IoT security

Internet of things describes the network of physical objects—a.k.a. "things"—that are embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the Internet. (Wikipedia). According to the World Economic Forum's State of the Connected World report, it is predicted that by 2025, 41.6 billion devices will be capturing data on how we live, work, move through our cities, and operate and maintain the machines on which we depend.  The applications of IoT cover broad areas including manufacturing or the industrial sector, health sector,  agriculture, smart cities, security, and emergencies among many others. 

Adopting a multi-layer security-by-design approach to IoT development is critical for handling computers, files, web, and cloud-based IoT applications and services, as well as coping with threats and issues as they occur (Afzal, Saira, et.al, 2021). They highlighted IoT Security Issues for example IoT security-data encryption, IoT security data authentication, IoT Security side-channel attack, hijacking of IoT devices and ransom-ware, lack of updates and insufficient testing, home intrusion, IoT drove financial crime, remotely access of the smart vehicle, counterfeit and rogue IoT devices. 

Security experts have identified concerns with IoT and smart homes, including privacy risks as well as vulnerable and unreliable devices. These concerns are supported by recent high-profile attacks, such as the Mirai DDoS attacks. However, little work has studied the security and privacy concerns of end-users who actually set up and interact with today’s smart homes (Zeng, Eric, 2017). They analyzed smart home technological mental models, smart home threat models, mitigation strategies (technical and nontechnical mitigation), multi-user interaction, and nonsecurity and privacy concerns. Incomplete mental models lead to gaps in threat models and security behaviors. End users were more about physical security issues than privacy issues. Then, flexible end-user programming limits the usefulness of third-party applications. They developed recommendations for the designers of smart home platforms and devices likely UI/UX user awareness and control, design consciously for multiple users, reputation systems for smart home options, develop standard best practices for end-users, design for secure and robust interoperability, minimize tradeoffs for security and privacy.

Home IoT devices describe numerous users interacting with a single home IoT device. Widely deployed techniques for specifying access-control policies and authenticating users fall short when multiple users share a device. Weijia, et.al proposed that access control focuses on IoT capabilities (i. e. certain actions that devices can perform), rather than on a per-device granularity. They discussed the design of authentication mechanisms that related to their ability to identify users, relationships, and contextual factors. They also explained privacy limitations and the effect of false-positive and negatives.

REFERENCES

• Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Cranor, Yuvraj Agarwal. Your Location has been Shared 5,398 Times! A Field Study on Mobile Apps Privacy Nudging. In Proceedings of CHI 2015.
• Yuan Tian, Nan Zhang, Indiana University, Yueh-Hsun Lin, Xiaofeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. SmartAuth: User-Centered Authorization for the Internet of Things. In Proceedings of Security Symposium 2016.
• Eric Zeng, Shrirang Mare, and Franziska Roesner, University of Washington. End-User Security and Privacy Concern with Smart Homes. In Proceedings of SOUPS 2017.
• Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus Durmuth, Earlence Fernandes, Blase Ur. Rethinking Access Control and Authentication for the Home Internet of Things (IoT). In Proceedings of Security Symposium 2018.