IoT Security Based on Machine Learning discussion Hi ..I want an abstract , Introduction, and literature review of my capstone project ((IoT security based

IoT Security Based on Machine Learning discussion Hi ..I want an abstract , Introduction, and literature review of my capstone project ((IoT security based on machine learning)) 12-15 pages based on the papers I will upload it. the literature review should consist introduction on IoT and IoT security challenges and lastly how we can use a machine learning to develop The IoT security. APA style. Journal of Network and Computer Applications 88 (2017) 10–28
Contents lists available at ScienceDirect
Journal of Network and Computer Applications
journal homepage: www.elsevier.com/locate/jnca
Review
Internet of Things security: A survey
a,⁎
MARK
a,⁎
a
Fadele Ayotunde Alaba , Mazliza Othman , Ibrahim Abaker Targio Hashem , Faiz Alotaibi
a
b
b
Faculty of Computer Science and information Technology, University of Malaya, 50603 Kuala Lumpur, Malaysia
Faculty of Computer Science and information Technology, Universiti Putra Malaysia, 43400 Serdang, Selangor, Malaysia
A R T I C L E I N F O
A BS T RAC T
Keywords:
IoT
Security
Privacy
The Internet of things (IoT) has recently become an important research topic because it integrates various
sensors and objects to communicate directly with one another without human intervention. The requirements
for the large-scale deployment of the IoT are rapidly increasing with a major security concern. This study
focuses on the state-of-the-art IoT security threats and vulnerabilities by conducting an extensive survey of
existing works in the area of IoT security. The taxonomy of the current security threats in the contexts of
application, architecture, and communication is presented. This study also compares possible security threats in
the IoT. We discuss the IoT security scenario and provide an analysis of the possible attacks. Open research
issues and security implementation challenges in IoT security are described as well. This study aims to serve as a
useful manual of existing security threats and vulnerabilities of the IoT heterogeneous environment and
proposes possible solutions for improving the IoT security architecture.
1. Introduction
The Internet of things (IoT) provides an integration of various
sensors and objects that can communicate directly with one another
without human intervention. The “things” in the IoT include physical
devices, such as sensor devices, which monitor and gather all types of
data on machines and human social life (Yan et al., 2014). The arrival
of the IoT has led to the constant universal connection of people,
objects, sensors, and services. The main objective of the IoT is to
provide a network infrastructure with interoperable communication
protocols and software to allow the connection and incorporation of
physical/virtual sensors, personal computers (PCs), smart devices,
automobiles, and items, such as fridge, dishwasher, microwave oven,
food, and medicines, anytime and on any network (Aazam et al., 2016).
The development of smartphone technology allows countless objects to
be a part of the IoT through different smartphone sensors. However,
the requirements for the large-scale deployment of the IoT are rapidly
increasing, which then results in a major security concern (Gu et al.,
2012).
Security issues, such as privacy, authorization, verification, access
control, system configuration, information storage, and management,
are the main challenges in an IoT environment (Jing et al., 2014). For
instance, IoT applications, such as smartphone and embedded devices,
help provide a digital environment for global connectivity that simplifies lives by being sensitive, adaptive, and responsive to human
⁎
needs. However, security is not guaranteed. The privacy of users may
be compromised and the information on users may be leaked when
user signal is interrupted or intercepted. To extensively adopt the IoT,
this issue should be addressed to provide user confidence in terms of
privacy and control of personal information (F Li et al., 2016; S Li
et al., 2016). The development of IoT greatly depends on addressing
security concerns (Sicari et al., 2015).
This study focuses on security threats and vulnerabilities in the
context of the IoT and the state-of-the-art IoT security. We survey a
wide range of existing works in the area of IoT security that use
different techniques. We present an IoT security taxonomy based on
the current security threats in the contexts of application, architecture,
and communication. Possible security threats and vulnerabilities of the
IoT are also compared. We propose a new security scenario for the IoT
structure and provide an analysis of the possible threats and attacks to
the IoT environment.
This study aims to serve as a useful manual of existing security
threats and vulnerabilities of the IoT heterogeneous environment and
proposes possible solutions for improving the IoT security architecture.
State-of-the-art IoT security threats and vulnerabilities in terms of
application deployments, such as smart environment, intelligent
transportation, smart grid, and healthcare system, have been studied.
The IoT security, particularly the IoT architecture, such as authentication and authorization, has also been investigated.
The most relevant work is a secure IoT architecture for smart cities
Corresponding authors.
E-mail addresses: ayotundefadele@siswa.um.edu.my (F.A. Alaba), mazliza@um.edu.my (M. Othman), targio@siswa.um.edu.my (I.A.T. Hashem),
gs3095@mutiara.upm.edu.my (F. Alotaibi).
http://dx.doi.org/10.1016/j.jnca.2017.04.002
Received 3 December 2016; Received in revised form 14 March 2017; Accepted 4 April 2017
Available online 07 April 2017
1084-8045/ © 2017 Elsevier Ltd. All rights reserved.
Journal of Network and Computer Applications 88 (2017) 10–28
F.A. Alaba et al.
surrounding and delivering them to users and for accessing connected
IoT devices remotely. They comprise an extensive number of small
nodes that can detect, compute, and communicate with other devices
(Bi, and Frizzo-barker et al., 2016, 2016). The communication between
the Internet and the sensor nodes should satisfy secrecy, trustworthiness, verification, and non-revocation (Li, and Gluhak et al., 2016,
2011). The privacy and security issues in the IoT differ from those in
conventional and other wireless networks in terms of deployment and
technology (Yinbiao et al., 2014). The IoT networks are deployed on
low-power and lossy networks (LLN). LLNs are networks constrained
by energy, memory, and processing power. Hence, lightweight encryption technology, which includes lightweight cryptographic algorithm, is
used for securing the IoT environments. These aspects have not been
considered for conventional and other wireless networks (Suo et al.,
2015).
that uses the black SDN proposed by Chakrabarty and Engels (2016).
However, the proposed architecture does not support a full SDN
implementation due to the constrained nature of the IoT nodes, which
makes IoT nodes vulnerable and causes new types of threats and
attacks, including node capturing, eavesdropping, and tampering. The
architecture also decreases the network efficiency and leads to complicated routing. The current study proposes a possible solution to the
security problem based on the weaknesses and limitations of the
existing approaches in a comprehensive way. Other related works
include the end-to-end (E2E) secure key-managing protocol for ehealth applications by Abdmeziem and Tandjaoui (2015). The security
protocol is limited to offloading heavy cryptographic primitives to third
parties and does not specify the necessary trade-off between the
communication overhead and the number of third parties. Flauzac
et al. (2015) proposed a novel SDN-based security architecture for the
IoT using border controllers. However, the use of border controllers
has many drawbacks, such as securing both wanted and unwanted
traffic and enterprise protection. These challenges were not addressed
by the authors. Hernández-Ramos et al. (2015) focused on a lightweight authentication and authorization framework for constrained
smart objects. Nevertheless, the proposed framework was not integrated into the constrained IoT environments for authentication,
authorization, and defining some alternative methods to evaluate its
suitability.
The remainder of this paper is organized as follows. Section 2
presents an overview of the IoT and the difference between IoT security
and conventional wireless network security. Section 3 provides the IoT
classification. Section 4 discusses the threats and vulnerabilities of the
IoT. Section 5 describes the IoT security taxonomy. Section 6 provides
an IoT security scenario. Section 7 presents the discussions on possible
attacks posed by the threats and vulnerabilities on the IoT. Section 8
offers future directions. Finally, Section 9 concludes the study.
2.1. IoT Security versus conventional security
Several key differences exist between the IoT and conventional
wireless networks in terms of dealing with security and privacy. For
example, the deployment of the IoT is unique compared to that of the
normal Internet. The IoT devices are set up on LLNs, whereas others
have extremely dynamic topologies that rely on the application. LLNs
are strained by dynamism, memory, and processing power (Lu, 2014).
These aspects are not considered for the standard Internet. LLNs
experience great data losses due to node impersonation. For instance,
in the process of data transmission, if an attacker can connect to the
network using any identity, the attacker can be assumed an authentic
node. In the case of smart meter applications, the readings can be
manipulated by an attacker to send erroneous control messages (Lu,
2014).
The security features and requirements of both the IoT and
conventional network devices are also different (Suo, and Yan et al.,
2015, 2014). In the IoT perception layer, sensor nodes have limited
computational power and low storage capacity, which make the
frequency hopping communication application and public key encryption to secure the IoT devices impossible. Lightweight encryption
technology, which includes lightweight cryptographic algorithm, is
used for the IoT devices. The IoT network has security issues, such
as man-in-the-middle and counterfeit attacks, in the network layer.
Both attacks can capture from and send fake information to communicating nodes in the network (Zhao, 2013). Identity authentication
and data confidentiality mechanism are used to prevent unauthorized
nodes. At the application layer, data sharing is the main feature. Data
sharing creates security problems in data privacy, access control, and
disclosure of information (Zhang, 2015). The security requirements for
the application layer include authentication, key agreement, and
protection of user privacy across heterogeneous networks.
Furthermore, the communication protocols in both networks differ.
Each layer in the networks has its own communication protocol. For
example, IPv6 is used over low-power wireless personal area networks
in the IoT perception/physical layer, whereas wireless fidelity is used in
the physical layer in conventional networks. In the IoT network layer,
Datagram Transport Layer Security (DTLS) is used as a communication
protocol, whereas conventional network uses a transmission control
protocol (TCP). Constrained Application Protocol (CoAP) is used in the
IoT application layer for communication, whereas Hypertext Transport
Protocol (HTTP) is used in the application layer of conventional
networks (Milbourn, 2016).
In summary, the conventional security architecture is designed
based on the perspective of users and not applicable for communication among machines. The security issues in both networks may be
similar, but different approaches and techniques are used in handling
each network security issue (Kai, 2016). In this survey, the security
threats and vulnerabilities discussed are specific to the IoT devices.
(Figs. 1 and 2).
2. Overview of IoT
The IoT has drawn attention recently because of the expansion of
appliances connected to the Internet (Whitmore, and Atzori et al.,
2015, 2010). IoT simply means the interconnection of vast heterogeneous network frameworks and systems in different patterns of
communication, such as human-to-human, human-to-thing, or thingto-thing (Horrow and Anjali, and Al-Fuqaha et al., 2012, 2015).
Moreover, the IoT is a realm where physical items are consistently
integrated to form an information network with the specific end goal of
providing advanced and smart services to users (Botta, and Da et al.,
2016, 2014). The connected “things” (for example, sensors or mobile
devices) monitor and collect all types of environment data. They enable
the collection of real-time data about properties, individuals, plants,
and animals.
In the IoT model, sensor-equipped devices know how to deliver
lightweight data around the physical world, authorizing cloud-based
resources to extract data and make choices from the extracted data by
using actuator-equipped devices (Borgia, and Weber et al., 2016,
2010), which enhance the communication among nodes. With the
degree and size of the IoT components, the IoT applications have been
improved using different methods, techniques, and models derived
from device-driven-embedded frameworks (Mansfield-Devine, 2016).
The IoT is required to address the problems related to the IoT
application environments, such as real-time communication (Jutila,
2016), the presence of both sensor and actuator, and the distributed
heterogeneous nature of the IoT. Different research groups have
investigated the method of securing a wireless sensor network
(WSN), which is a major component for developing constrained devices
in the IoT (Borgia et al., 2016; Zhu et al., 2015a; and Roman et al.,
2011).
WSNs are ad hoc networks that are considered the major building
blocks for the IoT devices. They are used for gathering data from their
11
Journal of Network and Computer Applications 88 (2017) 10–28
F.A. Alaba et al.
3.1.1. Smart environment
The integration of the IoT applications enables the conception of
smart surroundings, such as smart cities. A smart environment
combines the services provided by multiple shareholders and scales
to support numerous users in a dependable and distributed way
(Kotsev et al., 2016). They should be capable of working in both wired
and wireless system environments and manage limitations, such as
data access with restricted control and untrustworthy network.
Numerous strategies, techniques, models, functionalities, frameworks,
applications, and middleware solutions are identified with context
awareness in an IoT smart environment (Ning and Liu, 2015). The
M2M communication among the IoT devices is thus less demanding
and provides more important data that help in recognizing a situation
or data (Perera et al., 2014). However, smart city devices are exposed to
various threats and attacks, including smart city Denial-of-Service
(DoS) attack, data manipulation, fake seismic detection, and fake flood
detection (Zhu et al., 2015a).
3.1.2. Smart grid
A smart grid is an electrical grid that comprises different operational and energy measures, such as smart meters, smart appliances,
renewable energy resources, and energy-efficient resources (Mahmood
et al., 2016). The high demand for extended energy sources has led to
the modernization of the traditional electrical distribution system that
is beneficial to energy distribution. Smart grid is defined as a smart
electrical distribution system that involves a wide range of electrical
power functions, such as smart meters, smart machines, sustainable
energy resources, and effective energy properties, which distribute
energy flows from manufacturers to users in a bidirectional way. Smart
grids serve as building blocks for energy management for a sustainable
environment (Borgia, 2014). Smart grids are reliable, improve cost and
savings, and enhance energy independence. Smart grid is vulnerable to
different attacks and threats, such as customer security, physical
security, trust among traditional power devices, endpoints on devices,
and malicious attacks.
Fig. 1. Landscape of IoT.
3. Classification of IoT
The IoT can be classified into three layers (Zhao and Ge, 2013),
namely, application, perception, and network protocol, as shown in
Fig. 3.
3.1. Application layer
No universal standard for constructing the IoT application layer
currently exists (Zhao and Ge, 2013). The application layer can be
structured in several ways based on the service it offers. The application
layer is the uppermost layer and is visible to the end user. Applications,
such as smart grid, smart city, healthcare system, and intelligent
transportation protocols, constitute this layer (Jing et al., 2014). An
application layer protocol is distributed over multiple end systems, in
which the application in one end system uses a protocol to exchange
information packets with an application in another end system (Oen,
and Nolin and Olson, 2015, 2016). An application layer typically
comprises a middleware, a machine-to-machine (M2M) communication protocol, cloud computing, and a service support platform (Yaqoob
et al., 2017). The security issues differ depending on the industry and
environment (Valmohammadi, 2016).
3.1.3. Healthcare system
The increasing cost of health maintenance and the frequency of
prolonged diseases worldwide earnestly demand the reconstruction of
healthcare services from the doctor facility-focused framework to an
individual-focused environment, with attention on controlling the
diseases and the health condition of patients (Moosavi et al., 2015).
The framework is based on radio frequency technology that delivers
general networking performances. E-health depends on the interrelationship of tiny nodes developed using sensing (detecting) and actuating (activating) capacities embedded inside or outside the human body
(Abdmeziem and Tandjaoui, 2015). The applications are connection
mindful, active, and personalized, and they depend on trusted channels
Fig. 2. IoT Network vs. Conventional network.
12
Journal of Network and Computer Applications 88 (2017) 10–28
F.A. Alaba et al.
Fig. 3. IoT classification.
principle is one of the main reasons for the incompatibility in the
classification parameters used and how the fee is calculated (i.e.
whether it is based on network, distance or zone/congestion). For
example, with respect to security, the use of different security
mechanisms to protect the integrity of the data stored in OBU (Li,
2015). Hence, standardization is important in order to ensure interoperability, particularly for EFC applications, for which the European
imposes a need for interoperability of systems.
Intelligent transportation deploys large scale WSNs to observe
travel time online (i.e., from the starting point to the endpoint), routing
decisions, queue lengths, air pollutants, traffic congestions, and noise
emissions. Intelligent transportation involves traffic control, parking,
and public transportation. Its ease-of-use enables different individuals
to be well-informed and the secure, organized, and smooth use of
intelligent transportation systems (Mishra, 2015 and Miorandi, 2012).
However, intelligent transportation is also exposed to several types of
threats and attacks, such as DoS, improper configurations, insecure
transmission channel, congestion control, security and spectrum sharing. Table 1 compares the possible security threats in the IoT devices
and the enabling communication technologies deployed in the application domain. The application domain includes smart environment,
smart grid, healthcare system, and smart transportation.
for communication with connected devices. The rapid increase in the
IoT services has prompted the requirement for modern approaches to
handle heterogeneous devices, fluctuating availability, and data-creating behavior (Abdmeziem and Tandjaoui, and Aazam et al., 2015,
2016). Smart healthcare involves the use of smart health cards that
protects the security and privacy of patients. However, smart health
cards are vulnerable to threats and attacks, such as theft, loss, insider
misuse, unintentional actions, hacking, internal attack, and cyberattack (Aman and Snekkenes, 2016).
3.1.4…
Purchase answer to see full
attachment