Security Concerns in the Internet of Things

Algonquin College

ENL1813T – 326

Prof. Nadzeya Rahavaya

November 7, 2023

1
 Table of Contents

Table of Contents .......................................................................................................2

List of Figures.............................................................................................................3
List of Tables ..............................................................................................................3
1. Introduction ............................................................................................................4
2. Background ............................................................................................................4
2.1 Architecture of IoT.............................................................................................4
3. IoT Security Concerns ............................................................................................6
3.1 Security Requirements ......................................................................................6
3.2 Security Challenges ..........................................................................................7
4. Solutions ................................................................................................................7
5. Conclusion .............................................................................................................8
References.................................................................................................................9

2
 List of Figures

Figure 1. Three-layer IoT architecture ........................................................................5

Figure 2. IoT Applications ...........................................................................................5
Figure 1. Five-layer IoT architecture ..........................................................................6

List of Tables

Table 1. Main security challenges ..............................................................................7

3
1. Introduction
The ubiquitous Internet of Things (IoT) connects both our physical and cyber worlds,
and any security failures may lead to information leaks, economic loss, or even loss of
life. This report introduces fundamental security requirements and challenges related
to the Internet of Things, and also offers a concise overview of existing solutions to
these security issues, including traditional key-based encryption mechanisms, as well
as emerging technologies such as Software Defined Network (SDN) and Blockchain.
This report does not delve into the intricacies of IoT architectures and technologies;
instead, it highlights security concerns about IoT and aims to draw the public’s attention
to these issues as part of their daily lives as IoT users. In the end of this report,
recommendations are provided, and a conclusion is reached.

2. Background
Today, the Internet connects people from all corners of the world, and beyond that,
it also facilitates the connection of “things”, giving rise to the concept of the “Internet of
Things” (IoT). The idea behind the “Internet of Things” is to give physical devices,
ranging from small items like light bulbs and home appliances to large ones like
vehicles and manufacturing machines, the ability to connect to the Internet and
“communicate” automatically with one another, without any human intervention.
In the fundamental scenario, the infrastructure components of an IoT framework
primarily includes devices which are equipped with embedded sensors and actuators,
along with the Internet and a central server [1]. The sensors collect data from the
physical environment, such as the temperature and humidity levels within your home.
Subsequently, the collected data is transmitted via the Internet to a remote server for
processing and storage. Once the processed data is returned from the server,
actuators can initiate various actions, like activating the air conditioner or humidifier.
These actions have a direct impact on the physical world, and occur without any human
notice.
2.1 Architecture of IoT
As illustrated in Figure1, the most common IoT architecture features a three-layer
structure, consisting of a perception layer, a network layer and an application layer.

4
 i. The perception layer, also referred to as
the physical layer, encompasses
sensor nodes and sensor gateways.
Sensor nodes are responsible for
collecting data from the environment,
while sensor gateways are used to
connect distributed nodes to the local
wireless network. Additionally, RFID
technologies are often utilized in this
layer to identify various objects [2].
ii. The network layer defines
communication protocols, such as
Bluetooth and Wi-Fi, enabling IoT
devices to communicate with other IoT
things, network devices and servers.
Data collected from the perception layer
is processed and transmitted to the
application layer, and vice versa [3].
iii. The application layer resides at the top
Figure 1. Three-layer IoT architecture [1]
of the stack and offers a range of
services directly to the users through various applications. Common applications
within this layer, as depicted in Figure 2,
encompass smart homes, smart grids, smart
cities, transport, healthcare, manufacturing,
and more [4].
It is worth noting that there is not a
standardized architecture model for IoT
systems, and different researchers may
introduce additional layers to provide a more
detailed representation of IoT systems. For
instance, as shown in Figure 3, some

Figure 2. IoT Applications

5
researchers include a business layer and a middleware layer for a more
comprehensive depiction of IoT systems.

Figure 3. Five-layer IoT architecture [3]

3. IoT Security Concerns

As depicted in Figure 2, IoT plays a role in various aspects of our lives. With its
capacity to capture data from the natural environment and even from human beings,
IoT has drawn significant attention to data security, particularly concerning data
confidentiality, integrity and privacy. The situation becomes even more concerning
when you consider IoT’s ability to influence the physical world. For instance, if a hacker
gains access to an IoT device, which could be a piece of healthcare equipment, a
public vehicle or the fire alarm in your home, and takes control of it, it could result in
loss of life.
3.1 Security Requirements
In [4], [5], researchers have identified several security requirements that are
common across a range of applications:
• Confidentiality: It guarantees that information and data remain private and
protected from unauthorized access, and incomprehensible to unauthorized
individuals, entities, and processes.
• Integrity: It guarantees that data remains unmodified by a third party, whether
accidentally or intentionally.
• Privacy: It ensures that users’ identities remain anonymous and untraceable
based on their actions and behaviours within the system.
• Authentication: It confirms the authenticity of the data source against the
claimed identity.
• Non-repudiation: This guarantees that the message sender cannot later deny
sending the message.
• Availability: This ensures that the system's services remain accessible to
legitimate users.
It is important to acknowledge that the same security requirements may require
different level of attention in different application scenarios. For instance, in the context
6
of transportation system, drivers should not have the ability to deny their behaviours
after an accident. Patient information, on the other hand, demands a high level of
privacy protection, while the availability of the service provided by smart cities is a
critical concern.
3.2 Security Challenges
In [6], researchers provide insight into the factors that make meeting these security
requirements within IoT systems more challenging, especially when compared to
conventional Internet technologies.
• Heterogeneity: IoT consists of a wide range of devices, including sensors,
actuators, gateways, and more. These devices often employ varying data
processing algorithms, communication protocols and security standards.
• Resource Constraint: Most IoT devices are equipped with chips that have
limited computing power and memory. As a result, the use of the traditional
key-based encryption mechanisms, which require significant computational
resources, becomes impractical in the context of IoT. Instead, lightweight
encryption technology, including lightweight cryptographic algorithm, should be
introduced to IoT things.
• Scalability: The challenge of managing and servicing the ever-increasing
number of IoT devices, which can reach into the millions, is a significant one.
• Mobility: Both vehicles equipped with sensors and human beings wearing IoT
devices may be mobile.
• And so forth.
As discussed in [4]-[6], taking into account the security requirements and challenges
associated with the primary IoT applications presented above, Table 1 summarizes
these challenges by highlighting the key aspects specific to each IoT application.
Table 1. Main security challenges

4. Solutions
Most of the IoT security solutions rely on cryptographic algorithms that operate within
centralized environments, where central trusted authorities manage the encryption
keys to ensure the proper functioning and security of the system. Nevertheless, in
most cases, these solutions prove to be ineffective or unsuitable for IoT devices facing
significant resource limitations due to their reliance on storage and computation-
intensive algorithms. Their performance degrades even more significantly at a large
scale; the publishing, management, and storage of keys can place a substantial burden

7
on the central server. With the emerging of new technologies, more secure, scalable
and reliable solutions are introduced to IoT. Here are two new-technology-based
solutions that are mentioned frequently [4], [5].
• Software Defined Networking (SDN) is a new network paradigm that
separates the network control plane from the data plane, offering greater
flexibility in network solutions for IoT. The use of a centralized SDN controller
to manage the system makes it an obvious target for attacks. Furthermore, the
scalability challenge persists in SDN-based solutions due to their centralized
architecture.
• Blockchain serves as the foundational technology for cryptocurrency tools like
Bitcoin, featuring a secure distributed database and transactions conducted in
a decentralized, peer-to-peer manner, eliminating the need for a central trusted
server. This decentralization enhances IoT security. However, the considerable
computational requirements and time latency present substantial hurdles in
Blockchain-based solutions.

5. Conclusion
In this report, we offer a brief overview of the concept of Internet of Things, its general
infrastructure, and architecture. Given the wide range of applications provided by IoT
today, we delve into the essential security requirements and challenges encountered
in most IoT systems. Towards the end, we introduce classical cryptographic solutions
and highlight their substantial demand for computational resources. Additionally, we
explore solutions built on emerging technologies like SDN and Blockchain. However,
persistent challenges such as scalability and resource limitations remain unsolved in
these new technologies.
In light of these less-than-ideal outcomes, it's crucial to strike a balance between
security and convenience. Both academia and industry should consider introducing
more lightweight algorithms and flexible protocols. Government enforcement of laws
pertaining to IoT security in the market is also a necessary step.

8
References
[1] P. Sethi and S. R. Sarangi, “Internet of Things: architectures, protocols, and
applications,” Journal of Electrical and Computer Engineering, vol. 2017, pp. 1–
25, Jan. 2017, doi: 10.1155/2017/9324035. Available:
https://doi.org/10.1155/2017/9324035
[2] F. A. Alaba, M. Othman, M. Hashem, and F. Alotaibi, “Internet of Things security:
A survey,” Journal of Network and Computer Applications, vol. 88, pp. 10–28,
Jun. 2017, doi: 10.1016/j.jnca.2017.04.002. Available:
https://doi.org/10.1016/j.jnca.2017.04.002
[3] I. Mashal, O. Alsaryrah, T.-Y. Chung, C. Yang, W.-H. Kuo, and D. P. Agrawal,
“Choices for interaction with things on Internet and underlying issues,” Ad Hoc
Networks, vol. 28, pp. 68–90, May 2015, doi: 10.1016/j.adhoc.2014.12.006.
Available: https://doi.org/10.1016/j.adhoc.2014.12.006
[4] D. E. Kouicem, A. Bouabdallah, and H. Lakhlef, “Internet of things security: A
top-down survey,” Computer Networks, vol. 141, pp. 199–221, Aug. 2018, doi:
10.1016/j.comnet.2018.03.012. Available:
https://doi.org/10.1016/j.comnet.2018.03.012
[5] J. Hou, L. Qu, and W. Shi, “A survey on internet of things security from data
perspectives,” Computer Networks, vol. 148, pp. 295–306, Jan. 2019, doi:
10.1016/j.comnet.2018.11.026. Available:
https://doi.org/10.1016/j.comnet.2018.11.026
[6] İ. Bütün, P. Österberg, and H. Song, “Security of the Internet of Things:
vulnerabilities, attacks, and countermeasures,” IEEE Communications Surveys
and Tutorials, vol. 22, no. 1, pp. 616–644, Jan. 2020, doi:
10.1109/comst.2019.2953364. Available:
https://doi.org/10.1109/comst.2019.2953364