Evaluating Critical Security Issues of the IoT

World: Present and Future Challenges

Abstract

Social Internet of Things (SIoT) is a new paradigm where Internet of Things (IoT)
merges with social networks,allowing people and devices to interact, and facilitating
information sharing. However, security and privacy issues are a great challenge for
IoT but they are also enabling factors to create a “trust ecosystem.” In fact, the
intrinsic vulnerabilities of IoT devices, with limited resources and heterogeneous
technologies,together with the lack of specifically designed IoT standards,
represent a fertile ground for the expansion of specific cybernetics. In this paper, we
try to bring order on the IoT security panorama providing a taxonomic analysis from
the perspective of the three main key layers of the IoT system model:
1) perception 2) transportation and 3) application levels.

INTRODUCTION

IN THE next future, the Internet of Things (IoT) paradigm will involve billion of smart-
devices with processing, sensing and actuating capabilities able to be connected to
the internet Integrating social networking concepts into the IoT has led to the Social
IoT (SIoT) concept which enables people and connected devices to interact,
facilitating information sharing. However, interoperability, security, and privacy
issues are a great challenge for IoT but they are also enabling factors to create a
“trust and interoperable ecosystem.”

Security issue is emphasized by the lack of standards specifically designed for devices
with limited resources and heterogeneous technologies. In addition, these
devices, due to many vulnerabilities, represent a «fertile ground» for existing cyber
threats.

Through a bot net consisting of a large number of vulnerable IoT devices that had
been infected by the Mirai malware. Finally, another matter of concern for IoT, is the
privacy in the protection of the personal data collected by such IoT systems since it is
necessary to provide full awareness and control of the automatic data flow to the
generic end user. Starting from this worrying and challenging context, this paper
discusses the current status and how to design IoT security. Systems with specific
reference to threats.

In Section IV, we define how security must be correctly designed to support the IoT
paradigm by exhibiting some generic policies and strategies which should be
redesigned to address specific characteristics of IoT world application. Each of these
system levels summarized has its own specific technologies that bring issues and
some possible security weaknesses.
In the security problems of each layer are analyzed separately by looking for new
robust and feasible solutions. The first layer is related to the physical IoT sensors to
support data collection and processing on different common technologies such as
radio-frequency identification , wireless sensor network , RFID sensor network , and
GPS. The application layer provides the services requested by customers.

For instance, the application layer can provide temperature and air humidity
measurements to the customers asking for such data. IoT is that it has the ability to
provide high-quality smart services to meet customers’ needs. Every participant can
define one or multiple policies to perform decision-making according to their
request.

Uniforming Decision-Making for Heterogeneous IoT

Only addressing these goals, it is possible to achieve a comprehensive and holistic

trust management for IoT. Security in IoT devices is often neglected or treated as an
afterthought from the IoT manufacturers. The few devices that support some
protection usually employ software level solutions, such as firmware signing. In this
section, we discuss about the design of security techniques for IoT systems and
devices also highlighting the differences with traditional IT security.

In addition, we provide useful policies to secure IoT systems from some standard
threats summarized in Table I. Data confidentiality is the ability to provide
confidence to user about the privacy of the sensitive information by using different
mechanisms so that its disclosure to the unauthorized party is prevented and can be
accessed by the authorized users only. Data confidentiality is usually supported
through different mechanisms such as data encryption or access control. Data
integrity refers to the protection of useful information from the cyber criminals or
the external interference during data transit or rest through some common methods
like data integrity algorithms preventing data alteration. Data availability ensures the
immediate access of authorized party to their information resources not only in the
normal conditions but also in disastrous conditions.

CIA security model. Attacks on the services like DoS attack can deny data
availability. A fundamental issue in IoT world is that most of the IoT devices are
«closed,» thus, customers cannot add security software once the devices have been
shipped from the factory. For such reasons, security has to be built into IoT devices
so that they are «secure by design» .

In other words, for IoT devices, the security concept must evolve from «add-on
security» in which security is just added on the existing systems such as servers or
PCs . Another important issue is related to the fact that, in general, an IoT system is
composed by nodes with limited hardware and software resources , while traditional
IT is mostly based on resources rich devices. So, in the IoT world, only lightweight
algorithms can be used, in most of the cases, to find a right balance between higher
security and lower capabilities.

IoT devices is a common feature, easily observable in every functional element the

perceptual environment is often open, and thus, security strategies, previously used
in closed environments, can cause problems in the open environment.

Message confidentiality is typically achieved by encrypting the payload portion of a

frame. The header information is not encrypted. At the controller, link layer security
in BLE provides confidentiality and integrity via AES-CCM. WPA2 protocols to
implement authentication and encryption processes.

WEP uses a 64- or 128-bit encryption key that must be manually entered on wireless
access points and devices and does not change while the temporal key integrity
protocol has been adopted for WPA employing a per-packet key that dynamically
generates a new 128-bit key for each packet to prevent attacks that compromised
WEP. Finally, the protocol used by WPA2, based on the advanced encryption
standard cipher is significantly stronger in protection for both privacy and integrity
than the RC4-based TKIP used by WPA. In particular, both WPA and WPA2 use the
same authentication system. Enterprise networks use EAP protocol for mutual
authentication through a RADIUS server, whilst, for home and small office
networks, preshared key protocol is used.

In addition, WPA adopts Michael algorithm for data integrity but WPA2 implements
a more robust, efficient and stronger algorithm, CBC-MAC.

Universal Mobile Telecommunications System EPS encryption algorithm EPS integrity

algorithm . Two confidentiality and integrity algorithm sets had already been
developed and standardized. The first set, 128-EEA1 and is based on the stream
cipher SNOW 3G, and was inherited from the UMTS network.

The main functions of the network layer include message forwarding and host
addressing supported by the standard

In addition, IPv6 use mandatory end-to-end encryption, while in IPv4, it remains an

extra option. IPv6 also supports more-secure name resolution achieving network
layer confidentiality, integrity and authentication through IPsec protocol. In IPv6, the
secure neighbor discovery protocol is a security extension of the neighbor discovery
protocol , used in IPv6 for the discovery of neighboring nodes on the local link. SEND
enhances this insecure protocol by employing cryptographically generated
addresses.

6LoWPAN: Since IoT system is also composed by

DODAG root and relative to other nodes. The RPL specification [39] defines secure
versions of the various routing control messages, as well as three basic security
modes. In the first mode, named «unsecured,» RPL control messages are sent
without any additional security mechanisms.

A device may initially join the network using a pre configured key and the
preinstalled security mode, and next obtain a different cryptographic key from a key
authority with which it may start functioning as a router. Even with message security
that enables encryption and authentication, networks are vulnerable to a number of
wireless and routing attacks aimed to disrupt the network. Hence, an IDS is
necessary to detect intruders that are trying to disrupt the network. The first
module, called 6LoWPAN mapper, gathers information about the RPL network and
reconstructs the network in the 6BR.

The second module is the intrusion detection component that analyzes the mapped
data and detects intrusion. The third module, a distributed mini-firewall, is designed
to offload nodes by filtering unwanted traffic toward resource-constrained network.

It provides a security against eavesdropping. The disadvantage of MQTT security is

the use of TLS/SSL which is not optimized for constrained devices. In fact, using
TLS/SSL with certificates and session key management for a multitude of
heterogeneous devices, is surely cumbersome [42]. For this reasons, a more
scalable, lightweight, and robust security mechanism is required.

In a secure MQTT is proposed to increase security features of the existing MQTT

protocol and its variants based on lightweight attribute-based encryption, over
elliptic curves. In two different types of ABEs, key-policy ABE and ciphertext-policy
ABE, have been evaluated on different classes of mobile devices including a laptop
and a smartphone providing a comprehensive study of ABE techniques and their
performances. The CoAP uses UDP protocol and encryption is most commonly
accomplished using DTLS and sometimes with IPSec. DTLS is applied in the transport
layer and the fundamental AES/CCM provides confidentiality
, integrity, authentication and non repudiation.

The Californium framework Raw public key Certificates to support authentication

based on public key where keys are always validated according to a trusted entity
known as certificate authority. The drawback of using the certificates is mainly due
to heavy data format and fixed costs. Key management is a drawback of the CoAP
security which is a common issue in almost all protocols. In fact, a novel DTLS header
compression scheme called Lithe has been proposed in with the aim of significantly
reducing the energy consumption by leveraging the 6LoWPAN standard without
compromising the end-to-end security properties.

In addition, the evaluation results show significant gains in terms of packet

size, energy consumption, processing time, and network-wide response times when
compressed DTLS is enabled. A clear limitation of this solution is that DTLS header
compression is applied only within 6LoWPAN networks. In a security analysis
between CoAP and MQTT is presented with a particular focus on the transport level
protocol used , which inherently enforces the usage of DTLS for CoAP and TLS for
MQTT. Moreover a set of security modes and also mandatory-to implement ciphers
are supported by CoAP whilst, in contrast, the MQTT specification only enumerates a
list of security considerations and does not enforce any kind of implementations.

The comparative analysis has been conducted considering the four security modes
already described. In addition, due to different standard security mechanisms, the
interoperability issue has a non trivial solution, mostly based on security level
negotiation between IoT devices.

To direct further research on the most vulnerable layer

IoT system model, we can use risk classification limited to a qualitative evaluation of
each layer due to lack of quantitative metrics. The perception layer can be classified
with the highest security risk level for physical exposure of IoT devices, deployed also
in open environments. Qualitative risk evaluation for IoT system. Hardware
limitations and technological heterogeneity that limit the implementation of
effective security measures.

On the other side, the transportation layer can be classified as a lower risk level
respect to the perception layer due to the known drawbacks of standard wireless
data transfer technologies, as well as known threats in access networks. Usually the
solution is to upgrade the system and use DDoS attack detection and
prevention. Currently, there is no good solution to solve the network DDoS attack.

CVSS is a free and open industry standard for assessing the severity of computer
system security vulnerabilities. The BS shown in The access vector The access
complexity The authentication metric that describes the number of times that an
attacker must authenticate to a target to exploit it.

Critical Security Issues Evaluation

To evaluate the presented critical security issues, with the aim of directing the
research activities in the next future, we considered them as intrinsic vulnerabilities
of the IoT Systems and we calculated a severity score for each of them by using a
novel approach through conventional base score BS) equations named common
vulnerability scoring system (CVSS) v2, proposed by the National Infrastructure
Advisory Council. CVSS is a free and open industry standard for assessing the severity
of computer system security vulnerabilities. It attempts to assign severity scores to
different vulnerabilities, allowing managers to prioritize responses and resources
according to the specific threat. Scores are calculated according to several metrics
that approximate ease of exploit and the impact of exploit. Scores range from 0 to
10, with 10 being the most severe. The BS shown in is composed of two sets of
metrics: 1) the exploitability metrics and 2) the impact metrics. The exploitability
metrics capture how the vulnerability is accessed and whether or not extra
conditions are required to exploit it. These metrics are as follows.
1) The access vector (AV) that shows how a vulnerability may be exploited.
2) The access complexity (AC) metric that describes how easy or difficult it is to
exploit the discovered vulnerability.
3) The authentication (Au) metric that describes the number of times that an
attacker must authenticate to a target to exploit it.
BS = (0.6 ∗ Impact + 0.4 ∗ Exploitability − 1.5) ∗ f(Impact).

The impact metrics measure how a vulnerability, if exploited, will directly affect an IT
asset, where the impacts are independently defined as the degree of loss
confidentiality (C), integrity (I), and availability (A). To calculate these sets of metrics,
the following mathematical equations have been used:

Exploitability = 20 ∗ AC ∗ Au ∗ AV
Impact = 10.41 ∗ (1 − (1 − C) ∗ (1 − I) ∗ (1 − A))

where
f (Impact) = 0 if Impact = 0
f (Impact) = 1.176 otherwise.
The possible values of the six base metrics are shown in Table V and they are chosen
considering the characteristics of each specific security issue. Table IV resumes the
results obtained by applying the CVSSv2 metrics to the security open issues
identified in the proposed IoT system. In particular, to compute the BS, we have used
CVSSv2 calculator, freely provided by National Institute of Standards and Technology
[52]. Once computed the BS, the security issues have been sorted according to the
availability of the solutions to better understand in which direction the research
must be oriented. By looking that graphically resume the conducted analysis, the
following meaningful considerations can be done.
1) Hardware insecurity and common application vulnerabilities have already many
mature solutions.
BASE METRICS WITH SUBSCORES strictly depends on device manufacturers or
software developers that should be forced to implement them.
2) Lack of lightweight anti-malware and DDoS attack issue have few research
solutions although they can have a medium-high severity index.
3) The remaining security issues have several on going solutions but still immature.
According to these considerations, the research activity in the near future, should
concentrate to solve critical issues with availability of ongoing solutions that are
progressively more feasible thanks to the technology advancements.
CONCLUSION

Along with the rapid development of the IoT industry, the importance of the security
in the IoT is gradually emerging. In fact, we have shown that IoT system model has
many security issues among which threats that can exploit some possible
weaknesses. For these reasons, it is necessary to appropriately enforce trust
management and security in the IoT world starting from the characterization of the
different threats related to each specific level of the general IoT system model.
According to this paper, the most vulnerable level of the IoT system model is the
perception layer due to the physical exposure of IoT devices, to their constrained
resources and to their technological heterogeneity. Thus, it is crucial, in the next
future, to start working on the critical issues of this level implementing lightweight
security solutions that can adapt to the heterogeneous environments with resource-
constrained devices.