Many smart services grow rapidly with the blessings of the Internet of Things; however this coincides with an increase in security and privacy issues. The Internet of Things within their enterprises, production facilities are now ready to start introducing smart products and integrated intelligence products.
Motivation
What are the security challenges of the IoT's key components ranging from secure boot, authentication, protected ports, secure storage and secure connectivity. As of today, the IoT can follow any testing methodology and already be considered secure.
Scope of the Thesis
Predicting the Future
The challenges chapter will highlight the various challenges that exist in IoT today as well as future challenges. The solutions chapter offers different solutions to the challenges presented in the challenges chapter.
Chapter Two
BACKGROUND
Comparative Study
So we're going to get to the point where we're going to talk about five things. Some manufacturers understand the potential of IoT, and Figure 2.1 shows the percentage of this fact.
Scope of the Problem
When it comes to professionals or experts, IT people tend to stick much more to I know cloud, I know networking, I know application development, now I'm doing web development, but I don't know hardware. We need to have domain knowledge of hardware along with domain knowledge. We don't need a coder to know how domain knowledge about both.
So that when it comes to integration share when it comes to getting data from cloud to the device from the data clouds. So if we don't have knowledge about the hardware part, the IT person who is actually analyzing the data and building the big data solutions will not be able to analyze that part because that IT person has practically separated from the hardware part . When it comes to developer eyes what we're trying to do as well, it's like we're trying to make it happen anyway, that's our main goal we're trying to make things happen on time.
When it comes to implementation, share the traditional things we used, like our website. We have a hardware part, an integration network part, some cloud parts, a front-end part.
Challenges
Probably, if we are into IoT consumer products, the product we develop might work very well in our own country, but might not work so well in a certain other country or a certain part of our own country. Again testers with domain knowledge, deploying multiple user applications in a distributed environment, this is a very important part. When it comes to implementation, the traditional things we used, like our website, running in a browser, are nothing more or we can have browsers on our smartphone, we just have to make them a small smartphone size and this size special stuff .
Probably the product, if we're for the consumer IoT product part that we're developing, might work very well in our own country, might not work very well in a certain other country or a certain part of our own country.
Chapter Three
Security Challenges in the Internet of Things
- Authentication
- Availability
- Confidentiality
- Post-Production Management
- Privacy
- Denial of Service
- Unintended uses
What we will talk about in our summary of the results is entitled The Internet of Things has finally arrived. Unfortunately, they are not ready because they are very out of their mind about the testing process. Some of the security risks that we will talk about in this article are eavesdropping attacks, man-in-the-middle attacks, unauthorized access and control, product cloning, and unauthorized overproduction. When looking at the PKI infrastructure we want to use, we also need to decide whether to use a public or a private certificate authority.
But the device itself must have the ability to securely store the authentication and use of certificates, and must support things like SCP e or other certificate authority protocols in the process. Given that the biggest objective of the IoT framework is to be accessed by anyone, anywhere and anytime, attack vectors or surfaces also become open to attackers [14, 15]. Thus, causing potential threats to end up more likely. Some of the security risks we will talk about in this paper are eavesdropping attacks, man-in-the-middle attacks, unauthorized access and control of product cloning and unauthorized overproduction.
Some of the security risks we will talk about in this paper are eavesdropping attacks, human-. In this paper we will talk about eavesdropping attacks, man-in-the-middle attacks, unauthorized access and control of product cloning and unauthorized overproduction.
Chapter Four
Solution to challenges in the internet of things
- Authorization
- Authentication
- Public Key Infrastructure
- Data Storage
So the IoT ecosystem consists of different kinds of devices. Depending on your use case, other protocols may be appropriate. SSH, IpSec and Ike are often used in IP networks, and many of the wireless standards have their own communication security protocols. The speed is user authentication and it is a human trying to access the device that is authorized to do so.
Depending on the device you are building and the nature of its use, other types of authentication may make sense. On the one hand, we would like to have the possibility to unambiguously recognize all devices, but at the same time; the user of the device usually does not want to be identified. These distinctive identifiers were shown in the analysis of the EyeFi card, where the network interface broadcasts a Mack address with each packet, inside the Fitbit, where the device address was distinctive, it can track a person's movements, and in the Home Simple system, where any transmitter ID is broadcast with every signal.
Where this feature also does not prohibit the use of the goods, it should be enforced. However, in several circumstances the individuality of the device ID is the entire purpose of the device.
Chapter Five
Proposed a testing methodology for the
Guideline for Developers
- Product Ecosystem
- Setup
- Open Intelligence Gathering
- Capture and Analysis of Data
- Vulnerability Testing of Mobile and Control Application
- Testing cloud API and Web Services
- Testing of Embedded Hardware
Despite the truth that the overall functionality of a smart home depends on the availability of a web association available at any time, where different things can be related within the same apartment to a central center. So item data is fundamental to creating value and competitive advantage, but companies need to consider a few of the key costs. At that point, we say to calibrate the extent of our effort according to a few of the result costs around data transmission and storage.
In this testing process, we conduct an in-depth test and examination of versatile and inaccessible applications used to monitor IoT items. Like the cloud test, we test all functions and communications between mobile applications and all components within the IoT ecosystem to verify the overall security posture of the product. Use network diagrams, documentation, and convenient cloud administration access to assess the security of deploying cloud platforms.
Next, the team will move on to the net application layer – this requires significant consideration and will contain the lion's share of the effort. As IoT technology evolves, considerations are mostly centered on applications such as detection, remote transmission, acuity and other angles of IoT and overview of the basic equipment that provides such functionality [49]. We will also check IoT gadgets to assess the security against the physical layer attacks.
Chapter Six
Discussion
When we get involved in doing IoT testing, we need to have a standard methodology and the way we approach is quickly what we want to do is to identify the complete product ecosystem. Once golf has done this and we have functionally tested the equipment and ensured that it is working correctly as the manufacturer intended it to work, then we switch in and start doing the actual work. What we will do there is we will set up an environment where we can capture all the communications; we will set up proxy services between the device in the cloud between the mobile app and the cloud.
From there, we will perform well and start performing mobile application vulnerability testing. After the end of the wave, we move on to the last phase of the entire ecosystem. It's hardware tested in hardware, well actually take apart the technology, inspect it well for entry points which could be J tags, could be UART.
Well, also dig deeper into the RF communication at this point and try to identify what kind of data is being communicated on that path and is it properly secure as part of that process as well. Good attempt to access the firmware, if not able to get a copy of the firmware via the cloud apis, then often you open the device and actually pull the memory, ash the memory directly on the device and then well analyzed it for embedded keys, embedded passwords and other issues like undocumented command structure that could be used to perform further attacks on the device and by focusing on all these key parts we can identify any security models how they affect each other within our particular proposed model.
Chapter Seven
Conclusions
Future Work
Some recent research has just been completed with 350 manufacturers across the United States and we think we find it really interesting. In late 2017, a study of manufacturers in the United States found that 46 percent of manufacturing executives actually said they had no idea what the Internet of Things was.
Chapter eight
34;The Internet of Things (IoT): A Vision, Architectural Elements, and Future Directions." In Sensor Data Management and Mining, p. 34;Context Aware Computing for the Internet of Things: A Survey." IEEE Communications Surveys and Tutorials 16, no.
34; Security for the Internet of Things: A Review of Existing Protocols and Open Research Questions." IEEE Communications Surveys & Tutorials 17, No. 34; Cybersecurity and the Internet of Things: Vulnerabilities, Threats, Intruders, and Attacks." Journal of Cyber Security 4, no. 34; A Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT)." In International Conference on Network Security and Applications, p.
34;Is the web http/2 yet?." In International Conference on Passive and Active Network Measurement, p. 34;Key management systems for sensor networks in the context of the Internet of Things." Computers & Electrical Engineering 37, No.
