Wednesday, May 6, 2020

The Security and Privacy Issues in IOT Free-Samples for Students

Question: Discuss about the Security and Privacy Issues in Internet of Things. Answer: Introduction IoT stands for Internet of Things and it is a concept that includes a large association of numerous gadgets, devices and appliances to carry out a particular task or operation. For instance, home automation is an IoT application that involves home appliances, mobile devices, sensors and many such components along with the involvement of the human as a user of the application (Bhabad, 2015). There are several benefits that are offered to the users with the spread of IoT application. However, there are also some of the risks and issues that have been observed and are required to be controlled in terms of the security architecture that is associated with the same. Research Questions What are the various security issues and risks that are related with Internet of Things (IoT) applications and how can they impact the properties of information? What are the primary consequences that the victims have to experience in case of an attack? What are the possible measures that can be adapted to prevent and control the security risks and issues? How important is the physical security in case of IoT applications? Security and Privacy Issues Eavesdropping There are numerous devices and appliances that are involved in the IoT applications and because of the presence of these entities, there are several access points that are also present. The attackers may take advantage of these access points and may eavesdrop in to the application or one of its components (Wood, 2016). Unauthorized Tracking There is a lot of exchange of data and information that keeps taking place in association with the IoT application. Attackers succeed in tracking the exchange in an unauthorized manner and keep hold of the patterns that are involved during the exchange. There is a lot of confidential information that gets exposed to the malevolent entities through such a practice. Data Mining Attacks Data mining is one of the business intelligence technologies that is being applied and used at a large scale and IoT applications are one of the prime applicants of the same. There are several attacks that take place in association with the mining operations that impact the security and confidentiality of the information (Amato, 2016). Reconstruction Attacks Information that gets exchanged through the IoT application is often broken down in to pieces by the attackers which are then given a new shape or a new form by reconstructing the same in a different manner. Integrity Attacks Message Alteration The services and activities that are carried out in IoT applications involve the exchange of several data packets and messages as well. These messages are altered by the attackers that lead to the damage on the integrity of the information. The alteration is done either to the contents of the messages or in the structure itself. Any form of such alteration leads to extremely adverse impacts (Microsoft, 2016). Media Alteration The services and activities that are carried out in IoT applications involve the exchange of several data packets and media components as well. The media components are altered by the attackers that lead to the damage on the integrity of the information. The alteration is done either to the contents of the media or in the structure itself. Any form of such alteration leads to extremely adverse impacts (Aws, 2016). Availability Attacks Flooding Attacks There are a number of flooding attacks that are carried out on the IoT application to impact the availability of the application. Some of these flooding attacks include the denial and distributed denial of service attacks that are often carried out by introducing unnecessary and unwanted traffic on the application (Nichols, 2016). Server Impersonating Each of the appliance or a gadget is inter-connected in case of IoT application which leads to the presence of a number of servers. Impersonation of the servers is carried out by the attackers which cause a lot of damage. QoS Abuse Quality of Service is required and expected by all the customers and the QoS abuse that is carried out impacts the quality of the application. Downgrading of the quality is done which results in a lot of damage (Panetta, 2016). Impact and Consequences of the Issues The impact that may result from the security risks and issues that have been listed above can be different from different types of information that is impacted. IoT applications are used by many users that may be home users, business users and likewise. The primary system quality that is desired by all the user types is the continuous availability of the information. If the availability is impacted in any manner, then there is a loss of customer trust and decrease in customer base as well. There may be occurrences in which the confidential, critical or sensitive information of the user may be impacted in the attack which may result in some sort of legal obligation as well (Mahmoud, 2015). With the increase in the frequency of the issues and attacks that have been listed above, there may also be an impact on the market goodwill and value of an organization. The number of competitors in the market is huge and the competitors of an organization may take advantage of the situation by obtaining an idea of the security risk and providing the customers with enhanced security in their application. It will have a negative impact on the revenues and profits associated with the organization and will also bring down the morale of the employees engaged with the same. The impact on the productivity of the employees will also be considerable as they will not be able to focus upon their duties due to repetitive nature of the risks and attacks. Also, requirement to provide re-work on a regular interval will also impact their efficiency (Ko Dorantes, 2016). Countermeasures It is necessary for the users and the organizations to have countermeasures ready to make sure that the security risks and attacks may be prevented and avoided. Some of the these countermeasures have been listed below. Availability attacks such as those associated with flooding can be avoided and prevented with the aid of anti-denial tools and applications that shall be built in to the IoT application to avoid DoS and DDoS attacks. Authentication is usually the first step towards the security of an application which shall be enhanced by incorporating multi-step authentication along with the use of one time passwords (Lu, 2014). Most of the attacks on IoT applications make use of the networks on which the application is accessed. It is therefore essential to upgrade the network security so that the associated risks can be avoided. Administrative and technical controls shall be applied on the networks that are used to have a complete view of the activities that take place on a particular network. The damage can be controlled by encrypting all of the information that is exchanged through the IoT applications as the attackers will not be able to access the information even if they succeed in capturing it Intrusion detection and intrusion prevention systems shall be installed on all the networks to put a check on the security. IoT applications are made up of numerous devices and it shall be made sure that a constant upgrading of the devices and the systems installed in them shall be done. Legal architecture around the protection of the IoT application and the information shall be implemented so that a control of the same can be achieved. Proxy servers, anti-malware systems along with firewalls shall also be installed. These are some of the basic forms of security that will make sure that the security risks and attacks that are aimed by the attackers are controlled and stopped at the first step itself. Role of Physical Security It is often seen that physical security is discarded in case of IoT applications. However, the case should be different over here as physical security still holds a great value in spite of the development of automated applications and services to put a check on security. For instance, in case of office automation software, there shall be physical security set up on the access points of the office to make sure that any of the unauthorized entity does not get access to the same. There shall also be physical security in the form of access and identity management that shall be carried out on all of the exit and entry points that are involved (Jing, 2014). Conclusion IoT stands for Internet of Things and it is a concept that includes a large association of numerous gadgets, devices and appliances to carry out a particular task or operation. There are several benefits that are offered to the users with the spread of IoT application. However, there are also some of the risks and issues that have been observed and are required to be controlled in terms of the security architecture that is associated with the same. These security risks and attacks can be grouped in to three categories as confidentiality attacks, integrity attack and availability attack. The impact that may result from the security risks and issues that have been listed above can be different from different types of information that is impacted. There may be occurrences in which the confidential, critical or sensitive information of the user may be impacted in the attack which may result in some sort of legal obligation as well. It will have a negative impact on the revenues and profi ts associated with the organization and will also bring down the morale of the employees engaged with the same. It is necessary for the users and the organizations to have countermeasures ready to make sure that the security risks and attacks may be prevented and avoided. It is often seen that physical security is discarded in case of IoT applications. However, the case should be different over here as physical security still holds a great value in spite of the development of automated applications and services to put a check on security. References Amato, N. (2016). The hidden costs of a data breach. Journal of Accountancy. Retrieved 3 May 2017, from https://www.journalofaccountancy.com/news/2016/jul/hidden-costs-of-data-breach-201614870.html Aws,. (2016). Overview of Security Processes. Retrieved 3 May 2017, from https://d0.awsstatic.com/whitepapers/aws-security-whitepaper.pdf Bhabad, M. (2015). Internet of Things: Architecture, Security Issues and Countermeasures. Retrieved 3 May 2017, from https://www.ijcaonline.org/research/volume125/number14/bhabad-2015-ijca-906251.pdf Jing, Q. (2014). Security of the Internet of Things: perspectives and challenges. Retrieved 3 May 2017, from https://csi.dgist.ac.kr/uploads/Seminar/1407_IoT_SSH.pdf Ko, M. Dorantes, C. (2016). The impact of information security breaches on financial performance of the breached firms: An empirical investigation. Retrieved 3 May 2017, from https://jitm.ubalt.edu/XVII-2/article2.pdf Lu, C. (2014). Overview of Security and Privacy Issues in the Internet of Things. Retrieved 3 May 2017, from https://www.cse.wustl.edu/~jain/cse574-14/ftp/security.pdf Mahmoud, R. (2015). Internet of things (IoT) security: Current status, challenges and prospective measures - IEEE Xplore Document. Ieeexplore.ieee.org. Retrieved 3 May 2017, from https://ieeexplore.ieee.org/document/7412116/ Microsoft,. (2016). Microsoft Core Infrastructure Optimization: IT Security Processes - Best Practices for Business IT. Microsoft.com. Retrieved 3 May 2017, from https://www.microsoft.com/india/infrastructure/capabilities/itprocesses.mspx Nichols, A. (2016). A Perspective on Threats in the Risk Analysis Process. Sans.org. Retrieved 3 May 2017, from https://www.sans.org/reading-room/whitepapers/auditing/perspective-threats-risk-analysis-process-63 Panetta, K. (2016). Gartner's Top 10 Security Predictions 2016 - Smarter With Gartner. Smarter With Gartner. Retrieved 3 May 2017, from https://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/ Wood, P. (2016). Social hacking: The easy way to breach network security. ComputerWeekly. Retrieved 3 May 2017, from https://www.computerweekly.com/tip/Social-hacking-The-easy-way-to-breach-network-security

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.