Professional Documents
Culture Documents
A Comprehensive Study of Various Cyber Attacks Against Iot Devices and Security Measures To Prevent Them
A Comprehensive Study of Various Cyber Attacks Against Iot Devices and Security Measures To Prevent Them
2 54
3
security measures to prevent them 55
4 56
5 57
6
NILOY, FARDIN AHMED, 16-33038-3, F, CSE, AIUB 58
7 MD. NOZIB UD DOWLA, 16-33040-3, F, CSE, AIUB 59
8 60
9
SYED FAZLUL KARIM, 16-33037-3, F, CSE, AIUB 61
10 62
Internet of Things is the interconnected smart device throughout the Internet with different kinds of applications. Lately, IoT devices
11 63
are becoming increasingly popular because it makes our life more comfortable. However, due to various uses of IoT devices, there are
12 64
13
many devices which use different types of architecture. Thus, increasing the complexity to maintain the security of those devices. An 65
14 IoT device may hold personal information such as name, address, blood group, banking information etc. So, It is essential to secure IoT 66
15 devices so that information does not get leaked. In this paper, we will discuss different types of attack that are performed against 67
16 different types of IoT devices, and we will present methods to prevent them. 68
17 69
18
CCS Concepts: • Computer systems organization → Embedded systems; Redundancy; Robotics; • Networks → Network 70
19 reliability. 71
20 72
Additional Key Words and Phrases: datasets, neural networks, gaze detection, text tagging
21 73
22 ACM Reference Format: 74
23 Niloy, Fardin Ahmed, MD. Nozib UD Dowla, and Syed Fazlul Karim. 2018. A comprehensive study of various cyber attacks against 75
24 76
IoT devices and security measures to prevent them. In Woodstock ’18: ACM Symposium on Neural Gaze Detection, June 03–05, 2018,
25 77
Woodstock, NY . ACM, New York, NY, USA, 10 pages. https://doi.org/10.1145/1122445.1122456
26 78
27 79
28
1 INTRODUCTION 80
29 Project: Systematic Literature Review on cyber attacks against IoT devices and security measures to prevent them. 81
30 82
In recent time, the number of Iot devices has increased dramatically. Internet of things has become part and parcel of
31 83
32
our life. Every electronic household product ranging from light bulbs to refrigerators nowadays is connected to the 84
33 internet. 85
34 In this modern era, it is a common way to use devices with voice or monitor various things such as security cameras, 86
35 87
health data, road traffic from smartphone. However, this convenience comes at the cost of our security. Because each
36 88
37
product is different and performs several tasks, developers use different protocols, creating security loopholes. 89
38 Often it seems that to manufacture devices at low cost, companies tend not to provide essential security features such 90
39 as HTTPS network protocol. An IoT device has lots of sensors which collects our data; for example, A security camera 91
40 92
monitors record videos of our office or home. That data is then sent to us over the internet to our phones. Most of the
41 93
42
time collected data are not encrypted. Moreover, many IoT devices still use HTTP protocol giving an attacker the ability 94
43 to eavesdrop on a device. Without encrypting data or securing network an attacker can easily collect those personal 95
44 information. Due to the various uses of IoT devices, no standard is being followed. Thus, increase the complexity to 96
45 97
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not
46 98
made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components
47 99
of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to
48 100
redistribute to lists, requires prior specific permission and/or a fee. Request permissions from permissions@acm.org.
49 101
© 2018 Association for Computing Machinery.
50 Manuscript submitted to ACM 102
51 103
52 1 104
Woodstock ’18, June 03–05, 2018, Woodstock, NY Niloy , Fazlul and Nozib.
313 𝑻 𝒓𝒂𝒏𝒔𝒎𝒊𝒔𝒔 𝒊𝒐𝒏 phase: In this phase, data are transmitted from the collection phase to users, applications, or APIs. Data 365
314 366
transfer technologies such as Ethernet, Wi-Fi, Bluetooth are used to transfer data. Most of the attacks happen in this
315 367
phase.
316 368
317 𝑷 𝒓 𝒐𝒄𝒆𝒔𝒔 𝒊𝒏𝒈 phase: In this state, data are analyzed to learn about the environment. Sometimes IoT device has to take 369
318 action based on analyzed data. This phase is a middle man between a physical object and a user application. 370
319 371
It is essential to understand those phases in order to learn about fully understand IoT attacks.
320 372
There are multiple types of IoT devices that use a different kind of architecture. Commonly used are 3 layers, 4 layer
321 373
322 and 5 layer architectures. In this section, we will discuss about 3 layers [19]; perception, transportation, and network 374
323 layer,as shown on figure: 1 as those layers are highly targeted for attacks. 375
324 376
325 377
326 378
327 379
328 380
329 381
330 382
331 383
332 384
333 385
334 386
335 387
336 388
337 389
338 390
339 391
340 392
341 393
342 394
Fig. 1. Attack against IoT Layers
343 395
344 396
345 397
346 398
347 399
348 3.1.1 Percption Layer: This Layers has physical sensors and actuators of an IoT device that are used to sense the 400
349 environment and collect information. The widespread attacks at this stage are jamming and tempering data. In jamming 401
350 attacks, communication are blocked by using high-frequency signals. For example: an attacker can disconnect a security 402
351 403
camera from its network using Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack. However, recently
352 404
353 attackers use advance attacks to avoid various protective measures like Intrusion Detection System (IDS) / Intrusion 405
354 Prevention System (IPS). To prevent those attacks, a monitoring system is proposed by Liu et al. to recognize interference 406
355 and a real transmission where the amount of energy consumed is verified each time to ensure it is not an attack [14]. 407
356 408
This system can identify interference; however, it fails to detect or prevent other attacks. To deal with those issues,
357 409
358 an advanced Deep Learning (DL) model is developed by researchers Erpek, Tugba, Yalin E. Sagduyu, and Yi Shi [8] to 410
359 launch and prevent jamming attacks. In their work, they presented a way to solve the issue. The classifier will analyze 411
360 the spectrum and predict successful transmission; then, the defense system will generate misleading transmission to 412
361 413
confuse the attack. The research has concluded its performance, and the model’s accuracy was 69%. In both techniques,
362 414
363 it is crucial to ensure that accuracy and performance to detect real-time jamming attacks. 415
364 4 416
A comprehensive study of various cyber attacks against IoT devices and security measures to preventWoodstock
them ’18, June 03–05, 2018, Woodstock, NY
625 proper security measures have been implemented in a way such that scalability are not hampered. In this section, we 677
626 678
will discuss some security practices which is required for better security.
627 679
628 680
3.2.1 Authentication Method: It is common to use an application to access IoT device data. For example, a user uses an
629 681
application to see security camera footage. To ensure that proper user is viewing the data, authentication is a necessary
630 682
631 thing. The most popular authentication method is to use a password. However, most of the time user does not use a 683
632 strong password [18]. Most of the time, they use the same password for different services. Often attackers get access to 684
633 685
user passwords by tricking them using social engineering. So, to tackle those issues, it is recommended to use two-factor
634 686
authentication. In a two-factor authentication scenario, even attacker has the user password they won’t be able to get
635 687
636 access to the data. Two alternative authentication methods are discussed below. 688
637 689
• MFA: MFA stands for Multi-factor Authentication as the name suggests it involves 2-step or 3-step authentication.
638 690
639
Generally, 2-steps verification is enough. However, in a highly secure environment, often, 3-steps verification 691
640 is implemented. This authentication is easy to use, effective, and does not cost much to implement. Basic 692
641 authentication is done by password; then, second verification is done by a one-time password. OTP is sent to 693
642 694
the user email or phone number depending on the situation [18]. In this way, even if the attackers know the
643 695
644
password, they will not be able to get access. 696
645 • Biometric Authentication: As of now, most of the smartphones have a biometric sensor built-in for authentication. 697
646 Many services are adopting the concept of a password-less sign by using biometric verification. This concept is 698
647 699
getting popular day by day as it is much convenient for users because users do not need to memorize complex
648 700
649
passwords or have the risk of using weak passwords for different services. Biometric authentication requires 701
650 bio-features of users like a fingerprint, iris recognition, or face recognition [2]. However, current technology 702
651 has some issues for biometric authentication. Sometimes a biometric sensor can be tempered by using fake 703
652 704
data. But in the future, when those problems are solved, biometric sensors will be a popular alternative for
653 705
654
a password-based login system. Both this system makes sure that only valid user has access to data. For the 706
655 highly secure environment where security is a top priority, the 3-steps solution can be used by combining 707
656 password-based authentication with those two authentication systems. 708
657 709
658 3.2.2 SDN:. Software Defined Networking is growing in popularity in various enterprise areas like smart home, 710
659 711
business, e-healthcare system, etc. In a computer network, the main components are switches and routers. A router/
660 712
switch have two function control plane and data plane. The Control plane decides where to send the data, and the
661 713
662 data plane takes the data to a specific destination. Typically, control and data planed are coupled in networking. 714
663 However, in the SDN system, the control and data plane are separated from each other. For controlling each function, a 715
664 716
software-based solution is used called controller. Controller can remotely control the control plane. The Data plane is
665 717
executed in hardware, and controls plane is controlled by software. By SDN, it is possible to monitor traffic and detect
666 718
667 cyber attacks. It is also capable of isolating the affected node [10]. 719
668 720
669 3.2.3 IDS:. Intrusion detection systems is a method of detecting malicious network activity to detect if a network is 721
670 attacked or not. It also helps to identify valid users and prevent unauthorized access. As demand for IoT devices is 722
671 increasing IDS system has become part and parcel for ensuring security. According to uses, IDS can be categorized in 3 723
672 724
ways, network-based, host-based, and application-based [16]. Now it is common practice to use IDS to detect a cyber
673 725
674 attack. However, for ensuring security, an IDS must have to be efficient and quick to detect and report an attack. Also, 726
675 it must make less false alerts. However, if an IDS detect attacks correctly, but it takes longer time to report, then this 727
676 7 728
Woodstock ’18, June 03–05, 2018, Woodstock, NY Niloy , Fazlul and Nozib.
729 will not be useful. So it is essential to use an algorithm to detect anomalies quickly with less false reports. To solve this 781
730 782
issue, researchers are trying to implement AI approaches [9]. In each layer, we tried to introduce a security measure to
731 783
ensure IoT devices are protected against cyber attacks. The security measure we discussed is selected accordingly to
732 784
733 suit the requirements of each layer. 785
734 786
735 • Authentication: We showed methods to secure devices from unauthorized users. 787
736 788
• IDS: For transport and network layer, we suggest using IDS monitoring to detect attacks and report them.
737 789
738
• SDN: Nowadays, SDN provides better security than other networking practices. SDN is secure, easy to control, 790
739 and much more efficient. 791
740 792
741 793
742 3.3 User Side Situation Monitoring 794
743 795
A user uses different types of clients to access data from IoT devices. Nowadays, it is popular to use a mobile phone
744 796
application to monitor IoT devices. The communication between an IoT device goes through a different network
745 797
746 protocol. In the previous section, we discussed how to secure those layers. In this section, we will discuss application 798
747 side security management. 799
748 800
Encryption: It is necessary to ensure that all the data is coming or going to the IoT device are adequately encrypted.
749 801
Without proper encryption, an attacker can easily see what data is passing between the user and the IoT device. For
750 802
751 added security manufacturer must implement IEEE802.15.4 specification and AES-128 encryption system. Various 803
752 solutions have been proposed to tackle data encryption. 804
753 805
User Authentication: It is essential to ensure that valid users accesses data. For this reason, authentication is a must.
754 806
Nowadays, every smartphone is equipped with a biometric authentication system. With that authentication system,
755 807
756 users can be authenticated. Moreover, we can use a key distribution system [11] . In that scenario, users will be verified 808
757 and given a session key. With that session key and user credentials, users will be able to communicate with IoT devices. 809
758 810
759 811
760 4 FUTURE RESEARCH DIRECTIONS 812
761 813
4.1 Preventing Attacks on IoT Layers
762 814
763 Due to increasing popularity, the number of IoT device is proliferating. For this reason, it is getting harder to maintain 815
764 816
security because there is no standard architecture for IoT devices. So, to solve this issue, a standard architecture can
765 817
be created. This architecture will have machine level behaviour analysis and real-time monitoring system so that if a
766 818
767 device is affected by any attack user will be notified immediately. Also, to improve security, an ML model can be created 819
768 to monitor performance, if any device is sending or receiving unusual data, then the system will check for anomalies to 820
769 821
detect and prevent an attack.
770 822
771 823
772 4.2 IoT security as a service 824
773 825
774
In future IoT devices, security can be maintained by the third party. Vendors will offer security monitors to prevent 826
775 unwanted attacks. Most of the time, users lack the expertise to secure their devices. So third party will ensure the proper 827
776 setup, or we can use the SDN solution for remote monitoring. Moreover, we can create a machine learning model to 828
777 829
ensure our devices are safe. Using machine learning, we can understand the pattern of attacks and take measurements
778 830
779
to prevent them. 831
780 8 832
A comprehensive study of various cyber attacks against IoT devices and security measures to preventWoodstock
them ’18, June 03–05, 2018, Woodstock, NY
937 [18] A. Ometov, V. Petrov, S. Bezzateev, S. Andreev, Y. Koucheryavy, and M. Gerla. 2019. Challenges of Multi-Factor Authentication for Securing 989
938 Advanced IoT Applications. IEEE Network 33, 2 (2019), 82–88. 990
939 [19] L. Santos, C. Rabadao, and R. Gonçalves. 2018. Intrusion detection systems in Internet of Things: A literature review. In 2018 13th Iberian Conference 991
940 on Information Systems and Technologies (CISTI). 1–7. https://doi.org/10.23919/CISTI.2018.8399291 992
941 993
942 A CONTRIBUTION RECORD 994
943 995
944
Details of each group member’s contribution are populated to the following tables. 996
945 997
946 A.1 Paper Assessment 998
947 999
948 1000
Student id & name Paper No frm Ref Paper Title
949 1001
950
16-33038-3 Niloy,Fardin 1, 3, 4, 5, 6, 7, 8, 12, 14, 15, 19 1002
951
Ahmed 1003
952
16-33040-3 MD. Nozib 2, 9, 10, 18, 16 1004
953
UD Dowla 1005
954
16-33037-3 Syed Fazlul 11, 13, 17 1006
955
Karim 1007
956 Table 4. Paper collected and read by the group member 1008
957 1009
958 1010
959 1011
960 1012
A.2 Paper writing contribution
961 1013
962 1014
963 Student id & name Section No Section Title 1015
964 16-33038-3 Niloy,Fardin 1, 3.1, 3.1.1, 3.1.2, 3.1.3, 4.1, 6 1016
965 Ahmed 1017
966 16-33040-3 MD. Nozib 3.2 ,3.2.1, 3.2.2, 3.2.3, 4.2, 5 1018
967 UD Dowla 1019
968 16-33037-3 Syed Fazlul 2, 2.1, 2.2, 2.3, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 3.3, 1020
969 Karim 4.3 1021
970 1022
Table 5. Section(s) Written in the paper by the group member
971 1023
972 1024
973 1025
974 1026
975 1027
976 1028
977 1029
978 1030
979 1031
980 1032
981 1033
982 1034
983 1035
984 1036
985 1037
986 1038
987 1039
988 10 1040