Security and Privacy Issues in IoT Environment

 Internet of Things (IoT) is becoming an emerging trend superseding other technologies and researchers considered it as the future of internet. As now the connectivity to the World Wide Web is becoming highly available cost is drastically decreasing so everyone can afford the technology. As Internet of Things provides a great opportunity to develop an important industrial systems and applications with the help of various kind of sensors that can sense out the environment using number of devices that is connected to the internet, usage of IoT is drastically increasing and becoming a common thing. With this sky-rocketed usage and the demand, Communication and storing of the information faces serious security issues as the security of IoT devices become just an afterthought when manufacturing most of the devices. This study tries to summarize this IoT security issues in terms of primary information security concepts confidentiality, integrity and availability with regards to its architecture

ENHANCED CENTRAL WEB AUTHENTICATION

Central web authentication (CWA) is widely deployed for guest user authentication in environments that include a Remote Authentication Dial-In User (RADIUS) server. The various CWA flows work well with existing security policy management platforms without any security concerns, but potentially there could be security issues while working with third-party RADIUS servers. To address these types of challenges, techniques are presented herein that support, among other things, enhanced CWA flows to work with untrusted RADIUS servers and selectively extending Layer 3 (L3) authentication timeouts for high-profile customers

Adaptive Security Framework in Internet of Things (IoT) for Providing Mobile Cloud Computing

Internet of Things (IoT) has immense potential to change many of our daily activities, routines and behaviors. The pervasive nature of the information sources means that a great amount of data pertaining to possibly every aspect of human activity, both public and private, will be produced, transmitted, collected, stored and processed. Consequently, integrity and confidentiality of transmitted data as well as the authentication of (and trust in) the services that offer the data is crucial. Hence, security is a critical functionality for the IoT. Enormous growth of mobile devices capability, critical automation of industry fields and the widespread of wireless communication cast need for seamless provision of mobile web services in the Internet of Things (IoT) environment. These are enriched by mobile cloud computing. However, it poses a challenge for its reliability, data authentication, power consumption and security issues. There is also a need for auto self-operated sensors for geo-sensing, agriculture, automatic cars, factories, roads, medicals application and more. IoT is still highly not reliable in points of integration between how its devices are connected, that is, there is poor utilization of the existing IP security protocols. In this chapter, we propose a deep penetration method for the IoT connected set of devices, along with the mobile cloud. An architecture and testing framework for providing mobile cloud computing in the IoT that is based on the object security, power utilization, latency measures and packet loss rate is explained. Our solution is based on the use of existing security protocols between clients and the mobile hosts as well as a key management protocol between the individual mobile hosts implementing an out-of-band key exchange that is simple in practice, flexible and secure. We study the performance of this approach by evaluating a prototype implementation of our security framework. This chapter, in a preliminary manner, discusses the threats, hacks, misguided packets and over read sensor message. These packets are then translated by hardware and pushed through the web for later-on action or support. Our testing of a set of sensor-triggered scenario and setup clearly indicates the security threats from wireless connected small LAN environments and the overestimated sensor messages resulting from the initial set of the sensor readings, while we emphasize more on the security level of the web services serving the IoT-connected device. Also, we add a remark on how mobile web services and their enabling devices are by far vulnerable to a 4G hack over the utilization of power pack and a serious battery use power draining issues

Security analysis of IoT protocols: A focus in CoAP

© 2016 IEEE. Internet of things (IoT) or Web of Things (WoT) is a wireless network between smart products or smart things connected to the internet. It is a new and fast developing market which not only connects objects and people but also billions of gadgets and smart devices. With the rapid growth of IoT, there is also a steady increase in security vulnerabilities of the linked objects. For example, a car manufacturer may want to link the systems within a car to smart home network networks to increase sales, but if all the various people involved do not embrace security the system will be exposed to security risks. As a result, there are several new published protocols of IoT, which focus on protecting critical data. However, these protocols face challenges and in this paper, numerous solutions are provided to overcome these problems. The widely used protocols such as, 802.15.4, 6LoWPAN, and RPL are the resenting of the IoT layers PHY/MAC, Adoption and Network. While CoAP (Constrained Application Protocol) is the application layer protocol designed as replication of the HTTP to serve the small devices coming under class 1 and 2. Many implementations of CoAP has been accomplished which indicates it\u27s crucial amd upcoming role in the future of IoT applications. This research article explored the security of CoAP over DTLS incurring many issues and proposed solutions as well as open challenges for future research

SECURITY ISSUES IN INTERNET OF THINGS

Remote correspondence networks are exceptionally inclined to security dangers. The significant uses of remote correspondence networks are in military, business, medical care, retail, and transportations. These frameworks utilize wired, cell, or specially appointed organizations. Remote sensor organizations, actuator organizations, and vehicular organizations have gotten an extraordinary consideration in the public eye and industry. As of late, the Internet of Things (IoT) has gotten significant examination consideration. The IoT is considered as eventual fate of the web. In future, IoT will assume an essential job and will change our living styles, guidelines, just as plans of action. The use of IoT in various applications is required to rise quickly in the coming years. The IoT permits billions of gadgets, people groups, and administrations to interface with others and trade data. Because of the expanded use of IoT gadgets, the IoT networks are inclined to different security assaults. The arrangement of proficient security and protection conventions in IoT networks is amazingly expected to guarantee secrecy, validation, access control, and respectability, among others. In this paper, a broad exhaustive examination on security and protection issues in IoT networks is given

IoT Privacy and Security: Challenges and Solutions

Privacy and security are among the significant challenges of the Internet of Things (IoT). Improper device updates, lack of efficient and robust security protocols, user unawareness, and famous active device monitoring are among the challenges that IoT is facing. In this work, we are exploring the background of IoT systems and security measures, and identifying (a) different security and privacy issues, (b) approaches used to secure the components of IoT-based environments and systems, (c) existing security solutions, and (d) the best privacy models necessary and suitable for different layers of IoT driven applications. In this work, we proposed a new IoT layered model: generic and stretched with the privacy and security components and layers identification. The proposed cloud/edge supported IoT system is implemented and evaluated. The lower layer represented by the IoT nodes generated from the Amazon Web Service (AWS) as Virtual Machines. The middle layer (edge) implemented as a Raspberry Pi 4 hardware kit with support of the Greengrass Edge Environment in AWS. We used the cloud-enabled IoT environment in AWS to implement the top layer (the cloud). The security protocols and critical management sessions were between each of these layers to ensure the privacy of the users’ information. We implemented security certificates to allow data transfer between the layers of the proposed cloud/edge enabled IoT model. Not only is the proposed system model eliminating possible security vulnerabilities, but it also can be used along with the best security techniques to countermeasure the cybersecurity threats facing each one of the layers; cloud, edge, and IoT

Towards a Safe and Secure web semantic framework

This thesis describes the work I did during my internship at the INRIA research center in Sophia-Antipolis, within the INDES team and under the supervision of Ilaria Castellani and Tamara Rezk.The main objectives of the INDES team is to study models and develop languages for Diffuse computing, a computing paradigm in which it is necessary to manage and maintain computing structures distributed on several heterogeneous nodes that usually do not trust each other. INDES focuses on the study of the different concurrency models that underlie these systems and pays particular attention to Multitier programming, an emerging programming paradigm that aims to reduce complexity in the development of web applications by adopting a single language to program all their components. The role played by security issues (and particularly the protection of confidentiality and integrity of data) is crucial in these applications, and ensuring security of web applications is another important goal of the INDES team. My internship took place in the context of the ANR CISC project, whose objective is to provide semantics, languages and attack models for the Internet of Things (IoT), a term that refers to systems composed of a set of interconnected devices, which interact with the environment in which they are placed by means of different sensors and actuators. My individual research took place within Webi, a semantic framework that aims at a primitive simulation of the interactions that take place between servers and clients on the web, developed by Tamara Rezk and her colleagues. In particular, I concentrated on an extension of Webi called WebiLog, which allows one to represent authenticated sessions and to formalize attacks aimed at compromising their integrity

Pengamanan Internet of Things Berbasis NodeMCU Menggunakan Algoritma AES Pada Arsitektur Web Service REST

Data confidentiality and resource's limitation issues are challenges for the Internet of Things. To implement good security on IoT systems, cryptography can do it, but it needs an effective encryption algorithm that does not require a lot of resources. The purpose of this study is to secure an IoT system by implementing an algorithm that is successful in maintaining the confidentiality of data transmitted. This research uses an experimental approach, by creating an IoT system for agriculture and adding an encryption algorithm. The IoT system uses NodeMCU as a microcontroller. NodeMCU is a microcontroller with small resources so it needs an efficient algorithm to be implemented in it. One algorithm that has good performance in a desktop computing environment is the Advance Encryption Standard (AES) algorithm. The algorithm is tested in an IoT computing environment with a data exchange architecture using an REST (Representational State Transfer) web service, resulting in an IoT system for agriculture with cryptographic implementations in it. In the tests carried out, the encryption process of 128 and 256 bits of plain text took 266.31 and 274.31 microseconds, while the memory used was 16% and 17% of the total memory, respectively. This shows the encryption time is fast, and the memory usage is relatively small.Data confidentiality and resources limitation issues are challenges for Internet of Things. To implement good security on IoT systems, cryptography can be implemented, but it needs effective encryption algorithm that does not require a lot of resources. The purpose of this study is to implement an algorithm that is effective in maintaining the confidentiality of data transmitted on an IoT system with limited resources. This research uses experimental research methods, by creating an IoT system for agriculture and adding an encryption algorithm. The IoT system uses NodeMCU as a microcontroller. NodeMCU is a microcontroller with small resources so it needs an efficient algorithm to be implemented in it. One algorithm that has good performance in a desktop computing environment is the Advance Encryption Standard (AES) algorithm. The algorithm implemented in the IoT system using a REST (Representational State Transfer) web service. The result of this research is an secured IoT system for agriculture. In the tests carried out, the encryption process of 128 and 256 bit plain text took 266.31 and 274.31 microseconds, while the memory used was 16% and 17% of the total memory. This shows the encryption time is relatively fast and the memory usage is relatively small

Home Automation and RFID-Based Internet of Things Security: Challenges and Issues

Internet of Things (IoT) protection refers to the software field related to securing the Internet of Things and associated linked devices and systems. The IoT is a system of interconnected computers, sensors, actuators, or people on the World Wide Web (WWW). All these different devices have a unique identity in the IoT and must convey data across the network automatically. If computers are not adequately secured, allowing them to connect to the Internet exposes them to a range of serious vulnerabilities. Because the consequences of IoT failures are severe, it is necessary to observe and analyze security issues related to IoT. The prime goal of IoT security is to protect personal safety, while also guaranteeing and ensuring accessibility. In the context of IoT technology, the present study conducts a systematic literature review that analyzes the security problems associated with commercial and educational applications of home automation and details the technical possibilities of IoT with respect to the network layer. In this systematic review, we discuss how current contexts result in the inability of designers of IoT devices to enhance their cyber-security initiatives. Typically, application developers are responsible for training themselves to understand recent security advancements. As a result, active participation on the ridge scale with passive improvement can be achieved. A comparative analysis of the literature was conducted. The main objective of this research is to provide an overview of current IoT security research in home automation, particularly those using authentication methods in different devices, and related technologies in radio frequency identification (RFID) on network layers. IoT security issues are addressed, and various security problems in each layer are analyzed. We describe cross-layer heterogeneous integration as a domain of IoT and demonstrate how it can provide some promising solutions.Qatar University High Impact Grant (QUHI-CBE-21/22-1)