Challenges with Managing IoT Technologies

While the IoT can bring important advantages, they will be difficult to implement. Forbes Insights recently surveyed almost five hundred executives and, when asked about their greatest challenge in building their IoT capabilities, twenty-nine said it had been the standard of IoT technology. This is not stunning. In some cases, IoT platforms must support thousands of vendors, dozens of standards, and be able to scale to countless devices, along with creating and receiving billions of messages.

IoT-based solutions are generally created from a number of technologies, some already existing and a few entirely new. Everything has its own path of development, and once they are combined, they will produce an atmosphere that is complicated and speedily dynamical. Here are four challenges with managing IoT technologies these days.

Integrating New Technologies into Existing Environments

In the era of the smartphone, it will appear as if each machine is connected and sharing data; however, that is not the case. Within the client world, a combination of technologies competes for dominance, and standardization remains elusive. As a result, comparatively few homes, appliances, or other commodities are literally IoT- enabled and connected. In the industrial world, it gets even more sophisticated owing to the character of the investments. Capital instrumentality that has been within the field for twenty years or so is not invariably a viable target for replacement, as a stove or refrigerator could also be within the shopper world. Retrofitting is usually the sole realistic resolution to bring IoT capabilities to existing instrumentation. However, retrofitting is neither easy nor assured. Whereas connecting legacy equipment and systems offers huge advantages and is a very important step within the IoT initiatives at several industrial corporations, the hurdles to implementation may be formidable.

That said, corporations are creating vital strides within this space. They are adding complete sensors and cameras to existing environments and devices to monitor and collect information regarding machine performance and health. These sensors attached to existing devices and connect with gateways to firmly collect and transmit information, which might then be analyzed.

Managing Protocol Complexity

Another huge challenge within the development of the IoT is the immense variety of protocols. Some of the common standards include: [1]

  • • Thread
  • • We-Mo

In some ways, BLE, ZigBee, Z-Wave, and Thread are similar. They are all wireless technologies that use mesh networks to wirelessly connect and network IoT devices while not involving a cellular or Wi-Fi signal. However, they differ in the frequency they use, and they vary in operation and therefore the variety of devices they will support at a given time. We-Mo, however, needs Wi-Fi, which eliminates the requirement for a hub or controller, and permits devices to attach directly via the net. Two of the massive disadvantages of this technique are that it needs a lot more power and processing capability than alternative, lower-energy choices.

Again, this can only be a brief list; the quantity of protocols is in depth. Each has its advantages and downsides; however, since there is no single common standard, businesses should confirm the correct protocol for every use case and make sure the technologies they select are compatible with their overall platform. As standards are still evolving, it is going to be advantageous to exchange or upgrade the method.

Networking Challenges

Beyond the various completely different protocols and disparate hardware, there are basic networking challenges that have got to be addressed to make IoT-enabled devices a reality. The primary step is to make sure that information is flowing quickly and reliably. Security is additionally crucial, as IoT devices are often evolving into targets for hackers and cyber terrorists. Once devices connect, they have to certify, information should be encrypted, and they ought to communicate their presence and activity.

Power consumption and bandwidth present alternative distinctive challenges. During a scenario where thousands of devices are communicating with each other, frequent communication and transmission may be a drain on battery-operated devices. In those cases, minimal, economical power usage is vital. During a scenario where thousands of devices are communicating over wireless networks, bandwidth will become a priority, and costs will increase quickly. The goal should be to keep IoT information streams as compact and economical as possible.

Best Practices in the Era of IoT

Within the IT world, best practices are generally described as procedures that are well known and considered to be the most effective. Nowadays there’s an absence of best practice to help businesses write code, manage the life cycle of certain IoT-related hardware and software systems, and address the distinctive kinds of breaches that may occur, together with intrusions that are initiated at the device level. Without best practices as a road map, programmers and IT professionals are traveling in unmapped waters. Consider the Mirai botnet attack in October 2016. Throughout this incident, IT professionals saw firsthand how prolific a breach can be. Although the incident was damaging, many things were learned, together with the importance of getting an IoT security strategy and the concept of fast response.

As the IoT continues to proliferate, there are guaranteed to be growing pains. Hardware can still advance and improve. The software system can become a lot more refined. New standards, protocols and connectivity choices can become much more prevalent. However, businesses should ensure that their new capabilities stay compatible with legacy systems. With this sort of approach, businesses will simply handle the speed of change that comes with the IoT and very much notice its advantages.

Security Threats of IoT

The Internet of Things (IoT) delivers substantial advantages to end-users. However, it also brings new security challenges. Part of the central security issue is that connected devices share implicit trust. This shared trust between connected devices means the devices automatically transmit their information to every alternative straight away upon recognition while not initially running any malware detection tests. The worst- case eventualities of those IoT security dangers lead to physical harm or maybe the loss of life.

Connected devices are creating pleasant experiences for consumers; however, they also represent current targets for hackers. The Internet of Things (IoT) and cybercriminal activity share two vital traits: they are mostly invisible to the eye, and they surround us at any given moment.

As additional organizations use a combination of sensors and complicated software system applications to create smart homes, smart workplace environments, and even smart cities, the results typically feel magic. Lights turn on after you enter a room. A piece of machinery proactively requests an upgrade to stop breaking down. A retail store automatically restocks a shelf before customers become annoyed over missing things. These are all ways in which the IoT makes technology omnipresent and seamless. Unfortunately, the foremost prospering cybercriminals behave in an almost identical way. Hacking databases, attacking websites, and stealing passwords seldom involves a face-to-face encounter. Once technology becomes essential, the security problems associated with the technology tend to mount. Over time, these problems have transitioned from email to text messages, from desktop PCs to smartphone and currently to the IoT.

The Internet of Things (IoT) may be a quickly growing phase of the internet. Whereas different parts of the internet are dependent on individuals exchanging data, IoT allows devices to gather data, transmit data and receive data. It is easier to think about IoT as similar to online, email or social networks; however, rather than connecting individuals, it connects smart machines.

Vulnerability

The most basic and easy-to-pick threat to IoT devices is their vulnerability. Corporations providing IoT solutions begin with addressing this issue initially before looking at the underlying software system. We are also compelled to perceive that vulnerability is often of two types: hardware and software. Hardware vulnerability is commonly hard to discover or penetrate. However, it is even harder to repair or overhaul the injury. Software vulnerability points toward a poorly written algorithmic program or a line of code with a backdoor. This backdoor will simply give access to intruders prying for such opportunities.

Easy Exposure

This can be one of the most basic problems faced by the IoT business. Any device, if unattended or exposed to troublemakers, is an open invitation to discomfort. In most cases, IoT devices are not flexible to third-party exposure; they either expose or are simply accessible to anyone.

This means that an attacker will either simply steal the device, connect the device to a different device containing harmful information, or attempt to extract cryptological secrets, modifying the programming or perhaps substituting those devices with malicious ones over which the intruder has complete management.

Threats

Threats are often of two types: an individual’s threat or a natural threat. Any threat arising from natural occurrences like earthquakes, hurricanes, floods, or fires will cause severe injury to IoT devices. We regularly take a backup or produce contingency plans to safeguard information. However, any injury caused to the devices physically cannot be repaired.

Nowadays, IoT solutions have matured over time. Devices, today, have evolved to be waterproof. It will be a long journey before IoT solution suppliers come up with something that is fireproof or earthquake-proof. On the contrary, we tend to do everything in our power to curb any human threats to IoT devices. These threats are typically malicious attacks.

Insecure Web Interface

The security issues relating to the Internet of Things are that the built-in IoT allows the end-user to interface with devices while at the same an attacker or intruder may also gain an unauthorized access to these devices.

Some of the security issues are listed below.

  • • Account enumeration
  • • Weak default credentials
  • • Credentials exposed in network traffic
  • • Cross-site scripting (XSS)
  • • SQL-injection
  • • Session management
  • • Weak account lockout settings.

The solution to the above problems is

  • • Default passwords and default usernames must be changed during initial setup.
  • • Ensuring password-recovery mechanisms are robust and do not supply an attacker with information indicating a valid account.
  • • Ensure that web interface is not susceptible to XSS, SQLi or CSRF.
  • • Ensure that credentials are not exposed in internal or external network traffic.
  • • Weak passwords should not be allowed.
  • • Account lockout after 3-5 failed login attempts.

Insufficient Authentications

This area deals with mechanisms insufficient to authenticate IoT devices. These give rise to such issues as

  • • Lack of password complexity.
  • • Poorly protected credentials.
  • • Lack of two-factor authentication.
  • • Insecure password recovery.
  • • Privilege escalation.
  • • Lack of role-based access control.

The solution to the above problems is

  • • Ensure that strong passwords are required.
  • • Ensuring granular access control is in place when necessary.
  • • Ensuring credentials are properly protected.
  • • Implement two-factor authentications where possible.
  • • Ensuring those password-recovery mechanisms are secure.
  • • Ensuring re-authentication is required for sensitive features.
  • • Ensuring options are available for configuring password controls.

Insecure Network Devices

Here are some of the problems related to the insecure network devices with IoT:

  • • Vulnerable services
  • • Buffer overflow
  • • Open ports via UPnP
  • • Exploitable UDP services
  • • Denial-of-service
  • • DoS via network device fuzzing.

The solution to the above problems is

  • • Ensuring only necessary ports are exposed and available. Ensuring services are not vulnerable to buffer overflow and fuzzing attacks.
  • • Ensuring services are not vulnerable to DoS attacks which can affect the device itself or other devices and/or users on the local network or other networks.
  • • Ensuring network ports or sendees are not exposed to the internet via UPnP for example.

Lack of Transport Encryption

This area deals with the data or information being exchanged in an unencrypted format. [2]

The solution to the above problems is

  • • Ensuring data is encrypted using protocols such as SSL and TLS while transiting networks.
  • • Ensuring other industry-standard encryption techniques are utilized to protect data during transport if SSL or TLS are not available.
  • • Ensuring only accepted encryption standards are used and avoid using proprietary encryption protocols.

Privacy Concerns

Collection of unnecessary personal information is the main concern of patients. The information of patients should be legal and it should not be accessed by any third party.

Some points should be kept in mind while dealing with privacy threats. They are listed below:

  • • Ensuring only data critical to the functionality of the device is collected.
  • • Ensuring that any data collected is of a less sensitive nature.
  • • Ensuring that any data collected is de-identified or anonymized.
  • • Ensuring any data collected is properly protected with encryption.
  • • Ensuring the device and all of its components properly protect personal information.
  • • Ensuring only authorized individuals have access to collected personal information.
  • • Ensuring that retention limits are set for collected data.
  • • Ensuring that end-users are provided with “Notice and Choice” if data collected is more than what would be expected from the product.

Insecure Cloud Interface

This point concerns security issues related to the cloud interface used to interact with the IoT devices. [3]

RE 2.4 Demonstration of Web security

FIG U RE 2.4 Demonstration of Web security.

  • • Ensuring credentials are not exposed over the internet.
  • • Implement two-factor authentications if possible.

Conclusions

This chapter discussed the various types of application of the Internet of Things (IoT) in the healthcare industry. We have focused on the various types of application of IoT in the healthcare industry; the major security issues and the challenges present in the way of successful implementation of IoT in the industry. IoT is often blamed for delusions of grandeur and therefore the conviction that it is a big deal. The fact is that it is a giant deal and destined to grow larger. IoT is certainly a giant deal and it is only planning to get larger with the passage of time. Sadly, the larger it gets the greater a target is on its back. Likewise, all the related threats and IoT trends can get larger. Manufacturers and others linked with the IoT trade may have to be compelled to get serious regarding protection problems and threats.

References

  • 1. Alok Kulkarni. Sampada Sathe. “Healthcare applications of the Internet of Things: A Review”. (IJCSIT) International Journal of Computer Science and Information Technologies, 5 (5), 2014, 6229-6232.
  • 2. B. Sobhan Babu, K. Srikanth. T. Ramanjaneyulu, I. Lakshmi Narayana. “IoT for Healthcare” International Journal of Science and Research (IJSR) 2014.
  • 3. Shubham Banka, Isha Madan, S.S. Saranya. “Smart Healthcare Monitoring using IoT. International Journal of Applied Engineering Research ISSN 0973-4562, 13 (15), 2018, 11984-11989.
  • 4. Ananda Mohon Ghosh, Debashish Haider, SK Alarngir Hossain “Remote Health Monitoring System through IoT” 5th International Conference on Informatics, Electronics and Vision (ICIEV)
  • 5. Damian Dziak,*, Bartosz Jachimczyk, Wlodek J. Kulesza “IoT-Based Information System for Healthcare Application' Design Methodology Approach” Appl. Sci. 2017, 7, 596; doi:10.3390/app7060596 www.mdpi.com/journal/applsci
  • 6. Harold Thimbleby. “Technology and the future of healthcare.” [Journal of Public Health Research, 2013; 2:e28]
  • 7. Burgos S. Medical information technologies can increase quality and reduce costs. Clinics, 2013, 68(3):425, http://dx.doi.org/10.6061/clinics/ 2013(03)LE04 Jo
  • 8. https://dzone.com/articles/the-biggest-security-threats-and-challenges-for-io Health Research 2013; vo
  • 9. www.iotforall.com/7-most-common-iot-security-threats-2019/28
  • 10. www.ubuntupit.com/25-most-common-iot-security-threats-in-an-increasingly-connected- world/
  • 11. www.sdxcentral.com/5g/iot/definitions/iot-security/

  • [1] BLE (Bluetooth low energy) • ZigBee • Z-Wave
  • [2] Unencrypted services via the internet. • Unencrypted services via the local network. • Poorly implemented SSL/TLS. • Misconfigured SSL/TLS.
  • [3] Account enumeration. • No account lockout. • Credentials exposed in network traffic. The solution to the above problem is • Default passwords, default usernames to be changed during initial setup. • Ensuring user accounts cannot be enumerated using functionality such as password reset mechanisms. • Ensuring account lockout after 3-5 failed login attempts. • Ensuring the cloud-based web interface is not susceptible to XSS, SQLior CSRF.
 
Source
< Prev   CONTENTS   Source   Next >