Abstract
According to NIST, “IoT involves the connection between humans, non-human physical objects, and cyber objects, enabling monitoring, automation, and decision making.” In today’s world, IoT and cloud are ruling the world of automation. Internet of Things is otherwise known by the name of the Internet of Everything. The IoT device refers to web-enabled computing devices and capability sensing, collecting, and sending data using sensors and communications hardware processors embedded in the machine. The IoT device types have been categorized as implanted on natural, Man-made or machine-made objects and can communicate over the network. Security of the IoT devices and data traveled between IoT devices are more vulnerable to attacks. This chapter covers the real-time security tools and techniques to attack the IoT devices to defend against them by building a holistic view of the aggregated analytics layer. The secure reference architecture presents various layers in it, which can be followed by best practices that how weakness must rectify in constraint devices. The next aspect is the vulnerability security management of IoT environment. Network fencing is a complex issue to ensure end-to-end communication, which should not deviate from the security standards. Exploitation can be performed to steal the data or make outage of the large enterprise comprehensive data protection and stringent access mechanism to protect the devices from malicious attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
N.M. Karie, N.M. Sahri, P. Haskell-Dowland, IoT threat detection advances, challenges and future directions, in 2020 IEEE Workshop on Emerging Technologies for Security in IoT (ETSecIoT), (2020), pp. 22–29. https://doi.org/10.1109/ETSecIoT50046.2020.00009
S. Sicari, A. Rizzardi, L. Grieco, A. Coen-Porisini, Security, privacy and trust in the internet of things: the road ahead. Comput. Netw. 76, 146–164 (2015). https://doi.org/10.1016/j.comnet.2014.11.008
I. Andrea, C. Chrysostomou, G. Hadjichristofi, Internet of Things: security vulnerabilities and challenges, in 2015 IEEE Symposium on Computers Communication (ISCC), (2015), pp. 180–187
A. Al-Omary, A. Othman, H.M. AlSabbagh, H. Al-Rizzo, Survey of hardware-based security support for IoT/CPS Systems. KnE Eng. 3(7), 52–70 (2018)
M. Burhan, R.A. Rehman, B. Khan, B.-S. Kim, IoT elements, layered architectures and security issues: a comprehensive survey. Sensors 18, 2796 (2018)
S. Latif, Z. Zou, Z. Idrees, J. Ahmad, A novel attack detection scheme for the industrial internet of things using a lightweight random neural network. IEEE Access 8, 89337–89350 (2020). https://doi.org/10.1109/ACCESS.2020.2994079
A. Dalvi, S. Maddala, D. Suvarna, Threat Modelling of Smart Light Bulb, in 2018 Fourth International Conference on Computing, Communication Control and Automation (ICCUBEA), Pune, India (2018), pp. 1–4. https://doi.org/10.1109/ICCUBEA.2018.8697723
N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, N. Ghani, Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations, in IEEE Communications Surveys & Tutorials, vol. 21, no. 3, third quarter (2019), pp. 2702–2733. https://doi.org/10.1109/COMST.2019.2910750
F. Jaskani, S. Manzoor, M.T. Amin, M. Asif, M. Irfan, An investigation on several operating systems for the Internet of Things. EAI Endorsed Trans. Creative Technol. 6, 160386 (2018). https://doi.org/10.4108/eai.13-7-2018.160386
S.S. Manikandasaran, S. Raja, Security architecture for multi-tenant cloud migration. Int. J. Future Comput. Commun. 7(2), 42–45 (2018)
https://developer.ibm.com/technologies/iot/articles/iot-top-10-iot-security-challenges/. Accessed 1 Aug 2020
S.S. Manikandasaran, K. Balaji, S. Raja, Infrastructure virtualization security architecture specification for private cloud international. J. Comput. Sci. Eng. 6(2), 10–14 (2018)
T.U. Sheikh, H. Rahman, H.S. Al-Qahtani, T. Kumar Hazra, N.U. Sheikh, Countermeasure of attack vectors using signature-based IDS in IoT environments, in 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON), Vancouver, BC (2019), pp. 1130–1136. https://doi.org/10.1109/IEMCON.2019.8936231
T.S. Fatayer, M.N. Azara, IoT secure communication using ANN classification algorithms, in 2019 International Conference on Promising Electronic Technologies (ICPET), Gaza City, Palestine (2019), pp. 142–146. https://doi.org/10.1109/ICPET.2019.00033
https://wiki.owasp.org/index.php/OWASP_Internet_of_Things_Project#tab=IoT_Top_10. Accessed 10 Aug 2020
https://www.shodan.io/. Accessed 10 Aug 2020
https://iridi.com/server/. Accessed 10 Aug 2020
S.L. Keoh, S.S. Kumar, H. Tschofenig, Securing the Internet of Things: a standardization perspective. IEEE Internet Things J 1(3), 265–275 (2014). https://doi.org/10.1109/JIOT.2014.2323395
W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, Y. Abbas, An in-depth analysis of IoT security requirements, challenges and their countermeasures via software-defined security. IEEE Internet Things J. https://doi.org/10.1109/JIOT.2020.2997651
Z.A. Alizai, N.F. Tareen, I. Jadoon, Improved IoT device authentication scheme using device capability and digital signatures, in 2018 International Conference on Applied and Engineering Mathematics (ICAEM), Taxila (2018), pp. 1–5. https://doi.org/10.1109/ICAEM.2018.8536261
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Raja, S., Manikandasaran, S.S., Doss, R. (2022). Threat Modeling and IoT Attack Surfaces. In: Aurelia, S., Paiva, S. (eds) Immersive Technology in Smart Cities. EAI/Springer Innovations in Communication and Computing. Springer, Cham. https://doi.org/10.1007/978-3-030-66607-1_11
Download citation
DOI: https://doi.org/10.1007/978-3-030-66607-1_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-66606-4
Online ISBN: 978-3-030-66607-1
eBook Packages: EngineeringEngineering (R0)