See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/316735737

Internet of Things :A Study on Security and Privacy Threats

Conference Paper · March 2017

DOI: 10.1109/Anti-Cybercrime.2017.7905270

CITATIONS READS

14 3,814

2 authors:

Husamuddin Mohammed M. Qayyum

University of Adelaide King Khalid University
22 PUBLICATIONS   27 CITATIONS    16 PUBLICATIONS   36 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

MANET-IoT View project

All content following this page was uploaded by M. Qayyum on 10 October 2018.

The user has requested enhancement of the downloaded file.

 Internet of Things :A Study on Security and Privacy
Threats

Md Husamuddin1 Mohammed Qayyum2

Dept. of Computer Science Dept of Computer Engineering
College of CS & IT, Al-Baha University College of Computer Science, King Khalid University
Al-Baha, Kingdom of Saudi Arabia Abha, Kingdom of Saudi Arabia
dr.husams@gmail.com mdqayyum.se@gmail.com

Abstract—Today, the world is influenced by new emerging The results of the monitoring are used to develop better ways
technologies. As a result we are surrounded by a number of to save our environment.
smart devices. These smart devices make our life easy and B. Infrastructure management
convenient. On the contrary, we are exposed to a number of One of the prominent applications is the process to monitor
threats and cyber attacks. There is always a threat to our and control the operations of infrastructure like roads,
privacy. In this paper, we discuss the different applications of bridges and railway tracks etc. The change in structural
IOT and the security threats involved. conditions can compromise safety and increases risk, hence
it can be monitored by IOT infrastructure management. The
Keywords—IOT, Sensors, RFID, WSN, Security, Privacy, quality of service can be improved.
Internet Introduction
C. Manufacturing
I. INTRODUCTION The real time optimization of manufacturing can be
achieved. The production and supply can be managed by
Internet of Things (IOT) is a prominent part of internet
using sensors and control systems. This also leads to rapid
future. IOT has a infrastructure of network that is global
manufacturing of new products.
where any object that is physically connected to internet has
an identity and can communicate with the other devices on
D. Home Automation
the internet. The devices like computers, cell phones, tabs,
The information about the gas, water and power can be sent
washing machines etc are a few to name. IOT is a huge
to their utility company by an automated system. This
network of interconnected ‘things’. The devices contain
process can enhance the efficiency of the resources. The
micro chip that interconnects all the devices. These micro
home automation process can manipulate the devices like
chips track the surroundings and report the same in the
washing machine, air conditioner, windows, doors, lighting
network as well as to the humans. The best part of IOT is
and refrigerator to attain optimization.
that each and every physical entity can be communicated and
is accessible through the internet. As a result of the low cost
E. Transportation
internet, huge number of devices is connected to the internet.
IOT technologies were first used in this sector. It uses the
The number of devices connected to the internet in 2008 was
integration of light sensors, GPS and GSM. The vehicle can
more than the humans on the earth. According to a research
act as an entity and communicate with each other as well as
company, there were 4.48 billion devices connected to the
road side infrastructure. The sensors in the vehicles can be
internet and the growth in 2016 is expected to be 30%. By
used to avoid collision, traffic management and to provide
2020 it is expected to reach 50 billion. These devices result
space for parking.
as a surface for attackers.
F. Medical and Health care system
II. APPLICATIONS OF IOT It is one of the promising areas of IOT technology. The
patient’s vital parameters can be transmitted by medical
Internet of Things covers almost every area of our lives. devices to a platform like secure cloud where it is stored and
Some of them are as follows:- analyzed. A special care can be provided to the aged and
chronic disease patients.
A. Environmental Monitoring
The environmental protection is done by using sensors and
by monitoring the atmospheric conditions like air and water
quality. The wildlife is also monitored to know their habitats.

978-1-5090-5814-3/17/$31.00 ©2017 IEEE

 III. COMMUNICATION MODELS OF IOT device and cloud service and operates on a local gateway
The operational perspective of IOT devices is important as device to provide security and data translation.
how these devices connect and communicate. The In most of the cases, the smart phone with an app to
communication models are categorized into four models as communicate with a device acts as a local gateway and
follows:- transmits data to a cloud service. The devices like Fitness
tracker are not capable of communicating directly with the
A. Device to Device Communication cloud service. Hence, they depend on smart phone apps to
In this model, two or more devices connect directly and a transmit the data to the cloud.
communication is established. No intermediary application
server is used. IOT devices are capable of communicating in
different types of networks. Usually these devices establish
connection using technologies like Bluetooth, Zigbee etc.

In device to device network, all the devices follow a protocol

to communicate and exchange messages. The applications
like home automation system exchange data over a low
bandwidth. IOT devices like door locks, light switches, light
bulbs often communicate on a low bandwidth in a home
automation system.

Fig.3. Device to Gateway Communication

D. Back-End Data sharing model

In this model, the communication architecture helps users to
export data and also analyze smart object data from various
sources including cloud service. The data is then uploaded to
different application service providers. The architecture also
Fig.1. Device to Device Communication
helps to collect the data and analyze it. An industrialist will
be interested in analyzing the energy consumption of the
B. Device to cloud Communication factory by collecting the data produced by the IOT sensors
In this model, an internet cloud service like application and the utility systems. The back-end data sharing allows us
service provider is used to communicate and exchange the to access the data and analyze it.
data. The connection is established between the device and
the IP network by using Wi-Fi or Ethernet. This type of
communication model is used by big organizations like
Samsung SmartTV. Here the Internet connection is used to
transmit user viewing data to Samsung for analysis. This
model gives value to the end user by enhancing the
capabilities of the device.

Fig.4. Back-End Data sharing model

IV. SECURITY REQUIREMENTS

The Technologies are growing rapidly and so are the
machines. This growth in the technology leads to threats and
Fig.2. Device to Cloud Communication privacy issues. The smart devices will communicate with
each other and exchange data in a network. If any device
gets corrupted then the whole infrastructure is at risk. For
C. Device to Gateway model
example, if a machine is hacked, the production can be at
In this model, an application layer gateway (ALG) service is
stake along with the crucial data involved. Some of the main
used to connect the IOT devices to the cloud service. Here
security concerns are:-
the application software acts as an intermediary between
A. Integrity of Data
The accuracy of the data transmitted between two nodes is
an important issue. Hence, the accuracy of the data should be
maintained. For example, in a manufacturing firm, if the
hacker gives instruction for the production to halt then it is a
very serious issue.
B. Confidentiality of Data
The data that is transmitted between two nodes should be
confidential. There should be no access to the data apart
from the sender and receiver. For example, if the
infrastructure data is hacked, then there can be destruction to
the roads and bridges, moreover the security can be on risk. Fig. 5. Node Replication
C. Authenticity of Data 3. Selective Forwarding
The process of authentication assures that the data received In WSN, the nodes forward received messages to the
is original and can be trusted. For example, in the medical destination. A malicious node selectively forwards
and health care system, the patient’s parameters are sent packets in this attack. Certain messages may be simply
across to different medical centers. If this data is dropped without forwarding them. The modification of
manipulated by a hacker and then received, the treatment of packets originating from few specific nodes is
the patient can be on risk. performed and the message is forwarded to the other
D. Availability of Data nodes. Thus, it is difficult to identify the attacker.
Availability of data to the users is always a major concern of
IoT. If the user is not able to access the data, then it is a big
issue. It should be rectified as soon as possible.

V. IOT TECHNOLOGIES AND SECURITY THREATS

A. Wireless Sensor Network

Wireless Sensor Networks (WSNs) contain several small
cells known as sensor nodes and computing elements known
as actuators. The main components of sensor nodes are
sensing, data processing and communication. Healthcare
system, habitat monitoring, military applications, logistics, Fig. 6. Selective Forwarding
environment observation and forecasting etc are some of the
applications of WSNs in IoT. WSNs are easily subject to 4. Wormhole Attack
attacks due to the transmission medium for broadcasting. It is a critical attack in which the packets is recorded at
WSNs major threats are: some location of network and replays it to different
location. This process can be carried out selectively.
1. Physical Attacks
All the objects should have sensor to achieve its full
capability. It is difficult to stop unauthorized physical
access. A hacker can change a node/sensor data, thus the
functioning of the whole sensor network can be on risk.

2. Node Replication
In this attack, an existing node id is copied to a network
with sensor. As a result of duplication of node packets
are mis-routed, false sensor readings are recorded or a
disconnection of network takes place. Thus, a sensor
network's performance is disrupted.
Fig.7. Wormhole Attack
5. Sybil Attack
Sybil attack takes place when a computer is hijacked
and the hacker claims multiple identities. In this attack,
an adversary can manage to be at more than one place at
one time. Here a single node presents multiple identities
in the network which leads to significant reduction of
effectiveness of fault tolerance.
 Fig.8. Sybil Attack Fig.10. Eavesdropping

6. Sinkhole Attack
In this attack, an intruder takes over a node inside the B. Radio Frequency Identification Technology:
network and attracts all the traffic from neighbor nodes.
Radio-frequency identification (RFID) consists of
This process is carried out by using the routing several RFID tags and one or more RFID readers. There
algorithm and attracting the other nodes. Thus, being
is a specified address on the tags and these are attached
part of the routing process, different attacks can take
to objects. This tag acts as a unique identifier for that
place including forwarding the packets selectively, object. RFID tags are used to keep a track of production,
changing the message or deleting the packets.
monitor patient's health parameters, monitor temperature
and humidity of food item, shopping, animal tracking,
access control etc. There are various attacks against
RFID technology. Some of the attacks are:
1. Physical Data Modification
The tags are obtained physically and the data is altered.
The fault induction or memory writing is used to
modify. Fault induction is a process of modifying data
when it is written or processed. Memory writing can be
performed by using special equipments like laser cutting
microscopes or small charged needle. These attacks lead
to inaccuracy of tags data. For example, a RFID tag
attached to a manufactured product gives wrong
information about the item. Moreover, the tag can be not
traceable.

2. Tag Cloning
Fig.9. Sinkhole Attack
The process of replacing the original tag with the new
7. Service Attack denial one and copying original tag identifier (id) to it. The
The services are made unavailable to legitimate users. tags and software are available in the market. Attacker
Here, the links of victim are destroyed with legitimate- can easily replace the original tag with the new one, if
like requests from attacker by flooding them. Hence, all no physical access protection is used for RFID tags.
the services are denied to the legitimate users.
3. Tag Swapping
8. Eavesdropping
In this attack, while the information is transmitted Tag swapping is achieved by replacing the tags of two
between the two nodes over the network, the intruder different products with each other. This kind of attack
listens to the information. Here, the information remains usually occurs in retail stores where a high priced tag is
the same but its privacy is compromised. This exchanged with a low price tag. The high priced product
information can be used by the intruders against the is purchased at lesser rate.
users.
4. Denial of Service Attack
If the information is requested by a RFID reader from a
tag, the identification id of the tag is received. Then it
compares it with the id stored in its database. The tag
 fails to sends its identity to the reader if the DOS attack [10] Gubbi, J., Buyya, R., Marusic, S., &Palaniswami, M. (2013). Internet
has occurred. The connection between the tag and the of Things (IoT): A vision, architectural elements, and future
reader will not be stable and the service will be directions. Future Generation Computer Systems, 29(7), 1645-1660.
[11] Hossain, M. M., Fotouhi, M., &Hasan, R. (2015). Towards an
interrupted.
Analysis of Security Issues, Challenges, and Open Problems in the
Internet of Things. 2015 IEEE World Congress on Services.
VI. CONCLUSION [12] Juels, A. (2006). RFID security and privacy: a research survey. IEEE
J. Select. Areas Commun,24(2), 381-394.
IoT has emerged as a significant technology. The data that [13] MacGillivray, Carrie, Worldwide Internet of Things Forecast Update,
is transmitted from sensors or RFID tags may carry sensitive 2015-2019, International Data Corporation (IDC), February 2016.
information which must be protected from unauthorized [14] Mahalle, P. N., Anggorojati, B., Prasad, N. R., & Prasad, R. (2013).
access. The IoT communication between two nodes is not Identity Authentication and Capability Based Access Control
secure and the physical security of IoT devices should not be (IACAC) for the Internet of Things. Journal of Cyber Security and
compromised. To achieve secure communication, IoT must Mobility, 1(4), 309-348.
include services such as encryption, end-to-end- [15] Maidamwar, P., &Chavhan, N. (2012). A Survey on Security Issues
environments, and access control for real-time and critical to Detect Wormhole Attack in Wireless Sensor
Network. IJANS, 2(4), 37-50.
infrastructure protection. It is challenging in cybercrime to
[16] Mattern, F., &Floerkemeier, C. (2010). From the Internet of
stay ahead of the attacker. In future, we can expect more
Computers to the Internet of Things. Lecture Notes in Computer
security for smart devices & the privacy criteria of IoT Science, 242-259.
communication will increase which will allow the users to [17] Sarni, W., Mariani, J.; Kaji, J.; From Dirt to Data, The second green
automate tasks conveniently using this technology. IoT with revolution and the Internet of Things. Deloitte Review, issue 18,
better privacy, data protection techniques and ethical 2016.
practices will surely win user’s trust and gain competitive [18] Sathish Kumar, J., & R. Patel, D. (2014). A Survey on Internet of
advantage in the connected world. Things: Security and Privacy Issues. International Journal of
Computer Applications, 90(11), 20-26.
[19] Singla, A., &Sachdeva, R. (2013). Review on Security Issues and
VII. REFERENCES Attacks in Wireless Sensor Networks. International Journal of
Advanced Research in Computer Science and Software
[1] Bahekmat, M., Yaghmaee, M. H., Yazdi, A. S., &Sadeghi, S. (2012). Engineering, 3(4), 529-534.
A Novel Algorithm for Detecting Sinkhole Attacks in [20] Sklavos, N., &Agarwal, V. (2008). RFID Security. From RFID to the
WSNs. IJCTE, 4(3), 418-421. Next-Generation Pervasive Networked Systems, 107-125.
[2] Balte, A., Kashid, A., &Patil, B. (2015). Security Issues in Internet of [21] Soni, V., Modi, P., &Chaudhari, V. (2013). Detecting Sinkhole
Things (IoT): A Survey.International Journal of Advanced Research Attack in Wireless Sensor Network. International Journal of
in Computer Science and Software Engineering, 5(4), 450-455. ISSN: Application or Innovation in Engineering & Management
2277 128X. (IJAIEM), 2(2), 29-32.
[3] Botta , A., de Donato, W., Persico, V. and Pescape, A., “ Integration [22] Sushma, Nandal, D., &Nandal, V. (2011). Security Threats in
of Cloud computing and Internet of things: A Survey”, Future Wireless Sensor Networks.IJCSMS International Journal of
Generation Computer Systems, Volume 56, March 2016, pp. 684- Computer Science & Management Studies, 1(11).
700. [23] Tsai, C., Lai, C., &Vasilakos, A. V. (2014). Future Internet of
[4] Chowdhury, M., Kader, M. F., &Asaduzzaman. (2013). Security Things: open issues and challenges. Wireless Netw, 20(8), 2201-
Issues in Wireless Sensor Networks: A Survey. International Journal 2217.
of Future Generation Communication and Networking, 6(5), 97-116. [24] U.Farooq, M., Waseem, M., Khairi, A., &Mazhar, S. (2015). A
[5] D. Ruiz (Ed) et.al., Modelling the trustworthiness of the IOT, Critical Analysis on the Security Concerns of Internet of Things
RERUM Deliverable D3.3, April 2016. (IoT). International Journal of Computer Applications, 111(7), 1-6.
[6] Dlodlo, N., Foko, T., Mvelase, P., &Mathaba, S. (2012). The State of [25] Vasilomanolakis, E., Daubert, J., Luthra, M., Gazis, V.,
Affairs in Internet of Things Research Volume Issue,. The Electronic Wiesmaier, A., &Kikiras, P. (2015). On the Security and Privacy of
Journal Information Systems Evaluation, 15(3), (244- 258). Internet of Things Architectures and Systems. 2015 International
[7] Douceur, J. R. (2002). The Sybil Attack. Peer-to-Peer Systems, 251- Workshop on Secure Internet of Things (SIoT).
260. [26] Z L., & T X. (2013). Threat Modeling and Countermeasures Study
[8] EU-China Joint White Paper on the Internet of Things, China for the Internet of Things.JCIT, 8(5), 1163-1171.
Academy of Information and Communications Technology (CAICT)
& European Commission –DG CONNECT, January 2016.
[9] Gianluca Aloi, Giuseppe Caliciuri , Giancarlo Fortino, Raffaele
Gravina, Pasquale pace, Wilma Russo and Claudio Savaglio, A
Mobile Multi Technology Gateway to enable IOT Interoperability, In
proceeding of the IEEE IOTDI Conference, Berlin(Germany) 2016.

View publication stats