Professional Documents
Culture Documents
Project Report 1
Project Report 1
(ENGINEERING INSTITUTE)
ELEVATING SECURITY
WITH SMART IOT AND
ULTRASONIC SENSOR
INTEGRATION
SUBMITTED BY:
AKASH KUMAR(220132155007)
VIKASH KUMAR(2201321550066)
SHIVAM KUMAR(2201321550057)
DEVANK RAJPUT(220132155019)
Abstract
Internet of Things (IoT) devices have increased rapidly in recent years, revolutionizing
many industries, including healthcare, manufacturing, and transportation, and bringing
benefits to both individuals and industries. However, this increase in IoT device usage
has exposed IoT ecosystems to numerous security threats and digital forensic
challenges. This thesis investigates the most common IoT security threats and attacks,
students’ awareness of them and their mitigation strategies, and the key challenges
associated with IoT forensic investigations.
A mixed-method approach is adopted in this thesis combining a literature review and a
survey study. The survey assesses students’ knowledge of IoT security threats, mitigation
techniques, and perceptions of the most effective ways to enhance IoT security. The
survey also emphasizes the importance of user training and awareness in mitigating IoT
threats, highlighting the most effective strategies, such as stronger regulations and improved
device security by manufacturers. The literature review provides a comprehensive overview
of the most common IoT security threats and attacks, such as malware, malicious code
injection, replay attacks, Man in the Middle (MITM), botnets, and Distributed Denial
of Service Attacks (DDoS). The mitigation techniques to these threats are overviewed
as well as real-world incidents and crimes, such as the Mirai botnet, St. Jude Medical
implant cardiac devices hack, and the Verkada hack, are examined to understand the
consequences of these attacks.
Moreover, this work also highlights the definition and the process of digital and IoT
forensics, the importance of IoT forensics, and different data sources in IoT ecosystems.
The key challenges associated with IoT forensics and how they impact the effectiveness
of digital investigations in the IoT ecosystem are examined in detail. Overall, the results
of this work contribute to ongoing research to improve IoT device security, highlight
the importance of increased awareness and user training, and address the challenges
associated with IoT forensic investigation
Acknowledgment
We would like to express our deep gratitude to our project guide Dr. Gambhir
Singh Department of Internet Of Things, for her guidance with unsurpassed
knowledge and immense encouragement. We are grateful to Dr. Inderdeep
Verma, Head of the Department, Internet Of Things, for providing us with the
required facilities for the
completion of the project work. We are very much thankful to the Principal and
Management, GNIOT, Greater Noida, for their encouragement and cooperation
to carry out this work.
We express our thanks to Project Coordinator Dr.Gambhir singh, for her
continuous support and encouragement. We thank all teaching faculty of
Department of IOT whose suggestions during reviews helped us in
PROJECT STUDENTS
1 Introduction 1
1.1 Background.........................................................................................................1
1.2 Related Work......................................................................................................2
1.3 Problem Formulation..........................................................................................3
1.4 Motivation..........................................................................................................3
1.5 4
1.6 Results................................................................................................................4
1.7 Limitation of The Study.....................................................................................5
1.8 Outline................................................................................................................5
2 Method 6
2.1 Research Project.................................................................................................6
2.2 Research Methods..............................................................................................6
2.2.1 Conducting The Review........................................................................6
2.2.2 Survey Methodology and Design..........................................................7
2.2.2.1 Survey Creation and Design..................................................7
2.2.2.2 Survey Overview...................................................................9
2.3 Ethical Considerations......................................................................................10
3 Theoretical Background 11
3.1 IoT Security Threats, Mitigation Techniques, and Real-world Incidents........11
3.1.1 IoT Security Threats............................................................................11
3.1.1.1 Malware and Malicious Code Injection Attacks.................11
3.1.1.2 False Data Injection (FDI) Attack.......................................12
3.1.1.3 Replay Attack......................................................................12
3.1.1.4 Cryptanalysis and Side-channel Attacks.............................13
3.1.1.5 Eavesdropping Attack.........................................................14
3.1.1.6 Distributed Denial of Service (DDoS) Attack.....................14
3.1.1.7 Spoofing Attack...................................................................14
3.1.1.8 Man In The Middle (MITM) Attack...................................15
3.1.1.9 Sinkhole Attack...................................................................16
3.1.1.10 Sleep Deprivation Attacks...................................................16
3.1.2 IoT Security Crimes.............................................................................17
3.1.2.1 The Mirai Botnet Attack......................................................17
3.1.2.2 The Jeep Hack.....................................................................17
3.1.2.3 St. Jude Medical Implant Cardiac Devices Hack................18
3.1.2.4 The Attack on The Heating Systems in Finland..................18
3.1.2.5 The Verkada Hack...............................................................19
3.2 IoT Forensics....................................................................................................19
3.2.1 Digital and IoT Forensics....................................................................19
3.2.2 Importance of IoT Forensic.................................................................20
3.2.3 Data Sources within IoT Ecosystems..................................................21
3.3 Challenges of IoT Forensics.............................................................................21
3.3.1 Lack of Standardization and Heterogeneity........................................21
3.3.2 Limitation of Storage Capacity and Processing Capabilities..............22
3.3.3 Data Location and Identification.........................................................22
3.3.4 Lack of Technical Capabilities............................................................23
4 Results 24
4.1 Theoretical Framework Findings.....................................................................24
4.1.1 IoT Security Threats and Attacks........................................................24
4.1.2 Challenges in IoT Forensics................................................................25
4.2 Survey Results..................................................................................................26
4.2.1 IoT Familiarity and Security Concerns................................................26
4.2.2 Awareness of IoT Security Threats and Vulnerabilities......................27
4.2.3 Security Measures, Practices, and Shared Responsibilities.................29
References 39
1 Introduction
The project focuses on IoT security threats and the challenges associated with IoT forensics.
The project employs a mixed-method approach combining a literature review and a survey
study. Moreover, the project aims to explore the most common IoT security threats and
attacks, their mitigation techniques, and their consequences in real-world incidents. In
addition, the study will assess students’ awareness of IoT security threats, their mitigation
strategies, and the best ways to improve IoT security. The paper will also present IoT
forensics, data sources in IoT ecosystems, and the importance of IoT forensics. It will
give a comprehensive overview of the challenges associated with IoT forensics and their
impact on the investigation process of the IoT systems.
This is a 15 HEC Bachelor thesis in Computer Science for Linnaeus University. As a team,
we have collaborated closely on the project, sharing the workload equally. Abdulrahman
primarily focused on IoT security threats and mitigation strategies, while Waseem explored
IoT forensics and associated challenges. Both actively contributed to the survey study,
Introduction, and Conclusion and participated in the Discussion, Methodology, and Theore-
tical Background chapters, ensuring a high-quality outcome.
This chapter will present an overview of the study, while the related work section will
summarize existing research and highlight the current knowledge and research gaps.
The problem formulation presents the knowledge gap the project aims to address by
introducing the research questions. The relevance of this work will be presented in the
motivation section, followed by the results, the limitations, and the target group of this
study. The final section will outline the entire thesis.
1.1 Background
The Internet of Things (IoT) describes the interconnected network of devices embedded
with software, processing ability, sensors, network connectivity, and other technologies
enabling them to collect and exchange data and perform tasks autonomously. Various
wireless protocols are used by IoT devices to communicate with each other such as
Bluetooth, Zigbee, and Wi-Fi. These communication protocols enable data exchange
between the devices and allow them to integrate with the various cloud platforms for
storage and processing [1].
According to recent estimates, the number of IoT devices worldwide has grown rapidly,
with approximately 19.8 billion in use as of 2023. This number is expected to surge
to 30.9 billion by 2025, highlighting the rapid expansion of IoT technology in various
sectors, including healthcare, manufacturing, smart cities, and transportation [2].
Despite the many benefits of IoT devices, the rapid increase in the usage of IoT has
also given rise to many security threats and privacy issues. The large amount of data
generated and processed by IoT devices has made them an attractive target for attackers
and cybercriminals. Some common security threats in the IoT systems include Malware
attacks, Distributed Denial of Service (DDoS) attacks, Man In The Middle (MITM)
attacks, Malware, and unauthorized access [3]. Several real-world IoT crimes, such as
the Mirai botnet, the Verkada hack, and the St. Jude Medical implant devices hack,
have shown the consequences of security incidents on individuals, healthcare, and
critical
1
infrastructure.These cases have caused significant economic and societal impacts,
highli- ghting the importance of addressing IoT security challenges [4].
The Mirai botnet, for example, was responsible for taking down a large portion of the
internet when the malware infected hundreds of thousands of IoT devices, transforming
them into a massive botnet. This botnet was used to launch DDoS attacks against
multiple targets, including DNS provider Dyn, which led to widespread outages of
many websites and services. The resulting downtime has cost businesses millions of
dollars in lost revenue while also raising concerns about the vulnerability of the internet
infrastructure [5].
The increasing number of IoT crimes and security incidents has highlighted the need
to develop practical IoT forensic tools and techniques. IoT forensics involves collecting,
analyzing, and preserving digital evidence from IoT devices to support investigations
into cybercrimes. However, IoT forensics faces many challenges due to the nature of
IoT systems, such as the diversity of devices, data formats, and communication
protocols, which complicates the forensic process. Another challenge is the data location
and identif- ication, as evidence data can be distributed across many cloud platforms
worldwide. Moreover, IoT devices’ limited storage capacity and processing power can
further compli- cate the forensic process and make collecting and analyzing digital
evidence difficult [6].
Regarding the most common IoT security threats and attacks, several studies have researc-
hed the different types of threats and attacks targeting IoT systems, such as Ratna et al.
[7], who investigated the different threats and attacks in IoT systems and some of their
possible solutions. Similarly, Alauddin et al. [8] provided an overview of the security
threats and challenges in IoT architecture across its three layers; network, application,
and perception. Their research also highlights the increasing security vulnerabilities as
the number of IoT devices and associated privacy concerns increase. However, none of
these papers have discussed the consequences of these threats on real-world incidents.
Regarding key challenges facing IoT forensics, Maryam et al. [9] have discussed the
challenges faced by IoT forensic investigators in IoT environments, where traditional
forensic tools might not be suitable due to the complex nature and the multiple layers
of investigation in IoT ecosystems. Geetanjali et al. [10] highlight the cyber attacks
associated with the increased usage of IoT devices and the forensic challenges
associated with investigating these attacks.
Although these studies have considerably contributed to our understanding of IoT forensics
and its associated challenges, research on IoT forensics is still limited, requiring more
investigation to bridge current research gaps and provide a more comprehensive view of
IoT Forensic investigations.
2
1.3 Problem Formulation
The rapid growth in the number of IoT devices has led to increased security threats,
attacks, and forensic challenges associated with it. As IoT continuously integrates into
various aspects of our daily lives, it becomes increasingly important to understand these
threats, assess the level of awareness among individuals, and identify the key challenges
in IoT forensics. There is still a significant research gap in this field as the current body
of knowledge is relatively limited. In this section, the problem will be formulated by
presenting the research questions that will guide the research:
RQ1 What are the most common IoT security threats and attacks, their mitigation
techniques, and their consequences in real-world incidents?
RQ2 What is the level of students’ awareness of IoT security threats and their
mitigation techniques, and how do they perceive the most effective ways to
enhance IoT security?
RQ3 What are the key challenges associated with IoT forensics, and how do they
impact the effectiveness of digital investigations in the IoT ecosystem?
1.4 Motivation
IoT devices have rapidly increased and revolutionized many industries, including
healthc- are, manufacturing, smart cities, and transportation. Many security and privacy
concerns have risen with the growth of IoT devices, leading to increased related crimes
[11]. Therefore, the need to address these security threats and the forensic challenges
associated with IoT forensics is becoming increasingly important from a scientific,
industrial, and societal perspective.
From a scientific perspective, the challenges presented by IoT security and forensics
require further research and development. The diversity of IoT systems and the complexity
of their systems require detailed research into the security threats and attacks facing
them. Moreover, traditional digital forensics tools might not be suitable for IoT
domains due to the unique characteristics of IoT devices, such as their lack of
standardization and the limitation of their storage and processing capabilities. This
research will contribute to existing knowledge and the understanding of IoT security and
forensics by exploring common IoT threats, mitigation strategies, and real-world
incidents, as well as assessing students’ awareness levels; this study will help to identify
areas where further education and awareness are needed. Additionally, by examining the
challenges in IoT forensics, the research will provide insights that can guide the
development of practical tools and techniques for future investigators in the IoT domain.
From a societal perspective, the rapid integration of IoT devices’ integration into our
lives has created a lot of privacy and security concerns for individuals and communities;
understanding these concerns is therefore crucial. In this study, it is crucial to
investigate students’ awareness of IoT security threats, their mitigation techniques, and
the most effective ways to improve IoT security.
From an industrial perspective, many industries have integrated IoT systems into their
operations. This growth exposes these industries to new security risks that could lead to
financial losses and reputational damages. Industries can better protect their operations
customers by comprehensively understanding IoT security threats and attacks.
3
In this thesis project, these motivations will be addressed by investigating the most common
IoT security threats and attacks, their mitigation techniques and their real-world consequen-
ces (RQ1), examining students’ awareness of IoT security threats and their mitigation
strategies (RQ2), and exploring the key challenges associated with IoT forensics (RQ3).
The study will identify gaps in current knowledge and contribute to the existing research
and development of more secure IoT systems.
1.5 Results
The expected results of this study are aimed at providing state-of-the-art insights regarding
IoT security threats, user awareness, and possibilities for forensic measures, as outlined
below:
1. IoT Security Threats, Mitigation Techniques, and Real-World Incidents: A
compre- hensive overview of the most common IoT security threats and attacks, their
mitigat- ion techniques, along with real-world incidents showing the consequences
of these attacks. This part of the study aims to provide an understanding of the
current landscape of IoT security challenges and their impact on IoT ecosystems.
2. Survey on IoT Security Awareness: A survey study assessing students’ awareness
of IoT security vulnerabilities, threats, mitigation strategies, and their perception
of the most effective ways to improve IoT security. This part of the study aims to
provide valuable insights into the students’ IoT security awareness.
3. IoT Forensic Challenges: An analysis of the challenges associated with IoT forensics
and their impact on the effectiveness of digital investigation in the IoT ecosystem.
This part of the study highlights key challenges and improvement areas in IoT
forensic processes.
These expected results contribute to answering the research questions and improving
our understanding of IoT security threats, user awareness, and forensic challenges. The
methods used to validate these results will be discussed in detail in the Method chapter.
Detailed findings regarding IoT security threats and real-world incidents will be
presented in Chapter 3, while the analysis and discussion of the survey results can be
found in Chapter 5.
4
3. Survey sample size and diversity: Although we did our best to distribute the
survey to as many participants as possible, the sample size may not be large
enough to draw final conclusions. In addition, the participants consist only of
students with a computer science background, potentially limiting our findings’
applicability.
4. Potential bias: Despite the efforts taken to conduct an unbiased literature review,
our understanding of IoT security and forensics may have impacted the selection
of articles. There is, therefore, a possibility that some perspectives could have
been overlooked in the analysis.
For the literature review method (RQ1 and RQ3), the target group includes researchers
and academics in IoT security and digital forensics. For the survey method (RQ2), the
target group consists of students in Computer Science, Information technology,
Security, and other related fields. This combination of target groups allows for a
comprehensive understanding of the current state of IoT security and forensic
investigations, as well as the level of awareness among students regarding IoT security
vulnerabilities, threats, mitigation techniques, and the most effective ways to enhance
IoT security.
1.8 Outline
The structure of this thesis is organized as follows:
• Chapter 4 (Results) introduces the key aspects of our findings from the literature
review and the survey results.
• Chapter 6 (Conclusions and Future Work) concludes the study findings. This chapter
also suggests future research directions in IoT security and forensic investigations.
1. Defining the research questions: The research questions answered through the literature
review were clearly defined to the scope of the literature search (as shown in Section
1.3).
(a) The paper contains the relevant keyword in the title, abstract, or keywords.
(b) The paper was published between 2016 and 2023, ensuring recent and up-to-date
information.
(c) The paper is a research, conference, review article, report, or thesis.
(d) The paper must be written in
After applying these inclusion and exclusion criteria to our research results for
“IoT forensic,” we were left with 189 academic papers. We estimate that we have
examined between 60 and 70 papers for data extraction. The remaining papers
were used to get additional information.
4. Quality Assessment: Each paper went through a quality assessment to score its
quality, relevance, and validity. This process was based on the following criteria:
(a) The research questions were identified and relevant to the scope of our study.
(b) The methodology was clearly described.
(c) The results were clearly reported and supportive of the conclusions.
(d) The discussion and conclusion sections were included.
Please note that the criteria and the process we followed do not strictly adhere to Kitchenham’s
guidelines for systematic literature reviews, as we conducted a more general literature
review.
7
This section outlines the various steps and considerations involved in the development,
and administration of the survey study, as illustrated in Figure 2.1:
3. Create a Survey Form: In this step, the developed questions are included using
Google Forms.
4. Iterative Refinement: This step involves refining the survey questions based on
feedback from the supervisor.
5. Pilot Test: A pilot test was conducted with a selected group of students. The
feedback helps inform adjustments to the survey form before the wider
distribution.
8. Presentation of Results: The collected data is organized, and the results are presented
in Chapter 4.
9. Analyze Data and Discussion: In this step, the presented data is analyzed and
discussed in the context of the research objectives and existing literature. The
8
analysis and discussion are presented in Chapter 5.
9
Figure 2.1: Survey Process Flowchart
The participants were presented with nominal choices, and the survey was arranged logically
to improve the result’s quality. Moreover, The survey aimed to assess the student’s
familiarity with IoT security threats and solutions and study the importance of user education
in ensuring IoT security.
Question 1 aims to ensure whether participants understand the concept of IoT, which is
important for answering the subsequent questions. Question 2 assesses the participants’
level of concern about IoT security. Questions 3-6 focus on participants’ awareness of
common IoT security vulnerabilities and threats. Question 7-9 investigates the participants’
10
awareness of various security measures, the importance of user education, and the
shared responsibility of IoT security. Question 10 aims to identify the most effective
ways to improve IoT security.
11
3 Theoretical Background
The rapid expansion of IoT devices has created many opportunities in various aspects of
our lives. However, this rapid growth has also given rise to various security challenges,
risks and the need for effective forensic challenges to address these issues. This chapter is
based on the extensive literature survey and aims to provide a comprehensive understanding
of the various IoT security threats, mitigation strategies, real-world cyber crimes, and the
forensic challenges associated with investigating these crimes.
This chapter is outlined as follows: Section 3.1 presents IoT security threats and attacks
and their mitigation strategies. It also discusses various cyber crimes, enabling us to
understand the consequences of IoT security threats and the importance of securing IoT
ecosystems. Section 3.2 explains the concept of IoT forensics, discussing Digital and
IoT forensics, the importance of IoT forensics, and the data sources of IoT systems.
Finally, Section 3.3 presents the IoT forensics challenges identified through the
literature review. Understanding these challenges associated with IoT forensics will
help researchers find solutions to enhance the effectiveness of digital forensics in IoT
systems.
These attacks allow attackers to get unauthorized access to IoT devices, allowing them
to control device functionality and compromise data integrity. Attackers can also steal
sensitive data stored on IoT devices, such as passwords and login credentials, resulting
in privacy breaches. Attackers can also disrupt the functionality of IoT devices and
12
networks
13
by injecting them with malicious code, causing service outages. Attackers can also
infect devices with malware and use them to launch further attacks [14].
Stuxnet is an example of a malware attack that targeted industrial control systems. Stuxnet
exploited vulnerabilities in the software used to control centrifuges in Iranian nuclear
facilities, causing physical damage to the equipment [15].
Regular security updates and patches, implementing strong authentication methods and
using secure communication protocols can also help reduce the risk of these attacks
[16]. In addition, intrusion detection and prevention systems can help for early detection
of these attacks by monitoring network traffic for patterns indicating these attacks [14]
[17].
Some possible consequences of FDI attacks include compromised data integrity, where
the attackers corrupt or alter the data being collected and processed by IoT devices,
leading to incorrect decision-making, which can have severe consequences in critical
sectors such as healthcare, energy, and transportation systems. An example of FDI
attacks would be an attacker injecting false sensor readings into an industrial control
system, leading to equipment failure. Another impact would be privacy violations, as
attackers can gain unauthorized access to sensitive information in IoT devices by
injecting false data into them that monitor personal activities [19].
For prevention, strong encryption algorithms can be implemented to ensure the confidentiality
and integrity of data being transmitted between IoT devices, making it more difficult for
attackers to inject false information. Strong authentication and authorization mechanisms
should be implemented to verify the identity of communication partners. Moreover,
digital signatures or message authentication codes should be integrated to detect and
prevent transmitting tampered data. Regular security updates and patches should be
implemented to address known vulnerabilities [14] [20].
Another consequence of replay attacks is that they can compromise the integrity of IoT
systems by introducing duplicate or outdated data packets, causing the device to make
incorrect decisions based on the duplicated data. Moreover, replay attacks can result in
a loss of privacy and disclosure of sensitive information, such as user credentials and
device-specific information. This attack can also decrease device performance by
14
causing it to process and respond to redundant data packets, consuming resources such
as memory
15
and processing power [22].
An example of IoT devices that can be targeted by replay attacks include Smart home
systems and Industrial IoT,devices. In smart home systems, a replay attack could target
the communication between a smart lock and its associated mobile application (figure 3.
2). The attacker could intercept and store a legitimate unlocking command, then replay
it later to gain access to the home. Attackers can also target communication between
sensors and control systems in industrial IoT devices [22].
For prevention, timestamps can be added into transmitted data packets to help identify
and drop replayed data packets. The receiving device can then check the timestamps of
incoming packets and discard the ones with timestamps outside a predefined range [22].
In addition, adding a unique sequence number to each transmitted packet can prevent
replay attacks as the receiving device can only accept sequence numbers higher than
previously received packets, effectively rejecting any replayed packets. Additionally,
using digital signatures and message authentication codes (MAC) can also help protect
against reply attacks. In addition, Intrusion detection systems can also help prevent
replay attacks by monitoring network traffic for replay attack patterns, such as repeated
authentication attempts or duplicates [14] [22].
Side-channel attacks, on the other hand, exploit data leaked during the execution of
cryptographic operations, such as timing information and power consumption. Attackers
can then use this data to gather security keys or other sensitive information. Some common
side-channel attacks include timing and power analysis attacks [24].
Both cryptanalysis and side-channel attacks can have severe consequences for IoT systems,
as they can lead to unauthorized access to sensitive data, manipulation of device functionality,
and disruption of critical services. Moreover, compromising cryptographic keys can lead
16
to a loss of trust in the affected systems.
To protect against this attack, strong encryption algorithms can be implemented to ensure
the confidentiality and integrity of data transmitted between the devices in the network,
making it difficult for attackers to decipher data. Secure communication channels, such
as Virtual Private Networks (VPN), can also help mitigate eavesdropping attacks by
providing additional security and protection. Moreover, using two-factor authentication
and network segmentation can limit the eavesdropping attack’s impact [14] [26].
The Mirai botnet attack (2016) is an example of a massive DDoS attack that took down
major websites and internet infrastructure providers, such as the DNS provider Dyn.
The attack caused widespread internet outages and affected many companies, including
Twitter, Netflix, and GitHub [5].
For prevention, regular network monitoring and traffic analysis, implementing access
control mechanisms and rate limiting, Intrusion detection and prevention system
(IDPS), and ensuring proper security configuration of IoT devices, such as changing
default pass- words and applying security patches, can help prevent or reduce the impact
of this attack [29] [30].
17
the data transmitted over a network, such as IP and MAC addresses. This attack aims to
gain unauthorized access to sensitive information, impersonating legitimate devices to
manipulate data or launch further attacks such as DDoS, replay, and MITM attacks.
This attack can also disrupt the standard functionality of IoT devices by injecting false
data, causing IoT devices to become unavailable [31].
Additionally, wireless sensor networks can also be susceptible to spoofing attacks, where
an attacker impersonates a legitimate sensor node, injects false data, or disrupts the operation
of the network by sending malicious commands [32].
To protect IoT devices against this attack, it is essential to implement proper authentication
mechanisms, such as digital certificates or public key infrastructure (PKI), which can
help ensure the authenticity of IoT devices and users. Network segmentation can also
limit the impact of spoofing attacks by dividing the network into different zones and
segments. Some other security solutions include intrusion detection and prevention
systems (IDPS) and regular security updates and patches [14] [33].
For prevention, strong encryption protocols can help secure communication between
IoT devices and servers, making it difficult for attackers to eavesdrop or manipulate
traffic during transmission. Other solutions, such as network segmentation, security
updates and patches, proper authentication, and secure communication protocols such as
IPSEC, can help protect against MITM attacks [35].
18
3.1.1.9 Sinkhole Attack
In this attack, the attackers infect a node with malicious code that makes it attracts
network traffic from other IoT devices and presents itself as the best path toward a
target destination. IoT devices use dynamic routing protocols to communicate, meaning
that each device will try to find the best route for data transmission [36]. In this case, the
attackers manipulate these routing protocols in the infected device and make it promote
itself as the best path toward a destination. This will cause routing protocols in other
devices in the network to have the sinkhole device as their best path toward a
destination and send their network traffic through it. By having complete control over
the network traffic, the attackers can do malicious activities to the network traffic, such
as dropping and altering it [37].
Sinkhole attacks can also allow attackers to capture sensitive information affecting individuals
and organizations. The attackers can also alter the data transmitted by these devices or
sensors, leading to incorrect data being transmitted to the destination. By routing traffic
through the sinkhole, this attack can also cause lead to early battery drain and reduced
network lifetime [37].
For mitigation, secure routing protocols should be implemented to protect IoT networks
from sinkhole attacks. In addition, Intrusion Detection Systems (IDS) and strong encryption
algorithms can make it more difficult for attackers to launch sinkhole attacks. Other
countermeasures, such as network segmentation and regular security updates, can also
prevent this attack [38].
Many of these battery-driven IoT devices are located in remote locations that could be
hard to reach. These devices are designed to operate in low-power modes and have various
sleep modes to save energy. Sleep deprivation attacks aim to keep these devices busy
and prevent them from entering their sleep modes, causing their battery resources to
drain and the devices to overheat, leading to potential physical damages [39].
Another consequence of this attack is its negative impact on the network performance.
Keeping the devices awake, will generate more network traffic and consume more bandwidth,
causing potential delays and creating congestion points in the network. This attack can
also lead to further attacks, such as eavesdropping and denial of service attacks [21].
It is important to implement proper authentication and access control mechanisms that can
help reject unauthorized requests and limit the ability to perform this attack. Moreover,
designing IoT networks with multiple communication paths can help mitigate the
impact of this attack by ensuring that the network continues to function even if some
devices lose power [21] [40].
19
3.1.2 IoT Security Crimes
The widespread adoption of IoT devices has increased the risk of cyber attacks and
vulnerabilities that attackers can exploit. Many security and privacy concerns about IoT
vulnerabilities to security breaches and their impact on critical infrastructure and
services have been raised. This section will examine five of the most common real-
world crimes on or launched by IoT: the Mirai botnet, the Jeep hack, and ST. Jude
Medical implant cardiac devices hack, the attack on the heating systems in Finland, and
the Verkada hack.
The Mirai botnet was first identified when the attack started in 2016. The attacker’s botnet
was composed of over 600,000 infected IoT devices, including cameras, routers, and other
devices. The malware spread very rapidly, and the botnet was capable of launching a
series of DDoS attacks on a massive scale and targeted some of the high targets,
including the DNS domain service provider Dyn, which caused significant disruption to
internet services, some popular websites and many other critical services taking down a
significant part of the internet affecting and millions of people around the world [41].
The attack on Dyn was devastating, targeting a critical part of the network
infrastructure. The attackers could flood the DNS servers with traffic causing them to
crash and making it impossible to access the affected internet services and websites
(figure 3.4) [5].
This attack highlights the potential risks of vulnerable IoT devices and their impact
on critical infrastructure such as Internet services.
20
including Chrysler, Ram, Jeep, and Dodge vehicles. This system is connected to the
internet via a
21
cellular network and has many functions, including Satellite radio, Bluetooth connectivity,
and voice-activated commands. A group of cyber security experts discovered and exploited
a vulnerability in the unconnected system in a Jeep vehicle, which gave them access to
the car’s CAN bus. The CAN bus is the communication medium between the various
systems and has many functionalities, including steering and brakes [42].
By gaining access to the CAN bus, the researchers could send commands and take
control of the vehicle’s critical systems. They were able to accelerate, brake, and steer the
vehicle. They could also stop the brakes from working while driving at full speed. This
incident raised many security concerns and highlighted the potential risks of IoT
vulnerabilities to critical systems such as automobiles [42].
The security researchers found that the vulnerabilities in these cardiac devices were caused
by a lack of authentication and cryptographic failures in the communication protocol
used by the devices. These vulnerabilities, if exploited, could allow the attackers to
tamper with the traffic between the cardiac devices and the controllers and allow the
attackers to modify and inject malicious code. The attackers can use this vulnerability
to cause life-threatening hacks that could cause the cardiac implanted devices to speed
at potentially dangerous rates or cause them to stop working by exhausting their battery
resources.
The number of cardiac devices affected by this vulnerability was around 500,000 worldwide.
This vulnerability caused many concerns among patients and healthcare providers. It also
highlighted the potential risks associated with vulnerable IoT devices in the medical and
healthcare industry, such as the implantable cardiac devices hack and their significant
harm to the patient’s health [45].
23
risks of vulnerable IoT devices and their impact on critical infrastructure such as heating
systems [46].
The Verkada hack was one of the recent examples of IoT breaches that highlighted the
potential consequences of IoT vulnerabilities. This hack raised many privacy and security
concerns, involving the breach of very sensitive information from various critical infrastructure
sectors and organizations [48].
Once potential evidence has been identified, the collection process starts. Forensic investi-
gators collect the data using legal and technical methods to ensure that the collected data
remains reliable. This process may involve creating copies of the hard drives, downloading
data from cloud storage, or gaining information from network logs [49].
The organization process follows data collection and involves analyzing the collected
data to identify patterns that can help determine the facts of the case. During this stage,
various techniques are used by investigators to go through the large amounts of data,
locating relevant information and discarding the irrelevant data.
Finally, the presentation process involves gathering the findings into a clear report to
present the evidence in court. The report presented should be understandable by non-experts
in the digital forensic field, such as legal experts, and should establish the connection
between the evidence and the case [49].
IoT forensics is a sub-domain of digital forensics that specifically focuses on the unique
challenges IoT devices present. IoT devices are interconnected through networks, often
collecting, processing, and transmitting data to cloud servers and other devices. This
interconnection creates a complex environment for forensic investigators, requiring specia-
lized tools. IoT forensics can be divided into three main fields: device, network, and
24
cloud-level forensics [50].
IoT Device forensics involves the examination of IoT devices, including their memory,
hardware, and physical interfaces. Due to the variety of IoT devices and their unique
features, investigators must be familiar with various devices and manufacturers to
collect and analyze the data effectively. The challenges associated with IoT device
forensics are detailed in 3.3 [51].
IoT Network forensics deals with the analysis of communication between IoT devices
and their connection to networks, such as Wi-Fi, Bluetooth, and cellular networks. This
field focuses on understanding the network infrastructure and traffic patterns associated
with IoT devices. Network forensics helps investigators identify potential vulnerabilities
and intrusions to the IoT systems [52].
IoT Cloud forensics examines the data stored and processed by cloud services that
support IoT devices. As many IoT devices rely on cloud computing for storage and
processing, investigators must understand the various cloud architectures and security
protocols to collect and analyze data effectively. Challenges in IoT cloud forensics are
presented in 3.3.3 [53].
IoT devices are integrated into critical infrastructure systems, such as energy grids, transpo-
rtation, and healthcare. The potential compromise of these devices can have severe
consequences on society and public safety. IoT forensics plays a critical role in
protecting these critical infrastructures by enabling investigators to collect and analyze
the evidence, identify vulnerabilities, and develop guidelines for improving the security
of IoT devices [55]. By analyzing the evidence left after an attack, forensic
investigators can better understand how attackers gained access to the system and
what steps can be taken to prevent similar attacks in the future. In addition, IoT
forensics can help find security vulnerabilities in the design of IoT devices which can
help manufacturers to improve the security of IoT devices and reduce the risk of future
attacks [56].
Another aspect highlighting the importance of IoT forensics is that IoT devices generate
a large amount of data, often in real time. This data can provide valuable insights during
a forensic investigation. IoT forensics helps to reconstruct events, identify malicious
activities, and establish a timeline of events. This can be critical in the forensic investigation
as it helps investigators determine the cause of the breach and identify security vulnerabilities
[9].
25
3.2.3 Data Sources within IoT Ecosystems
Regardless of the type of IoT application, the ecosystem can be categorized into four
main components: cloud, device, mobile device/app, and network.
The cloud component provides a centralized location for data storage and management.
In many IoT systems, data generated by IoT devices are sent to cloud servers, which can
be analyzed and used for different purposes. Cloud storage centers also store data
related to IoT device configurations, firmware updates, and management logs [57].
The device component is the IoT device that shapes the core of the IoT ecosystem.
These devices collect data by using sensors to monitor their environment and measure
various parameters, such as temperature, light, and humidity. This collected data
provides important information about the state of the monitored data. Additionally, IoT
devices might generate metadata, including device status, connectivity, and usage logs
[57].
Another data source in IoT ecosystems is mobile devices and their applications. Users
interact with IoT devices through mobile applications, enabling them to control and manage
their IoT devices remotely.
Finally, network data sources include information generated during communication betwe-
en IoT devices, cloud servers, and other network components. Network data can be
used to detect security threats such as unauthorized access or other malicious activities.
Network data can also be helpful in understanding device-to-device and device-to-cloud
communication patterns, which can help improve the performance of IoT ecosystems
[57].
Moreover, the communication protocols used by IoT devices can also differ
significantly. Some devices may use well-known protocols, such as Wi-Fi, Bluetooth, or
Zigbee, while others may rely on proprietary communication protocols. This
heterogeneity can create a significant challenge for forensic investigators, as they must
be able to understand and analyze the communication patterns between various IoT
devices and their corresponding networks [57].
Another aspect is the diversity of operating systems and software applications used by
IoT devices. While some devices may run on widely known operating systems like
Linux or Windows, others may use proprietary systems. This can make it difficult for
forensic investigators to find appropriate tools for extracting and analyzing data from these
devices, as traditional tools may not be effective in these situations [58].
26
In addition, the need for more standardization and heterogeneity in IoT forensics creates
significant challenges for forensic investigators, as they must be proficient in a wide
range of tools and techniques to conduct digital investigations involving IoT devices
successfully. This can lead to increased complexity, longer investigation times, and
inaccurate results [58].
To show this challenge, consider wearable IoT devices such as smartwatches or fitness
trackers that generate large amounts of data and activity logs. However, due to their
limited storage and processing capabilities, they may only store data temporarily or use
cloud storage services, which overcomplicates the forensic process as investigators must
go through different data storage and access layers [57].
With limited storage capacity, IoT devices can only store a limited amount of data,
which means that the data have a short lifespan and can be quickly overwritten or lost.
This creates several challenges for forensic investigators in obtaining evidence data, as
there is only a limited amount of it for a limited period, leading to an incomplete
understanding of the events under investigation. Another concern is that some IoT
devices store the data in volatile memory, like RAM, which means the data is lost when
the device loses power. This makes it challenging to preserve and acquire digital
evidence, as investigators must ensure that the device stays powered on during the
forensic process to prevent data loss [59].
Another concern is that due to limited storage capacity, data on IoT devices can be
fragmented and stored in different locations, making it difficult for investigators to reestab-
lish the timeline of events, as they need to assemble all data from various sources. The
limited storage capacity also means that these IoT devices do not have the advanced
features used for logging and monitoring, which makes it difficult to identify malicious
activities on them [59].
Another challenge here is that the distributed nature of IoT forensic data can increase
27
the risk of data loss or corruption, further complicating the forensic process. Moreover,
using the cloud can further complicate the process as cloud storage systems, often used
to store and process data generated by IoT devices, can be located in different
geographical locations around the globe and operated by different service providers.
This further complicates the legal and jurisdictional process, as forensic investigators
may face legal restrictions when accessing data stored in other jurisdictions. Before
accessing the data, they may need to navigate complex laws and get legal authorizations
[60] [61].
Another area where the lack of technical capabilities becomes clear is the training and
education of forensic investigators and first responders. IoT forensics requires specialized
knowledge and expertise that may not be covered in traditional digital forensics programs
or training programs. As a result, many forensic investigators may not have the expertise
to handle the unique challenges IoT devices pose. They may struggle to keep up with
the rapid development of IoT systems. The NIST Cloud Computing Forensic Science
Challenges Report 2020 [62] has identified the need for more investigator training. Addit-
ionally, Wu et al. [57] did a survey where the participants were asked to rank the current
issues facing IoT forensics today. Most responses identified technical training and education
as the most important issue.
28
4 Results
This chapter presents the results of this research, which are divided into two main sections:
The findings of the literature review and the survey results. The first section discusses
the key insights from the literature review on IoT security threats and attacks and the
challenges associated with IoT forensics. The second section presented the findings
from the survey conducted to assess students’ familiarity with IoT security threats and
vulnerabilities and their perceptions of security measures and shared responsibilities in
IoT security.
Overall, the research questions outlined in the introduction chapter will be addressed in
this chapter. The findings in this chapter will be further discussed in Chapter 5.
29
Sinkhole Attack Redirecting traffic to a mali- Unauthorized access, system
cious node in IoT networks disruption, data theft
Sleep Deprivation Forcing IoT devices to remain Device malfunction, shorter
awake, draining their battery device lifespan,
increased energy
consumption
Table 4.1: IoT Security Threats and Attacks
30
Data Location The distributed nature of Distributed data across devices,
and Identification IoT systems can make it cloud platforms, and networks
difficult to locate and complicates investigations into
identify relevant data threats such as False Data
sources for forensic Injection, Spoofing, and Man in
investigations. the Middle attacks, as it can be
challenging to trace the data flow
between components and
determine the relevant data among
large datasets. Fragmented or
missing data can hinder the
investigation of threats like
Eavesdropping, Sinkhole, and
Sleep Deprivation attacks.
Lack of Limited availability of Insufficient training in IoT
Technical specialized tools, techni- forensi- cs and the limited
Capabilities ques, and expertise adap- availability of specialized forensic
ted to IoT forensics, tools make
coupled with the rapidly it difficult to effectively investigate
evolving IoT landscape. and respond to a wide range of
security threats and attacks,
including Malware and Malicious
code injection, Cryptanalysis, Side-
Channel attacks, and DDoS attacks
Table 4.2: Challenges in IoT Forensics
The three participants unfamiliar with the concept of IoT were thanked for their
participation, informed that they were not the target group for this survey, and their
responses were excluded from the analysis of the subsequent questions. So the second
and subsequent questions on the survey were based on responses from 30 participants.
33
most significant security threats. The data from Questions 3, 5, and 6 provides insights
into the respondents’ understanding of the challenges associated with IoT security.
34
Figure 4.8: Familiarity with Various IoT Security Threats
35
it "important." Only one respondent (3.3%) deemed it "somewhat important." These results
indicate that most participants recognize the necessity of incorporating security features
in IoT devices by default (as shown in Figure 4.10).
36
respondents) believed it to be "very important," while 26.7% (8 respondents) considered
it "important." Only 20% (6 respondents) found it "somewhat important." This
highlights that many respondents recognize the role of user education in enhancing IoT
security (figure 4.12).
37
better security
38
IMPLEMENTED CODE
const int trigPin = 9; // Ultrasonic sensor trigger pin
const int echoPin = 10; // Ultrasonic sensor echo pin
const int buzzerPin = 7; // Buzzer pin
void setup() {
Serial.begin(9600);
pinMode(trigPin, OUTPUT);
pinMode(echoPin, INPUT);
pinMode(buzzerPin, OUTPUT);
}
void loop() {
long duration, distance;
Serial.print("Distance: ");
Serial.println(distance);
39
technologies (20%, 6 respondents), and stronger regulations (16.7%, 5 respondents).
One respondent (3.3%) also suggested open-source hardware as a potential solution.
These results reflect diverse opinions on the most effective methods to enhance IoT
security, with a notable focus on the role of manufacturers and user awareness (figure
4.14).
40
5 Analysis and Discussion
This thesis aimed to gather information on the most common IoT security threats and
attacks, and the most common challenges associated with IoT forensics and assess the
students’ awareness of IoT security threats and their mitigation techniques. A mixed
method approach will answer the research questions by combining a literature review
and a survey study. The literature review will answer the research questions (RQ1 and
RQ3), and the survey study will answer the research question (RQ2). In this chapter, we
reflect on the key findings from the literature review and the survey study.
5.1 Research Question 1: IoT Security Threats, Mitigation Techniques, and Real-world
Incidents
In this section, we discuss the most common IoT security threats and attacks, real-world
incidents, and countermeasures to prevent and mitigate these risks.
Malware and malicious code injection attacks present a significant threat to IoT devices.
For example, the Mirai Botnet Attack illustrated how malware could infect various IoT
devices to create a massive botnet that launched DDoS attacks on targeted servers. It is
important to implement updates, antivirus software, and network monitoring to counter
malware and malicious code injection.
False data injection attacks are where an attacker injects false data or manipulates
existing data, which can lead to incorrect decisions and actions by the system or user.
To reduce the risk of this attack, it is necessary to implement data integrity checks,
encryption, and secure communication channels.
Replay attacks involve the attacker capturing and resending valid data or commands to
cause unintended actions or gain unauthorized access. A countermeasure to replay
attacks includes using timestamps and secure communication protocols.
DDoS attacks aim to overwhelm IoT devices or networks with large amounts of data
traffic, causing service disruptions or complete unavailability. Traffic filtering, rate limiting,
and intrusion detection systems should be employed to mitigate these attacks.
41
secure communication protocols, and digital certificates can help prevent MITM attacks.
Sinkhole attacks compromise an IoT device or network node to redirect network traffic,
enabling the attacker to manipulate or block communication. Intrusion detection
systems, secure routing protocols, and network monitoring should be implemented to
prevent this attack.
Sleep deprivation attacks prevent IoT devices from entering low-power sleep mode, causing
rapid exhaustion of the device’s battery. To counter this attack, intrusion detection systems
should be implemented to detect and prevent continuous requests from unauthorized
sources.
5.2 Research Question 2: Students’ Awareness of IoT Security Threats and Mitigation
Techniques
The survey results provide important perspectives into students’ awareness of IoT security
threats, their understanding of mitigation techniques, and their perceptions of the most
effective ways to improve IoT security.
Regarding familiarity with IoT, 90.9% of the respondents (30 out of 33) reported being
at least somewhat familiar with the concept, showing that most participants have a basic
understanding of IoT. This result is essential as it provides a basis for their awareness of
IoT security threats and their mitigation strategies.
The exclusion of the three participants who were unfamiliar with the concept of IoT
from the analysis of the subsequent questions ensures that the results represent the
perspectives of those who have some understanding of IoT and its associated security
issues.
The majority of the respondents (73.3%) expressed concerns about the security of IoT
devices (Q2), with 40% being concerned and 33.3% being very concerned. This finding
displays a general awareness of the potential risks associated with IoT devices, which
may encourage students to learn more about the topic.
From Q1 and Q2 results, the majority of participants (60.6%) are moderate to very familiar
with the concept of IoT (Q1), and the majority (73.3%) express concern about the
security of IoT devices. This connection suggests that as students become more familiar
with IoT technology, they become more concerned about its security impacts.
The respondents reasonably understood the issues when asked about common IoT security
vulnerabilities (Q3). The majority of the participants were aware of weak or easily
guessable passwords (83.3%), unsecured remote management access (53.3%), lack of
encryption for data transmission (53.3%), lack of regular security updates and patches
(66.7%), and insufficient user authentication and authorization (53.3%). These results
show that students understand potential security risks that can compromise IoT devices.
In Q4, The importance of built-in security features in IoT devices was highlighted by
70% of the participants who considered it very important, 26.7% who considered it
important,
42
and only 3.3% considered it somewhat important. This finding shows that students
value that IoT devices must have built-in security features by default and recognize the
role of manufacturers in enhancing IoT security.
The respondents showed awareness of several IoT security threats (Q5), with the
highest familiarity reported for Man In the Middle attacks (73.3%), followed by
unauthorized access (66.7%), DDoS attacks (63.3%), Malware attacks (60%), and
spoofing attacks (43.3%). Additionally, when asked about the most significant security
threat among those listed (Q6), the respondents ranked Unauthorized access (33.3%)
and Malware attacks (30%) as the top threats, followed by DDoS attacks (20%), MITM
attacks (13.3%), and Spoofing attacks (3.3%). This indicates that students have a good
understanding of the most common IoT security threats. The high awareness and
understanding of IoT security vulnerabilities and threats illustrated by the respondents
can enable them to make better decisions when using IoT devices and encourage them
to adopt best practices for securing them.
The results from Q3 and Q5 demonstrate that participants are generally aware of
common IoT security vulnerabilities (Q3) and are familiar with various security threats
(Q5). This connection highlights the importance of understanding the vulnerabilities and
potential security threats, as understanding of both areas can lead to developing more
effective security solutions.
Furthermore, the results from Q5 and Q6 show that students familiar with multiple security
threats (Q5) tend to perceive unauthorized access and malware attacks (Q6) as the most
significant threats. These results could indicate that students are more concerned about
threats that directly affect their data privacy and device functionality.
The responses to Q7 highlight the security measures that students adopt to secure their IoT
devices. Changing default passwords was the most common measure (83.3%), followed
by regularly updating device firmware (63.3%), using strong encryption methods for
data transmission (50%), disabling remote management of devices (40%), and
monitoring network traffic for unusual activities (30%). These results shows that
students have a practical understanding of the necessary steps to protect IoT devices
from security threats.
The connection between the results from Q3 and Q7 suggests that participants aware of
common IoT security vulnerabilities (Q3) are more likely to implement security measures
like changing default passwords, updating device firmware, and using strong encryption
methods for data transmission (Q7). This finding highlights the value of educating users
about potential vulnerabilities and encouraging them to implement proper security measures.
The importance of user education in maintaining IoT security (Q8) was recognized by
most respondents, with 53.3% considering it very important, 26.7% considering it important,
and 20% considering it somewhat important. This result suggests that students believe
user awareness and education are crucial in ensuring the safe use and deployment of IoT
devices.
When comparing the results of Q4 and Q8, most respondents believe that built-in
security features (Q4) and user education (Q8) are important for maintaining IoT
security. This connection illustrates the importance of combining technology and user
43
awareness to
44
address IoT security challenges effectively.
In Q9, Most participants (60%) believed that IoT security should be a shared responsibility
between users, manufacturers, and service providers, while 33.3% thought it depends on
the specific circumstances. This perspective highlights the importance of a collaborative
approach in addressing IoT security challenges.
Connecting the importance of built-in security features and user education, the results
of Q4 and Q8 reinforce the finding that students believe in a shared responsibility for
IoT security (Q9). This validation strengthens the understanding of students’
perspectives on IoT security and highlights the importance of cooperation among
collaborators to address IoT security challenges effectively.
When asked about the most effective way to improve IoT security (Q10), participants
identified improved device security by manufacturers (36.7%) as the top factor, followed
by increased user awareness and education (23.3%), development of better security technol-
ogies (20%), and stronger regulations (16.7%). These responses shows that students
acknowledge the complex nature of IoT security and the need for a comprehensive approach
involving various collaborators.
Moreover, most participants agree that IoT security should be a shared responsibility
between users, manufacturers, and service providers (Q9), and they believe that improved
device security by manufacturers, increased user awareness and education, and the develop-
ment of better security technologies (Q10) are the most effective ways to enhance IoT
security. This connection highlights the importance of collaboration between different
stakeholders to address IoT security challenges effectively.
The limited storage and processing capabilities of IoT devices present another challenge
in IoT forensic investigations. This limitation affects the process of maintaining logs
and records and impacts the ability to investigate attacks such as Eavesdropping and
DDoS attacks. In addition, IoT devices with limited processing power may be unable to
run complex forensic tools, preventing investigations into threats like Malware and
Malicious code Injection, Replay attacks, and Side-Channel attacks.
45
Another challenge is the distributed nature of IoT devices which complicates the
process of data location and identification, as it makes it difficult to trace the data
transfer between devices and sensors and determine the relevant data among large
datasets. This issue complicates the investigations into threats such as False Data
Injection, Spoofing, and MITM attacks. Another issue is the data being fragmented
when transmitting, which can further complicate the investigations of threats like
Eavesdropping, Sinkhole, and Sleep Deprivation attacks.
46
6 Conclusion and Future Work
In conclusion, this thesis shows how IoT security, user awareness, and forensic
challenges are all connected. By doing an in-depth analysis of the different aspects of
IoT security, it becomes clear that investigating these issues needs a comprehensive
approach.
IoT security threats present significant risks to users and systems, so we need strong
security measures and more research to keep IoT systems safe and develop strong
security measures. Moreover, the critical role of user awareness in preventing and
mitigating these threats and securing IoT devices is highlighted, highlighting the
importance of integrating IoT security education into educational programs.
The challenges associated with IoT forensics show that we need the development of
advanced forensic tools and methods made especially for IoT systems. This is important
to enable effective digital investigations in a more connected world.
Additionally, the thesis results highlight the importance of collaborative work among
researchers, industrial professionals, and users in addressing IoT security threats, raising
awareness, and addressing forensic challenges.
The scope of this research could have been broader if there had been sufficient time.
Several directions could be explored for future research. First, a broader survey could
be conducted to a larger audience, including professionals from academia, industry, and
the general public. This will help to better understand the awareness and perceptions of
IoT security threats and mitigation strategies among different groups of users. Second,
investigating the development of standardized IoT forensic frameworks and tools would
help address the current challenges facing IoT forensics investigations. Finally, further
research on the collaboration between users, manufacturers, and service providers in the
IoT system could help establish shared responsibilities for IoT security and examine the
responsibilities of each group.
47
References
[1] P. Yadav and S. Vishwakarma, “Application of internet of things and big data
towards a smart city,” in 2018 3rd International Conference On Internet of Things:
Smart Innovation and Usages (IoT-SIU), 2018, pp. 1–5. [Online]. Available:
https://ieeexplore-ieee-org.proxy.lnu.se/document/8519920
[2] Statista. (2021) Internet of things (iot) connected devices installed base worldwide
from 2015 to 2025. [Online]. Available: https://www.statista.com/statistics/
1101442/iot-number-of-connected-devices-worldwide/
[3] A. Assiri and H. Almagwashi, “Iot security and privacy issues,” in 2018
1st International Conference on Computer Applications Information Security
(ICCAIS), 2018, pp. 1–5. [Online]. Available: https://ieeexplore-ieee-
org.proxy.lnu. se/document/8442002
[7] R. Priya, A. Utsav, A. Zabeen, and A. Abhishek, “Multiple security threats with its
solution in internet of things (iot),” in 2021 4th International Conference on
Recent Developments in Control, Automation & Power Engineering (RDCAPE),
2021, pp. 221–223.
[10] G. Surange and P. Khatri, “Iot forensics: A review on current trends, approaches
and foreseen challenges,” in 2021 8th International Conference on Computing for
Sustainable Global Development (INDIACom), 2021, pp. 909–913.
48
[12] B. Kitchenham and S. Charters, “Guidelines for performing systematic
literature reviews in software engineering,” vol. 2, 01. [Online].
Available: https://www.researchgate.net/publication/302924724_Guidelines_for_
performing_Systematic_Literature_Reviews_in_Software_Engineering
[13] B. Min and V. Varadharajan, “Design and evaluation of feature distributed
malware attacks against the internet of things (iot),” in 2015 20th International
Conference on Engineering of Complex Computer Systems (ICECCS), 2015, pp.
80–89.
[14] S. Gautam, A. Malik, N. Singh, and S. Kumar, “Recent advances and
countermeasures against various attacks in iot environment,” in 2019 2nd
International Conference on Signal Processing and Communication (ICSPC),
2019, pp. 315–319. [Online]. Available:
https://ieeexplore.ieee.org/document/8976527
[15] R. Langner, “Stuxnet: Dissecting a cyberwarfare weapon,” IEEE Security Privacy,
vol. 9, pp. 49–51, 05 2011. [Online]. Available: https://www.researchgate.net/
publication/220496976_Stuxnet_Dissecting_a_Cyberwarfare_Weapon
[16] S. Raza, L. Wallgren, and T. Voigt, “Svelte: Real-time intrusion detection in the
internet of things,” Ad Hoc Networks, vol. 11, no. 8, pp. 2661–2674, 2013.
[Online].
Available: https://www.sciencedirect.com/science/article/pii/S1570870513001005
[17] R. Nath N and H. V Nath, “Critical analysis of the layered and systematic
approaches for understanding iot security threats and challenges,” Computers
and Electrical Engineering, vol. 100, p. 107997, 2022. [Online]. Available:
https://www.sciencedirect.com/science/article/pii/S0045790622002658
[18] P. Hu, W. Gao, Y. Li, M. Wu, F. Hua, and L. Qiao, “Detection of false data injection
attacks in smart grids based on expectation maximization,” Sensors, vol. 23, no. 3,
2023. [Online]. Available: https://www.mdpi.com/1424-8220/23/3/1683
[19] S. Jeba and B. Paramasivan, “False data injection attack
and its countermeasures in wireless sensor networks,” European
Journal of Scientific Research, vol. 82, 07 2012. [Online].
Available: https://www.researchgate.net/publication/266279058_False_Data_
Injection_Attack_and_its_Countermeasures_in_Wireless_Sensor_Networks
[20] A. S. Alayande, N. Nwulu, and A. E. Bakare, “Modelling and countermeasures
of false data injection attacks against state estimation in power systems,” in
2018 International Conference on Computational Techniques, Electronics and
Mechanical Systems (CTEMS), 2018, pp. 129–134.
[21] N. Savarimuthu, K. Vijayalakshmi, and V. Padmapriya, “A review of network
layer attacks and countermeasures in wsn,” vol. 10, 07 2018. [Online].
Available: https://www.researchgate.net/publication/326265743_A_Review_of_
Network_Layer_Attacks_and_Countermeasures_in_WSN
[22] M. Al-Shareeda, S. Manickam, S. Laghari, and A. Jaisan, “Replay-attack
detection and prevention mechanism in industry 4.0 landscape for secure
secs/gem communications,” p. 15900, 11 2022. [Online]. Available:
https://www.researchgate.net/publication/365860487_Replay-Attack_Detection_
49
and_Prevention_Mechanism_in_Industry_40_Landscape_for_Secure_SECSGEM_
Communications
50
[23] M. Khattab, “Comprehensive study of attacks and cryptographic
measures for internet of things devices,” The Journal of Scientific
and Engineering Research, vol. 8, pp. 174–188, 02 2021. [Online].
Available: https://www.researchgate.net/publication/349426656_Comprehensive_
Study_of_Attacks_and_Cryptographic_Measures_for_Internet_of_Things_Devices
[24] N. J. Al Fardan and K. G. Paterson, “Lucky thirteen: Breaking the tls and dtls
record protocols,” in 2013 IEEE Symposium on Security and Privacy, 2013, pp.
526–540. [Online]. Available:
https://ieeexplore-ieee-org.proxy.lnu.se/document/6547131
[26] S. Saponara, “Iot and privacy: a study on user awareness and willingness to share
personal data in the usa,” in 2017 IEEE International Symposium on Circuits and
Systems (ISCAS), 2017, pp. 1–4.
[28] S.-H. Lee, Y.-L. Shiue, C.-H. Cheng, Y.-H. Li, and Y.-F. Huang, “Detection and
prevention of ddos attacks on the iot,” Applied Sciences, vol. 12, no. 23, 2022.
[Online]. Available: https://www.mdpi.com/2076-3417/12/23/12407
51
[34] Z. Cekerevac, Z. Dvorak, L. Prigoda, and P. Cˇ ekerevac, “Internet of things and
the man-in-the-middle attacks – security and economic risks,” MEST Journal,
vol. 5, pp. 15–5, 07 2017. [Online]. Available:
https://www.researchgate.net/publication/
331150862_INTERNET_OF_THINGS_AND_THE_MAN-IN-THE-MIDDLE_
ATTACKS_-_SECURITY_AND_ECONOMIC_RISKS
[42] C. Miller, “Lessons learned from hacking a car,” pp. 7–9, 12 2019. [Online].
Available: https://www.researchgate.net/publication/337664393_Lessons_learned_
from_hacking_a_car
53
[44] A. Kapoor, A. Vora, and R. Yadav, “Cardiac devices and cyber attacks: How
far are they real? how to overcome?” https://www.researchgate.net/publication/
340410468_Cardiac_devices_and_cyber_attacks_How_far_are_they_real_How_
to_overcome, pp. 427–430, 11 2019.
[45] J. Best, “Could implanted medical devices be hacked?” BMJ, vol. 368, 2020.
[Online]. Available: https://www.bmj.com/content/368/bmj.m102
[49] S. Zawoad and R. Hasan, “Faiot: Towards building a forensics aware eco
system for the internet of things,” in 2015 IEEE International Conference
on Services Computing, 2015, pp. 279–284. [Online]. Available: https:
//ieeexplore.ieee.org/document/7207364
[51] G. Surange and P. Khatri, “Iot forensics: A review on current trends, approaches
and foreseen challenges,” in 2021 8th International Conference on Computing
for Sustainable Global Development (INDIACom), 2021, pp. 909–913. [Online].
Available: https://ieeexplore.ieee.org/document/9441452
54
[55] S. Mrdovic, IoT Forensics. Cham: Springer International Publishing, 2021, pp.
215–229. [Online]. Available: https://doi.org/10.1007/978-3-030-10591-4_13
[56] F. Servida and E. Casey, “Iot forensic challenges and opportunities for digital
traces,” Digital Investigation, vol. 28, pp. S22–S29, 2019. [Online]. Available:
https://www.sciencedirect.com/science/article/pii/S1742287619300222
[62] M. Gora, M. Herman, and J. Voas, “Nistir 8006: Fundamental limits of learning,”
National Institute of Standards and Technology, NIST Interagency/Internal Report
(NISTIR) 8006, 2015. [Online]. Available: https://csrc.nist.gov/publications/detail/
nistir/8006/final