Background

Internet of Things (IoT) outlines the next evolution of the internet technology, it’s through it that the world will be comprehensively connected to offer a greater availability of information. This objective can only be met through the growth of the internet itself an outcome that is already been seen today (Gartner, 2015). TO attest to this fact, Cisco (2015) estimates that more than 50 billion devices will be connected to the internet by 2020, an estimation that includes all major functionalities including the well-established automobile industry. This outcome will facilitate more connections which are the building block for the IoT. However, with extended connections, the security liabilities that target the attributes or vulnerabilities of endless networks are born. Furthermore, the pervasive nature of the internet predisposes it to malicious intentions perpetrated by individuals who work in secret (Fink, Zarzhitsky, Carroll & Farquhar, 2015).

Therefore, while the technology offers many benefits and conveniences, the security concerns must be addressed before embarking to its complete deployment. This objective can be met by scrutinising the security challenges that face IoT and most importantly the factors that are attributed to these issues (Ziegeldorf, Morchon & Wehrle, 2014). For one, the concepts of data collection and retention will have to be considered as information is the biggest asset associated with the technology. In light of these considerations, this report analyses the security issues facing IoT and provides suitable recommendations for combating them.

As a technology, IoT defines the interconnection of devices and objects so as to communicate and share information in order to achieve common goals over a wide range of applications. To start with, IoT can be implemented across different fields to form the foundational elements of connectivity that later is assembled to accomplish the wider integration. Furthermore, smart devices are an important aspect of IoT as they will facilitate an autonomous system that has minimal human interruptions based on the recognition and operation of the different devices. In all, IoT devices will use identity management methods to identify and locate participants regardless of whether they use similar or heterogeneous devices. Therefore, the concepts of IP addressing and are important, an outline that indicates the importance of modern internet connections (Yousuf, Mahmoud, Aloul & Zualkernan, 2015).

In terms of application, there are many domains where the technology can be applied ranging from personal to entrepreneurial platforms that require complete as well as extensive connections.  From the transportation industry to social building endeavours IoT offers a wider scope of information that improves the results obtained. This outlook has facilitated the current IoT elements been experienced for instance, through the concepts of RFID (radio frequency identification) where devices are tagged to provide better identification outcomes (FTC Staff report, 2015). Moreover, the advanced system mobility also facilitates the technology where through technologies such as wireless sensor networks (WSN) physical objects can be identified to communicate in both the physical and digital world.

Security can have varying definitions based on the assets being protected and the context of evaluation. However, when it comes to technology and concepts associated with information technology, three factors are always in consideration; confidentiality, integrity and availability. IoT offers a better communication medium that not only diversifies the data being used but also increases its availability by facilitating wider avenues for information access. Therefore, all components that are affiliated with the technology be it the devices or the network used will be considered in the security analysis and the result obtained (Sayana & Joshi, 2016). Furthermore, consider the affiliated systems of the technology where limitation in the devices and components will affect the overall security. In addition to this, the computational resources will also serve as an extra concern as they define the foundational element of IoT. Finally, the nature of the technology itself will serve as another factor that exposes it to many security challenges, for one it’s ubiquitous and houses many heterogeneous systems that make it difficult to control or regulate.

Security challenges posed by IoT

In general, IoT faces three key security challenges; access vulnerabilities, maintaining data integrity and data collection/protection.

Objects/devices

IoT depends on the connection formed between different devices and objects. Furthermore, to meet its overall objective, billions of devices will have to be connected which raises the first point of concern. Each one of these devices together with their affiliated systems such sensors presents a potential security threat. Today, home and business networks have difficulty in maintaining control over the devices connected where some lack the necessary security protection while other have flaws based on their development technologies. Therefore, when the scope of connection is increased, a bigger threat is observed as faults in some of the objects connected will present considerable vulnerabilities (Abomhara & Koien, 2014).

Furthermore, consider the threats posed by smart devices the cornerstones of IoT, most of these devices are mobile where remote connections are used to deploy them. Therefore, even before analysing their technical flaws their lack of attachments exposes them to physical vulnerabilities such as tampering and stealing (Banafa, 2017). In addition to this, their remote connection makes them vulnerable to attacks as any other devices can connect to them if they lack the necessary security measures. Now, rarely do people protect their handheld devices with good security measures which serve as an entry point for intruders and other threats (Sayana & Joshi, 2016).

Wireless threats

A serious challenge that IoT will have to contend with as a result of the accessibility liabilities associated with wireless networks. Unlike wired connections, they first lack the physical defence where radio signals can be easily intercepted and accessed. Therefore, during operation IoT devices will continuously propagate their networks and access points to all participating systems in the nearby regions. To meet, the security needs of these networks, the industry has developed additional encryption and authentication protocols such as WPA2 and AES (). However, these too might fail to meet the objectives based on the computational power of future devices which necessitates the need for stronger and practical solutions (Mitchell, 2016).

Furthermore, consider the overall negligence of the users who will secure some devices but fail to do so in others. It’s common to apply all the authentication and encryption procedures on the regularly used devices i.e. smartphone, tablets and PC among others. However, with the inception of smart systems, other devices such as televisions and refrigeration facilities will also serve as a security vulnerability. An intruder will be able to execute an attack by accessing a vulnerable wireless connection in one of these devices and execute an attack on all connected devices. Therefore, the nature of the connection and devices predisposes IoT to attacks (Polk & Turner, 2011).

Malware threats and attacks

Manufactures flaws and user negligence exposes smart and IoT devices to malware attacks. In terms of manufacturers flaws, developing companies in a hurry to meet the demands of the customers will develop new gadgets and technologies that are filled with many operational flaws. These flaws create access points for intruders who can either disrupt service or steal valuable data. On the other hand, users may facilitate the same outcome based on their use of the said devices. For instance, browsing, downloading and accessing corrupted files exposes the devices to attacks from malicious individuals. Therefore, when IoT completely implemented, cascaded impact or effects is experienced when a wide range of vulnerabilities and malicious content is exposed to many devices. Now, attackers can even use the extended connections to carry out attacks such as the man-in-the-middle or even the denial of service, attacks that thrive in extended connections (Lu, 2014).

Protection mechanisms

IoT will also face serious challenges in dealing with the large volume of information that will be made available by the extensive device connections. Take an account of the current systems where experts estimate that around 10,000 household devices can produce more than 150 million data points every day (Silva, 2016). These numbers mean that a single data point is produced every six seconds and by estimating the number of devices in a given region, 10,000 devices will span a small geographical area which outlines the serious security issue of maintaining the accuracy as well as ownership of data. Furthermore, on account of the different vulnerabilities that can expose this data (discussed above) the integrity of the data produced by IoT systems will have very many issues. Therefore, trust issues will emanate from both the integration of hardware and software components that interlink the virtual to the real world (Samani, 2014).

A close affiliate of the previous two, data collected through IoT systems will facilitate better decisions which will enhance the overall productivity. However, with mass collection and distribution of data, the concerns of privacy and intellectual property arises which may compromise the goal of the technology. Today, normal users have high demands on security procedures that safeguard their data which to a minimal effect has lowered the use of cloud resources. Therefore, the challenge of protecting the data collected from IoT devices and system will continue to affect the implementation of the technology (Samani, 2014).

In general, there seems to be an agreement on the need to have secure systems for IoT implementation. This outlook should start with the proponents of IoT i.e. the developers of the smart devices. However, for this happen, an assessment of the security requirements must be done, in that we must ask the question of what constitute a good or reasonable security system for IoT? In answering this question, the challenges highlighted above will emanate where factors such as data sensitivity, data collection and device vulnerabilities will be evaluated (FTC report, 2013). Nevertheless, regardless of the procedures produced, the best practices must be adopted to meet the needs for a secure IoT.

Build security at the outset of device production – most manufacturers will develop devices prior to integrating the security requirements. This outlook is characterised by assessing the market using the final product. Instead, this recommendation would see the security considerations i.e. authentication and encryption enforced during production. Therefore, security protocols would form part of the original firmware or operating software and not a third party application. In the end, the produced devices would inherently have secure systems regardless of the extra measures considered by the users.

Now, to meet the needs of the market, regular assessments should be done on the security requirements of the industry, which the new protocols should be based. Furthermore, industrial standards should be developed to cater for the needs of IoT security which will lead to specialised fields for dealing with the security challenges highlighted above. Moreover, it will transform security from a defensive endeavour to an offensive venture where detection and control are emphasised (Cintas, 2017).

Conclusions and future trends

Regular update and security patches – Regardless of the security measures put in place, the advancement in technology will produce new security vulnerabilities that will target user’s information and assets. Therefore, regular system updates must be delivered to customers to meet the immediate demands of security. Moreover, the updates should be delivered in a way that conserves bandwidth and system operations to avoid failures that are as a result of compromised functional systems.

Data encryption and access control – open data transmission should be avoided and even outlawed as it exposes the users to many liabilities. There are encryption methods that exist that can adequately protect users’ data and should, therefore, be enforced by all the parties involved from device producers to service providers. Furthermore, reasonable access control methods must be used when operating in the IoT. For instance, no device should be allowed to join a network without verifiable identification to limit access to unauthorised users (Tanaka, Fujishima, Mimura, Ohashi & Tanaka, 2016).

Finally, create awareness among users on the security challenges faced by IoT. This control measure will boost individual’s security procedures which will translate to the overall technology.

Conclusion and future trends

IoT presents many benefits more so, those related to information availability where concepts of decision making are facilitated. However, it’s the same operational concepts of data availability that present the biggest challenge.  For one, the technology will be faced with too much information that will make regulation a big problem. On the other hand, the existing systems, hardware and software will have their associated vulnerabilities such as coding flaws that expose the implemented connections to intrusions. Moreover, the existing architecture i.e. mobility through wireless connections already poses various vulnerabilities including the basic lack of physical protection. Therefore, the development of the extensive connections will create a never ending environment for hackers and other malicious individuals to attack.

Now, the solutions lies in assessing these challenges and developing reasonable security solutions/measure. As a start, security measures that encrypt data should be enforced across all the systems used regardless of the functionality, this solution will help maintain data integrity. Secondly, authentication procedures must be enforced to verify the identity of the participants and conserve the integrity of the overall system. Nevertheless, in the future IoT will create a convergence point for all aspects of life, for instance, business and social life where as seen today social media sites have enhanced business models. Moreover, IoT and other technologies will integrate to enhance the technology itself e.g. blockchain a technology that links and tracks devices will help boost IoT security. This integration will facilitate better security measures for instance as outlined by blockchain whose cryptographic algorithms are beyond those seen today. However, at the same time, the security issues facing the technology will have evolved and will also require evolved prevention measures. Thus, the evolution of the technology should go in hand with the security measures used.

References:

Abomhara. M & Koien. G. (2014). Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks. Retrieved 23 May, 2017, from: https://riverpublishers.com/journal/journal_articles/RP_Journal_2245-1439_414.pdf

Banafa. A. (2017). Internet of Things (IoT): Security, Privacy and Safety. Datafloq. Retrieved 16 May, 2017, from: https://datafloq.com/read/internet-of-things-iot-security-privacy-safety/948

Cintas. (2017). IoT security: huge problems and potential solutions. Security. Retrieved 23 May, 2017, from: https://www.cintas.com/ready/healthy-safety/iot-security-huge-problems-and-potential-solutions/

Fink. G, Zarzhitsky. D, Carroll. T & Farquhar. E. (2015). Security and privacy grand challenges for the internet of things. National security directorate. Retrieved 16 May, 2017, from: https://www.cybersecurity.pnnl.gov/documents/security_and_privacy.pdf

FTC Staff Report. (2015). Internet of things: Privacy and security in a connected world. Retrieved 16 May, 2017, from: https://www.ftc.gov/system/files/documents/reports/federal-trade-commission-staff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

Lu. C. (2014). Overview of Security and Privacy Issues in the Internet of Things. Security and Privacy Issues in the Internet of Things. Retrieved 16 May, 2017, from: www.cse.wustl.edu/~jain/cse574-14/ftp/security.pdf

Mitchell. B. (2016). How Secure Is a Wireless Computer Network? Lifewire. Retrieved 23 May, 2017, from: https://www.lifewire.com/securing-a-wireless-computer-network-816537

Polk. T & Turner. S. (2011). Security Challenges For the Internet Of Things. IETF Security Area Directors. Retrieved 23 May, 2017, from: https://www.iab.org/wp-content/IAB-uploads/2011/03/Turner.pdf

Sayani. L & Joshi. B. (2016). Security issues in the internet of things. Global Challenges – Role of Sciences & Technology in Imparting their Solutions. Retrieved 23 May, 2017, from: https://www.researchgate.net/publication/304056800_SECURITY_ISSUES_IN_INTERNET_OF_THINGS

Samani. R. (2014). 3 key security challenges for the Internet of Things. MacAfee. Retrieved 23 May, 2017, from: https://securingtomorrow.mcafee.com/business/3-key-security-challenges-internet-things/017

Silva. S. (2016). Most internet of things devices have privacy issues: study. Global News. Retrieved 16 May, 2017, from: https://globalnews.ca/news/2957825/most-internet-of-things-devices-have-privacy-issues-study/

Tanaka. S, Fujishima. K, Mimura. N, Ohashi. T & Tanaka. M. (2016). IoT Security: IoT System Security Issues and Solution Approaches. Hitachi Review, 65(8). Retrieved 23 May, 2017, from: https://www.hitachi.com/rev/archive/2016/r2016_08/pdf/r2016_08_111.pdf

Yousuf. T, Mahmoud. R, Aloul. F & Zualkernan. I. (2015). Internet of Things (IoT) Security: Current Status, Challenges and Countermeasures. International Journal for Information Security Research (IJISR), 5(4). Retrieved 23 May, 2017, from: https://www.aloul.net/Papers/faloul_ijisr15.pdf

Ziegeldorf. J, Morchon.O & Wehrle. K. (2014). Privacy in the Internet of Things: Threats and Challenges. Security and Communication Networks. Retrieved 16 May, 2017, from: https://onlinelibrary.wiley.com/doi/10.1002/sec.795/abstract