Article

How to disinfect and secure the Internet of Things

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The Internet of Things (IoT) is here. The CES 2015 convention in Las Vegas highlighted smart robots, smart televisions, smart health monitors and smart door locks. Whether by cable, Bluetooth or wifi, nearly everything is interconnected, perhaps to a smartphone, perhaps to a cloud service. From a consumer or business customer perspective, the IoT is convenient and appealing. It's also not inherently safe – not as it exists today. And that is scary.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... Along with technology advances, there are always security challenges. IoT security vulnerabilities or threats range on wide surface as follows: access control [19,22,[66][67][68], bad output [69], brute force [21,70], cloud attacks [71], computation overhead [33,72,73], cryptanalysis [64,74], cryptography [2,56,75,76], data attacks [1,18,19,22 As we can see in Figure 2, the main vulnerabilities/threats that have been paid more attention to deal with in IoT security research are device attacks (10%), data attacks (9%), Denial of Service (DoS) (8%), eavesdropping (4,4%), disruption (4,4%), network attacks (4,4%) and development attacks (4,4%). However, there are several new types of vulnerabilities or attacks that have not been widely studied and discussed in literature such as social context which can be used for social engineering, quantum computing that can be used to easily break modern cryptographic algorithms, machine learning to direct targeted individuals or information, and bad output that can be used as entry point of analysis. ...
Article
The Internet of Things has become a new paradigm of current communications technology that requires a deeper overview to map its application domains, advantages, and disadvantages. There have been a number of in-depth research efforts to study various aspects of IoT. However, to the best of our knowledge, there is no literature that have discussed specifically and deeply about the security and privacy aspects of IoT. To that end, this paper aims at providing a more comprehensive and systematic review of IoT security based on the survey result of the most recent literature over the past three years (2015 to 2017). We have classified IoT security research based on the research objectives, application domains, vulner-abilities/threats, countermeasures, platforms, proto-cols, and performance measurements. We have also provided some security challenges for further research.
... There many recent research works which aim is to secure IoT devices from malware along with other attacks. In a short letter, Hongwen Zhang discusses how to disinfect and secure IoT devices [92]. The domain of securing IoT devices is relatively new; hence there are lots of research opportunities to address issues related to IoT malware such as scalable, distributed, and low cost (power and memory) detection techniques [77]. ...
Chapter
Machine learning (ML) and artificial intelligence (AI) methods are some of the latest advancements in the field of computing. Among these methods, there are nature-inspired techniques such as deep learning and deep neural networks, which are inspired from the neural networks of the human brain. These methods are applicable towards the security of networks and network-connected machines from malware, intrusion, and other cyberattacks. For example, in dealing with modern cyber threats, some standard ML and AI methods that can be useful are malicious code recognition for malware analysis, object-based modeling to classify security threats, and heuristic rule systems for intrusion detection. In this way, ML and AI can play a key role in cyber threat detection and prevention. Due to the large amounts of data packets passing through a network, processing and parsing through that data to find malware, intrusion, or other malicious code and files can be overwhelmingly difficult for humans. Machine learning models can be trained to detect malicious patterns in data or files and can thus be used to automatically detect malware or intrusive activity. Additionally, humans are limited in terms of the amount of time or duration that they can spend, but once programmed, a machine learning model can continue running and operating nonstop to detect and prevent malicious code and files from entering a network-connected system. This can reduce human effort and minimize human error by automating the computing required to detect and thwart cyberattacks. This paper surveys and reviews different AI and ML methods that have been used in past literature for cybersecurity applications. The goal of this work is to aid cybersecurity researchers and professionals on how to employ AI and ML techniques for cybersecurity applications, such as malicious code detection, intrusion detection, and cyber threat analysis.
... There many recent research works which aim is to secure IoT devices from malware along with other attacks. In a short letter, Hongwen Zhang discusses how to disinfect and secure IoT devices [92]. The domain of securing IoT devices is relatively new; hence there are lots of research opportunities to address issues related to IoT malware such as scalable, distributed, and low cost (power and memory) detection techniques [77]. ...
Chapter
Malware is a top threat to the current digital world. It will be more devastating in coming years due to the expansion of information technology in various fields of life, engagement of different type of users, and increased technical sophistication in malware. The changing motivations, multi-resource investment in malware development and Return on Investment (RoI) are the main reasons for the exponential growth in malware. Businesses and users are losing millions of dollars due to various malware attacks. Although there are different Anti-malware solutions and other security software, malware attacks are successful due to inherent limitations of these security products and common security vulnerabilities such as“zero-day”, “buffer-overflow”, etc. This book chapter provides a detailed study about malware, its propagation and attack mechanisms and discusses various anti-malware techniques (machine learning, bio-inspired algorithms etc.). It also presents possible research directions for developing tools and techniques for better protection against malware.KeywordsCyber securityMalwareInformation securityMalware detectionVirusWormTrojanBotBotnetSpywareRansomwareAdwareStatic analysisDynamic analysisSignatureSignature-based detectionBio-inspired malware detectionNature-inspired detectionMachine learning based detectionByte-n-gramOpcode-n-gramPortable executableapkc opcode
... Recent examples of privacy breaches include hacked baby surveillance cams [58] and profiling issues with fitness-tracking devices [59]. Examples of corporate IoT privacy concerns include industrial espionage [60], governmental services [61], [62], and the leak of employee and customer information [63]. Thus, cyber privacy concerns also have personal and corporate dimensions. ...
Article
The Internet of Things (IoT), a worldwide network of interconnected objects uniquely addressable, based on standard communication protocols, has become a disruptive technology, even for decision-makers who develop products based on them. It was reported in 2015 and 2018 that decision-makers associated with the Fortune 1000 firms stated that they were hesitant to use IoT-based value propositions, primarily due to privacy and security concerns. In this article, we view decision-maker willingness to develop IoT-based products through the lens of the social construction of technology (SCOT) theory. We utilize SCOT-based generational cohorts of firm decision-makers to investigate whether generational cohorts of decision-makers are relevant in a firm's decision to launch an IoT value proposition. We argue that it is pertinent to consider age-based generations as stakeholders for IoT, which currently constitutes a gap in the literature on IoT and SCOT. We employ an exploratory survey analysis that supports the relevance of generational decision-making cohorts. We focus on age to the exclusion of other potential decision-maker cohort possibilities and discuss this as a limitation in our conclusion.
... DY intruder, DoS/DDoS, physical attacks, privacy attacks, eavesdropping, data mining, and traffic analysis are primary IoT attacks [167]. Additionally, new types of attacks related to the constrained things characteristics (low power, low processing, etc.) are IoT specific [168]. Such constraints expose devices to new type of attacks (running out of power, running out of memory, etc.) [169]. ...
Article
Recently, there has been an increasing interest in the Internet of Things (IoT). While some analysts disvalue the IoT hype, several technology leaders, governments, and researchers are putting serious efforts to develop solutions enabling wide IoT deployment. Thus, the huge amount of generated data, the high network scale, the security and privacy concerns, the new requirements in terms of QoS, and the heterogeneity in this ubiquitous network of networks make its implementation a very challenging task. SDN, a new networking paradigm, has revealed its usefulness in reducing the management complexities in today's networks. Additionally, SDN, having a global view of the network, has presented effective security solutions. On the other hand, fog computing, a new data service platform, consists of pushing the data to the network edge reducing the cost (in terms of bandwidth consumption and high latency) of “big data” transportation through the core network. In this paper, we critically review the SDN and fog computing-based solutions to overcome the IoT main challenges, highlighting their advantages, and exposing their weaknesses. Thus, we make recommendations at the end of this paper for the upcoming research work.
‘An unprecedented look at Stuxnet, the world's first digital weapon’
  • Zetter
‘Telvent hit by sophisticated cyber-attack, SCADA admin tool compromised’
  • Fahmida