The State of Internet of Things (IOT) Security (January 2018)Frank Sclafani, David Tran, Tschannen Adam , Bin Yu, and Evangelos Giakoumakis Abstract— The sudden and recent rise of IoT devices is causing concern about the increased risk of cyber attacks in both home and business networks.
This rise has given rise to the security concern that has a globe impact, with both businesses applications and residential ones, such as smart devices like baby monitors, smart-watches, smart-speakers, and smart-thermostats, potentially providing an increased attack surface into computer networks. IoT devices pose a significant threat to corporate and residential networks. This paper will highlight the issues with IoT security and provide recommendations to secure IOT devices on the internet.Index Terms—IoT, IoT Security, Smart Devices, DDoS, IoT DevicesINTRODUCTIONThe Mirai malware, a variant of the most well covered and analysed cyber attacks of 2016, is responsible for one of the largest and most disruptive online attacks to date. It began to spread and gain the spotlight of the media attention in September 2016, when famous security reporter and researcher, KrebsOnSecurity, came under a distributed denial-of-service (DDoS) attack from an estimated 175,000 IoT devices.
Akamai estimated that the DDoS volume capped out at 620 Gbps, which at the time was twice the size of the next-largest DDoS attack previously recorded. After several days the relentless DDoS several major internet service providers like Akamai were forced to re-route and sever several key routes because of the sheer volume of the attack. In a surprise twist days after the attack the authors of Mirai released the source code for their botnet. It only took a few days before there were multiple clones of the Mirai botnet competing to subject vulnerable IoT devices under their rule. The Internet of Things is a recent phononym that has only been commonly used in the past few years. Although, the IoT can trace its roots to ARPANET, the foundation of the internet as we know it today.
Specifically IoT was coined with the implementation of Global Positioning Satellites (GPS) in the early 1990’s. The US Department of Defense created a interconnected system of 24 satellites. Many consider these satellites as the first interconnected system of “things” and provide the example for what we now call IoT.
The earliest documented use of the phrase “Internet of Things” was first used to describe a Coca Cola machine, located at the Carnegie Mellon University in 1999. Students connected this machine to the internet in order to check if there was a cold drink available. Fast forward to today and the Internet of Things has evolved into to a broad complex collection of multiple technologies, including wired, wireless, and almost every in between that can route traffic.
In particular the buildings and homes automation market, wireless sensors, GPS, industrial control systems (ICS), and countless other markets have exploded in popularity in part thanks to the IoT. Although it is a broad generalization, it can be said that the Internet of Things is made up of device that can be connected to the Internet. This includes almost anything you can think of, ranging from cellphones to building maintenance to the jet engine of an airplane. Medical devices, such as a heart monitor implants or a biochip transponder in a farm animal, can transfer data over a network and are considered members of the IoT.
As sensors and video cameras become more commonplace, especially in public spaces, consumers have less and less knowledge about the information being collected, and no way to avoid it. Many people are uncomfortable with the idea of companies collecting information about them, and even more uncomfortable having that information sold to anyone and everyone. From all the above it should come as no surprise that security has become a significant concern with the rapid growth of IoT. Billions of devices are being interconnected together, making it possible for someone to hack into your coffee maker, and then access your entire network. The Internet of Things also makes businesses all around the world more open to security threats. Additionally, data sharing and privacy becomes an issue when using the Internet of Things. Consider how concerns will grow when billions of devices are interconnected.
Some businesses will be faced with storing the massive amounts of information these devices will be producing. They will need to find a method of securely storing the data, while still being able to access, track, and analyze the huge amounts of it being generated. This is the focus of this project and in the following chapters we will discuss about prospective issues and solutions regarding IoT communications.Iot Security ArchitectureIoT Security Problems HighlightHow to Improve IoT SecurityConclusionReferences 1 Dataversity. (2018, Jan 25). A Brief History of Internet of Thing. Online.
Available: http://www.dataversity.net/brief-history-internet-things/2 IoT ANALYTICS. (2016, Nov 29).
Understanding IoT Security. Online. Available: https://iot-analytics.
com/understanding-iot-security-part-1-iot-security-architecture/2 Networkworld. (2017, Aug 21). How to improve IoT security. Online.