The rise of ransomware and emerging security challenges in the Internet of Things
Introduction
Immigrating to a promising era of the Internet of Things (IoT), ubiquitously small embedded devices are implanted with various sensors to sense data from their surroundings and provide smart controlling decisions. The proliferation of miniaturized sensors and connected IoT devices is expected to reach 26 billion by 2020, most of which are wearable devices [1]. In this modern era of technology, people have started to deploy real-world IoT applications, from connected smart homes [2], connected cars [3], [4], smart parking [5], and health monitoring [6], [7] to smart utility meters [8], as shown in Fig. 1. Although IoT can facilitate different aspects of people’s lives, enabling high security, developing ransomware prevention, and establishing solutions are the key remaining concerns, given that IoT devices hold sensitive information [9].
A HP study reveals that 70% of IoT devices are vulnerable to attacks4. Hacking of smart cars is also one of the security threats in IoT [10]. According to recent market data, the IoT security market is expected to rise to $28.90 billion by 2020, which indicates that high-security threats are expected to rise substantially in the foreseeable future5. On the other hand, ransomware continues to experience record growth in 2017. Therefore, ensuring that each device has the appropriate control to maintain data confidentiality and integrity within an organization is necessary [11]. In addition, investigation of IoT security along with data integrity holds practical significance in IoT development. Fig. 2 illustrates the security threats in IoT. Traditional security mechanisms will be unable to accommodate IoT devices completely because most of these devices have battery constraints and limited resources; however, these mechanisms require more resources [12]. Therefore, the prime focus of this study is on exposing emerging IoT threats, challenges, and potential solutions.
In general, IoT security has been widely investigated [13], [14], [15], [16], [17], [18], [19], [20], [21], [22]; however, to the best of our knowledge, none of the existing studies specifically focused on emerging threats and challenges, such as ransomware. In addition, several other important aspects of IoT security, which are discussed in the current study, have not been reported.
The contributions of this study can be summarized as follows.
- •
We initially discuss the rise of ransomware attacks and outline the associated challenges.
- •
We investigate, report, and highlight the state-of-the-art research efforts directed at IoT from the security perspective.
- •
We devise a taxonomy of IoT security by classifying and categorizing the literature.
- •
A few notable reported case studies on IoT security are outlined.
- •
We enumerate the requirements for securing IoT.
- •
We identify and discuss indispensable open challenges in strengthening the security in IoT.
- •
Several prominent future research directions are provided.
These contributions are provided separately from Sections 2 to 8; the concluding remarks are provided in Section 9.
Section snippets
Ransomware
This section describes the basic working of ransomware in an IoT context and discusses their common types. We also discuss some of the approaches used by ransomware to penetrate in the IoT network and provided some examples of IoT-based ransomwares. Finally, some remedies and challenges are highlighted.
Unlike traditional malware threats, a ransomware attack in IoT can be more devastating as it may affect an entire landscape of security services, i.e., confidentiality, integrity, and
State-of-the-art research on IoT security
Although various aspects of security are extensively investigated in different domains, such as ad hoc and sensor networks [35], [36] and software defined networks [37], [38], however, IoT security is still largely unexplored.
For example, the authors in [39] proposed a secure Message Queue Telemetry Transport (MQTT) mechanism called AUPS (Authenticated Publish Subscribe). The mechanism is developed by extending MQTT, which is a popular communication protocol in the IoT paradigm, by introducing
Taxonomy
Fig. 3 depicts the taxonomy that is devised based on various parameters, including threats, requirements, IEEE standards, deployment levels, and technologies.
Case studies on IoT security
This section discusses different case studies that aim to alert users on how serious IoT devices are vulnerable to exploitation. This section is also a motivation for the need to strengthen the security in the IoT paradigm. Table 2 provides a summary of the case studies.
New requirements for securing IoT
An IoT framework can be divided into three layers: device, gateway, and service. The security implementation at each of these layer is vital for securing the entire IoT. However, the requirements of security model for each layer are different. Herein, we discuss the security requirements for each layer of the IoT framework.
Open research challenges
This section discusses the research challenges on security in the IoT paradigm. In Table 3, we enlist some of IoT security startups.
Future research directions
In this section, a few prominent security-related research directions in IoT are provided.
Conclusion
Remarkable advances in smart technologies have paved the way toward a new computing paradigm called the IoT. This study discussed the ransomware attacks and security concerns in IoT. First, we discussed the rise of ransomware attacks and outlined the associated challenges. Second, we investigated, reported, and highlighted the state-of-the-art research efforts on IoT security. Third, a taxonomy is devised by classifying and categorizing the literature. Fourth, a few credible case studies are
Acknowledgement
Imran’s work is supported by the Deanship of Scientific Research at King Saud University through Research group No. (RG # 1435-051).
Ibrar Yaqoob received his Ph.D. degree in Computer Science from the University of Malaya, Malaysia, in 2017. He earned 550 plus citations, and 50 plus impact factor during his Ph.D. candidature. He worked as a researcher at Centre for Mobile Cloud Computing Research (C4MCCR), University of Malaya. His research experience spans over more than three and half years. He has published a number of research articles in refereed international journals and magazines. His numerous research articles are
References (90)
- et al.
Internet of things security: a survey
J. Netw. Comput. Appl.
(2017) Internet of things–new security and privacy challenges
Comput. Law Security Rev.
(2010)- et al.
Security in the internet of things: a review
Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on
(2012) - et al.
A survey on internet of things: security and privacy issues
Int. J. Comput. Appl.
(2014) - K. Cabaj, M. Gregorczyk, W. Mazurczyk, Software-defined networking-based crypto ransomware detection using http traffic...
- et al.
Hybrid of anomaly-based and specification-based ids for internet of things using unsupervised opf based on mapreduce approach
Comput. Commun.
(2017) - et al.
A privacy-preserving smart parking system using an iot elliptic curve based security platform
Comput. Commun.
(2016) - et al.
Faiot: Towards building a forensics aware eco system for the internet of things
Services Computing (SCC), 2015 IEEE International Conference on
(2015) - et al.
The role of big data analytics in internet of things
Comput. Netw.
(2017) - et al.
Lightweight encryption for smart home
Availability, Reliability and Security (ARES), 2016 11th International Conference on
(2016)
Security and privacy in the internet-of-things under time-and-budget-limited adversary model
IEEE Wireless Commun. Lett.
The internet of things: a survey
Inf. Syst. Front.
Wireless communication of real-time ultrasound data and control
SPIE Medical Imaging
Internet-of-things-based smart environments: state of the art, taxonomy, and open research challenges
IEEE Wireless Commun.
Internet of things: a survey on enabling technologies, protocols, and applications
IEEE Commun. Surv. Tut.
Internet of vehicles for e-health applications: a potential game for optimal network capacity
IEEE Syst. J.
Context aware computing for the internet of things: a survey
IEEE Commun. Surv. Tut.
Remote health monitoring system through iot
5th International Conference on Informatics, Electronics and Vision (ICIEV)
Irehmo: an efficient iot-based remote health monitoring system for smart regions
17th International Conference on E-health Networking, Application Services (HealthCom)
Unleashing smart cities efficient and sustainable energy policies with iot based unbundled smart meters
IEEE International Conference on Emerging Technologies and Innovative Business Practices for the Transformation of Societies (EmergiTech)
Security of the internet of things: perspectives and challenges
Wireless Netw.
Iot security development framework for building trustworthy smart car services
IEEE Conference on Intelligence and Security Informatics (ISI)
Application of dynamic variable cipher security certificate in internet of things
Cloud Computing and Intelligent Systems (CCIS), 2012 IEEE 2nd International Conference on
Efficiently observing internet of things resources
IEEE International Conference on Green Computing and Communications
Security for the internet of things: a survey of existing protocols and open research issues
IEEE Commun. Surv. Tut.
A survey on the internet of things security
Computational Intelligence and Security (CIS), 2013 9th International Conference on
A survey on trust management for internet of things
J. Netw. Comput. Appl.
On the features and challenges of security and privacy in distributed internet of things
Comput. Netw.
Botnets and internet of things security
Computer
Robustness, security and privacy in location-based services for future iot: a survey
IEEE Access
Botnets and internet of things security
Computer
Ransomware: evolution, mitigation and prevention
Int. Manage. Rev.
An analysis of malicious threat agents for the smart connected home
Pervasive Computing and Communications Workshops (PerCom Workshops), 2017 IEEE International Conference on
Ransomware of things (rot)
Fuzzy Syst.
Security in internet of things: issues, challenges, taxonomy, and architecture
Telecommun. Syst.
Data exfiltration from internet of things devices: ios devices as case studies
IEEE Internet Things J.
Connected cars–the next target for hackers
Netw. Security
Proposed model to implement high-level information security in internet of things
Fog and Mobile Edge Computing (FMEC), 2017 Second International Conference on
Communityguard: a crowdsourced home cyber-security system
Proceedings of the ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization
Fortifying intrusion detection systems in dynamic ad hoc and wireless sensor networks
Int. J. Distrib. Sens. Netw.
Secure authentication for remote patient monitoring with wireless medical sensor networks
Sensors
Securing software defined networks: taxonomy, requirements, and open issues
IEEE Commun. Mag.
Security in software-defined networking: threats and countermeasures
Mob. Netw. Appl.
Cited by (216)
Can serious gaming tactics bolster spear-phishing and phishing resilience?: Securing the human hacking in Information Security
2024, Information and Software TechnologyData mining for cyber biosecurity risk management – A comprehensive review
2024, Computers and SecuritySwiftR: Cross-platform ransomware fingerprinting using hierarchical neural networks on hybrid features
2023, Expert Systems with ApplicationsBlockchain-based DDoS attack mitigation protocol for device-to-device interaction in smart home
2023, Digital Communications and NetworksMaritime cybersecurity threats: Gaps and directions for future research
2023, Ocean and Coastal Management
Ibrar Yaqoob received his Ph.D. degree in Computer Science from the University of Malaya, Malaysia, in 2017. He earned 550 plus citations, and 50 plus impact factor during his Ph.D. candidature. He worked as a researcher at Centre for Mobile Cloud Computing Research (C4MCCR), University of Malaya. His research experience spans over more than three and half years. He has published a number of research articles in refereed international journals and magazines. His numerous research articles are very famous and among the most downloaded in top journals. His research interests include big data, mobile cloud, the Internet of Things, cloud computing, and wireless networks.
Ejaz Ahmed worked at Centre for Mobile Cloud Computing Research (C4MCCR), University of Malaya, Malaysia. Before that, he has worked as Research Associate in CogNet Research Lab NUST, Pakistan, (December 2009 to September 2012) and in CoReNet, CUST, Pakistan, (January 2008 to December 2009). His research experience spans over more than Eleven years. He is associate editor of IEEE Communication Magazine, IEEE Access, Elsevier Journal of Network and Computer Applications, and KSII TIIS. He has also served as a Lead Guest Editor/Guest Editor and Chair/Co-chair in international journals and international conferences, respectively. His areas of interest include Mobile Cloud Computing, Mobile Edge Computing, Internet of Things, Cognitive Radio Networks, and Smart Cities. He has successfully published his research work in more than sixty international journals and conferences. He has received several performance awards during his research career.
Muhammad Habib ur Rehman is an assistant professor at COMSATS Institute of IT, Wah Cantt Pakistan, where he works on data stream mining systems for the Internet of Things. His research covers a wide spectrum of application areas, including smart cities, mobile social networks, quantified self, and mobile health. He received a PhD in mobile distributed analytics systems from the Faculty of Computer Science and Information Technology at the University of Malaya, Malaysia.
Abdelmuttlib Ibrahim Abdalla Ahmed received his B.Sc. degree in computer science from OIU, Sudan, and his M.S. degree in computer science from IIUI, Pakistan. He is currently pursuing a Ph.D. degree at the University of Malaya. His research Interest areas include trust and reputation systems, security and digital forensics, Internet of Things, mobile and cloud computing, and vehicular networks.
Mohammed Ali Al-Garadi received the M.Tech. degree in electronic and communication engineering from Jawaharlal Nehru Technological University, Hyderabad, India. He is currently pursuing the Ph.D. degree with the Faculty of Computer Science and Information Technology, University of Malaya, Kuala Lumpur, Malaysia. He has published several articles in academic journals indexed in well reputed databases such as ISI-indexed and Scopus-indexed.
Muhammad Imran is an assistant professor in the College of Computer and Information Science, King Saud University. His research interests include mobile ad hoc and sensor networks, WBANs, IoT, M2M, multihop wireless networks, and fault-tolerant computing. He has published a number of research papers in peer reviewed international journals and conferences. His research is financially supported by several grants. He is serving as a Co-Editor-in-Chief for EAI Transactions on Pervasive Health and Technology. He also serves as an Associate Editor for the Wireless Communication and Mobile Computing Journal (Wiley), the Inderscience International Journal of Autonomous and Adaptive Communications Systems, Wireless Sensor Systems (IET), and the International Journal of Information Technology and Electrical Engineering. He has served/serves as a Guest Editor for IEEE Communications Magazine, IJAACS, and the International Journal of Distributed Sensor Networks. He has been involved in a number of conferences and workshops in various capacities such as a Program Co-Chair, Track Chair/Co-Chair, and Technical Program Committee member. These include IEEE GLOBECOM, ICC, AINA, LCN, IWCMC, IFIP WWIC, and BWCCA. He has received a number of awards such as an Asia Pacific Advanced Network fellowship.
Mohsen Guizani (S’85-M’89-SM’99-F’09) received all of his degrees from Syracuse University, Syracuse, NY, USA, in 1984, 1986, 1987, and 1990, respectively. He is currently a Professor and the ECE Department Chair at the University of Idaho. He served in a number of academic positions in the USA. His research interests include wireless communications, mobile computing, computer networks, cloud computing, IoT, security, and smart grid. He currently serves on the editorial boards of several international technical journals and the Founder and the Editor-in-Chief of Wireless Communications and Mobile Computing journal (Wiley). He is the author of nine books and more than 400 publications in refereed journals and conferences. He guest edited a number of special issues in IEEE journals and magazines. He also served as a member, Chair, and the General Chair of a number of international conferences. He was selected as the Best Teaching Assistant for two consecutive years at Syracuse University. He was the Chair of the IEEE Communications Society Wireless Technical Committee and the Chair of the TAOS Technical Committee. He served as the IEEE Computer Society Distinguished Speaker from 2003 to 2005. He is a Fellow of IEEE and a senior member of ACM.