Internet of Things (IoT)

as Interconnection of
Threats (IoT)
Security and Privacy in Internet of
Things
Phase of IoT
System
• The IoT requires five phases,
from data collection to data
delivery to the end users on
or off demand.
Phase I: Data collection, acquisition, perception

• Collect or acquire data from the devices or things.

• Based on the characteristics of the thing, different types of data
collectors are used
• The thing may be a static body (body sensors or RFID tags) or
a dynamic vehicle (sensors and chips).
Phase II: Storage

• The data collected in phase I should be stored.

• If the thing has its own local memory, data can be stored.
• Generally, IoT components are installed with low memory and
low processing capabilities.
• The cloud takes over the responsibility for storing the data in the
case of stateless devices.
Phase III: Intelligent processing

• The IoT analyses the data stored in the cloud Data Center
(DC)s and provides intelligent services for work and life in hard
real time.
• As well as analysing and responding to queries, the IoT also
controls things.
• There is no discrimination between a boot and a bot; the IoT
offers intelligent processing and control services to all things
equally.
Phase IV: Data transmission

Data transmission occurs in all phases:

• From sensors, RFID tags, or chips to DCs

• From DCs to processing units

• From processors to controllers, devices, or end users

Phase V: Delivery

• Delivery of processed data to things on time without errors or

alteration is a sensitive task that must always be carried out.
Phase attacks
• The Figure demonstrates
the variety of attacks on
the five phases of IoT.
• Data leakage,
sovereignty, breach, and
authentication are the
major concerns in the
data perception phase.
 • Data leakage can be internal or external,
intentional or unintentional, authorized or
malicious, involving hardware or software.
• Export of unauthorized data or information to an
unintended destination is data leakage.
Data leakage • Generally, this is done by a dishonest or
dissatisfied employee of an organization.
or breach • Data leakage is a serious threat to reliability.
• As the cloud data move from one tenant to
several other tenants of the cloud, there is a
serious risk of data leakage.
• The severity of data leakage can be reduced by
the use of DLP (data leakage prevention).
Data sovereignty
• Data sovereignty means that
information stored in digital form
is subject to the laws of the
country.
• The IoT encompasses all things
across the globe and is hence
liable to sovereignty.
Data Loss

• Data loss differs from data leakage in

that the latter is a sort of revenge-
taking activity on the employer or
administrator.
• Data loss is losing the work
accidentally due to hardware or
software failure and natural disasters.
Data Authentication

• Data can be perceived from any device at any time.

• Devices can be forged by intruders.
• It must be ensured that perceived data are received from intended or
legitimate users only.
• It is mandatory to verify that the data have not been altered during transit.
• Data authentication could provide integrity and originality.
Attacks on Availability

• Availability is one of the primary securities for the intended clients.

• Distributed denial of service (DDoS) is an overload condition that is caused
by a huge number of distributed attackers.
• But this not the only overload condition that makes the DCs unavailable to
their intended clients.
• The varieties of overload threat occurrence that cause DCs to freeze at
malicious traffic are analysed here:
• Flooding by attackers
• Flooding by legitimates (flash crowd)
• Flooding by spoofing
• Flooding by aggressive legitimates
Flooding

• Flooding by attackers
• DDoS is flooding of malicious or incompatible packets by attackers toward the DCs.
• This kind of overload threat can be easily detected by Matchboard Profiler.
• If the attacker characteristic is found, the user can be filtered at the firewall.
• Flooding by legitimates (flash crowd)
• Flash crowd is an overload condition caused by huge numbers of
legitimate users requesting the DC resources simultaneously.
• This can be solved by buffering an excess number of requests so that
this overload condition remains live only for a certain period of time.
Flooding

• Flooding by spoofing attackers

• This is caused by impersonation which can be detected by acknowledging each request and
by maintaining the sequence number of the requests and requesters’ Internet protocol (IP)
address.
• Flooding by aggressive legitimates
• Aggressive legitimates are users who are restless and repeatedly initiate
similar requests within a short time span.
• This leads to an overload condition, where the legitimate users flood the
server with requests that slow down the DC performance.
• These attacks are difficult to detect because of their legitimate
characteristics.
• By analysing the inter-arrival time between data packets as well as the
values of the back-off timers, those attacks can be detected.
Modification of sensitive data

• During transit from sensors, the data can be captured, modified, and forwarded to
the intended node.
• Complete data need not be modified; part of the message is sufficient to fulfil the
intention.
• Modification takes place in three ways:
• Content modification, in which part of the information has been altered
• Sequence modification, in which the data delivery has been disordered, making the message
meaningless
• Time modification, which could result in replay attack.
• For example, if an ECG report has been altered during a telemedicine diagnosis, the
patient may lose his or her life.
• Similarly, in road traffic, if the congestion or accident has not been notified to
following traffic, it could result in another disaster.
Attacks as per architecture
Attacks as per
architecture
• The IoT has not yet been
confined to a particular
architecture.
• Different vendors and
applications adopt their own
layers.
• In general, the IoT is
assumed to have four
layers: the lowest-level
perception layer or sensing
layer, the network layer, the
transmission layer, and the
application layer.
External attack

• In order to make full use of the benefits of the IoT, security issues
need to be addressed first.
• Trustworthiness of the cloud service provider is the key concern.
• Organizations deliberately offload both sensitive and insensitive data
to obtain the services.
• But they are unaware of the location where their data will be
processed or stored.
• It is possible that the provider may share this information with others,
or the provider itself may use it for malicious actions.
Ad-Hoc Wireless
Network Review
• In ad-hoc networks, each node can communicate with other
nodes, so no access point that provides access control is required.
• In ad-hoc networks the nodes in the network take care of routing.
• Routing is to find the best possible path between the source and
destination nodes to transfer data.
• All the individual nodes in an ad-hoc network maintain a routing
table, which contains the information about the other nodes.
• As the nature of the ad-hoc network is dynamic, this results in
ever-changing router tables.
• One important thing to note is that an ad-hoc network is
asymmetric by nature, meaning the path of data upload and
download between two nodes in the network may be different.
AODV
Example
• AODV is a method of routing messages between mobile
computers. It allows these mobile computers, or nodes, to
pass messages through their neighbours to nodes with
which they cannot directly communicate.
• AODV does this by discovering the routes along which
messages can be passed.
• AODV makes sure these routes do not contain loops and
tries to find the shortest route possible.
• AODV is also able to handle changes in routes and can
create new routes if there is an error.
• The diagram to the left shows a set up of four nodes on a
wireless network.
• The circles illustrate the range of communication for each
node.
• Because of the limited range, each node can only
communicate with the nodes next to it.
 AODV
Example..
• Nodes you can communicate with directly are considered to
be Neighbours.
• A node keeps track of its Neighbours by listening for a
HELLO message that each node broadcast at set intervals.
• When one node needs to send a message to another node
that is not its Neighbour it broadcasts a Route Request
(RREQ) message.
• The RREQ message contains several key bits of
information: the source, the destination, the lifespan of the
message and a Sequence Number which serves as a
unique ID.
• In the example, Node 1 wishes to send a message to Node
3.
• Node 1’s Neighbours' are Nodes 2 + 4.
• Since Node 1 can not directly communicate with Node 3,
Node 1 sends out a RREQ.
• The RREQ is heard by Node 4 and Node 2.
AODV
Example..
• When Node 1’s Neighbours receive the RREQ
message they have two choices; if they know a route
to the destination or if they are the destination they
can send a Route Reply (RREP) message back to
Node 1, otherwise they will rebroadcast the RREQ to
their set of Neighbours.
• The message keeps getting rebroadcast until its
lifespan is up.
• If Node 1 does not receive a reply in a set amount of
time, it will rebroadcast the request except this time
the RREQ message will have a longer lifespan and a
new ID number.
• All of the Nodes use the Sequence Number in the
RREQ to insure that they do not rebroadcast a RREQ
• In the example, Node 2 has a route to Node 3 and
replies to the RREQ by sending out a RREP.
• Node 4 on the other hand does not have a route to
Node 3 so it rebroadcasts the RREQ.
AODV
Example..
• Sequence numbers serve as time stamps, they allow
nodes to compare how “fresh” their information on other
nodes is.
• Every time a node sends out any type of message it
increase its own Sequence number.
• Each node records the Sequence number of all the other
nodes it talks to.
• A higher Sequence numbers signifies a fresher route.
• This it is possible for other nodes to figure out which one
has more accurate information.
• In the example, Node 1 is forwarding a RREP to Node
4.
• It notices that the route in the RREP has a better
Sequence number than the route in it’s Routing List.
• Node 1 then replaces the route it currently has with the
route in the Route Reply
Wormhole attack

• Wormhole attack is very popular in ad hoc networks.

• IoT connects both stationary and dynamic objects, ranging from
wristwatches and refrigerators to vehicles.
• The link that binds these objects is also heterogeneous, may be wired or
wireless, and depends on the geographical location.
• Here, the intruder need not compromise any hosts in the network.
• The intruder just captures the data, forwards them to another node, and
retransmits them from that node.
• Wormhole attack is very strange and difficult to identify.
Selective forwarding attack

• Malicious nodes choose the packets and drop them out; that is,
they selectively filter certain packets and allow the rest.
• Dropped packets may carry necessary sensitive data for further
processing.
Sinkhole attack

• Sensors, which are left unattended in the network for long

periods, are mainly susceptible to sinkhole attack.
• The compromised node attracts the information from all the
surrounding nodes.
• Thereby, the intruder posts other attacks, such as selective
forward, fabrication, and modification.
Sewage pool attack

• In a sewage pool attack, the malicious user’s objective is to

attract all the messages of a selected region toward it and then
interchange the base station node in order to make selective
attacks less effective.
Witch attack

• The malicious node takes advantage of failure of a legitimate

node.
• When the legitimate node fails, the factual link takes a diversion
through the malicious node for all its future communication,
resulting in data loss.
HELLO flood attacks

• In HELLO flood news attacks, every object will introduce itself

with HELLO messages to all the neighbours that are reachable
at its frequency level.
• A malicious node will cover a wide frequency area, and hence it
becomes a neighbour to all the nodes in the network.
• Subsequently, this malicious node will also broadcast a HELLO
message to all it neighbours, affecting the availability.
• Flooding attacks cause nonavailability of resources to legitimate
users by distributing a huge number of nonsense requests to a
certain service.
Addressing all things in IoT

• Spoofing the IP address of virtual machines (VMs) is another

serious security challenge.
• Malicious users obtain the IP address of the VMs and implant
malicious machines to attack the users of these VMs.
• This enables hacking, and the attackers can access users’
confidential data and use it for malicious purposes.
Addressing all things in IoT

• The cloud provides on-demand service and supports

multitenancy, it is also more prone to DDoS attack.
• As the attacker goes on flooding the target, the target will
invest more and more resources into processing the flood
request.
• After a certain time, the provider will run out of resources and
will be unable to service even legitimate users.
• Unless DLP agents are embedded in the cloud, due to
multitenancy and the movement of data from users’ control into
the cloud environment, the problem of data leakage will also
exist.
Distributed denial of service (DDoS)

• DDoS, an attack initiated and continued by some hundreds or even

thousands of attackers, starts by populating unwanted traffic packets
with enormous size in order to capture and completely deplete
memory resources.
• At the same time, the traffic disallows legitimate requests from
reaching the Data Center(DC) and also depletes the bandwidth of the
DC.
• This eventually leads to unresponsiveness to legitimate requests.
• A denial of service (DoS) or DDoS attack can overwhelm the target’s
resources, so that authorized users are unable to access the normal
services of the cloud.
IP spoof attack
• Spoofing is a type of attack in which the attacker pretends to be
someone else in order to gain access to restricted resources or
steal information.
• This type of attack can take a variety of different forms; for
instance, an attacker can impersonate the IP address of a
legitimate user to get into their accounts.
• IP address spoofing, or IP spoofing, refers to the creation of IP
packets with a forged source IP address, called spoofing, with
the purpose of concealing the identity of the sender or
impersonating another computing system.
IP spoof attack
• IP spoofing is most frequently used in DoS attacks.
• In such attacks, the goal is to flood the victim with overwhelming
amounts of traffic, and the attacker does not care about
receiving responses to the attack packets.
• They have additional advantages for this purpose—they are
more difficult to filter, since each spoofed packet appears to
come from a different address, and they hide the true source of
the attack.
• There are three different types of spoof attacks: impersonation,
hiding attack, and reflection attack.
 Type I,
Hiding attack
• Attackers simultaneously
send a large number of
spoofed packets with
random IP address.
• This creates chaos at the
DC regarding which
specific packets should be
processed as legitimate
packets
Type II,
Reflection attack
• Attackers send spoof
packets with the source
IP address of the victim
to any unknown user.
• This causes unwanted
responses to reach the
victim from unknown
users and increases the
flood rate.
Type III,
Impersonation
attack
• Attackers send spoof packets with
the source IP address of any
unknown legitimate user and
acting as a legitimate user.
• This is equivalent to a man-in-the-
middle attack.
• The spoof attacker receives
requests from clients, spoofs IP,
and forwards the requests to the
DC, acting as a legitimate user.
• The responses of the DC are
again processed intermediately
and sent to the clients.
• This leads to confidentiality issues
and data theft or loss at the DC
Spoofing attack continu..

If a proper spoof detection mechanism is not in place, the DC

could respond badly, leading to a partial shutdown of services.
• In network-level DDoS, the attackers will try to send invalid
requests with the aim of flooding the cloud service provider
(CSP); for example, requests for a half-open connection.
•  In service-level DDoS, the attacker will be sending requests
that seem to be legitimate.
• Their content will be similar to a request made by a legitimate user.
• Only their intention is malicious.
Data Center

• A DC is a centralized repository, either physical or virtual, for the

storage, management, and dissemination of data and
information organized around a particular body of knowledge or
pertaining to a particular business.
• A DC is a facility used to house computer systems and
associated components and huge storage systems.
• The main purpose of a DC is to run the applications that handle
the core business and operational data of the organization.
• Such systems may be proprietary and developed in house by
the organization, or bought from enterprise software vendors.
Botnet

• A botnet is a collection of Internet-connected computers whose

security defences have been breached and control ceded to a
malicious party.
• Each such compromised device, known as a “bot,” is created
when a computer is penetrated by software from a malware
distribution, otherwise known as malicious software.
• The controller of a botnet is able to direct the activities of these
compromised computers through communication channels
formed by standards-based network protocols such as Internet
Relay Chat (IRC) and hypertext transfer protocol (http).
Threats per architecture …
• Physical security
• Hardware involved in serving clients must be continuously audited with
a safe checkpoint for the sake of hysteresis identification of threats.
• Software security
• Corruption or modification of application software by threats could
affect several clients who depend on that particular application
programming interface (API) and related software interfaces.
• Network security
• Bandwidth attacks such as DoS and DDoS can cause severe
congestion the network and also affect normal operations, resulting in
communication failure.
• Byzantine failure
• Byzantine failure is a malicious activity that compromises a server or a
set of servers to degrade the performance of the cloud.
Threats per architecture …

• Eavesdropping
• An interception of network traffic to gain unauthorized access. It can result in failure of
confidentiality.
• The man in the middle attack is also a category of eavesdropping.
• The attack sets up a connection with both victims involved in a conversation, making
them believe that they are talking directly but infecting the conversation between them.
• Replay attack
• The attacker intercepts and saves old messages and then sends them later as one of
the participants to gain access to unauthorized resources.
• Back door
• The attacker gains access to the network through bypassing the control mechanisms
using a “back door,” such as a modem and asynchronous external connection.
Attacks based on components

• The IoT connects “everything” through the Internet.

• These things are heterogeneous in nature, communicating sensitive
data over a distance.
• Apart from attenuation, theft, loss, breach, and disaster, data can also
be fabricated and modified by compromised sensors.
• Verification of the end user at the entry level is mandatory;
distinguishing between humans and machines is extremely important.
• Different types of Completely Automated Public Turing test to tell
Computers and Humans Apart (CAPTCHA) help in this fundamental
discrimination.
Attacks based on components