Abstract
Keeping up with the burgeoning Internet of Things (IoT) requires staying up to date on the latest network attack trends in dynamic and complicated cyberspace, and take them into account while developing holistic information security (IS) approaches for the IoT. Due to multiple vulnerabilities in the IoT foundations, many targeted attacks are continuing to evolve. This survey of related work in the very specialized field of IS assurance for the IoT develops a taxonomy of typical attacks against IoT assets (with special attention to IoT device protection). Based on this taxonomy, the key directions for countering these attacks are defined. According to the modern demand for the IoT and big IS-related data processing, we propose applying the Security Intelligence approach. The results obtained, when compared with the related work and numerous analogues, are based on the following research methodology: view the IoT as a security object to be protected, leading to understanding its vulnerabilities and possible attacks against the IoT exploiting these vulnerabilities, and from there approaches to protecting the IoT. A few areas of the future research, among which the IoT operational resilience and usage of the blockchain technology seem to us the most interesting, are indicated.
Similar content being viewed by others
References
Neustar Cybersecurity Essentials for 2017: http://docs.media.bitpipe.com/io_13x/io_134791/item_1489337/ddos-cyber-security-insights-2016.pdf (2016). Accessed 7 Jan 2018
Malyuk, A., Miloslavskaya, N: Information security theory for the future internet. In: Proceedings of the 3rd International Conference “Future Internet of Things and Cloud” (FiCloud 2015). Rome, 24–26 August 2015, pp. 150–157 (2015)
Recommendations ITU-T Y.4000/Y.2060 (06/2012)
Internet of Things (IoT): http://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT (2016). Accessed 7 Jan 2018
Miloslavskaya, N., Tolstoy, A.: State-level views on professional competencies in the field of IoT and cloud information security. In: Proceedings of 2016 4th International Conference on Future Internet of Things and Cloud Workshops. The 3rd International Symposium on Intercloud and IoT. Vienna, August 2016, pp. 83–90 (2016)
Pfister, C.: Getting Started with the Internet of Things: Connecting Sensors and Microcontrollers to the Cloud. O’Reily, Sebastopol (2011)
McEwen, A., Cassimally, H.: Designing the Internet of Things. Wiley, Hokoben (2014)
Behga, A., Madisetti, V.: Internet of Things (A Hands-on Approach). VPT, Blacksburg, VA (2014)
Holler, J., Tsiatsis, V., Mulligan, C., Avesand, S., Karnouskos, S., Boyle, D.: From Machine-to-Machine to the Internet of Things: Introduction to a New Age of Intelligence. Elsevier, Amsterdam (2014)
Greengard, S.: The Internet of Things. The MIT Press Essential Knowledge Series, Cambridge (2015)
Kurniawan, A.: Smart Internet of Things. Packt Publishing Ltd, Birmingham (2016)
Keele, S.: Guidelines for performing systematic literature reviews in software engineering. Technical Report, EBSE Technical Report EBSE-2007-01 (2007)
Dhanjani, N.: Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts. O’Reilly Media, Sebastopol (2015)
Russell, B., Van Duren, D.: Practical Internet of Things Security. Packt Publishing, Birmingham (2016)
Hu, F.: Security and Privacy in Internet of Things: Models, Algorithms, and Implementations. CRC Press, Boca Raton (2016)
Shancang, L., Da Xu, L.: Securing the Internet of Things. Elsevier, Amsterdam (2017)
Schneier, B.: IoT security: what’s plan B? IEEE Secur. Priv. 15(5), 96 (2017)
Dayaker, P., Madan Reddy, Y., Bhargav Kumar, M.: A survey on applications and security issues of internet of things. Int. J. Mech. Eng. Technol. 8(6), 641–648 (2017)
Kiran, P.S., Babu, E.S., Padmini, D., SriLalitha, V.S., Krishnanand, V.: Security issues and countermeasures of three tier architecture of IOT—a survey. Int. J. Pure Appl. Math. 115(6), 49–57 (2017)
Razzaq, M.A., Qureshi, M.A., Gill, S.H., Ullah, S.: Security issues in the Internet of Things (IoT): a comprehensive study. Int. J. Adv. Comput. Sci. Appl. 8(6), 383–388 (2017)
Sasikala, B., Rajanarajana, M., Geethavani, B.: Internet of Things: a survey on security issues analysis and counter measures. Int. J. Eng. Comput. Sci. 6(5), 21435–21442 (2017)
Pawar, A.B., Ghumbre, S: A survey on IoT applications, security challenges and counter measures. In: International Conference on Computing, Analytics and Security Trends, CAST 2016, pp. 294–299 (2017)
Ben Ida, I., Jemai, A., Loukil, A.: A survey on security of IoT in the context of eHealth and clouds. In: International Design and Test Workshop, pp. 25–30 (2017)
Deogirikar, J., Vidhate, A.: Security attacks in IoT: a survey. In: Proceedings of the International Conference on IoT in Social, Mobile, Analytics and Cloud, I-SMAC 2017, pp. 32–37 (2017)
Minoli, D., Sohraby, K., Kouns, J.: IoT security (IoTSec) considerations, requirements, and architecture. In: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), IEEE Proceedings, pp. 1006–1007 (2017)
Radovan, M., Golub, B.: Trends in IoT security. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), IEEE Proceedings, pp. 1302–1308 (2017)
Security in the Internet of Things: Lessons from the Past for the Connected Future. https://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf (2015). Accessed 7 Jan 2018
Lucian, C: Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON. http://www.csoonline.com/article/3119765/security/hackers-found-47-new-vulnerabilities-in-23-iot-devices-at-def-con.html (2017). Accessed 7 Jan 2018
E-Guide: The biggest security challenges for embedded and mobile development amid the rise of IoT. E-Guide. http://docs.media.bitpipe.com/io_12x/io_129893/item_1326785/ProgrammingResearch_IoTAgenda_IO%23129893_Eguide_042016_LI%231326785.pdf. Accessed 7 Jan 2018
Akamai Technologies: Spike DDOS toolkit. https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/spike-ddos-toolkit-threat-advisory.pdf (2014). Accessed 7 Jan 2018
Wright, R: Powerful DDoS attacks leveraging IoT devices hit several companies. http://searchsecurity.techtarget.com/news/450305010/Powerful-DDoS-attacks-leveraging-IoT-devices-hit-several-companies (2016). Accessed 7 Jan 2018
Wallen, J.: Five nightmarish attacks that show the risks of IoT security. http://www.zdnet.com/article/5-nightmarish-attacks-that-show-the-risks-of-iot-security/ (2017). Accessed 7 Jan 2018
Osborne, C.: NetUSB flaw leaves ‘millions’ of routers, IoT devices vulnerable to hacking. http://www.zdnet.com/article/netusb-flaw-leaves-millions-of-routers-iot-devices-vulnerable-to-hacking/ (2015). Accessed 7 Jan 2018
Security by design: http://whatis.techtarget.com/definition/security-by-design (2015). Accessed 7 Jan 2018
Conrad, C.: Next generation security. Slideshow. https://www.slideshare.net/neoma329/next-generationsecurity (2013). Accessed 7 Jan 2018
ISO/IEC 27000:2016: Information technology—security techniques—information security management systems—overview and vocabulary (2016)
Moyle, E.: Three steps to better security in IoT devices. http://internetofthingsagenda.techtarget.com/tip/Three-steps-to-better-IoT-device-security-in-the-enterprise (2016). Accessed 7 Jan 2018
Overview of the Digital Object Architecture: Corporation for National Research Initiatives. http://www.cnri.reston.va.us/papers/OverviewDigitalObjectArchitecture.pdf (2012). Accessed 7 Jan 2018
BITAG: Internet of Things (IoT) security and privacy recommendations. http://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf (2016). Accessed 7 Jan 2018
Symantec: An Internet of Things reference architecture. https://www.symantec.com/content/en/us/enterprise/white_papers/iot-security-reference-architecture-wp-en.pdf (2015). Accessed 7 Jan 2018
D’Abreo, C.: What CIOs need to know about IoT and security risks. https://www.masergy.com/blog/what-cios-need-know-about-iot-and-security-risks (2015). Accessed 7 Jan 2018
Hollnagel, E., Nemeth, C.P., Dekker, S.W.A. (eds.): Resilience Engineering Perspectives. Ashgate, Farnham (2008)
Burnham, J.: What is security intelligence and why does it matter today? https://securityintelligence.com/what-is-security-intelligence-and-why-does-it-matter-today/ (2011). Accessed 7 Jan 2018
Hutchins, E.M., Clopperty, M.J., Amin, R.M.: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation, Bethesda (2013)
Threat Intelligence Platforms: ThreatConnect, Inc. http://www.informationweek.com/whitepaper/ (2015). Accessed 7 Jan 2018
SAS: Security intelligence. Prevent fraud. Achieve compliance. Preserve security. https://www.sas.com/en_us/software/fraud-security-intelligence.html (2016). Accessed 7 Jan 2018
Miloslavskaya, N., Tolstoy, A., Migalin, A.: “Network security intelligence” educational and research center. In: Bishop, M., Futcher, L., Miloslavskaya, N., Theocharidou, M. (eds.) Information Security Education for a Global Digital Society. WISE 2017. IFIP Advances in Information and Communication Technology, vol. 503, pp. 157–168. Springer, New York (2017)
Nielson, B.: Blockchain solutions for cyber & data security. https://richtopia.com/emerging-technologies/blockchain-solutions-for-cyber-data-security. Accessed 07 Jan 2018
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Miloslavskaya, N., Tolstoy, A. Internet of Things: information security challenges and solutions. Cluster Comput 22, 103–119 (2019). https://doi.org/10.1007/s10586-018-2823-6
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-018-2823-6