Review on Security Threat and Solution of Internet of Things Technology
Abstract
Internet of Things (IoT) is a well-known technology globally, which helps to connect things such as sensors, vehicles, hospital-instruments, industries, and consumer-goods through the internet. Compact smart devices constitute an essential part of IoT. They range widely in use, size, computing resources, and memory. However, integrating these intelligent things into the internet introduces several security challenges, because most internet technologies and communication protocols were not designed specifically to support IoT. Moreover, IoT's commercialization has led to public security concerns, including personal privacy issues, threats of cyberattacks, and organized crime. This review aims to provide a comprehensive list of IoT vulnerabilities and counter-measures against them. To achieve this goal, we first describe three widely-known IoT reference models and define security in the context of IoT. Second, we discuss the potential motivations of the attackers who target this technology. Third, we discuss different attacks and threats. Fourth, we describe possible countermeasures against these attacks. Finally, we describe emerging security challenges in IoT system.
References
M.A. Iqbal, O.G. Olaleye, dan M.A. Bayoumi, “A Review on Internet of Things (IoT): Security and Privacy Requirements and the Solution Approaches,” Glob. J. Comput. Sci. Technol. E Network, Web Secur., Vol. 16, No. 7, hal. 1-10, 2016.
Project CASAGRAS, “CASAGRAS Final Report: RFID and the Inclusive Model for the Internet of Things,” Sci. Am., Vol. 291, No. 4, hal. 10–12, 2009.
R. Minerva, A. Biru, dan D. Rotondi, “Toward a Definition of the Internet of Things,” IEEE Internet of Things, hal. 1–86, 2015.
M.M. Kermani, M. Zhang, A. Raghunathan, dan N.K. Jha, “Emerging Frontiers in Embedded Security,” Proc. IEEE Int. Conf. VLSI Des., 2013, hal. 203–208.
A.M. Nia, M. Mozaffari-kermani, S. Sur-Kolay, A. Raghunathan, dan N.K. Jha, “Energy-Efficient Long-term Continuous Personal Health Monitoring,” IEEE Trans. Multi-Scale Comput. Syst., Vol. 1, No. 2, hal. 85–98, 2015.
P. Alinia, R. Saeedi, R. Fallahzadeh, A. Rokni, dan H. Ghasemzadeh, “A Reliable and Reconfigurable Signal Processing Framework for Estimation Metabolic Equivalent of Task in Wearable Sensors,” IEEE J. Sel. Top. Signal Process., Vol. 10, No. 5, hal. 842 - 853, 2016.
K. Su, J. Li, dan H. Fu, “Smart City and the Applications,” 2011 Int. Conf. Electron. Commun. Control. ICECC 2011 - Proc., 2011, hal. 1028–1031.
M.T. Lazarescu, “Design of a WSN Platform for Long-Term Environmental Monitoring for IoT Applications,” IEEE J. Emerg. Sel. Top. Circuits Syst., Vol. 3, No. 1, hal. 45–54, Mar. 2013.
S. Vashi, J. Ram, J. Modi, S. Verma, dan C. Prakash, “Internet of Things (IoT): A Vision, Architectural Elements, and Security Issues,” 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (I-SMAC), 2017, hal. 492–496.
L. Atzori, A. Iera, dan G. Morabito, “The Internet of Things: A Survey,” Comput. Networks, Vol. 54, No. 15, hal. 2787–2805, Okt. 2010.
Cisco, “The Internet of Things Reference Model,” Cisco White Paper, San Jose, CA: Cisco Systems, 2014.
R. Roman, P. Najera, dan J. Lopez, “Securing the Internet of Things,” Computer (Long. Beach. Calif)., Vol. 44, No. 9, hal. 51–58, Sep. 2011.
C. Maple, “Security and Privacy in the Internet of Things,” J. Cyber Policy, Vol. 2, No. 2, hal. 155–184, 2017.
Y. Cherdantseva dan J. Hilton, “A Reference Model of Information Assurance & Security,” Proc. - 2013 Int. Conf. Availability, Reliab. Secur. ARES 2013, 2013, hal. 546–555.
H. Salmani, M.M. Tehranipoor, dan S. Member, “Vulnerability Analysis of a Circuit Layout to Hardware Trojan Insertion,” IEEE Trans. Inf. Forensics Secur., Vol. 11, No. 6, hal. 1214–1225, 2016.
A. Mosenia dan N.K. Jha, “A Comprehensive Study of Security of Internet-of-Things,” IEEE Trans. Emerg. Top. Comput., Vol. 5, No. 4, hal. 586–602, Okt. 2017.
T. Martin, M. Hsiao, Dong Ha, dan J. Krishnaswami, “Denial-of-service Attacks on Battery-powered Mobile Computers,” Proc. of the Second IEEE Annual Conference on Pervasive Computing and Communications, 2004, hal. 309–318.
F. Stajano dan R.J. Anderson, “The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Network,” Proceedings of the 7th International Workshop on Security Protocols, 1999, hal. 172–194.
A. Juels, “RFID Security and Privacy: A Research Survey,” IEEE J. Sel. Areas Commun., Vol. 24, No. 2, hal. 381–394, Feb. 2006.
M. Lehtonen, D. Ostojic, A. Ilic, dan F. Michahelles, “Securing RFID Systems by Detecting Tag Cloning,” Proc. of 7th International Conference on Pervasive Computing (Pervasive), 2009, hal. 291–308.
D.N. Duc dan K. Kim, “Defending RFID Authentication Protocols Against DoS Attacks,” Comput. Commun., Vol. 34, No. 3, hal. 384–390, Mar. 2011.
J. P. Walters dan Z. Liang, “Wireless Sensor Network Security : A Survey,” dalam Security in Distributed, Grid, and Pervasive Computing, Yang Xiao, Eds., New York, USA: Auerbach Publications, CRC Press, 2006, hal. 1–50.
S.W. Boyd dan A.D. Keromytis, “SQLrand: Preventing SQL Injection Attacks,” Appl. Cryptogr. Netw. Secur., Vol. 13, No. 10, hal. 292–302, Okt. 2004.
B. Biggio, B. Nelson, dan P. Laskov, “Poisoning Attacks Against Support Vector Machines,” Proc. 29th Int. Conf. Mach. Learn. (ICML 2012), 2012, hal. 1-8.
B.I.P. Rubinstein, B.A. Nelson, L. Huang, A.D. Joseph,S.-H. Lau, S. Rao, N. Taft, dan J.D. Tygar, “Stealthy Poisoning Attacks on PCA-based Anomaly Detectors,” ACM SIGMETRICS Perform. Eval. Rev., Vol. 37, No. 2, p. 73, 2009.
A.N. Nowroz, K. Hu, F. Koushanfar, dan S. Reda, “Novel Techniques for High-sensitivity Hardware Trojan Detection Using Thermal and Power Maps,” IEEE Trans. Comput. Des. Integr. Circuits Syst., Vol. 33, No. 12, hal. 1792–1805, 2014.
M. Msgna, K. Markantonakis, D. Naccache, dan K. Mayes, “Verifying Software Integrity in Embedded Systems: A Side Channel Approach,” Int. Workshop on Constructive Side-Channel Analysis and Secure Design, 2014, hal. 261–280.
J. P. Walters dan Z. Liang, “Wireless Sensor Network Security : A Survey,” dalam Security in Distributed, Grid, and Pervasive Computing, Yang Xiao, Eds., New York, USA: Auerbach Publications, CRC Press, 2006, hal. 1–50.
P. Peris-Lopez, J.C. Hernandez-Castro, J.M. Estevez-Tapiador, dan A. Ribagorda, “RFID Systems: A Survey on Security Threats and Proposed Solutions,” Proc. of IFIP TC6 11th International Conference on Personal Wireless Communications, 2006, hal. 159–170.
J.-J. Quisquater dan D. Samyde, “ElectroMagnetic Analysis (EMA): Measures and Counter-measures for Smart Cards,” Proc. of International Conference on Research in Smart Cards, 2001, hal. 200–210.
C. Karlof dan D. Wagner, “Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures,” J. Ad-hoc Netw., Vol. 1, No. 2, hal. 293–315, 2003.
R. Bonetto, N. Bui, V. Lakkundi, A. Olivereau, A. Serbanati, dan M. Rossi, “Secure Communication For Smart IoT Objects: Protocol Stacks, Use Cases and Practical Examples,” 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM), 2012, hal. 1–7.
S. Raza, L. Wallgren, dan T. Voigt, “SVELTE: Real-time Intrusion Detection in the Internet of Things,” Ad Hoc Networks, Vol. 11, No. 8, hal. 2661–2674, 2013.
J. Daemen dan V. Rijmen, The Design of Rijndael: Advanced Encryption Standard, Berlin, Germany: Springer Berlin Heidelberg, 2002.
M. Bellare, A. Desai, E. Jokipii, dan P. Rogaway, “A Concrete Security Treatment of Symmetric Encryption,” Proceedings 38th Annual Symposium on Foundations of Computer Science, 2002, hal. 394–403.
E.R. Naru, H. Saini, dan M. Sharma, “A Recent Review on Lightweight Cryptography in IoT,” Proc. Int. Conf. IoT Soc. Mobile, Anal. Cloud, I-SMAC 2017, 2017, hal. 887–890.
T. Shirai, K. Shibutani, T. Akishita, S. Moriai, dan T. Iwata, “The 128-Bit Blockcipher CLEFIA (Extended Abstract),” Proc. of International Workshop on Fast Software Encryption, 2007, hal. 181–195.
A. Bogdanov, L.R. Knudsen, G. Leander, C. Paar, A. Poschmann, M.J.B. Robshaw, Y. Seurin, dan C. Vikkelsoe, “PRESENT: An Ultra-Lightweight Block Cipher,” Proc. of International Workshop on Cryptographic Hardware and Embedded Systems, 2007, hal. 450–466.
R. Kumar dan S. Rajalakshmi, “Mobile Sensor Cloud Computing: Controlling and Securing Data Processing Over Smart Environment through Mobile Sensor Cloud Computing (MSCC),” Proceedings - 2013 International Conference on Computer Sciences and Applications, CSA 2013, 2013, hal. 687–694.
S. Misra dan A. Vaish, “Reputation-based Role Assignment for Role-based Access Control in Wireless Sensor Networks,” Comput. Commun., Vol. 34, No. 3, hal. 281–294, 2011.
H. Mouratidis dan P. Giorgini, “Security Attack Testing (SAT)-Testing the Security of Information Systems at Design Time,” Inf. Syst., Vol. 32, No. 8, hal. 1166–1183, 2007.
B.I.P. Rubinstein, B. Nelson, L. Huang, A.D. Joseph, S.-H. Lau, S. Rao, N. Taft, dan J.D. Tyga, “ANTIDOTE: Understanding and Defending Against Poisoning of Anomaly Detectors,” Proceedings of the 9th ACM SIGCOMM Conference on Internet Measurement Conference - IMC ’09, 2009, hal. 1-14.
M. Mozaffari-Kermani, S. Sur-Kolay, A. Raghunathan, dan N. K. Jha, “Systematic Poisoning Attacks on and Defenses for Machine Learning in Healthcare,” IEEE J. Biomed. Heal. Informatics, Vol. 19, No. 6, hal. 1893–1905, 2015.
M. Kumar (2016) “How to Hack WiFi Password from Smart Doorbells,” [Online], https://thehackernews.com/2016/01/doorbell-hacking-wifi-pasword.html, tanggal akses: 12-Agu-2019.
A. Chapman (2014) “Hacking into Internet Connected Light Bulbs,” [Online], https://www.contextis.com/en/blog/hacking-into-internet-connected-light-bulbs, tanggal akses: 12-Agu-2019.
J. Liu, Y. Wang, G. Kar, Y. Chen, J. Yang, dan M. Gruteser, “Snooping Keystrokes with mm-level Audio Ranging on a Single Phone,” Proc. 21st Annu. Int. Conf. Mob. Comput. Netw., 2015, hal. 142–154.
L. Lu, J. Yu, Y. Chen, Y. Zhu, X. Xu, G. Xue, dan M. Li, “KeyListener: Inferring Keystrokes on QWERTY Keyboard of Touch Screen Through Acoustic Signals,” IEEE INFOCOM 2019 - IEEE Conference on Computer Communications, 2019, hal. 775–783.
E. McKenna, I. Richardson, dan M. Thomson, “Smart Meter Data: Balancing Consumer Privacy Concerns with Legitimate Applications,” Energy Policy, Vol. 41, hal. 807–814, 2012.
Y. Michalevsky, G. Nakibly, A. Schulman, G.A. Veerapandian, dan D. Boneh, “PowerSpy: Location Tracking using Mobile Device Power Analysis,” SEC’15 Proceedings of the 24th USENIX Conference on Security Symposium, 2015, hal. 785–800.
© Jurnal Nasional Teknik Elektro dan Teknologi Informasi, under the terms of the Creative Commons Attribution-ShareAlike 4.0 International License.