Skip to main content
SpringerLink
Log in

Internet of Things: information security challenges and solutions

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Keeping up with the burgeoning Internet of Things (IoT) requires staying up to date on the latest network attack trends in dynamic and complicated cyberspace, and take them into account while developing holistic information security (IS) approaches for the IoT. Due to multiple vulnerabilities in the IoT foundations, many targeted attacks are continuing to evolve. This survey of related work in the very specialized field of IS assurance for the IoT develops a taxonomy of typical attacks against IoT assets (with special attention to IoT device protection). Based on this taxonomy, the key directions for countering these attacks are defined. According to the modern demand for the IoT and big IS-related data processing, we propose applying the Security Intelligence approach. The results obtained, when compared with the related work and numerous analogues, are based on the following research methodology: view the IoT as a security object to be protected, leading to understanding its vulnerabilities and possible attacks against the IoT exploiting these vulnerabilities, and from there approaches to protecting the IoT. A few areas of the future research, among which the IoT operational resilience and usage of the blockchain technology seem to us the most interesting, are indicated.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3

Similar content being viewed by others

References

  1. Neustar Cybersecurity Essentials for 2017: http://docs.media.bitpipe.com/io_13x/io_134791/item_1489337/ddos-cyber-security-insights-2016.pdf (2016). Accessed 7 Jan 2018

  2. Malyuk, A., Miloslavskaya, N: Information security theory for the future internet. In: Proceedings of the 3rd International Conference “Future Internet of Things and Cloud” (FiCloud 2015). Rome, 24–26 August 2015, pp. 150–157 (2015)

  3. Recommendations ITU-T Y.4000/Y.2060 (06/2012)

  4. Internet of Things (IoT): http://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT (2016). Accessed 7 Jan 2018

  5. Miloslavskaya, N., Tolstoy, A.: State-level views on professional competencies in the field of IoT and cloud information security. In: Proceedings of 2016 4th International Conference on Future Internet of Things and Cloud Workshops. The 3rd International Symposium on Intercloud and IoT. Vienna, August 2016, pp. 83–90 (2016)

  6. Pfister, C.: Getting Started with the Internet of Things: Connecting Sensors and Microcontrollers to the Cloud. O’Reily, Sebastopol (2011)

    Google Scholar 

  7. McEwen, A., Cassimally, H.: Designing the Internet of Things. Wiley, Hokoben (2014)

    Google Scholar 

  8. Behga, A., Madisetti, V.: Internet of Things (A Hands-on Approach). VPT, Blacksburg, VA (2014)

    Google Scholar 

  9. Holler, J., Tsiatsis, V., Mulligan, C., Avesand, S., Karnouskos, S., Boyle, D.: From Machine-to-Machine to the Internet of Things: Introduction to a New Age of Intelligence. Elsevier, Amsterdam (2014)

    Google Scholar 

  10. Greengard, S.: The Internet of Things. The MIT Press Essential Knowledge Series, Cambridge (2015)

    Google Scholar 

  11. Kurniawan, A.: Smart Internet of Things. Packt Publishing Ltd, Birmingham (2016)

    Google Scholar 

  12. Keele, S.: Guidelines for performing systematic literature reviews in software engineering. Technical Report, EBSE Technical Report EBSE-2007-01 (2007)

  13. Dhanjani, N.: Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts. O’Reilly Media, Sebastopol (2015)

    Google Scholar 

  14. Russell, B., Van Duren, D.: Practical Internet of Things Security. Packt Publishing, Birmingham (2016)

    Google Scholar 

  15. Hu, F.: Security and Privacy in Internet of Things: Models, Algorithms, and Implementations. CRC Press, Boca Raton (2016)

    Book  Google Scholar 

  16. Shancang, L., Da Xu, L.: Securing the Internet of Things. Elsevier, Amsterdam (2017)

    Google Scholar 

  17. Schneier, B.: IoT security: what’s plan B? IEEE Secur. Priv. 15(5), 96 (2017)

    Article  Google Scholar 

  18. Dayaker, P., Madan Reddy, Y., Bhargav Kumar, M.: A survey on applications and security issues of internet of things. Int. J. Mech. Eng. Technol. 8(6), 641–648 (2017)

    Google Scholar 

  19. Kiran, P.S., Babu, E.S., Padmini, D., SriLalitha, V.S., Krishnanand, V.: Security issues and countermeasures of three tier architecture of IOT—a survey. Int. J. Pure Appl. Math. 115(6), 49–57 (2017)

    Google Scholar 

  20. Razzaq, M.A., Qureshi, M.A., Gill, S.H., Ullah, S.: Security issues in the Internet of Things (IoT): a comprehensive study. Int. J. Adv. Comput. Sci. Appl. 8(6), 383–388 (2017)

    Google Scholar 

  21. Sasikala, B., Rajanarajana, M., Geethavani, B.: Internet of Things: a survey on security issues analysis and counter measures. Int. J. Eng. Comput. Sci. 6(5), 21435–21442 (2017)

    Google Scholar 

  22. Pawar, A.B., Ghumbre, S: A survey on IoT applications, security challenges and counter measures. In: International Conference on Computing, Analytics and Security Trends, CAST 2016, pp. 294–299 (2017)

  23. Ben Ida, I., Jemai, A., Loukil, A.: A survey on security of IoT in the context of eHealth and clouds. In: International Design and Test Workshop, pp. 25–30 (2017)

  24. Deogirikar, J., Vidhate, A.: Security attacks in IoT: a survey. In: Proceedings of the International Conference on IoT in Social, Mobile, Analytics and Cloud, I-SMAC 2017, pp. 32–37 (2017)

  25. Minoli, D., Sohraby, K., Kouns, J.: IoT security (IoTSec) considerations, requirements, and architecture. In: 2017 14th IEEE Annual Consumer Communications & Networking Conference (CCNC), IEEE Proceedings, pp. 1006–1007 (2017)

  26. Radovan, M., Golub, B.: Trends in IoT security. In: 2017 40th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), IEEE Proceedings, pp. 1302–1308 (2017)

  27. Security in the Internet of Things: Lessons from the Past for the Connected Future. https://www.windriver.com/whitepapers/security-in-the-internet-of-things/wr_security-in-the-internet-of-things.pdf (2015). Accessed 7 Jan 2018

  28. Lucian, C: Hackers found 47 new vulnerabilities in 23 IoT devices at DEF CON. http://www.csoonline.com/article/3119765/security/hackers-found-47-new-vulnerabilities-in-23-iot-devices-at-def-con.html (2017). Accessed 7 Jan 2018

  29. E-Guide: The biggest security challenges for embedded and mobile development amid the rise of IoT. E-Guide. http://docs.media.bitpipe.com/io_12x/io_129893/item_1326785/ProgrammingResearch_IoTAgenda_IO%23129893_Eguide_042016_LI%231326785.pdf. Accessed 7 Jan 2018

  30. Akamai Technologies: Spike DDOS toolkit. https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/spike-ddos-toolkit-threat-advisory.pdf (2014). Accessed 7 Jan 2018

  31. Wright, R: Powerful DDoS attacks leveraging IoT devices hit several companies. http://searchsecurity.techtarget.com/news/450305010/Powerful-DDoS-attacks-leveraging-IoT-devices-hit-several-companies (2016). Accessed 7 Jan 2018

  32. Wallen, J.: Five nightmarish attacks that show the risks of IoT security. http://www.zdnet.com/article/5-nightmarish-attacks-that-show-the-risks-of-iot-security/ (2017). Accessed 7 Jan 2018

  33. Osborne, C.: NetUSB flaw leaves ‘millions’ of routers, IoT devices vulnerable to hacking. http://www.zdnet.com/article/netusb-flaw-leaves-millions-of-routers-iot-devices-vulnerable-to-hacking/ (2015). Accessed 7 Jan 2018

  34. Security by design: http://whatis.techtarget.com/definition/security-by-design (2015). Accessed 7 Jan 2018

  35. Conrad, C.: Next generation security. Slideshow. https://www.slideshare.net/neoma329/next-generationsecurity (2013). Accessed 7 Jan 2018

  36. ISO/IEC 27000:2016: Information technology—security techniques—information security management systems—overview and vocabulary (2016)

  37. Moyle, E.: Three steps to better security in IoT devices. http://internetofthingsagenda.techtarget.com/tip/Three-steps-to-better-IoT-device-security-in-the-enterprise (2016). Accessed 7 Jan 2018

  38. Overview of the Digital Object Architecture: Corporation for National Research Initiatives. http://www.cnri.reston.va.us/papers/OverviewDigitalObjectArchitecture.pdf (2012). Accessed 7 Jan 2018

  39. BITAG: Internet of Things (IoT) security and privacy recommendations. http://www.bitag.org/documents/BITAG_Report_-_Internet_of_Things_(IoT)_Security_and_Privacy_Recommendations.pdf (2016). Accessed 7 Jan 2018

  40. Symantec: An Internet of Things reference architecture. https://www.symantec.com/content/en/us/enterprise/white_papers/iot-security-reference-architecture-wp-en.pdf (2015). Accessed 7 Jan 2018

  41. D’Abreo, C.: What CIOs need to know about IoT and security risks. https://www.masergy.com/blog/what-cios-need-know-about-iot-and-security-risks (2015). Accessed 7 Jan 2018

  42. Hollnagel, E., Nemeth, C.P., Dekker, S.W.A. (eds.): Resilience Engineering Perspectives. Ashgate, Farnham (2008)

    Google Scholar 

  43. Burnham, J.: What is security intelligence and why does it matter today? https://securityintelligence.com/what-is-security-intelligence-and-why-does-it-matter-today/ (2011). Accessed 7 Jan 2018

  44. Hutchins, E.M., Clopperty, M.J., Amin, R.M.: Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains. Lockheed Martin Corporation, Bethesda (2013)

    Google Scholar 

  45. Threat Intelligence Platforms: ThreatConnect, Inc. http://www.informationweek.com/whitepaper/ (2015). Accessed 7 Jan 2018

  46. SAS: Security intelligence. Prevent fraud. Achieve compliance. Preserve security. https://www.sas.com/en_us/software/fraud-security-intelligence.html (2016). Accessed 7 Jan 2018

  47. Miloslavskaya, N., Tolstoy, A., Migalin, A.: “Network security intelligence” educational and research center. In: Bishop, M., Futcher, L., Miloslavskaya, N., Theocharidou, M. (eds.) Information Security Education for a Global Digital Society. WISE 2017. IFIP Advances in Information and Communication Technology, vol. 503, pp. 157–168. Springer, New York (2017)

    Google Scholar 

  48. Nielson, B.: Blockchain solutions for cyber & data security. https://richtopia.com/emerging-technologies/blockchain-solutions-for-cyber-data-security. Accessed 07 Jan 2018

Download references

Author information

Authors and Affiliations

  1. National Research Nuclear University MEPhI (Moscow Engineering Physics Institute), 31 Kashirskoye Shosse, Moscow, Russia, 115409

    Natalia Miloslavskaya & Alexander Tolstoy

Authors
  1. Natalia Miloslavskaya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Tolstoy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Natalia Miloslavskaya.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Miloslavskaya, N., Tolstoy, A. Internet of Things: information security challenges and solutions. Cluster Comput 22, 103–119 (2019). https://doi.org/10.1007/s10586-018-2823-6

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-018-2823-6

Keywords

Search

Navigation