Abstract— Internet of things (IOT) is a huge group of devices which contains sensors or you may say which contains actuators which are connected together by means of wires or wireless networks. It is been estimated that at the end of the year 2020 there will be almost 20 billion devices connected together. The growth and advancement has been grown rapidly in the area of IOT. As the advancement in such area the security also became a challenging issue. This paper aims to investigate threats and security challenges to IOT systems. Furthermore this papers aims to provide approaches which can improve the security in IOT systems.
Index Terms—Internet of Things, Security, Machine learning.
1. INTRODUCTION
Internet of things (IOT) is a huge group of devices which contains sensors or you may say which contains actuators which are connected together by means of wires or wireless networks. It is been estimated that at the end of the year 2020 there will be almost 20 billion devices connected together. The growth and advancement has been grown rapidly in the area of IOT. As the advancement in such area the security also became a challenging issue. The IOT devices can be divided in to two main groups i.e. gateway devices and edge devices. The edge device is mainly a low power device which contains sensors as well as actuators and such devices mainly have a single purpose e.g. collection of data of temperature and send it to gateway. On the other hand the gateway devices have much more resources in comparison of edge device. The responsibility of such devices is to connect the edge devices to the internet and gathering data from it. But it depends on the quantity of devices. With the increase in the amount of devices as well as the amount of the data which is travelling in between these devices and on our daily lives, the impact of such devices so in such cases security become the most important thing.
There are numerous challenges in order to implement the security in IOT networks. [1] The IOT systems or networks are unrelated. The devices within these systems have different types, such as their methods of communications, various level of resources of devices, its system configuration and last but not least the type of transferred data and shared
data. Every different element is such network or system add a new challenge for the security in such systems. The second main challenge is the amount of the connected devices. More than billions of different devices are connected together and it provides a totally new area for research of focus while considering the resiliency, security as well as the insignificant function. The concept of IOT has gain the attention of researchers, industries in recent years. According to surveys: by the end of 2025 internet sensors may be implemented everywhere e.g. vehicles, furniture’s, plants etc. in 2015 there were about 25 billion of devices which were connected to the internet and it is increasing by the passage of time and according to surveys in the upcoming 5 years this number will increased to 50 billion. The communication in between the applications of IOT normally constitutes the following 3 connections.
Fig1: Elements of internet of things
1.1. People to people (P2P)connection
This type of connection is the transfer of data in between two person e.g. from one person to another person. The medium can be video call, voice call or any sort of social communication and usually such connection is knows as collaboration connection.
1.2. Machine to People (M2P) connection
This type of connection is the transfer of data from machines such as computers, sensors to users in order to analyze i.e. weather forecasters use smart devices in order to gather the data from the environment and send it back to the
Internet of Things (IOT) Systems and its
Security Challenges.
Danish Javeed
1, Di Xiao Qiang
2, Ijaz Ahmad
4, Muhammad Taimoor khan
3,Asmatullah
Khan
5,Tahir Ullah
61, 2, 4, 5Computer Science Department, Changchun University of Science & Technology China.
administrator in the control center in order for further analysis.
1.3. Machine to Machine (M2M) connection
This type of connection is the transfer of data of data in between two machines without any sort of interactions from the humans i.e. the communication between two cars regarding their speed, changing from one lane to another lane or applying of brakes etc.
The communication of the networks with IOT systems combining three of the main categories which are totally based on their technologies elements and it can be summarized is a very simple relation as follow:
IOT=Human + Objects (Devices, Storages, Sensors, Actuators, Computing and Controllers) + Internet
[image:2.595.69.545.264.448.2]The IOT architecture consist of numerous collection of physical objects, developers, services of cloud, sensors, users, communication layers, developers, actuators and last but not least the IOT protocols. The internet objects are a very wide domain and this is the reason that there is no single agreement on IOT architecture and this has been agreed universally.
Fig 2: Internet of things architecture
Figure 2 shows the interconnection in between different application based on IOT technology with many of the use cases as well as some examples.
IOT have multiple applications which can enable a very smarter world in the upcoming some years. It is already being implemented in some areas like smart cities with the functionalities of smart parking, lighting as well as traffic control etc. Furthermore different applications of monitoring the environment i.e. earthquake detection, air pollution, forest fire early detection has been implemented in order to improve the quality of life and to protect the humans and the resources for a quality life. It has an application on water supply in order to understand the demand of the water and as well as to monitor the quality of that water whether it is able for drinking or not. Such applications won’t only help humans to achieve the sustainability goals but it can improve the health also. And if we are talking about its application in daily routine so smart meters have already been implemented in lot of areas in order to check the energy consumption of every house. With the current rate of increase in population the world population is expected to be almost 9.5 billion by the end of 2025. And with the increase in population the demand of crops and food will also be increased with time so IOT applications can provide the methods and the solutions for crop monitoring. There are numerous of sensors that are been installed in fields in order to monitor the crops health. Furthermore it provides the acidity with in the soil, the
moisture kevel of the soil as well as the temperature. Such things can provide a very valuable insight and it can be used to increase the productivity of the crop. Last but not least the IOT have revolutionary applications in health sectors. There are numerous applications i.e. early detection of cancers in the body, drug delivery such as insulin, and fall detection. But while it provides lot of applications as well as advantages, at the same time it have some problems also. All of these advantage won’t come without problems like trust and security issues, privacy, scalability, and energy optimization due to huge datasets it consumes lot of energy.
II. SECURITY THREATS
Despite of all of the applications of IOT these days it has lot of challenges, issues and restrictions. But this paper only aims to the security challenges and threats within IOT systems.
As it consist of lot of things, networks which are interconnected and services. So the IOT systems are mostly very vulnerable to the attacks, specifically network attacks, privacy leakages, software attacks as well as physical attacks. This paper aims on some threats as follow.
Such attackers aim to prevent these devices from the data which is being received from the networks and other resources of computations [2].
DDOS attackers:
Such attackers have a huge amount of IP addresses which make it much more difficult for the IOT systems to differentiate between the traffics whether it is coming from the authorized device or unauthorized [3].
Jamming attackers:
Such attackers try to send some fake signals to make interruption in between the ongoing transmission of the connected devices and furthermore they exhaust their bandwidth, its CPU and all of its memory resources during the failed attempts of the communication [4].
Spoofing:
Such node imitates an authorized Iot device with its own identity i.e. MAC address and RFID tag in order to gain an authorized access to the system and furthermore it can launch attacks like Dos or man in the middle [5].
Man-in-the-middle:
Such attacker sends the jamming as well as signals of spoofing with the intention of monitoring the private
communication in between different IOT devices secretly [2].
Privacy leakage:
The IOT systems have the responsibility to protect the privacy of the users during the process of exchanging and caching the data. But some of the caching owners have the curiosity about the contents of the data which has been stored in their devices. They want to analyze that data and want to sell such private information which leads to the privacy leakage of such devices. Some wearable devices just like smart watches which have the access of your location and about your health have been witnessed to such privacy leakages [6].
Software attacks:
There are numerous mobile malwares which have been already identifies as threats such as worms, Trojan horses and last but not least a virus which can result as the privacy leakage, financial loss as well as the depletion of power in IOT systems [7].
[image:3.595.57.542.378.649.2]The table A shows the Ml-based Iot Security methods as follow.
TABLE A : ML-BASEDIOTSECURITY METHODS
As in the above part of this paper lot of security threats and its possible solutions have been mentioned. But when it comes to threats and security challenges to a system. These two are totally different things. As threats to iot systems have already
been explained in this paper, some of the security challenges will be also explained in this paper regarding IOT systems. While in recent years there is a very big advancement in the
areas of computer science and with these advancements the security challenges have also been increased. Because everything over the internet is not a 100 percent secure. Thus security, privacy as well as the trust are the most critical factors for any of the system as well as an IOT system or applications.
Attacks Security Techniques Machine Learning Techniques Performance
DOS Secure the access control of
IOT offloading Neural Network [8]
Q-learning [9]
Accuracy of
detection Root-mean error
Jamming Secure IOT offloading
Q-learning [10] DQN [4]
Consumption of energy
SINR
Intrusion Access Control
Neural network[11] Support vector machine[12]
Root mean error Classification accuracy
Malware Detection of malware
Random forest [13] Accuracydetection of False positive rate Detection latency
Spoofing Authentication Q-learning [5]
Distributed Frank-Wolfe [14] Erroraverage rate is Miss detection rate
False alarm rate
Eaves Dropping Authentication Q-learning [15]
III. SECURITY CHALLENGES In IOT applications or systems, when the packets are sent through different devices and different connection in order to reach to the desired receiver over the internet, the security measures should be taken in order to maintain the integrity of that data. Furthermore most of the IOT devices are very power devices and because of it the already proposed cryptographic solution cannot be applied in the scenario of IOT. Currently in the network infrastructures the integration of any application is only focused on only achieving the functionality instead f considering its security as security is the most important aspect of any system or of any application while the designing phase. And this is leaving a backdoor for the attackers and adversaries. So it is making the hacking attempts on such application and systems possible. As already the cyber security experts have warned that IOT is one of the most susceptible technologies and it is expected to have much more targeted attacks in comparison of the current and the emerging infrastructures. For instance, data theft, physical injury or harm to systems, denial of service attacks as well as some ransom ware for the smart watches, smart cars as well as smart homes. There are four most important security challenges to any of the IOT systems or application which can be seen in the figure 3.
Fig 3: Security Challenges
3.1. Trillion points of vulnerability:
With each and every device getting connected to IOT, it signifies a potential risk and with the emerging of such risks it directly clues to queries: how much can an organization can be confident regarding the data which is gathered and regarding the integrity of that data? This is a question which is commonly raised in everyone’s mind when it comes to such risk. Furthermore how to make sure that the data which is been sent from one device to another device has been interfered or comprised with?
3.2. Trust and Data integrity
This is to ensure that the data hasn’t been changed from the moment it has been sent from the senders until and unless it reaches to the desired receiver or in other words we may say until it arrives to its final destination. Furthermore it also involves in the data verification in order to check the integrity of the data as well as validating its verification certificate.
3.3. Data protection:
It is the law that is required to be intended in order to protect the data or in order to control the individual and organization data that has been collected by the application or by the sensors and has been stored to be a part of filing system.
3.4. Data privacy:
Last but not least, the data privacy: it is the protection of the data from the exposure in environment of IOT systems or applications. For instance, any of the logical or physical objects can be given a totally unique address over the network. Furthermore the ability to communicate over the network would be also given to such objects or entities.
A novel lively defense edge for the security of IOT systems has been conducted in the paper [16]. The planned method is further shared in to two parts: 1) the first part smears centered on gratitude of the security threats. 2) The second part primarily uses the real data which is delivered in the first part. The authors deliver a suitable clarification method to ensure IOT security.
IV. CONCLUSION AND FUTURE WORK To this end, a very substantial development has been made in the area of IOT technology for a very extensive range of applications. In very simply words IOT integrates and connects a very huge number of devices together in order for better communication of data in a very seamless manner which leads to the formation of useful knowledge. The concept of IOT has changed the way of working of the internet and it integrated the physical and the cyber space in a very decent way. As more as the benefits of IOT, it also faces lot of challenges and security problems. A very summarizing summary of such problems and challenges has been conducted in this paper. For a very effective implementation of such systems all of the pawn measure should be taken at the very early phases i.e. at the design lever and architectural level with a holistic approach. Finally the future work is to provide suitable solutions to such problems in order to increase the security of such systems.
REFERENCE
[1]. R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan. Internet of things (iot) security: Current status, challenges and prospective measures. In 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pages 336–341, Dec 2015.
[2]. I. Andrea, C. Chrysostomou, and G. Hadjichristofi, “Internet of Things: Security vulnerabilities and challenges,” in Proc. IEEE Symposium on Computers and Commun, pp. 180–187, Larnaca, Cyprus, Feb. 2015. [3]. R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed Internet of Things,” Computer Networks, vol. 57, no. 10, pp. 2266–2279, Jul. 2013.
[4]. G. Han, L. Xiao, and H. V. Poor, “Two-dimensional anti-jamming communication based on deep reinforcement learning,” in IEEE Int’l Conf. Acoustics, Speech and Signal Processing, pp. 2087–2091, New Orleans, LA, Mar. 2017.
[6]. Z. Yan, P. Zhang, and A. V. Vasilakos, “A survey on trust management for Internet of Things,” Journal of Network and Computer Applications, vol. 42, no. 3, pp. 120–134, Jun. 2014.
[7]. L. Xiao, Y. Li, X. Huang, and X. J. Du, “Cloud-based malware detection game for mobile devices with offloading,” IEEE Trans. Mobile Computing, vol. 16, no. 10, pp. 2742–2750, Oct. 2017.
[8]. R. V. Kulkarni and G. K. Venayagamoorthy, “Neural network based secure media access control protocol for wireless sensor networks,” in Proc. Int’l Joint Conf. Neural Networks, pp. 3437–3444, Atlanta, GA, Jun. 2009. [9]. Y. Li, D. E. Quevedo, S. Dey, and L. Shi, “SINR-based DoS attack on remote state estimation: A game-theoretic approach,” IEEE Trans. Control of Network Systems, vol. 4, no. 3, pp. 632 – 642, Apr. 2016.
[10]. Gwon, S. Dastangoo, C. Fossa, and H. Kung, “Competing mobile network game: Embracing anti-jamming and jamming strategies with reinforcement learning,” in Proc. IEEE Conf. Commun. and Network Security (CNS), pp. 28–36, National Harbor, MD, Oct. 2013.
[11]. A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Commun. Surveys and Tutorials, vol. 18, no. 2, pp. 1153–1176, Oct. 2015.
[12]. M. Abu Alsheikh, S. Lin, D. Niyato, and H. P. Tan, “Machine learning in wireless sensor networks: Algorithms, strategies, and applications,” IEEE Commun. Surveys and Tutorials, vol. 16, no. 4, pp. 1996–2018, Apr. 2014. [13]. F. A. Narudin, A. Feizollah, N. B. Anuar, and A. Gani, “Evaluation of machine learning classifiers for mobile malware detection,” Soft Computing, vol. 20, no. 1, pp. 343–357, Jan. 2016.
[14]. L. Xiao, X. Wan, and Z. Han, “PHY-layer authentication with multiple landmarks with reduced overhead,” IEEE Trans. Wireless Commun., in press.
[15]. L. Xiao, C. Xie, T. Chen, and H. Dai, “A mobile offloading game against smart attacks,” IEEE Access, vol. 4, pp. 2281–2291, May 2016. [16]. C. Liu, Y. Zhang, and H. Zhang, “A novel approach to IoT security based on immunology,” in Proc. IEEE Ninth International Conference on Computational Intelligence and Security, Leshan, China, Dec 2013, pp. 771–775.
[17]. L. Farhan, A. E. Alissa, S. T. Shukur, M. Alrweg, U. Raza, and R. Kharel, “A survey on the challenges and opportunities of the Internet of Things (IoT),” in Proc. IEEE 11th International Conference on Sensing Technology, Sydney, Nov 2017.
[18]. X. Xingmei, Z. Jing, and W. He. Research on the basic characteristics, the key technologies, the network architecture and security problems of the internet of things. In Computer Science and Network Technology (ICCSNT), 2013 3rd International Conference on, pages 825–828, Oct 2013.
[19]. R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan. Internet of things (iot) security: Current status, challenges and prospective measures. In 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST), pages 336–341, Dec 2015.
[20]. J. Zhou, Z. Cao, X. Dong, and A. V. Vasilakos, “Security and privacy for cloud-based IoT: Challenges,” IEEE Commun. Magazine, vol. 55, no. 1, pp. 26–33, Jan. 2017.
[21]. Z. Sheng, S. Yang, Y. Yu, and A. Vasilakos, “A survey on the IETF protocol suite for the Internet of Things: Standards, challenges, and opportunities,” IEEE Wireless Commun., vol. 20, no. 6, pp. 91–98, Dec. 2013.
AUTHOR’S PROFILE
Mr. Danish Javeed
A master scholar in Computer science, Department of Computer Science , Changchun University of Science and Technology, Changchun China, Research Interest: Information Security, Internet of things (IOT), Machine Learning.
Email: [email protected]
Mr. Ijaz Ahmad
A master scholar in Computer science, Department of Computer Science , Changchun University of Science and Technology, Changchun China, Research Interest:, Artificial Intelligence, Machine Learning , Computer Vision.
Email: [email protected]
Mr. Asmatullah Khan
A PHD scholar in Information and Communication Engineering, Changchun University of Science and Technology, Changchun China, Research Interest: Artificial Intelligence.