The Cyber Security Vulnerabilities in the Internet of Things: A Case Study.

• Author: Elkhouly, Sayed M. ElSayed

INTRODUCTION

IoT is an umbrella keyword for covering various fields related to the extension of the Web and the Internet into the real physical field by means of increasing the deployment of spatially spread devices with embedded identification, sensor, and actuation capabilities. Internet of Things as a word was first introduced by Kevin Ashton in a presentation during 1998. He stated The Internet of Things would change the world, just as the Internet did before. In 2001, the MIT Auto-ID Lab center presented their viewpoint on IoT. Then, during 2005, this was formally accepted by the International Telecommunication Union (ITU). IoT creates a world where all the things (smart things) around us are connected to the Internet and communicate with one another with the least human intervention. The goal to create IOT is a better world for human life. Imagine that objects around us know what you like/prefer, what you want, and what you need, and act accordingly without explicit clear instructions. Current research on (IO) mainly concentrates on how to empower general things to watch, listen, and smell the physical world around us by themselves (sensor) and connected to share their observations. By this way, monitoring and making decisions can be shifted from the human side to the machine side. IoT is considered as the network connection of devices or physical objects. One of the definitions of IoT is an open and comprehensive network of intelligent objects that has the capability to organize, share, data, information, and resources, reacting and responding in situations and changes in the surrounding environment (Madakam et al., 2015). Sharing of information takes place with the help of communication technologies, such as Radio frequency identification (RFID) and wireless sensor networks (WSN) (Kumar et al., 2015). So, in general, we can say IoT allows people and things to be connected, anyplace, with anything and anyone at any time using any service and any network as shown in Figure 1.

The word Thing in the IoT terminology can be a biochip transponder for a farm animal, a field operation robot that assists in a search and release mission, a heart monitor implant for a person, or any other natural or any man-made object that can be assigned an IP address and has the ability to transfer data and to operate within the existing internet infrastructure (Stankovci. 2014). IoT devices and services can help and assist the elderly and those people with a physical disability to have an independent living with long-term conditions (Tsirmpas et al., 2015). IoT refers to a varying network of physical and virtual things entrenched with electronics, sensors, software, and connectivity to enable these things to achieve certain target value by exchanging data via the internet with other things connected (Gubbi et al., 2013). Some areas where IoT devices are used to solve day problems are as shown in the following Table.1(Naveen, 2019).

There are two kinds of IoT threats: Threats against IoT and threats from IoT. 1) Threats against IoT: In October 2016, a huge Distributed Denial-of-Service Attacks (DDoS) attack was spread out against DNS servers and shut down many HTTP services including Twitter (Hilton, 2016). Hackers used default passwords and usernames of IoT devices and installed the malware on compromised IoT devices [8]. Various other IoT devices have been attacked. 2) Threats from IoT: Researchers find cross-site scripting (XSS) attacks that explore the application and access data and resources that the application can access (Kovacs, 2016) without permission. IoT enabled can compromise the security and privacy of people. In this paper, we focus on protecting IoT devices and presenting a case study view of IoT security and privacy system.

ARCHITECTURE OF IOT

In this section we present different IoT architecture models, IoT enabling techniques, main building blocks of IoT, security requirements needed for IoT, and threats and challenges in IoT. Till now, there has been no agreement on one consistent architecture for IoT by researchers. Different proposed architecture models have been introduced. The first proposed architecture model of IoT consists of four layers, as shown in Figure 2 (Naveen, 2019)

1. Sensor Layer: This is the lower layer of IoT architecture, which involves sensor networks, entrenched systems, readers, and RFID tags or soft sensors. Each of these sensors has an identification and information storage (RFID tags), and information collection (sensor networks), etc.

2. Gateway and Network Layer: This layer is responsible for transferring the information collected by sensors in the previous layer to the next layer. This layer should support the scalability, flexibility, standards universal protocol for transferring data from different types of sensor nodes or high performance, robust networks, and support multiple organizations to communicate independently.

3. Management Service Layer: This layer acts between an interface between the Gateway-Network layer and the application layer. Security and privacy of the data should be ensured in this layer. It is responsible for device management and information management capturing a large amount of raw data, extracting, and taking out relevant information from both the stored data as well as from real-time data

4. Application Layer: This is the topmost layer of IoT which provides a user interface to access various IoT applications such as transportation, health care, agriculture, etc.

   There are other IoT Architectures Three-and Five-Layer Architectures that can be described as below in Figure 3 (Sethi & Serangi, 2017).

   The 3 layer architectures were firstly introduced in the area of IoT in the early stages of study and research. It combined three layers, (perception, network, and application) layers.

   1) The perception layer is a physical layer, contains sensors for identifying and sensing information and data gathering from the rounding atmosphere.

   2) The network layer is responsible for the communication between servers and IoT and network devices,

   3) The application layer delivers the application of specific services to the user. This what a layer is responsible for. It has many applications such as smart health smart homes and smart cities,

   The 5 layers consist of perception, transport, processing, application, and business layers as shown in Figure 3. The role of the perception and application layers is the same as in the 3-layer architecture. The functions of the remaining three layers are discussed in the following:

   1) The transport layer: It is the layer that transmits the censored data from the perception layer to the processing layer and vice versa through networks such as wireless, LAN, Bluetooth, 3G, RFID, and NFC.

   2) The processing layer: This layer is known as the middleware layer which stores, analyzes, and processes huge amounts of data that comes from the previous transport layer. It can use many technologies such as cloud computing, databases, and big data processing modules,

   3) The business layer: The whole IoT system is managed in this layer. It includes applications, business, profit models, and users' privacy.

   The other architecture is a fog architecture (Aazam & Huh, 2014) offering a layered approach, as shown in Figure 4, which adds monitoring, preprocessing, storage, and security layers between the physical and transport layers. The monitoring layer is responsible for monitors' power, resources, responses, and services. The preprocessing layer is responsible to perform filtering, processing, and analytics of the sensor data. The storage layer provides storage functionalities, such as data storage, distribution, and replication. Finally, the security layer performs encryption/decryption to ensure data integrity and privacy. Monitoring and preprocessing functions are completed on the edge of the network before sending data to the cloud.

   IoT Enabling Techniques

   IoT can be enabled using various techniques. Figure 5 shows the technologies that enable IoT. The techniques are Near Field Communication (NFC), Machine-to-Machine Communication (M2M), Radio-Frequency Identification (RFID), and Vehicle-to-Vehicle communication (V2V) (Vishnu et al., 2016).

   RFID monitors objects in real-time. It consists of a reader and tag. Tags are used and applied to objects to get information using a radio-frequency electromagnetic field. The readers are used to scan and read the electronic information in the tag. Microchips with antennas are the tags. NFC is similar to RFID, i.e., integrates the RFID reader into smart phones. NFC is the most trending technology that communicates with other NFC enabled mobiles. M2M is a process of communicating between sensors, computers, microcontrollers, and smart phones. M2M communication is used between different devices and processes the information for sensing and providing access control. V2V is a new technology that use vehicles as a node. Through an ad-hoc network the vehicles communicate with one another. V2V communication is a bit complex because it does not have a static topology.

   IoT Building Blocks

   Four basic...