Overview

The Internet of Things or “IoT”. It seems like everyone’s talking about it, but what exactly is it? Well, it seems that locking down a definition isn’t very easy. As lots of people have different ideas about what exactly it is; what it does, and what it means for everyone. For our purposes, I’m going to describe the IoT as a network of separate, but uniquely identified devices; that sometimes have the ability to talk with each other without requiring a human to human interaction, or human to computer interaction. Some of these devices you may be familiar with in your everyday life. Things like FitBits, Apple Watches, mobile telephones, so-called smart TVs, home thermostats, appliances like refrigerators. These are all IoT devices that you are probably familiar with.

However, there are other devices that you may not think about or even know exist. For example, things like so-called smart grid devices for monitoring electricity consumption. Machine-to-machine communication in industrial environments, building automation, automobile collision in avoidance/detection systems, open-source computing devices like Raspberry Pi or Beagle Bones. Even healthcare-related devices like pacemakers or insulin pumps, or even driverless vehicles. In some situation, these devices can network together to achieve a desired goal over a larger area; like an assembly line or smart grid devices.

Introduction

In some situations, These devices network together in a much tighter, smaller proximity to achieve a goal. Like for example, your Apple Watch communicating with your iPhone. To put the scope of IoT into some kind of perspective, let’s look at some numbers. In 2008, we saw the number of connected devices surpass the world population of approximately 6.7 billion people. In 2015, approximately 1.4 billion smartphones were shipped by manufacturers globally. By 2020, it’s predicted that we will have 6.1 billion smartphone users. World population is expected to be 7.7 billion at that time. By 2020, it’s also anticipated that we will see 50 billion things connected to the internet. And by 2027, it’s expected that we will see 27 billion machine to machine connections in the industrial sector.

Analysis

Let’s stop and think about the industrial sector and think about the data being generated by these things. Once again, to help you wrap your mind around this, here’s some numbers for you to consider. In 2013, devices connected to the internet generated 3.1 zettabytes of data; 2014 that number jumped to 8.6 zettabytes. In 2018 that number expected to soar to 400 zettabytes. So you’re probably asking yourself, what exactly is a zettabyte? Technically speaking, it’s one trillion gigabytes. Now I don’t know about you, but I have a hard time wrapping my head around a number that large.

So think about it this way. According to Cisco, one zettabyte would be the equivalent of 36,000 years of high definition television video. Or the equivalent of streaming the entire Netflix catalogue 3,177 times and that’s just one zettabyte. Remember the 2018 estimate was 400 zettabytes. Obviously, that’s a lot of data. Let’s stop to consider just some of the types of data that can be served up by an IoT device.

Key Features

For example, your location. Who you communicate with, both voice and text. When you communicate and for how long you communicate. Details about your health like blood pressure, heart rate so forth and so on. Utility usage, your driving history and behaviour, production details relative to your company. When you enter or leave a building, and the list goes on and on. Now let’s think about the security of these devices, as well as the data they may transmit. History has shown us that the device manufacturers, for the most part, don’t consider security when building their products.

In most cases, little to no thought was given to how data is transmitted. Where it’s sent to, or if the device leaks data other than what it was intended to transmit. End users also share blame on the security front as well. Frequently, end-users fail to do simple things like changing the default passwords that ship on devices, leaving them exposed. Additionally, end-users frequently fail to properly segment the network in order to accommodate devices that need to access the internet directly. Also, end-users fail to consider the data they are sharing with these devices and the possible ramifications of sharing that data with others. For example, studies have shown that homeowner presence or absence can predict simply by predicting and monitoring electricity usage.

As we’ve shown, the IoT is an exciting area to explore but it’s not without its challenges. Only by considering all of the benefits and drawbacks; we can make an informed decision about how, when, and where to use or not use IoT devices.

Internet of Things(IoT)

The internet of things, or IoT; a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that provided with unique identifiers (UIDs); and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. A Thing in the internet of things can be a person with a heart monitor implant; a farm animal with a biochip transponder, an automobile that has built-in sensors to alert the driver when tire pressure is low or any other natural or man-made object that can be assigned an Internet Protocol (IP) address and is able to transfer data over a network.

Most IoT devices will use sensor-based technologies, in which the sensors will identify or measure any change in position, location, etc.; these sensors will transmit data to a particular device or server, which in turn will analyze the data to generate the “information” for the user. In business terms, the sensors will also act as data gatherers; cloud computing will be a platform for storing and analyzing the data, and Big Data analytics will convert this raw data to knowledge or insights. Business models for the employment of IoT may vary for every organization, depending upon whether it is handling the core operations, manufacturing or the services/ technologies.

Advantages of IoT in the real world

• New business opportunities
• Potential for business revenue growth
• Improved decision-making
• Cost reductions
• Safety and security
• Improved citizen experience
• Improved infrastructure

Cybersecurity

Cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative.

A successful cyber-security approach has multiple layers of protection spread across the computers, networks, programs, or data that one intends to keep safe. In an organization, the people, processes, and technology must all complement one another to create an effective defence from cyber attacks. A unified threat management system can automate integrations across select Cisco Security products and accelerate key security operations functions: detection, investigation, and remediation.

IoT and New Security Challenges

The described technical architecture of the IoT has an impact on the security and privacy of the involved stakeholders. Privacy includes the concealment of personal information as well as the ability to control what happens with this information. The right to privacy can consider as either a basic and inalienable human right, or as a personal right or possession. The attribution of tags to objects may not be known to users, and there may not be an acoustic or visual signal to draw the attention of the object’s user.

Thereby, individuals can follow without them even knowing about it and would leave their data or at least traces thereof in cyberspace. Further aggravating the problem, it’s not anymore only the state that interested in collecting the respective data, but also private actors such as marketing enterprises. Since business processes concerned, a high degree of reliability is needed. In the literature, the following security and privacy requirements are described:

Use of Outdated Hardware and Software

In this post-economic-crisis world, businesses move fast. New product launches, mergers, acquisitions, market expansion, and introductions of new technology are all on the rise: these changes invariably have a complicating impact on the strength and breadth of an organization’s cybersecurity, and its ability to keep pace.

Network of networks

The adoption of mobile computing has resulted in blurring organizational boundaries, with IT getting closer to the user and further from the organization. The use of the internet via smartphones and tablets (in combination with bring-your-own-device strategies by employers) has made an organization’s data accessible everywhere and at any time.

Infrastructure Security

Finding loopholes to enter any network will be easier for an attacker since there will be so many ways to attack. Traditionally closed operating technology systems have increasingly been given IP addresses that can access externally, so that cyber threats are making their way out of the back office systems and into critical infrastructures, such as power generation and transportation systems and other automation systems.

Cloud computing

Cloud computing has been a prerequisite for IoT from the very early days of its evolution. The cloud provides a platform for IoT to flourish, however, there are still many challenges which we face today when it comes to cloud security or data security in the cloud. Organizations are often discovering too late that their cloud provider’s standards of security may not correspond to their own. The recent events of “CelebGate” and Amazon’s IAAS compromise are the live examples of such flaws. These are the incidents which have led the critics to call these services as a single point of the hack, instead of a single point of storage.

With Big Data also coming into the picture, there will be an enormous amount of data produced for the service providers as well. With the plethora of data that they will have, the storage servers will have to be updated and secured all the time. There will be an increase in risks for communication links too since the sensors and devices will be communicating sensitive personal information all the time on the channels.

Application risk

Apps have accelerated the integration of mobile devices within our daily lives. From mapping apps to social networking, to productivity tools, to games, apps have largely driven the smartphone revolution and have made it as significant and as far-reaching as it is today. While apps demonstrate utility that seemingly bound only by developer imagination, it also increases the risk of supporting BYOD devices in a corporate environment.

Growing use of mobile devices

Smartphones have already become an integral part of our lives; we rely on them to hold significant information, such as our home address, credit card details, personal photos/videos, e-mail accounts, official documents, contact numbers and messages. The information stored on our devices will include the places that we visit frequently and a “pattern” that uniquely identifies us, so anyone who can hack into any of these devices can get into our lives very easily. The loss of a single smart device not only means the loss of information but increasingly it also leads to a loss of identity (identity theft). The internet knows no monopoly and hence all devices cannot have the same firmware or software running on them. Hardware from different companies might not support each other and thus it might lead to interoperability issues of devices.

Bandwidth consumption

Thousands of sensors, or actuators, trying to communicate to a single server will create a flood of data traffic which can bring down the server. Additionally, most of the sensors use an unencrypted link to communicate, and hence, there is a possibility of lag in the security. The bandwidth consumption from billions of devices will put a
strain on the spectrum of other wireless communications, which also operate on the megahertz frequencies like radio, television, emergency services, etc. However, companies have started taking this seriously; as a result, Qualcomm has launched its low power Wi-Fi connectivity platform for IoT.

Governance and compliance issues

Increasing privacy legislation is a trend that likely will continue in the near future. As organizations design IoT security controls, these may interfere with personal expectations of privacy. A well-formed IoT policy should include defined, clear expectations on privacy-impacting procedures, bearing in mind that legislation
may differ in certain geographical regions.

Privacy and data protection

All smart devices hold information about their users, ranging from their diet plan to where they work; smart devices will include personal life details and often even banking details. All IoT devices gather accurate data from the real world, which is excellent from an analytics perspective, but a user might not be comfortable with sharing that data with a third party even if not all the data is confidential or sensitive.

Breach investigation and notification

Following the impact of highly publicized cyberattacks, new and future legislation is proposed on cybersecurity, with fines being levied on companies who do not protect consumer data, and mandatory actions are introduced around data breach notification. Organizations should prepare for this legislation by keeping an active inventory of devices, the data on them and the security controls in place to protect that data.

Solutions for IoT Cyber crime

Use IoT Security Analytics

The vulnerabilities and security issues associated with IoT can be drastically reduced by implementing security analytics. This involves collecting, correlating, and analyzing data from multiple sources that can assist IoT security providers to identify potential threats and nip such threat in the bud.

Thus, there is a need for multi-dimensional security analytics apart from monitoring IoT gateways alone. Malicious and suspicious anomalies can identify by correlating data from a wide range of domains. That allows security experts to correct such anomalies and prevent them from having a negative impact on the connected devices.

Use of Cryptography

Cryptography defined as the system by which data and information of value are stored or transmitted in such a way that only those for whom it is intended can read, interpret or process it. Effectively, cryptography obscures information from unauthorized snoopers and interceptors. In the same way, it can use to hide dubious and clandestine activities in our modern cyber world today.

Develop Clear Security Policies

Based on a risk assessment conducted by your cybersecurity team, you must quickly develop policies for communication. These policies govern exactly who can access, use or receive which type of content, and who will oversee enforcement actions for violations of these policies.

Secure the Network

IoT devices connected to back-end systems that are already connected to the Internet via an IoT network. This network plays a crucial role in the smooth operation of IoT devices. To sustain the smooth operation, there is a need for the IoT network to be protected and secured. By employing some endpoint security features like anti-malware, antivirus, intrusion prevention, and firewalls, you can effectively protect the network and secure it against attacks.

Necessary of Device Authentication

Strong IoT device authentication required to ensure connected devices on the IoT can be trusted to be what they purport to be. Consequently, each IoT device needs a unique identity that can authenticate when the device attempts to connect to a gateway or central server. With this unique ID in place, IT system administrators can track each device throughout its lifecycle, communicate securely with it, and prevent it from executing harmful processes. If a device exhibits unexpected behaviour, administrators can simply revoke its privileges.

Certificate Authentication in IoT

Digital certificates play a crucial role in establishing identity and maintaining data and device integrity. PKI uses digital certificates to enable device-to-device or device-to-server identity authentication. Certificates also protect the data exchanged between devices. Digital certificates are the foundation of a network’s IoT security, protecting its data, authenticating its devices, and creating trust for everyone interacting with the network. With the IoT, networks are expanding and becoming more powerful therefore maintaining the integrity of data and privacy has never been more important.

A PKI-based certificate solution does not require tokens or passwords. Instead, digital certificates used to solve the authentication challenge. PKI tackles the challenge by using digital certificates; in addition to security, protocols to encrypt and secure communications within an IoT network.

Conclusion

I conclude this article by saying that after the identification of the main IoT-enabling technologies, issues and challenges; the next step is the design of the network architecture and framework to efficiently support the future IoT applications. This will shape the future networking concepts and functionalities of the future Internet. Only the future will show how successful IoT services will be!
These issues need to tackle before such services become used in every-day situations. Other IoT services; are very close to the market, however, such as touch-a-tag applications and sensor-based monitoring services or home networking.