IoT Security Attacks and Countermeasures
Supervisor: – Prof. Dr. Alaa Hussein Al-Hamami, Student: – Mohammed
Internet of Things devices are shape our life today, huge number of
devices are connected to the internet and collect information about our
activities, the dramatically increase in the number of IoT devices and the sheer size of information that is gathered by
billions of Internet of things devices could make these devices and the
information they gathered a very valuable target for intruders, many attacks
target these devices, in this paper we will cover most well-known attacks and
Terms—Internet of things security, IoT attacks, IoT security countermeasures.
Billions of intelligent IoT devices connected
to internet today, and it is predicted to be 50 billion devices by 20201.
these smart, self-decision-making devices control the electricity demands of
our cities (smart grid), our home security, transmit our health records to
hospitals and receive prescription in order to make human being life easier and
productive, Figure 1.
Since Internet of Things devices record
almost everything around us and collect sheer amount of human and systems
activities in addition to the nature of the Internet of Things devices that
require them to be online almost always, that make the collected information
and devices itself exceptionally important target for attackers and intruders,
IoT devices could be attacked to collect information about sensitive
environment like Smart Grid or to violate people privacy and committing crimes,
exploited IoT devices could be used to lunch
attacks against others like DDOS attacks.
To demonstrate the ability of intruders to exploit IoT devices to
lunch a massive attacks, in September 2016, a massive attack caused many
popular web sites like Amazon, BBC, Netflix to get down for a while, the attack
has then expanded to attack Dyn a DNS solution and Email delivery service
making tens of thousands of users unable to reach the internet, this attack has
been lunched using DDOS attack techniques taking advantage of hundreds of
thousands of vulnerable IoT devices to compose a network of zombie and control
them to start the attack23, what makes these types of attacks dangers is
that it can be lunched from any device that is connected to the internet which
could be for example smart refrigerators, smart TVs part of this type of
attacks, other concern of IoT security is the privacy of users, since IoT
devices collect information about people activities like the health information
collected by smart wearable devices, unauthorized access to these data would be
privacy violation, what is more danger is the intruders’ ability to manipulate
IoT devices to harm people like manipulate medical
devices to change the victim’s prescription.
this paper we will discuss the different types of attacks that target IoT
environment and its countermeasures, section 2 is a general overview of the IoT
architecture, section 3 discuss IoT security in general, section 4 lists
related work and most-well attacks against IoT environments, section 5 shows
the statement of the problem and challenges, section 6 shown the proposed solution,
section 7 is conclusion and future work.
IoT infrastructure composed of multiple heterogeneous devices that are
connected to each other and exchange information between them. An abstract view
of how IoT works is shown in figure 2.
is measured by one or more sensors, these measurements are sent the local IoT
device that responsible for making the initial processing and storing, data is
then sent through the internet to a cloud service for more processing and long
recognizable architecture for IoT environment is to categories devices based on
its location and/or based on its function. the three level IoT architecture 4
is a very well-known architecture that split the IoT environment into three
layers, application, network and perception figure 3.
this layer actions are measured through sensors, these measurements are then
sent to IoT controllers which are microcontrollers and embedded boards used to process
data and stored it locally, technologies used in this layer like RFID and WSN,
RFID is stand for Radio-frequency Identification which is the technology that
used to enable the communication between sensors and the monitored IoT objects
through RFID tag, the measured data is sent to the controller through wireless
network transmission (WSN). devices in this layer have a limited processing and
data is collected in perception layer, it needs to be transmitted to the IoT
cloud service, the network layer contains devices like wireless and wire
routers, switches and firewall, IDS and IPS are used to deliver data from the
perception layer to the could provider.
final destination of collected data is the cloud, cloud providers processing
and analyzing the data to provide the IoT user with meaningful results, also
this layer provides the user with a portal to view IoT services results.
3. IoT Security
The main goal of cyber security is to preserve the Confidentiality,
Integrity and Availability.
It is very important for data either in
transmit or in store to be secure from unauthorized access that could expose
user’s data and violates user’s privacy, 1-2-3
Zones 5 divided the IoT environment to three
zones Internal zone, Middle zone and Outside zone figure 4.
We can see from the figure 4 that data in
IoT environment could be located and transmit as the following: –
1- Data could be stored in the Internal zone,
like in IoT devices.
2- Data could be stored in the External zone
in the cloud.
3- Data transmits within devices in Internal
zone, from sensors to IoT devices or controllers.
4- Data transmits from Internal zone to Middle
5- Data transmit from Middle zone to external zone.
So it is substantial to protect data
confidentiality in all previous mentioned places.
unauthorized modify of IoT data either in store or in transmit would make all
IoT results and analysis invalid, we can imagine that an intruder who break IoT
medical device that reads a patient health activity and modify his health
reading which definitely would expose his life to danger, so it’s very
important to protect the integrity of data in IoT.
There are a wide range of attacks targeting
each layer of IoT architecture figure 3, many research papers have categories
these attacks, this section will discuss the literature survey of IoT attacks.
Attacks in this layer will target mainly embedded technology like
sensors and other measuring devices, and due to the nature of these devices
that have small processing unit and limited power make it easy target for
intruders this layer could be target for the following attacks:
Node Tempering: – in this type of attack the intruder
may damage, replace or manipulate the IoT devices that sense and measures
activities 6, the goal of this attack is to get or alter the data measured by
Code injection: – in code injection the attacker exploits
a vulnerability in the IoT device that enable him to inject the device with malicious
code 7 which enable the attacker to do whatever he wants like inject the IoT
device with a worm to join it in a botnet or to control the IoT device and
Man in the Middle Attack: – the intruder can eavesdrop
in IoT communications, which enable him to listen to the traffic between the sensors
and IoT controller or between controller and edge of the IoT network which gives
attacker the advantage to expose sheer amount of data 8.
DOS Attack: – break the availability of services is a
very popular attack, DOS attack can be lunched against IoT environment or can
be lunched from IoT environment against other services, in the first scenario a
massive network request sent to IoT environment to flood the system resources
and make it unavailable, such attacks would be very disruptive if they target
sensitive environment like Smart Grid, in the second scenario where the attack
initiated from IoT environment, intruders control a wide network of IoT
environments making a network of botnet, and use that botnet to lunch DOS
attack against other target 239.
RFID Cloning and Spoofing: – this type of attack
enable the attacker to spoof signals, alter them and send its own using the genuine
RFID tag which make the signals appear coming from the original device 10.
IoT Device Impersonation: – this attack take place
when attacker adds a device that can act as either sensor or IoT controller and
appears it belong to the IoT environment, which give the attacker the ability
to generates or receive data 11
Password Attacks: – All IoT devices and controllers
have a portal that enable the user to configure and read the IoT results and
since these devices are connected to the internet they are target to the
password guessing attacks as it happened with Dyn cyberattack 23.
this layer will target network devices and services, which are responsible for
moving data from one layer to other layer, devices included in this would be
like router, switches, Wi-Fi, Bluetooth and others.
Sniffing Traffic: – sniffing traffic in transmit is a popular
attack in networking world, attackers can sniff the flow of data while traveling
to cloud, this attack would break the confidentiality of information and give
the intruder the ability to learn and change IoT information 12
Routing attack: – intruder change the routing
information of the IoT device to route packets to other destination or to pause
the IoT functionality 13.
DOS Attacks: – similar to the perception layer, DOS
attacks can take place in network layer and cause IoT services to stop.
IoT Security Countermeasure
Protecting IoT environment for cyberattacks is an essential demand in
security worlds, many researches discussed techniques and procedures that can
be taken to secure against such attacks.
Using Digital Certificate and two-way authentication
will preserve the confidentiality of data 14, that will make sure every
device in IoT environment is a legitimate and genuine device which in turn will
prevent the many attacks like Node Tampering, Man in the Middle, Device
Impersonation and other attacks.
Data Encryption will make sure that all data will be
only read by authorized parties 15.
Access Control Lists (ACLS): creating the right rules
to control the inbound and outbound of traffic will stop unwanted traffic and
monitor access to the IoT devices.
Intrusion Detection and Prevention: would alarm and
prevent any malicious activities on IoT devices.
Anti-virus would protect IoT devices for different
kind of malwares.
Updating IoT firmware devices will patch bugs and
vulnerabilities that attackers can take advantage of to attack against IoT
Proper IoT devices configuration like change default
password and turn on only needed services would protect IoT environment from
wide range of attacks.
5. Statement of
Due to the design and functional nature of IoT devices, applying
security procedures and policies faces many challenges and difficulties, some
of these challenges: –
1- Lack of standards in IoT devices and proprietary
techniques and protocols used make understanding IoT threats and deploying
security mechanism more challenging and difficult.
limited processing and storage capabilities of IoT devices make applying
security features more difficult, like applying encryption method between
sensors and IoT devices, most of sensors do not have enough processing power to
handle the encryption process which arise the need to develop a lightweight
encryption method to apply in IoT devices, the limited storage also prevent
users from deploy security mechanism like anti-virus that could fill the
storage unit of IoT devices.
3- Most of IoT vendors are not interested to
develop imbedded security features as opposed to their interested selling more
cheap IoT devices.
All these challenges arise the need to
develop mechanisms to protect against threats and attacks.
The proposed framework is stand on four
components Authentication, Authorization, Encryption and Cloud Security
6. The Proposed
Hung, “Leading the IoT,” pp. 1–29, 2017. Retrieved from https://www.gartner.com/imagesrv/books/iot/iotEbook_digital.pdf
Manos et al. 2017. “Understanding the Mirai Botnet.” Proceedings of the 26th
USENIX Security Symposium: 1093–1110.
3 Mirai botnet: Three admit
creating and running attack tool. (2017, December 13). Retrieved January 19,
2018, from http://www.bbc.com/news/technology-42342221
4 Vijayalakshmi, A Vithya, and L Arockiam.
2016. “I Nternational J Ournal OF E Ngineering S Ciences & M Anagement R
Esearch A STUDY ON SECURITY ISSUES AND CHALLENGES IN IoT I Nternational J
Ournal OF E Ngineering S Ciences & M Anagement R Esearch.” 3(11): 34–43.
5 E. Oriwoh, “Internet of Things Forensics?: Challenges and
Approaches Edewede Oriwoh Presentation outline,” no. OCTOBER 2013, pp. 1–13,
Suo, J. Wan, C. Zou, and J. Liu, “Security in the internet of things:A review,”
Proc. – 2012 Int. Conf. Comput. Sci. Electron. Eng. ICCSEE 2012, vol. 3, pp.
M. U., et al. “A critical analysis on the security concerns of internet of
things (IoT).” International Journal of Computer Applications 111.7 (2015).
Mahmoud, Tasneem Yousuf, Fadi Aloul and Imran Zualkernan, “Internet of Things
Current Status, Challenges and Prospective Measures”, International Conference
for Internet Technology and Secured Transactions (ICITST), 2015, pg. 336-341.
Congyingzi, and Robert Green. ” Communication security in internet of thing:
preventive measure and avoid DDoS attack over IoT network.” Proceedings of the
18th Symposium on Communications & Networking. Society for Computer
Simulation International, 2015.
10 Borgohain, Tuhin, Uday Kumar, and Sugata
Sanyal. “Survey of
and privacy issues of Internet of Things.” arXiv preprint
11 FRUSTACI, Mario,
Pasquale PACE, Gianluca ALOI, and Giancarlo FORTINO. 2017. “Evaluating Critical
Security Issues of the IoT World: Present and Future Challenges.” IEEE Internet
of Things Journal 4662(c).
12 Hossain, Md Mahmud,
Maziar Fotouhi, and Ragib Hasan. “Towards an analysis of security issues,
challenges, and open problems in the internet of things.” Services (SERVICES),
2015 IEEE World Congress on. IEEE, 2015.
13 Puthal, Deepak, et al.” Threats to Networking
Cloud and Edge Datacenters in the Internet of Things.” IEEE Cloud Computing 3.3
Li, Zhou Xuan, Liu Wen “Research on the Architecture of Trusted Security System
Based on the Internet of Things” 2011 Fourth International Conference on
Intelligent Computation Technology and Automation
H. Weber “Internet of Things – New security and privacy challenges” computer
law & security review 26(2010) 23 – 30