A Beginner S Guide To Internet of Things Security Attacks Applications Authentication and Fundamentals 1st Edition Gupta All Chapter Instant Download
A Beginner S Guide To Internet of Things Security Attacks Applications Authentication and Fundamentals 1st Edition Gupta All Chapter Instant Download
A Beginner S Guide To Internet of Things Security Attacks Applications Authentication and Fundamentals 1st Edition Gupta All Chapter Instant Download
OR CLICK LINK
https://textbookfull.com/product/a-beginner-s-
guide-to-internet-of-things-security-attacks-
applications-authentication-and-fundamentals-1st-
edition-gupta/
Read with Our Free App Audiobook Free Format PFD EBook, Ebooks dowload PDF
with Andible trial, Real book, online, KINDLE , Download[PDF] and Read and Read
Read book Format PDF Ebook, Dowload online, Read book Format PDF Ebook,
[PDF] and Real ONLINE Dowload [PDF] and Real ONLINE
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
https://textbookfull.com/product/a-beginners-guide-to-internet-
of-things-security-attacks-applications-authentication-and-
fundamentals-first-edition-b-b-gupta-author/
https://textbookfull.com/product/internet-of-things-security-
principles-applications-attacks-and-countermeasures-1st-edition-
gupta/
https://textbookfull.com/product/enabling-the-internet-of-things-
fundamentals-design-and-applications-1st-edition-muhammad-azhar-
iqbal/
https://textbookfull.com/product/wordpress-fundamentals-a-
comprehensive-beginner-s-guide-to-wordpress-3rd-edition-kathleen-
peterson/
Towards the Internet of Things: Architectures,
Security, and Applications Mohammad Ali Jabraeil Jamali
https://textbookfull.com/product/towards-the-internet-of-things-
architectures-security-and-applications-mohammad-ali-jabraeil-
jamali/
https://textbookfull.com/product/green-internet-of-things-sensor-
networks-applications-communication-technologies-and-security-
challenges-adamu-murtala-zungeru/
https://textbookfull.com/product/fundamentals-of-toxicology-
essential-concepts-and-applications-1st-edition-pk-gupta/
https://textbookfull.com/product/from-visual-surveillance-to-
internet-of-things-technology-and-applications-lavanya-sharma/
https://textbookfull.com/product/learn-python-programming-a-
beginner-s-guide-to-learning-the-fundamentals-of-python-language-
to-write-efficient-high-quality-code-romano/
A Beginner’s Guide
to Internet of Things
Security
A Beginner’s Guide
to Internet of Things
Security
Attacks, Applications,
Authentication, and Fundamentals
B. B. Gupta
Aakanksha Tewari
CRC Press
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
This book contains information obtained from authentic and highly regarded sources.
Reasonable efforts have been made to publish reliable data and information, but the
author and publisher cannot assume responsibility for the validity of all materials or the
consequences of their use. The authors and publishers have attempted to trace the copyright
holders of all material reproduced in this publication and apologize to copyright holders if
permission to publish in this form has not been obtained. If any copyright material has not
been acknowledged please write and let us know so we may rectify in any future reprint.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted,
reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other
means, now known or hereafter invented, including photocopying, microfilming, and
recording, or in any information storage or retrieval system, without written permission
from the publishers.
For permission to photocopy or use material electronically from this work, please access
www.copyright.com (http://www.copyright.com/) or contact the Copyright Clearance
Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-
for-profit organization that provides licenses and registration for a variety of users. For
organizations that have been granted a photocopy license by the CCC, a separate system of
payment has been arranged.
-B. B. Gupta
-Aakanksha Tewari
Contents
Preface xi
Acknowledgments xiii
Authors xv
vii
viii Contents
41
5.1 Privacy in IoT 41
5.2 Threat to Data Privacy in IoT 43
5.3 Enforcing Trust in IoT 44
5.4 Trust Management 46
5.5 Conclusion 47
References 83
Index 91
Preface
The potential capabilities of Internet of Things (IoT) can reduce a lot of time
and expenditure of various organizations. These devices are excellent data
collectors and sensors; therefore, they can help in efficient decision-making
in a wide range of applications. However, security remains the biggest issue in
the IoT domain. A lot of research is being carried out in this area to provide
strong security and privacy mechanisms in IoT networks. The development
of standards and protocol sets is necessary to build the IoT network properly.
Only time will ultimately tell how far IoT will reach and how it will reshape
the world. However, by the planned integration of existing technologies, we
can make IoT networks secure and more efficient. We address various issues in
securing IoT networks, which enabled us to develop various mutual authentica-
tion protocols that strengthen the security and privacy of IoT devices and pre-
vent confidential data from theft. The present scenario of IoT research is mainly
focused on the development of technologies for its implementation. By exam-
ining the recent statistics and literature, it also uncovers various challenges
that have the potential to prevent IoT from growing to its full potential.
Specifically, the chapters contained in this book are summarized as
follows:
xi
xii Preface
Writing a book is a huge task and more rewarding than one could fathom. This
book entitled A Beginner’s Guide to Internet of Things Security is the result of
great contributions and encouragement from many people. None of this would
have been possible without their ideas and support, which has helped greatly
in enhancing the quality of this book. The authors would like to acknowledge
the incredible CRC Press/Taylor & Francis Group staff, particularly Randi
Cohen and her team, for their continuous assistance and motivation. This book
would not have been possible without their technical support. The authors are
eternally grateful to their families for their love and unconditional support at
all times. In the end, the authors are most thankful towards the Almighty who
is always helping us to overcome every obstacle not only for this work but also
throughout our lives.
September 2019
B. B. Gupta
Aakanksha Tewari
xiii
Authors
xv
Evolution of
Internet of
Things (IoT)
1
History, Forecasts,
and Security
The Internet of Things (IoT) is a new paradigm which is transforming
everything from the consumer market, that is, household devices to industrial
applications at large scales. The Internet was always intended to bring pieces
of software, services, and people together on one platform at a global level [1].
Nowadays with the evolution of IoT, day-to-day objects have also become
a part of the Internet sending and receiving updates continuously from one
place to another. Therefore, we can define IoT as a network of interconnected
devices, which provide services and share data-connecting and performing
tasks in various applications [2].
The highly distributed and dynamic nature of IoT enables it to receive and
store data continuously in huge amounts. For example, in the field of health-
care, it has led to remote health monitoring, emergency notifications, etc. The
consumer electronics markets are also exploding with wearable gadgets [3].
Various domains such as wireless sensor networks (WSN), embedded systems,
and radio frequency identification (RFID) are found to be huge contributors
towards the growth of IoT.
As IoT is an evolving domain, it requires a lot of attention from the
researchers and the industry as well. Various standardization organizations
such as IEEE and IETF are also working towards developing standards and
protocols for IoT architecture. The sensors and actuators that are consumed in
1
2 A Beginner’s Guide to Internet of Things Security
the consumer electronics market are very low cost and small sized and have
high computational capabilities, which are the reasons for the growth of IoT as
automation is made so easy. Industries are also deploying IoT at large scales
such as in retail management and transportation [3,4].
The understructure for IoT is the Internet providing connectivity, which
also adds to the vulnerabilities in these networks. IoT networks face the same
security threats as the Internet; in addition, due to their limited capabilities and
simpler architecture, they are easier to compromise. At the physical layer, most
of the IoT devices use RFID, therefore ensuring that RFID tags can secure our
data from any threat to security and privacy [5].
Our aim is to perform an in-depth analysis of the recent advancements in
the field of security and privacy in IoT networks. Research needs to be done
in order to facilitate the integration of IoT with other technologies in a secure
environment. This can be accomplished by designing standard communi-
cation methodologies and standard protocols. It is a primary requirement
to make IoT power efficient and reliable. The use of proper authentication
mechanisms is one way to ensure security against various attacks and main-
tain the availability and integrity of data and services at all times for autho-
rized users.
The aforementioned trends show that the rapid growth IoT has been in the past
few years as well as its potential growth in the coming years. It is estimated that
the economy of IoT security will be around $28.90 billion in 2020. However,
in 2015, it was $6.89 billion. The growth in IoT requires a significant amount
of investment in its security as well. We need security mechanisms that can
protect the IoT network architecture as a whole [12,13].
The current rate of development in IoT technology will help us predict
its future. Currently, the number of connected IoT devices is around
5 billion, most of which are personal devices. Most of the devices are
1 • Evolution of Internet of Things (IoT) 5
FIGURE 1.2 Percentage growth of IoT applications in the next ten years.
(Source: DBS Bank.)
6 A Beginner’s Guide to Internet of Things Security
carry out attacks, which can disrupt services or transfer control to attackers at
remote locations. IoT devices are vulnerable to various attacks such as replay,
forgery, phishing, and denial of service.
In January 2015, Proofpoint revealed a spamming incident where the traf-
fic was routed through several devices across various countries. This global
attack had more than 750,000 malicious emails transferred from various
locations, which were sent from consumer devices such as home routers,
televisions, media and centers. Later on, it was discovered that at least one
refrigerator was also involved in this attack. It was observed that the incident
started from December 23, 2014, and continued till January 6, 2014, where
the malicious email traffic was sent thrice a day with a burst size of 100,000
emails each. The targets were both enterprises and individuals. The primary
cause of these attacks was a lack of caution and awareness. The attackers
exploited misconfigurations and the continued use of default passwords, which
made the devices vulnerable and easy to control [13–15].
Another wave of IoT attacks occurred in 2016, which mainly involved
devices such as IP cameras and routers. The compromised devices were turned
into botnets. These botnets were used collectively to launch attacks on a large
scale. The cybercriminals are becoming more and more advanced. In an attack
in 2018, a device that controlled around 15 CCTV cameras was attacked.
However, in due time, the security operator detected the malicious activity and
issued a warning that this might infect many more CCTV models. Another
cause of these flaws is a lack of complete patching of IoT devices [16].
The IoT-based companies sometimes ignore security, or they are not expe-
rienced enough to realize the gravity of the situation (Figures 1.3 and 1.4).
Lack of consumer awareness is also a very big cause behind these successful
attacks. Consumers are often excited about the features and functions these
devices provide so that they do not pay attention to security updates and setting
strong passwords.
The attacks are proof of the lack of security schemes in IoT networks,
which need to be taken very seriously. In the current scenario, IoT gadgets are
vulnerable to various attacks that may disrupt their services and transfer the
control to some remote attacker. The attacker can impersonate a server and
make the devices decrease their message-sending rates or increase the rate of
their resource consumption and bandwidth. The attacker might also imper-
sonate any tag and send multiple fake requests to engage servers’ resources
eventually leading to DoS.
IoT devices are also needed to be protected from a wide range of threats,
which include malware infections, disruption of services, and information
theft. The attacker could easily gain in controlling the devices that are a
part of smart home, automobiles, or personal fitness and disease-monitoring
gadgets. An attacker can simply hack the software in a person’s smart watch
or an insulin pump to track their location, or they might gain access to
the information systems present in the automobiles and use them to carry
malicious activities.
The most serious threat IoT devices face is malware such as Trojans,
viruses, and worms that can disable IoT systems. Besides, this work also needs
to be done to ensure that updates received by IoT devices are secure along with
secure default settings. There is still a huge room for improvement when it
comes to securing the IoT architecture.
8 A Beginner’s Guide to Internet of Things Security
Fractures of the anterior fossa may involve the roof of the orbit;
even facial bones may participate in the injury. These considerations
are not without importance, for if a patient presents symptoms of
injury of the petrous bone, and if these be accompanied by injury to
the lateral region of the skull, we are in a position to make a
diagnosis of fracture of the middle fossa. (See Plate XLII, and Figs.
375 and 376.)
By all means the majority of basal fractures are mere fissures
which open and close instantly upon their production—close so
quickly, in fact, as scarcely even to include blood between the
broken bony surfaces.
Prognosis.—The majority of basal fractures are fatal, either
because of injuries to the brain, or of hemorrhage or
violence along the nerve trunks, or from infection extending along
the newly opened paths. Other things being equal, the longer the
fissure the greater the danger, particularly so when it takes its origin
in the vertex, and because of greater ease of infection. Air infection
may occur in any basal fracture by fissures extending into the
various air-containing cavities—nose, ears, sinuses, etc. They are
then practically compound, though invisibly so. The general
prognosis will depend, first, upon the injury to the cranial contents;
second, upon the possibility of infection. Statistics are absolutely
unreliable, although always possessing interest. Numerous museum
specimens show the perfection with which bony repair may occur
and the admirable way in which compensation is afforded for
defects. Suppuration after basal fractures is mainly that due to
purulent basal meningitis, in which case the brain symptoms
dominate in the clinical picture, while the appearance of a single
drop of pus in the ear or upon the surface is of the greatest
significance. The conversion of a serous outflow (e. g., from the ear)
into purulent fluid is also pathognomonic. Various paralyses,
principally of the cranial nerves, may follow this injury and prove
temporary or permanent. Diagnosis is often made by a study of
these special nerve lesions.
Diagnosis.—The most significant diagnostic features are:
1. Spread of blood from the point of fracture until it
appears as an ecchymosis at certain points beneath the skin: This
will occur early in some cases and late in others. It may appear
beneath the skin or beneath the conjunctiva or other mucous
membranes, even in the pharynx. Occurring about the mastoid, it
implies fracture of the middle or posterior fossa; about the eyelids, of
the anterior fossa. Beneath the bulbar conjunctiva it means
extravasation along the optic sheath, probably from within the dura.
In fractures of the posterior fossa it will come to the surface of the
neck, but only after two or three days. The ecchymoses about the
lids or orbits occurring after two or three days mean more than those
occurring within these days, for the latter may be caused by external
bruising. The globe of the eye may be pushed forward by blood
accumulating within the orbit. Exophthalmos thus produced is
therefore most significant, though not common.
2. Escape of serous fluid, blood, or brain substance from the
cavities of the skull: Hemorrhages from this cause occur most often
from the ear, the petrous bone being tunnelled with various canals
through which blood may thus escape. The surgeon should,
however, assure himself in every instance that the blood is escaping
from the ear and not from some trifling wound of the external soft
parts, the soft walls of the meatus, or the tympanum. Profuse
hemorrhage can probably only come from a basal fracture. Escape
of serous fluid is usually noted as a sequel to hemorrhage, although
it may begin almost immediately after an injury. Rarely more than
twenty-four hours elapse before it begins to flow. The quantity of fluid
discharged is sometimes considerable. It may occur in frequent
drops or during expulsive efforts, like coughing, or may ooze in such
a way as to be insensibly collected by the absorbent dressings. In
average cases the amount in twenty-four hours is from 100 Cc. to
200 Cc.; 800 Cc. have been noted in occasional instances, and in a
very few still more. Occasionally violent expiration will increase the
flow.
In some cases the fluid may escape through the Eustachian tube
into the pharynx, whence it may escape by the nostrils or be
swallowed.
The escape of brain substance is rarely noted, but obviously
implies such serious injury as to make the prognosis of the worst.
3. Disturbance of function along particular cranial nerves, paralysis
of which is often produced by fractures of the base, especially those
involving the foramen of exit of the nerve involved: The nerve may
be lacerated or injured in such case by the fragment of bone.
In addition to these distinctive features there will be in the majority
of instances brain symptoms, either of contusion or compression,
varying in severity within all possible limits, but adding their weight to
the value of the testimony.
Other and unusual signs of basal fracture may occur, such as
communication between the cavities of the petrous bone and the
mastoid cells, leading to the formation of pneumatocele (see page
545), or emphysema of the overlying soft parts, observed mostly
about the orbits, when the nasal cavity is involved.
Treatment.
—The treatment of basal fractures is mainly symptomatic. The first
effort should be to make antiseptic all those parts of the skull
involved, which means to shave the scalp; to thoroughly cleanse and
irrigate the external ear and the auditory meatus, using a head mirror
and ear speculum for this purpose; to tampon the meatus with
antiseptic cotton; to provide a copious absorbent dressing for such
fluid as may escape and to change this frequently; to cleanse the
nasal cavity as well as the conjunctival sac, for all of which the
peroxide of hydrogen is serviceable. All of this should be done
promptly, while at the same time studying the patient for evidence of
brain injury or of involvement of special nerves. By the time these
measures are thoroughly performed a decision as to the necessity
for immediate operation should have been reached. Evidence of
brain compression wanting, and in the absence of external or
compound injury the patient may be left at rest, with cold applications
to the head and active purgation. In many of these instances benefit
follows the application of a number of leeches to the mastoid region
and to the occiput. Operation is necessary later only when brain
symptoms supervene, these consisting of evidences of compression,
either from blood or from pus, as compression from other causes
should have been acting at the time of the first examination, and
should have been recognized at that time. When direct fractures are
evident the possibility of the entrance of foreign bodies should be
also remembered. Thus penetrating fractures of the base have
occurred through the orbit as the result of accident or assault, and
such weapons or implements as foils, ramrods, drumsticks, canes,
umbrella points, etc., have been known not only to penetrate into the
brain, but perhaps to leave some portion of their substance—e. g., a
foil tip or an umbrella tip—within the cranium after their withdrawal.
Separation of sutures, known also as diastasis of the same, is the
occasional result of injury instead of, or complicated with, fissures or
other fractures. It is the result of violence, and is virtually a specific
form of fracture, from which it differs in no essential particular.
Diastasis can only take place along lines of previous suture, but it is
possible that Wormian bones may be thus loosened. Sutures thus
separated ordinarily heal by fibrous repair rather than osseous union.
Diagnosis is possible only as they are exposed to view, although
displacement in the middle line or along known suture lines may be
regarded as diastasis. The treatment differs in no respect from that
of other fractures.
Injuries to the frontal sinuses occasionally complicate fractures of
the skull. These sinuses vary in different individuals, are rarely truly
symmetrical, and are not found in the young. They connect with the
nose in such a way that emphysema of the frontal region is quite
possible, while air may be blown beneath the periosteum or may
communicate with the interior of the cranium. In wounds of the
frontal region the sinuses are occasionally opened—a fact of
importance, for infection of the Schneiderian membrane may occur
and endanger life, mainly because of the retention of infectious
products within its cavities. Moreover, by such wounds the ethmoid
may also be injured. Pus which escapes from these sinuses and
from the ethmoidal cells is usually thin and bad-smelling. Long
continuation of suppuration after such injuries probably means
necrosis and formation of sequestra.
FIG. 2.
Fig. 1. Compound Fracture of Cranium, with
Depression; Fracture of Bones of Face; Extradural
Clot from Rupture of Middle Meningeal Artery.
Fig. 2. Horizontal Section of same, showing
Depressed Fracture of Bone. (Anger.)
C, extradural clot; D, laceration of brain substance, with extensive intracerebral
clot; F, same condition produced by contrecoup. Punctate hemorrhages and
minute lacerations at numerous points, characteristic of contusion of the brain.