nach oben

Telecommunication Systems

Erschienen in:

13.06.2017

Security in Internet of Things: issues, challenges, taxonomy, and architecture

verfasst von: Vipindev Adat, B. B. Gupta

Erschienen in: Telecommunication Systems | Ausgabe 3/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Internet technology is very pervasive today. The number of devices connected to the Internet, those with a digital identity, is increasing day by day. With the developments in the technology, Internet of Things (IoT) become important part of human life. However, it is not well defined and secure. Now, various security issues are considered as major problem for a full-fledged IoT environment. There exists a lot of security challenges with the proposed architectures and the technologies which make the backbone of the Internet of Things. Some efficient and promising security mechanisms have been developed to secure the IoT environment, however, there is a lot to do. The challenges are ever increasing and the solutions have to be ever improving. Therefore, aim of this paper is to discuss the history, background, statistics of IoT and security based analysis of IoT architecture. In addition, we will provide taxonomy of security challenges in IoT environment and taxonomy of various defense mechanisms. We conclude our paper discussing various research challenges that still exist in the literature, which provides better understanding of the problem, current solution space, and future research directions to defend IoT against different attacks.

Vorheriger Artikel On the application of the sum of generalized Gaussian random variables: maximal ratio combining

Nächster Artikel Neighbors’ interference situation-aware power control scheme for dense 5G mobile communication system

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Ashton, K. (2009). That internet of things thing. RFiD Journal, 22(7), 97–114.

Tewari, A., & Gupta, B. B. (2016). Cryptanalysis of a novel ultra-lightweight mutual authentication protocol for IoT devices using RFID tags. The Journal of Supercomputing, 73(3), 1085–1102.CrossRef

Stergiou, C., Psannis, K. E., Kim, B. G., & Gupta, B. (2016). Secure integration of IoT and cloud computing. Future Generation Computer systems. doi:10.1016/j.future.2016.11.031.

Stojkoska, B. L. R., & Trivodaliev, K. V. (2017). A review of Internet of Things for smart home: Challenges and solutions. Journal of Cleaner Production, 140, 1454–1464.CrossRef

Botta, A., De Donato, W., Persico, V., & Pescapé, A. (2016). Integration of cloud computing and internet of things: A survey. Future Generation Computer Systems, 56, 684–700.CrossRef

Odelu, V., Das, A. K., Khan, M. K., Choo, K. K. R., & Jo, M. (2017). Expressive CP-ABE scheme for mobile devices in IoT satisfying constant-size Keys and ciphertexts. IEEE Access, 5, 3273–3283.CrossRef

Kong, L., Khan, M. K., Wu, F., Chen, G., & Zeng, P. (2017). Millimeter-wave wireless communications for IoT-cloud supported autonomous vehicles: Overview, design, and challenges. IEEE Communications Magazine, 55(1), 62–68.CrossRef

Ab Malek, M. S. B., Ahmadon, M. A. B., Yamaguchi, S., & Gupta, B. B. (2016). On privacy verification in the IoT service based on PN 2. In Proceedings of the Consumer Electronics, IEEE 5th Global Conference on 2016, IEEE. (pp. 1–4).

Tewari, A., & Gupta, B. B. (2017). A lightweight mutual authentication protocol based on elliptic curve cryptography for IoT devices. International Journal of Advanced Intelligence Paradigms, 9(2–3), 111–121.CrossRef

10.

Deering, S., & Hinden, R. (1998). Internet protocol, version 6 (IPv6) specification. RFC 2460. https://rfc-editor.org/rfc/rfc2460.txt. Accessed 20 March 2017.

11.

Molisch, A. F., Balakrishnan, K., Chong, C. C., Emami, S., Fort, A., Karedal, J., et al. (2004). IEEE 802.15. 4a channel model-final report. IEEE P802, 15(04), 0662.

12.

Wang, Y., Attebury, G., & Ramamurthy, B. (2006). A survey of security issues in wireless sensor networks. IEEE Communications Surveys & Tutorials, 8(2), 2–23.CrossRef

13.

Winter, T. (2012). RPL: IPv6 routing protocol for low-power and lossy networks. RFC 6550. https://tools.ietf.org/html/rfc6550. Accessed 20 March 2017.

14.

Le, A., Loo, J., Lasebae, A., Aiash, M., & Luo, Y. (2012). 6LoWPAN: A study on QoS security threats and countermeasures using intrusion detection system approach. International Journal of Communication Systems, 25(9), 1189–1212.CrossRef

15.

Sonar, K., & Upadhyay, H. (2014). A survey: DDOS attack on Internet of Things. International Journal of Engineering Research and Development, 10(11), 58–63.

16.

Evans, D. (2011). The Internet of Things: How the next evolution of the internet is changing everything. CISCO White Paper, 1(2011), 1–11.

17.

Hinden, R., & Deering, S. (1995). Internet protocol, version 6 (IPv6) specification. RFC 1883. https://tools.ietf.org/html/rfc1883. Accessed 20 March 2017.

18.

Montenegro, G., Kushalnagar, N., Hui, J., & Culler, D. (2007). Transmission of IPv6 packets over IEEE 802.15. 4 networks. RFC 4944. https://www.rfc-editor.org/rfc/rfc4944.txt. Accessed 20 March 2017.

19.

IEEE Standards Association. P2413-Standard for an Architectural Framework for the Internet of Things (IoT). https://standards.ieee.org/develop/project/2413.html. Accessed 20 March 2017.

20.

IEEE Internet of Things. http://iot.ieee.org/. Accessed 20 March 2017.

21.

Alliance for Internet of Things Innovation. https://www.aioti.eu/. Accessed 20 March 2017.

22.

Abramovich, G. (2015). Mind-blowing stats about the Internet of Things. http://www.cmo.com/features/articles/2015/4/13/mind-blowing-stats-internet-of-things-iot.html. Accessed 20 March 2017.

23.

Attivo Networks. (2016). Deception of attack detection of IoT devices. https://attivonetworks.com/documentation/Attivo_Networks-IoT.pdf. Accessed 20 March 2017.

24.

Says, G. (2015). 6.4 billion connected “Things” will be in use in 2016, up 30 percent from 2015. Laval: Gart. Inc.

25.

Hayashi, K. (2014) IoT worm used to mine cryptocurrency. http://www.symantec.com/connect/blogs/iot-worm-used-mine-cryptocurrency. Accessed 20 March 2017.

26.

Paganini, P. (2014). IoT—Discovered first Internet of Things cyberattack on large-scale. http://securityaffairs.co/wordpress/21397/cyber-crime/iot-cyberattack-large-scale.html. Accessed 20 March 2017.

27.

Wood, P., Nahomey, B., Chandrasekar, K., Wallace, S., & Haley, K. (2016). Symantec internet security threat report. Technical report, Symantec Corporation.

28.

Bitdefender BOX. https://www.bitdefender.com/box/compare/. Accessed 20 March 2017.

29.

CUJO Device. https://www.getcujo.com/. Accessed 20 March 2017.

30.

IoT Guardian. https://www.zingbox.com/iot-guardian/. Accessed 20 March 2017.

31.

DOJO. https://www.dojo-labs.com/product/dojo/. Accessed 20 March 2017.

32.

Luma Surround WiFi. https://lumahome.com/surround-wifi/. Accessed 20 March 2017.

33.

F-Secure SAFE. https://www.f-secure.com/en/web/home_global/safe. Accessed 20 March 2017.

34.

Internet of Things Global Standards Initiative. (2016). International Telecommunication Union. http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx. Accessed 20 March 2017.

35.

Li, J., Li, J., Chen, X., Jia, C., & Lou, W. (2015). Identity-based encryption with outsourced revocation in cloud computing. IEEE Transactions on Computers, 64(2), 425–437.CrossRef

36.

Li, J., Liu, Z., Chen, X., Xhafa, F., Tan, X., & Wong, D. S. (2015). L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing. Knowledge-Based Systems, 79, 18–26.CrossRef

37.

Zhangjie, F., Xingming, S., Qi, L., Lu, Z. H. O. U., & Jiangang, S. H. U. (2015). Achieving efficient cloud search services: Multi-keyword ranked search over encrypted cloud data supporting parallel computing. IEICE Transactions on Communications, 98(1), 190–200.

38.

Xia, Z., Wang, X., Sun, X., & Wang, Q. (2016). A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data. IEEE Transactions on Parallel and Distributed Systems, 27(2), 340–352.CrossRef

39.

Xia, Z., Wang, X., Zhang, L., Qin, Z., Sun, X., & Ren, K. (2016). A privacy-preserving and copy-deterrence content-based image retrieval scheme in cloud computing. IEEE Transactions on Information Forensics and Security, 11(11), 2594–2608.CrossRef

40.

Wu, M., Lu, T. J., Ling, F. Y., Sun, J., & Du, H. Y. (2010). Research on the architecture of Internet of Things. In Proceedings of 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE) 2010, IEEE (Vol. 5, pp. V5–484).

41.

Tan, L., & Wang, N. (2010). Future internet: The Internet of Things. In Proceedings of 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE), 2010, IEEE (Vol. 5, pp. V5–376).

42.

Suo, H., Wan, J., Zou, C., & Liu, J. (2012). Security in the Internet of Things: A review. In International Conference on Computer Science and Electronics Engineering (ICCSEE), 2012, IEEE (Vol. 3, pp. 648–651).

43.

Gubbi, J., Buyya, R., Marusic, S., & Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future Generation Computer Systems, 29(7), 1645–1660.CrossRef

44.

Bonomi, F., Milito, R., Zhu, J., & Addepalli, S. (2012). Fog computing and its role in the Internet of Things. In Proceedings of the First Edition of the MCC Workshop on Mobile Cloud Computing, ACM (pp. 13–16).

45.

Bonomi, F., Milito, R., Natarajan, P., & Zhu, J. (2014). Fog computing: A platform for internet of things and analytics. In N. Bessis & C. Dobre (Eds.), Big data and internet of things: A roadmap for smart environments (pp. 169–186). Springer International Publishing.

46.

Weber, R. H. (2010). Internet of Things-new security and privacy challenges. Computer Law & Security Review, 26(1), 23–30.CrossRef

47.

Hu, Z. (2011). The research of several key question of Internet of Things. In International Conference on Intelligence Science and Information Engineering (ISIE), 2011, IEEE (pp. 362–365).

48.

Gan, G., Lu, Z., & Jiang, J. (2011). Internet of Things security analysis. In International Conference on Internet Technology and Applications (iTAP), 2011, IEEE (pp. 1–4).

49.

Yan, Z., Zhang, P., & Vasilakos, A. V. (2014). A survey on trust management for Internet of Things. Journal of Network and Computer Applications, 42, 120–134.CrossRef

50.

Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. New Jersey: Wiley.

51.

Riahi, A., Natalizio, E., Challal, Y., Mitton, N., & Iera, A. (2014). A systemic and cognitive approach for IoT security. In International Conference on Computing, Networking and Communications (ICNC), 2014, IEEE (pp. 183–188).

52.

Mulligan, G. (2007). The 6LoWPAN architecture. In Proceedings of the 4th Workshop on Embedded Networked Sensors, ACM (pp. 78–82).

53.

Kushalnagar, N., Montenegro, G., & Schumacher, C. (2007). IPv6 over low-power wireless personal area networks (6LoWPANs): Overview, assumptions, problem statement, and goals (No. RFC 4919).

54.

Wallgren, L., Raza, S., & Voigt, T. (2013). Routing attacks and countermeasures in the RPL-based Internet of Things. International Journal of Distributed Sensor Networks, 9(8).

55.

Le, A., Loo, J., Lasebae, A., Vinel, A., Chen, Y., & Chai, M. (2013). The impact of rank attack on network topology of routing protocol for low-power and lossy networks. IEEE Sensors Journal, 13(10), 3685–3692.CrossRef

56.

Atzori, L., Iera, A., & Morabito, G. (2010). The Internet of Things: A survey. Computer Networks, 54(15), 2787–2805.CrossRef

57.

Akyildiz, I. F., Su, W., Sankarasubramaniam, Y., & Cayirci, E. (2002). A survey on sensor networks. IEEE Communications Magazine, 40(8), 102–114.CrossRef

58.

Wood, A. D., & Stankovic, J. A. (2002). Denial of service in sensor networks. Computer, 35(10), 54–62.CrossRef

59.

Shi, E., & Perrig, A. (2004). Designing secure sensor networks. IEEE Wireless Communications, 11(6), 38–43.CrossRef

60.

Modares, H., Salleh, R., & Moravejosharieh, A. (2011). Overview of security issues in wireless sensor networks. In Third International Conference on Computational Intelligence, Modelling and Simulation (CIMSiM), 2011, IEEE (pp. 308–311).

61.

Pathan, A. S. K., Lee, H. W., & Hong, C. S. (2006). Security in wireless sensor networks: Issues and challenges. In Proceedings of the 8th International Conference Advanced Communication Technology, 2006. ICACT 2006, IEEE (Vol. 2, p. 6).

62.

Singh, S., & Verma, H. K. (2011). Security for wireless sensor network. International Journal on Computer Science and Engineering, 3(6), 2393–2399.

63.

Karlof, C., & Wagner, D. (2003). Secure routing in wireless sensor networks: Attacks and countermeasures. Ad Hoc Networks, 1(2), 293–315.CrossRef

64.

Newsome, J., Shi, E., Song, D., & Perrig, A. (2004). The sybil attack in sensor networks: Analysis & defenses. In Proceedings of the 3rd International Symposium on Information Processing in Sensor Networks, ACM (pp. 259–268).

65.

Hu, Y. C., Perrig, A., & Johnson, D. B. (2003). Packet leashes: A defense against wormhole attacks in wireless networks. In Twenty-Second Annual Joint Conference of the IEEE Computer and Communications. INFOCOM 2003. IEEE Societies, IEEE (Vol. 3, pp. 1976–1986).

66.

Zia, T., & Zomaya, A. (2006). Security issues in wireless sensor networks. In International Conference on Systems and Networks Communications, ICSNC’06, 2006, IEEE (p. 40).

67.

Khan, R., Khan, S. U., Zaheer, R., & Khan, S. (2012). Future internet: Ihe Internet of Things architecture, possible applications and key challenges. In 10th International Conference on Frontiers of Information Technology (FIT), 2012, IEEE (pp. 257–260).

68.

Weber, R. H. (2015). Internet of Things: Privacy issues revisited. Computer Law & Security Review, 31(5), 618–627.CrossRef

69.

Daemen, J., & Rijmen, V. (2013). The design of Rijndael: AES-the advanced encryption standard. Berlin: Springer.

70.

Diffie, W., & Hellman, M. (1976). New directions in cryptography. IEEE Transactions on Information Theory, 22(6), 644–654.CrossRef

71.

Eastlake 3rd, D., & Jones, P. (2001). US secure hash algorithm 1 (SHA1)(No. RFC 3174).

72.

Gilbert, H., & Handschuh, H. (2004). Security analysis of SHA-256 and sisters. In M. Matsui & R. J. Zuccherato (Eds.), Selected areas in cryptography. SAC 2003. Lecture notes in computer science (Vol. 3006, pp. 175–193). Springer, Berlin, Heidelberg.

73.

Kalra, S., & Sood, S. K. (2015). Secure authentication scheme for IoT and cloud servers. Pervasive and Mobile Computing, 24, 210–223.CrossRef

74.

Raza, S., Wallgren, L., & Voigt, T. (2013). SVELTE: Real-time intrusion detection in the Internet of Things. Ad Hoc Networks, 11(8), 2661–2674.CrossRef

75.

Dunkels, A. (2012). Contiki: The open source OS for the Internet of Things. Accessed 20 March 2017.

76.

Amin, S. O., Siddiqui, M. S., Hong, C. S., & Lee, S. (2009). RIDES: Robust intrusion detection system for IP-based ubiquitous sensor networks. Sensors, 9(5), 3447–3468.CrossRef

77.

Bloom, B. H. (1970). Space/time trade-offs in hash coding with allowable errors. Communications of the ACM, 13(7), 422–426.CrossRef

78.

Le, A., Loo, J., Luo, Y., & Lasebae, A. (2011). Specification-based IDS for securing RPL from topology attacks. In Wireless Days (WD), 2011 IFIP, IEEE (pp. 1–3).

79.

Kasinathan, P., Pastrone, C., Spirito, M. A., & Vinkovits, M. (2013). Denial-of-service detection in 6LoWPAN based Internet of Things. In IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), 2013, IEEE (pp. 600–607).

80.

Kasinathan, P., Costamagna, G., Khaleel, H., Pastrone, C., & Spirito, M. A. (2013). DEMO: An IDS framework for internet of things empowered by 6LoWPAN. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, ACM (pp. 1337–1340).

81.

Gupta, B. B., Joshi, R. C., & Misra, M. (2009). Defending against distributed denial of service attacks: Issues and challenges. Information Security Journal: A Global Perspective, 18(5), 224–247.

82.

Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.CrossRef

83.

Yan, Q., Yu, F. R., Gong, Q., & Li, J. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.CrossRef

84.

Haas, A., Haas, M., & Weinert, M. (2015). The Internet of Things is already here, but who bears the risks?

85.

Esraa Alomari, R. A., Manickam, S., et al. (2012). Botnet-based distributed denial of service (DDoS) attacks on web servers: Classification and art. International Journal of Computer Application (IJCA), 49(07), 24–32.CrossRef

86.

Chhabra, M., et al. (2013). A novel solution to handle DDOS attack in MANET. Journal of Information Security, 4(3), 165.CrossRef

87.

Gupta, B. B., & Badve, O. P. (2016). Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. Neural Computing and Applications, 1–28.

Titel: Security in Internet of Things: issues, challenges, taxonomy, and architecture
verfasst von: Vipindev Adat
B. B. Gupta
Publikationsdatum: 13.06.2017
Verlag: Springer US
Erschienen in: Telecommunication Systems / Ausgabe 3/2018
Print ISSN: 1018-4864
Elektronische ISSN: 1572-9451
DOI: https://doi.org/10.1007/s11235-017-0345-9

Neuer Inhalt

Bildnachweise

VDI-Icon, Profil Icon, inhalt2, Springer Professional Modul/© Springer Fachmedien Wiesbaden GmbH, Nachhaltigkeitsaward Key Visual/© Cometis AG/Global ESG Monitor | Daniel Rupp | Generiert mit KI, Search Icon, Banner Hanser, Kryptowährungen/© gopixa / Getty Images / iStock, MG4 aus China auf dem Prüfstand im ADAC-Technik-Zentrum in Landsberg am Lech/© ADAC e.V., Chassis eines Elektrofahrzeugs/© chesky / stock.adobe.com, Zeitschrift Wissensmanagement Cover, PatentFit-Logo/© Springer Fachmedien Wiesbaden GmbH, Sustainibility Finance/© Robert Kneschke / stock.adobe.com / Springer Fachmedien Wiesbaden GmbH, Zukunftswerkstatt Sales Excellence 2024/© AndreyPopov / Getty Images / iStock, 2023_Antrieb/© supervisuell

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2018

Influence of overhead on LTE downlink performance: a comprehensive model

Cooperative energy efficient D2D clustering in LTE-A with enhanced QoS

On the application of the sum of generalized Gaussian random variables: maximal ratio combining

Congestion avoidance in cognitive wireless sensor networks using TOPSIS and response surface methodology

An energy-aware routing protocol for wireless sensor network based on genetic algorithm

Improving cell assignment probabilities using CPICH quality

Neuer Inhalt

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.