Published by : International Journal of Engineering Research & Technology (IJERT)

http://www.ijert.org ISSN: 2278-0181

Vol. 10 Issue 07, July-2021

Emerging Technology IoT and OT: Overview,

Security Threats, Attacks and Countermeasures
Aman Srivastava Ankita Agarwal
Department of Computer Science and Engineering, Assistant Professor,
Babu Banarasi Das Institute of Technology and Department of Computer Science and Engineering,
Management, Lucknow-226028, India Babu Banarasi Das Institute of Technology and
Management, Lucknow-226028, India

Abstract—This paper provides an overview of Internet of other gadgets [6]. It will have access to the most confidential
Things (IoT) and Operational Technology (OT) with an emphasis and sensitive information, such as financial records, personal
on major security challenges and attacks faced by these records and social security numbers [7].
technologies. With increased deployment of IoT and OT systems For example, if we take smartphones or laptops, there are
in today’s world, e.g., IoT is often seen in office or home
automation and smart appliances, this increases the possibility of
less concerns, whereas when it comes to IoT devices, then the
malicious threats than ever before. While a number of researches concern quickly multiplies in numbers. In the future, we will
have been done to explore such challenges. Compared to previous witness a deadly combination of IoT and AI at it’s very best.
work, this paper aims to provide a detailed analysis of security They both together work in a cycle where data collected by IoT
goals which covers common problems faced by IoT and OT devices is processed with help of AI algorithms which in turn
devices, OWASP top 10 security threats, The Purdue Model, give useful results that are further implemented using IoT
IT/OT convergence and addresses most of the important security devices [8]. There is continuous work going on in fields like
attacks and their countermeasures for IoT and OT systems. VUI and Miniaturization of things (smart objects) as they result
in many perks for users. Reduction in power consumption or
Keywords— Internet of Things (IoT), Operational Technology
(OT), The Purdue Model, Security Threats, Attacks,
proper use of available sources of power is a very important
Countermeasures aspect where work is constantly being done. Such will be the
scope of IoT that almost all sectors including key areas like
I. INTRODUCTION Transportation, Manufacturing and Agriculture will be hugely
The IoT is an important and emerging topic in the field of influenced by it [9].
technology, economics, and society in general. The Internet of With the advent of OT, its security aspect is the biggest deal
Things (IoT), is commonly defined as network of physical to encounter. So, if we give proper attention to possible threats
objects that can sense, collect, analyse, and send data using and employ required techniques to overcome the issues, we can
internet protocols. IoT have revolutionized the very way of have an improved communication, less risk of cyber-attacks,
living. Lately, internet is not only limited to computers, but it amplified efficiency and will add to user friendliness.
has expanded to vehicles, smart phones, industrial systems,
home appliances and so on [1, 2]. Some real-world examples of III. PROBLEMS OF IOT
IoT are fitness trackers (like Fitbit), voice assistants (Alexa and IoT devices are loaded with numerous features and
Google Home), smart appliances (like Amazon echo, Phillips applications but a lack of basic security policies makes it easy
Hue, etc.). prey for hackers [10, 11]. Some of the challenges that makes
Operational Technology (OT) plays a major role in today’s IoT devices vulnerable to threats:
modern society, as it drives a collection of devices that are • Vulnerable Web Surfaces
designed to work together as a homogenous or integrated • Lack of Legal, Regulatory and Rights
system [3]. OT generally referred as software and hardware that • Buffer Overflows
are used to manipulate changes in industrial operations through • Storage Issues
monitoring and controlling physical processes, devices and • Physical Theft and Tampering
infrastructure [4]. The rate at which IoT and OT systems are • Difficult-to-Update Firmware and OS
growing and being deployed in real life has become ubiquitous,
which also has potential consequences that need to be TABLE I. OWASP TOP 10 IOT THREATS AND SOLUTIONS
addressed. Vulnerabilities Solutions
Weak, Guessable, or • Use complex passwords or passphrases
II. RISKS VS. FUTURE TRENDS 1. Hardcoded • Use password management system
Passwords
Although IoT is growing at such a rate and has enormous • Use firewall and IDS
advantages, but some devices still have not got the security Insecure Network
2. • Use encrypted version of the services
Services
updates/patches that make them vulnerable and restrict them to • Close unnecessary open ports
limited functionalities [5]. The threats to IoT can be sorted into • Implement multi-factor authentication
Insecure Ecosystem
3. mechanisms
three primary categories: Security, Privacy and Safety. The Interfaces
• Periodically evaluate the interfaces
importance of these categories is clear, as IoT devices are Lack of Secure • Implement secure delivery by encrypting
becoming more pervasive in our lives than smartphones and 4.
Update Mechanisms communications route

IJERTV10IS070060 www.ijert.org 86
(This work is licensed under a Creative Commons Attribution 4.0 International License.)
 Published by : International Journal of Engineering Research & Technology (IJERT)
http://www.ijert.org ISSN: 2278-0181
Vol. 10 Issue 07, July-2021

• Use checksum and hash to verify the • Attacker uses the jammer to sniff the first code and
integrity of updates
jams the car’s receptor device
• Remove insecure software libraries or
Use of Insecure or dependencies • Victim tries sending code again by car remote button
5. Outdated • Avoid using third-party software or as the car did not unlock first time
Components hardware components from a compromised • Attacker sniffs the second code this time also, but he
supply chain
Insufficient Privacy • Implement CIA triad
forwards the first code which unblocks the car
6.
Protection • Anonymize data collected from users • Now the attacker can use the recorded second code to
• Use encrypted channels for transferring unlock the car.
Insecure Data data Countermeasures: Defending against rolling code attack is
7.
Transfer and Storage • Implement Access control mechanism
properly
almost impossible because RF protocols that are used are
Lack of Device • Monitor runtime-settings themselves so weak that nothing can prevent capturing,
8.
Management • Blacklist device that seem suspicious replaying and analyzing the broadcasted RF signals. But there
Insecure Default • Change default username and passwords are some steps that can be adapted to increase the defense such
9.
Settings • Avoid using remote access feature as avoid using remote dongle to lock or unlock car instead use
Lack of Physical • Configure password for BIOS
10.
Hardening • Minimize the use of external ports the push button in the handle of door. One can buy theft
insurance, financial defence is better step than physical defence
in this scenario [15].
IV. LET’S BEGIN WITH SOME IOT ATTACKS THAT
ARE DONE GLOBALLY: C. SDR-Based Attacks.
A SDR system is a radio communication system in which
A. BlueBorne Attack software (or firmware) is used instead of hardware for
A BlueBorne attack is performed by an attacker to gain full generating radio communications and signal processing. The
access of the target device by leveraging Bluetooth connection. usage of wireless physical communication in IoT devices leads
In this attack, it is not required that the targeted device is paired to unprecedented opportunities for attackers like examining the
with the attacker’s device or even set to discoverable mode, that communication signals in IoT networks and sending exploit to
leads to conduct a large range of offenses, which includes interconnected devices. Hung et al. [16] have discussed about
remote code execution as well as Man-in-The-Middle attacks. four vulnerabilities which can be exploited using SDR:
BlueBorne attack can be performed on various IoT devices a) Reconnaissance of a Target:
which also includes devices those are running operating
Operating system of an IoT device is the most
systems such as Android, Linux, Windows, etc [12]. These
important thing, sometimes it can be found with FCC ID
steps can be followed to perform BlueBorne attack:
information or on the device’s website. Sometimes SDR
• Attacker tries to locate all active Bluetooth-enabled
tools like HackRF one is used to monitor a wide range
devices around him/her
of frequency spectrum and determine the frequency of
• Then attacker obtains the MAC address of the device at which the device is normally operating on.
• Now, the attacker tries to determine the OS by
b) Decode Data Unknown RF Protocol:
continuously probing the target device
GNURadio companion tool is used to decode the
• After OS is identified, attacker exploits the
signal data. Some additional steps like reverse
vulnerabilities in the Bluetooth protocol to gain access
engineering the protocol is carried out to obtain the
to the target device
original signal. HackRF One is used to capture the signal
• Now that an adversary has full access to the device, emitted by transmitter and recorded in wav format. The
she/he can perform RCE or MiTM attack wav file is then opened in Audacity, it is a tool which is
Countermeasures: To prevent BlueBorne attack, one must used to analyze and modify the audio and raw captured
turn off Bluetooth when not in use, turn off discoverable feature files. Then, the signal is finally segregated into 8-bit
and install the latest patch released by vendors, because ones blocks to convert into text.
an attacker has made it to your device using BlueBorne vector,
there is no way to stop him except resetting the device [13].
B. Rolling Code Attack
Nowadays, most smart vehicles use smart locking system,
which works using RF signal that is transmitted in the form of
code from a key to lock or unlock the vehicle. This code is only
used once and it is rejected, if a vehicle receives the same code
again. This is done to prevent replay attacks. This code that
locks or unlocks a car is called a rolling code or hopping code.
Now the attacker thwarts the transmission of a signal to obtain
the rolling code. This attack is performed using a jamming
device which jams the signal and sniffs the code simultaneously
and attacker can use that code later to unlock the vehicle [14].
Here are some steps that are followed by an attacker to
perform a rolling code attack:
• Victim presses remote button to unlock the car Fig. 1. HackRF One

IJERTV10IS070060 www.ijert.org 87
(This work is licensed under a Creative Commons Attribution 4.0 International License.)
Published by : International Journal of Engineering Research & Technology (IJERT)
http://www.ijert.org ISSN: 2278-0181
Vol. 10 Issue 07, July-2021

c) Replay Attacks: density of the attack [19]. UDP flood attack and ICMP
Replay attack is the major attack using SDRs. In this flood attacks are the type of bandwidth depletion attack.
attack signal is captured and then retransmitted. As a c) Infrastructure Attack:
result, after replaying the signal, receiver circuit This attack directly impacts the IoT device and its
performs the operation as usual. Below are some steps components by making the bandwidth and resources
to perform a replay attack: unavailable to the users [20].
• During reconnaissance, operating frequency of d) Zero Day Attack:
the device was found, monitor that frequency Zero day attack is initiated by exploiting a software
to capture the signal once initiated between the vulnerability which is unknown to the vendor or
interconnected devices. developer. Patch for these types of vulnerabilities is
• The, command sequence is segregated and released after the attack [21].
injected into the signal using tools like Countermeasures: To prevent DDoS attack different
Universal Radio Hacker (URH). security solutions need to be implemented at different IoT
• Then this frequency containing segregated layers. Researchers have introduced many lightweight
command sequence is broadcasted, which encryption mechanisms for IoT architecture that can improve
replays the operation of the device. the security at perception layer [22, 23]. To secure the network
d) Jamming Attack: layer IPv6 techniques, Encapsulation Security Payload (ESP),
Jamming RF is a type of attack in which and Authentication Header (AH) can be configured to encrypt
communication between transmitter and receiver gets the data between the endpoints and verify its integrity [24].
disrupted. This is done by transmitting high- power Santos et al. [25] introduced a method in which DTLS can be
signal on operating frequency of the device, which used to provide secured end to end communication and
results in a DoS attack. This makes the endpoints unable certificate management using IoTSSP (Internet of Things
to communicate with each other. Every wireless access Security Support Provider). Access control and authentication
point is vulnerable to this attack [17]. techniques can be used to secure the middleware layer [26].
Countermeasures: Defence against SDR-based attack can For application layer, machine learning model can be deployed
be achieved by following some techniques such as using large to learn and monitor the traffic patterns and give alerts in case
frequency spectrum to switch frequency, securing the signal of any unusual traffic. Afek et al. [27] proposed use of Double
using encryption protocols such as RSA encryption. Implement Heavy Hitters (DHHs) and Triple Heavy Hitters (THHs)
AES for standard communication or authentication protocols. algorithms, which helps in solving DoS attacks via string hits.
Avoid using same command frequently instead use rolling
E. Side Channel Attack
technique [18].
Almost all IoT devices emit signals (side channel
D. DDoS Attack emissions) that provides information about their internal
A distributed denial-of-service attack is an attack in which processes. By monitoring these signals, intruder can extract
multiple compromised systems are used to flood servers, online information about encryption keys to perform side channel
systems, or networks with traffic to exhaust resources and attack [28]. The concept of SCAs is such that data is always
bandwidth. As a result, systems become slow or unavailable to leaking, which intruders exploit either via power consumption
fulfil valid requests. In case of IoT DoS or DDoS attack is or electromagnetic emissions. Abrishamchi at el. [29]
initiated to compromise the device or make it botnet [7, 11]. To described main types of side channel attacks.
achieve this, attacker first exploit the vulnerabilities in the a) Timing Analysis Attacks:
device and launches the attack by installing malicious software A timing analysis involves analysing the associated
in their operating system. Target systems receive large volume timestamps assigned to each event. An adversary may
of requests from various IoT devices present in different use specialized attack strategies to get the information
location, which slows down the target or sometimes shut it about events such as packet transmission in a network.
down completely [19]. This attack is achieved by exploiting the difference in
Roohi et al. [20] categorised the DDoS attack in IoT domain time of execution for different branches in ecosystem
according to their impact on resource, availability of [30][31].
bandwidth, impact on infrastructure of the device and impact of
b) Power Analysis Attacks:
the bug that is exploited by the attacker.
In power analysis attacks, an adversary observes the
a) Resource Depletion Attack:
power consumption of the devices. To measure the
This attack directly impacts the resources (memory,
power consumption of the sensor node, attacker need to
CPU, and socket) that are deployed in an IoT
be in close proximity to that node. Power analysis are of
environment [20]. This attack can be achieved by either
two types, namely simple power analysis (SPA) and
exploiting network vulnerability, weaknesses in
differential power analysis (DPA). SPA is an approach
transport or application layer protocols, or by sending
of power consumption analysis of cryptographic
malformed packets such as Ping-of-Death attack.
operation, while in DPA analysis of power consumption
b) Bandwidth Depletion Attack: is done on both cryptographic and non-cryptographic
This attack is done to consume all the bandwidth of operations [32, 33].
IoT network. This can be achieved by amplifying or
broadcasting the malformed packets to increase the

IJERTV10IS070060 www.ijert.org 88
(This work is licensed under a Creative Commons Attribution 4.0 International License.)
Published by : International Journal of Engineering Research & Technology (IJERT)
http://www.ijert.org ISSN: 2278-0181
Vol. 10 Issue 07, July-2021

c) Fault Analysis Attacks: which comprises Supervisory Control and Data Acquisition
Fault analysis attack can be achieved when some fault (SCADA), Programmable Logic Controllers (PLCs), Remote
occurs in the cryptosystem and useful information gets Terminal Units (RTUs), Distributed Control Systems (DCSs)
leaked. These faults may occur naturally or manually and several dedicated systems that help in monitoring and
injected by an adversary in two ways. One is to use controlling the operations.
equipment such as laser pointer to flip some bits in
V. PROBLEMS OF OT
memory or by giving invalid inputs to program [34].
OT plays a vital role in several sectors of critical
Biham et al. [35] have discussed this attack in detail.
infrastructure, like healthcare, power plants and water utilities.
d) Traffic Analysis Attacks: Unfortunately, most OT systems run on old versions and
Traffic flow contains information about critical hardware, which makes them vulnerable to many exploits like
nodes, such as aggregator node in a sensor network. spying, phishing, ransomware attacks, etc. [9, 40]. Some of the
Aggregator nodes are the sensor nodes that are used to challenges to OT that makes it vulnerable to many threats and
relay transmission between nodes and base station. exposures:
Traffic analysis attacks are initiated by analysing these • Lack of antivirus protection
traffic flows (i.e., tracking data packets, recording • Lack of skilled professionals
transmission interval and counting packet number) to • Convergence with IT
gather topological information [36]. • Outdated systems
e) Acoustic Attacks: • Vulnerable communication protocols
An adversary may gain secret information by • Insecure connections
analysing the associated acoustic oscillations produced
by devices [37].
f) Electromagnetic Leakage Attacks:
Electromagnetic radiations are emitted by the devices
those are performing cryptographic operations such as
encryption and decryption. Attacker exploit leaked
radiations to perform electromagnetic analysis. This
analysis is further used for finding relations between Fig. 2. Components of OT
leaked radiation and ciphertext [38].
VI. IT/OT CONVERGENCE
g) Thermal Imaging Attacks:
IT/OT convergence can be referred as the integration of
Thermal imaging attack is similar to acoustic attack
information technology (IT) computing systems and
except that the emission which gets exploited is heat
operational technology (OT) monitoring systems. By
instead of sound.
converging IT and OT, not just only technologies but also
Countermeasures: Defence against side-channel attacks is teams and operations are combined [44]. Industrial Internet of
done in mainly two ways either by reducing the signals leaked
Things (IIoT) systems comprise of intelligent devices
by the systems or by segregating the connection between
interconnected sensors, control systems, network modules, and
sensitive data and leaked information. This can be achieved by
other devices to monitor, analyze, and control the physical
implementing more advanced cache allocation; add
devices. These systems differ from traditional industrial
unnecessary breaks, or random noise into the process, and by
control systems (ICS) by being connected extensively to other
using detection system which can identify modifications of the systems and people, increasing the diversity and scale of the
cryptographic operations [39].
systems [45].
It’s not possible to discuss every security threat and attacks
related to IoT in one paper, important one’s are discussed. Now
comes the operational technology. Security challenges and
mechanisms have been studied in various fields, but current
operational technology research has not comprehensively
investigated. The authors in [40] and [41] focuses on security
threats and attacks on industrial control system (ICS), which
comprise only a subset of network systems consisting OT
systems. The threats related to SCADA systems and ICS is
addressed in [42] and for better understanding, first start with
OT security. Initially, OT systems were not connected to the
internet, so there was no need for OT cyber security. Fig. 3. IT/OT Convergence
As IT OT network converged due to expansion of digital
innovation initiatives, businesses started addressing specific This convergence has improved the productivity, efficiency
issues and their solutions which lead to OT security. OT and performance of current operational processes and enabled
security involves practices and techniques that are used to the creation of new methods of operational data. But with the
monitor or control physical process, and systems; protect salient advantages, there are some disadvantages as well.
assets, people and their information [43]. Operational Systems originally designed to be isolated are now exposed to
technology consists of Industrial Control Systems (ICSs), attack. Successful attacks on the IIoT system are likely to be

IJERTV10IS070060 www.ijert.org 89
(This work is licensed under a Creative Commons Attribution 4.0 International License.)
Published by : International Journal of Engineering Research & Technology (IJERT)
http://www.ijert.org ISSN: 2278-0181
Vol. 10 Issue 07, July-2021

as serious as the worst industrial hazards ever such as the replication servers, Microsoft domain controllers, and proxy
Chernobyl disaster. These accidents will affect the human life servers.
in various forms, also impact the environment causing serious
C. Manufacturing Zone (OT)
issues to the plants, atmospheric layers, etc. There is also
This zone consists of all the networks, devices, control and
technical damage such as exposing sensitive data during an
monitoring systems. The manufacturing zone is divided into
attack, disrupting operations and destroying the system. The
four levels:
effects of attacks on IIoT systems are widespread and
Level 3 – Site Operations: This level includes production
sometimes it can be compared to major natural disasters and it
systems, control functions, and plant monitoring. At this layer
come from malicious intent. Properties of various components
production data is collected from lower levels which can be
and their nature results in key characteristics of an IIOT
send to higher level systems.
system: security, safety, reliability, privacy and resilience [46].
Level 2 – Area Supervisory Control: In this level, supervising,
VII. THE PURDUE MODEL monitoring, and controlling the specific parts of the system is
The Purdue model is derived from the Purdue Enterprise carried out with the help of HMI systems. This level usually
Reference Architecture (PERA) model by ISA-99, and used as includes HMIs and supervisory control systems.
a concept model to represent internal network segmentations. Level 1 – Basic Control: Physical processes can be analyzed
The Purdue model consists of three zones namely, enterprise and controlled at this level. This level includes basic control
zone (IT), industrial zone (OT), and demilitarized zone (DMZ) operations like, move actuators, open valve, start motor, etc.
[47, 48]. Level 0 – Physical Process: In this level, actual physical
process is carried out and product is made. This level includes
A. Enterprise Zone (IT) devices and sensors that directly interact and control the
This is IT network zone, where primary business tasks such manufacturing operations.
as supply chain management and scheduling are performed by The ICS-CERT alert contains information related to the
using Enterprise Resource Planning (ERP) and System vulnerability of Industrial Control System reported to them.
Application and Products (SAP) systems. Enterprise zone can Common Security Vulnerabilities in Industrial Control
further be divided into two levels: Systems Reported to ICS-CERT in 2009 and 2010 [39]:
Level 5 – Enterprise Network: This is a network where • Improper Input Validation
corporate level business operations are performed. It uses • Improper Authentication
collected data gathered from subordinate systems to report
• Credential Management
the inventory and production status.
• Permissions, Privilege, and Access Controls
Level 4 – Business Planning and Logistics Systems: This
level involves all the IT systems that support the • Cryptographic Issues
production process at the plant. Systems at level 4 usually • ICS Security Configuration and Maintenance
include file servers, database servers, application servers, VIII. MOST ATTACKS THAT ARE DONE FOR GAINING ACCESS
email clients, etc. TO IOT DEVICES CAN BE DONE TO OT SYSTEMS AS WELL.
MAJOR SECURITY ATTACK FACED BY OT SYSTEMS ARE
DISCUSSED BELOW:

A. HMI-Based Atttacks
HMI system is core hub, by exploiting this, an adversary
can cause physical damage to the SCADA systems. Sayegh et
al. [49] showed different types of attacks that can be done to
compromise the SCADA systems by exploiting vulnerabilities
in HMI system.
Replay attack was carried out by exploiting the Screen
Data Protection Function which is used for password-based
authentication to gain permission to program the HMI. Zero-
Length Fragmentation Attack was performed by sending IP
packets whose length are equal to zero. These type of attacks
crashes the HMI systems.
DoS attack on HMI systems can be performed by
Fig. 4. The Purdue Model exploiting certain functions such as HMI touch screen can be
B. Industrial Demilitarized Zone (IDMZ) made unresponsive by flooding large number of random IP
This zone lies between the enterprise zone and packets or SYN packets. HTTP port can be attacked by sending
manufacturing zone which is used as a barrier to restrict direct large number of HTTP requests.
communication between IT and OT systems. This zone helps Countermeasures: To protect HMI systems, there are
in inspecting and separating the overall architecture. By number of technologies which needs to be implemented.
preventing the direct communication between IT and OT, it Firewalls and Intrusion Detection Systems should be
helps in securing the system by shutting down the IDMZ in configured to monitor and isolate the suspicious events on the
case anything malicious happens that can compromise the network. Security Information and Event Management (SIEM)
system in the IDMZ. IDMZ systems typically include database technology can be used for reviewing security logs from

IJERTV10IS070060 www.ijert.org 90
(This work is licensed under a Creative Commons Attribution 4.0 International License.)
Published by : International Journal of Engineering Research & Technology (IJERT)
http://www.ijert.org ISSN: 2278-0181
Vol. 10 Issue 07, July-2021

firewalls, intrusion detection systems and other devices. Use

of Demilitarized Zones (DMZs) and Virtual Lans helps in
securing the network by separating into different smaller
subnetworks [50].
B. Hacking Modbus Slaves
Modbus is one the communication protocols for ICS.
Modbus communication happens between one Master (i.e.,
HMI system or Operational PC) and several Slaves (i.e.,
Programmable Logic Controllers). Modbus Master and Slaves
communicate in plaintext and there is no authentication at all
[51]. Attacker can leverage this vulnerability to access Slave’s
Fig. 7. Writing coils of Modbus Slave Registers
register and coils by sending similar query packets to Modbus
slave [52]. Metasploit Framework can be used to achieve this
Possible Mitigation Techniques: To reduce the attack
goal. Below are the steps to perform this attack:
surface, restrict the read and write access to Modbus registers
• First scan and find all Modbus Slaves connected to
and coils not required for control implementations. PLC
LAN or Modbus gateway of the target network. Set
program vulnerabilities should be analysed and removed for
“RHOST” to the target IP address.
extra security.
C. Command Injection Attacks
This attack can be performed by an adversary by injecting
false command sequence into the system which compromises
the security of the control systems. Morris et al. [53] discussed
about how an adversary can perform command injection
attacks to overwrite C code, ladder logic, and register settings
of remote terminal devices that are present at remote locations
to control the physical processes. Malicious command
injection attack is one of the worst attacks that can happen to
an industrial control system. Upon successful attack, an
adversary can interrupt device communications, manipulate
interrupt controls, and perform intended modifications to the
device.
Fig. 5. Scanning Modbus Slaves Further, command injection attacks were grouped into
• Use “modbusclient” attack module to read or write three categories, namely Malicious State Command Injection
registers and coils on target Modbus Slave. (MSCI) attacks, Malicious Parameter Command Injection
(MPCI) and, Malicious Function Code Injection (MFCI).
Countermeasures: To mitigate the risk of command
injection attack, the best practise that can be done is input
validation. Usage of secure function while developing any
program for ICS can prevent this attack to happen. Rasapour
et al. [54] proposed a framework based on Intrusion Detection
System to detect command injection attacks on Industrial
Control Systems.
IX. ACKNOWLEDGEMENT
This work was supported by my research guide, Ankita
Agarwal, Assistant Professor, CSE, BBDITM. I am thankful
to the guide and faculties of my college who helped us in this
research.
X. CONCLUSION
This paper has discussed the security challenges and attacks
faced by Internet of Things (IoT) and Operational Technology
Fig. 6. Reading Modbus Slave Registers (OT) systems. During analysis of different attacks, steps to
reproduce different attacks was proposed, as to provide clear
• To write multiple coil values, change “ACTION” understanding of the vulnerabilities and attacks. In addition,
option to “WRITECOILS" the paper proposes different countermeasures to mitigate that
risk and some theoretical models that governs the operations
of these systems.
The study that has been carried out during this research aims
to provide new knowledge of security attacks and their

IJERTV10IS070060 www.ijert.org 91
(This work is licensed under a Creative Commons Attribution 4.0 International License.)
Published by : International Journal of Engineering Research & Technology (IJERT)
http://www.ijert.org ISSN: 2278-0181
Vol. 10 Issue 07, July-2021

mitigation techniques in OT and IoT systems. They are derived Machinery, New York, NY, USA, 2011, pp. 563–564.
doi:10.1145/2030112.2030214.
from generalization of the results of previous studies and some
[18] K. Li, X. Yu, H. Zhang, L. Wu, X. Du, P. Ratazzi, M. Guizani, Security
are proposed after analysing the current trends among security mech- anisms to defend against new attacks on software-defined radio,
communities. in: 2018 Inter- national Conference on Computing, Networking and
Communications (ICNC), 2018, pp. 537–541.
XI. REFERENCES doi:10.1109/ICCNC.2018.8390381.
[1] S. M. P. Keyur KPatel, Internet of things-iot: Definition, characteristics, [19] J. H. P. Mikail Mohammed Salim, Shailendra Rathore, Distributed
archi- tecture, enabling technologies, application and future challenges, denial of ser- vice attacks and its defenses in iot: a survey, in: The Journal
International Journal of Engineering Science and Computing 6 (2016) of Supercomputing, Vol. 76, Springer International Publishing, 2020, pp.
6122–6125. 5320–5363.
[2] M. H. Miraz, M. Ali, P. S. Excell, R. Picking, A review on internet of [20] A. Roohi, M. Adeel, M. A. Shah, Ddos in iot: A roadmap towards
things (iot), internet of everything (ioe) and internet of nano things (iont), security coun- termeasures, in: 2019 25th International Conference on
in: 2015 Internet Technologies and Applications (ITA), 2015, pp. 219– Automation and Com- puting (ICAC), 2019, pp. 1–6.
224. doi:10.1109/ITechA.2015.7317398. doi:10.23919/IConAC.2019.8895034.
[3] What is operational technology, {https:// [21] M. M. Hossain, M. Fotouhi, R. Hasan, Towards an analysis of security
www.fortinet.com/solutions/industries/ scada-industrial-control- issues, challenges, and open problems in the internet of things, in: 2015
systems/ what-is-ot-security}. IEEE World Congress on Services, 2015, pp. 21–28.
[4] A.Hahn,OperationalTechnologyandInformationTechnologyinIndustrial doi:10.1109/SERVICES.2015.12.
Con- trol Systems, Springer International Publishing, Cham, 2016, Ch. [22] P. Porambage, C. Schmitt, P. Kumar, A. Gurtov, M. Ylianttila, Pauthkey:
4, pp. 51–68. doi:10.1007/978-3-319-32125-7 4. A per- vasive authentication protocol and key establishment scheme for
[5] A. RADOVICI, C. RUSU, R. S ̧ERBAN, A survey of iot security threats wireless sensor networks in distributed iot applications, International
and so- lutions, in: 2018 17th RoEduNet Conference: Networking in Journal of Distributed Sen- sor Networks 10 (7) (2014) 357430.
Education and Re- search (RoEduNet), 2018, pp. 1–5. arXiv:https://doi.org/10.1155/2014/357430, doi:10.1155/2014/357430.
doi:10.1109/ROEDUNET.2018.8514146. [23] S. Al Salami, J. Baek, K. Salah, E. Damiani, Lightweight encryption for
[6] I. Cvitic ́, M. Vujic ́, S. Husnjak, Classification of security risks in the iot smart home, in: 2016 11th International Conference on Availability,
envi- ronment, in: 26TH DAAAM INTERNATIONAL SYMPOSIUM Reliability and Security (ARES), 2016, pp. 382–388.
ON INTEL- LIGENT MANUFACTURING AND AUTOMATION, doi:10.1109/ARES.2016.40.
2015, pp. 0731–0740. doi:10.2507/26th.daaam.proceedings.102. [24] L.Hu,H.Wen,B.Wu,F.Pan,R.F.Liao,H.Song,J.Tang,X.Wang,Cooperativ
[7] A. Mpitziopoulos, D. Gavalas, C. Konstantopoulos, G. Pantziou, A e jamming for physical layer security enhancement in internet of things,
survey on jamming attacks and countermeasures in wsns, IEEE IEEE In- ternet of Things Journal 5 (1) (2018) 219–228.
Communications Surveys Tutorials 11 (4) (2009) 42–56. doi:10.1109/JIOT.2017.2778185.
doi:10.1109/SURV.2009.090404. [25] G. Lessa dos Santos, V. T. Guimara ẽ s, G. da Cunha Rodrigues, L. Z.
[8] M. Kuzlu, C. Fair, O ̈. Gu ̈ler, Role of artificial intelligence in the internet Granville, L. M. R. Tarouco, A dtls-based security architecture for the
of things (iot) cybersecurity, Discover Internet of Things, Springer 1 (02 internet of things, in: 2015 IEEE Symposium on Computers and
2021). doi:10.1007/s43926-020-00001-4. Communication (ISCC), 2015, pp. 809–815.
[9] J. Gubbi, R. Buyya, S. Marusic, M. Palaniswami, Internet of things (iot): doi:10.1109/ISCC.2015.7405613.
A vi- sion, architectural elements, and future directions, Future [26] J.-L. Tsai, N.-W. Lo, A privacy-aware authentication scheme for
Generation Computer Systems 29 (07 2012). distributed mo- bile cloud computing services, IEEE Systems Journal 9
doi:10.1016/j.future.2013.01.010. (3) (2015) 805–815. doi:10.1109/JSYST.2014.2322973.
[10] L. Farhan, S. T. Shukur, A. E. Alissa, M. Alrweg, U. Raza, R. Kharel, A [27] Y. Afek, A. Bremler-Barr, S. L. Feibish, Zero-day signature extraction
survey on the challenges and opportunities of the internet of things (iot), for high- volume attacks, IEEE/ACM Transactions on Networking 27
in: 11th International Conference on Sensing Technology, ICST 2017, (2) (2019) 691–706. doi:10.1109/TNET.2019.2899124.
Institute of Electrical and Electronics Engineers (IEEE), United States, [28] A. A. Pammu, K.-S. Chong, W.-G. Ho, B.-H. Gwee, Interceptive side
2017, pp. 1–5. doi:10.1109/ICSensT.2017.8304465. channel attack on aes-128 wireless communications for iot applications,
[11] Y. Yang, L. Wu, G. Yin, L. Li, H. Zhao, A survey on security and privacy in: 2016 IEEE Asia Pacific Conference on Circuits and Systems
is- sues in internet-of-things, IEEE Internet of Things Journal 4 (2017) (APCCAS), 2016, pp. 650–653. doi:10.1109/APCCAS.2016.7804081.
1250–1258. doi:10.1109/JIOT.2017.2694844. [29] M. A. N. Abrishamchi, A. H. Abdullah, A. David Cheok, K. S.
[12] O. Stan, R. Bitton, M. Ezrets, M. Dadon, M. Inokuchi, O. Yoshinobu, Y. Bielawski, Side channel attacks on smart home systems: A short
Tomo- hiko, Y. Elovici, A. Shabtai, Extending attack graphs to represent overview, in: IECON 2017 - 43rd Annual Conference of the IEEE
cyber-attacks in communication protocols and modern it networks, IEEE Industrial Electronics Society, 2017, pp. 8144–8149.
Transactions on De- pendable and Secure Computing (2020) 1– doi:10.1109/IECON.2017.8217429.
1doi:10.1109/TDSC.2020.3041999. [30] H. H. YF Alias, Mohd Anuar Mat Isa, Timing attack: An analysis of
[13] M.Almiani,A.Razaque,L.Yimu,M.J.khan,T.Minjie,M.Alweshah,S.Atie prelimi- nary data, Journal of Telecommunication, Electronic and
wi, Bluetooth application-layer packet-filtering for blueborne attack Computer Engineering (JTEC) 9 (2017) 29–32.
defending, in: 2019 Fourth International Conference on Fog and Mobile [31] K. Pongaliur, Z. Abraham, A. X. Liu, L. Xiao, L. Kempel, Securing
Edge Computing (FMEC), 2019, pp. 142–148. sensor nodes against side channel attacks, in: 2008 11th IEEE High
doi:10.1109/FMEC.2019.8795354. Assurance Systems Engi- neering Symposium, 2008, pp. 353–361.
[14] A. Mpitziopoulos, D. Gavalas, C. Konstantopoulos, G. Pantziou, A doi:10.1109/HASE.2008.26.
survey on jamming attacks and countermeasures in wsns, [32] P. Kocher, J. Jaffe, B. Jun, Differential power analysis, in: Advances in
Communications Surveys & Tu- torials, IEEE 11 (2009) 42–56. Cryptology — CRYPTO’ 99, Springer Berlin Heidelberg, 1999, pp.
doi:10.1109/SURV.2009.090404. 388–397. doi:10.1007/3-540-48405-1 25.
[15] B. Danev, H. Luecken, S. Capkun, K. El Defrawy, Attacks on physical- [33] E. Prouff, M. Rivain, R. Bevan, Statistical analysis of second order
layer identification, in: Proceedings of the Third ACM Conference on differen- tial power analysis, IEEE Transactions on Computers 58 (6)
Wireless Net- work Security, WiSec ’10, Association for Computing (2009) 799–811. doi:10.1109/TC.2009.15.
Machinery, New York, NY, USA, 2010, pp. 89–98. [34] S. Skorobogatov, R. Anderson, Optical fault induction attacks, in:
doi:10.1145/1741866.1741882. Lecture Notes in Computer Science, Vol. 2523, 2002, pp. 2–12.
[16] P. D. Hung, B. T. Vinh, Vulnerabilities in iot devices with software- doi:10.1007/3-540-36400-5 2.
defined radio, in: 2019 IEEE 4th International Conference on Computer [35] E. Biham, A. Shamir, Differential fault analysis of secret key
and Communication Systems (ICCCS), 2019, pp. 664–668. cryptosystems, in: Advances in Cryptology — CRYPTO ’97, Springer
doi:10.1109/CCOMS.2019.8821711. Berlin Heidelberg, Berlin, Heidelberg, 1997, pp. 513–525.
[17] Y. Sun, X. Wang, X. Zhou, Jamming attack in wsn: A spatial doi:10.1007/BFb0052259.
perspective, in: Proceedings of the 13th International Conference on [36] I. Hafeez, M. Antikainen, S. Tarkoma, Protecting iot-environments
Ubiquitous Computing, Ubi- Comp ’11, Association for Computing against traffic analysis attacks with traffic morphing, in: 2019 IEEE
International Conference on Pervasive Computing and Communications

IJERTV10IS070060 www.ijert.org 92
(This work is licensed under a Creative Commons Attribution 4.0 International License.)
Published by : International Journal of Engineering Research & Technology (IJERT)
http://www.ijert.org ISSN: 2278-0181
Vol. 10 Issue 07, July-2021

Workshops (PerCom Workshops), 2019, pp. 196–201. [46] R. Martin, S. Schrecker, H. Soroush, J. Molina, J. LeBlanc, F. Hirsch,
doi:10.1109/PERCOMW.2019.8730787. M. Buch- heit, A. Ginter, H. Banavara, S. Eswarahally, K. Raman, A.
[37] S. V. GM Deepa, G SriTeja, An overview of acoustic side-channel King, Q. Zhang, P. MacKay, B. Witten, Industrial internet security
attack, In- ternational Journal of Computer Science & Communication framework technical report, Industrial Internet Consortium (09 2016).
Networks 3 (2013) 15. doi:10.13140/RG.2.2.28143.23201.
[38] J. Longo, E. De Mulder, D. Page, M. Tunstall, Soc it to em: [47] T. J. Williams, H. Li, PERA and GERAM—enterprise reference
Electromagnetic side-channel attacks on a complex system-on-chip, in: architectures in enterprise integration, Springer US, 1999, pp. 3–30.
Cryptographic Hardware and Embedded Systems – CHES 2015, doi:10.1007/978-0-387- 35385-2 1.
Springer Berlin Heidelberg, 2015, pp. 620–640. doi:10.1007/978-3-662- [48] P. Ackerman, Industrial Cybersecurity, Packt, 2017.
48324-4 31. [49] N. Sayegh, A. Chehab, I. H. Elhajj, A. Kayssi, Internal security at- tacks
[39] K. Mai, Side Channel Attacks and Countermeasures, Springer New on scada systems, in: 2013 Third International Conference on
York, 2012, Ch. 8, pp. 175–194. doi:10.1007/978-1-4419-8080-9 8. Communications and Information Technology (ICCIT), 2013, pp. 22–
[40] M. Marali, S. D. Sudarsan, A. Gogioneni, Cyber security threats in 27. doi:10.1109/ICCITechnology.2013.6579516.
indus- trial control systems and protection, in: 2019 International [50] K. Stouffer, J. Falco, K. Scarfone, Guide to industrial control systems
Conference on Ad- vances in Computing and Communication (ics) security, in: NIST Special Publication 800-82 Revision 2, 2015, pp.
Engineering (ICACCE), 2019, pp. 1–7. 0–247. doi:10.6028/NIST.SP.800-82r2.
doi:10.1109/ICACCE46606.2019.9079981. [51] E. I. Evangelia, Vulnerabilities of the modbus protocol, https:
[41] S. Abe, M. Fujimoto, S. Horata, Y. Uchida, T. Mitsunaga, Security //dione.lib.unipi.gr/xmlui/bitstream/handle/unipi/
threats of internet-reachable ics, in: 2016 55th Annual Conference of the 11394/Evangeliou_1508.pdf?sequence=1&isAllowed=y (Febru- ary
Society of Instrument and Control Engineers of Japan (SICE), 2016, pp. 2018).
750–755. doi:10.1109/SICE.2016.7749239. [52] M. Hoffman, Vulnerabilities on the wire: Mitigation for insecure ics
[42] R. Piggin, Industrial systems: cyber-security’s new battlefront device communication, https://www.sans.org/reading-room/
[information tech- nology operational technology], Engineering whitepapers/ICS/paper/39425 (February 2020).
Technology 9 (8) (2014) 70–74. doi:10.1049/et.2014.0810. [53] T. Morris, W. Gao, Industrial control system cyber attacks, in: ICS-CSR,
[43] Operational technology security – focus on securing industrial control 2013. doi:10.14236/ewic/ICSCSR2013.3.
and au- tomation systems [online]. [54] F. Rasapour, E. Serra, H. Mehrpouyan, Framework for detecting control
[44] CISCO, It/ot convergence white paper, https://www.cisco.com/ com- mand injection attacks on industrial control systems (ics), in: 2019
c/dam/en_us/solutions/industries/manufacturing/ ITOT-convergence- Seventh In- ternational Symposium on Computing and Networking
whitepaper.pdf (2018). (CANDAR), 2019, pp. 211–217. doi:10.1109/CANDAR.2019.00035
[45] C. V. Glenn Murray, Michael N. Johnstone, The covergence of it and ot
in critical infrastructure, https://doi.org/10.4225/75/5a84f7b595b4e (De-
cember 2017).

IJERTV10IS070060 www.ijert.org 93
(This work is licensed under a Creative Commons Attribution 4.0 International License.)