A Survey on Internet of Things: Architecture, Communication Technologies, Security Attacks and Countermeasures
Manju Cse Department Himalayan Institute of Engineering & Technology (HPTU)Kala-Amb, [email protected]
Tarun BaggaNewgen Erp SolutionsNoida, [email protected]
Prateek ThakralDepartment of Computer Science & EngineeringJaypee University of Information TechnologyWaknaghat ,Solan, [email protected]
Abstract— IoT is an extreme speed technology comprises of smart things or objects that communicate with one another and ease the job of our daily life. The most common applications of IoT are smart homes, wearables, connected cars, smart cities, smart retail, agriculture, healthcare etc. It is a big revolution in the history of the Internet. Things that connect to the Internet have a lot of chances of potential risks. The IoT applications use sensitive data that is more susceptible to attacks, so we have to compromise the security. Beginning with introducing the architecture and communication technologies, this paper surveys several security attacks at each layer of IoT Architecture and corresponding countermeasures to protect such a huge heterogeneous network.
Keywords— Internet of Things, Hardware Platforms, Communication Technology, Security.
THE INTERNET of THINGS (IoT) is gaining much attention these days as this is big turn in the history of Internet. IoT will bring boundless opportunities and affect our daily lives in a positive way. IoT reached everywhere like smart homes, wearables, smart city, smart grid, smart health, smart agriculture etc. Smart homes can be built that are secure and energy-efficient. Smart environments can be built that monitors air automatically and pollution level in water and facilitate detection of earthquakes at initial stage, forest fires etc. IoT devices are increasing year by year, these devices can range from a Desktop to a non-internet enabled everyday Things/objects. IoT devices communicate with each other over internet, these devices keep under systematic review and controlled remotely. With such a wide connectivity security in IoT devices remains challenged.
IoT is a technology that revolutionizes the physical objects or devices from traditional to smart devices by making use of data collection and communication technologies 1. Data can be collected from sensor nodes and radio frequency identification (RFID) like technologies that allow smart things to collect data from surroundings and communication technologies like bluetooth, WLAN, NFC, Zigbee, 6LOWPAN, BLE etc. helps in transferring data in IoT. IoT is reached everywhere through which not only human beings can communicate over the internet but one machine can communicate with another machine, this form of communication is called M2M communication. Thus IoT made human-machine, machine-machine or things-things communication possible 23. In IoT communication there are equipments which can sense atmospheric conditions and helps in getting information from IoT objects, these equipments are fitted into IoT objects.
Architecture: The basic architecture of IoT comprises of sensor nodes or actuators that are connected to IoT gateways, which further connects to other networks over internet. Gateway builds the bridge between sensors and actuators on one side and the internet on the other. Sensors or things or real world objects are front end of IoT technology. These objects collect data from surrounding world and pass it to the actuators near to them. These actuators have IP addresses so that they can be identified uniquely over a large heterogeneous network. A sensor node is composed of sensor,
The three layer architecture of IoT connects large number of heterogeneous objects over internet. The number of devices/objects connecting to internet growing rapidly every year, therefore large data capacity is required. The layered architecture of IoT shown in figure 1, has 3 layers namely Perception Layer, Network Layer and Application Layer.
Fig. 1. Three Layer Iot Architecture
Perception Layer: The perception layer of IoT which is at lowest level is identical to OSI model’s physical layer. The main job of perception layer is to recognize the physical properties of IoT objects. It basically gathers information from the surrounding world and processes this messed information. The processed information is then transmitted to the above layer i.e. network layer.
Network Layer: The middle layer of IoT architecture is network layer which receives processed information from the perception layer. Network layer determines the route of the sensor data to different devices over the internet. Devices like hub, routing devices, gateways, switching, cloud computing etc. operate using various communication technologies like Wi-Fi, Bluetooth, Zigbee, LTE etc. Using these communication technologies network layer transmits data to different applications in heterogeneous network. It also handles congestion in occurs between nodes.
The topmost layer of IoT architecture is application layer, which obtains data from network layer. Application layer delivers application services to the users. The job of application layer is to create smart application environments like smart health, smart homes, smart transportation etc.
Communication Technologies: IoT is well smart enough system, interconnects things in such a way that communication occurs and that technology is known as machine-to-machine (M2M) communication, which is basically a way of communication among IoT devices in large heterogeneous network without the interference of human beings. It is predicted that billions of IoT devices will be connected all over the world by the year 2021, and maximum number of connected devices will be through M2M communication 4. Various communication technologies are there to connect these large number of devices, there are mainly two categories first is short range communication technology includes RFID (Radio Frequency Identification), ZigBee, (BLE) Bluetooth Low Energy, (NFC) Near Field Communication, (6LoWPAN) over Low power Wireless Personal Area Networks and Z-Wave and second one is long range communication technology includes Cellular and SigFox are Low Power WAN’s.
RFID: RFID is Radio Frequency Identification, it is a noncontact communication technology, used to recognize and trace objects without any contact 5. It is used for short distances and supports the exchange of data via radio waves 6, 7. In RFID systems there are two parts, one is reader which is a reading device, and the other is RF tag which is a small radio frequency transponder 8. The RF tag contains unique information that has a distance reading feature 8. The RFID tags have two technologies: the first technology is active reader tag and the second technology is passive reader tag. Active reader tags are costly, battery driven and use higher frequencies, while the passive reader tag do not have internal power source and use lower frequencies 8.
6LoWPAN: 6loWPAN is IPv6 over low-power wireless personal-area networks. It is an IP-based standard internetworking protocol that is most commonly used communication protocol in IoT. Without the intervention of proxies and gateways it can be connected to other IP networks. 6LoWPAN standard is defined by the Internet Engineering Task Force (IETF). The advantages of 6LoWPAN are small packet sizes, low power (supports low power devices), lower bandwidth, great compatibility and connectivity, ad-hoc self-organization etc.) 9. IoT applications which involve many low cost as well as low power devices can be built using 6LoWPAN. ZigBee: Zigbee is an IEEE 802.15.4 standard protocol used for wireless communication. It is used to transmit data for longer distances like in personal area networks (PAN’s), digital radios where power consumption is low etc. Zigbee is best suited to IoT applications that demands long power backup, security, lower data rates etc. 8. Network topologies supported by Zigbee are tree, star and mesh 11 12.
BLE: BLE stands for Bluetooth low energy; it is a communication protocol mainly used for IoT applications where there is energy consumption is very low. Apart from this BLE is also used for IoT applications that require communication for short distances, low latency and low bandwidth 8. A large number of nodes can be connected using star topology and this setup takes very less installation time 11 12. There is no need of pairing; BLE provides a simple mechanism for node discovery for data transmissions over short distances 13.
NFC: NFC is Near Field Communication as its name suggests used for short exchanges of data. It is a standard communication protocol for mobile electronic devices like smart phones for setting up connections over very short distances (in centimeters) 14. NFC is a form of communication used in contactless devices and provides the facility of secure mobile payments by linking a debit/credit card to your device. The process of transferring files can be done using NFC which involves simple and easier steps of allowing, pairing and setting up a connection between devices. The use of NFC is limited to faster data transfer over few centimeter distances, for longer distances we have other communication technologies.
Z-Wave: Z-wave is a wireless communication technology mainly used for home automation (smart locks, smart wearable’s, smart doors and windows, smart swimming pools, smart sensor control etc.) systems in internet of things 15. It is simple, cheap, reliable and low power consumption technology 15. If we consider two factors i.e. low power and longer distances then Z-wave is best alternative to Wi-Fi and Bluetooth. Z-wave communication technology uses mesh topology to connect large number of nodes in a network, large number of nodes leads to high reliability. In home automation systems there is one single controller that can control home area networks 16 17. As Z-wave has wider popularity in home automation system, it can also have other large market opportunities in internet of things.
LITERATURE SURVEY ON SECURITY ATTACKS AND ITS COUNTERMEASURES
IoT is a smart technology, in daily life it involves a tremendous amount of data transfer among heterogeneous devices and data sharing as well. Such environments need a security and privacy mechanisms. Firstly this section will cover the types of attacks on IoT devices and in rest of the section will talk about the security mechanisms to control such kinds of attacks. Security and privacy measures used in traditional time have lots of drawbacks so they cannot be applied in straight manner to IoT techniques. There are lot of interconnected IoT devices and more and more devices are being added to the IoT network every year so this gives rise to scalability and security issues18. So to make IoT a secure and reliable technology it becomes vital to make changes in the existing security mechanisms; as well as to devise new security measures so that they must suitable for IoT applications 23, 24, 25, 26, 27.
Security of data and information is based upon mainly five principles: confidentiality, integrity, availability, authenticity, and non- repudiation. Confidentiality aim is to prohibit the confidential/sensitive information from hackers and to ensure that this information is captured by authorized persons only. For example, sensitive and confidential data, such as in military, requires confidentiality of that data; it is one of the most desirable security principle in wireless communication applications 24. The violation of security in such applications Helps the enemy to give chance so that they can take advantage of it and can do anything wrong 24. Integrity is to sustain the truthfulness of data so that authorized users can get accurate, reliable and consistent data only, means data must not be modified by unauthorized persons. Some of the measures like Integrity check ensures detection of unintended and intended data alteration. Availability includes functioning of all hardware and operating system is mandatory here so that user can access information or resources in a particular location and in the appropriate format whereas Authenticity is a mechanism of giving access to users by matching their credentials i.e. username and password so that any unauthorized user cannot gain access to user’s sensitive data. Non- repudiation refers to ability of a system to confirm occurrence/non-occurrence of an action 25. Someone cannot refuse the authenticity of the message that they send. Various security attacks at layers of IoT architecture are described below.
1) Perception Layer: Its main functions are to identify things and gather information 26, the security threats at this layer focus on to counterfeit the gathered data and disrupt the perception layer devices, some of the security attacks are described below 10.
a) Node capture attacks: In this attacker takes full control over the original node and captures all information and data, an additional node i.e. fake node is added to the network that violates the rule of integrity by adding malicious data 27. If a node is suffered by the node capture attack, then the sensitive/confidential information (all keys like group communication key) can be disclosed to the attacker. The attacker copies the valuable information possessed by the captured node to a fake node, and then make the fake node part of IoT network as an authorized node. Attacker simply makes replicas of compromised node to brought havoc to the network; this is known as node replication. Node replication can surely break down the network system. To shield the network from such attacks, effective security measures that can supervise and protect the network from fake nodes need to be studied.
b) Malicious code injection attacks: The attacker compromises a node by physically penetrating it with malicious code that would give him access to the IoT Malicious code injection attacks: The attacker targets a node by physically penetrating it with nasty code that would give an opportunity to the attacker to gain control over IoT network. For example imagine an attacker drops some nasty code (i.e. virus) on some nodes through some medium, this would mean that the attacker could hijack the whole system 28. The penetrated nasty code not only misbehaves to specific nodes, but can also allow the attacker access into the whole IoT network. To protect against the malicious code injection attack, effective code authentication schemes need to be devised and embedded into IoT systems 29, 30.
c) False data injection attacks: As the name suggest an attacker catches a node in the network and inject false data in it. Thus victim node goes on transferring the false data into the network and this would definitely harm the IoT applications 31. The IoT applications then start providing erroneous services. False data injection attacks can have significant bad results. For example, an attacker can transfer large amounts of false into the network, leading to inaccurate assumptions with potentially calamitous results 32. To shield an IoT device against such attacks, mechanisms (false data filtering schemes, etc.), which can identify and quits the false data before it reached the IoT applications, need to be devised 33 34.
d) Replay attacks (playback attack): Adversary sends a packet which has been picked by the destination host, in order to gain full access to the system. Replay attacks primarily used in the authenticity process, and breaks the validity of certification. To shield the system from such attacks, techniques (secure time stamp schemes, etc.) should be devised and embedded in IoT 27.
e) Cryptanalysis attacks: These attacks estimate the dominion of cipher text or plaintext and their motive is to discover the encryption key being used by cracking the encryption mechanism of the system 35. This attack does not cause too much catastrophe. IoT network include these attacks like chosen Cipher text attack, Known-plaintext attack etc. 36. To avoid the Cryptanalysis attack, effective and secure encryption mechanisms need to be designed for IoT system 37
f) Side channel attack: In side channel attack the adversary keep an eye on encryption key which is a secret key used for encryption an decryption of data. Adversary tries to setup some methods on the encrypted devices in Internet of Things system in order to plunder the encryption key. The adversary tries to steal the encryption key by scrutinizing the time taken by the algorithm to execute, this kind of side channel is known as Timing attack. To protect from side channels attack, time randomization 38, encryption of the buses 39, key updates are some countermeasures at algorithmic and protocol level.
g) Eavesdropping and interference: The only weakest point lies in the fact that Wireless communication takes places among large number of devices in heterogeneous network in IoT ,that is why delivered information on such wireless paths can be monitored by unauthorized persons 40, 41. The key exchanging mechanisms in IoT must be adequate for securing and any unauthorized person from eavesdropping 27.
h) Sleep deprivation attacks: In order to extend battery life of nodes in IoT systems, exchangeable batteries are used for powering sensor nodes and these nodes are set up with instructions so that a sleep routine is followed when not in work. Thus sleep deprivation attack, enables nodes to be conscious that will result in more power consumption, and ultimately makes the nodes turn off 28. In order to enhance the life period of sensor nodes, one possible solution is the energy harvest scheme, in which energy can be harvested by the nodes from external sources like solar energy 42. Other mechanisms like duty-cycle approach can also protect from sleep deprivation attacks.
2) Network Layer: The information processed by perception layer is collected by network layer and decides the availability of routes for the transmission of data 10. The security issues arises at this layer mainly focus on the influence of the available network resources. Most of the devices in IoT network are interconnected through wireless communication paths. Thus mostly security issues in network layer are associated with wireless network.
a) DoS attacks: It is most common attack in networking; it makes the network resources and services unavailable to users, by striking the networking protocol or the IoT system with a mass of traffic 43. Thus, DoS attack can be generated by attacking mechanisms, like Land Attack, Ping of Death commands, TearDrop, UDP flood packets, SYN flood etc. To defend against DoS attack, attacking mechanisms are required to be analyzed in proper manner first, and then best protective schemes with great efficiency to diminish attack must be devised, so that a secure IoT system can be developed 44.
b) Spoofing attacks: In spoofing attack the attacker spread faulty information on the RFID system and presumes this as authentic and enables that the information is coming from actual host 45. In this way the attacker grasps data and gains full control over the network. In IoT, types of spoofing attack are IP address spoofing attack 46, RFID spoofing attack 47, etc. In an IP address spoofing attacks, the attacker can cheat and records the actual IP address of legitimate host in the IoT system, and uses this valid IP address to avail full control over the IoT network for sending malicious information, enabling malicious information appears actual. The RFID spoofing attack, makes use of valid ID tag for recording the data of actual RFID tags and sends this malicious data to the IoT system and can spoof the network. To mitigate such spoofing attacks secure trust management, recognition and authenticity schemes can be possible solutions. 48, 49.
c) Sinkhole attacks: In this attack the attacker tries to collect the traffic of network in a particular area and harms data on that point. Thus, it violates the rules of integrity and trustworthiness of the data transfer by the nodes 50. To protect against the sinkhole attack, techniques like secure multiple routing protocol needs to be devised 51.
d) Wormhole attacks: This attack mainly focuses on disrupting the network’s activities, in this the malicious nodes basically captures and replay communicated messages and the network gets chocked. To bombard wormhole attack establish a direct link or communication path between them by neglecting the various central nodes. The established route can be an in-band logical tunnel or an out-of-band high speed communication links. This link then captivates most of the network traffic by advertising it (wormhole link) superior link metric. Denial-of-service (DoS) is one such result of wormhole link 52.To mitigate such attacks routing protocols should be modified so that security in the path selection process can be strengthen 53.
e) Man in the middle attack: Man-In-The-Middle (MITM) attacks usually happen between two parties, a third party or unauthorized person sits between two authorized persons. The attacker creates independent connection with each party and makes the parties believe they are communicating with each other 54. Man-in-the-middle attacks mainly focuses on disrupting the network by violating the security principles viz. confidentiality, integrity, availability and of important data. Unlike node capturing attacks that need to physically alter the hardware of a device, the man-in-the-middle attacks can be released by only relying on the communication technologies used in IoT systems. key management schemes and Secure routing protocols, which can ensure the identity and key information of normal devices not be leaked to the adversary, can be powerful protection mechanisms against such attacks 37, 44.
f) Routing information attacks: The Routing information attack mainly focuses on the communication/routing protocols in IoT network, in this the information regarding the routing of data is routing tables is modified and retransmit by the attacker to create a loop in data transferring process, this leads to a delay of data packets in the network because the packets struck in loops and performance of IoT network degrades 6. To diminish this attack security of routing protocol must be strengthen by some trust management policies so that secure routes can be established.
g) Sybil attacks: In this attack the nodes exhibits several identities in peer-to-peer network. The enemy tries to gain a disproportionate level of control to degrade the network performance. Such numerous genuine identities with forged identities in the network, can greatly affects the integrity of data, resource consumption and the whole network performance 55. To defend from sybil attack, Random Keys Predistribution 55, proper identification and authentication mechanisms need to be devised for IoT networks 49.
h) Unauthorized access: As radio frequency identification is very commonly used communication protocol in IoT networks. Several RFID’s based devices are embedded in IoT network, but due to lack of authentication mechanism, RFID tag is accessible and the data stored in a tag can be taken, modified, and even abolished by the attackers 6, 56. Thus, strong authorization access control and authentication policies for RFID-based devices in IoT network needs to be design 52.
3) Application Layer: The main aim of the application layer is to provide services that are needed by a user. Thus, challenges in the topmost layer focuses on the software threats. Here, several possible challenges in the application layer of IoT are described below.
a) Phishing attack: It refers to the stealing of user’s data like login credentials i.e. username and password, credit card numbers and other bank details so that money can be stolen from bank accounts executes other offenses 2. A phisher may bluff authentic users by using junk electronic mails or by lauching bogus websites. The electronic mails can be filtered by using schemes such as black-list scheme, heuristic scheme in order to protect from phishing attacks 57.
b) Malicious virus/worm: Malicious software is a general term includes all types of computer viruses, spyware, ransomware, Trojan horses, worms, adware, rootkits and other malicious programs. Malicious programs could adversely affect the IoT device’s functionality. Malware running on a IoT (Medical) device can negatively impact the confidentiality, integrity, availability and performance of the system 58. Authentic firewalls, tracing of unwanted file/data, and other protective mechanisms need to be deployed to mitigate malicious virus/worm attacks in IoT applications.
c) Malicious scripts: These are basically the scripts that can be attached with authentic code or software, these scripts results in alteration in code and deletion of code so that the software starts misbehaving. As all devices in IoT are attached with internet so this becomes a great opportunity for the attacker to play with authorized users by simply running nasty codes like java applets etc. Malicious scripts can leak the sensitive information and can even cease the whole system. To protect against malicious scripts, effective script detection mechanisms, static codes detection including honeypot techniques, and dynamic action detection, are needed to be set up in IoT applications 10.
Security Countermeasures: as discussed above the existing IoT attacks and their consequences, they can bring havoc to the IoT network so it is mandatory to approach security mechanism that can eliminate such kinds of attacks. A review on security measures is presented below:
According to Gaubatz et al. 59, the most auspicious candidates for wireless sensor networks are three low-power public key encryption algorithms i.e.: Rabin’s Scheme, NtruEncrypt and Elliptic Curve encryption scheme. Key management techniques include generation of secret key, dissemination, storage, updation and destruction. Currently present key dissemination scheme can be classified into four categories: (1) Key broadcast distribution 60 61; (2) Group key distribution 62 63; (3) master key pre-distribution; (4) pair wise key distribution 64 65.
Tahir et al. in 66 presented a framework for securing Internet of Things which is based on ICMetric. The initial ICMetric was already defined in 67, and altered for medical applications in 68. As presented in 67, ICMetric is a unified circuit parameter in cryptographic solutions that solves problems that linked with key theft issues in today’s systems. Unified circuit parameter is based on cryptographic key. ICMetric is based on mathematical and statistical extractions of device’s features which, when paired, separately categorize the performance of electronic devices. There are two level of calculation in ICMetric: the first one is calibration stage, it is applicable only once per application domains involving a number of known circuits as a calibration set, while the second stage i.e. operation stage is applicable every time an encrypting keys is required for a given electronic circuit. An extra layer is added to the existing cryptography scheme by Integrated circuit Metric to mitigate the key stolen and cloning of devices like problems, thus it provides protection from unauthorized access.
Liu et al. in 69 presented a solution for security in IoT which is established on the fundamentals of biological immune systems. The proposed solution uses dynamic protection policies, since static protection policies may verify to be incomplete. This paper proposed a circular protection with five parameters: security responses, security defense strategy formulation, security threat detection, and security defense and danger computation. In order to make the formulated perspective adjustable to the IoT system, biological immune system is enforced to setup links in the formulated approach. The real IoT network is simulated by employing immunity-based antigen, self and detector in the real IoT. They are used to emulate the techniques which are then applicable to identify pathogens in biological immune systems. The outcomes of simulation in 69 show that the IoT security can be ensured by using proposed approach.
In 70, Zhou and Chao designed a model for the security of media-aware traffic and formulated a security-pointed traffic control policy. Media-aware traffic security architecture (MTSA) fulfills the IoT security conditions for multimedia communications. For multimedia security, this paper inlays the proposed formulated approach into the actual model 71. In 71, the author defined issues and formulated a solution for providing security in multimedia cabled network. The exact issues described in 70, but the approach is adjusted to the IoT environment to respond to the issues and needs of the multimedia security systems. The security architecture for media-aware traffic is described established on the formulated traffic categorization to implement assorted multimedia applications offered to users every time.
Rose defined the crossbar memristive PUF as an example for the emerging IoT devices for the implementation of security primitives 77,. The main concept is that nano electronic techniques can be influenced as enforcing modest, energy-conserving security policies for battery-constrained IoT applications. In 72, it is defined that in the IoT system, the PUF has the capacity to implement security improvement in the form of strong authentications or private key generations. Although PUF possesses restrictions and drawbacks like unreliability, with employing error clearness PUFs are a eventual method as developing hardware security approaches.
Lessa dos Santos et al. in 73 defined a model proposed a group of procedure that employs resource synthetical applications to utilize Datagram Transport Layer Security (DTLS) with collective authentication to establish links with IoT applications. The model for IoT security is established on a third party device called Internet of Things Security Support Provider (IoTSSP) and two other processes: (i) the Optional Handshaking Delegation, and (ii) a new extension of DTLS. These processes makes the ustility of the IoTSSP to establishing a secure session to constrained devices, managing cryptographic keys and certificates of energy constrained devices, authenticating the energy constrained devices and the Internet devices, analyzing the Internet device certificates.
Xin defined a hybrid cipher algorithm used for transmitting data securely in IoT 74. The formulated algorithm offers data confidentiality, integrity, authenticity (CIA’s) and non-repudiation for the transmission of data in IoT devices by employing the mixed key technique that considers the features of a public key and private keys. The Advanced Encryption Standard (AES) and Elliptic Curve Cryptographic (ECC) are widely used for securing data in a network. The formulated algorithm makes use of AES encryption algorithm for its fast speed, high security and simplicity. The author in 74 claim that the mixed cryptographic algorithms helps to carry out efficient and strong data security for transferring data over network devices.
The authors of 75, formulated an approach that is helpful to achieve secure IoT system through topology sustainability in order to protect IoT devices from a broad class of denial-of-service (DoS) attack while keeping adaptable random dregular graph topologies. The proposed approach, enables constructing expandable IoT secure system in terms of per growth of heterogeneousness and competency of IoTs.
Raza et al. in 76 evaluated a Secure system with Symmetrical Keys- supports scalability, lightweight and feasible keys control system for DTLS security standards for battery unassisted large number of IoT applications. Since S3K is ingenious and light in weight; it encompasses providing a solely a single trusted connection between a server and applications, and it makes the device with no prevenient secure connection to use DTLS as it do not demands pre distribution of trusted keys. The formulated outcomes exhibits that S3K is very efficient in contrary to limited power and Denial-of-service attack.
The other IoTs lower (perception) layer security consideration is the use of cryptographic algorithm and key management policies. Public key encryption algorithms are has been considered appropriate cryptographic mechanisms for the authenticity of nodes. The main advantage of using these algorithms is scalability, strong security in simple manner 77.
Granjal et al. 78 formulated a secure interconnected architecture and also provides secure techniques for enabling defensive integration of IP based WSN with internet, and thus implement end-to-end security at the network layer. Authors of 78 proposed 6LowPan secure header for implementing end-to-end secure system among sensing nodes and host on the internet, it also provides procedures to carefully control the energy consumption by applying the secure algorithms on wireless sensor networks.
79 discussed that Authentication is done using Cryptographic Hash Algorithms which provides digital signatures to the terminals that could withstand all the possible known attacks like Brute force attack, Side-channel attack and Collision attack etc., Privacy of the data is guaranteed by public and private key encryption algorithms such as RSA, DSA, BLOWFISH and DES etc. which prevents the sensor data from an unauthorized access to 79 discussed that ensures authenticity of devices encryption hashing algorithm, that provides the technique digital signatures algorithm (DSA) to the devices so that they become robust for commonly occurring attacks like Brute force attack, Side-channels attack and Collision attacks etc., confidentiality of data is ensured by encryption algorithms such as DES, RSA etc. It defends the sensor data from unauthorised access while it is being send to the next coming layer. These algorithms are easy to implement in sensor nodes, because of their low power consumption benefits.
To ascertain the confidentiality of information transfer between the sensing nodes various algorithms has been implemented. Also many procedures formulated for routing data from node to another, thus how the data packets are routed from hop to hop and finally it reaches the final destination while preventing the data from various routing attacks like IP spoofing. By employing multiple routes for routing packets, security can be achieved by detecting errors and failures in the network 81.
Intrusion detection systems provides security against lot of attacks by designing an alarming system whenever an unwanted action is taken place on a system by well ordered monitor of unnecessary actions on the system and also maintain a log of the intruder’s actions which could helpful for tracing the attackers. Some of the mechanisms 82 that are used to detect unnecessary activities are data mining procedure 83 and anomalies detection.
With the tremendous growth rate of smart devices, Internet of Things is maturing rapidly. This paper surveys the three layer architecture of IoT (Perception Layer, Network Layer and Application Layer), communication technologies, security attacks and its countermeasures. Things which are connected to the Internet leads to the concept of insecurity. A considerable amount of IoT devices carried out a lot of sensitive data that is exposed to highly significant attacks. With the advancement of IoT several new attacks are being created and disrupting security. As studied in this survey the present security concerns in such a boundless heterogeneous network are still needs to be addressed. The most prominent topic is to design a light-weight but robust security mechanism which guarantees confidentiality, integrity and availability of data.
1 G. Choudhary and A.K.Jain, “Internet of Things: A Survey on Architecture, Technologies, Protocols and Challenges” in on Recent Advances and Innovations in Engineering conference, 2016. ICRAIE 2016. IEEE, IEEE, 2016.
2 N. Bari, G. Mani, and S. Berkovich, “Internet of things as a methodolog-ical concept,” in Computing for Geospatial Research and Application (COM. Geo), 2013 Fourth International Conference on. IEEE, 2013, pp. 48-55.
3 Y. Liu and G. Zhou, “Key technologies and applications of internet of things,” in Intelligent Computation Technology and Automation (ICICTA), 2012 Fifth International Conference on. IEEE, 2012, pp. 197–200.
4 Ericsson, “Cellular Networks for Masive IoT: Enabling Low Power Wide Area Applications,” pp. 1-13, 2016.
5 A. P. Athreya and P. Tague, “Network self-organization in the Internet of Things,” in Proc. IEEE Int. Conf. Sens. Commun. Netw. (SECON), Jun. 2013, pp. 25–33.
6 I. Andrea, C. Chrysostomou, and G. Hadjichristofi, “Internet of Things: Security vulnerabilities and challenges,” in Proc. IEEE Symp. Comput. Commun. (ISCC), Larnaca, Cyprus, Jul. 2015, pp. 180–187.
7 K. Zhao and L. Ge, “A survey on the Internet of Things security,” in Proc. 9th Int. Conf. Comput. Intell. Security (CIS), Dec. 2013, pp. 663–667.
8 S. A. Sarawi, M. Anbar , K. Alieyan and M. Alzubaidi, “Internet of Things (IoT) Communication Protocols: Review”, in 2017 8th International Conference on Information Technology (ICIT) 978-1-5090-6332-1/17/$31.00 ©2017 IEEE.
9 J. Tan and S. G. M. Koo, “A survey of technologies in Internet of Things,” in Proc. IEEE Int. Conf. Distrib. Comput. Sensor Syst., Marina Del Rey, CA, USA, May 2014, pp. 269–274.
10 J. Lin, W. Yu, N. Zhang, X. Yang, H. Zhang, and W. Zhao, “A Survey on Internet of Things: Architecture, Enabling Technologies, Security and Privacy, and Applications”, in IEEE Internet of Things Journal, VOL. 4, NO. 5, OCTOBER 2017. Pp. 1125-1142.
11 Samie, F., Bauer, L. & Henkel, J. 2016. IoT technologies for embedded computing: A survey. Hardware/Software Codesign and System Synthesis (CODES+ ISSS), 2016 International Conference on: 1–10.
12 Salman, T. 2015. Internet of Things Protocols and Standards.13 A. F. Harris III, V. Khanna, G. Tuncay, R. Want, and R. Kravets, “Bluetooth Low Energy in Dense IoT Environments” in IEEE Communications Magazine December 2016.
14 P. Vagdevi , D. Nagaraj and G. V. Prasad, “Home: IOT Based Home Automation Using NFC”, in International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC 2017).
15 H. B. Pandya and T. A. Champaneria, “Internet of Things: Survey and case studies,” in Proc. Int. Conf. Elect. Electron. Signals Commun. Optim. (EESCO), Visakhapatnam, India, Jan. 2015, pp. 1–6.
16 H. B. Pandya and T. A. Champaneria, “Internet of Things: Survey and case studies,” in Proc. Int. Conf. Elect. Electron. Signals Commun. Optim. (EESCO), Visakhapatnam, India, Jan. 2015, pp. 1–6.
17 J. Tan and S. G. M. Koo, “A survey of technologies in Internet of Things,” in Proc. IEEE Int. Conf. Distrib. Comput. Sensor Syst., Marina Del Rey, CA, USA, May 2014, pp. 269–274.
18 S. Sicari, A. Rizzardi , L.A. Grieco and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead”, in Computer Networks 76 (2015) 146–164, journal homepage: www.elsevier.com/locate/comnet.
19 R.H. Weber, Internet of things – new security and privacy challenges, Comput. Law Secur. Rev. 26 (1) (2010) 23–30.
20 H. Feng, W. Fu, Study of recent development about privacy and security of the internet of things, in: 2010 International Conference on Web Information Systems and Mining (WISM), Sanya, 2010, pp.91–95.
21 D. Miorandi, S. Sicari, F. De Pellegrini, I. Chlamtac, Survey internet of things: vision, applications and research challenges, Ad Hoc Netw. 10 (7) (2012) 1497–1516.
22 R. Roman, J. Zhou, J. Lopez, On the features and challenges of security and privacy in distributed internet of things, Comput. Networks 57 (10) (2013) 2266–2279.
23 J. Anderson, L. Rainie, The Internet of Things will Thrive by 2025, PewResearch Internet Project, May 2014. <http:// www.pewinternet.org/2014/05/14/internet-of-things/.24 A. Oracevic, S. Dilek and S. Ozdemir, “Security in Internet of Things: A Survey”, in 978-1-5090-4260-9/17/$31.00 ©2017 IEEE
25 A. M. Nia and N. K. Jha, “A Comprehensive Study of Security of Internet-of-Things”, in IEEE Transactions on Emerging Topics in Computing.
26 Z. Yang and Y. Peng, “Study and Application on the Architecture and Key Technologies for IOT”, 978-1-61284-774-0/11/$26.00 ©2011 IEEE, pp. 747- 751.27 T. Yousuf, R. Mahmoud, F. Aloul and I. Zualkernan,” Internet of Things (IoT) Security: Current Status, Challenges and Countermeasures”, in International Journal for Information Security Research (IJISR), Volume 5, Issue 4, December 2015.
28 I. Andrea, C. Chrysostomou and G. Hadjichristofi, “Internet of Things: Security Vulnerabilities and Challenges”, in The 3rd IEEE ISCC 2015 International Workshop on Smart City and Ubiquitous Computing Applications.
29 A. Seshadri, A. Perrig, L. van Doorn, and P. Khosla, “SWATT: Software-based attestation for embedded devices,” in Proc. IEEE Symp. Security Privacy, Berkeley, CA, USA, May 2004, pp. 272–282.
30 X. Yang, X. He, W. Yu , J. Lin , R. Li, Q. Yang and H. Song, “Towards a low-cost remote memory attestation for the smart grid,” Sensors, vol. 15, no. 8, pp. 20799–20824, Aug. 2015.
31 X. Yang, J. Lin, P. Moulema,W. Yu, X. Fu and W. Zhao., “A novel en-route filtering scheme against false data injection attacks in cyber physical networked systems,” IEEE Trans. Comput., vol. 64, no. 1, pp. 4–18, Jan. 2015.
32 W. Yu, D. Griffith, L. Ge, S. Bhattarai and N. Golmie, “An integrated detection system against false data injection attacks in the Smart Grid”, in Security And Communication Networks Security Comm. Networks 2015; 8: 91-109 Published online 4 March 2014 in Wiley Online Library (wileyonlinelibrary.com). DOI: 10.1002/sec.957.
33 J. Lin, W. Yu, and X. Yang, “Towards multistep electricity prices in smart grid electricity markets,” IEEE Trans. Parallel Distrib. Syst., vol. 27, no. 1, pp. 286–302, Jan. 2016.
34 J. Lin, W. Yu, X. Yang, G. Xu, and W. Zhao, “On false data injection attacks against distributed energy routing in smart grid,” in Proc. IEEE/ACM 3rd Int. Conf. Cyber-Phys. Syst. (ICCPS), Beijing, China, Apr. 2012, pp. 183–192.
35 K. Zhao and L. Ge, “A Survey on the Internet of Things Security”, in 2013 Ninth International Conference on Computational Intelligence and Security, 978-1-4799-2548-3/13 $31.00 © 2013 IEEE DOI 10.1109/CIS.2013.145, pp. 663-667.
36 I. Andrea, C. Chrysostomou and G. Hadjichristofi, “Internet of Things: Security Vulnerabilities and Challenges”, in The 3rd IEEE ISCC 2015 International Workshop on Smart City and Ubiquitous Computing Applications., pp. 180-187.
37 S. Capkun, L. Buttyan, and J.-P. Hubaux, “Self-organized publickey management for mobile ad hoc networks,” IEEE Trans. Mobile Comput., vol. 2, no. 1, pp. 52–64, Jan./Mar. 2003.
38 D. May, H. Muller, N. Smart, Randomized Register Renaming to Foil DPA, in the proceedings of CHES 2001, Lecture Notes in Computer Sciences, vol 2162, pp 28-38, Paris, France, May 2001, Springer-Verlag.
39 E. Brier, H. Handschuh, C. Tymen, Fast Primitives for Internal Data Scrambling in Tamper Resistant Hardware, in the proceedings of CHES 2001, LNCS, vol 2162, pp 16-27, Paris, France, May 2001, Springer-Verlag.
40 G. Gomez, F. J. Lopez-Martinez, D. Morales-Jimenez, and M. R. McKay, “On the equivalence between interference and eavesdropping in wireless communications,” IEEE Trans. Veh. Technol., vol. 64, no. 12, pp. 5935–5940, Dec. 2015.
41 N. Zhao, F. R. Yu, M. Li, and V. C. M. Leung, “Anti-eavesdropping schemes for interference alignment (IA)-based wireless networks,” IEEE Trans. Wireless Commun., vol. 15, no. 8, pp. 5719–5732, Aug. 2016.
42 A. Cammarano, C. Petrioli, and D. Spenza, “Pro-energy: A novel energy prediction model for solar and wind energy-harvesting wireless sensor networks,” in Proc. IEEE 9th Int. Conf. Mobile Ad-Hoc Sensor Syst. (MASS), Las Vegas, NV, USA, Oct. 2012, pp. 75–83.
43 R. Mahmoud, T. Yousuf, F. Aloul, and I. Zualkernan, “Internet of Things (IoT) security: Current status, challenges and prospective measures,” in Proc. 10th Int. Conf. Internet Technol. Secured Trans. (ICITST), London, U.K., Dec. 2015, pp. 336–341.
44 S. U. Maheswari, N. S. Usha, E. A. M. Anita, and K. R. Devi, “A novel robust routing protocol RAEED to avoid DoS attacks in WSN,” in Proc. Int. Conf. Inf. Commun. Embedded Syst. (ICICES), Chennai, India, Feb. 2016, pp. 1–5.45 Jeyanthi, N., Shreyansh Banthia, and Akhil Sharma. “Security in IoT Devices.” Security Breaches and Threat Prevention in the Internet of Things. IGI Global, 2017. 96-116.46 A. Mukaddam, I. Elhajj, A. Kayssi, and A. Chehab, “IP spoofing detection using modified hop count,” in Proc. IEEE 28th Int. Conf. Adv. Inf. Netw. Appl., Victoria, BC, Canada, May 2014, pp. 512–516.
47 A. Mitrokotsa, M. R. Rieback, and A. S. Tanenbaum, “Classifying RFID attacks and defenses,” Inf. Syst. Front., vol. 12, no. 5, pp. 491–505, Nov. 2010.
48 I.-R. Chen, J. Guo, and F. Bao, “Trust management for service composition in SOA-based IoT systems,” in Proc. IEEE Wireless Commun. Netw. Conf. (WCNC), Istanbul, Turkey, Apr. 2014, pp. 3444–3449.
49 M.-C. Chuang and J.-F. Lee, “TEAM: Trust-extended authentication mechanism for vehicular ad hoc networks,” IEEE Syst. J., vol. 8, no. 3, pp. 749–758, Sep. 2014.
50 C. Cervantes, D. Poplade, M. Nogueira and A. Santos, “Detection of Sinkhole Attacks for Supporting Secure Routing on 6LoWPAN for Internet of Things”, in 978-3-901882-76-0 @2015 IFIP, pp. 606-611.
51 G. Kalnoor and J. Agarkhed, “QoS based multipath routing for intrusion detection of sinkhole attack in wireless sensor networks,” in Proc. Int. Conf. Circuit Power Comput. Technol. (ICCPCT), Mar. 2016, pp. 1–6.
52 N. Tsitsiroudi, P. Sarigiannidis and E. Karapistoli, “EyeSim: A Mobile Application for Visual-Assisted Wormhole Attack Detection in IoT-enabled WSNs”, in 2016 9th IFIP Wireless and Mobile Networking Conference (WMNC).
53 U. K. Chaurasia and V. Singh, “MAODV: Modified wormhole detection AODV protocol,” in Proc. 6th Int. Conf. Contemp. Comput. (IC3), Noida, India, Aug. 2013, pp. 239–243.
54 B. A. Visan, J. Lee, B. Yang, A. H. Smith and E. T. Matson, “Vulnerabilities in Hub Architecture IoT Devices”, in 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC).
55 A. Rajan, J. Jithish and S. Sankaran, “A. Rajan, J. Jithish and S. Sankaran” in 978-1-5090-6367-3/17/$31.00 ©2017 IEEE, pp. 2323-2327.
56 D. S. Kim, T.-H. Shin, and J. S. Park, “Access control and authorization for security of RFID multi-domain using SAML and XACML,” in Proc. Int. Conf. Comput. Intell. Security, vol. 2. Nov. 2006, pp. 1587–1590.
57 B. B. Gupta, N. A. G. Arachchilage and K. E. Psannis, “Defending against phishing attacks: taxonomy of methods, current issues and future directions”, in Springer Science+Business Media New York 2017.
58 R. N. Chakravartula and V. N. Lakshmi, “Combating Malware with Whitelisting in IoT-based Medical Devices”, in International Journal of Computer Applications (0975 – 8887) Volume 167 – No.8, June 2017, pp. 33-37.
59 G. Gaubatz, J. P. Kaps, E. Ozt ¨ urk, B. Sunar, “State of the Art in Ultra-Low Power Public Key Cryptography for Wireless Sensor Networks”, in Proceedings of the 3rd Int’l Conf. on Pervasive Computing and Communications Workshops (PerCom 2005 Workshops) 0-7695-2300-5/05 $20.00 © 2005 IEEE.
60 S. C. H. Huang and D. Z. Du,” New Constructions On Broadcast Encryption and Key Pre-Distribution Schemes”, in 0-7803-8%8-9/05/$20.00 (CPU05 lEEE, pp. 515-523.
61 H. Chan, A. Perrig and D. Song, “Random Key Predistribution Schemes for Sensor Networks”, in Proceedings of the 2003 IEEE Symposium on Security and Privacy (SPí03) 1081-6011/03 $17.00 © 2003 IEEE
62 F. M. Al-Turjman , A. E. Al-Fagih , W. M. Alsalih and H. S. Hassane, “A delay-tolerant framework for integrated RSNs in IoT”, in 0140-3664/$ – 2012 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.comcom.2012.07.001,Computer Communications xxx (2012) xxx–xxx, pp. 1-13. 63 H. Liu, M. Bolic, A. Nayak and I. Stojmenovic, “Taxonomy and Challenges of the Integration of RFID and Wireless Sensor Networks”, in 0890-8044/08/$25.00 © 2008 IEEE IEEE Network • November/December 2008, pp. 26-32.
64 H. Chan and A. Perrig, “PIKE: Peer Intermediaries for Key Establishment in Sensor Networks”, in 0-7803-8968-9/05/520.00 (CC)zOOS IEEE, pp. 524-535.
65 Z. Zhang, H. Wang, A. V. Vasilakos and H. Fang, “ECG-IJS Key Agreement and Authentication in Wireless Body Sensor Networks”, in Copyright (c) 2011 IEEE, pp. 1-10.
66 R. Tahir, H. Tahir, K. M. Maier and A. Fernando, “A Novel ICMetric Based Framework for Securing the Internet of Things”, in 2016 IEEE International Conference on Consumer Electronics (ICCE), pp. 469-470.
67 A.B.T. Hopkins, K.D. McDonald-Maier, E. Papoutsis, W.G.J. Howells, “Ensuring data integrity via ICmetrics based security infrastructure”, in Second NASA/ESA Conference on Adaptive Hardware and Systems(AHS 2007) 0-7695-2866-X/07 $25.00 © 2007 IEEE.
68 Y. Kovalchuk, K. McDonald-Maier and G. Howells, “Overview of ICmetrics Technology – Security Infrastructure for Autonomous and Intelligent Healthcare System”, in International Journal of u- and e- service, science and technology vol. 4 no. 3, September. 2011, pp. 49-60.
Autonomous and Intelligent Healthcare International Journal of u- and e- Service, Science and Technology
Vol. 4, No. 3, September, System”, in
International Journal of u- and e- Service, Science and Technology
Vol. 4, No. 3, September, 2011
International Journal of u- and e- Service, Science and Technology
Vol. 4, No. 3, September, 2011
International Journal of u- and e- Service, Science and Technology
Vol. 4, No. 3, September, 2011
International Journal of u- and e- Service, Science and Technology
Vol. 4, No. 3, September, 20
69 C. Liu1, Y. Zhang and H. Zhang, “A Novel Approach to IoT Security Based on Immunology”, in 2013 Ninth International Conference on Computational Intelligence and Security, 978-1-4799-2548-3/13 $31.00 © 2013 IEEE DOI 10.1109/CIS.2013.168, pp. 771-775.
70 L. Zhou, H. C. Chao, “Multimedia Traffic Security Architecture for the Internet of Things”, in IEEE Network • May/June 2011, pp. 35-40.
71 A. M. Eskicioglu, “Multimedia security in group communications: recent progress in key management, authentication, and watermarking”, in Multimedia Systems 9: 239–248 (2003) Digital Object Identifier (DOI) 10.1007/s00530-003-0095-2, pp. 239-248.
72 G. S. Rose’ “Security Meets Nanoelectronics for Internet of Things Applications”, in GLSVLSI ’16, May 18-20, 2016, Boston, MA, USA c 2016 ACM. ISBN 978-1-4503-4274-2/16/05, DOI: http://dx.doi.org/10.1145/2902961.2903045, pp. 181-183.
73 G. L. D. Santos, V. I. T. Guimaraes, G. D. C. Rodrigues, L. Z. Granville and L. M. R. Tarouco, “A DTLS-based Security Architecture for the Internet of Things”, in 20th IEEE Symposium on Computers and Communication (ISCC), pp. 809-815.
74 M. Xin, “A Mixed Encryption Algorithm Used in Internet of Things Security Transmission System”, in 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery 978-1-4673-9200-6/15, 2015 IEEE DOI 10.1109/CyberC.2015.9, pp. 62-65.
75 D. Zegzhda and T. Stepanova, “Achieving Internet of Things Security via Providing Topological Sustainability”‘ in Science and Information Conference 2015 July 28-30, 2015 | London, UK, pp. 269-276.76 Shahid Raza, Ludwig Seitz, Denis Sitenkov, and Göran Selander, “S3K: Scalable Security With Symmetric Keys—DTLS Key Establishment for the Internet of Things”, in IEEE TRANSACTIONS ON AUTOMATION SCIENCE AND ENGINEERING, Digital Object Identifier 10.1109/TASE.2015.2511301, pp. 2-11.
77 Q. Jing, A. V. Vasilakos, J. Wan, J. Lu and D. Qiu, “Security of the Internet of Things: perspectives and challenges”, in Wireless Netw (2014) 20:2481–2501 DOI 10.1007/s11276-014-0761-7, Published online: 17 June 2014 Springer Science+Business Media New York 2014, pp. 2481-2501.
78 J. Granjal, E. Monteiro and J.S. Silva, “A secure interconnection model for IPv6 enabled wireless sensor networks”, in 978-1-4244-9229-9/10/$26.00 ©2010 IEEE
79 M.U. Farooq, M. Waseem, A. Khairi and S. Mazhar, “A Critical Analysis on the Security Concerns of Internet of Things (IoT)”, in International Journal of Computer Applications (0975 8887) Volume 111 – No. 7, February 2015, pp. 1-6.
80 L. Atzori , A. Iera and G. Morabito, “The Internet of Things: A survey”, in Computer Networks 54 (2010) 2787–2805, 1389-1286/$, 2010 Elsevier B.V. All rights reserved. doi:10.1016/j.comnet.2010.05.010.
81 X. Wang, “Research on Security Issues of the Internet of Things”, in Advanced Materials Research Vols 989-994 (2014) pp 4261-4264, © (2014) Trans Tech Publications, Switzerland, doi:10.4028/www.scientific.net/AMR.989-994.4261
82 A. Patcha and J. M. Park, “An overview of anomaly detection techniques: Existing solutions and latest technological trends”, in Computer Networks 51 (2007) 3448–3470, 1389-1286/$ – see front matter 2007 Elsevier B.V. All rights reserved. doi:10.1016/j.comnet.2007.02.001
83 J. Gubbi, R. Buyya, S. Marusic and M. Palaniswami, “Internet of Things (IoT): A vision, architectural elements, and future directions”, in Future Generation Computer Systems 29 (2013) 1645–1660, 0167-739X/$ – see front matter © 2013 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.future.2013.01.010