An Overview of Iot Architecture Security Issues and Countermeasures

Walla Khalaifat *

College of Information Technology, University of Bahrain, Bahrain.

*Author to whom correspondence should be addressed.


Abstract

The Internet of Things (IoT) has revolutionized the way we interact with our surroundings. As the number of IoT devices continues to increase, along with limited resources and diverse technologies, the risk of security attacks increases. Therefore, it is important to integrate security measures throughout the development process and system architecture. However, it is crucial to continually assess and update security measures to avoid emerging threats and ensure the confidentiality, integrity, and availability of IoT systems. This study aims to explore security issues in the IoT, highlighting the associated challenges. It examines various threats, attacks, and vulnerabilities that arise within a three-layer architecture and discusses potential solutions to enhance security in each layer. By addressing these concerns, it is possible to establish a secure and reliable foundation for expanding IoT systems.

Keywords: Internet of things, security issues, attacks, countermeasures, layer architecture, privacy


How to Cite

Khalaifat , W. (2024). An Overview of Iot Architecture Security Issues and Countermeasures. Asian Journal of Research in Computer Science, 17(4), 1–18. https://doi.org/10.9734/ajrcos/2024/v17i4427

Downloads

Download data is not yet available.

References

Ashton K. That ‘internet of things’ thing. RFID journal. 2009 Jun 22;22(7):97-114.

Vermesan O, Friess P, Guillemin P, Gusmeroli S, Sundmaeker H, Bassi A, Jubert IS, Mazura M, Harrison M, Eisenhauer M, Doody P. Internet of things strategic research roadmap. InInternet of things-global technological and societal trends from smart environments and spaces to green ICT. River Publishers. 2022 Sep 1;9-52.

Union IT. ITU Internet Reports 2005: The Internet of Things. In: Proceedings of the Proc. Workshop Rep. Int. Telecommun. Union; 2005.

Sethi P, Sarangi SR. Internet of things: Architectures, protocols, and applications. Journal of Electrical and Computer Engineering. 2017 Jan 26;2017.

Frustaci M, Pace P, Aloi G, Fortino G. Evaluating critical security issues of the IoT world: Present and future challenges. IEEE Internet of Things journal. 2017 Oct 27;5(4):2483-95.

Singh S, Singh N. Internet of Things (IoT): Security challenges, business opportunities & reference architecture for E-commerce. In 2015 International Conference on Green Computing and Internet of Things (ICGCIoT). Ieee.2015 Oct 8;1577-1581.

Akhtar MS, Feng T. A systemic security and privacy review: Attacks and prevention mechanisms over IOT layers. EAI Endorsed Transactions on Security and Safety. 2022 Aug 5;8(30).

D. Singh, Pushparaj, M. K. Mishra et al. Security issues in different layers of iot and their possible mitigation. International Journal of Scientific and Technology Research. 2020;9(4): 2762–2771.

Krishna RR, Priyadarshini A, Jha AV, Appasani B, Srinivasulu A, Bizon N. State-of-the-art review on IoT threats and attacks: Taxonomy, challenges and solutions. Sustainability. 2021 Aug 23;13(16):9463.

Ali I, Sabir S, Ullah Z. Internet of things security, device authentication and access control: A review. arXiv preprint arXiv:1901.07309; 2019 Jan 9.

Mahmoud R, Yousuf T, Aloul F, Zualkernan I. Internet of things (IoT) security: Current status, challenges and prospective measures. In 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST). IEEE. 2015 Dec 14;336-341.

Swamy SN, Jadhav D, Kulkarni N. Security threats in the application layer in IOT applications. In 2017 International Conference on i-SMAC (Iot In Social, Mobile, Analytics And Cloud)(i-SMAC). IEEE. 2017 Feb 10;477-480.

Sayana LS, Joshi BK. Security issues in internet of things. Uttarakhand: ICFAI; 2016 Apr.

Wu M, Lu TJ, Ling FY, Sun J, Du HY. Research on the architecture of Internet of Things. In 2010 3rd International Conference on Advanced Computer Theory and Engineering (ICACTE). IEEE. 2010 Aug 20;5:V5-484.

Burhan M, Rehman RA, Khan B, Kim BS. IoT elements, layered architectures and security issues: A comprehensive survey. sensors. 2018 Aug 24;18(9):2796.

Khan R, Khan SU, Zaheer R, Khan S. Future internet: The internet of things architecture, possible applications and key challenges. In 2012 10th International Conference on Frontiers of Information Technology. IEEE. 2012 Dec 17;257-260.

Borgohain T, Kumar U, Sanyal S. Survey of security and privacy issues of internet of things. arXiv preprint arXiv:1501.02211; 2015 Jan 9.

Smith R, Palin D, Ioulianou PP, Vassilakis VG, Shahandashti SF. Battery draining attacks against edge computing nodes in IoT networks. Cyber-Physical Systems. 2020 Apr 2;6(2):96-116.

Znaidi W, Minier M, Babau JP. An ontology for attacks in wireless sensor networks (Doctoral dissertation, INRIA).

Muraleedharan R, Osadciw LA. Cross layer denial of service attacks in wireless sensor network using swarm intelligence. In 2006 40th Annual Conference on Information Sciences and Systems. IEEE. 2006 Mar 22;1653-1658.

Xu W, Ma K, Trappe W, Zhang Y. Jamming sensor networks: Attack and defense strategies. IEEE network. 2006 Jun 5;20(3):41-7.

Yin W, Hu P, Zhou H, Xing G, Wen J. Jamming attacks and defenses for fast association in IEEE 802.11 ah networks. Computer Networks. 2022 May 8;208:108890.

Tahsien SM, Karimipour H, Spachos P. Machine learning based solutions for security of Internet of Things (IoT): A survey. Journal of Network and Computer Applications. 2020 Jul 1;161: 102630.

Chang SY, Hu YC, Laurenti N. SimpleMAC: A jamming-resilient MAC-layer protocol for wireless channel coordination. In Proceedings of the 18th Annual International Conference on Mobile Computing and Networking 2012 Aug 22;77-88.

Weingart SH. Physical security devices for computer subsystems: A survey of attacks and defenses. In International Workshop on Cryptographic Hardware and Embedded Systems. Berlin, Heidelberg: Springer Berlin Heidelberg. 2000 Aug 17;302-317.

Miller D. Blockchain and the internet of things in the industrial sector. IT professional. 2018 Jun 11;20(3):15-8.

Han P, Zhang Z, Ji S, Wang X, Liu L, Ren Y. Access control mechanism for the Internet of things based on blockchain and inner product encryption. Journal of Information Security and Applications. 2023 May 1;74:103446.

Abbas SG, Vaccari I, Hussain F, Zahid S, Fayyaz UU, Shah GA, Bakhshi T, Cambiaso E. Identifying and mitigating phishing attack threats in IoT use cases using a threat modelling approach. Sensors. 2021 Jul 14;21(14):4816.

Li B, Ye R, Gu G, Liang R, Liu W, Cai K. A detection mechanism on malicious nodes in IoT. Computer Communications. 2020 Feb 1;151:51-9.

Wallgren L, Raza S, Voigt T. Routing attacks and countermeasures in the RPL-based internet of things. International Journal of Distributed Sensor Networks. 2013 Aug 22;9(8):794326.

Sahay R, Geethakumari G, Mitra B. IB-RPL: Embedding isolation and blacklisting of malicious nodes in RPL for securing IoT-LLNs. In 2021 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). IEEE. 2021 Dec 13;1-6.

Khatun MA, Chowdhury N, Uddin MN. Malicious nodes detection based on artificial neural network in IoT environments. In 2019 22nd International Conference on Computer and Information Technology (ICCIT). IEEE. 2019 Dec 18;1-6.

Vuppala S, Mady AE, Kuenzi A. Moving target defense mechanism for side-channel attacks. IEEE Systems Journal. 2019 Jun 27;14(2):1810-9.

Takarabt S, Schaub A, Facon A, Guilley S, Sauvage L, Souissi Y, Mathieu Y. Cache-timing attacks still threaten iot devices. InCodes, Cryptology and Information Security: Third International Conference, C2SI 2019, Rabat, Morocco, April 22–24, 2019, Proceedings-In Honor of Said El Hajji. Springer International Publishing. 2019;3:13-30.

Lyu Y, Mishra P. A survey of side-channel attacks on caches and countermeasures. Journal of Hardware and Systems Security. 2018 Mar;2:33-50.

Prates N, Vergütz A, Macedo RT, Santos A, Nogueira M. A defense mechanism for timing-based side-channel attacks on IoT traffic. In GLOBECOM 2020-2020 IEEE Global Communications Conference. IEEE. 2020 Dec 7;1-6.

Haiahem R, Minet P, Boumerdassi S, Azouz Saidane L. Collision-free transmissions in an IoT monitoring application based on LoRaWAN. Sensors. 2020 Jul 21;20(14):4053.

Jamali J, Bahrami B, Heidari A, Allahverdizadeh P, Norouzi F. Towards the internet of things. Springer International Publishing; 2020.

Calhoun BH, Wentzloff DD. Ultra-low power wireless SoCs enabling a batteryless IoT. In Hot Chips Symposium. 2015 Aug 1;1-45.

Lee IG, Go K, Lee JH. Battery draining attack and defense against power saving wireless LAN devices. Sensors. 2020 Apr 5;20(7):2043.

Mitrokotsa A, Rieback MR, Tanenbaum AS. Classifying RFID attacks and defenses. Information Systems Frontiers. 2010 Nov;12:491-505.

Huang W, Zhang Y, Feng Y. ACD: An adaptable approach for RFID cloning attack detection. Sensors. 2020 Apr 22;20(8):2378.

Singh AK, Patro BD. Security attacks on RFID and their countermeasures. In Computer Communication, Networking and IoT: Proceedings of ICICC 2020. Springer Singapore. 2021; 509-518.

Pawar MV. Detection and prevention of black-hole and wormhole attacks in wireless sensor network using optimized LSTM. International Journal of Pervasive Computing and Communications. 2023 Jan 6;19(1):124-53.

Ali S, Khan MA, Ahmad J, Malik AW, ur Rehman A. Detection and prevention of Black Hole Attacks in IOT & WSN. In 2018 third international conference on fog and mobile edge computing (FMEC). IEEE. 2018 Apr 23;217-226.

Kaurav A, Kumar KA. Detection and prevention of blackhole attack in wireless sensor network using Ns-2.35 simulator. International Journal of Scientific Research in Computer Science, Engineering and Information Technology. 2017;2(3):717. ISSN : 2456-3307

Arulkumaran G, Gnanamurthy RK. Fuzzy trust approach for detecting black hole attack in mobile adhoc network. Mobile Networks and Applications. 2019 Apr 15;24:386-93.

Jain AK, Tokekar V. Mitigating the effects of Black hole attacks on AODV routing protocol in mobile ad hoc networks. In 2015 International Conference on Pervasive Computing (ICPC). IEEE. 2015 Jan 8;1-6.

Hemalatha P, Vijithaananthi J. An effective performance for Denial of Service Attack (DoS) detection. In 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC) IEEE. 2017 Feb 10; 229-233.

An GH, Cho TH. Improving sinkhole attack detection rate through knowledge-based specification rule for a sinkhole attack intrusion detection technique of IoT. Int. J. Comput. Netw. Appl. 2022 Mar;9:169.

Leloglu E. A review of security concerns in Internet of Things. Journal of Computer and Communications. 2016 Dec 30;5(1):121-36.

Raza S, Wallgren L, Voigt T. SVELTE: Real-time intrusion detection in the internet of things. Ad Hoc Networks. 2013 Nov 1;11(8):2661-74.

Liu Y, Ma M, Liu X, Xiong NN, Liu A, Zhu Y. Design and analysis of probing route to defense sink-hole attacks for internet of things security. IEEE Transactions on Network Science and Engineering. 2018 Nov 13;7(1):356-72.

Karlof C, Wagner D. Secure routing in wireless sensor networks: Attacks and countermeasures. Ad Hoc Networks. 2003 Sep 1;1(2-3):293-315.

Jiang J, Liu Y. Secure IoT routing: Selective forwarding attacks and trust-based defenses in RPL network. arXiv preprint arXiv:2201.06937; 2022 Jan 18.

Neerugatti V, Rama Mohan Reddy A. Artificial intelligence-based technique for detection of selective forwarding attack in rpl-based internet of things networks. In Emerging Research in Data Engineering Systems and Computer Communications: Proceedings of CCODE 2019. Springer Singapore. 2020;67-77.

Mathur A, Newe T, Rao M. Defence against black hole and selective forwarding attacks for medical WSNs in the IoT. Sensors. 2016 Jan 19;16(1):118.

Abughazaleh N, Bin R, Btish M. DoS attacks in IoT systems and proposed solutions. Int. J. Comput. Appl. 2020 Jun;176(33):16-9.

Paudel R, Muncy T, Eberle W. Detecting dos attack in smart home iot devices using a graph-based approach. In 2019 IEEE International Conference on Big Data (Big Data). IEEE. 2019 Dec 9;5249-5258.

Kajwadkar S, Jain VK. A novel algorithm for DoS and DDoS attack detection in Internet of things. In 2018 Conference on Information and Communication Technology (CICT). IEEE. 2018 Oct 26;1-4.

Saied A, Overill RE, Radzik T. Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing. 2016 Jan 8;172:385-93.

Zhang K, Liang X, Lu R, Shen X. Sybil attacks and their defenses in the internet of things. IEEE Internet of Things Journal. 2014 Jul 30;1(5):372-83.

Hu YC, Perrig A, Johnson DB. Wormhole attacks in wireless networks. IEEE Journal on Selected Areas in Communications. 2006 Feb 6;24(2): 370-80.

Liu Y, Zhao W, Wang D, Fu L. A XSS vulnerability detection approach based on simulating browser behavior. In 2015 2nd International Conference on Information Science and Security (ICISS) IEEE. 2015 Dec 14;1-4.

Guo X, Jin S, Zhang Y. XSS vulnerability detection using optimized attack vector repertory. In 2015 International Conference on Cyber-Enabled Distributed Computing and Knowledge Discovery. IEEE. 2015 Sep 17;29-36.

Hu C, Pu Y, Yang F, Zhao R, Alrawais A, Xiang T. Secure and efficient data collection and storage of IoT in smart ocean. IEEE Internet of Things Journal. 2020 Apr 20;7(10): 9980-94.

Xu B, Wang W, Hao Q, Zhang Z, Du P, Xia T, Li H, Wang X. A security design for the detecting of buffer overflow attacks in IoT device. IEEE Access. 2018 Nov 15;6:72862-9.

Habibi J, Panicker A, Gupta A, Bertino E. DisARM: Mitigating buffer overflow attacks on embedded devices. In Network and System Security: 9th International Conference, NSS 2015, New York, NY, USA, November 3-5, Proceedings. Springer International Publishing. 2015; 9:112-129.