i. are a wide range of attacks

      i.          Network layer

After data is collected from the first layer, it would to be transferred to the IoT cloud provider, the network layer contains devices such as wireless and wire routers and switches are utilized to convey information from the first layer to the could supplier, other devices firewall, IDS and IPS are used to protect data from attacks.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

    ii.           Application Layer

The final station of gathered information is the cloud, cloud suppliers preparing and examining the information to provide the IoT user with useful outcome, also this layer gives the user a portal to view the final results and statistics.

 

3.    IoT Security

The main goal of cyber security is to secure the data from unauthorized access and modify.

 

3.1  IoT Confidentiality

It is very important for data either in transmit or in store to be secure from unauthorized access that could expose user’s information and violates user’s privacy, 1-2-3 Zones 5 divided the IoT environment to three zones Internal zone, Middle zone and Outside zone figure 4. We can see from the figure 4 that information
 in IoT environment could be located and
transmit as the following: – 1-    Data could be stored in the Internal zone,
like in IoT devices.2-       Data could be stored in the External zone
in the cloud.3-       Data transmits between devices in Internal
zone, from sensors to IoT devices or controllers. 4-       Data moves from Internal zone to Middle
zone. 5-       Data transmit from Middle zone to external
zone.So it is substantial to protect data
confidentiality in all previous mentioned places. 3.1  IoT
IntegrityAny
unauthorized modify of IoT data either in store or in transmit would make all
IoT results and analysis invalid, we can imagine that an intruder who break IoT
medical device that reads a patient health activity and modify his health
reading which definitely would expose his health to danger, so it’s vital to secure
the integrity of data in IoT.  4.    Related WorkThere are a wide range of attacks targeting
each layer of IoT architecture figure 3, many research papers have discussed these
attacks, this section will discuss the related work of IoT attacks.     4.1   Perception
layer attacks   Attacks in this layer will target mainly technology like sensors and IoT
controllers, because of the nature of these technology that have small process
capability and limited storage unit make them easy target for intruders, this
layer could be target for the following attacks: –    
Node Tempering: – in this type of attack the intruder
may damage, replace or manipulate the IoT devices that
sense and measures activities 6, the goal of this attack is to get or
alter the data measured by these devices. –  
Code injection: – in code injection the intruder takes
advantage of a vulnerability in the IoT system that give him the ability to
inject the system with malicious code 7 which gives the intruder the control
of the system to do unauthorized actions like inject the IoT device with a worm
to join it in a botnet or to control the IoT device and tamper with data. –    
Man in the Middle Attack: – the intruder spies on IoT
communications, which give him the ability to listen to the traffic between the
sensors and IoT controller or between the controller and the rest of network
devices and as a result the intruder can disclose personal information 8.  –  
DOS Attack: – break the availability of services is a
very popular attack, DOS attack can be lunched against IoT environment or can
be lunched from IoT environment against other systems, in the first scenario a
massive network requests sent to IoT system to overflow system resources and
make them unavailable, such attacks would be very disruptive if they directed
to critical environment like Smart Grid, in the second scenario where the
attack initiated from IoT environment, intruders control a wide network of IoT
environments making a network of botnet, and use that botnet to lunch DOS
attack against other systems 239. –       
RFID Cloning and Spoofing: – this type of attack
enable the attacker to spoof signals, alter them and send its own using the genuine
RFID tag which make the source of signals appear arriving from the original device
10.  –       
IoT Device Impersonation: – this attack take place
when attacker adds a device that can act as either sensor or IoT controller and
appears it belong to the IoT environment, which give the attacker the ability
to generates or receive data 11  –       
Password Attacks: – All IoT devices and controllers
have interfaces that give the user the ability to configure and read the IoT
results and since these devices are connected to the internet they are target
to the password guessing attacks as it happened with Dyn cyberattack 23.  4.2  Network
Layer Attacks Attacks in
this layer will target network devices and services, that are responsible for
moving data from a layer to other layer, devices included in this would be like
router, switches, Wi-Fi, Bluetooth and others. –       
Traffic Sniffing: – sniffing traffic in transmit is a
popular attack in networking world, intruders can sniff the flow of data while
traveling to cloud, this attack would violate the secrecy of data and give the attacker
the ability to disclose and change IoT information 12 –       
Routing attack: – intruder change the routing
information of IoT systems to route packets to other destination or to pause the
IoT functionality 13.  –       
DOS Attacks: – similar to the perception layer, DOS
attacks can take place in network layer and cause IoT services to stop.  4.3 
IoT Security CountermeasureProtecting IoT environment for cyberattacks is an essential demand in security
worlds, many researches discussed techniques and procedures that can be taken
to secure against such attacks.-       
Using Digital Certificate and strong authentication
will maintain the secrecy of data 14, that will make sure every device in IoT
environment is a legitimate and genuine device which in turn will prevent the
many attacks like Node Tampering, Man in the Middle, Device Impersonation and
other attacks.  –         
Data Encryption will make sure that all data will be
only read by authorized parties 15.-         
Access Control Lists (ACLS): creating the right rules
to control the inbound and outbound of traffic will stop unwanted traffic and
monitor access to the IoT devices. –         
Intrusion Detection and Prevention: would alarm and stop
any malicious activities on IoT systems.-       
Anti-virus would protect IoT devices form get infected
by malwares.    –       
Update IoT firmware will close bugs and
vulnerabilities that attackers can take advantage of to attack against IoT
devices. –       
Proper IoT devices configuration like change default
password and turn on only needed services would protect IoT environment from
wide range of attacks.  5.    Statement of
the problem Due to the design and functional nature of IoT devices, implement
security best practice faces many challenges and difficulties, some of these
challenges: – 1-    Lack of standards in IoT devices and
proprietary techniques and protocols used make understanding IoT threats and
deploying security mechanism more challenging and difficult. 2-     The
limited processing and storage capabilities of IoT devices make applying
security features more difficult, like applying encryption method between
sensors and IoT devices, most of sensors do not have enough processing power to
handle the encryption process which arise the need to develop a lightweight
encryption method to apply in IoT devices, the limited storage also prevent
users from deploy security mechanism like anti-virus that could fill the
storage unit of IoT devices. 3-    Most of IoT vendors are not interested to
develop imbedded security features as opposed to their interested selling more
cheap IoT devices. All these challenges arise the need to
develop mechanisms to protect against threats and attacks.The proposed framework is stand on four components
Authentication, Authorization, Encryption and Cloud Security Service. 6.    The Proposed
Solution

the
proposed solution stat that all embedded devices including sensors and other
devices should authenticate themselves to the IoT controller, two scenarios
arise here, if the sensor has enough processing power, it should authenticate
itself using certificate to the 
controller, if it does not have required power controller should depend
on other features like RFID Tag or MAC address or sensor serial number, if none
of the authentication method applied the controller should refuse sensor
registration, data that are transmitting 
from IoT controller to the cloud should be encrypted to prevent any
confidentiality losing, also IoT controller should subscribe to cloud security
service that will act as Network Access Control to check the health of the IoT
device figure 5