

In addition to a logical separation between the VMs running on the same server, certain hardware components like cache are shared between these VMs. It can give the VMs live on the same server a chance for data leakage. Various countermeasures to avoid hidden channel attacks may be adopted. Any of them will be discussed. Hard isolation, w'hich is essential for maintaining a high level of isolation among VMs under this precautionary technique, will be discussed. For this, the hardware or software for each VM is available with a separate dedicated cache. Either way. Cache Flushing technology flushes the cache sharing w'hen cache delivery is transferred from one VM to the other. The defect is that the VMs on the server often experience a performance breakdown if that cache is vacuumed every time a VM sw'itch occurs, w'hich increases time to access and retrieve information. It’s also hard to know whether a cache or memory collected the data, using noisy access time technology, adding noisy data to the time necessary to retrieve the data.

This makes it impossible for a malicious VM in the case of another VM that shares a server to recognize the segments of the cache. This has, of course, a cost because the time to recover the data cost for the collected data is slightly delayed because of the noise (variable time delay). The restricting cache speed is a method for reducing the amount of data to be drawn through VMs, by restricting how much the cache is transferred from one VM to the next.

If the cache is not transferred from a VM to another one too early in this strategy, then the cache content w'ill be changed drastically by the VM that has a cache. This makes it difficult for another VM to gain a thorough understanding of the data accessed by the previous VM in cache testing.

VM Migration Attacks

Virtualization allows Live VM relocation, w'hich enables a VM to be transferred transparently from a server to another server. Some of these types of attacks are as follows.

Control Plane Attacks

This type of attack targets the module that can manage migration on a server called the hypervisor migration module. The hacker is able to steal the server w'ith a software migration module bug and control the migration module completely. Such attacks are mentioned.

Overflowing for migration: The attacker transfers all VMs stored on the hacked server to a victim server with inadequate resources for hosting all moving VMs. This triggers a service denial of the VM applications, as all host VMs resulting in VM performance loss and VM collision do not comply with the specifications.

Advertising for fake assets: The compromised server says that it’s a huge slack tool like other free services. This attracts other servers to release certain VMs to the hacked server, thus distributing the workload on the cloud servers. After moving VMs from other normal servers to the hacked server, it is easier for the attacker to break into discharged VMs with vulnerabilities. Such VMs are then installed on a server under the attacker’s power.

Man-in-the-middle attack

FIGURE 7.1 Man-in-the-middle attack.

Attacks on Data Plane

A second form of attacks on VM migration are triggered by this kind of attack, which threaten the network links over which the VM is transferred from one server to another. Any of the following are mentioned.

Sniffing attack: The intruder sniffs the initial and target packets and reads transmitted data files.

Man-in-the-middle attack: In a similar attack to one usually sent when a VM switches from one server to another, the attacker generates a free ARP response packet. This generated ARP packet informs the routing devices that the victim’s VM address is changed to the attacker’s physical address.

The incoming packets are then forwarded to the assailant’s current physical address. Figure 7.1 demonstrates the middleman attack. If a protection function does not preserve the integrity of packets, an attacker can amend the contents of the received packages. As per [18], attackers secretly reveal and likely alter contact between two parties who feel that they communicate directly with one another.

Theft of Service Attack

In this attack, a deceptive VM acts to make the VM manager devote more resources to it than the amount it should receive. This increased resource allocation to the misty VM is at the detriment of other VMs using the same server that the malicious VM, where those victims of the VM get less assistance than they would actually get. Figure 7.2 shows service theft. In order to handle service theft, two countermeasures were proposed. The first remedy is to log the start and end times accurately when each VM uses precise clocks for the cores. Randomizing the sampling times is another countermeasure.

VM Escape Attack

Virtual machines are configured such that any VM on the same server runs and isolates it from other VMs, to prevent VMs accessing data from other VMs on the

Theft of service attack

FIGURE 7.2 Theft of service attack.

same server. In reality, however, software bugs can break the isolation. The malicious VM may get root access to the entire system where a VM escapes the monitor layer and enters the hardware of the system. It offers full VM power over all VMs on the hacked server. An extra separation layer among the devices and the monitor can be added to counteract VM escape attack by nested virtualization, so that the unwelcome VM does not obtain root rights, although it bypasses a VM monitor layer. Certain options are software to avoid attacks from VM escape.

Insider attacks: For all attacks that have been previously discussed, the cloud data center managers were treated as trusted entities and were focused on attacks from the other unpleasant VMs hosted at the cloud data center. Nevertheless, such sensitive software may have grave concerns regarding the capacity of cloud data center administrators to access and change collected information [17].

Fog Domain Security Issues and Attacks Authentication and Trust Issues

Fog systems are likely to be owned by many lesser-known companies. Authentication to identify the owner of the fog equipment when assigning an intelligent object to a fog equipment is critical for protection. It is also necessary with authentication to determine whether or not to trust the owner of the fog system. Confidence is a significant problem because the smart object can be distributed to multiple fog devices and can be used by different organizations as its location changes over time. Higher Migration Security Risks

VM migration is common for both fog and cloud environments. The migrated VMs are transported across the internal network of the cloud data center. The fog device migrates to another computer through the internet. If a VM is transferred from a fog system to another, there is a greater likelihood of swapping VMs to reveal insecure network connections or network routers. It is therefore necessary to encrypt the migrated VM and to authentically exchange migration messages between fog devices. Higher Vulnerability to DoS Attack

Less fog system machine ability makes it easier for attackers to immerse fog systems in denial of service (DoS) attacks. Compared to cloud data centers, where there is a large number of servers with a high processing power, attacks by DoS are no simpler. Further Risks to Health Due to Use of Containers

The container in the fog solution is more computerized than VMs for the delegation of the resources specifications for each connected object to have a larger connection between various objects. The fog tool will serve a bigger number of items, if there is a small container overhead. If a container dedicated to objects from different users has the same operating system, severe safety issues will lead to the leakage of data and significantly hide the fog device being shared. Privacy Issues

As already mentioned, any intelligent object must be linked to one of the nearby fog devices. This means that a fog device can track users or know their movement patterns. By taking care of the location of all connected intelligent objects, it can break the private space of users carrying other objects. Strategies have to be built to make it more difficult for fog resources to track the position of intelligent devices over time. The wireless signal processing revolution allowed the movement of people, objects and their position, and lips and animals to recognize and interpret their heartbeats through their wireless signals that communicate between sensors and fog domains. The revolution in wireless signal processing has facilitated the identification.

Sensing Domain Security Attacks

The sensing domain can be targeted many times. There are some of them listed below. Jamming Attack

This type of attack leads to an interruption of service and has two types: jamming of the receiver when the assault is targeting the OSI stack physical domain of the receiver, where the receiver produces a signal (called the jamming signal) when a deceptive user (called the jammer) is generating a signal (called the jamming signal). This interrupt affects the quality of the signal received and causes several errors, without knowing that the damaged packets are being received and waiting for the receiver to re-transmit them. Second, jamming of the sender is the data link in the receiving object’s OSI layer, where the jammer sends a jammer signal to avoid the neighboring objects of their packets from transmitting when you know that the Wi-Fi is busy. Jamming techniques that can be practiced by jammers include many forms of jamming, such as persistent jamming, manipulative jamming, or random jamming. This is a method of detection. Unlike other nodes-centered jam detection solutions, B. Upadhyayas el al. [19] demonstrate high detection accuracy without overhead communication costs between the nodes. Vampire Attack

This attack takes advantage of the fact that most IoT artifacts have a small capacity (drummer), when a malicious user misuses devices in such a way as to consume additional power that causes the battery to run out faster, causing service interruption.

The harm caused by the attack is usually determined by the additional energy that artifacts consume when negative activity is not present. Four forms of vampire attack are based on the vacuum technique. Denial of Sleep

In order to minimize the power absorption by intelligent artifacts, different protocols in the data link layer have been suggested by switching these items to sleep where appropriate. The protocols are based on the concept of a system of tax cycles, by exchanging control messages to synchronize objects on their schedules to decide on signal transmits at that interval for the rest of the time. An intruder may now initiate sleep attack denials that do not allow artifacts to switch to sleep through the usual transmission and activation of control signals to adjust their duty cycles. If control messages are encrypted, the attacker will intercept and replay any of the encrypted control messages and force the object nodes to amend their synchronization and scheduling. Mitigation of sleep attacks can be done with encryption, using a time stamp concept or a number in the encrypted message of control, of those control messages which manage and reorganize object node schedules. In ref. [20] К. K. Krentz et al. describe three separate DoD attacks, the shooting of ding-dong, crash attacks, and pulse delays, against ContikiMAC. Flooding Attack

The intruder will flood the nearby object nodes with stupid packets and ask them to bring the packages to the fog system where devices collect waste electricity by receiving and sending devices by transmitting such stupid packets. Malicious attackers during UDP flood attacks send the victim a lot of packets, which cause the victim to generate many ICMP messages that block it [21]. Attack mitigation can be accomplished by limiting the packet rate that can be produced by any unit. Carousel Attack

This attack focuses on the network layer of the OSI stack. The routing protocol can be started if it supports source routing. The entire routing path for the packets can be specified when the object node created is routed by the source. In this case, the attacker defines a route that includes closed paths (loops) where the same packet is routed back and forth to exploit its control. The carousel attack shows in Figure 7.3. Carousel connection mitigation can be achieved by using the same source path to delete packets with loops from their routes, as they are most possibly from malicious users by requesting a packet from each object node based on a specified route. As for a carousel attack, it loops a network packet until it eventually reaches its spot. Along with other forms of attack, stretch and carousel attacks can be used. If used alone, however, they can remain undetected, making defense difficult [22]. Stretch Attack

The network layer of the OSI stack is targeted by this attack. The routing protocol can send packets to the fog network through very long not direct and short paths if the routing protocol supports source routing. The stretch attack is revealed in Figure 7.4. Mitigation of stretch attacks can be accomplished by preventing source routing, or by

Carousel attack

FIGURE 7.3 Carousel attack.

ensuring that redirected packets advance to their targets without long paths. By combining flood attack with carousel attack and stretch assault, the attacker may further increase the amount of waste energy. To this end. an attacker floods the nearby object nodes with many generated packets. He defines long distances loops in order to increase the amount of energy waste. Selective-Forwarding Attack

This type of attack is when the object does not directly send the generated packets to the fog system, but depends on other object nodes. The route to the fog system to deliver those packets includes more object nodes. A disappointed object in this attack does not forward any of the neighboring object packets. The blackhole attack, in which the attacker loses all packets from the night nodes, is a special form of attack. For sensitive IoT applications, packet drops can be avoided by improvements in the transmitting ability of object nodes to enter the fog system directly without any support from intermediate object nodes. However, not every IoT object is supposed to enter the fog directly with high transmission range, and some objects can therefore rely on other objects to deliver their packets, rendering them vulnerable to this attack. A. Mathur et al. security mechanism against selective forwarding offenses offers an

effective way for dealing with single attacks and joint attacks. This can be useful since attacks in the real world sometimes function together between malicious nodes [23].

< Prev   CONTENTS   Source   Next >