Abstract— by the advancement in technology, day by day new Internet of Things (IoT) devices have introduced that help to live more easily than first. All the internet of things devices works on internet signals. So it easy to break any device with prior technical knowledge. It is important to secure Internet of things devices. This paper is presenting all the research directions in which security is needed for an internet of things devices.
Keywords—Internet of things; network security; research direction ; insert (key words)
IoT (Internet of Things) is the network of physical objects-devices, vehicles, buildings and other items embedded with electronics, software, sensors, and network connectivity-that enables these objects to collect and exchange data. The internet of things allows objects to be sensed and controlled remotely across existing network infrastructure 1.
The rapid development of information technology (IT) has brought forward a hyper connected society in which objects are connected to mobile devices and the Internet and communicate with one another. In the 21st century, we want to be connected with anything anytime and anywhere, which is already happening in various places around the world. The core component of this hyper connected society is IoT, which is also referred to as Machine to Machine (M2M) communication or Internet of Everything (IoE) 1.
The IoT allows objects to be sensed or controlled remotely across existing network infrastructure, creating opportunities for more direct integration of the physical world into computer-based systems, and resulting in improved efficiency, accuracy and economic benefit in addition to reduced human intervention. When IoT is augmented with sensors and actuators, the technology becomes an instance of the more general class of cyber physical system, which also encompasses technologies such as smart grids, virtual power plants, smart homes, intelligent transportation and smart cities.
“Things”, in the IoT sense, can refer to a wide variety of devices such as heart monitoring implants, biochip transponders on farm animals, cameras streaming live feeds of wild animals in coastal waters, automobiles with built-in sensors, DNA analysis devices for environmental/food/pathogen monitoring, or field operation devices that assist firefighters in search and rescue operations. Legal scholars suggest regarding “things” as an “inextricable mixture of hardware, software, data and service” 2.
A growing portion of IoT devices are created for consumer use. Examples of consumer applications include connected car, entertainment, home automation (also known as smart home devices), wearable technology, quantified self, connected health, and appliances such as washer/dryers, robotic vacuums, air purifiers, ovens, or refrigerators/freezers that use Wi-Fi for remote monitoring. Consumer IoT provides new opportunities for user experience and interfaces. Some consumer applications have been criticized for their lack of redundancy and their inconsistency, leading to a popular parody known as the “Internet of Shit. Companies have been criticized for their rush into IoT, creating devices of questionable value and not setting up stringent security standards 2.
Why is IoT security different? IoT devices and networks are inherently resource constraints. The major constraints for applying conventional security solutions to IoT-based systems are as follows 3.
a) IoT devices often use low speed CPUs and, often, devices are battery driven. Contemporary cryptographic algorithms require fast computation, so cannot be ported directly to these devices.
b) IoT devices usually are memory-constrained compared to phones and laptops. Conventional security schemes are not designed for memory-constrained devices.
c) IoT devices often use low data-rate radio interfaces for communications. Traditional security schemes cannot be
The reason behind to work in this paper is to explore issues and problems that lead to hack the IoT devices.
In 2017, Mahmud Hossain, Ragib Hasan, and Anthony Skjellum presented the research work “Securing the Internet of Things: A Meta-Study of Challenges, Approaches, and Open Problems” In which authors define some issues and flaws of IoT devices. This is my base research work. They consider this research gap and provide a systematic analysis of security issues of IoT-based systems. Then, we discuss certain existing research projects to resolve the security issues. Finally, we highlight a set of open problems and provide a detailed description for each. We posit that our systematic approach to understanding the nature and challenges of IoT security will motivate researchers to address and solve these problems.
IoT service providers can share user data with third party providers in order to collaborate. For example, the manufacturer of a smart home device could outsource the collected data to a third party who analyzes data to understand the context of the smart home. However, security schemes are required to ensure that the privacy of a user has not been compromised or breached during the data collection, sharing, and collaboration phase. These security properties can be achieved by the level of data transparency implementation in the system.
Application data security:
Security at the application level (i.e., employing security within the application payload) can provide complete end-to-end security. This approach simpli?es the security requirements for underlying layers since only application data have to be secured – per-packet security overhead is eliminated from the underlying layers. Application data security also reduces the cost, in terms of packet size and data processing, at underlying layers. Moreover, by encrypting data at the application level, data passing between producers and consumers could be handled and processed at the gateway without being exposed to the gateway.
Secure handling IoT big data:
Billions of IoT devices will generate massive quantities of data. The types of data and formats thereof could vary from application to application and from device to device. These data will be stored in the cloud and later be analyzed to provide suggestions to users and/or to issue automated commands to IoT device(s). When the data is huge, it is challenging to achieve secure transfer, maintenance, and synchronization of data without comprising any system aspect. Providing such security for handling such data requires signi?cant attention and effort constrained networks, since these protocols are designed especially for rich-resource entities, such as PCs, Laptops, etc.
Privacy-aware identity usage:
A smart device should know when to reveal its identity, since providing identity to an adversary could be a serious threat, such as location tracking. Therefore, a requirement is to have a system that provides a device’s identity to other quali?ed devices that can authenticate the device without exposing its identity.
The dynamic expansion property of the IoT network and the level of interoperability in the network can cause an IoT device to decide which other entities in the network (or outside the network) are trustworthy. Such decisions can be made only if the IoT device is able to distinguish a trustworthy node. Moreover, ensuring trustworthiness of data coming from IoT devices to applications that analyze that data to make security-critical decisions requires that trust be addressed at both the producer and the consumer side of this data. Implementing this concept in a constrained network with resource-limited devices can be quite challenging.
Three types of group communications take place in an IoT network: Thing-to-Things (T2Ts), Things to-Thing (Ts2T), and Things-to-Things (Ts2Ts). Each group is assigned with some members, and each member of a group will need speci?c certi?cation. This certi?cation can be in the form of any shared credentials. Managing and maintaining group memberships can lead to some complexity and further issues that need to be addressed. Furthermore, applying the same concepts that are applied to individual devices to these groups will be challenging.
Embedded security schemes (ESS) should protect on-chip storage and application debugging interfaces. Moreover, ESS should provide a secure execution environment by isolating the trusted and untrusted software execution, and should ensure the security of the system boot up process. Additionally, ESS should enable software installed on smart devices to be updated to the latest version. However, security updates cannot be pushed to the devices directly, since most of the devices are not connected directly to the Internet. Instead, this requires a gateway or coordinator to get access these devices. Furthermore, similar types of devices require to be updated contemporaneously to maintain interoperability.
IoT network security:
End-to-end communications are secured with encryption and authentication. However, communications are exposed to various network attacks (e.g., wireless attacks) from inside the network and from the Internet as well. Intrusion Detection Systems (IDSs) capture network packets and analyze the packets to detect network anomalies. More safety can be ensured by applying more control and monitoring of the IoT network. However, extreme levels of traf?c monitoring could be a threat to users’ privacy. Therefore, research can be done to design IDSs with an optimal level of security control, which is suf?cient to detect intrusions without compromising users’ privacy.
Traditional tools and technologies of digital forensics are not designed to handle the IoT infrastructure fully. Billions of IoT devices will generate massive data. When the amount of possible evidence is large, it is dif?cult to identify the important pieces of evidence that can be used to determine the facts about a criminal incident. Furthermore, the task to maintain secure provenance of the evidence is also challenging