Internet-of-Things (IoT) security

Reading time: 5 minute

Why IoT?

IoT has become, in recent years, a common denominator in approaches to substantiating, developing and implementing a wide range of applications based on IP technologies in smart environments, both residential (Smart Home) and metropolitan (Smart City). .

However, the implementation of these applications also requires knowledge of the issues that arise in the context of IoT, including security, issues that derive, directly or indirectly, from the characteristics of IoT support systems and technologies. The most critical security issues for IoT environments are those that concern protection of the privacy of data generated by devices interconnected and transmitted over IP networks. Therefore, security solutions must address these issues as a matter of priority.

In the SoA-based IoT (Service-Based Architecture) framework, the service layer is established by extracting the functionality of data services in the network layer and in the application layer. Thus, the security challenges in the service layer can be attributed to network and network challenges application layers.

In the following, the security challenges in the perception layer, the network layer and the application layer.

Perception level

Because the primary purpose of the IoT perception layer is to collect data, the security challenges in this layer focus on compromising the collected data and destroying the perception devices, which are presented below.

1. Node capture attacks

In a node capture attack, the opponent can capture and control the node or device in IoT by physically replacing the entire node or manipulating the node or device hardware.

If a node is compromised, the information can be exposed to the attacker. The attacker can also copy important information associated with the captured node to a malicious node and then may falsify malicious node as authorized node to connect to the network or IoT system.

2. Malicious code injection attacks

In addition to the node capture attack, the attacker can control a node or device in IoT by injecting malicious code into the node's or device's memory. Injected malicious code can not only perform specific functions, but can also grant the attacker access to the IoT system and can gain full control over the IoT system.

3. Fake data injection attacks

With the captured node or device in IoT, the attacker can inject fake data instead of the normal data measured by the captured node or device and transmit the fake data to IoT applications. After receiving false data, IoT applications can return erroneous feedback commands or may provide incorrect services.

4. Resumption attacks (or prompt attacks)

In IoT, the attacker can use a malicious node or device to transmit legitimate identification information to the target host. The attack is usually launched in the authentication process to destroy the validity of the certification.

5. Cryptanalysis attacks and side channel attacks

A cryptanalysis attack can use the ciphertext obtained or the free text to deduce the encryption key used in the encryption algorithm. However, the effectiveness of the cryptanalysis attack is low. To improve efficiency, new attacks, namely side channel attacks, can be introduced by the opponent.

Network level

Given that the primary purpose of the IoT network layer is to transmit collected data, security challenges at this level focus on the impact of network resource availability.

Also, most IoT devices are connected to IoT networks through wireless communication links. Thus, most of the security challenges at this level are related to IoT wireless networks.

1. Denial-of-Service (DoS) attacks

DoS attacks can consume all available resources in the IoT by attacking network protocols or bombarding the IoT network with massive traffic, making IoT services unavailable.

2. Spoofing attacks

The purpose of counterfeiting attacks is for the attacker to have full access to the IoT system and to send malicious data into the system.

In IoT, examples of spoofing attacks include IP pickup, RFID spoofing, etc.. In the event of an IP forgery attack, the adversary may initialize and record the valid IP address of other authorized IoT devices and then access the IoT system to send malicious data with the valid IP address obtained, intentionally making the data appear valid.

3. Sinkhole attacks

A compromised device or node supports exceptional computing and communication capabilities, so that several neighboring devices or nodes will select the compromised device or node as the forwarding node in the process of routing data to attractive capabilities.

By doing so, the compromised device or node may increase the amount of data obtained before delivery to the IoT system.

4. Wormhole attacks

This type of attack can be launched by two devices or cooperative malware nodes in IoT, in which the two malware devices from different locations they can exchange routing information with private links to make a false transmission between them, these being located far from each other.

5. Man in the Middle

A malicious device, controlled by the attacker, can be located virtually between two IoT communication devices.

Carrying the identification information of the two normal devices, the malicious device may be a middle device for storing and transmitting all communicated data. The man in the middle of the attack may violate confidentiality, integrity and privacy.

Application level

The main purpose of the application layer is to support the services requested by users. Thus, the challenges in the application focus on software attacks. Below are several possible challenges in the IoT application layer.


In phishing attacks, the opponent can obtain the confidential data of the users, such as identification and passwords, by forgery of user credentials through infected emails and phishing sites.

Secure access to authorization, identification and authentication can mitigate phishing attacks. However, the most effective way is for users to always be vigilant while browsing online. This is becoming a problem because most IoT devices are machines that may lack such information.

2 Virus

A virus is another challenge for IoT applications. The attacker can infect IoT applications with malicious self-propagation attacks (worms, Trojans, etc.) and then obtains or manipulates confidential data.

Firewall, virus detection, and other defense mechanisms must be implemented to combat these attacks in IoT applications.

3. Malicious scriptures

Malicious scripts are scenarios that are added or modified to software in order to affect the functions of the IoT system.

Bibliography: - Master student: Ing. Ioana BADITOIU

 705 total hits, 2 hits today

Add a comment

Your email address will not be published.

The maximum upload file size: 2 MB. you can upload: image, audio, video, document, spreadsheet, Interactive, text, archive, queues, other. Links to YouTube, Facebook, Twitter and other services inserted in the comment text will be automatically embedded. Drop file here