Various Supportive Descriptions
The IoT or Internet of Things refers to the inter-networking that takes place within the various connected devices or smart devices. This enables the various objects like vehicles, buildings, software and others to gather and transform data (Hossain et al., 2015).
However the poor development and sluggish growth owing to the security of IoT has been in doubts. The report is prepared keeping the major aspect of security of IoT in mind.
The report has undergone through the issue with brief descriptions about the challenges, problems, relevant technologies and others. It has also summarized the problems and identified the important problems that are not addressed, or not addressed adequately. The effect of the mentioned issues and their application are also analyzed. Lastly the lessons learnt due these discussions are demonstrated.
While the progress of IoT would not be stopping at any time, the biggest issues with the business and consumers are discussed below:
More devices, more problems:
The most basic weakness of security of IoT has been that it raises the amount of devices beyond the firewall of the network. Since there are so many devices, hence they are prone to be hacked. This indicates that the hackers could accomplish more.
More and more updates:
Since the IoT has been turning to reality, people need to worry regarding the protection of more devices. Another challenge is that the companies never upgrade their devices sufficiently. This indicates that the IoT device that was secured at first could turn unsafe since the hackers identify new vulnerabilities (Jing et al., 2014).
Protecting data from corporations:
The corporations creating and distributing the interconnected devices might also utilize the devices for retrieving personal data. This has been especially dangerous while using the money transfers.
Lazy consumers:
The computers possess partial auto up-gradations since maximum users are very lazy in performing the primary steps required to keep the machine safe (Abomhara & Køien, 2014). As the protection of the myriad devices of IoT is considered, this becomes much more difficult than any single machine. And the challenge gets worse.
The latest IoT devices are required to make the life smoother. Unfortunately the insufficient security has been turning the things annoying. At the end of the previous year, some parts of the Internet have stayed inaccessible because of the DDoS or “Denial of Service” attacks (Mahmoud et al., 2014). This took place against the Dyn DNS servers. The security issues have been impacting the popular companies also. Thus the security problems have not been restricted to the password problems only. Both the producers and consumers of the devices have been sharing the liability in thwarting the hacks of IoT (Li & Da Xu, 2017).
1. The challenges
Some of the hottest relevant technologies regarding security issues at IoT are described below:
| Technologies | Applications | 
| IoT network security | This has been securing of the network connecting the IoT devices to the back-ends over the Internet. | 
| IoT authentication | This has been delivering the user’s ability for authenticating the IoT device. This has been including the controlling of various users of any single device. | 
| IoT encryption | The encrypting of data at rest and in the transit between the IoT edge devices and the systems of back-end is done here. This helps in maintaining the data integrity and prevention of data traced by the hackers (Sicari et al., 2015). | 
| IoT PKI | This has been delivering the complex X.509 digital certificate and the cryptographic key. This has been including the life-cycle capabilities including the distribution, revocation and management of public or private key generation. | 
| IoT security analytics | This has been aggregating, collecting, normalizing and monitoring data from the IoT devices. Moreover it has been delivering actionable alerting and reporting over particular activities. | 
| IoT API security | This has been delivering the capability for authenticating and authorizing the data movement between the IoT devices, the back-end devices and the applications utilizing the documented APIs based on REST (Zhao & Ge, 2013). | 
Particularly, people have been slightly vague regarding the type of data created by the IoT devices and the data processing within it. In various system architectures the processing of data has been done in the huge centralized manner certain cases like cloud computers (Farooq et al., 2015). These cloud centric architectures keeps the cloud in the core. The applications are kept above and the network of the smart things beneath that.
Keeping the diverse set of the socio-economic problems in mind, the following questions are developed as the guidance regarding the security concern at IoT:
- How could people assure that the IoT devices could adapt the behavior of communication on the basis of present context of communication and security threats?
- How could people exploit the abstractions and the relationships at real world for better modeling the trust relationships and the privacy policies between the IoT devices?
- How could the IoT be designed such its nature restricts the people from getting exploited?
- How could be the useful IoT systems gets emerged from the building blocks as deployed people and not the enterprises and companies?
The posts has helped in learning that as the IOT is not going to take off truly ever the public perception is the first problem to be addressed by the manufacturers. Obviously with the high level of worry, the consumers could hesitate in purchasing the connected devices (Roman, Zhou & Lopez, 2013). There have been also vulnerabilities to hacking. The researchers have been able to hack through the on-the-market real devices with sufficient time and energy.
Moreover only a mere percentage of enterprises have felt confident that they might secure the device against the devices. Further the enterprises also require creating security into the software applications and the network connections linking to the devices.
The summary presented is accurate since the issues of security have not been about the launching of the DoD attacks. They could be utilized for generating the spam through emailing the content to the other devices. The contents gathered by the devices could be sent unknowingly to the parties also.
There have been two issues found that have not been discussed sufficiently:
The rush to produce:
Mass production of the IoT devices has been happening regularly for responding to the demand customer. However the rush in deploying the products has been often leading to the considerations of lack security. The failure in including the security in main design has been a considerable risk. The products must feature the security and the design instead of the retrofitted solutions (Granjal, Monteiro & Silva, 2015). Moreover various IoT devices have not possessed the storage or power required to host the endpoint security software. There have been various products IoT that devoid of the capability to have the firmware upgraded with security issues. This could lead to the issues like the DDos, malware vulnerabilities or the man-in-middle attacks.
2. The problems
Lack of standards for sharing and protecting data:
There have been various efforts of IoT standardization happening. On the other hand there has been no standard body of the regulations of IoT for the manufacturers for adhering to (Zhang et al., 2014). Each business should decide on their own what security measures would be employed. This must be without the baseline for bare minimum.
| Problems | Discussions | Applications | 
| Physical Attacks 
 | The physical attacks have been targeting the IoT system’s hardware and including the breaches at sensor layer. They just typically need the physical proximity to that system. However they could also include the actions limiting the efficacy of the IoT hardware (Ahlmeyer & Chircu, 2016). The attackers could also temper with the nodes for gaining the control over the sensor devices or nodes in the IoT environment. They have been further using the control for extracting the code, data and materials. By the injection of malicious code, the attackers could also deploy physically the malicious nodes between the legitimate nodes at the IoT network. The malicious nodes also known as the MitM or man-in-the-middle attacks could control the operations and the data flowing between the linked codes. | The IoT has been broadening the range of physical security. This happens as the smart devices are connected to the business systems by the internet (Al-Fuqaha et al., 2015). The internet might be located outside the established protected perimeters. The isolating of these smart devices could not be gained in the same way like the physical borders of the organization. Hence the device location plays an important role to keep the equipment safe and secure and totally functional in the external world. | 
| Network attacks 
 
 | The network attacks could target the network layer of the IoT system and could be conducted distantly. The DDos attacks have been the most popular network of the IoT security risks. They have been involving typically the server from replying to the legitimate requests (Sadeghi, Wachsmann & Waidner, 2015). By utilizing the sniffing applications, the attackers could do the traffic analysis for inferring information on the basis of communication patterns between the devices in the network of IoT. | One of the major problems of the network attacks is the eavesdropping. Often most of the network communications have been happening in the clear text or unsecured format. This has been allowing the attackers who have got access to the data paths in the network for listening or interpret the traffic (Lake et al., 2014). Strong encryption of the services has been a good application that has been based on cryptography. Then the data could not be read by the others as it transmits through the network. | 
The devices designed with the idea of IoT might be convenient. However there have been some security risks involved here. Currently, there is a development in the devices to be hacked and incorporated to the botnets for ordering to carry out the malicious attacks. The devices have been often storing the sensitive data that could be stolen by hackers. These data combined with the weak infrastructure has been making the device highly tempting for the hackers.
The security recognized in various IoT connected gadgets has not been high. Since the devices have been generally small and lacking physical security or locked to the factory default passwords. The development of the IoT botnets is rampant. The manufacturers have been also neglecting the updates regarding the devices. The current mass production of the IoT devices has left them neglected by the manufacturers that could lead to various households in compromise. The hackers could probe into the current devices of today and attack in the nearest future without any kind of restrictions. As the customers have been expected to use the devices in the coming years, the manufacturers must continue to enhance and support that software also. The Department of Defense of various nations also proposes that the IoT enterprises must come up with the roadmap to support and make that clear to users. The choice for either manual or automatic updates must be provided to every client.
Conclusion:
It could be concluded by saying that the IoT has been nearer to being imposed. This is what the people have been thinking normally. The most of the required technological developments needed to it are made already. Few of the agencies and manufacturers have started imposing the small scale version of that. It has been clear that the IoT has been presenting new issues to the security and network architects. The smarter security systems include the controlled threat detection, anomaly detection, and predictive analysis for evolving. The primary cause why it has not been really imposed has been the effect it would pose in the social, security, logical and ethical field. The employees could abuse it potentially, the hackers might access it, the corporations could not desire to share their information publicly and individuals might not love the entire absence of the privacy. For such causes, the IoT could get pushed back for longer time than it actually needed to be.
3. The relevant technologies and their applications
References:
Abomhara, M., & Køien, G. M. (2014, May). Security and privacy in the Internet of Things: Current status and open issues. In Privacy and Security in Mobile Systems (PRISMS), 2014 International Conference on (pp. 1-8). IEEE.
Ahlmeyer, M., & Chircu, A. M. (2016). SECURING THE INTERNET OF THINGS: A REVIEW. Issues in Information Systems, 17(4).
Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M., & Ayyash, M. (2015). Internet of things: A survey on enabling technologies, protocols, and applications. IEEE Communications Surveys & Tutorials, 17(4), 2347-2376.
Farooq, M. U., Waseem, M., Khairi, A., & Mazhar, S. (2015). A critical analysis on the security concerns of internet of things (IoT). International Journal of Computer Applications, 111(7).
Granjal, J., Monteiro, E., & Silva, J. S. (2015). Security for the internet of things: a survey of existing protocols and open research issues. IEEE Communications Surveys & Tutorials, 17(3), 1294-1312.
Hossain, M. M., Fotouhi, M., & Hasan, R. (2015, June). Towards an analysis of security issues, challenges, and open problems in the internet of things. In Services (SERVICES), 2015 IEEE World Congress on (pp. 21-28). IEEE.
Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., & Qiu, D. (2014). Security of the internet of things: Perspectives and challenges. Wireless Networks, 20(8), 2481-2501.
Kumar, S. A., Vealey, T., & Srivastava, H. (2016, January). Security in internet of things: Challenges, solutions and future directions. In System Sciences (HICSS), 2016 49th Hawaii International Conference on (pp. 5772-5781). IEEE.
Lake, D., Milito, R. M. R., Morrow, M., & Vargheese, R. (2014). Internet of things: Architectural framework for ehealth security. Journal of ICT Standardization, 1(3), 301-328.
Li, S., & Da Xu, L. (2017). Securing the Internet of Things. Syngress.
Mahmoud, R., Yousuf, T., Aloul, F., & Zualkernan, I. (2015, December). Internet of things (iot) security: Current status, challenges and prospective measures. In Internet Technology and Secured Transactions (ICITST), 2015 10th International Conference for (pp. 336-341). IEEE.
Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266-2279.
Sadeghi, A. R., Wachsmann, C., & Waidner, M. (2015, June). Security and privacy challenges in industrial internet of things. In Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE (pp. 1-6). IEEE.
Sicari, S., Rizzardi, A., Grieco, L. A., & Coen-Porisini, A. (2015). Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 76, 146-164.
Zhang, Z. K., Cho, M. C. Y., Wang, C. W., Hsu, C. W., Chen, C. K., & Shieh, S. (2014, November). IoT security: ongoing challenges and research opportunities. In Service-Oriented Computing and Applications (SOCA), 2014 IEEE 7th International Conference on (pp. 230-234). IEEE.
Zhao, K., & Ge, L. (2013, December). A survey on the internet of things security. In Computational Intelligence and Security (CIS), 2013 9th International Conference on (pp. 663-667). IEEE.
 
                                            