Abstract
The ubiquitous internet of things significantly improves every aspect of our daily lives. IoT devices and their use remain a big area of opportunity, but they are complicated by a lack of regulation as well as numerous security and privacy issues caused by design and setup flaws. Many current attacks against SMEs demonstrate that IoT devices make the networks vulnerable and expand the attack surface. Considering the widespread use of IoT devices and the security flaws they have, various parties have tried to provide security frameworks to teach users how to securely deploy these devices. They aimed to advocate that IoT devices should be subjected to strict security and privacy rules in isolated subnetworks, which has been proven to be a promising technique for securing networks, devices, and data. However, these frameworks are aimed at IT professionals rather than average users. In this study, we tried to educate normal users to securely deploy IoT devices. To achieve this goal, we have provided a set of best practices collected from existing standard frameworks. We have demonstrated the implementation of these security measures in two different scenarios using various network devices and with consideration of SME limitations. Some of the security measures are directly related to the device, and there is not much the consumer can do. However, if the technology is supported by the device, the users should be educated accordingly. To successfully achieve the aim of the study, we will investigate the existing vulnerabilities of smart devices and evaluate the existing guidelines for secure deployment of IoT devices. Then we will implement the current best practices for safeguarding computer networks, with a focus on IoT challenges and finally, we will pave the way to propose a practical framework for safely deploying IoT devices in small and medium enterprises.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Kevin A (2009) That ‘Internet of Things’ thing. RFID J 22(7):97–114
Kenton W (2021) The Internet of Things, May 28. Retrieved from Investopedia.com. https://www.investopedia.com/terms/i/internet-things.asp
Hilton S (2016) Dyn analysis summary of friday Oct 21. Retrieved from Oracle+Dyn: https://perma.cc/YW5C-MDEV
Bansal S, Kumar D (2020) IoT ecosystem: a survey on devices, gateways, operating systems, middleware and communication. Int J Wireless Inf Networks 27:340–364. https://doi.org/10.1007/s10776-020-00483-7
Ahemd MM, Shah MA, Wahid A (2017) IoT security: a layered approach for attacks & defenses. In: International conference on communication technologies
S. A. Kumar, Vealey T (2016) Security in Internet of Things: challenges, solutions and future directions. In: 49th Hawaii international conference on system sciences, Koloa, HI, pp 5772–5781
Gupta R, Tanwar S, Tyagi S, Kumar N, Obaidat MS, Sadoun B (2019) HaBiTs: Blockchain-based telesurgery framework for healthcare 4.0. In: Proceedings of International Conference on Computer Information and Telecommunicaton Systems (CITS), pp 1–5
Anand P, Singh Y, Selwal A, Alazab M, Tanwar S, Kumar N (2020) IoT vulnerability assessment for sustainable computing: threats, current solutions, and open challenges. IEEE Access 8:168825–168853. https://doi.org/10.1109/ACCESS.2020.3022842
Gurkan T, Dimitrios GK, Gungor VC, Cengiz G, Erhan T, Erman A (2017) A survey on information security threats and solutions for machine to machine (M2M) communications. J Parallel Distrib Comput 142–154. https://doi.org/10.1016/j.jpdc.2017.05.021
Owasp (2016) Project, manufacturer IoT security guidance. Open web application security. Retrieved from OWASP.ORG. https://www.owasp.org/index.php/IoT_Security_Guidance
Hamad SA, Sheng QZ, Zhang WE, Nepal S (2020) Realizing an Internet of secure things: a survey on issues and enabling technologies. IEEE Commun Surv Tutor 22(2):1372–1391. https://doi.org/10.1109/COMST.2020.2976075
Bertino E, Choo K-KR, Georgakopolous D, Nepal S (2016) Internet of Things (IoT): smart and secure service delivery. ACM Trans Internet Technol 16:1–7
Noor M, Hassan WH (2019) Current research on Internet of Things (IoT) security: a survey. Comput Netw 283–294. https://doi.org/10.1016/j.comnet.2018.11.025
Deshmukh S, Sonavane SS (2017) Security protocols for Internet of Things: a survey. Proceedings of International Conference on Nextgen Electronic Technologies (ICNETS2), pp 71–74
Hatzivasilis G, Fysarakis K, Papaefstathiou I, Manifavas H (2018) A review of lightweight block ciphers. J Cryptograph Eng 8(2)
Maggi DQ (2018) When machines cannot talk: security and privacy issues of machine-to-machine data protocols. Retrieved from https://www.blackhat.com/us-17/briefings.html
Samaila MG, Neto M, Fernandes DA, Freire MM, Inácio PR (2018) Challenges of securing Internet of Things devices: a survey. Secur Priv
Lundgren L (2017) Taking over the world through MQTT-AfterMath. Retrieved from https://www.blackhat.com/us-17/briefings.html
McBride J, Arief B, Hernandez-Castro J (2018) Security analysis of Contiki IoT operating system. In: International conference on embedded wireless systems, pp 278–283
Mckay KA, Meltem LB, Turan S, Mouha N (2017) Report on lightweight cryptography. https://doi.org/10.6028/NIST.IR.8114
Tuna G, Kogias DG, Gungor VC, Gezer C (2017) A survey on information security threats and solutions for machine to machine (M2M) communications. J Parallel Distrib Comput 109: 142–154 (2017)
Chen B, Wan J, Celesti A, Li D, Abbas H, Zhang Q (2018) Edge computing in IoT-based manufacturing. IEEE Commun Mag 56(9):103–109
Liu X, Qian C, Hatcher WG, Xu H, Liao W, Yu W (2019) Secure Internet of Things (IoT)-based smart-world critical infrastructures: survey, case study and research opportunities, 79523–79544. https://doi.org/10.1109/ACCESS.2019.2920763
Rizvi S, Orra R, Coxa A, Ashokkumar P, Rizvi MR (2020) Identifying the attack surface for IoT network. Internet of Things. https://doi.org/10.1016/j.iot.2020.100162
Jurcut AD, Ranaweera PS, Xu L (2020) Introduction to IoT security. In: Liyanage M, Braeken A, Kumar P, Ylianttila M (eds) IoT security: advances in authentication, pp 27–64
Kolias et al (2017) DDoS in the IoT: Mirai and other botnets. Computer 50(7):80–84
Sharma PK, Chen M-Y, Park JH (2018) A software defined fog node based distributed blockchain cloud architecture for IoT. IEEE Access 6:115–124 (2018)
Conoscenti M, Vetrò A, Martin JC (2016) Blockchain for the Internet of Things: a systematic literature review. In: IEEE/ACS 13th international conference of computer systems and applications (AICCSA), pp 1–6
Fan K, Wang S, Ren Y, Yang K, Yan Z, Li H, Yang Y (2019) Blockchain-based secure time protection scheme in IoT. IEEE Internet Things J 4671–4679. https://doi.org/10.1109/JIOT.2018.2874222
Jin Y (2014) Embedded system security in smart consumer electronics. In: Proceedings of the 4th international workshop on trustworthy embedded devices
BCI Horizon Scan Report (2018) Retrieved from BSI: https://www.bsigroup.com/LocalFiles/en-GB/iso-22301/case-studies/BCI-Horizon-Scan-Report-2018-FINAL.pdf
An M (2018) A practical approach to emerging tech for SMBs: AI, blockchain, cryptocurrencies, IoT, and AR/VR. Retrieved from https://blog.hubspot.com/news-trends/emerging-tech-forsmbs
COOK S (2021) 60+ IoT statistics and facts. Retrieved from campritech: https://www.comparitech.com/internet-providers/iot-statistics/
Leclair J (2016, April 22) Testimony of Dr. Jane Leclair before the U.S. house of representatives committee on small business. Retrieved from http://bit.do/sme-leclair
Loi F, Sivanathan A, Gharakheili HH, Radford A, Sivaraman V (2017) Systematically evaluating security and privacy for consumer IoT devices. In: Proceedings of ACM IoT S&P
Hamza A, Gharakheili HH, Sivaraman V (2020) IoT network security: requirements, threats, and countermeasures. Comput Sci > Crypt Secur
Blythe JM, Sombatruang N, Johnson SD (2019) What security features and crime prevention advice is communicated in consumer IoT device manuals and support pages? J Cybersecur
Code of Practice for Consumer IoT Security (2018, October). Retrieved from Department for Digital, Culture, Media & Sport. https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/971440/Code_of_Practice_for_Consumer_IoT_Security_October_2018_V2.pdf
Fagan M, Megas K, Scarfone K, Smith M (2020) IoT device cybersecurity capability core baseline. Technical report. National Institute of Standards and Technology
ENISA (2017) Baseline security recommendations for IoT. European Union Agancy for cyber Security
Baseline Security Recommendations for IoT in the Context of Critical Information Infrastructures (2017, November). Retrieved from European Union Agency for Network and Information Security. https://op.europa.eu/en/publication-detail/-/publication/c37f8196-d96f-11e7-a506-01aa75ed71a1/language-en
ETSI. (2020). EN 303 645 cyber security for consumer internet of things: baseline requirements, June 2020. Retrieved from https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf
Geiger H, Kleiner A, Woods B (2017) Communicating IoT device security update capability to improve transparency for consumers, 14 July 2017. Retrieved from National Telecommunications and Information Administration. https://www.ntia.doc.gov/files/ntia/publications/draft_communicating_iot_security_update_capability_-_jul_14_2017_-_ntia_multistakeholder_process.pdf
Vidich S (2021) Trusted information security assessment exchange (TISAX), Mar 8. Retrieved from Microsoft.com. https://docs.microsoft.com/en-us/azure/compliance/offerings/offering-tisax
ISO/IEC DIS 27400 (2021) ISO
Piasecki S, Urquhart L, McAuley PD (2021) defence against the dark artefacts: smart home cybercrimes and cybersecurity standards. Comput Law Secur Rev. https://doi.org/10.1016/j.clsr.2021.105542
Babun L, Sikder A, Acar A, Uluagac A (2018) IoTdots: a digital forensics framework for smart environments. Arxiv
Iqbal M, Oladiran G, Magdy A, Bayoumi A (2017) A review on internet of things (IoT): security and privacy requirements and the solution approaches. Global J Comput Sci Technol
Shin S, Kwon S (2018) Two-factor authenticated key agreement supporting unlinkability in 5G-integrated wireless sensor networks. IEEE Access 11229–11241. https://doi.org/10.1109/ACCESS.2018.2796539
Lavanya M, Natarajan V (2017) Lightweight key agreement protocol for IoT based on IKEv2. Comput Electr Eng 580–594. Retrieved from https://doi.org/10.1016/j.compeleceng.2017.06.032
Wu F, Xu L, Kumari S, Li XK, Kumar D (2017) An enhanced mutual authentication and key agreement scheme for mobile user roaming service in global mobility networks. Ann Telecommun 72:131–144
Srinivasa J, Mukhopadhyaya S, Mishrab D (2017) Secure and efficient user authentication scheme for multi-gateway wireless sensor networks. Ad Hoc Netw 147–169. Retrieved from https://doi.org/10.1016/j.adhoc.2016.11.002
Chakrabarty S, Engels DW, Member S (2016) Secure IoT architecture for smart cities. In: 13th IEEE annual consumer communications & networking conference (CCNC), pp 812–813. https://doi.org/10.1109/CCNC.2016.7444889
Alaba FA, Othman M, Hashem IA, Alotaibi F (2017) Internet of Things security: a survey. J Netw Appl. https://doi.org/10.1016/j.jnca.2017.04.002
Babun L, Celik Z, McDaniel P, Uluagac A (2021) Real-time analysis of privacy-(un) aware IOT applications. Proc Privacy Enhanc Technol 2021(1)
Khan AY, Latif R, Latif S, Tahir S, Batool G, Saba T (2020) Malicious insider attack detection in IoTs using data analytics. IEEE Access 8:11743–11753. https://doi.org/10.1109/ACCESS.2019.2959047
Liang X, Kim Y (2021) A survey on security attacks and solutions in the IoT network. In: IEEE 11th Annual computing and communication workshop and conference (CCWC), 0853–0859. https://doi.org/10.1109/CCWC51732.2021.9376174
Peters R (2018) Securing the industrial internet of things in OT networks. Retrieved from Fortinet. https://www.fortinet.com/blog/industry-trends/securing-the-industrial-internet-of-things-in-ot-networks
Garcia-Morchon O, Kuma SS, Sethi M (2019) RFC8576: Internet of Things (IoT) security: state of the art and challenges
Toy N, Senthilnathan T (2019) Light weight authentication protocol for WSN using ECC and hexagonal numbers. Indonesian J Electr Eng Comput Sci (IJEECS) 443–450
Iqbal W, Abbas H, Daneshmand M, Rauf B, Bangash YA (2020) An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE IoT J 7(10):10250–10276
Tayyaba SK, Shah MA, Khan OA, Ahmed AW (2017) Software defined network SDN based internet of things IoT a road ahead. In: Proceedings of ACM international conference on future networks and distributed systems p 15
Miettinen M, Marchal S, Hafeez I, Asokan N, Sadeghi A-R, Tarkoma S (2017) IoT sentinel: automated device-type identification for security enforcement in IoT. In: Proceedings of IEEE 37th international conference on distributed computing systems (ICDCS), pp 2177–2184
Rao TA, Ehsan-ul-Hagh (2018) Security challenges facing IoT layers and its protective. Int J Comput Appl
NCSC (2020) Smart security cameras using them safely in your home, March 3. Retrieved from NCSC.GOV.UK. https://www.ncsc.gov.uk/guidance/smart-security-cameras-using-them-safely-in-your-home
Neshenko N, Bou-Harb E, Crichigno J, Kaddoum G, Ghani N (2019) Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Commun Surv Tutor 21(3):2702–2733. https://doi.org/10.1109/COMST.2019.2910750
Czyz J, Luchie M, Allman M, Bailey M (2016) Don’t forget to lock the back door! a characterization of ipv6 network security policy. Netw Distrib Syst Secur (NDSS)
Pauli D (2016) IoT worm can hack Philips Hue lightbulbs, spread across cities, Nov 10. Retrieved from Theregister.com. https://www.theregister.com/2016/11/10/iot_worm_can_hack_philips_hue_lightbulbs_spread_across_cities/
Ferencz K, Domokos J, Kovács L (2021) Review of Industry 4.0 security challenges. In: 2021 IEEE 15th international symposium on applied computational intelligence and informatics (SACI), pp 245–248. https://doi.org/10.1109/SACI51354.2021.9465613
Payne BR, Abegaz TT (2017) Securing the Internet of Things: best practices for deploying IoT devices. Comput Netw Secur Essentials
(2020) Tips to secure your internet of things advice. Australian cyber security. Retrieved from https://www.cyber.gov.au/sites/default/files/2020-08/Tips%20to%20secure%20your%20Internet%20of%20Things%20device%20%28AUG%202020%29.pdf
Mallikarjunan KN, Muthupriya K, Shalinie SM (2016) A survey of distributed denial of service attack. In: 10th International conference on intelligent systems and control (ISCO). https://doi.org/10.1109/ISCO.2016.7727096
Alabady SA, Al-Turjman F, Din S (2020) A novel security model for cooperative virtual networks in the IoT era. Int J Parallel Program 48(2):280–295
Gopal M, Meerolla G, Jyostna P (2018) Mitigating mirai malware spreading in IoT environment. In: Reddy Lakshmi Eswari, Magesh E (eds) In: 2018 International conference on advances in computing, communications and informatics (ICACCI), pp 2226–2230. https://doi.org/10.1109/ICACCI.2018.8554643
Cisco (2021) CLI Book 3: Cisco ASA series VPN CLI configuration guide, 9.7. Cisco. https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config.pdf
Siddharth S (2020) Factory reset your Raspbian OS. Retrieved from Github.com. https://github.com/shivasiddharth/RaspberryPi-Factory-Reset
Rizvi S, Pipetti R, McIntyre N, Todd J, Williams I (2020) Threat model for securing internet of things (IoT) network at device-level. Internet of Things. Retrieved from https://doi.org/10.1016/j.iot.2020.100240
Gurunath R, Agarwal M, Nandi A, Samanta D (2018) An overview: security issue in IoT network. In: 2018 2nd international conference on I-SMAC (IoT in social, mobile, analytics and cloud)
Ali B, Ismail A (2018) Cyber and physical security vulnerabilityassessment for IoT based smart homes. Sensors 2–17
Ali M, Vecchio M, Pincheira M, Dolui K, Antonelli F, Rehmani M (2019) Applications of blockchains in the internet of things: a comprehensive survey. IEEE Commun Surv Tutor
Alladi T, Chamola V, Sikdar B, Choo KR (2020) Consumer IoT: security vulnerability case studies and solutions. IEEE Consum Electron Mag. https://doi.org/10.1109/MCE.2019.2953740
Burhan M, Rehman RA, Khan B, Kim B-S (2018) IoT elements, layered architecture. Sensors 1–38
Cappelli DM, Moore AP, Trzeciak RF (2012) The CERT guide to insider threats: how to prevent detect and respond to information technology crimes (theft Sabotage Fraud)
Chen K, Zhang S, Li Z, Zhang Y, Deng Q, Ray S, Jin Y (2018) Internet-of-Things security and vulnerabilities: taxonomy, challenges, and practice. J Hardw Syst Secur 97–110
Demiris G, Hensel BK (2018) Technologies for an aging society: a systematic review of “smart home applications.” IMIA Yearbook Med Inf 47:33–40
Hair JF, Samouel, Page M (2015) The essentials of business research methods
Hill K (2015) This guy’s light bulb performed a DoS attack on his entire smart house. Retrieved from Splinter. https://splinternews.com/this-guys-light-bulb-performed-ados-attack-on-his-enti-1793846000
Holst A (2021) statisa.com, Jan 20. Retrieved from Statisa Research Department. https://www.statista.com/statistics/1183457/iot-connected-devices-worldwide/
Ii N, Tech YM, Pai V (2018) Survey on IoT security issues and security protocols. Int J Comput Appl 180:975–987
Institute BC (2021) Supply chain resilience report 2021. Institute, Business Continuity
Kim A, Oh J, Ryu J, Lee K (2020) A review of insider threat detection approaches with IoT perspective. IEEE Access 8:78847–78867. https://doi.org/10.1109/ACCESS.2020.2990195
Labs M (2017) McAfee Labs threat report. Mcafee.com
Lim H-K, Kim J-B, Heo J-S, Han Y-H (2020) Federated reinforcement learning for training control policies on multiple IoT devices. Sensors. https://doi.org/10.3390/s20051359
Lin J, Yu W, Zhang N, Yang X, Zhang H, Zhao W (2017) A survey on Internet of Things: architecture enabling technologies security and privacy and applications. IEEE Internet Things J 4:1125–1142
LLC, P. I. (2018). 2018 Cost of insider threats: global. ObserveIT. Retrieved from https://153j3ttjub71nfe89mc7r5gb-wpengine.netdna-ssl.com/wp-content/uploads/2018/04/ObserveIT-Insider-Threat-Global-Report-FINAL.pdf
Novo O (2018) Blockchain meets IoT: an architecture for scalable. IEEE Internet Things J 5(2):1184–1195
Scrutton R, Beames S (2013) Measuring the unmeasurable: upholding rigor in quantitative studies of personal and social development in outdoor adventure education. https://doi.org/10.1177/1053825913514730
Sharma PK, Chen M-Y, Park JH (2018) A software defined fog node based distributed blockchain cloud architecture for IoT. IEEE Access 6:115–124
Sonicwall. (2021). Sonicwall Cyber threat report. Sonicwall. Retrieved from https://www.sonicwall.com/medialibrary/en/white-paper/mid-year-2021-cyber-threat-report.pdf
Theis M, Trzeciak RF, Costa DL, Moore AP, Miller S, Cassidy T, Claycomb WR (2020) Common sense guide to mitigating insider threats. https://doi.org/10.1184/R1/12363665.v1
Thomson I (2017). Firmware update blunder bricks hundreds of home ‘smart’ locks, Aug 2017. Retrieved from the register: https://www.theregister.co.uk/2017/08/11/lockstate_bricks_smart_locks_with_dumb_firmware_upgrade
Xu L, Guan Y, Singhal V (2021) Network attack trends: Internet of threats (Nov 2020–Jan 2021), Apr 12. Retrieved from https://unit42.paloaltonetworks.com/. https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Ghazaani, S.J., Faulks, M., Pournouri, S. (2022). Secure Deployment of IOT Devices. In: Jahankhani, H., V. Kilpin, D., Kendzierskyj, S. (eds) Blockchain and Other Emerging Technologies for Digital Business Strategies. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-030-98225-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-98225-6_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98224-9
Online ISBN: 978-3-030-98225-6
eBook Packages: Business and ManagementBusiness and Management (R0)