Cyber Security and the IoT: Vulnerabilities, Threats, Intruders and Attacks

Abstract

Internet of Things (IoT) devices are rapidly becoming ubiquitous while IoT services are becoming pervasive. Their success has not gone unnoticed and the number of threats and attacks against IoT devices and services are on the increase as well.

Cyber-attacks are not new to IoT, but as IoT will be deeply interwoven in our lives and societies, it is becoming necessary to step up and take cyber defense seriously. Hence, there is a real need to secure IoT, which has consequently resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure.

This paper is an attempt to classify threat types, besides analyze and characterize intruders and attacks facing IoT devices and services.

Introduction

The recent rapid development of the Internet of Things (IoT) and its ability to offer different types of services have made it the fastest growing technology, with huge impact on social life and business environments.

IoT has gradually permeated all aspects of modern human life, such as education, healthcare, and business, involving the storage of sensitive information about individuals and companies, financial data transactions, product development and marketing.

The vast diffusion of connected devices in the IoT has created enormous demand for robust security in response to the growing demand of millions or
perhaps billions of connected devices and services worldwide.

The number of threats is rising daily, and attacks have been on the increase in both number and complexity. Not only is the number of potential attackers
along with the size of networks growing, but the tools available to potential attackers are also becoming more sophisticated, efficient and effective .

Therefore, for IoT to achieve fullest potential, it needs protection against threats and vulnerabilities. Security has been defined as a process to protect an object against physical damage, unauthorized access, theft, or loss, by maintaining high confidentiality and integrity of information about the object and making information about that object available whenever needed.

According to Kizzathere is no thing as the secure state of any object, tangible or not, because no such object can ever be in a perfectly secure state and still be useful.

An object is secure if the process can maintain its maximum intrinsic value under different conditions. Security requirements in the IoT environment are not different from any other ICT systems.

Therefore, ensuring IoT security requires maintaining the highest intrinsic value of both tangible objects (devices) and intangible ones (services, information and data).

This paper seeks to contribute to a better understanding of threats and their attributes (motivation and capabilities) originating from various intruders like
organizations and intelligence.

The process of identifying threats to systems and system vulnerabilities is necessary for specifying a robust, complete set of security requirements and also helps determine if the security solution is secure against malicious attacks.

As well as users, governments and IoT developers must ultimately understand the threats and have answers to the following questions:

1. What are the assets?
2. Who are the principal entities?
3. What are the threats?
4. Who are the threat actors?
5. What capability and resource levels do threat actors have?
6. Which threats can affect what assets?
7. Is the current design protected against threats?
8. What security mechanisms could be used against threats?

The remainder of this paper is organized as follows. Section 2 provides a background, definitions, and the primary security and privacy goals. Section 3 identifies some attacker motivations and capabilities, and provides an outline of various sorts of threat actors. Finally, the paper concludes with Section 4.

 
GET DOCUMENT