This is an old revision of the document!


IoT security and privacy

Concept of information security and its importance.

There are two approaches to determination of the concept “information security”:

1. Information security — a status of safety of information resources and protection of legitimate rights of the personality and society in the information sphere.

2. Information security is a process of support of confidentiality, integrity and accessibility of information.

Confidentiality: Ensuring access to information only to authorized users.

Integrity: Support of reliability and completeness of information and methods of its processing.

Accessibility: Ensuring access to information and related assets of authorized users as required.

The properties given above are fundamental bases in the sphere of protection and safety of information.

Safety of information — a status of security of data in case of which their confidentiality, accessibility and integrity are provided.

Safety of information is defined by absence of the unacceptable risk connected to information leakage on technical channels, unauthorized and inadvertent impacts on data and (or) on other resources of an automated information system used in automated system. [1]

To understand in what activities for support of information security consist it is necessary to understand value of three major concepts clearly: risk, threat and vulnerability.

The risk of information security - a possibility that this threat will be able to use vulnerability of an asset or group of assets and by that will cause damage to the organization.

The threat is a potential or real-life danger of making of any act (actions or inactivities) directed against the subject to protection (information resources) causing damage to the owner, owner or user, which is shown it is in danger of distortion and losses of information.

Vulnerability is a shortcoming, the error in implementation which does possible the unforeseen impact on system attracting failures in system operation is more often. Vulnerabilities are classified by a set of signs. One of the most important signs — harm which can be caused to system, using vulnerability. Most often understand the specific mistake made in case of design or coding of system as vulnerability.

In case of appearance of new information technologies and furthermore the whole information branches, there is a huge number of potential threats and vulnerabilities which shall be probed properly. Certainly, the Internet of Things did not become an exception. [2]

The recent report of Gartner predicts that by 2020 20,4 billion connected to IoT will be connected, at the same time will be connected every day 5,5 million new devices. Besides, by 2020 more than a half of large new business processes and systems will include the IoT component. [3]

These digits stun and assume that standard protection the PC and anti-virus solutions will not be able to resist to future threats of cyber security on the attached devices IoT.

Need of more reliable measures for protection of the built-in devices IoT was confirmed with the recent research Forrester TechRadar in which use options, the business value and perspectives for 13 most important and important technologies of safety of IoT were defined. It included the main technologies, such as authentication of IoT and encoding of IoT, in addition to the appearing technologies of protection of IoT, such as detection of threats of IoT, lock of IoT and analyst of safety of IoT. You can see the most important technologies of safety of IoT in a figure below:

Figure 1:

For the last few years many widespread cyber attacks showed risks of inadequate safety of IoT. Perhaps, the attack of “Stuxnet” aimed at the industrial programmable logic controllers (PLC) at the Iranian uranium enrichment plant became the most known. Experts read that Stuxnet destroyed up to 1000 centrifuges connected through broadband networks to the PLCs devices working under control of the Windows operating system at the PCs standard platforms.

In 2016 was many serious attacks directed to IoT devices. Mirai botnet became one of such attacks. This specific a bot network infected numerous IoT devices (first of all old routers and IP cameras), and then used them for superimposing of Dyn DNS provider by means of the DDoS-attack. The botnet of Mirai destroyed Etsy, GitHub, Netflix, Shopify, SoundCloud, Spotify, Twitter and some other the large websites. This piece of the malicious code used the devices using outdated versions of a kernel of Linux and relied on the fact that most of users do not change names users / passwords by default on the devices.

Many companies reduce costs of production, not including sufficient space for storage on the devices to provide updating of a kernel Linux. Because of it kernels which include vulnerabilities work on many IoT devices. Vendors need to learn this lesson and to allow each device to update regularly kernels. Until this problem is solved, IoT devices will still suffer from weight of exploits.

In November, 2016 [4] cybercriminals closed heating of two buildings in the city of Lappeenranta, Finland. It was the DDoS-attack; in this case the attack allowed heating controllers to reboot permanently system so heating was not made. As temperature in Finland fell below zero at this time, this attack caused very unpleasant consequences.

Even if you take reasonable measures of safety of IoT, your connected gadgets can be compromised by criminals. Last fall the DSN Dyn-Internet service provider got under the attack which broke access to popular web sites. Attackers could take under control a large number of the devices connected to the Internet, such as video recorders and cameras. These devices then were used for carrying out the attack. [5]

To tell the truth, IoT gives the almost infinite opportunities for connection of our devices and the equipment. From the point of view of creativity this field is widely opened, with the infinite set of methods “to connect devices”. It can become the large platform for people with the innovative ideas, but also it concerns also malefactors therefore IoT offers both new opportunities of development, and potential security concerns.


[1] R. Minerva, and A. Biru, “Towards a Definition of the Internet of Things,” in IEEE IoT Initiative White Paper
[2] H. Reza Ghorbani, M. Hossein Ahmadzadegan, “Security challenges in internet of things: survey”, Wireless Sensors (ICWiSe) 2017 IEEE Conference on, pp. 1-6, 2017.
[3] TechRadar™: Internet Of Things Security, Q1 2017
[5] Z. K. Zhang, M. C. Y. Cho, C. W. Wang, C. W. Hsu, C. K. Chen, S. Shieh, “IoT security: Ongoing challenges and research opportunities”, Proc. IEEE 7th Int. Conf. Service-Oriented
en/iot-open/security_and_privacy_in_iot_ume/iot_security.1519902234.txt.gz · Last modified: 2020/07/20 09:00 (external edit)
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0