Rony Shaha, Assistant Technical Officer and Research Coordinator of Daffodil Robotics Lab for his continuous support and guidance in IoT based microcontrollers and smart devices. While the term "Internet of Things" (IoT) was first introduced in 1999, our modern society is rapidly evolving from these interconnected networks of smart devices. Cutting-edge technologies and software engineering can make smart devices connect with man-machine and machine-machine in a semi-automated or fully-automated way, so that IoT can be applied in the field of every aspect of a utopian society from remote medical surgery to automated home security.
This article covers an overview and analysis of cybersecurity threats and challenges of microcontroller-based smart devices, security flaws in the software architecture, and vulnerabilities for the node sensor module in IoT devices. Keywords: Internet of Things (IOT), microcontroller security, privacy and security issues, wireless sensor network security, smart devices, IoT security. We are now implementing IoT in all possible sectors: weather forecasting, industrial production robots, smart home sensors, automated vehicles, smart appliances like AC, refrigerator and indoor lighting, they are all part of the IoT hub now.
Because these smart devices can send data and communicate with each other, the data must be sent in a secure manner. There are several reports of zero-day vulnerabilities in many new consumer-based IoT devices. Several studies have already shown that there are so many security issues in this sector and as the demand for IoT devices grows, the risk factor grows with the flow.
The purpose of this task is to justify common security practices to prevent attacks on smart IoT devices.
Thesis Organization
LITERATURE REVIEW
This paper [13] presented the highest vulnerability analysis in IoT devices for the smart home environment by the standard PTES penetration testing approach. This paper [18] proposed Smart Home Automation System and Security using Arduino microcontroller and sensor modules like Flex Sensor, Flame Sensor, Fire Sensor, Relay Driver, LDR & DC Motors. Similarly, another paper [20] concludes the security and privacy issues for an IoT-based smart home with Zigbee module in the European Union.
In the forensic part, the paper [23], a forensic investigation framework is proposed for Zigbee & Z-wave based IoT Smart Home Environment. Another paper [31] designed Arduino & Wireless NodeMCU based Intelligent Smart Home Automation & Security System with extended sensor modules. The paper [33] by the same authors relatively proposed the integration of fingerprint sensors to improve Smart Home Automation Security.
On the other hand [47] a risk analysis methodology is proposed for the threat analysis in the Smart Home Automation System. Another survey on improving home automation security for fingerprint-enabled smart home security systems [44] was conducted in 2017, by Sankar A.
RESEARCH METHODOLOGY
- Introduction to the Secure System Model Related to this Research
- OSI Layers
- Physical Layer
- Data Link Layer
- Network Layer
- Transport Layer
- Session Layer
- Presentation Layer
- Application Layer
- Case Study and Literature Review
- Significance of vulnerabilities
The data link layer is in charge of establishing or eliminating a connection between physical nodes that can be connected by cable or wirelessly. The media access control (MAC) is responsible for the data transfer and the provision of data flow by defining permissions over the network. The Logical Link Control (LLC) is responsible for controlling the data flow and identifying errors that occur due to flow from physical media.
The primary responsibility of the network layer is to receive packets of data from the data link layer and then move them on. It fulfills this duty by finding the best route to forward these packets using the address given to them by the data link layer. It does this by first splitting the data at the transmitting end and then reconstructing it at the receiving end.
If an error occurred during the transmission, it is responsible for retrieving it from the end of the transmission. The session layer is responsible for creating sessions between computers, i.e. communication channels to transfer data between them. It informs the devices how it has encoded and compressed the data to be decoded at the receiving end.
In this way, it is basically responsible for preparing the data for the application layer and passing any data from it back to the session layer when necessary. It provides software with protocols that allow it to send and receive information directly from users and display it to them. It is important to note that the applications themselves are not present in this layer, but rather it allows them to communicate with lower layers to communicate with applications on the other side.
Audio-Injection attacks are performed on consumer-based voice controllable systems, such as the Google Home mini, targeting MEMS microphones. This can be economically significant as well as life-threatening if the vehicle is concerned &. All IoT components generate and transmit massive data collections to the cloud server, so we must consider the risk of private data leakage as well in order to use these devices in our daily lives.
A06:2021-Vulnerable and Outdated Components was previously titled Using Components with Known Vulnerabilities and is #2 in the Top 10 community survey, but also had enough
A05:2021-Security misconfiguration moves up from #6 in previous issue; 90% of the applications were tested for some form of misconfiguration. With more shifts to highly configurable software, it's not surprising to see this category move up. A06:2021-Vulnerable and Outdated Components was previously titled Use Components with Known Vulnerabilities and is #2 in the Top 10 Community Survey, but also had enough.
A07:2021-Identification and Authentication Failures was previously Broken Authentication and is sliding down from the second position, and now includes CWEs that
A09:2021-Security Logging and Monitoring Failures was previously Insufficient Logging
A10:2021-Server-Side Request Forgery is added from the Top 10 community survey (#1)
Lab Experiments
The raspberry pi acted as the central hub or cloud server for the smart home environment. The ESP 8266 module was flashed with a custom BIOS to target the Smart Home IoT network.
Risk Assessment
Risk ID
Risk Name Risk Impact
Risk Type Likelihoo d
Security Attribute
Privacy Impact
While data is transmitted through secure communication from sensor elements to the central hub, there are several risk factors for a Man in the Middle Attack. There is a possibility of password and other sensitive information being leaked while communicating with the IoT network. There are some consumer-based IoT devices that collect user data without the end user's concern.
The European Union has taken steps in IoT device policy law and regulation. The end user must receive a clear message about what kind of data will be collected and stored by an IoT device.
RESULTS AND DISCUSSION
CONCLUSIONS AND RECOMMENDATIONS 5.1 Findings and Contributions
Recommendations for Future Works
VULNERABILITY TRENDS IN IOT DEVICES AND NEW SENSOR-ASSISTED SECURITY PROTECTIONS
State-of-the-art survey of IoT effects on smart city technology: Challenges, opportunities and solutions. A comparative analysis on the smart home system to control, monitor and secure the home, based on technologies such as GSM, IOT, Bluetooth and PIC microcontroller with ZigBee modulation. 18] Smart Home Automation and Security System using Arduino and IOT Siddharth Wadhwani1, Uday Singh2, Prakarsh Singh3, Shraddha Dwivedi4 1234 Student, Deptt.
2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/ 12th IEEE International Conference on Big Data Science and Engineering. Sovacool, Mari Martiskainen, Knowledge, energy sustainability and vulnerability in the demography of the spread of smart home technology. Identify the vulnerabilities in WIFI network, computer and mobile devices using WIFI Deauther, USB Rubber Ducky, Backdoor APK.
Shon, Game Theory-Based Security Vulnerability Quantification for Social Internet of Things, Future Generation Computing Systems (2017), http://dx.doi.org/10.1016/j.future.
PLAGIARISM REPORT
Various scenarios of misuse and abuse of the vulnerable smart home are summarized from the National Vulnerability Database (NVD) and the. The smart home system can be controlled remotely using an Open Source remote control app “Blynk”. In the cloud computing sector, [39] assessed the security and privacy issues related to Fog Computing for the IoT devices.
The data link layer consists of two sub-layers of its own which are: – The media access control (MAC) is responsible for the data transfer and the provision of data flow by defining permissions over the network. So, IoT Smart Home devices are not in a mature stage, the risk factors still need to be considered. Lack of cybersecurity knowledge is one of the most common issues in the cybersecurity issue.
