This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
en:iot-reloaded:hardware_and_cybersecurity [2024/10/20 13:28] – [IoT hardware security] gkuaban | en:iot-reloaded:hardware_and_cybersecurity [2024/12/10 21:44] (current) – pczekalski | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== IoT Hardware and Cybersecurity ====== | ====== IoT Hardware and Cybersecurity ====== | ||
- | A typical IoT architecture consists of the physical layer, which consists of IoT sensors and actuators, which may be connected in the form of a star, linear, mesh, or tree network topology. The IoT devices can process the data collected by the IoT sensors at the physical layer or can be sent to the fog/cloud computing layers for analysis through IoT access and Internet core networks. The Fog/cloud computing nodes perform lightweight or advanced analytics on the data, and the result may be sent to users for decision-making or to IoT actuators to perform a specific task or control a given system or process. This implies that in an IoT infrastructure, | + | A typical IoT architecture consists of the physical layer, which consists of IoT sensors and actuators, which may be connected in the form of a star, linear, mesh, or tree network topology. The IoT devices can process the data collected by the IoT sensors at the physical layer or send it to the fog/cloud computing layers for analysis through IoT access and Internet core networks. The Fog/cloud computing nodes perform lightweight or advanced analytics on the data, and the result may be sent to users for decision-making or IoT actuators to perform a specific task or control a given system or process. This implies that in an IoT infrastructure, |
- | In implementing IoT security, it is important | + | In implementing IoT security, it is vital to consider the kind of hardware found in IoT systems, from the IoT device level through the IoT networks, fog computing nodes, and internet |
===== IoT hardware vulnerabilities ===== | ===== IoT hardware vulnerabilities ===== | ||
IoT devices are vulnerable to certain types of security attacks due to the nature of IoT hardware. Some of these vulnerabilities or weaknesses resulting from IoT hardware limitations include: | IoT devices are vulnerable to certain types of security attacks due to the nature of IoT hardware. Some of these vulnerabilities or weaknesses resulting from IoT hardware limitations include: | ||
- | * The confidentiality and integrity of sensitive data collected by sensor devices can easily be compromised due to a lack of appropriate cryptographic algorithms or weak cryptographic algorithms. It is difficult to implement strong cryptographic algorithms that are difficult to be compromised by cybercriminals due to limited computing resources in IoT devices. IoT devices use microcontrollers for computing, which are not able to handle strong but computationally expensive cryptographic algorithms. This makes IoT devices vulnerable to man-in-the-middle attacks where the wireless IoT traffic can be captured by cybercriminals and analysed to have access | + | * The confidentiality and integrity of sensitive data collected by sensor devices can easily be compromised due to a lack of appropriate cryptographic algorithms or weak cryptographic algorithms. It is difficult to implement strong cryptographic algorithms that are difficult to be compromised by cybercriminals due to limited computing resources in IoT devices. IoT devices use microcontrollers for computing, which cannot |
- | * Device manufacturers introduce some of the vulnerabilities of IoT devices. They are often focused on minimising the cost of the devices and the time to market, paying little or no attention to the security requirements or needs of the customers sometimes because customers are often concerned about the prices | + | * Device manufacturers introduce some of the vulnerabilities of IoT devices. They are often focused on minimising the cost of the devices and the time to market, paying little or no attention to the security requirements or needs of the customers sometimes because customers are often concerned about the devices' |
* In some IoT deployments, | * In some IoT deployments, | ||
- | * Since the communication between the IoT devices and between the IoT devices and the access point or gateway is through wireless radio communication channels, the IoT devices are vulnerable to jamming attacks | + | * Since the communication between the IoT devices and between the IoT devices and the access point or gateway is through wireless radio communication channels, the IoT devices are vulnerable to jamming attacks designed to force them to deplete their stored energy rapidly. |
- | * IoT devices are also vulnerable to flooding attacks | + | * IoT devices are also vulnerable to flooding attacks designed to flood IoT devices with benign or useless packets, so they will spend more energy processing these useless packets, rapidly depleting their stored energy and eventually shutting down the device. |
* Since IoT devices are relatively easy to infect with malware, they are vulnerable to a kind of malware attack in which the attacker infects the device with malware that forces the device to perform more computations, | * Since IoT devices are relatively easy to infect with malware, they are vulnerable to a kind of malware attack in which the attacker infects the device with malware that forces the device to perform more computations, | ||
- | * Another type of IoT hardware vulnerability is rout poisoning, in which the attacker creates routing loops, turns some devices into sinkholes, or increases routing paths with the aim of forcing | + | * Another type of IoT hardware vulnerability is route poisoning, in which the attacker creates routing loops, turns some devices into sinkholes, or increases routing paths to force the devices to spend more energy and eventually |
- | * IoT devices can easily be infected and turned into botnets, which can then be used to conduct sophisticated large-scale attacks such as distributed denial of service attacks | + | * IoT devices can easily be infected and turned into botnets, which can then be used to conduct sophisticated large-scale attacks, such as distributed denial of service attacks, which can paralyse IT assets (servers and gateways). |
- | * Another IoT hardware vulnerability is the lack of visibility. Many IoT devices are deployed without appropriate identification numbers (IP addresses), creating blind spots because the devices are not visible to security monitoring tools and can be exploited. Also, the fact that various devices may have different protocols makes it difficult to monitor | + | * Another IoT hardware vulnerability is the lack of visibility. Many IoT devices are deployed without appropriate identification numbers (IP addresses), creating blind spots because the devices are not visible to security monitoring tools and can be exploited. Also, the fact that various devices may have different protocols makes monitoring |
- | * An inefficient firmware verification mechanism | + | * An inefficient firmware verification mechanism |
- | * As a result of poor device management strategies, some organisations or individuals sometimes fail to attend to some devices to ensure that they are well-secured (failing to install necessary updates and patch security holes to gaps), leaving them vulnerable to attacks from cybercriminals. | + | * Due to poor device management strategies, some organisations or individuals sometimes fail to attend to some devices to ensure that they are well-secured (failing to install necessary updates and patch security holes to gaps), leaving them vulnerable to attacks from cybercriminals. |
- | * some hardware security vulnerabilities are hard to eliminate, such as side-channel attacks, reverse engineering of the hardware, malware infection, and data extraction, which could be exploited, resulting | + | * Some hardware security vulnerabilities are hard to eliminate, such as side-channel attacks, reverse engineering of the hardware, malware infection, and data extraction, which could be exploited |
- | * IoT devices are vulnerable to physical attacks | + | * IoT devices are vulnerable to physical attacks. A criminal can destroy or vandalise |
===== IoT hardware attacks ===== | ===== IoT hardware attacks ===== | ||
- | IoT hardware attacks are the various ways that security weaknesses resulting from limitations in IoT hardware can be exploited to compromise the security of IoT data and systems. An attacker may install malware on IoT devices, manipulate their functionality, | + | IoT hardware attacks are the various ways that security weaknesses resulting from limitations in IoT hardware can be exploited to compromise the security of IoT data and systems. An attacker may install malware on IoT devices, manipulate their functionality, |
+ | |||
+ | * Unauthorised access: Some IoT device manufacturers use weak or no security mechanisms to minimise manufacturing costs and reduce the time to market to meet the increase in market demand. They sometimes do not provide mechanisms for necessary updates to patch up security holes. Some create backdoors for remote servicing, which malicious hackers can exploit. In contrast, others use default or no passwords, making it easier for attackers to access and exploit the device to escalate their attacks. | ||
+ | * Emulation of fake IoT devices: A third party that knows the communication protocol could develop software to emulate standard functionalities between IoT devices and then get the leverage to share false information. | ||
+ | * Identity Theft: An attacker could steal the identification of legitimate devices and then perform malicious actions within the network without being identified. | ||
+ | * Injection of fake information: | ||
+ | * Firmware-base attacks: When a new security threat is discovered, a new firmware update is required to obtain an updated version to address the security threat. The firmware, security configuration and other device features can be cloned. The attacker can also upgrade the firmware of a device with malicious software (( O. Garcia-Morchon, | ||
+ | * Eavesdropping and man-in-the-middle attacks: Data exchange should be performed securely, making data interception by a third party impossible. Traditional data encryption schemes cannot be implemented in IoT devices, requiring lightweight encryption, which is not straightforward and is sometimes ignored by manufacturers. Transmitting unencrypted IoT data, including security data, makes IoT networks susceptible to eavesdropping and man-in-the-middle attacks. | ||
+ | * Energy depletion attacks: In this kind of attack, an attacker tries to increase the energy consumption of a battery-powered IoT device significantly, | ||
+ | * Vampire attacks: In this kind of attack, an attacker tries to increase the energy consumption of a battery-powered IoT device significantly, | ||
+ | * Routing attacks: An attacker may manipulate the routing information of the devices to create routing loops, selectively forward packets or intend to use longer routes to increase energy consumption. Some routing attacks include sinkholes, selective forwarding, wormholes, and Sybil attacks ((A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.)). | ||
+ | * Jamming attacks: A denial of service attack in a shared wireless communication channel where a user may prevent other users from using the shared channel ((S. Yan-Qiang, W. Xiao-dong, Handbook of Research on Developments and Trends in Wireless Sensor Networks: From Principle to Practice, DOI: 10.4018/ | ||
+ | * Brut-force attacks: This kind of attack is aimed at obtaining the login credentials of the detail to gain unauthorised access to the device. For devices with fault passwords, commonly used passwords (e.g., admin), or weak passwords, attackers can access these credentials and use them to gain illegal access to IoT devices. | ||
+ | * DoD/DDoD attacks: Because adequate security mechanisms are not implemented to harden the security of IoT devices, they can easily be compromised. Many IoT devices can constitute an army of botnets to conduct DDoS attacks to saturate the buffers and other resources in the access points, fog nodes and cloud platforms. | ||
+ | * Packet collision attacks: This attack is typical in IoT applications where the devices share the wireless communication channel. An attacker can capture some of the devices and then use them to create packet collisions in the communication channel to disrupt the communication and force the devices to consume more energy by trying to transmit packets multiple times and increase the time the devices stay awake to perform communication (or decreases the sleep time of the device). This kind of attack is a type of energy depletion attack. | ||
+ | * Physical attack on the device: An IoT device may be physically manipulated or damaged to extract vital information. This is an essential aspect of IoT-based agriculture, | ||
- | * Unauthorised access | ||
- | * Emulation of fake IoT devices | ||
- | * Identity Theft | ||
- | * Injection of fake information | ||
- | * Firmware-base attacks | ||
- | * Eavesdropping and man-in-the-middle attacks | ||
- | * Energy depletion attacks | ||
- | * Brut-force attacks | ||
- | * DoD/DDoD attacks | ||
- | * Ransomware attacks | ||
- | * Packet collision attacks | ||
- | * Physical attack on the device | ||
===== IoT hardware security ===== | ===== IoT hardware security ===== | ||
- | It is very difficult | + | It is tough to eliminate IoT hardware vulnerabilities due to the hardware resource constraint of IoT devices. Some of the measures for securing IoT devices and mitigating the risk posed by IoT security vulnerabilities include the following: |
- | * Implementing lightweight encryption schemes on IoT devices: The data stored in the IoT devices (e.g., device authentication data and other sensitive data) should be encrypted to ensure | + | * Implementing lightweight encryption schemes on IoT devices: The data stored in the IoT devices (e.g., device authentication data and other sensitive data) should be encrypted to ensure its confidentiality and integrity are not compromised. The IoT data should be encrypted before being transmitted through any transmission medium. Since traditional cryptographic algorithms are computationally expensive and require strong and energy-hungry computing systems, it is preferable to implement lightweight cryptographic algorithms that require relatively less energy. |
- | * Implementing robust authentication mechanisms on IoT devices: | + | * Implementing robust authentication mechanisms on IoT devices: |
- | * Configuring firewalls to protect devices from traffic-based attacks: The perimeter | + | * Configuring firewalls to protect devices from traffic-based attacks: The network' |
- | * Ensure that the software and hardware components are not compromised: | + | * Ensure that the software and hardware components are not compromised: |
- | * Implement dedicated security hardware to improve | + | * Implement dedicated security hardware to improve |
- | * Always verify the validity and trustworthiness of the software and firmware of the IoT devices: Reliable mechanisms should be implemented to verify the validity and trustworthiness of the software and firmware of IoT devices. | + | * Always verify the validity and trustworthiness of the software and firmware of IoT devices: Reliable mechanisms should be implemented to verify the validity and trustworthiness of the software and firmware of IoT devices. |
- | * Regular security checks and updates: Mechanisms should be implemented to check if the device has been tampered with. Also, the firmware and software of the device should be updated and regulated to patch any security holes. | + | * Regular security checks and updates: Mechanisms should be implemented to check if the device has been tampered with. The firmware and software of the device should |
* Regular security audits should be performed: The IoT network should be regularly audited using vulnerability scanning and security auditing tools to ensure that IoT vulnerabilities (including hardware vulnerabilities) and threats can be detected and resolved before criminals can exploit them. | * Regular security audits should be performed: The IoT network should be regularly audited using vulnerability scanning and security auditing tools to ensure that IoT vulnerabilities (including hardware vulnerabilities) and threats can be detected and resolved before criminals can exploit them. | ||
- | * Enforcement of security policies: Sound security policies should be designed and enforced to ensure that the IoT device and data are not easily compromised. For example, the principle of security by design was implemented when designing | + | * Enforcement of security policies: Sound security policies should be designed and enforced to ensure that the IoT device and data are not easily compromised. For example, the principle of security by design was implemented when developing |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | + | ||