Project Report 1

GREATER NOIDA INSTITUTE OF TECHNOLOGY
(ENGINEERING INSTITUTE)
ELEVATING SECURITY
WITH SMART IOT AND
ULTRASONIC SENSOR
INTEGRATION
SUBMITTED BY:
AKASH KUMAR(220132155007)
VIKASH KUMAR(2201321550066)
SHIVAM KUMAR(2201321550057)
DEVANK RAJPUT(220132155019)
Abstract
Internet of Things (IoT) devices have increased rapidly in recent years, revolutionizing
many industries, including healthcare, manufacturing, and transportation, and bringing
benefits to both individuals and industries. However, this increase in IoT device usage
has exposed IoT ecosystems to numerous security threats and digital forensic
challenges. This thesis investigates the most common IoT security threats and attacks,
students’ awareness of them and their mitigation strategies, and the key challenges
associated with IoT forensic investigations.
A mixed-method approach is adopted in this thesis combining a literature review and a
survey study. The survey assesses students’ knowledge of IoT security threats, mitigation
techniques, and perceptions of the most effective ways to enhance IoT security. The
survey also emphasizes the importance of user training and awareness in mitigating IoT
threats, highlighting the most effective strategies, such as stronger regulations and improved
device security by manufacturers. The literature review provides a comprehensive overview
of the most common IoT security threats and attacks, such as malware, malicious code
injection, replay attacks, Man in the Middle (MITM), botnets, and Distributed Denial
of Service Attacks (DDoS). The mitigation techniques to these threats are overviewed
as well as real-world incidents and crimes, such as the Mirai botnet, St. Jude Medical
implant cardiac devices hack, and the Verkada hack, are examined to understand the
consequences of these attacks.
Moreover, this work also highlights the definition and the process of digital and IoT
forensics, the importance of IoT forensics, and different data sources in IoT ecosystems.
The key challenges associated with IoT forensics and how they impact the effectiveness
of digital investigations in the IoT ecosystem are examined in detail. Overall, the results
of this work contribute to ongoing research to improve IoT device security, highlight
the importance of increased awareness and user training, and address the challenges
associated with IoT forensic investigation
Acknowledgment
We would like to express our deep gratitude to our project guide Dr. Gambhir
Singh Department of Internet Of Things, for her guidance with unsurpassed
knowledge and immense encouragement. We are grateful to Dr. Inderdeep
Verma, Head of the Department, Internet Of Things, for providing us with the
required facilities for the
completion of the project work. We are very much thankful to the Principal and
Management, GNIOT, Greater Noida, for their encouragement and cooperation
to carry out this work.
We express our thanks to Project Coordinator Dr.Gambhir singh, for her
continuous support and encouragement. We thank all teaching faculty of
Department of IOT whose suggestions during reviews helped us in
accomplishment of our project. We would like to thank Dr.Gambhir Singh of the

Department of IOT, GNIOT for providing great assistance in accomplishment of
our project.
We would like to thank our parents, friends, and classmates for their
encouragement throughout our project period. At last but not the least, we thank
everyone for supporting us directly or indirectly in completing this project
successfully.
PROJECT STUDENTS
2201321550007 AKASH KUMAR

2201321550066 VIKASH KUMAR
2201321550057 SHIVAM KUMAR
2201321550019 DEVANK RAJPUT
List of Figures
2.1 Survey Process Flowchart..................................................................................9
3.2 Replay Attacks..................................................................................................13
3.3 Man-In-The-Middle (MITM) attack.................................................................15
3.4 Mirai Botnet......................................................................................................17
4.5 Familiarity with the Concept of IoT.................................................................27
4.6 Level of Concern Regarding IoT Device Security...........................................27
4.7 Awareness of Common IoT Security Vulnerabilities......................................28
4.8 Familiarity with Various IoT Security Threats................................................29
4.9 Most Significant IoT Security Threats According to Respondents..................29
4.10 Perceived Importance of Built-in Security Features in IoT Devices................30
4.11 Measures Taken by Respondents to Secure IoT Devices.................................30
4.12 Perceived Importance of User Education in Maintaining IoT Security...........31
4.13 Belief in Shared Responsibility for IoT Security.............................................31
4.14 Most Effective Approaches to Improving IoT Security...................................32
Contents
List of Figures
1 Introduction 1
1.1 Background.........................................................................................................1
1.2 Related Work......................................................................................................2
1.3 Problem Formulation..........................................................................................3
1.4 Motivation..........................................................................................................3
1.5 4
1.6 Results................................................................................................................4
1.7 Limitation of The Study.....................................................................................5
1.8 Outline................................................................................................................5
2 Method 6
2.1 Research Project.................................................................................................6
2.2 Research Methods..............................................................................................6
2.2.1 Conducting The Review........................................................................6
2.2.2 Survey Methodology and Design..........................................................7
2.2.2.1 Survey Creation and Design..................................................7
2.2.2.2 Survey Overview...................................................................9
2.3 Ethical Considerations......................................................................................10
3 Theoretical Background 11
3.1 IoT Security Threats, Mitigation Techniques, and Real-world Incidents........11
3.1.1 IoT Security Threats............................................................................11
3.1.1.1 Malware and Malicious Code Injection Attacks.................11
3.1.1.2 False Data Injection (FDI) Attack.......................................12
3.1.1.3 Replay Attack......................................................................12
3.1.1.4 Cryptanalysis and Side-channel Attacks.............................13
3.1.1.5 Eavesdropping Attack.........................................................14
3.1.1.6 Distributed Denial of Service (DDoS) Attack.....................14
3.1.1.7 Spoofing Attack...................................................................14
3.1.1.8 Man In The Middle (MITM) Attack...................................15
3.1.1.9 Sinkhole Attack...................................................................16
3.1.1.10 Sleep Deprivation Attacks...................................................16
3.1.2 IoT Security Crimes.............................................................................17
3.1.2.1 The Mirai Botnet Attack......................................................17
3.1.2.2 The Jeep Hack.....................................................................17
3.1.2.3 St. Jude Medical Implant Cardiac Devices Hack................18
3.1.2.4 The Attack on The Heating Systems in Finland..................18
3.1.2.5 The Verkada Hack...............................................................19
3.2 IoT Forensics....................................................................................................19
3.2.1 Digital and IoT Forensics....................................................................19
3.2.2 Importance of IoT Forensic.................................................................20
3.2.3 Data Sources within IoT Ecosystems..................................................21
3.3 Challenges of IoT Forensics.............................................................................21
3.3.1 Lack of Standardization and Heterogeneity........................................21
3.3.2 Limitation of Storage Capacity and Processing Capabilities..............22
3.3.3 Data Location and Identification.........................................................22
3.3.4 Lack of Technical Capabilities............................................................23
4 Results 24
4.1 Theoretical Framework Findings.....................................................................24
4.1.1 IoT Security Threats and Attacks........................................................24
4.1.2 Challenges in IoT Forensics................................................................25
4.2 Survey Results..................................................................................................26
4.2.1 IoT Familiarity and Security Concerns................................................26
4.2.2 Awareness of IoT Security Threats and Vulnerabilities......................27
4.2.3 Security Measures, Practices, and Shared Responsibilities.................29
5 Analysis and Discussion 33

5.1 Research Question 1: IoT Security Threats, Mitigation Techniques, and
Real-world Incidents........................................................................................33
5.2 Research Question 2: Students’ Awareness of IoT Security Threats and
Mitigation Techniques......................................................................................34
5.3 Research Question 3: Challenges Associated with IoT Forensics...................36
6 Conclusion and Future Work 38
References 39
1 Introduction
The project focuses on IoT security threats and the challenges associated with IoT forensics.
The project employs a mixed-method approach combining a literature review and a survey
study. Moreover, the project aims to explore the most common IoT security threats and
attacks, their mitigation techniques, and their consequences in real-world incidents. In
addition, the study will assess students’ awareness of IoT security threats, their mitigation
strategies, and the best ways to improve IoT security. The paper will also present IoT
forensics, data sources in IoT ecosystems, and the importance of IoT forensics. It will
give a comprehensive overview of the challenges associated with IoT forensics and their
impact on the investigation process of the IoT systems.
This is a 15 HEC Bachelor thesis in Computer Science for Linnaeus University. As a team,
we have collaborated closely on the project, sharing the workload equally. Abdulrahman
primarily focused on IoT security threats and mitigation strategies, while Waseem explored
IoT forensics and associated challenges. Both actively contributed to the survey study,
Introduction, and Conclusion and participated in the Discussion, Methodology, and Theore-
tical Background chapters, ensuring a high-quality outcome.
This chapter will present an overview of the study, while the related work section will
summarize existing research and highlight the current knowledge and research gaps.
The problem formulation presents the knowledge gap the project aims to address by
introducing the research questions. The relevance of this work will be presented in the
motivation section, followed by the results, the limitations, and the target group of this
study. The final section will outline the entire thesis.
1.1 Background
The Internet of Things (IoT) describes the interconnected network of devices embedded
with software, processing ability, sensors, network connectivity, and other technologies
enabling them to collect and exchange data and perform tasks autonomously. Various
wireless protocols are used by IoT devices to communicate with each other such as
Bluetooth, Zigbee, and Wi-Fi. These communication protocols enable data exchange
between the devices and allow them to integrate with the various cloud platforms for
storage and processing [1].
According to recent estimates, the number of IoT devices worldwide has grown rapidly,
with approximately 19.8 billion in use as of 2023. This number is expected to surge
to 30.9 billion by 2025, highlighting the rapid expansion of IoT technology in various
sectors, including healthcare, manufacturing, smart cities, and transportation [2].
Despite the many benefits of IoT devices, the rapid increase in the usage of IoT has
also given rise to many security threats and privacy issues. The large amount of data
generated and processed by IoT devices has made them an attractive target for attackers
and cybercriminals. Some common security threats in the IoT systems include Malware
attacks, Distributed Denial of Service (DDoS) attacks, Man In The Middle (MITM)
attacks, Malware, and unauthorized access [3]. Several real-world IoT crimes, such as
the Mirai botnet, the Verkada hack, and the St. Jude Medical implant devices hack,
have shown the consequences of security incidents on individuals, healthcare, and
critical
1
infrastructure.These cases have caused significant economic and societal impacts,
highlighting the importance of addressing IoT security challenges [4].
The Mirai botnet, for example, was responsible for taking down a large portion of the
internet when the malware infected hundreds of thousands of IoT devices, transforming
them into a massive botnet. This botnet was used to launch DDoS attacks against
multiple targets, including DNS provider Dyn, which led to widespread outages of
many websites and services. The resulting downtime has cost businesses millions of
dollars in lost revenue while also raising concerns about the vulnerability of the internet
infrastructure [5].
The increasing number of IoT crimes and security incidents has highlighted the need
to develop practical IoT forensic tools and techniques. IoT forensics involves collecting,
analyzing, and preserving digital evidence from IoT devices to support investigations
into cybercrimes. However, IoT forensics faces many challenges due to the nature of
IoT systems, such as the diversity of devices, data formats, and communication
protocols, which complicates the forensic process. Another challenge is the data location
and identification, as evidence data can be distributed across many cloud platforms
worldwide. Moreover, IoT devices’ limited storage capacity and processing power can
further complicate the forensic process and make collecting and analyzing digital
evidence difficult [6].
1.2 Related Work

This section reviews the current state of literature related to the research questions of
this study, providing contexts and identifying gaps in the current research.
Regarding the most common IoT security threats and attacks, several studies have researc-
hed the different types of threats and attacks targeting IoT systems, such as Ratna et al.
[7], who investigated the different threats and attacks in IoT systems and some of their
possible solutions. Similarly, Alauddin et al. [8] provided an overview of the security
threats and challenges in IoT architecture across its three layers; network, application,
and perception. Their research also highlights the increasing security vulnerabilities as
the number of IoT devices and associated privacy concerns increase. However, none of
these papers have discussed the consequences of these threats on real-world incidents.
Regarding key challenges facing IoT forensics, Maryam et al. [9] have discussed the
challenges faced by IoT forensic investigators in IoT environments, where traditional
forensic tools might not be suitable due to the complex nature and the multiple layers
of investigation in IoT ecosystems. Geetanjali et al. [10] highlight the cyber attacks
associated with the increased usage of IoT devices and the forensic challenges
associated with investigating these attacks.
Although these studies have considerably contributed to our understanding of IoT forensics
and its associated challenges, research on IoT forensics is still limited, requiring more
investigation to bridge current research gaps and provide a more comprehensive view of
IoT Forensic investigations.
2
1.3 Problem Formulation
The rapid growth in the number of IoT devices has led to increased security threats,
attacks, and forensic challenges associated with it. As IoT continuously integrates into
various aspects of our daily lives, it becomes increasingly important to understand these
threats, assess the level of awareness among individuals, and identify the key challenges
in IoT forensics. There is still a significant research gap in this field as the current body
of knowledge is relatively limited. In this section, the problem will be formulated by
presenting the research questions that will guide the research:
RQ1 What are the most common IoT security threats and attacks, their mitigation
techniques, and their consequences in real-world incidents?
RQ2 What is the level of students’ awareness of IoT security threats and their
mitigation techniques, and how do they perceive the most effective ways to
enhance IoT security?
RQ3 What are the key challenges associated with IoT forensics, and how do they
impact the effectiveness of digital investigations in the IoT ecosystem?
1.4 Motivation
IoT devices have rapidly increased and revolutionized many industries, including
healthcare, manufacturing, smart cities, and transportation. Many security and privacy
concerns have risen with the growth of IoT devices, leading to increased related crimes
[11]. Therefore, the need to address these security threats and the forensic challenges
associated with IoT forensics is becoming increasingly important from a scientific,
industrial, and societal perspective.
From a scientific perspective, the challenges presented by IoT security and forensics
require further research and development. The diversity of IoT systems and the complexity
of their systems require detailed research into the security threats and attacks facing
them. Moreover, traditional digital forensics tools might not be suitable for IoT
domains due to the unique characteristics of IoT devices, such as their lack of
standardization and the limitation of their storage and processing capabilities. This
research will contribute to existing knowledge and the understanding of IoT security and
forensics by exploring common IoT threats, mitigation strategies, and real-world
incidents, as well as assessing students’ awareness levels; this study will help to identify
areas where further education and awareness are needed. Additionally, by examining the
challenges in IoT forensics, the research will provide insights that can guide the
development of practical tools and techniques for future investigators in the IoT domain.
From a societal perspective, the rapid integration of IoT devices’ integration into our
lives has created a lot of privacy and security concerns for individuals and communities;
understanding these concerns is therefore crucial. In this study, it is crucial to
investigate students’ awareness of IoT security threats, their mitigation techniques, and
the most effective ways to improve IoT security.
From an industrial perspective, many industries have integrated IoT systems into their
operations. This growth exposes these industries to new security risks that could lead to
financial losses and reputational damages. Industries can better protect their operations
customers by comprehensively understanding IoT security threats and attacks.
3
In this thesis project, these motivations will be addressed by investigating the most common
IoT security threats and attacks, their mitigation techniques and their real-world consequen-
ces (RQ1), examining students’ awareness of IoT security threats and their mitigation
strategies (RQ2), and exploring the key challenges associated with IoT forensics (RQ3).
The study will identify gaps in current knowledge and contribute to the existing research
and development of more secure IoT systems.
1.5 Results
The expected results of this study are aimed at providing state-of-the-art insights regarding
IoT security threats, user awareness, and possibilities for forensic measures, as outlined
below:
1. IoT Security Threats, Mitigation Techniques, and Real-World Incidents: A
comprehensive overview of the most common IoT security threats and attacks, their
mitigation techniques, along with real-world incidents showing the consequences
of these attacks. This part of the study aims to provide an understanding of the
current landscape of IoT security challenges and their impact on IoT ecosystems.
2. Survey on IoT Security Awareness: A survey study assessing students’ awareness
of IoT security vulnerabilities, threats, mitigation strategies, and their perception
of the most effective ways to improve IoT security. This part of the study aims to
provide valuable insights into the students’ IoT security awareness.
3. IoT Forensic Challenges: An analysis of the challenges associated with IoT forensics
and their impact on the effectiveness of digital investigation in the IoT ecosystem.
This part of the study highlights key challenges and improvement areas in IoT
forensic processes.
These expected results contribute to answering the research questions and improving
our understanding of IoT security threats, user awareness, and forensic challenges. The
methods used to validate these results will be discussed in detail in the Method chapter.
Detailed findings regarding IoT security threats and real-world incidents will be
presented in Chapter 3, while the analysis and discussion of the survey results can be
found in Chapter 5.
1.6 Limitation of The Study

Despite the efforts to ensure the study’s validity and reliability, some limitations exist
that may impact the results. Some of the limitations of this study include
1. Limited research sources: Although we used reputable databases such as IEEE
Xplore, ScienceDirect, and ResearchGate to gather academic papers, the scope of
our literature review might be constrained by the limited accessibility to certain
publications we don’t have access to with our university accounts. This restriction
could result in the exclusion of some valuable academic papers.
2. Exclusion of interviews: Initially, we planned to interview experts in IoT security
and forensics to gather their valuable insights. However, due to time constraints
and the challenges of contacting and scheduling interviews with experts, we
decided to focus on a survey study and a literature review. This decision may
have limited our ability to obtain qualitative data from professionals in the field.
4
3. Survey sample size and diversity: Although we did our best to distribute the
survey to as many participants as possible, the sample size may not be large
enough to draw final conclusions. In addition, the participants consist only of
students with a computer science background, potentially limiting our findings’
applicability.
4. Potential bias: Despite the efforts taken to conduct an unbiased literature review,
our understanding of IoT security and forensics may have impacted the selection
of articles. There is, therefore, a possibility that some perspectives could have
been overlooked in the analysis.
1.7 Target Group

A mixed-method approach was chosen because it provides a more comprehensive underst-
anding of the IoT security landscape by combining qualitative and quantitative research.
By using a literature review, we can explore the existing literature research related to
IoT security and forensics. The survey study gathered insights into students’ awareness
and perceptions.
For the literature review method (RQ1 and RQ3), the target group includes researchers
and academics in IoT security and digital forensics. For the survey method (RQ2), the
target group consists of students in Computer Science, Information technology,
Security, and other related fields. This combination of target groups allows for a
comprehensive understanding of the current state of IoT security and forensic
investigations, as well as the level of awareness among students regarding IoT security
vulnerabilities, threats, mitigation techniques, and the most effective ways to enhance
IoT security.
1.8 Outline
The structure of this thesis is organized as follows:
• Chapter 2 (Method) describes the research project, methods, and ethical

considerations. It also presents the review process and the survey methodology
and design.
• Chapter 3 (The Theoretical Background) investigates the theoretical aspects of

IoT security threats and attacks, IoT forensics, and their associated challenges.
This chapter provides a comprehensive analysis of the most common IoT threats,
their mitigation techniques, real-world incidents, and the importance and
challenges of IoT forensics.
• Chapter 4 (Results) introduces the key aspects of our findings from the literature
review and the survey results.
• Chapter 5 (Analysis and Discussion) provides an in-depth analysis and discussion

of the paper’s results.
• Chapter 6 (Conclusions and Future Work) concludes the study findings. This chapter
also suggests future research directions in IoT security and forensic investigations.
Appendix: This section includes the survey questions

References: A list of academic papers is provided at the end of this paper.
5
2 Method
In this chapter, the methodological approach used in this thesis project will be outlined.
Section 2.1 provides an overview of the overall research project. Section 2.2 describes
the methods, specifically the combination of a literature review and a survey study, and
covers the process followed when conducting the review, detailing the search strategy,
selection criteria, and data extraction and quality assessment in Section 2.2.1 and
providing an overview of the survey methodology and design in Section 2.2.2. The
latter covers the survey creation process in Section 2.2.2.1 and provides an overview of
the survey content in Section 2.2.2.2. Finally, Section 2.3 presents the ethical
considerations taken during the research process.
2.1 Research Project

This project aims to provide a thorough analysis of IoT security threats and attacks and
the associated forensic challenges using a mixed-method approach to gather insights
from both theoretical and practical perspectives. The research methodology is designed
as a roadmap consisting of several objectives to achieve the goal and address the
knowledge gap. First, a literature review will be conducted to understand the theoretical
background and current knowledge of IoT security threats and forensic challenges. This
will help identify the research gaps and provide an in-depth understanding of the current
state of the art. Additionally, a survey will be conducted targeting students. It will assess
their knowledge and awareness of IoT security threats, mitigation techniques, and
perceptions of the best ways to improve IoT security.
2.2 Research Methods

A multimethod approach is employed in this thesis project, combining a literature
review and a survey study as described in Section 1.7. Each method addresses specific
research questions and comprehensively understands IoT security threats, forensic
challenges, and mitigation strategies. In this Section, each research method is described
in detail:
2.2.1 Conducting The Review

The literature review process was guided, in part, by Kitchenham’s principles [12] for
conducting systematic literature reviews, with certain adaptions to fit the less formal
approach of a non-systematic literature review. Therefore, inclusion and exclusion
criteria and quality assessment score, are on a less detailed level. The following steps
were followed when conducting the review:
1. Defining the research questions: The research questions answered through the literature
review were clearly defined to the scope of the literature search (as shown in Section
1.3).
2. Identifying relevant literature: A comprehensive search of relevant databases, including

IEEE Xplore, ScienceDirect, Researchgate, and Google Scholar, was conducted.
Our literature selection was broad, including published and peer-reviewed articles,
reports, and theses. Moreover, The research involved the use of a combination of
keywords and Boolean operators such as “AND,” “OR,” and “NOT” to ensure that
the search results were specific to our research questions.
6
3. Extracting the data from relevant literature: After the initial search using the keyword
“IoT forensic,” we got 1,283 results. To refine our search and focus on the most
relevant literature, we established the following inclusion and exclusion criteria,
which were applied to “IoT forensic” as well as other keywords, such as “IoT
security,” “IoT attacks,” and “cloud forensics”:
Inclusion Criteria:
(a) The paper contains the relevant keyword in the title, abstract, or keywords.
(b) The paper was published between 2016 and 2023, ensuring recent and up-to-date
information.
(c) The paper is a research, conference, review article, report, or thesis.
(d) The paper must be written in
English. Exclusion Criteria:
(a) The paper does not focus on IoT forensics or security.

(b) The paper is a duplicate of another paper in our research results.
(c) The paper’s full text is not accessible through our’s university subscription
services.
(d) The paper does not have a clear methodology.
After applying these inclusion and exclusion criteria to our research results for
“IoT forensic,” we were left with 189 academic papers. We estimate that we have
examined between 60 and 70 papers for data extraction. The remaining papers
were used to get additional information.
4. Quality Assessment: Each paper went through a quality assessment to score its
quality, relevance, and validity. This process was based on the following criteria:
(a) The research questions were identified and relevant to the scope of our study.
(b) The methodology was clearly described.
(c) The results were clearly reported and supportive of the conclusions.
(d) The discussion and conclusion sections were included.
Please note that the criteria and the process we followed do not strictly adhere to Kitchenham’s
guidelines for systematic literature reviews, as we conducted a more general literature
review.
2.2.2 Survey Methodology and Design

2.2.2.1 Survey Creation and Design
The survey creation and design process was performed to assess the level of awareness of
IT students regarding IoT security threats and their mitigation techniques. This assessment
is important because it provides insights into the current state of knowledge among future
IT professionals, who will play an important role in securing IoT systems. By understanding
their awareness, educators can develop educational programs to better prepare students
for the challenges they will face in the IoT security landscape. In addition, this review
can contribute to the ongoing efforts to improve IoT security by identifying development
areas.
7
This section outlines the various steps and considerations involved in the development,
and administration of the survey study, as illustrated in Figure 2.1:
1. Review of Existing Literature: This step involves conducting a comprehensive

review of existing literature to identify gaps and ensure that the survey questions
are relevant to the research topic and helps inform the development of survey
questions.
2. Development of Questions: Drawing from the literature review findings, a set of

questions was created for the survey to assess students’ knowledge and gather
their opinions and perspectives on the security threats IoT devices face and their
mitigation techniques. The survey questions were designed to bridge the theoretical
understanding from the literature review with the practical insights of IT students.
The survey aims to answer RQ2 and contribute to IoT security research by supporting
the information gathered during the literature review.
3. Create a Survey Form: In this step, the developed questions are included using
Google Forms.
4. Iterative Refinement: This step involves refining the survey questions based on
feedback from the supervisor.
5. Pilot Test: A pilot test was conducted with a selected group of students. The
feedback helps inform adjustments to the survey form before the wider
distribution.
6. Conduct Survey: Once the survey is finalized, it is distributed to students through

various channels (Discord, Slack, and personal contacts). All participants have
been informed about the survey’s purpose, confidentiality, and voluntary nature.
The final survey consisted of 10 questions (Shown in Appendix A). The questions
were divided into two Sections to assess participants’ understanding efficiently
and exclude students unfamiliar with IoT from proceeding to the next Section.
Multiple- choice and checkbox options were used to help the data collection
process and simplify the analysis of the results.
The first Section consists of a single question that assesses the participant’s familiarity
with IoT. Based on the response, the participants either proceed to the next Section
if they are familiar with IoT or are directed to a message thanking them for their
participation and informing them that the survey only targets individuals with a
certain level of knowledge of IoT.
The second Section (IoT Security Concerns and Solutions) comprises nine questions.
It aims to collect students’ perspectives on IoT security vulnerabilities, threats,
mitigation techniques, and the most effective ways to improve IoT security.
7. Data Export and Processing: After data collection, the survey responses are exported
to a CSV file for further processing and analysis.
8. Presentation of Results: The collected data is organized, and the results are presented
in Chapter 4.
9. Analyze Data and Discussion: In this step, the presented data is analyzed and
discussed in the context of the research objectives and existing literature. The
8
analysis and discussion are presented in Chapter 5.
9
Figure 2.1: Survey Process Flowchart
2.2.2.2 Survey Overview

The survey was kept open for two weeks due to the limited project timeline and the
need to proceed with analysis and report writing. Although this short duration may have
limited the number of participants to 33, the survey still captured valuable information
from the respondents. Most respondents were pursuing undergraduate or graduate
degrees in IT, computer science, or related fields.
The participants were presented with nominal choices, and the survey was arranged logically
to improve the result’s quality. Moreover, The survey aimed to assess the student’s
familiarity with IoT security threats and solutions and study the importance of user education
in ensuring IoT security.
Question 1 aims to ensure whether participants understand the concept of IoT, which is
important for answering the subsequent questions. Question 2 assesses the participants’
level of concern about IoT security. Questions 3-6 focus on participants’ awareness of
common IoT security vulnerabilities and threats. Question 7-9 investigates the participants’
10
awareness of various security measures, the importance of user education, and the
shared responsibility of IoT security. Question 10 aims to identify the most effective
ways to improve IoT security.
2.3 Ethical Considerations

Several ethical considerations have been taken when conducting the survey study and
ensuring the confidentiality of the participants. All participants were informed about the
purpose of the survey and that no personal information was collected. The participants
were also informed that the collected data would only be used for research. In addition,
The survey was collected anonymously, and participants’ responses cannot be traced
back to them. Moreover, the survey results were stored securely to protect them from
unauthorized access. In addition, all participants were informed that participation is
voluntary and they can withdraw anytime.
Regarding the literature review part, digital libraries like IEEE Xplore, Google Scholar,
ScienceDirect, and ResearchGate were used to gather resources. While ACM and Springer
also provide valuable academic resources, our research needs were met by the selected
digital libraries. Furthermore, no permission is required to use these libraries’ articles
and scientific papers. All sources have been referenced properly in the References
Section, and the selection process has been defined in detail in Section 2.2.1. Overall, All
necessary considerations will be taken to ensure the highest ethical standards in our
project.
11
3 Theoretical Background
The rapid expansion of IoT devices has created many opportunities in various aspects of
our lives. However, this rapid growth has also given rise to various security challenges,
risks and the need for effective forensic challenges to address these issues. This chapter is
based on the extensive literature survey and aims to provide a comprehensive understanding
of the various IoT security threats, mitigation strategies, real-world cyber crimes, and the
forensic challenges associated with investigating these crimes.
This chapter is outlined as follows: Section 3.1 presents IoT security threats and attacks
and their mitigation strategies. It also discusses various cyber crimes, enabling us to
understand the consequences of IoT security threats and the importance of securing IoT
ecosystems. Section 3.2 explains the concept of IoT forensics, discussing Digital and
IoT forensics, the importance of IoT forensics, and the data sources of IoT systems.
Finally, Section 3.3 presents the IoT forensics challenges identified through the
literature review. Understanding these challenges associated with IoT forensics will
help researchers find solutions to enhance the effectiveness of digital forensics in IoT
systems.
3.1 IoT Security Threats, Mitigation Techniques, and Real-world Incidents

As the Internet of Things (IoT) continues to expand, connecting billions of devices
worldwide, security challenges and threats have emerged, causing significant risks to
user privacy, data integrity, and device functionality [11]. This section is based on the
findings from the literature review of the selected studies. It presents an overview of ten
commonly discussed IoT security threats in the literature and their mitigation strategies.
Identifying these IoT security threats and attacks was based on their recurrence in the
reviewed academic papers. This shows how often these threats are discussed in the IoT
security field, not how they rank in order of significance. In addition, this Section
explores real-world incidents corresponding to these IoT threats, showing their real-life
consequences.
3.1.1 IoT Security Threats

This subsection presents an overview of ten commonly discussed IoT security threats in
the literature and their corresponding mitigation strategies.
3.1.1.1 Malware and Malicious Code Injection Attacks

Malware and malicious code injection attacks are significant cybersecurity threats that
target IoT devices and systems. In these attacks, attackers introduce malicious code into
IoT devices or networks to compromise their functionality, steal sensitive data, or gain
unauthorized access.
Malware attacks on IoT infrastructure involve spreading malicious code such as viruses,
worms, ransomware, or botnets, which can exploit vulnerabilities in IoT systems. These
attacks often target web applications or communication protocols used by IoT devices
[13].
These attacks allow attackers to get unauthorized access to IoT devices, allowing them
to control device functionality and compromise data integrity. Attackers can also steal
sensitive data stored on IoT devices, such as passwords and login credentials, resulting
in privacy breaches. Attackers can also disrupt the functionality of IoT devices and
12
networks
13
by injecting them with malicious code, causing service outages. Attackers can also
infect devices with malware and use them to launch further attacks [14].
Stuxnet is an example of a malware attack that targeted industrial control systems. Stuxnet
exploited vulnerabilities in the software used to control centrifuges in Iranian nuclear
facilities, causing physical damage to the equipment [15].
Regular security updates and patches, implementing strong authentication methods and
using secure communication protocols can also help reduce the risk of these attacks
[16]. In addition, intrusion detection and prevention systems can help for early detection
of these attacks by monitoring network traffic for patterns indicating these attacks [14]
[17].
3.1.1.2 False Data Injection (FDI) Attack

In this attack, attackers aim to manipulate the data being collected or transmitted
between IoT devices, causing them to provide faulty outputs or trigger unintended
actions. FDI attacks often exploit vulnerabilities in the communication protocols IoT
devices use to transmit data, such as insufficient encryption and lack of authentication
[18].
Some possible consequences of FDI attacks include compromised data integrity, where
the attackers corrupt or alter the data being collected and processed by IoT devices,
leading to incorrect decision-making, which can have severe consequences in critical
sectors such as healthcare, energy, and transportation systems. An example of FDI
attacks would be an attacker injecting false sensor readings into an industrial control
system, leading to equipment failure. Another impact would be privacy violations, as
attackers can gain unauthorized access to sensitive information in IoT devices by
injecting false data into them that monitor personal activities [19].
For prevention, strong encryption algorithms can be implemented to ensure the confidentiality
and integrity of data being transmitted between IoT devices, making it more difficult for
attackers to inject false information. Strong authentication and authorization mechanisms
should be implemented to verify the identity of communication partners. Moreover,
digital signatures or message authentication codes should be integrated to detect and
prevent transmitting tampered data. Regular security updates and patches should be
implemented to address known vulnerabilities [14] [20].
3.1.1.3 Replay Attack

In this attack, attackers target IoT devices by intercepting and retransmitting valid data
packets to gain unauthorized access. Attackers start by capturing data packets, often
containing authentication data, during a legitimate transaction between two devices in
the IoT network. The attacker then retransmits the captured data to the system later,
attempting to trick the receiving device into accepting the packets as authentic,
exploiting the system’s vulnerability [21].
Another consequence of replay attacks is that they can compromise the integrity of IoT
systems by introducing duplicate or outdated data packets, causing the device to make
incorrect decisions based on the duplicated data. Moreover, replay attacks can result in
a loss of privacy and disclosure of sensitive information, such as user credentials and
device-specific information. This attack can also decrease device performance by
14
causing it to process and respond to redundant data packets, consuming resources such
as memory
15
and processing power [22].
An example of IoT devices that can be targeted by replay attacks include Smart home
systems and Industrial IoT,devices. In smart home systems, a replay attack could target
the communication between a smart lock and its associated mobile application (figure 3.
2). The attacker could intercept and store a legitimate unlocking command, then replay
it later to gain access to the home. Attackers can also target communication between
sensors and control systems in industrial IoT devices [22].
Figure 3.2: Replay Attacks
For prevention, timestamps can be added into transmitted data packets to help identify
and drop replayed data packets. The receiving device can then check the timestamps of
incoming packets and discard the ones with timestamps outside a predefined range [22].
In addition, adding a unique sequence number to each transmitted packet can prevent
replay attacks as the receiving device can only accept sequence numbers higher than
previously received packets, effectively rejecting any replayed packets. Additionally,
using digital signatures and message authentication codes (MAC) can also help protect
against reply attacks. In addition, Intrusion detection systems can also help prevent
replay attacks by monitoring network traffic for replay attack patterns, such as repeated
authentication attempts or duplicates [14] [22].
3.1.1.4 Cryptanalysis and Side-channel Attacks

In the cryptanalysis attack, the attackers aim to exploit vulnerabilities in the
cryptographic algorithms to decrypt and compromise the security of the encrypted data.
Attackers can also manipulate and tamper with the encrypted data to gain unauthorized
access [23].
Side-channel attacks, on the other hand, exploit data leaked during the execution of
cryptographic operations, such as timing information and power consumption. Attackers
can then use this data to gather security keys or other sensitive information. Some common
side-channel attacks include timing and power analysis attacks [24].
Both cryptanalysis and side-channel attacks can have severe consequences for IoT systems,
as they can lead to unauthorized access to sensitive data, manipulation of device functionality,
and disruption of critical services. Moreover, compromising cryptographic keys can lead
16
to a loss of trust in the affected systems.
For prevention, strong encryption algorithms need to be developed and implemented in

IoT devices. IoT devices also need built-in security by default to help mitigate the risk
of side-channel attacks [23] [25].
3.1.1.5 Eavesdropping Attack

This attack involves the unauthorized capturing and monitoring of data transmitted between
devices within an IoT system. Packet sniffing is one of the techniques used by attackers
to capture and analyze traffic between IoT devices and networks. Eavesdropping attacks
aim to gain access to sensitive data, such as login credentials, credit card numbers,
personal information, and organizational information, which can then be used to launch
further attacks [26] [27].
To protect against this attack, strong encryption algorithms can be implemented to ensure
the confidentiality and integrity of data transmitted between the devices in the network,
making it difficult for attackers to decipher data. Secure communication channels, such
as Virtual Private Networks (VPN), can also help mitigate eavesdropping attacks by
providing additional security and protection. Moreover, using two-factor authentication
and network segmentation can limit the eavesdropping attack’s impact [14] [26].
3.1.1.6 Distributed Denial of Service (DDoS) Attack

In this attack, multiple compromised devices flood a target system, such as a server
or network, with a large amount of traffic, making it unavailable or unresponsive to
legitimate users. This attack is specifically concerning due to the increased number of
IoT devices with different security levels, making them an easy target for attackers to
exploit and use as a part of a botnet for launching DDoS attacks [5].
In addition to disrupting services and causing systems to become unavailable, This

attack also results in financial losses through costs associated with downtime service
provided by the targeted company. During a DDoS attack, Attackers can also exploit
security vulnerabilities in IoT systems to access and steal sensitive data, leading to
further attacks. Moreover, physical damage to IoT devices, servers, or network
infrastructure can be another consequence of this attack, as these systems cannot handle
the high traffic load caused by this attack [28].
The Mirai botnet attack (2016) is an example of a massive DDoS attack that took down
major websites and internet infrastructure providers, such as the DNS provider Dyn.
The attack caused widespread internet outages and affected many companies, including
Twitter, Netflix, and GitHub [5].
For prevention, regular network monitoring and traffic analysis, implementing access
control mechanisms and rate limiting, Intrusion detection and prevention system
(IDPS), and ensuring proper security configuration of IoT devices, such as changing
default passwords and applying security patches, can help prevent or reduce the impact
of this attack [29] [30].
3.1.1.7 Spoofing Attack

This attack involves the attacker impersonating a legitimate device or user by manipulating
17
the data transmitted over a network, such as IP and MAC addresses. This attack aims to
gain unauthorized access to sensitive information, impersonating legitimate devices to
manipulate data or launch further attacks such as DDoS, replay, and MITM attacks.
This attack can also disrupt the standard functionality of IoT devices by injecting false
data, causing IoT devices to become unavailable [31].
Additionally, wireless sensor networks can also be susceptible to spoofing attacks, where
an attacker impersonates a legitimate sensor node, injects false data, or disrupts the operation
of the network by sending malicious commands [32].
To protect IoT devices against this attack, it is essential to implement proper authentication
mechanisms, such as digital certificates or public key infrastructure (PKI), which can
help ensure the authenticity of IoT devices and users. Network segmentation can also
limit the impact of spoofing attacks by dividing the network into different zones and
segments. Some other security solutions include intrusion detection and prevention
systems (IDPS) and regular security updates and patches [14] [33].
3.1.1.8 Man In The Middle (MITM) Attack

In this attack, the attacker intercepts and manipulates the traffic being transmitted
between devices in the network (Figure 3.3). This attack can target various communication
channels, including Wifi, Bluetooth, Zigbee, and cellular networks. The attacker can
eavesdrop on the communication or impersonate a legitimate device to gain
unauthorized access to sensitive information or launch further attacks. Attackers can
also alter the data traffic transmitted between IoT devices and users or servers,
potentially leading to incorrect decision-making or compromised data integrity [34].
Figure 3.3: Man-In-The-Middle (MITM) attack
For prevention, strong encryption protocols can help secure communication between
IoT devices and servers, making it difficult for attackers to eavesdrop or manipulate
traffic during transmission. Other solutions, such as network segmentation, security
updates and patches, proper authentication, and secure communication protocols such as
IPSEC, can help protect against MITM attacks [35].
18
3.1.1.9 Sinkhole Attack
In this attack, the attackers infect a node with malicious code that makes it attracts
network traffic from other IoT devices and presents itself as the best path toward a
target destination. IoT devices use dynamic routing protocols to communicate, meaning
that each device will try to find the best route for data transmission [36]. In this case, the
attackers manipulate these routing protocols in the infected device and make it promote
itself as the best path toward a destination. This will cause routing protocols in other
devices in the network to have the sinkhole device as their best path toward a
destination and send their network traffic through it. By having complete control over
the network traffic, the attackers can do malicious activities to the network traffic, such
as dropping and altering it [37].
Sinkhole attacks can also allow attackers to capture sensitive information affecting individuals
and organizations. The attackers can also alter the data transmitted by these devices or
sensors, leading to incorrect data being transmitted to the destination. By routing traffic
through the sinkhole, this attack can also cause lead to early battery drain and reduced
network lifetime [37].
For mitigation, secure routing protocols should be implemented to protect IoT networks
from sinkhole attacks. In addition, Intrusion Detection Systems (IDS) and strong encryption
algorithms can make it more difficult for attackers to launch sinkhole attacks. Other
countermeasures, such as network segmentation and regular security updates, can also
prevent this attack [38].
3.1.1.10 Sleep Deprivation Attacks

In this attack, the attackers attempt to drain the energy resources for battery-powered
IoT devices by sending them continuous requests to keep them awake and preventing
them from entering their low power sleep mode and thereby exhausting the battery life,
overloading the network, and causing device failure [39].
Many of these battery-driven IoT devices are located in remote locations that could be
hard to reach. These devices are designed to operate in low-power modes and have various
sleep modes to save energy. Sleep deprivation attacks aim to keep these devices busy
and prevent them from entering their sleep modes, causing their battery resources to
drain and the devices to overheat, leading to potential physical damages [39].
Another consequence of this attack is its negative impact on the network performance.
Keeping the devices awake, will generate more network traffic and consume more bandwidth,
causing potential delays and creating congestion points in the network. This attack can
also lead to further attacks, such as eavesdropping and denial of service attacks [21].
It is important to implement proper authentication and access control mechanisms that can
help reject unauthorized requests and limit the ability to perform this attack. Moreover,
designing IoT networks with multiple communication paths can help mitigate the
impact of this attack by ensuring that the network continues to function even if some
devices lose power [21] [40].
19
3.1.2 IoT Security Crimes
The widespread adoption of IoT devices has increased the risk of cyber attacks and
vulnerabilities that attackers can exploit. Many security and privacy concerns about IoT
vulnerabilities to security breaches and their impact on critical infrastructure and
services have been raised. This section will examine five of the most common real-
world crimes on or launched by IoT: the Mirai botnet, the Jeep hack, and ST. Jude
Medical implant cardiac devices hack, the attack on the heating systems in Finland, and
the Verkada hack.
3.1.2.1 The Mirai Botnet Attack

The Mirai botnet attack was one of the largest series of Distributed Denial of Service
attacks that turned IoT devices into zombies controlled by the attackers and used them
as part of their botnet to launch the attack.
The Mirai botnet was first identified when the attack started in 2016. The attacker’s botnet
was composed of over 600,000 infected IoT devices, including cameras, routers, and other
devices. The malware spread very rapidly, and the botnet was capable of launching a
series of DDoS attacks on a massive scale and targeted some of the high targets,
including the DNS domain service provider Dyn, which caused significant disruption to
internet services, some popular websites and many other critical services taking down a
significant part of the internet affecting and millions of people around the world [41].
The attack on Dyn was devastating, targeting a critical part of the network
infrastructure. The attackers could flood the DNS servers with traffic causing them to
crash and making it impossible to access the affected internet services and websites
(figure 3.4) [5].
Figure 3.4: Mirai Botnet
This attack highlights the potential risks of vulnerable IoT devices and their impact
on critical infrastructure such as Internet services.
3.1.2.2 The Jeep Hack

The Jeep hack is another notable example of a cyber attack caused by IoT security
vulnerabilities, specifically the unconnected system integrated into many vehicles,
20
including Chrysler, Ram, Jeep, and Dodge vehicles. This system is connected to the
internet via a
21
cellular network and has many functions, including Satellite radio, Bluetooth connectivity,
and voice-activated commands. A group of cyber security experts discovered and exploited
a vulnerability in the unconnected system in a Jeep vehicle, which gave them access to
the car’s CAN bus. The CAN bus is the communication medium between the various
systems and has many functionalities, including steering and brakes [42].
By gaining access to the CAN bus, the researchers could send commands and take
control of the vehicle’s critical systems. They were able to accelerate, brake, and steer the
vehicle. They could also stop the brakes from working while driving at full speed. This
incident raised many security concerns and highlighted the potential risks of IoT
vulnerabilities to critical systems such as automobiles [42].
3.1.2.3 St. Jude Medical Implant Cardiac Devices Hack

The St. Jude Medical Implant Cardiac devices, including pacemakers, cardiac
resynchro- nization therapy, and Implantable Cardioverter-Defibrillators (ICDs), which
contain confi- gurable embedded computer systems and are used to monitor and regulate
the heart’s electrical activity, send a shock to the patient’s heart if a dangerous condition
is detected and prevent sudden cardiac arrest. These cardiac devices are monitored and
controlled by a transmitter connected to the patient’s computer and the Internet. With
the help of this transmitter, clinicians and nurses can remotely monitor the patient’s
heart activity [43].
A group of cybersecurity researchers discovered the vulnerabilities in ST. Jude implantable

cardiac devices. If the attackers discovered these vulnerabilities, it could allow them to
remote access the cardiac devices, disrupt the normal functionality of the devices by
doing unauthorized changes to the firmware and harm the patient’s health [44].
The security researchers found that the vulnerabilities in these cardiac devices were caused
by a lack of authentication and cryptographic failures in the communication protocol
used by the devices. These vulnerabilities, if exploited, could allow the attackers to
tamper with the traffic between the cardiac devices and the controllers and allow the
attackers to modify and inject malicious code. The attackers can use this vulnerability
to cause life-threatening hacks that could cause the cardiac implanted devices to speed
at potentially dangerous rates or cause them to stop working by exhausting their battery
resources.
The number of cardiac devices affected by this vulnerability was around 500,000 worldwide.
This vulnerability caused many concerns among patients and healthcare providers. It also
highlighted the potential risks associated with vulnerable IoT devices in the medical and
healthcare industry, such as the implantable cardiac devices hack and their significant
harm to the patient’s health [45].
3.1.2.4 The Attack on The Heating Systems in Finland

This attack targeted the heating system for buildings in Finland. The heating controllers
were connected to the internet and had a vulnerability exploited and used by the
attackers to launch their attacks. The attackers launched a series of DDoS attacks
targeting the heating controllers and causing them to reboot continuously. This caused
the heating systems to remain down and prevented them from resuming their function.
The attack lasted for several days and took place during a freezing winter in Finland,
making the situation severe for the residents of the buildings. This attack highlights
22
the potential
23
risks of vulnerable IoT devices and their impact on critical infrastructure such as heating
systems [46].
3.1.2.5 The Verkada Hack

Verkada is a company that provides surveillance security camera systems. In 2021, a
group of attackers exploited a vulnerability that allowed gain access to over 150,000
cameras. The hack exploited sensitive data from cameras in various organizations, including
prisons, schools, hospitals, medical centers, and other companies, including Tesla, Nissan,
and Cloudflare. The attackers bypassed the authentication phase and gained remote access
to the cameras without providing any credentials [47].
The Verkada hack was one of the recent examples of IoT breaches that highlighted the
potential consequences of IoT vulnerabilities. This hack raised many privacy and security
concerns, involving the breach of very sensitive information from various critical infrastructure
sectors and organizations [48].
3.2 IoT Forensics

3.2.1 Digital and IoT Forensics
As the IoT continues to grow and expand, so does the need for forensic investigations
involving IoT devices. Digital forensics deals with identifying, collecting, and
organizing evidence to be presented in legal proceedings. There are four primary
processes in digital forensics: identification, collection, organization, and presentation
of evidence [49].
The identification process involves the identification of potential sources of evidence,

as well as determining the objectives of the investigation. Forensic investigators must
understand the type of devices, systems, and data storage mechanisms involved to
ensure they can extract the necessary information in an effective way.
Once potential evidence has been identified, the collection process starts. Forensic investi-
gators collect the data using legal and technical methods to ensure that the collected data
remains reliable. This process may involve creating copies of the hard drives, downloading
data from cloud storage, or gaining information from network logs [49].
The organization process follows data collection and involves analyzing the collected
data to identify patterns that can help determine the facts of the case. During this stage,
various techniques are used by investigators to go through the large amounts of data,
locating relevant information and discarding the irrelevant data.
Finally, the presentation process involves gathering the findings into a clear report to
present the evidence in court. The report presented should be understandable by non-experts
in the digital forensic field, such as legal experts, and should establish the connection
between the evidence and the case [49].
IoT forensics is a sub-domain of digital forensics that specifically focuses on the unique
challenges IoT devices present. IoT devices are interconnected through networks, often
collecting, processing, and transmitting data to cloud servers and other devices. This
interconnection creates a complex environment for forensic investigators, requiring specia-
lized tools. IoT forensics can be divided into three main fields: device, network, and
24
cloud-level forensics [50].
IoT Device forensics involves the examination of IoT devices, including their memory,
hardware, and physical interfaces. Due to the variety of IoT devices and their unique
features, investigators must be familiar with various devices and manufacturers to
collect and analyze the data effectively. The challenges associated with IoT device
forensics are detailed in 3.3 [51].
IoT Network forensics deals with the analysis of communication between IoT devices
and their connection to networks, such as Wi-Fi, Bluetooth, and cellular networks. This
field focuses on understanding the network infrastructure and traffic patterns associated
with IoT devices. Network forensics helps investigators identify potential vulnerabilities
and intrusions to the IoT systems [52].
IoT Cloud forensics examines the data stored and processed by cloud services that
support IoT devices. As many IoT devices rely on cloud computing for storage and
processing, investigators must understand the various cloud architectures and security
protocols to collect and analyze data effectively. Challenges in IoT cloud forensics are
presented in 3.3.3 [53].
3.2.2 Importance of IoT Forensic

IoT forensics has emerged as a sub-domain of digital forensics that plays an important role
in identifying, analyzing, and addressing security incidents involving IoT devices. IoT
forensics builds upon the processes of digital forensics, which involves the identification,
collection, organization, and presentation of digital evidence in legal proceedings. However,
IoT forensics extends this scope to IoT devices’ unique challenges. The importance of IoT
forensics lies in its ability to adapt traditional forensic tools to the unique challenges of
IoT systems, enabling investigators to find evidence that might be inaccessible when using
traditional forensic tools [54].
IoT devices are integrated into critical infrastructure systems, such as energy grids, transpo-
rtation, and healthcare. The potential compromise of these devices can have severe
consequences on society and public safety. IoT forensics plays a critical role in
protecting these critical infrastructures by enabling investigators to collect and analyze
the evidence, identify vulnerabilities, and develop guidelines for improving the security
of IoT devices [55]. By analyzing the evidence left after an attack, forensic
investigators can better understand how attackers gained access to the system and
what steps can be taken to prevent similar attacks in the future. In addition, IoT
forensics can help find security vulnerabilities in the design of IoT devices which can
help manufacturers to improve the security of IoT devices and reduce the risk of future
attacks [56].
Another aspect highlighting the importance of IoT forensics is that IoT devices generate
a large amount of data, often in real time. This data can provide valuable insights during
a forensic investigation. IoT forensics helps to reconstruct events, identify malicious
activities, and establish a timeline of events. This can be critical in the forensic investigation
as it helps investigators determine the cause of the breach and identify security vulnerabilities
[9].
25
3.2.3 Data Sources within IoT Ecosystems
Regardless of the type of IoT application, the ecosystem can be categorized into four
main components: cloud, device, mobile device/app, and network.
The cloud component provides a centralized location for data storage and management.
In many IoT systems, data generated by IoT devices are sent to cloud servers, which can
be analyzed and used for different purposes. Cloud storage centers also store data
related to IoT device configurations, firmware updates, and management logs [57].
The device component is the IoT device that shapes the core of the IoT ecosystem.
These devices collect data by using sensors to monitor their environment and measure
various parameters, such as temperature, light, and humidity. This collected data
provides important information about the state of the monitored data. Additionally, IoT
devices might generate metadata, including device status, connectivity, and usage logs
[57].
Another data source in IoT ecosystems is mobile devices and their applications. Users
interact with IoT devices through mobile applications, enabling them to control and manage
their IoT devices remotely.
Finally, network data sources include information generated during communication betwe-
en IoT devices, cloud servers, and other network components. Network data can be
used to detect security threats such as unauthorized access or other malicious activities.
Network data can also be helpful in understanding device-to-device and device-to-cloud
communication patterns, which can help improve the performance of IoT ecosystems
[57].
3.3 Challenges of IoT Forensics

3.3.1 Lack of Standardization and Heterogeneity
The lack of standardization and diversity of IoT devices have made it extremely difficult
for forensic investigators to apply effective methods when conducting digital investigations
involving IoT devices. Various IoT devices, from small sensors to complex industrial
control systems, define the IoT landscape. These devices often use different hardware,
operating systems, and software applications, leading to inconsistencies in data formats
and storage systems.
Moreover, the communication protocols used by IoT devices can also differ
significantly. Some devices may use well-known protocols, such as Wi-Fi, Bluetooth, or
Zigbee, while others may rely on proprietary communication protocols. This
heterogeneity can create a significant challenge for forensic investigators, as they must
be able to understand and analyze the communication patterns between various IoT
devices and their corresponding networks [57].
Another aspect is the diversity of operating systems and software applications used by
IoT devices. While some devices may run on widely known operating systems like
Linux or Windows, others may use proprietary systems. This can make it difficult for
forensic investigators to find appropriate tools for extracting and analyzing data from these
devices, as traditional tools may not be effective in these situations [58].
26
In addition, the need for more standardization and heterogeneity in IoT forensics creates
significant challenges for forensic investigators, as they must be proficient in a wide
range of tools and techniques to conduct digital investigations involving IoT devices
successfully. This can lead to increased complexity, longer investigation times, and
inaccurate results [58].
3.3.2 Limitation of Storage Capacity and Processing Capabilities

Due to the small size and power constraints, IoT devices often have limited storage
capacity and processing capabilities. This limitation can make it difficult for IoT
forensic investigators to collect and analyze digital evidence from these devices. In
addition, the data generated by IoT devices is often volatile, which means that it
changes rapidly or may be time sensitive. The data can also be deleted or overwritten
before being collected, preventing forensic investigations [57].
To show this challenge, consider wearable IoT devices such as smartwatches or fitness
trackers that generate large amounts of data and activity logs. However, due to their
limited storage and processing capabilities, they may only store data temporarily or use
cloud storage services, which overcomplicates the forensic process as investigators must
go through different data storage and access layers [57].
With limited storage capacity, IoT devices can only store a limited amount of data,
which means that the data have a short lifespan and can be quickly overwritten or lost.
This creates several challenges for forensic investigators in obtaining evidence data, as
there is only a limited amount of it for a limited period, leading to an incomplete
understanding of the events under investigation. Another concern is that some IoT
devices store the data in volatile memory, like RAM, which means the data is lost when
the device loses power. This makes it challenging to preserve and acquire digital
evidence, as investigators must ensure that the device stays powered on during the
forensic process to prevent data loss [59].
Another concern is that due to limited storage capacity, data on IoT devices can be
fragmented and stored in different locations, making it difficult for investigators to reestab-
lish the timeline of events, as they need to assemble all data from various sources. The
limited storage capacity also means that these IoT devices do not have the advanced
features used for logging and monitoring, which makes it difficult to identify malicious
activities on them [59].
3.3.3 Data Location and Identification

Another significant challenge in IoT forensics is that IoT devices generate a large
amount of data that are distributed on various servers and networks. Consequently,
identifying the exact location of the data can present a challenge for forensic
investigators as data can be stored locally on the device, on different cloud services, or
on other devices and servers in the IoT network where more storage is available. This
makes it difficult for forensic investigators as they need to collect together the
information from various sources and recreate the timeline of the events [59].
Another challenge here is that the distributed nature of IoT forensic data can increase
27
the risk of data loss or corruption, further complicating the forensic process. Moreover,
using the cloud can further complicate the process as cloud storage systems, often used
to store and process data generated by IoT devices, can be located in different
geographical locations around the globe and operated by different service providers.
This further complicates the legal and jurisdictional process, as forensic investigators
may face legal restrictions when accessing data stored in other jurisdictions. Before
accessing the data, they may need to navigate complex laws and get legal authorizations
[60] [61].
3.3.4 Lack of Technical Capabilities

Another challenge facing IoT forensic investigations is the lack of technical capabilities,
including insufficient IoT forensic tools, limitations of traditional forensic tools, and
insufficient training and education for investigators, which has emerged as a significant
challenge. In addition, the diversity of IoT devices makes it difficult for investigators to
develop forensic tools specifically designed for IoT devices. Another challenge is that
traditional forensic tools, developed to address personal computers and mobile devices,
may not be suitable for analyzing and extracting data from IoT devices and can lead to
incomplete results during forensic investigations [57].
Another area where the lack of technical capabilities becomes clear is the training and
education of forensic investigators and first responders. IoT forensics requires specialized
knowledge and expertise that may not be covered in traditional digital forensics programs
or training programs. As a result, many forensic investigators may not have the expertise
to handle the unique challenges IoT devices pose. They may struggle to keep up with
the rapid development of IoT systems. The NIST Cloud Computing Forensic Science
Challenges Report 2020 [62] has identified the need for more investigator training. Addit-
ionally, Wu et al. [57] did a survey where the participants were asked to rank the current
issues facing IoT forensics today. Most responses identified technical training and education
as the most important issue.
The consequences of lacking technical capabilities in IoT forensics have a wide-ranging

impact. It can result in delays in forensic investigations where investigators need help to
acquire and analyze data from IoT devices using traditional forensic tools. This delay
can impact the success of an investigation, mainly when dealing with time sensitive
data. Moreover, lacking specialized forensic tools can lead to incomplete or inaccurate
investigations, as investigators may misinterpret the data collected from IoT devices
[58] [63].
28
4 Results
This chapter presents the results of this research, which are divided into two main sections:
The findings of the literature review and the survey results. The first section discusses
the key insights from the literature review on IoT security threats and attacks and the
challenges associated with IoT forensics. The second section presented the findings
from the survey conducted to assess students’ familiarity with IoT security threats and
vulnerabilities and their perceptions of security measures and shared responsibilities in
IoT security.
Overall, the research questions outlined in the introduction chapter will be addressed in
this chapter. The findings in this chapter will be further discussed in Chapter 5.
4.1 Theoretical Framework Findings

This section presents the results obtained from our theoretical framework based on a
comprehensive literature review. The framework is divided into two main areas:
4.1.1 IoT Security Threats and Attacks

Table 4.1 provides a clear overview of various security threats and attacks, their descriptions,
and the potential impacts of each threat based on information gathered from the analysis
of the literature references explored in Chapter 3 that focused on these specific threats
and attacks. It is important to note that not all studies focused on all attacks; the listed
IoT threats are sourced from multiple research papers, each addressing different types of
attacks.
Threat/Attack Type Description Potential Impact
Malware and Malicious Unauthorized code execution Data tampering, unauthorized
Code Injection in IoT devices access, system
damage, service
disruption
False Data Injection Injecting false data into IoT Data integrity, inaccurate
devices decision making, false alarms
Reply attack Re-transmitting a valid data Unauthorized access, system
transmission captured malfunction, replay
previously fraud, service disruption
Cryptanalysis and Side- Exploiting cryptographic Unauthorized access, data
Channel attacks systems and analyzing theft, system compromise,
side- channel data privacy breach
Eavesdropping Attack Intercepting and eavesdropp- Loss of privacy, unauthorized
ing on IoT communication access, data theft
DDoS Attack Disrupting IoT devices’ Service disruption, unavaila-
availability by iblity, financial and
overwhelming them with reputational damage,
excessive traffic infrastructure damage
Spoofing Attack Masquerading as an IoT Unauthorized access, fraud,
device or user. data theft, service disruption
MITM Attack Intercepting and altering Loss of privacy, data
IoT communication tampering, financial
between two parties loss, service disruption
29
Sinkhole Attack Redirecting traffic to a mali- Unauthorized access, system
cious node in IoT networks disruption, data theft
Sleep Deprivation Forcing IoT devices to remain Device malfunction, shorter
awake, draining their battery device lifespan,
increased energy
consumption
Table 4.1: IoT Security Threats and Attacks
4.1.2 Challenges in IoT Forensics

Table 4.2 provides a clear overview of the main IoT forensic challenges and explains
their connection to the specific IoT security threats and attacks outlined in Table 4.1,
based on the literature references explored in Chapter 3.
Challenge Description Connection to IoT Security

Threats and Attacks
Lack of Standardiza- The IoT ecosystem Multiple operating systems,
tion and Heterogeneity consists of a wide range communication protocols, and
of devices, platforms, and encryption/authentication methods
communication protocols, contribute to the complexity of
making it difficult to analyzing and mitigating threats
establish standardized like Man in the Middle attacks,
forensic procedures. Spoofing attacks, and Sinkhole
attacks.
Limitation of Storage IoT devices typically have Limited storage capacity affects the
Capacity and Process- limited storage and ability to maintain logs and records,
ing Capabilities processing capabilities, which can impact the investigation
which can hinder the of attacks such as Eavesdropping,
extraction and analysis of Cryptanalysis, and DDoS attacks.
digital evidence. Devices with limited processing
power may be unable to run
complex forensic tools, hindering
investigations into threats like
Malware and Malicious code
Injection, Replay attacks, and Side-
Channel attacks.
30
Data Location The distributed nature of Distributed data across devices,
and Identification IoT systems can make it cloud platforms, and networks
difficult to locate and complicates investigations into
identify relevant data threats such as False Data
sources for forensic Injection, Spoofing, and Man in
investigations. the Middle attacks, as it can be
challenging to trace the data flow
between components and
determine the relevant data among
large datasets. Fragmented or
missing data can hinder the
investigation of threats like
Eavesdropping, Sinkhole, and
Sleep Deprivation attacks.
Lack of Limited availability of Insufficient training in IoT
Technical specialized tools, techni- forensi- cs and the limited
Capabilities ques, and expertise adap- availability of specialized forensic
ted to IoT forensics, tools make
coupled with the rapidly it difficult to effectively investigate
evolving IoT landscape. and respond to a wide range of
security threats and attacks,
including Malware and Malicious
code injection, Cryptanalysis, Side-
Channel attacks, and DDoS attacks
Table 4.2: Challenges in IoT Forensics
4.2 Survey Results

The motivation behind conducting the survey originates from the need to assess
students’ awareness and understanding of IoT security threats and vulnerabilities,
especially those that require user involvement to mitigate effectively. The survey aims
to bridge the gap between theoretical knowledge of IoT security threats and the practical
measures users can take to ensure a secure IoT environment.
The survey results were divided into the following sections:
4.2.1 IoT Familiarity and Security Concerns

This section consists of the responses to questions 1 and 2 that provide valuable insights
into the student’s knowledge of IoT and their concerns regarding the security of IoT
devices.
Q1: Familiarity with the concept of IoT

The results indicate that most participants have at least some familiarity with the concept
of IoT. The total number of respondents is 33. Among the respondents, 9.1% (3 respondents)
reported not being familiar with IoT, while 30.3% (10 respondents) indicated they were
somewhat familiar with the concept. A larger proportion of participants, 33.3% (11
respondents), reported being moderately familiar, and 27.3% (9 respondents) claimed to
be very familiar with IoT. This demonstrates that most respondents understand IoT, which
31
32
is crucial for forming an informed perspective on the associated security concerns
(figure 4.5).
Figure 4.5: Familiarity with the Concept of IoT
The three participants unfamiliar with the concept of IoT were thanked for their
participation, informed that they were not the target group for this survey, and their
responses were excluded from the analysis of the subsequent questions. So the second
and subsequent questions on the survey were based on responses from 30 participants.
Q2: Concerns about IoT Device Security

The survey results show that a significant number of respondents are concerned about the
security of IoT devices. 26.7% (8 respondents) of participants reported being somewhat
concerned, while 40% (12 respondents) expressed being moderately concerned. Additionally,
33.3% of respondents (10 respondents) reported being very concerned about IoT device
security. These findings highlight the growing awareness of potential security risks associated
with IoT devices. Figure 4.6 shows a summary of the results.
Figure 4.6: Level of Concern Regarding IoT Device Security
4.2.2 Awareness of IoT Security Threats and Vulnerabilities

This section of the survey results examines the participants’ awareness of common IoT
security vulnerabilities, familiarity with IoT security threats, and their opinions on the
33
most significant security threats. The data from Questions 3, 5, and 6 provides insights
into the respondents’ understanding of the challenges associated with IoT security.
Q3: Awareness of Common IoT Security Vulnerabilities

As mentioned above, the number of participants from Q2 and the subsequent questions
in the survey is 30. In this question, when participants were asked about their awareness of
common IoT security vulnerabilities, most respondents (83.3%, 25 respondents) identified
weak or easily guessable passwords as a vulnerability. The lack of regular security updates
and patches was the second most recognized issue (66.7%. 20 respondents), followed
by unsecured remote management access, lack of encryption for data transmission, and
insufficient user authentication and authorization, each acknowledged by 53.3% of the
respondents (16 respondents). Additionally, one respondent (3.3%) mentioned other
vulnerabilities, such as hardware access, limited user knowledge, abandoned hardware,
and shared Wi-Fi networks. The results are summarized in Figure 4.7.
Figure 4.7: Awareness of Common IoT Security Vulnerabilities
Q5: Familiarity with IoT Threats

Regarding familiarity with IoT security threats, the most recognized threat was Man
In The Middle (MITM) attacks, with 73.3% of respondents being familiar with it (22
respondents). Unauthorized access was familiar to 66.7% of the participants (20 respondents),
while Distributed Denial of Service (DDoS) attacks and Malware attacks were familiar to
63.3% (19 respondents) and 60% of respondents (18 respondents), respectively. Spoofing
attacks were recognized by 43.3% of the respondents (13 respondents). Other threats,
such as physical attacks and data misuse, were mentioned by two respondents (3.3%
each). Figure 4.8 shows a summary of the results.
34
Figure 4.8: Familiarity with Various IoT Security Threats
Q6: Most Significant Security Threats

When asked to identify the most significant security threat among those listed, unauthorized
access emerged as the top concern for 33.3% of the respondents (10 respondents). Malware
attacks followed closely, with 30% of participants considering them the most significant
threat (9 respondents). DDoS attacks were considered the most significant by 20% of
respondents (6 respondents), while Man in the Middle attacks were chosen by 13.3%
(4 respondents). Spoofing attacks were considered the least significant by only one
respondent (3.3%). Figure 4.9 summarizes the results.
Figure 4.9: Most Significant IoT Security Threats According to Respondents
4.2.3 Security Measures, Practices, and Shared Responsibilities

The third section of the survey results focuses on the participants’ perspectives on the
importance of built-in security features in IoT devices, the security measures they take
to protect their devices, the significance of user education, shared responsibility among
various collaborators, and the most effective ways to improve IoT security.
Q4: Importance of Built-in Security Features

When asked about the importance of built-in security features in IoT devices, an overwhelming
70% (21 respondents) considered it "very important," while 26.7% (8 respondents) found
35
it "important." Only one respondent (3.3%) deemed it "somewhat important." These results
indicate that most participants recognize the necessity of incorporating security features
in IoT devices by default (as shown in Figure 4.10).
Figure 4.10: Perceived Importance of Built-in Security Features in IoT Devices
Q7: Security Measures Taken by Participants

The survey also aimed to understand the measures participants take to secure their IoT
devices. The most common security measure was changing default passwords, with
83.3% (25 respondents) implementing this practice. Regularly updating device firmware
was the second most popular measure with 63.3% (19 respondents), followed by using
strong encryption methods for data transmission 50% (15 respondents), disabling
remote management of devices 40% (12 respondents), and monitoring network traffic
for unusual activities 30% (9 respondents). Additionally, one respondent (3.3%)
mentioned using devices with IoXT certification. Another one mentioned taking other
security measures, such as removing old devices when they no longer receive updates
and using SSH with key access only. The results are summarized in Figure 4.11.
Figure 4.11: Measures Taken by Respondents to Secure IoT Devices
Q8: Importance of User Education

Regarding the importance of user education for maintaining IoT security, 53.3% (16
36
respondents) believed it to be "very important," while 26.7% (8 respondents) considered
it "important." Only 20% (6 respondents) found it "somewhat important." This
highlights that many respondents recognize the role of user education in enhancing IoT
security (figure 4.12).
Figure 4.12: Perceived Importance of User Education in Maintaining IoT

Security
Q9: Shared Responsibility in IoT Security

When asked whether IoT security should be a shared responsibility between users, manufact-
urers, and service providers, 60% (18 respondents) agreed, while 6.7% (2 respondents)
disagreed. Interestingly, 33.3% (10 respondents) stated it depends on the situation. The
majority of participants acknowledged the need for collaboration among different stakeholders
to address IoT security concerns effectively (figure 4.13).
Figure 4.13: Belief in Shared Responsibility for IoT Security
Q10: Most Effective Ways to Improve IoT Security

In response to the question about the most effective way to improve IoT security, 36.7%
(11 respondents) chose improved device security by manufacturers, followed by
increased user awareness and education (23.3%, 7 respondents), development of
37
better security
38
IMPLEMENTED CODE
const int trigPin = 9; // Ultrasonic sensor trigger pin
const int echoPin = 10; // Ultrasonic sensor echo pin
const int buzzerPin = 7; // Buzzer pin
void setup() {
Serial.begin(9600);
pinMode(trigPin, OUTPUT);
pinMode(echoPin, INPUT);
pinMode(buzzerPin, OUTPUT);
}
void loop() {
long duration, distance;
// Trigger ultrasonic sensor

digitalWrite(trigPin, LOW);
delayMicroseconds(2);
digitalWrite(trigPin, HIGH);
delayMicroseconds(10);
digitalWrite(trigPin, LOW);
// Measure the echo time to calculate distance

duration = pulseIn(echoPin, HIGH);
distance = duration * 0.034 / 2;
Serial.print("Distance: ");
Serial.println(distance);
// Check if an object is within a specified range (adjust as needed)

if (distance < 50) {
// Activate the alarm (buzzer)
digitalWrite(buzzerPin, HIGH);
delay(1000); // Alarm duration in milliseconds (adjust as needed)
digitalWrite(buzzerPin, LOW);
}
delay(1000); // Adjust delay between sensor readings as needed}
39
technologies (20%, 6 respondents), and stronger regulations (16.7%, 5 respondents).
One respondent (3.3%) also suggested open-source hardware as a potential solution.
These results reflect diverse opinions on the most effective methods to enhance IoT
security, with a notable focus on the role of manufacturers and user awareness (figure
4.14).
Figure 4.14: Most Effective Approaches to Improving IoT Security
40
5 Analysis and Discussion
This thesis aimed to gather information on the most common IoT security threats and
attacks, and the most common challenges associated with IoT forensics and assess the
students’ awareness of IoT security threats and their mitigation techniques. A mixed
method approach will answer the research questions by combining a literature review
and a survey study. The literature review will answer the research questions (RQ1 and
RQ3), and the survey study will answer the research question (RQ2). In this chapter, we
reflect on the key findings from the literature review and the survey study.
5.1 Research Question 1: IoT Security Threats, Mitigation Techniques, and Real-world
Incidents
In this section, we discuss the most common IoT security threats and attacks, real-world
incidents, and countermeasures to prevent and mitigate these risks.
Malware and malicious code injection attacks present a significant threat to IoT devices.
For example, the Mirai Botnet Attack illustrated how malware could infect various IoT
devices to create a massive botnet that launched DDoS attacks on targeted servers. It is
important to implement updates, antivirus software, and network monitoring to counter
malware and malicious code injection.
False data injection attacks are where an attacker injects false data or manipulates
existing data, which can lead to incorrect decisions and actions by the system or user.
To reduce the risk of this attack, it is necessary to implement data integrity checks,
encryption, and secure communication channels.
Replay attacks involve the attacker capturing and resending valid data or commands to
cause unintended actions or gain unauthorized access. A countermeasure to replay
attacks includes using timestamps and secure communication protocols.
Cryptanalysis and side-channel attacks exploit vulnerabilities in cryptographic

algorithms or observe side-channel information to break encryption and gain access to
sensitive information. To protect against these attacks, it is essential to implement strong
encryption algorithms and proper key management.
Eavesdropping attacks occur when an attacker intercepts communication between IoT

devices or between a device and a user. Encryption and secure communication protocols
can help protect data from eavesdropping attacks.
DDoS attacks aim to overwhelm IoT devices or networks with large amounts of data
traffic, causing service disruptions or complete unavailability. Traffic filtering, rate limiting,
and intrusion detection systems should be employed to mitigate these attacks.
Spoofing attacks involve an attacker pretending to be a legitimate IoT device, user, or

service to trick other devices or users. Authentication, digital certificates, and secure
communication protocols can be implemented to prevent spoofing attacks.
Man-In-The-Middle (MITM) attacks allow an attacker to intercept and potentially alter

communication between two IoT devices or between a device and a user. Encryption,
41
secure communication protocols, and digital certificates can help prevent MITM attacks.
Sinkhole attacks compromise an IoT device or network node to redirect network traffic,
enabling the attacker to manipulate or block communication. Intrusion detection
systems, secure routing protocols, and network monitoring should be implemented to
prevent this attack.
Sleep deprivation attacks prevent IoT devices from entering low-power sleep mode, causing
rapid exhaustion of the device’s battery. To counter this attack, intrusion detection systems
should be implemented to detect and prevent continuous requests from unauthorized
sources.
5.2 Research Question 2: Students’ Awareness of IoT Security Threats and Mitigation
Techniques
The survey results provide important perspectives into students’ awareness of IoT security
threats, their understanding of mitigation techniques, and their perceptions of the most
effective ways to improve IoT security.
Regarding familiarity with IoT, 90.9% of the respondents (30 out of 33) reported being
at least somewhat familiar with the concept, showing that most participants have a basic
understanding of IoT. This result is essential as it provides a basis for their awareness of
IoT security threats and their mitigation strategies.
The exclusion of the three participants who were unfamiliar with the concept of IoT
from the analysis of the subsequent questions ensures that the results represent the
perspectives of those who have some understanding of IoT and its associated security
issues.
The majority of the respondents (73.3%) expressed concerns about the security of IoT
devices (Q2), with 40% being concerned and 33.3% being very concerned. This finding
displays a general awareness of the potential risks associated with IoT devices, which
may encourage students to learn more about the topic.
From Q1 and Q2 results, the majority of participants (60.6%) are moderate to very familiar
with the concept of IoT (Q1), and the majority (73.3%) express concern about the
security of IoT devices. This connection suggests that as students become more familiar
with IoT technology, they become more concerned about its security impacts.
The respondents reasonably understood the issues when asked about common IoT security
vulnerabilities (Q3). The majority of the participants were aware of weak or easily
guessable passwords (83.3%), unsecured remote management access (53.3%), lack of
encryption for data transmission (53.3%), lack of regular security updates and patches
(66.7%), and insufficient user authentication and authorization (53.3%). These results
show that students understand potential security risks that can compromise IoT devices.
In Q4, The importance of built-in security features in IoT devices was highlighted by
70% of the participants who considered it very important, 26.7% who considered it
important,
42
and only 3.3% considered it somewhat important. This finding shows that students
value that IoT devices must have built-in security features by default and recognize the
role of manufacturers in enhancing IoT security.
The respondents showed awareness of several IoT security threats (Q5), with the
highest familiarity reported for Man In the Middle attacks (73.3%), followed by
unauthorized access (66.7%), DDoS attacks (63.3%), Malware attacks (60%), and
spoofing attacks (43.3%). Additionally, when asked about the most significant security
threat among those listed (Q6), the respondents ranked Unauthorized access (33.3%)
and Malware attacks (30%) as the top threats, followed by DDoS attacks (20%), MITM
attacks (13.3%), and Spoofing attacks (3.3%). This indicates that students have a good
understanding of the most common IoT security threats. The high awareness and
understanding of IoT security vulnerabilities and threats illustrated by the respondents
can enable them to make better decisions when using IoT devices and encourage them
to adopt best practices for securing them.
The results from Q3 and Q5 demonstrate that participants are generally aware of
common IoT security vulnerabilities (Q3) and are familiar with various security threats
(Q5). This connection highlights the importance of understanding the vulnerabilities and
potential security threats, as understanding of both areas can lead to developing more
effective security solutions.
Furthermore, the results from Q5 and Q6 show that students familiar with multiple security
threats (Q5) tend to perceive unauthorized access and malware attacks (Q6) as the most
significant threats. These results could indicate that students are more concerned about
threats that directly affect their data privacy and device functionality.
The responses to Q7 highlight the security measures that students adopt to secure their IoT
devices. Changing default passwords was the most common measure (83.3%), followed
by regularly updating device firmware (63.3%), using strong encryption methods for
data transmission (50%), disabling remote management of devices (40%), and
monitoring network traffic for unusual activities (30%). These results shows that
students have a practical understanding of the necessary steps to protect IoT devices
from security threats.
The connection between the results from Q3 and Q7 suggests that participants aware of
common IoT security vulnerabilities (Q3) are more likely to implement security measures
like changing default passwords, updating device firmware, and using strong encryption
methods for data transmission (Q7). This finding highlights the value of educating users
about potential vulnerabilities and encouraging them to implement proper security measures.
The importance of user education in maintaining IoT security (Q8) was recognized by
most respondents, with 53.3% considering it very important, 26.7% considering it important,
and 20% considering it somewhat important. This result suggests that students believe
user awareness and education are crucial in ensuring the safe use and deployment of IoT
devices.
When comparing the results of Q4 and Q8, most respondents believe that built-in
security features (Q4) and user education (Q8) are important for maintaining IoT
security. This connection illustrates the importance of combining technology and user
43
awareness to
44
address IoT security challenges effectively.
In Q9, Most participants (60%) believed that IoT security should be a shared responsibility
between users, manufacturers, and service providers, while 33.3% thought it depends on
the specific circumstances. This perspective highlights the importance of a collaborative
approach in addressing IoT security challenges.
Connecting the importance of built-in security features and user education, the results
of Q4 and Q8 reinforce the finding that students believe in a shared responsibility for
IoT security (Q9). This validation strengthens the understanding of students’
perspectives on IoT security and highlights the importance of cooperation among
collaborators to address IoT security challenges effectively.
When asked about the most effective way to improve IoT security (Q10), participants
identified improved device security by manufacturers (36.7%) as the top factor, followed
by increased user awareness and education (23.3%), development of better security technol-
ogies (20%), and stronger regulations (16.7%). These responses shows that students
acknowledge the complex nature of IoT security and the need for a comprehensive approach
involving various collaborators.
Moreover, most participants agree that IoT security should be a shared responsibility
between users, manufacturers, and service providers (Q9), and they believe that improved
device security by manufacturers, increased user awareness and education, and the develop-
ment of better security technologies (Q10) are the most effective ways to enhance IoT
security. This connection highlights the importance of collaboration between different
stakeholders to address IoT security challenges effectively.
5.3 Research Question 3: Challenges Associated with IoT Forensics

Several challenges associated with IoT forensics have been identified, which are linked
to the unique characteristics of IoT devices. The identified challenges include a lack of
standardization and heterogeneity, limitation of storage capacity and processing capabilities,
data location and identification, and lack of technical capabilities.
The lack of standardization and heterogeneity in IoT ecosystems, which consist of a

wide range of devices, platforms, and communication protocols, complicates the process
of creating standardized forensic procedures. This further complicates the process of
analyzing and mitigating threats like MITM attacks, Spoofing attacks, and Sinkhole attacks,
as the diversity of operating systems, communication protocols, and encryption methods
used in IoT devices complicates the forensic process.
The limited storage and processing capabilities of IoT devices present another challenge
in IoT forensic investigations. This limitation affects the process of maintaining logs
and records and impacts the ability to investigate attacks such as Eavesdropping and
DDoS attacks. In addition, IoT devices with limited processing power may be unable to
run complex forensic tools, preventing investigations into threats like Malware and
Malicious code Injection, Replay attacks, and Side-Channel attacks.
45
Another challenge is the distributed nature of IoT devices which complicates the
process of data location and identification, as it makes it difficult to trace the data
transfer between devices and sensors and determine the relevant data among large
datasets. This issue complicates the investigations into threats such as False Data
Injection, Spoofing, and MITM attacks. Another issue is the data being fragmented
when transmitting, which can further complicate the investigations of threats like
Eavesdropping, Sinkhole, and Sleep Deprivation attacks.
The lack of technical capabilities, including the limited availability of specialized

forensic tools and expertise adapted to IoT forensics, can further complicate the process
of IoT forensic investigations. This challenge makes it difficult to investigate and
respond to various security threats and attacks, including Malware and Malicious code
injection, DDoS, and cryptanalysis attacks.
46
6 Conclusion and Future Work
In conclusion, this thesis shows how IoT security, user awareness, and forensic
challenges are all connected. By doing an in-depth analysis of the different aspects of
IoT security, it becomes clear that investigating these issues needs a comprehensive
approach.
IoT security threats present significant risks to users and systems, so we need strong
security measures and more research to keep IoT systems safe and develop strong
security measures. Moreover, the critical role of user awareness in preventing and
mitigating these threats and securing IoT devices is highlighted, highlighting the
importance of integrating IoT security education into educational programs.
The challenges associated with IoT forensics show that we need the development of
advanced forensic tools and methods made especially for IoT systems. This is important
to enable effective digital investigations in a more connected world.
Additionally, the thesis results highlight the importance of collaborative work among
researchers, industrial professionals, and users in addressing IoT security threats, raising
awareness, and addressing forensic challenges.
The scope of this research could have been broader if there had been sufficient time.
Several directions could be explored for future research. First, a broader survey could
be conducted to a larger audience, including professionals from academia, industry, and
the general public. This will help to better understand the awareness and perceptions of
IoT security threats and mitigation strategies among different groups of users. Second,
investigating the development of standardized IoT forensic frameworks and tools would
help address the current challenges facing IoT forensics investigations. Finally, further
research on the collaboration between users, manufacturers, and service providers in the
IoT system could help establish shared responsibilities for IoT security and examine the
responsibilities of each group.
47
References
[1] P. Yadav and S. Vishwakarma, “Application of internet of things and big data
towards a smart city,” in 2018 3rd International Conference On Internet of Things:
Smart Innovation and Usages (IoT-SIU), 2018, pp. 1–5. [Online]. Available:
https://ieeexplore-ieee-org.proxy.lnu.se/document/8519920
[2] Statista. (2021) Internet of things (iot) connected devices installed base worldwide
from 2015 to 2025. [Online]. Available: https://www.statista.com/statistics/
1101442/iot-number-of-connected-devices-worldwide/
[3] A. Assiri and H. Almagwashi, “Iot security and privacy issues,” in 2018
1st International Conference on Computer Applications Information Security
(ICCAIS), 2018, pp. 1–5. [Online]. Available: https://ieeexplore-ieee-
org.proxy.lnu. se/document/8442002
[4] K. Tabassum, A. Ibrahim, and S. A. El Rahman, “Security issues and

challenges in iot,” in 2019 International Conference on Computer and
Information Sciences (ICCIS), 2019, pp. 1–5. [Online]. Available: https:
//ieeexplore-ieee-org.proxy.lnu.se/document/8716460
[5] C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, “Ddos in the

iot: Mirai and other botnets,” Computer, vol. 50, pp. 80–84, 01 2017.
[Online]. Available: https://www.researchgate.net/publication/318288727_DDoS_
in_the_IoT_Mirai_and_other_botnets
[6] E. Oriwoh, D. Jazani, G. Epiphaniou, and P. Sant, “Internet of things forensics:

Challenges and approaches,” in 9th IEEE International Conference on Collaborative
Computing: Networking, Applications and Worksharing, pp. 608–615.
[7] R. Priya, A. Utsav, A. Zabeen, and A. Abhishek, “Multiple security threats with its
solution in internet of things (iot),” in 2021 4th International Conference on
Recent Developments in Control, Automation & Power Engineering (RDCAPE),
2021, pp. 221–223.
[8] K. Abdulsattar and A. Al-Omary, “A survey: Security issues

in iot environment and iot architecture,” 09 2020. [Online].
Available: https://www.researchgate.net/publication/344600650_A_Survey_
Security_issues_in_IoT_Environment_and_IoT_Architecture
[9] T. Janarthanan, M. Bagheri, and S. Zargari, IoT Forensics: An Overview

of the Current Issues and Challenges, 01 2021, pp. 223–254. [Online].
Available: https://www.researchgate.net/publication/347479384_IoT_Forensics_
An_Overview_of_the_Current_Issues_and_Challenges
[10] G. Surange and P. Khatri, “Iot forensics: A review on current trends, approaches
and foreseen challenges,” in 2021 8th International Conference on Computing for
Sustainable Global Development (INDIACom), 2021, pp. 909–913.
[11] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and E. K. Markakis, “A

survey on the internet of things (iot) forensics: Challenges, approaches, and open
issues,” IEEE Communications Surveys & Tutorials, vol. 22, no. 2, pp. 1191–
1221, 2020.
48
[12] B. Kitchenham and S. Charters, “Guidelines for performing systematic
literature reviews in software engineering,” vol. 2, 01. [Online].
Available: https://www.researchgate.net/publication/302924724_Guidelines_for_
performing_Systematic_Literature_Reviews_in_Software_Engineering
[13] B. Min and V. Varadharajan, “Design and evaluation of feature distributed
malware attacks against the internet of things (iot),” in 2015 20th International
Conference on Engineering of Complex Computer Systems (ICECCS), 2015, pp.
80–89.
[14] S. Gautam, A. Malik, N. Singh, and S. Kumar, “Recent advances and
countermeasures against various attacks in iot environment,” in 2019 2nd
International Conference on Signal Processing and Communication (ICSPC),
2019, pp. 315–319. [Online]. Available:
https://ieeexplore.ieee.org/document/8976527
[15] R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Security Privacy,
vol. 9, pp. 49–51, 05 2011. [Online]. Available: https://www.researchgate.net/
publication/220496976_Stuxnet_Dissecting_a_Cyberwarfare_Weapon
[16] S. Raza, L. Wallgren, and T. Voigt, “Svelte: Real-time intrusion detection in the
internet of things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2661–2674, 2013.
[Online].
Available: https://www.sciencedirect.com/science/article/pii/S1570870513001005
[17] R. Nath N and H. V Nath, “Critical analysis of the layered and systematic
approaches for understanding iot security threats and challenges,” Computers
and Electrical Engineering, vol. 100, p. 107997, 2022. [Online]. Available:
https://www.sciencedirect.com/science/article/pii/S0045790622002658
[18] P. Hu, W. Gao, Y. Li, M. Wu, F. Hua, and L. Qiao, “Detection of false data injection
attacks in smart grids based on expectation maximization,” Sensors, vol. 23, no. 3,
2023. [Online]. Available: https://www.mdpi.com/1424-8220/23/3/1683
[19] S. Jeba and B. Paramasivan, “False data injection attack
and its countermeasures in wireless sensor networks,” European
Journal of Scientific Research, vol. 82, 07 2012. [Online].
Available: https://www.researchgate.net/publication/266279058_False_Data_
Injection_Attack_and_its_Countermeasures_in_Wireless_Sensor_Networks
[20] A. S. Alayande, N. Nwulu, and A. E. Bakare, “Modelling and countermeasures
of false data injection attacks against state estimation in power systems,” in
2018 International Conference on Computational Techniques, Electronics and
Mechanical Systems (CTEMS), 2018, pp. 129–134.
[21] N. Savarimuthu, K. Vijayalakshmi, and V. Padmapriya, “A review of network
layer attacks and countermeasures in wsn,” vol. 10, 07 2018. [Online].
Available: https://www.researchgate.net/publication/326265743_A_Review_of_
Network_Layer_Attacks_and_Countermeasures_in_WSN
[22] M. Al-Shareeda, S. Manickam, S. Laghari, and A. Jaisan, “Replay-attack
detection and prevention mechanism in industry 4.0 landscape for secure
secs/gem communications,” p. 15900, 11 2022. [Online]. Available:
https://www.researchgate.net/publication/365860487_Replay-Attack_Detection_
49
and_Prevention_Mechanism_in_Industry_40_Landscape_for_Secure_SECSGEM_
Communications
50
[23] M. Khattab, “Comprehensive study of attacks and cryptographic
measures for internet of things devices,” The Journal of Scientific
and Engineering Research, vol. 8, pp. 174–188, 02 2021. [Online].
Available: https://www.researchgate.net/publication/349426656_Comprehensive_
Study_of_Attacks_and_Cryptographic_Measures_for_Internet_of_Things_Devices
[24] N. J. Al Fardan and K. G. Paterson, “Lucky thirteen: Breaking the tls and dtls
record protocols,” in 2013 IEEE Symposium on Security and Privacy, 2013, pp.
526–540. [Online]. Available:
[25] N. Nabeel, M. Habaebi, and M. Islam, “Security analysis of lnmnt-lightweight

crypto hash function for iot,” IEEE Access, vol. PP, pp. 1–1, 12
2021. [Online]. Available: https://www.researchgate.net/publication/356830392_
Security_Analysis_of_LNMNT-LightWeight_Crypto_Hash_Function_for_IoT
[26] S. Saponara, “Iot and privacy: a study on user awareness and willingness to share
personal data in the usa,” in 2017 IEEE International Symposium on Circuits and
Systems (ISCAS), 2017, pp. 1–4.
[27] S. K. B V and G. Thangavel, “A systematic study of security

issues in internet-of-things (iot),” 02 2017, pp. 107–111. [Online].
Available: https://www.researchgate.net/publication/320250007_A_systematic_
study_of_security_issues_in_Internet-of-Things_IoT
[28] S.-H. Lee, Y.-L. Shiue, C.-H. Cheng, Y.-H. Li, and Y.-F. Huang, “Detection and
prevention of ddos attacks on the iot,” Applied Sciences, vol. 12, no. 23, 2022.
[Online]. Available: https://www.mdpi.com/2076-3417/12/23/12407
[29] M. H. Rohit, S. M. Fahim, and A. H. A. Khan, “Mitigating and detecting

ddos attack on iot environment,” pp. 5–8, 2019. [Online]. Available: https:
//ieeexplore-ieee-org.proxy.lnu.se/document/9087498
[30] P. Kumari and A. K. Jain, “A comprehensive study of ddos attacks over

iot network and their countermeasures,” Computers & Security, vol. 127, p.
103096, 2023. [Online]. Available: https://www.sciencedirect.com/science/article/
pii/S0167404823000068
[31] S. Rajashree, K. S. Soman, and P. G. Shah, “Security with ip address assignment

and spoofing for smart iot devices,” in 2018 International Conference on
Advances in Computing, Communications and Informatics (ICACCI), 2018, pp.
1914–1918. [Online]. Available:
[32] K. Jindal, S. Dalal, and K. K. Sharma, “Analyzing spoofing attacks in

wireless networks,” in 2014 Fourth International Conference on Advanced
Computing Communication Technologies, 2014, pp. 398–402. [Online]. Available:
[33] M. R. Nosouhi, K. Sood, M. Grobler, and R. Doss, “Towards spoofing

resistant next generation iot networks,” IEEE Transactions on Information
Forensics and Security, vol. 17, pp. 1669–1683, 2022. [Online]. Available:
51
[34] Z. Cekerevac, Z. Dvorak, L. Prigoda, and P. Cˇ ekerevac, “Internet of things and
the man-in-the-middle attacks – security and economic risks,” MEST Journal,
vol. 5, pp. 15–5, 07 2017. [Online]. Available:
https://www.researchgate.net/publication/
331150862_INTERNET_OF_THINGS_AND_THE_MAN-IN-THE-MIDDLE_
ATTACKS_-_SECURITY_AND_ECONOMIC_RISKS
[35] D. Javeed and U. MohammedBadamasi, “Man in the middle attacks:

Analysis, motivation and prevention,” International Journal of Computer
Networks and Communications Security, vol. 8, pp. 52–58, 07 2020.
[Online]. Available: https://www.researchgate.net/publication/347006863_Man_
in_the_Middle_Attacks_Analysis_Motivation_and_Prevention
[36] A.-u. Rehman, S. U. Rehman, and H. Raheem, “Sinkhole attacks in wireless

sensor networks: A survey,” Wireless Personal Communications, vol. 106, 06
2019. [Online]. Available: https://www.researchgate.net/publication/328505774_
Sinkhole_Attacks_in_Wireless_Sensor_Networks_A_Survey
[37] C. Tumrongwittayapak and R. Varakulsiripunth, “Detecting sinkhole attacks

in wireless sensor networks,” pp. 1966–1971, 2009. [Online]. Available:
[38] H. Shafiei, A. Khonsari, H. Derakhshi, and P. Mousavi, “Detection and mitigation

of sinkhole attacks in wireless sensor networks,” Journal of Computer and System
Sciences, vol. 80, no. 3, pp. 644–653, 2014, special Issue on Wireless Network
Intrusion. [Online]. Available: https://www.sciencedirect.com/science/article/pii/
S0022000013001256
[39] T. Bhattasali, R. Chaki, and S. Sanyal, “Sleep deprivation attack detection in

wireless sensor network,” International Journal of Computer Applications, vol.
40, pp. 19–25, 02 2012. [Online]. Available:
https://www.researchgate.net/publication/
220048865_Sleep_Deprivation_Attack_Detection_in_Wireless_Sensor_Network
[40] M. Pirretti, S. Zhu, V. Narayanan, P. McDaniel, M. Kandemir, and

R. Brooks, “The sleep deprivation attack in sensor networks: Analysis
and methods of defense,” IJDSN, vol. 2, pp. 267–287, 09 2006. [Online].
Available: https://www.researchgate.net/publication/220505178_The_Sleep_
Deprivation_Attack_in_Sensor_Networks_Analysis_and_Methods_of_Defense
[41] A. Borys, A. Kamruzzaman, H. Thakur, J. Brickley, M. Ali,

and K. Thakur, “An evaluation of iot ddos cryptojacking
malware and mirai botnet,” 06 2022, pp. 725–729. [Online].
Available: https://www.researchgate.net/publication/361991282_An_Evaluation_
of_IoT_DDoS_Cryptojacking_Malware_and_Mirai_Botnet
[42] C. Miller, “Lessons learned from hacking a car,” pp. 7–9, 12 2019. [Online].
Available: https://www.researchgate.net/publication/337664393_Lessons_learned_
from_hacking_a_car
[43] A. Baranchuk, M. Refaat, K. Patton, M. Chung, K. Krishnan, V. Kutyifa,

G. Upadhyay, J. Fisher, and D. Lakkireddy, “Cybersecurity for cardiac
implantable electronic devices,”
52
https://www.researchgate.net/publication/323300763_
Cybersecurity_for_Cardiac_Implantable_Electronic_Devices, 02 2018.
53
[44] A. Kapoor, A. Vora, and R. Yadav, “Cardiac devices and cyber attacks: How
far are they real? how to overcome?” https://www.researchgate.net/publication/
340410468_Cardiac_devices_and_cyber_attacks_How_far_are_they_real_How_
to_overcome, pp. 427–430, 11 2019.
[45] J. Best, “Could implanted medical devices be hacked?” BMJ, vol. 368, 2020.
[Online]. Available: https://www.bmj.com/content/368/bmj.m102
[46] L. Mathews, “Ddos attack leaves finnish apartments without

heat,” https://www.forbes.com/sites/leemathews/2016/11/07/
ddos-attack-leaves-finnish-apartments-without-heat/?sh=35af15281a09, Nov
2016, accessed: 2023-05-14.
[47] I. Ahmad, R. Ziar, and M. Niazy, “Survey on iot: Security threats

and applications,” https://www.researchgate.net/publication/344400696_Survey_
on_IoT_Security_Threats_and_Applications, pp. 42–46, 09 2020.
[48] A. Thapa, C. Dhapola, and H. Saini, “Security analysis of user authentication

and methods,” https://www.researchgate.net/publication/363090612_Security_
Analysis_of_User_Authentication_and_Methods, 08 2022.
[49] S. Zawoad and R. Hasan, “Faiot: Towards building a forensics aware eco
system for the internet of things,” in 2015 IEEE International Conference
on Services Computing, 2015, pp. 279–284. [Online]. Available: https:
//ieeexplore.ieee.org/document/7207364
[50] H. F. Atlam, E. El-Din Hemdan, A. Alenezi, M. O. Alassafi, and G. B.

Wills, “Internet of things forensics: A review,” Internet of Things, vol. 11, p.
100220, 2020. [Online]. Available: https://www.sciencedirect.com/science/article/
pii/S2542660520300536
[51] G. Surange and P. Khatri, “Iot forensics: A review on current trends, approaches
and foreseen challenges,” in 2021 8th International Conference on Computing
for Sustainable Global Development (INDIACom), 2021, pp. 909–913. [Online].
Available: https://ieeexplore.ieee.org/document/9441452
[52] S. Ferdous and V. Selvarajah, “Analysis of a network forensic investigation

technique,” in 2022 IEEE 2nd International Conference on Mobile Networks
and Wireless Communications (ICMNWC), 2022, pp. 1–5. [Online]. Available:
[53] A. Alenezi, R. K. Hussein, R. J. Walters, and G. B. Wills, “A framework for cloud

forensic readiness in organizations,” in 2017 5th IEEE International Conference
on Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2017, pp.
199–204. [Online]. Available: https://ieeexplore-ieee-org.proxy.lnu.se/document/
7944896
[54] EC-Council, “Understanding the meaning and purpose of iot

forensics,” EC-Council Cyber Security Blog, n.d. [Online].
Available: https://www.eccouncil.org/cybersecurity-exchange/computer-forensics/
understanding-meaning-purpose-iot-forensics/
54
[55] S. Mrdovic, IoT Forensics. Cham: Springer International Publishing, 2021, pp.
215–229. [Online]. Available: https://doi.org/10.1007/978-3-030-10591-4_13
[56] F. Servida and E. Casey, “Iot forensic challenges and opportunities for digital
traces,” Digital Investigation, vol. 28, pp. S22–S29, 2019. [Online]. Available:
https://www.sciencedirect.com/science/article/pii/S1742287619300222
[57] T. Wu, “Digital forensic investigation of iot devices: tools and

methods,” 2020. [Online]. Available: https://ora.ox.ac.uk/objects/uuid: 7e2a4b13-
9dfc-4698-884c-26d8c236f074
[58] M. Stoyanova, Y. Nikoloudakis, S. Panagiotakis, E. Pallis, and E. K. Markakis,

“A survey on the internet of things (iot) forensics: Challenges, approaches,
and open issues,” vol. 22, no. 2, 2020, pp. 1191–1221. [Online]. Available:
[59] J.-P. A. Yaacoub, H. N. Noura, O. Salman, and A. Chehab, “Advanced digital

forensics and anti-digital forensics for iot systems: Techniques, limitations
and recommendations,” Internet of Things, vol. 19, p. 100544, 2022. [Online].
Available: https://www.sciencedirect.com/science/article/pii/S2542660522000464
[60] C. Esposito, A. Castiglione, F. Pop, and K.-K. R. Choo, “Challenges

of connecting edge and cloud computing: A security and forensic
perspective,” IEEE Cloud Computing, vol. 4, pp. 13–17, 03 2017. [Online].
Available: https://www.researchgate.net/publication/316501480_Challenges_of_
Connecting_Edge_and_Cloud_Computing_A_Security_and_Forensic_Perspective
[61] S. L. Garfinkel, “Digital forensics research: The next 10 years,” Digital

Investigation, vol. 7, pp. S64–S73, 2010, the Proceedings of the Tenth Annual
DFRWS Conference. [Online]. Available: https://www.sciencedirect.com/science/
article/pii/S1742287610000368
[62] M. Gora, M. Herman, and J. Voas, “Nistir 8006: Fundamental limits of learning,”
National Institute of Standards and Technology, NIST Interagency/Internal Report
(NISTIR) 8006, 2015. [Online]. Available: https://csrc.nist.gov/publications/detail/
nistir/8006/final
[63] N. Rana, G. Sansanwal, K. Khatter, and S. Singh, “Taxonomy of

digital forensics: Investigation tools and challenges,” 08 2017. [Online].
Available: https://www.researchgate.net/publication/319930189_Taxonomy_of_
Digital_Forensics_Investigation_Tools_and_Challenges

Project Report 1

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Project Report 1

Uploaded by

Copyright:

Available Formats

GREATER NOIDA INSTITUTE OF TECHNOLOGY

accomplishment of our project. We would like to thank Dr.Gambhir Singh of the

2201321550007 AKASH KUMAR

5 Analysis and Discussion 33

6 Conclusion and Future Work 38

1.2 Related Work

1.6 Limitation of The Study

1.7 Target Group

• Chapter 2 (Method) describes the research project, methods, and ethical

• Chapter 3 (The Theoretical Background) investigates the theoretical aspects of

• Chapter 5 (Analysis and Discussion) provides an in-depth analysis and discussion

Appendix: This section includes the survey questions

2.1 Research Project

2.2 Research Methods

2.2.1 Conducting The Review

2. Identifying relevant literature: A comprehensive search of relevant databases, including

English. Exclusion Criteria:

(a) The paper does not focus on IoT forensics or security.

2.2.2 Survey Methodology and Design

1. Review of Existing Literature: This step involves conducting a comprehensive

2. Development of Questions: Drawing from the literature review findings, a set of

6. Conduct Survey: Once the survey is finalized, it is distributed to students through

2.2.2.2 Survey Overview

2.3 Ethical Considerations

3.1 IoT Security Threats, Mitigation Techniques, and Real-world Incidents

3.1.1 IoT Security Threats

3.1.1.1 Malware and Malicious Code Injection Attacks

3.1.1.2 False Data Injection (FDI) Attack

3.1.1.3 Replay Attack

Figure 3.2: Replay Attacks

3.1.1.4 Cryptanalysis and Side-channel Attacks

For prevention, strong encryption algorithms need to be developed and implemented in

3.1.1.5 Eavesdropping Attack

3.1.1.6 Distributed Denial of Service (DDoS) Attack

In addition to disrupting services and causing systems to become unavailable, This

3.1.1.7 Spoofing Attack

3.1.1.8 Man In The Middle (MITM) Attack

Figure 3.3: Man-In-The-Middle (MITM) attack

3.1.1.10 Sleep Deprivation Attacks

3.1.2.1 The Mirai Botnet Attack

Figure 3.4: Mirai Botnet

3.1.2.2 The Jeep Hack

3.1.2.3 St. Jude Medical Implant Cardiac Devices Hack

A group of cybersecurity researchers discovered the vulnerabilities in ST. Jude implantable

3.1.2.4 The Attack on The Heating Systems in Finland

3.1.2.5 The Verkada Hack

3.2 IoT Forensics

The identification process involves the identification of potential sources of evidence,

3.2.2 Importance of IoT Forensic

3.3 Challenges of IoT Forensics

3.3.2 Limitation of Storage Capacity and Processing Capabilities

3.3.3 Data Location and Identification

3.3.4 Lack of Technical Capabilities

The consequences of lacking technical capabilities in IoT forensics have a wide-ranging

4.1 Theoretical Framework Findings

4.1.1 IoT Security Threats and Attacks

4.1.2 Challenges in IoT Forensics

Challenge Description Connection to IoT Security

4.2 Survey Results

The survey results were divided into the following sections:

4.2.1 IoT Familiarity and Security Concerns

Q1: Familiarity with the concept of IoT