Vulnerabilities, Attacks and Countermeasures

Table of Contents:

The advancement of technologies brings both positive and negative points. In one way, the technology brings additions to new features and makes human life comfortable, however, these new features are also vulnerable to attacks. The physical network and application layers of WoT can be susceptible to many attacks. This section will discuss these attacks in detail.

Physical Attacks

Physical attacks focus on hardware components that are present in WoT systems. These types of attacks affect the lifeline and functionality of the hardware. Different types of physical attacks are discussed further below.

1. Node Tampering

This type of physical attack involves the damage that can be done to the sensor node by either changing the whole hardware part or by gaining access to that node and altering the sensitive data such as cryptographic keys [40].

2. RF Interference on RFIDs

RFID tags can be easily hacked in order to send a noise signal created by the attacker. This noise signal is sent over the frequency of those radio signals that are used by the RFIDs for communication. This can easily result in a Denial of Service (DOS) attack [41].

3. WSN Node Jamming

This attack is similar to the RF interference attack, except that this attack is WSN based. The radio frequencies which are used by WSN can be interfered with by the attacker which will result in signal jamming and communication denial to the nodes. If the jamming of key sensor node is successful, the attack can deny services for the WoT [42].

4. Sleep Deprivation Attack

In the WoT systems, the sensor nodes are powered by replaceable batteries and are also programmed in way that they follow sleep routines so that battery life can be extended. Sleep Deprivation Attacks result in keeping the nodes alive, which increases power consumption and can ultimately result in the shutdown of the node.

5. Malicious Code Injection

In this attack the node is compromised by injecting malicious code which results in providing the attacker with access to the WoT system. With the help of malicious code injection, full access to the node, or even the whole system, can easily fall into the hands of an attacker [43].

Network Attacks

These attacks are based on the WoT network layer and can also be executed remotely far from the WoT system over the internet.

1. RFID Spoofing

For reading and recording of data transmission, RFID signals are spoofed. After spoofing of RFID signals, the attacker can transmit malicious data along with the original ID tag so that it appears to be valid [44].

2. RFID Unauthorized Access

In RFID systems, as there are no proper authentication mechanisms present, anyone can gain access to the RFID tags. This obviously means that anyone, including an attacker, can manipulate the data by any means present on the RFID node [45].

3. Sinkhole Attack

In a sinkhole attack, all the traffic that comes from the WSN nodes is lured away by the attacker resulting in the creation of a metaphorical sinkhole. In this attack, confidentiality of data is breached, and also service is denied to the network, which thus results in dropping of all the packets instead of forwarding them.

4. Denial of Service (DOS)

In DOS, an attacker transmits more data to the WoT network than it can handle and as a result the WoT system starts denying service to genuine users.

5. Sybil Attack

A Sybil node is known as a malicious node. It is a singular node that contains the ID of every other node. The WSN node accepts false information under this kind of attack.

Software Attacks

In any computerized system, the main cause of vulnerabilities is software attacks. Some of the software attacks that cause improper functioning of WoT devices are as follows:

1. Phishing Attacks

In this attack, confidential information is gained by the attacker by using infected emails or phishing websites [46].

2. Viruses, Worms and Other Spyware

These are defined as malicious software that can affect the system and may result in various outcomes such as stealing and tampering with information, or even a denial of service attack.

3. Malicious Scripts

As WoT networks are always connected to the internet, the user that is controlling the gateway can be easily fooled in to executing ActiveX Scripts, which can ultimately result in system failure and complete shutdown of services.

Security Requirements

There is a continuous transfer of information between the WoT devices. Such an environment requires tight security for data protection. Security requirements of WoT systems for the protection of user data are: authentication and confidentiality and access control [47].

Authentication and Confidentiality

Authentication is defined as a process through which the credentials provided by a user or client are compared to what is present in the database for user authorization. In the context of authorization, the approach presented by Zhao [48] used a custom encapsulation mechanism that is a WoT security protocol. This protocol is called an intelligent service security application protocol, and it can perform critical operations such as merging of signature, encryption and authentication.

Kothmayr et al. [49] presented the first full implementation of a two-way scheme for authentication security for WoT which operates on the basis of current internet standards. Authentication for WoT has to be robust and highly automated. Access control helps for achieving confidentiality of user data by preventing unauthorized node use and by preventing the nodes being compromised. Confidentiality is defined as protecting the user's personal information when that information is shared over a network that is publicly accessible.

Privacy in WoT

WoT is now a part of various practical applications such as smart parking, traffic control, inventory management and more, and when using these applications, a user expects privacy of personal information. For management of privacy in WoT, data tagging was proposed. With the use of technologies that are present in Information Flow Control, data which is represented with the help of network events are tagged with different privacy properties. These tags help in the preservation of privacy by allowing system reasoning with the flow of data. Cao et al. [50] proposed Continuously Anonymizing STreaming data via adaptive cLustEring (CASTLE). CASTLE is based on a cluster approach that ensures constraints and anonymity for a data stream that results in enhancing preservation of privacy techniques (e.g. k-anonymity).

Trust in WoT

Trust is a notion of which there is no definitive consensus defined in the scientific literature, but which plays a vital role in WoT. Trust works strictly on the basis of management of identity and controlling access issues. The protocol of trust management for WoT is activity based, distributed and based on encounter as well. In this protocol, when two different nodes come in contact with each other, they can exchange trust evaluation about the other nodes. Thus, this type of dynamic trust protocol is able to adapt and choose from the best trust parameter and hence can adapt to the changing environment for achieving maximum application performance [51].

Relation of WoT and M2M

Machine-to-Machine (M2M) is a term in which a network is used by the machines for interconnection and these machines work without any user interaction. M2M is all about communication and connection with a "thing" that can be a machine, device or sensor or anything that can receive or send data. WoT is an elaboration of M2M. While M2M is all about connecting devices to each other, WoT is all about device interaction.

Connectivity is provided by M2M that offers capability to WoT. Without the concept of M2M, the concept of WoT must only be a pipedream [52]. M2M type of communication helps in the integration of different technologies that are required for communication in WoT. Services such as data transport and security are provided by an M2M service layer.

Conclusion

WoT (WoT) integrates different types of devices for serving different purpose such as sensing, processing, identification and communication. There is a rapid increase in WoT technologies as the sensors and actuators are getting more powerful and inexpensive with technical advancements. This chapter reviews recent research in WoT. First, the authors introduced the background and different types of WoT architectures. Next, we addressed the key technologies that play a vital role in WoT and protocols which are used in the WoT network. This chapter also discusses various application areas where WoT plays an important role presently and in the future. The major contribution of this chapter is the focus on the working of WoT technologies for future researchers.

References

1. Uckelmann, D., Harrison, M., & Michahelles, F. (2011). An architectural approach towards the future Internet of Things. In: Architecting the Internet of Things (pp. 1-24). Springer, Berlin, Heidelberg.
2. Huang, Y., & Li, G. (2010, August). Descriptive models for Internet of Things. In 2010 International Conference on Intelligent Control and Information Processing (pp. 483-486). IEEE.
3. Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15), 2787-2805.
4. Suo, H., Wan, J., Zou, C., & Liu, J. (2012, March). Security in the Internet of Things: A review. In 2012 International Conference on Computer Science and Electronics Engineering (Vol. 3, pp. 648-651). IEEE.
5. Silva, B. N., Khan, M., & Han, K. (2018). Internet of Things: A comprehensive review of enabling technologies, architecture, and challenges. IETE Technical Review, 35(2), 205-220.
6. Bilal, M. (2017). A review of Internet of Things architecture, technologies and analysis smartphone-based attacks against 3D printers. arXiv Preprint ArXiv:1708.04560.
7. Khan, R., Khan, S. U., Zaheer, R., & Khan, S. (2012, December). Future internet: The Internet of Things architecture, possible applications and key challenges. In 2012 10th International Conference on Frontiers of Information Technology (pp. 257-260). IEEE.
8. Papazoglou, M. P., & Van Den Heuvel, W. J. (2007). Service oriented architectures: Approaches, technologies and research issues. The VLDB Journal, 16(3), 389-415.
9. de Deugd, S., Carroll, R., Kelly, K., Millett, B., & Ricker, J. (2006). SODA: Service oriented device architecture. IEEE Pervasive Computing, 5(3), 94-96.
10. Buettner, M., Greenstein, B., Sample, A., Smith, J. R., & Wetherall, D. (2008, October). Revisiting smart dust with RFID sensor networks. In Proceedings of the 7th ACM Workshop on Hot Topics in Networks (HotNets-VII).
11. Floerkemeier, C., Roduner, C., & Lampe, M. (2007). RFID application development with the Accada middleware platform. IEEE Systems Journal, 1(2), 82-94.
12. Ray, P. P. (2018). A survey on Internet of Things architectures. Journal of King Saud University-Computer and Information Sciences, 30(3), 291-319.

13. Sun, C. (2012). Application of RFID technology for logistics on Internet of Things. AASRI Procedia, 1,106-111.
14. Aggarwal, R., & Das, M. L. (2012, August). RFID security in the context of Internet of Things. In Proceedings of the First International Conference on Security of Internet of Things (pp. 51-56). ACM.
15. Madakam, S., Ramaswamy, R., & Tripathi, S. (2015). Internet of Things (IoT): A literature review. Journal of Computer and Communications, 3(5), 164.
16. Fan, Y. J., Yin, Y. H., Da Xu, L., Zeng, Y., & Wu, F. (2014). IoT-based smart rehabilitation system. IEEE Transactions on Industrial Informatics, 10(2), 1568-1577.
17. Yaacoub, E., Kadri, A., & Abu-Dayya, A. (2012, October). Cooperative wireless sensor networks for green Internet of Things. In Proceedings of the 8h ACM Symposium on QoS and Security for Wireless and Mobile Networks (pp. 79-80). ACM.
18. Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). Wireless sensor networks: A survey. Computer Networks, 38(4), 393-422.
19. IEEE 802.15, http://ieee802.org/15.
20. e-SENSE, http://www.nooviz.com/michel/eSENSE.
21. Arsenio, A., Serra, H., Francisco, R., Nabais, E, Andrade, J., & Serrano, E. (2014). Internet of intelligent things: Bringing artificial intelligence into things and communication networks. In: Inter-Cooperative Collective Intelligence: Techniques and Applications (pp. 1-37). Springer, Berlin, Heidelberg.
22. Ubi e-SENSE, https://ubisense.com.
23. Islam, M. M., Hung, P. P., Hossain, A. A., Aazam, M., Morales, M. A. G., Alsaffar, A. A., Lee, S.-J., & Huh, E. N. (2013). A framework of smart Internet of Things based cloud computing. Research Notes in Information Science (RNIS), 14,646-651.
24. Rao, B. P., Saluia, P., Sharma, N., Mittal, A., & Sharma, S. V. (2012, December). Cloud computing for Internet of Things & sensing based applications. In 2012 Sixth International Conference on Sensing Technology (ICST) (pp. 374-380). IEEE.
25. He, W., Yan, G., & Da Xu, L. (2014). Developing vehicular data cloud services in the IoT environment. IEEE Transactions on Industrial Informatics, 10(2), 1587-1595.
26. Jiang, L., Da Xu, L., Cai, H., Jiang, Z., Bu, E, & Xu, B. (2014). An IoT-oriented data storage framework in cloud computing platform. IEEE Transactions on Industrial Informatics, 10(2), 1443-1451.
27. Narendra, N., Ponnalagu, K., Ghose, A., & Tamilselvam, S. (2015, September). Goal-driven context-aware data filtering in IoT-based systems. In 2015 IEEE 18th International Conference on Intelligent Transportation Systems (pp. 2172-2179). IEEE.
28. Bicknell (2009). IPv6 Internet Broken, Verizon Route Prefix Length Policy.
29. Shelby, Z., Hartke, K., Bormann, C, & Frank, B. (2013). "Constrained application protocol (CoAP).draft-ietf-core-coap-18," The Internet Engineering Task Force- IETE, Fielding, R. T. (2000). "Architectural styles and the design of network based software architectures," Diss., University of California.
30. Colitti, W., Steenhaut, K., De Caro, N., Buta, B., & Dobrota, V. (2011, October). Evaluation of constrained application protocol for wireless sensor networks. In 2011 18th IEEE Workshop on Local & Metropolitan Area Netzvorks (LANMAN) (pp. 1-6). IEEE.
31. Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of Things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys and Tutorials, 17(4), 2347-2376.

32. Saint-Andre, P. (2011). Extensible messaging and presence protocol (XMPP): Core.
33. Standard, O. A. S. I. S. (2012). Oasis Advanced Message Queuing Protocol (AMQP) version 1.0. International Journal of Aerospace Engineering. Hindawi um>w. hindawi.com, 2018.
34. Heuser, L., Nochta, Z., & Trunk, N. C. (2008). ICT Shaping the World: A Scientific View.
35. Bandyopadhyay, D., & Sen, J. (2011). Internet of Things: Applications and challenges in technology and standardization. Wireless Personal Communications, 58(1), 49-69.
36. Sanchez, L., Munoz, L., Galache, J. A., Sotres, P, Santana, J. R., Gutierrez, V., Ramdhany, R., Gluhak, A., Krco, S., Theodoridis, E., & Pfisterer, D. (2014). SmartSantander: IoT experimentation over a smart city testbed. Computer Networks, 61,217-238.
37. Li, Y., Hou, M., Liu, H., & Liu, Y. (2012). Towards a theoretical framework of strategic decision, supporting capability and information sharing under the context of Internet of Things. Information Technology and Management, 13(4), 205-216.
38. Yang, G., Xie, L., Mantysalo, M., Zhou, X., Pang, Z., Da Xu, L., Kao-Walter, S., Chen, Q., & Zheng, L. R. (2014). A health-IoT platform based on the integration of intelligent packaging, unobtrusive bio-sensor, and intelligent medicine box. IEEE Transactions on Industrial Informatics, 10(4), 2180-2191.
39. Sebastian, S., & Ray, P. P. (2015). When soccer gets connected to internet. Proceedings of the I3CS, Shillong (pp. 84-88).
40. Perrig, A., Stankovic, J., & Wagner, D. (2004). Security in wireless sensor networks.
41. Li, L. (2012, May). Study on security architecture in the Internet of Things. In: Proceedings of the 2012 International Conference on Measurement, Information and Control (Vol. 1, pp. 374-377). IEEE.
42. Mpitziopoulos, A., Gavalas, D., Konstantopoulos, C, & Pantziou, G. (2009). A survey on jamming attacks and countermeasures in WSNs. IEEE Communications Surveys and Tutorials, 11(4), 42-56.
43. Andrea, I., Chrysostomou, C, & Hadjichristofi, G. (2015, July). Internet of Things: Security vulnerabilities and challenges. In 2015 IEEE Symposium on Computers and Communication (ISCC) (pp. 180-187). IEEE.
44. Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2010). Classification of RFID attacks. Gen, 15693,14443.
45. Lin, J., Yu, W., Zhang, N., Yang, X., Zhang, H., & Zhao, W. (2017). A survey on Internet of Things: Architecture, enabling technologies, security and privacy, and applications. IEEE Internet of Things Journal, 4(5), 1125-1142.
46. Jagatic, T. N., Johnson, N. A., Jakobsson, M., & Menczer, F. (2007). Social phishing. Communications of the ACM, 50(10), 94-100.
47. Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed Internet of Things. Computer Networks, 57(10), 2266-2279.
48. Zhao, Y. L. (2013). Research on data security technology in Internet of Things. In: Applied Mechanics and Materials (Vol. 433, pp. 1752-1755). Trans Tech Publications: Zurich, Switzerland.
49. Kothmayr, T, Schmitt, C, Hu, W., Briinig, M., & Carle, G. (2013). DTLS based security and two-way authentication for the Internet of Things. Ad Hoc Networks, 11(8), 2710-2723.

50. Cao, J., Carminati, B., Ferrari, E., & Tan, K. L. (2010). Castle: Continuously anonymizing data streams. IEEE Transactions on Dependable and Secure Computing, 8(3), 337-352.
51. Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76,146-164.
52. Severi, S., Sottile, F., Abreu, G., Pastrone, C, Spirito, M., & Berens, F. (2014, June). M2M technologies: Enablers for a pervasive Internet of Things. In 2014 European Conference on Networks and Communications (EuCNC) (pp. 1-5). IEEE.

Vulnerabilities, Attacks and Countermeasures

Physical Attacks

Network Attacks

Software Attacks

Security Requirements

Authentication and Confidentiality

Privacy in WoT

Trust in WoT

Relation of WoT and M2M

Conclusion

References

Attacks, Vulnerabilities, and Blockchain-Based Countermeasures in Internet of Things (IoT) Systems

Public Key Primitive Fault and Power Attacks and Countermeasures

Physical attacks on health professionals

Physical Attacks

Network Attacks

Attack Detection in Wireless ad-hoc Network

Software Attack (Malware and Ransomware)

Software Attacks

Strategic, Tactical, and User-Specific Software Attacks

Endpoint AV Software Security Requirements

Additional Security Requirements for a Mobile and Cloud Architecture

Expressing Security Requirements

Authentication and Confidentiality

Confidentiality, Data integrity, and Authentication

If the performance problem is due to a personal problem, how do I start talking about someone's personal life without appearing to be nosy or invading privacy?

What are my rights to privacy?

Risk and trust

Broader context of globalisation, immigration, and trust in institutions

Inverse Relations between Addition and Subtraction

Inverse Relations between Multiplication and Division