Security And Privacy Issues In IoT

Introduction

IoT is an abbreviation for Internet of Things and it is an umbrella that connects a number of different components to come up with an integrated and advanced application. The components that are involved in an IoT application include technologies, processes, networks, devices, appliances and people. Some of the interesting IoT applications that have already been implemented include home automation, office automation, smart parking applications and many more (Bhabad, 2015). Such an integration of all the components has brought a lot many advantages for the users as well as for the systems. Along with the benefits, there are also some of the risks and drawbacks that are also associated with IoT apps. 

Research Questions

• What are the several types of the security threats and risks in association with the applications that are based on IoT concept? What are the information properties that may have an impact due to these issues?
• What is the level of impact that can result out from the occurrence of a security risk?
• What are the applicable countermeasures that may be implemented in order to put a check on the security threats?
• Is it necessary to implement and look after the condition of physical security in association with an IoT app?

Security and Privacy Issues: Confidentiality Attacks

• Eavesdropping

The components that are involved in an IoT application include technologies, processes, networks, devices, appliances and people. Due to the presence of these components, there are several access and entry points that may be used for eavesdropping (Wood, 2016).

• Unauthorized Tracking

Information does not stay at one point or location in an IoT application. It rather travels from one place to the other which leads to the emergence of a security risk related with unauthorized tracking of the exchange taking place.

• Data Mining Attacks

Business Intelligence concepts are significant in association with IoT and data mining is one technology that holds a lot of importance. There are however numerous security attacks related to data mining that may be executed (Amato, 2016).

• Reconstruction Attacks

Information may also be given a new shape which may lead to the loss of its meaning and value. These attacks are termed as the reconstruction attacks.

Integrity Attacks

• Message Alteration

Information integrity is one of the essential properties of the IoT application and it is necessary to allow only the authorized resources to make changes in the information. However, regular attempts are made to violate the integrity of the information by altering the messages that are transferred between the entities (Microsoft, 2016).

• Media Alteration

Information integrity is one of the essential properties of the IoT application and it is necessary to allow only the authorized resources to make changes in the information. However, regular attempts are made to violate the integrity of the information by altering the media that is transferred between the entities (Aws, 2016).

Availability Attacks

• Flooding Attacks

Application availability on a non-stop basis is a must for experiencing enhanced user satisfaction. There are several flooding attacks that are given shape by the attackers to violate this property of information and application. Garbage data is introduced across the application channels to degrade its performance and availability (Nichols, 2016).

• Server Impersonating

IoT applications involve many servers due to the presence of several components. Attackers make use of the form of attack as server impersonation to negatively impact the application availability.

• QoS Abuse

Application quality and quality of all the associated services is essential for the applications. There are scenarios wherein Quality of Service (QoS) is degraded and abused by introducing several malware on the system (Panetta, 2016).

Discussion with Peers

Discussion on the security issues and threats with peers was done to understand their views and two of peers with details as ABC, Male, 32 and XYZ, Female 38 were involved in the discussion.

They were also concerned with the issues around phishing and spoofing which have not been covered in the list of issues presented above. Apart from these two risks, there were similar problems that were discussed in terms of confidentiality attacks, integrity attacks and availability attacks.

The discussion enabled the participants in the understanding of the security issues in a broader manner with enhancement of knowledge around the same.

Impact of the Issues in Real Life

• Application availability on a non-stop basis is a must for experiencing enhanced user satisfaction. There are several attacks that are given shape by the attackers to violate this property of information and application. It is because of these attacks that the customer engagement and trust is violated and impacted.
• There can be legal consequences that may result from the occurrence of a security attack as the information properties get violated in case of a risk or an attack (Mahmoud, 2015).
• An organization is considered to deliver good performance only when there are minimum security risks reported. The frequency also decides the reputation of the organization in the market. However, the same gets violated if there are frequent attacks that take place.
• The impact is also considerable on the revenues and profits that are associated with the organization (Ko & Dorantes, 2016).

Lessons Learnt

The most important lesson that was acquired from the discussion was the importance and significance of information in real life. Attacks on information can prove to be fatal and the measures that may be taken to prevent and avoid these attacks were also understood with the medium of discussion that was carried out.

Countermeasures

The countermeasures that can be applied to put a check on the security risks and issues are classified in different categories. There may be preventive measures, control measures, measures for detection and avoidance measures that can be taken to make sure that the risks and threats are avoided.

• The impact that results out of any of the availability attack is huge and therefore it is necessary to prevent these attacks. Prevention of these attacks can be done by implementation of anti-denial tools in the application itself that will nullify all the attempts of execution of the availability attacks on the system.
• It is essential to allow only the authenticated entities to access the application along with its back-end. Therefore, two-fold authentication shall be used along with other relevant measures (Lu, 2014).
• Network security shall be upgraded with the use of advanced tools and applications to track the activities on the network. These tools shall include the network monitoring tools, network reporting tools, network auditing tools and likewise.
• Cryptography is one of the advanced security measure that shall be applied in this case as it will convert all the information related with the IoT application in the form of cipher text which will be converted to its original form only with the use of a key.
• There are several packages that are available in the market for the detection and prevention of intruders on the application which shall be installed by the system experts to have a non-stop view of the activities on the application.
• Security of the devices and the appliances that are involved in the IoT application is required as these devices can be considered as a primary threat agent. Upgrading of the devices shall be done regularly. Also, the loss of the devices and appliances shall not take place.
• There shall also be enhancement done to the legal policies that are set up for the information and web application security.
• Basic measures to security shall never be ignored as it is these measures that ensure that the overall security architecture is strong and efficient enough to fight the security risks and attacks.

Role of Physical Security

There are several devices and appliances that are involved in the functioning and integration of the IoT applications. Physical security of these devices and appliances would be essential as the loss or damage to the device will directly impact the application and its performance. Physical security can be set up by making the users aware of the dangers that the loss of device will put on their information. Also, there shall be enhanced security on all the entry and exit points such as those for the data centres or network stations (Jing, 2014). 

Conclusion

IoT is an umbrella that connects a number of different components to come up with an integrated and advanced application. The components that are involved in an IoT application include technologies, processes, networks, devices, appliances and people. There are several security risks and attacks that are possible on the IoT applications that may have a negative impact on the information and application availability, integrity and confidentiality. There can also be legal consequences that may result from the occurrence of a security attack as the information properties get violated in case of a risk or an attack. A particular organization is considered to deliver good performance only when there are minimum security risks reported. The frequency also decides the reputation of the organization in the market. However, the same gets violated if there are frequent attacks that take place. The countermeasures that can be applied to put a check on the security risks and issues are classified in different categories. There may be preventive measures, control measures, measures for detection and avoidance measures that can be taken to make sure that the risks and threats are avoided. There are several devices and appliances that are involved in the functioning and integration of the IoT applications. Physical security of these devices and appliances would be essential as the loss or damage to the device will directly impact the application and its performance.

References

Amato, N. (2016). The hidden costs of a data breach. Journal of Accountancy. Retrieved 3 May 2017, from https://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html

Aws,. (2016). Overview of Security Processes. Retrieved 3 May 2017, from https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf

Bhabad, M. (2015). Internet of Things: Architecture, Security Issues and Countermeasures. Retrieved 3 May 2017, from https://www.ijcaonline.org/research/volume125/number14/bhabad-2015-ijca-906251.pdf

Jing, Q. (2014). Security of the Internet of Things: perspectives and challenges. Retrieved 3 May 2017, from https://csi.dgist.ac.kr/uploads/Seminar/1407_IoT_SSH.pdf

Ko, M. & Dorantes, C. (2016). The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Retrieved 3 May 2017, from https://jitm.ubalt.edu/XVII-2/article2.pdf

Lu, C. (2014). Overview of Security and Privacy Issues in the Internet of Things. Retrieved 3 May 2017, from https://www.cse.wustl.edu/~jain/cse574-14/ftp/security.pdf

Mahmoud, R. (2015). Internet of things (IoT) security: Current status, challenges and prospective measures - IEEE Xplore Document. Ieeexplore.ieee.org. Retrieved 3 May 2017, from https://ieeexplore.ieee.org/document/7412116/

Microsoft,. (2016). Microsoft Core Infrastructure Optimization: IT & Security Processes - Best Practices for Business IT. Microsoft.com. Retrieved 3 May 2017, from https://www.microsoft.com/india/infrastructure/capabilities/itprocesses.mspx

Nichols, A. (2016). A Perspective on Threats in the Risk Analysis Process. Sans.org. Retrieved 3 May 2017, from https://www.sans.org/reading-room/whitepapers/auditing/perspective-threats-risk-analysis-process-63

Panetta, K. (2016). Gartner's Top 10 Security Predictions 2016 - Smarter With Gartner. Smarter With Gartner. Retrieved 3 May 2017, from https://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/

Wood, P. (2016). Social hacking: The easy way to breach network security. ComputerWeekly. Retrieved 3 May 2017, from https://www.computerweekly.com/tip/Social-hacking-The-easy-way-to-breach-network-security