Introduction to Internet of Things.
‘Internet of things’ term has gained importance in the recent past. Though the concept is not that new as it is thought of this term has been coined by the researchers of industries. It is believed that internet of things will change the way of how computers are working today (Mitchell, 2016).
If seen the technical definition of the internet of things we can say that, it is a system that interlinks all the computing devices, all the mechanical as well as digital machines, any object or human beings or even the animals. Anything and everything that is present in the world with unique identifiers and also has the capability to transfer the data to a network without the need of having any human to human interaction or even without any interaction between human to a computer (Postscapes, 2017).
In the term Internet of Things, the thing can be anything, it can be a person that has a heart monitor implanted in him, or it can be an animal of any farm that has a biochip transponder attached to it, or it can be a vehicle that has built-in sensors attached to it that send alert messages to the driver related to any information regarding the vehicle, or the thing can be anything that is a natural object or is a man-made object that can be given an IP address and also has the capability of transferring any data over a network (Rouse, 2017).
It is simply connecting with so many devices on the internet, allowing other devices to connect with ourselves and letting them talk to us and with the other applications (The Guardian, 2015).
So, if said in simple words, it can be said that internet of things is a concept that mainly connects any device with simply on and off switch of the internet. It is a concept that has the ability and potential to impact the human life as well as has an impact on how the people work (Morgan, 2014).
Impact of Internet of Things
Internet of thing has a great impact on everybody's life. As the new concept of life is that "anything that can be connected will be connected." Internet of things will make life easier and simpler to live in this world. It has the ability to develop the whole new smart cities that can take efforts towards reducing waste in the society as well as it can increase the efficiency of general things like energy use and many more things. And will help us to understand and make continuous improvement in our way of living as well as how we work. It has vast opportunities attached to it which are difficult for a human being to understand its impact today. But as we know anything that provides us with a great opportunity, attached to it comes greater challenges as well. The major challenge being the Security issue that is attached with internet of things. This is the main concern that arises in mind of people when one thinks or talks about the internet of things. It is a challenging task to secure the information when billions of devices are connected with each other. Even the organizations become more vulnerable to the threats attached to the internet of things. Privacy, as well as the issue of data sharing, is also one of the major concerns that are associated with the internet of things (Morgan, 2014).
The main impact of the internet of things in future will be on businesses though the changes will also be seen by the consumers but a major change is expected in the industries. It can also give a start to new business like the supporting companies that can manufacture new connecting devices, new security solutions, decision control system and many more. A lot of scope is there that internet of things is going to provide in future (Iyenger, 2016).
The internet of things in near future can do many new inventions like car driving itself, the computers talking like a human being and conducting every work by just mere conversation with it and will have skills that a normal person has and many more new things that a man have never imagined or even if they had imagined, they never have thought that this will come true one day (Wilson, 2016).
It is expected from the internet of things that it will cause miracles in the field of human efficiency, transportation as well as in the field of health care (Kavis, 2014). So, it can be said that the internet of things has significant ability to change the future of business, consumers, and each and everything to sum up the entire mankind will be impacted due to this. It is even going to have a financial impact as it is expected that it will be approximately about $30 billion by the year 2020 (Hope, 2016). The internet of things is seen to have a great potential that can have significant impact on the health sector, can help to develop new smart cities, have the ability to control pollution and even carry the activity of waste management efficiently in an effective manner, can give new heights to the businesses and change the way people are living today (Muhammed, 2016).
Security challenges and concerns of internet of things
Today there are many objects that are connected to the internet and can communicate with the help of it. Internet has made people's life very comfortable and easy to live but there are many challenges to maintain the security of today's internet of things devices (Infosecinstitute, 2015). The main challenges that are related to security of internet of things are as follows:
- Many points of Vulnerabilities.
Every device of internet of things has potential risk attached to it. It is very difficult for any organization to have control on these devices as well as to maintain the confidentiality of the data that has been collected and sent as well as to maintain the integrity of such data. Vulnerabilities are the weak points of any device or in any system which leaves a scope for the hackers to attack the system and misuse the data or any information that becomes open to him (Koien, 2015). Hackers always try to make use of these loopholes and enter into someone's system by an unethical manner (Brandon, 2016).
The main loopholes in the internet of things devices are that some of them have poor encryption and have many backdoors that leave the possibility for unauthorized access by unethical hackers. And as the internet of things connects many devices to each other, one open device can give the opportunity to access hundreds and thousands of devices on the network which may have many serious consequences (Samani, 2014). The other vulnerabilities are also there like a poor design of the system at the initial stage and making use of plain simple text (Constantin, 2016).
- Trust and data integrity
Trust is the foundation stone of everything. The consumers also feel that way for their service providers and expect from them to continue their work in an ethical manner and keep rebuilding their trust in the organization (Jungo, 2015). Integrity is the most important component for any organization to maintain. It is the important one from confidentiality, integrity as well as availability (Ruubel, 2016). It is very difficult for any organization to find out the authenticity of the data that they have received from a number of sources of the internet of things. There are chances that the data that they have received are compromised or changed to a certain extent that can lead to a further mishap in the organization. There have been a number of cases in which the messages or information sent from the sender has been received by the receiver with some alterations. So, security designs need to be suitable for the devices of internet of things as well as the systems that can create trust in the hardware as well as in the data and also maintain the integrity of such information (Samani, 2014). Any kind of breach of the data integrity will leave an impression that the internet of things device is not able to perform its task correctly as expected, and even have the potential to bring out about the device and make it vulnerable to further attack (Baker, 2017).
- Data collection, protection and privacy
The main aim of internet of things is to improve the lives of people, increase efficiency, make life easier and also to increase the productivity of the organization as well as increase the efficiency of the employees (Samani, 2014). There are too much data available on the internet, there are many unwanted public profiles, and a lot more privacy issues are there that are related to internet of things, and this can have a negative impact on the consumer's confidence (Meola, 2016). The data that internet of things provide helps the people to make smarter decisions. But the main issue here is the privacy of information. The people expect the organizations as well as the government organizations to maintain the privacy of their personal information safeguard it. Today the cases of cyber-attacks are at its peak, the hackers are able to access person's information and even misuse that information (Samani, 2014). Financial account details, details related to personal health, and much more sensitive information become vulnerable to risks if any loophole is found (FTC, 2015). A recent research work conducted by French Technology Institute Eurecom was able to discover nearly 38 vulnerabilities from a bunch of 123 products of internet of things so the ratio is quite large and worrisome (Elvia, 2017). To quote Bill Gates, even he said that earlier it was difficult to find any information but as the world is becoming more digitized, there is a need to have more stringent rules to protect this information (Pollack, 2016).
Security implications of internet of things
As more and more devices are being connected, the need to have a future strategy for proper handling of so many devices and data's attached to it is required (Williams, 2017). It is very difficult to gauge the scope of risk attached to this and to know that how quick can an attack spread in the whole system (Dix, 2015).
The system of internet of things is very complex and this is the main reason that there can be many chances of loopholes in the system at any stage and this can spread further if not checked at the initial stage. The main thing to consider is that a number of ecosystems are working all around at the same time and each ecosystem has its own security implications.
By looking at the above image, the first question that will come in anyone’s mind is that what is the security of the nest device? Or what is the security of the nest service itself? As it can be seen from the image, the nest service other than interacting with itself also interacts with the other services like that of Apple and Google. So, it can be said that usually, the user without going through so many pages of license agreements tend to believe that the internet of things system is secure and expects that the security is ensured.
Expectation of security: The users believe that only the service provider has access to the device connected to their home or to the organizations and they feel secure with the generated user id and password. Even if people come to know about the fact that there is a device on their home network that has the potential to get hacked easily, they do not take any action and remain under the impression that this will not affect the other devices connected to the home network. The people even expect that the service providers will always keep a check on the updates available related to any applications that are used by their service. These services include any kind of web based services and majorly those applications that make use of other internet of things devices for maintaining control, for example any android based phone or any iPhone. The security status of the control devices is the main issue in front of the internet of things service provider as well as in front of the user. It is very essential that all the applications are kept updated to keep a check on the security aspect of the internet of things. Let's say if there is a security issue in an android phone. This may allow the hackers to attack the phone through that loophole and this may further weaken the secure protocol, this may enable the hacker to have access to the information collected by that specific device of the internet of things. The users of such application usually expect from the manufactures of such applications as well as from the service providers of the internet of things that they will secure their network and keep the applications updated. The other major issue that concerns the most is the chances of these devices that are designed to collect the login information and other credentials of the user’s right at the initial stage. There are a lot of hacking devices that can be connected to the device of the internet of things and through wireless activity the information can easily be transported to their main leader and this information can be used in any manner by the hackers. These hacking devices can be connected into the supply chain and further distribution can take place to hundreds of computers or any device of any house or of an organization. This can lead to identity theft as well as hacking of the users of internet of things information. What the hacker can do is that after hacking a specific device he will create many similar functioning devices.
The other main issue that is linked with the security issue is the;
Confidentiality, integrity and availability issue: Users expect confidentiality from the service providers when they use their system. The users think that the information that has been provided to the service provider will be kept to the service provider only. But, this is not the case if one will read the whole license agreement with patience. The person will come to know that there is a clause mentioned in the license agreement that reads that the internet of things service provider can use the user's information in any manner he wants or he can even sell the information to any data aggregator that can relate to another level of monetization. This is very common for the internet of things service providers and this even earns most of the revenues of the internet company. To site one example related to this, it can be said that if a person has browsed a website for bean bags. In the coming few days that person will see advertisements related to bean bags on every website that he opens. Though there is no such confidentiality that is expected in case of bean bags but this can give a start that many further significant issues that will be of major concern. It is even important to know the integrity of the data that has been sent or received by any one. Another major thing related to security is the systems availability. The ability that the systems have in order to defend against the denial of service attacks is also a major concern as this can affect the whole chain of systems that is inter-dependent. This is a major concern as recently people have seen many cases like this, the famous ones being the attacks on the Sony's PlayStation network system and the other major attack on the Microsoft's Xbox Live show which was attacked by a small group of unethical hackers. This does not only limit its attack to game play section but also it had an impact on the gaming consoles ability which was able to buy and also watch movies. This was a very important issue and has put a question mark on the security of internet of things as these companies are very old in the market and these companies suffered due to vulnerability in its system.
Consumer awareness: consumers are usually so much involved in using this internet of things that they tend to ignore the fact that is all this safe and secure? Is our privacy not at stake? (Lazarte, 2016). The users have no awareness among them about the impact that is associated with the internet of things devices can have within their homes. The major factors related to this are the assumptions that internet of things services that are provided and the concern of its security is someone else's responsibility. The compromise that takes place regarding the several user ids and passwords as well as the credit cards information against very few cases of hacking that have taken place ruins reputations. The other issue is the government's messages that name this cyber-attacks under the term cyber vandalism as it creates a sense of confusion among the people. Because of these confusing remarks from the government, the consumers are not able to detect the potential impacts that are related to the increasing use of internet of things devices and services.
Liability: from the development of the user license agreement these internet providers have always tried to manage themselves anyhow harmless from the issue of any damage that has been caused due to the use of their equipments. Today we are using this internet of things devices at our own risk. Though these agreements were specific and were related to majorly devices that were having logical impact on people's lives, for example, any lost email or any kind of corrupted files etc. But this is not going to sustain longer as there are now cases related to committing illegal surveillance that is today giving a new dimension to the concept of stalking. And within no time this issue of surveillance by internet of things will even reach the devices of internet of things that are there in the houses. Though there are only very few cases we have come across and this kind of stalking at home by people will not take much time to spread like fire in the forest.
So, it is on the part of the manufacturers of the internet of things to develop the security of the devices as well as services properly as one cannot expect from the consumers to be a technical experts and deal with the security issues on its own. It should not be expected by the users to take any action for making up the security flaws (Folk, et al., 2015).
According to the Gartner's forecast which was published in May 2014 regarding the internet of things there are some of the security challenges related to internet of things and these are
- Security:the main reason for increasing security concerns is due to increase in the automation and the digitization of the information and every activity.
- Enterprises:all the issues that are related to the security of internet of things can have a bad impact on the enterprises and can increase safety risks of the enterprises.
- Data:there are many data that are at risk. Some related to official confidentiality and some related to a person's personal information, all these come at a risk.
- Storage management: the burden falls on the company on how to secure the data and store the data of so many users safely as well as in a cost effective way so that there is less burden on the organizations.
- Consumer privacy: this is a major issue that comes in front of the service providers to protect the privacy of its users from being breached.
- Server technologies: a lot of money needs to be invested by the service providers on the servers to make them secure from any kind of threat(Hajdarbegovic, 2017). There are many issues that are related to internet of things that needs to be addressed in near future by investing a substantial amount on it (Hajdarbegovic, 2017). It is even expected that the cost incurred on the security of internet of things will increase tremendously in the coming years, putting a financial burden on the pocket of the organization (Rossi, 2016).
To build security, one need to adopt multi- layer approach as only one single control system cannot help to build security in the entire system or device of internet of things. Security is an issue that can be checked and should be addressed throughout the entire lifecycle of the services or the devices of internet of things. Starting from the initial design of the device to the stage of its placement in the operational environment.
- Secure booting: at the time of introduction of the device with the power, the software attached to that device is checked that how authentic is it, and this is verified by making use of cryptographically generated digitized signatures. So, by conducting this activity, it can be said that the foundation of the device is based on the trust but this does not mean that the device is entirely secure. Further protection measures need to be adopted in order to keep a check on the threats that can arise from time to time.
- Access control: the next in line is the number of resources as well as access control that are applied to the devices. There is some rule based access controls that are related to the operating system. These rule based access controls limits the chances of privileges of those devices components as well as their applications in order to limit them to only those resources that are required to do that specific task. This benefits in the way that if any component of the device is compromised these access controls make sure that the intruder that intrudes in these devices have minimum access to the other linked systems. It is found that device based access control systems are similar to the network based access control mechanisms. The benefit of this is that if a person through any illegal means gets the credentials of any organization to get an access to their network will not be able to reach to entire system and will limit its access to that particular area only of which he has acquired the credentials. The main aim behind this is that the hackers if in any way is able to access the network should not be in a condition to reach to organizations systems other parts and this will help in minimizing the effectiveness of the breach of security.
- Device authentication: if any kind of device is connected to the network, the first thing that should be done by the network is that it should be authenticated at the first place before receiving any data or transferring any data. The manner in which the user authentication allows the user to access through the corporate network system on the basis of the user id and the password, in the same manner, the authentication done by machine allows the device to have access to the network on the basis of the credentials that are stored in a secure storage area(Windriver, 2017).
- Firewalling and IPS: there is also a need to have a firewall that is used for the purpose of deep packet inspection. This has the ability to control all the traffic on the internet that has the ability to terminate the devices. There is a need to have this firewall or an IPS even after the company is having network based applications all in the right place. This is mainly for the reason that the embedded devices always have their unique protocols that are different in nature from the IT protocols of the enterprise. So, this IPS is required to identify any unknown activity that may have entered through the non-IT protocols.
- Updates and patches: after the device is installed and started to perform its normal work, the device will start receiving new updates as well as patches. So, on the part of the operators, it is expected from them to remove theses patches as soon as possible and in a manner that it does not consumes more bandwidth or bring any harm to the safety and security of the device. When so many devices are connected to each other it becomes important to have security patches that are used to protect from the vulnerabilities that are attached to it and can enter through so many connected devices. It is very important to consume very less bandwidth on activities like system software updates and also on the security patches(Windriver, 2017).
Internet of things has spread it wings more than anyone would have ever thought of, all the necessary technological advances have already been made in its field (Google, 2017). But, as we know that there is an increasing tendency of cyber-attacks in the future, the main efforts that the companies are taking today is to mitigate these issues though complete eradication is near to impossible as there are experts that make new inventions and the experts only find some loophole to enter into the new inventions so total eradication is difficult but the organizations are trying best to reduce these cases and if any such attack occurs then they try to reduce the impact of those attacks by keeping it limited and solving the issue as soon as they find out (Infosecinstitute, 2015). Security is very essential for the internet of things and the security should be maintained at every stage and should not be only limited to financial transactions matter (Jha & Sunil, 2014).
Baker, A., 2017. Maintaining data integrity in Internet of Things applications. [Online] Available at: https://files.iccmedia.com/pdf/windriver160823.pdf [Accessed 25 may 2017].
Brandon, J., 2016. Security concerns rising for Internet of Things devices. [Online] Available at: https://www.csoonline.com/article/3077537/internet-of-things/security-concerns-rising-for-internet-of-things-devices.html[Accessed 25 may 2017].
Constantin, L., 2016. Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON. [Online] Available at: https://www.csoonline.com/article/3119765/security/hackers-found-47-new-vulnerabilities-in-23-iot-devices-at-def-con.html
[Accessed 25 may 2017].
Dix, J., 2015. The security implications of IoT: A roundtable discussion with four experts. [Online] Available at: https://www.networkworld.com/article/2881754/internet-of-things/the-security-implications-of-iot-a-roundtable-discussion-with-four-experts.html [Accessed 25 May 2017].
Elvia, 2017. Internet of Things Security and Privacy Challenges. [Online] Available at: https://reolink.com/internet-of-things-security-privacy-challenges/[Accessed 25 may 2017].
Folk, C., Hurley, D. C., Kaplow, W. K. & Payne, J. F. X., 2015. The Security Implications. [Online] Available at: https://www.afcea.org/committees/cyber/documents/InternetofThingsFINAL.pdf[Accessed 24 May 2017].
FTC, 2015. Internet of Things. [Online] Available at: https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf[Accessed 25 may 2017].
Google, 2017. Internet of Things. [Online] Available at: https://sites.google.com/site/netothings/home/honor-code-statement/introductio-1/potential-benefits/legal-and-ethical-issues/security-concerns/social-problems/further-research/conclusion
[Accessed 25 May 2017].
Hajdarbegovic, N., 2017. Are We Creating An Insecure Internet of Things (IoT)? Security Challenges and Concerns2017. [Online]
Available at: https://www.toptal.com/it/are-we-creating-an-insecure-internet-of-things[Accessed 24 May 2017].
Hope, J., 2016. Understanding the Internet of Things and Its Impact. [Online] Available at: https://www.digitaldoughnut.com/articles/2016/april/understanding-the-internet-of-things-and-its-impac[Accessed 25 may 2017].
Infosecinstitute, 2015. Security Challenges in the Internet of Things (IoT). [Online] Available at: https://resources.infosecinstitute.com/security-challenges-in-the-internet-of-things-iot/#gref[Accessed 25 May 2017].
Infosecinstitute, 2015. The Emergence of IoT: Is Security a Concern?. [Online] Available at: https://resources.infosecinstitute.com/the-emergence-of-iot-is-security-a-concern/#gref[Accessed 25 may 2017].
Iyenger, S., 2016. The impact of the internet of things in 2026. [Online] Available at: https://data-informed.com/the-impact-of-the-internet-of-things-in-2026/[Accessed 25 May 2017].
Jha, A. & Sunil, M. C., 2014. Security considerations for internet of things. [Online] Available at: https://www.lnttechservices.com/media/30090/whitepaper_security-considerations-for-internet-of-things.pdf[Accessed 25 May 2017].
Jungo, C., 2015. Integrity and trust in the Internet of Things. [Online] Available at: https://www.swisscom.ch/content/dam/swisscom/en/about/responsibility/digital-switzerland/security/documents/integrity-and-trust-in-the-internet-of-things.pdf.res/integrity-and-trust-in-the-internet-of-things.pdf.[Accessed 25 may 2017].
Kavis, M., 2014. Don't Underestimate The Impact Of The Internet Of Things. [Online] Available at: https://www.forbes.com/sites/mikekavis/2014/07/21/dont-underestimate-the-impact-of-the-internet-of-things/#65ec4bdb1baa[Accessed 25 may 2017].
Koien, M. A. a. G. M., 2015. Cyber Security and the Internet of Things:Vulnerabilities, Threats, Intruders and Attacks. Journal of Cyber Security, 4(River Publishers), pp. 65-88.
Lazarte, M., 2016. Are we safe in the Internet of Things?. [Online] Available at: https://www.iso.org/news/2016/09/Ref2113.html
[Accessed 25 May 2017].
Meola, A., 2016. How the Internet of Things will affect security & privacy. [Online] Available at: https://www.businessinsider.com/internet-of-things-security-privacy-2016-8?IR=T[Accessed 25 may 2017].
Mitchell, B., 2016. Introduction to the Internet of Things (IoT). [Online] Available at: https://www.lifewire.com/introduction-to-the-internet-of-things-817766[Accessed 24 may 2017].
Morgan, J., 2014. A Simple Explanation Of 'The Internet Of Things'. [Online] Available at: https://www.forbes.com/sites/jacobmorgan/2014/05/13/simple-explanation-internet-things-that-anyone-can-understand/#103c31201d09[Accessed 24 May 2017].
Muhammed, A., 2016. 5 Ways the Internet of Things Impacts Your Daily Life. [Online] Available at: https://www.business2community.com/big-data/5-ways-internet-things-impacts-daily-life-01447717#TAyzEdEHYIVLe451.97
[Accessed 25 may 2017].
Pollack, D., 2016. Internet of Things Makes Big Data Even Bigger (And Riskier). [Online] Available at: https://www2.idexpertscorp.com/blog/single/internet-of-things-makes-big-data-even-bigger-and-riskier[Accessed 25 may 2017].
Postscapes, 2017. Best Internet of Things Definition. [Online] Available at: https://www.postscapes.com/internet-of-things-definition/
[Accessed 25 may 2017].
Rossi, B., 2016. 4 unexpected implications arising from the Internet of Things – Gartner. [Online] Available at: https://www.information-age.com/4-unexpected-implications-arising-internet-things-gartner-123460779/[Accessed 25 May 2017].
Rouse, M., 2017. Internet of Things. [Online] Available at: https://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT[Accessed 24 may 2017].
Ruubel, M., 2016. Privacy and Integrity on the Internet of Things. If all you have is a PKI hammer…. [Online] Available at: https://guardtime.com/blog/privacy-and-integrity-on-the-internet-of-things-if-all-you-have-is-a-pki-hammer-dot-dot-dot
[Accessed 25 may 2017].
Samani, R., 2014. 3 key security challenges for the Internet of Things. [Online] Available at: https://securingtomorrow.mcafee.com/business/3-key-security-challenges-internet-things/[Accessed 24 may 2017].
The Guardian, 2015. What is the internet of things?. [Online] Available at: https://www.theguardian.com/technology/2015/may/06/what-is-the-internet-of-things-google[Accessed 25 may 2017].
Williams, L., 2017. Implications of the Internet of Things. [Online] Available at: https://blog.externetworks.com/implications-of-the-internet-of-things/?MTS[Accessed 25 May 2017].
Wilson, N., 2016. How Will the Internet of Things Impact Everything?. [Online] Available at: https://www.govtech.com/fs/internet/How-Will-the-Internet-of-Everything-Impact-Everything.html[Accessed 25 may 2017].
Windriver, 2017. Security in the Internet of Things. [Online] Available at: https://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf
[Accessed 24 May 2017].