IoT: Internet of Threats? A Survey of Practical Security Vulnerabilities in Real IoT Devices
| Autor: | Daniel Zucchetto, Michele Polese, Matteo Calore, Francesca Meneghello, Andrea Zanella |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Computer Networks and Communications
Computer science Vulnerability Denial-of-service attack Access control security 02 engineering and technology Computer security computer.software_genre Home automation 0202 electrical engineering electronic engineering information engineering Confidentiality Authentication Access network Attacks devices Internet of Things (IoT) business.industry Authorization 020206 networking & telecommunications Computer Science Applications Hardware and Architecture Signal Processing 020201 artificial intelligence & image processing The Internet business Communications protocol computer Information Systems Anonymity |
| Zdroj: | IEEE Internet of Things Journal. 6:8182-8201 |
| ISSN: | 2372-2541 |
| Popis: | The Internet of Things (IoT) is rapidly spreading, reaching a multitude of different domains, including personal health care, environmental monitoring, home automation, smart mobility, and Industry 4.0. As a consequence, more and more IoT devices are being deployed in a variety of public and private environments, progressively becoming common objects of everyday life. It is hence apparent that, in such a scenario, cybersecurity becomes critical to avoid threats like leakage of sensible information, denial of service (DoS) attacks, unauthorized network access, and so on. Unfortunately, many low-end IoT commercial products do not usually support strong security mechanisms, and can hence be target of—or even means for—a number of security attacks. The aim of this article is to provide a broad overview of the security risks in the IoT sector and to discuss some possible counteractions. To this end, after a general introduction to security in the IoT domain, we discuss the specific security mechanisms adopted by the most popular IoT communication protocols. Then, we report and analyze some of the attacks against real IoT devices reported in the literature, in order to point out the current security weaknesses of commercial IoT solutions and remark the importance of considering security as an integral part in the design of IoT systems. We conclude this article with a reasoned comparison of the considered IoT technologies with respect to a set of qualifying security attributes, namely integrity, anonymity, confidentiality, privacy, access control, authentication, authorization, resilience, self organization. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|