Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)

IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

A Survey of Privacy Leakage and Security

Vulnerabilities in the Internet of Things
Amit Kumar Tyagi [0000-0003-2657-8700] Deepti Goyal
School of Computer Science and Engineering Department of Computer Science and Engineering,
Vellore Institute of Technology, Chennai Campus, Chennai, Lingaya’s Vidyapeeth, Faridabad - 121002,
600127, Tamilnadu, India. Haryana, India
amitkrtyagi025@g mail.com [email protected] m

Abstract. In this world, where everything around use is linked better version in future (i.e., for future customers). However, a
with technology, be it smart homes, smart cities, smart cars, etc. customer is always unaware from this kind of strategy of
Internet of Things (IoT) or Internet Connected Things (ICT) are manufactures. So, in future a device to be unexpectedly smart. This
connected todays everywhere, with everywhere which is used to scenario is the outcome of industries who are just thinking ways to
build a smart environment (with physical world). make a device IoT enabled rather than thinking whether they should
In fact, these internet linked gadgets have made our lives make a device IoT enabled or not. Interestingly it is not the
extremely easy, secure, and quick. But, using such devices in our consumer but the manufacturer who is benefitting by collecting
daily life, people are very much concern about “their personal data. Every manufacturer’s primarily intention is to digitalize things
information”. S o a question raised here: “Is it (personal to collect data. Manufacturer first aim is to attract many customers
information) safe with these (such) devices”? When these devices
(with putting security risks at side), to make maximum profits and
are connected together, they build an ecosystem together for
to stand in competitive market. Also, the customers wanted
human being/for various applications. A lot of data is being
captured and transformed into valuable forms, which is used in
themselves to be updated with the latest technological innovations
future for increase productivity by forms/ organisation (in many and are ignoring the associated security risks. A lot of data (called
application areas), ranging from automated home appliances, Big Data) is being generated by internet of Things (internet) and its
smart grids and high-resolution assets, to product management. integration. Also, this generated data is being collected on a cloud.
This captured and collected data creates several issues, so it On another side, cloud is the backbone for the Internet of Things,
requires new/ useful strategies of enhancing the present status of resources can be shared anywhere, anytime. As IoT devices or this
IoT by incorporating (or overcoming) security and privacy into technology evolves, human being become more familiar with smart
its current design, structure and implementation. Hence, this things/ these devices. So, these internet connected/ IoT devices are
article explains such issues (in IoT) like privacy breaches, used for solving some real world’s problems/ tasks related to real-
security vulnerability etc., in clear manner. time scenarios like self-driving cars or health care, etc.
IoT offers a number of benefits to its clients and has the capability
Keywords – Internet of Things (IoTs), Internet Connected Things, to modify the techniques through which the user can communicate
Privacy, Security, Cyber- Attacks, and Internet of Thing’s Applications. with technology. In near future, the Internet of Things is being
integrating with virtual world with physical world (together), which
I. Introduction is difficult to protect. When it comes to security and privacy, the
expected usage of sensors and gadgets in personal spaces do pose
In the previous years, a number of security threats were existent in issues and problems. As physical objects are increasing in our daily
IoT and Cyber Physical Systems including those of robotics, life (according to our needs), then in future, detection and sharing
electronic power grids, smart transportation systems, etc. The of observations about us (by devices) will be increased
phrase 'Internet of Things (IoTs)' was first invented in the mid- automatically, i.e., require to protect our privacy. The IoT has the
1990s by Kevin Ashton, the co-founder and executive director of ability to link as many "stuff" as 10X (28 billion) to the Web by
MIT's Auto-ID lab [1]. Significant attributes occur across a variety 2020, spanning from bracelets to vehicles (in the immediate future).
of meanings, including sensors, stuff, persons, operation, Notice that the Internet of Things (IoT) arose as the third phase of
automation, info, network, communication, convergence, and Internet growth, the Internet phase of the 1990s was the first,
intelligence. The Internet of Things (or Internet Connected Things whereas the web wave of the 2000s was the second [2]. With
or Smart Things) may therefore be described as "Intelligent decreasing prices/ cost of sensors, processing power and bandwidth
interactivity between human beings and objects to share to connect devices are enabling ubiquitous connections right now.
information and knowledge in order to generate new Pervasive computing follows 6A’s, authorized access to anytime‐
value". Billions and billions of devices are getting connected to the anywhere‐any device‐any network‐any-data. Internet of Things
internet everyday as hardware is getting cheaper and smaller to fit (IoTs) makes a smart environment in integration of together [3], in
into even the tiniest object. Manufacturers are connecting even the this smart environment several smart things works together smartly,
mundane kitchen gadgets to the internet to do some little work. security, and efficiently. In the development of the Internet of
Over a period of time, it is possible to turn the dumbest thing into a Things (IoT) devices/ smart things, several issues like security,
smart device. For example, a washing machine manufacturer privacy, scalability, lack of standards, etc., (already) has been
collecting data to understand the product’s wear and tear to build a raised. Loopholes in security (badly configured devices) may

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 386

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

provide a backdoor to unknown/ malicious users/hackers . Internet ecosystem using some preventive and cryptographic mechanisms in
of Things devices are becoming more attractive to human beings section 5. Then, security and Privacy Goals with internet of Thing’s
(now days) than any other technologies (e.g., mobile phones), Devices (via a 3600 view) have been discussed in section 6. Before
which access user’s most sensitive information/ personal data, i.e., conclusion, some challenges in IoTs devices/ with internet
social security numbers and banking information. This is an connected things have been discussed in section 7. In last, this work
essential issue overcome/ to received attention from research is concluded with some future work (scope) in section 8. Note that
community. in this work, used terms ‘Internet of Things’ with ‘Internet
Connected Things’ or ‘Smart Things’ interchangeably.
A. Component of Internet of Things
II. How Internet of Things is affecting User’s Privacy?
Featuring IoT by sampling the numerous linked/networked devices
is indeed a method to oversimplify the issue and must realize that Generally, Internet of Things enabled devices are physical gadgets
IoT is a sophisticated environment which consists of nearly all the with built-in Internet connectivity that allow data transmission [10].
aspects of the Internet including analytics, the cloud, application, But, a user is unaware what is happening in the background, i.e., a
security and much more. Technically speaking, networked user have no indication that anything is happening in back-send.
devices/gadgets linked with the internet mainly made use of three Are these devices are supporting users in a positive ways or in
major substituents i.e., physical devices embedded with sensors, negative ways? For example, a movie named “Spy in the sky” was
connection and architecture, and analyses and implementations. released in 2015.In this movie, user’s location or movement was
The following enabling technologies with Internet of Things are getting traced by drones (in form of/ like a bird). Such incidents are
included as: possible in real-world also. As another example, a hacker or
 Radio-Frequency IDentification (RFID): They aid in antivirus companies have added some patches with their antivirus
automatically identifying anything they are connected to update, to get end-user activities. Even hackers can send malicious
functioning as an electronic barcode. files to an end user which may control end user’s systems/devices
 Wireless Sensor Networks (WSN): A sensor network entirely. As discussed above, increases in connected devices/ IoTs
composed of a large number of smart sensors, allowing are the main causes in generating a lot of data. Also using devices
valuable information to be gathered, stored, evaluated, and by several people without knowing such technology/ device o r
disseminated in a variety of environments. The having low security in respective devices are the main reason of
components that make up the WSN monitoring network losing their footprints to other users/ attacker/ hacker. IoTs are
include: hardware from WSN, communication stack from much helpful in building Cyber physical systems, but providing
WSN, aggregation from Middleware and Protected Data. automation to machines or every work may harm to society/ people
 Addressing Schemes: Internet Protocol version 6 (IPv6) is via tracing their movements (or footprints). These are is no
used for identifying the IoT devices uniquely as it is a key guarantee that these devices will not track user’s movements or
aspect for controlling and monitoring the devices. reveal this collected information to other user/ outsid e world.
 Data Storage and analytics: Billions and Billions of IoT Internet of Things device are being used in several applications like
devices are producing continuous streams of data. In order industries/ industrial intent, personal medical devices, smart home,
to process the data collected and gain knowledge require wearable, smart city, smart grid, connected car, smart retail, smart
AI based machine learning algorithms. These algorithms supply chain, smart farming, etc. [2]. Apart that, today’s IoT
need to be interoperable and adaptive. devices are resilience to several attacks like TREsPASS attack,
 Visualization: Visualization is the key to the success of Distributed-Denial-of-Service, Falsification attack, Man-in-Middle
any IoT application. Visualization techniques help the end attack. Hence, with such attacks, hacker/ attacker breach or track or
users in making quick decisions. interfere into user’s personal life/ daily life. In summary, a user may
IoT devices ae further segregated into two classes, i.e., Physical be traced in public places by several devices or by his own devices
objects (like camera, smart phones, UAVs, etc.) and Virtual objects (like smart phone, laptops, or nay internet connected devise, etc.).
(like e-tickets, e-nook, e-wallet, etc.). In simple terms, IoT is a Also, he/ she can be traced by hackers/ machines/ robots (i.e., a
combination of embedded technologies including wired and cyber-physical system) in his/ her home. A robot can look to his
wireless communication sensors and actuator device and physical owner, i.e., at what time which work he/ she is doing and so on.
objects connected to the internet. An IoT system has four major According to that, machine/ robot may use this information/ traces/
constituents: a). Sensors that collect data from smart devices b). patterns against his owner (in future) only. For example, in a movie
Input which activates the sensors c). Data analysis that is performed named “Edward Snowden” which was made on true incident. In
to extract useful information. d). A monitoring system for ensuring respective movie, Central Intelligence Agency (CIA) looks into its
security and privacy of the information. citizen’s life and traces every movement of its citizens. Together
Hence, this section discusses about several things likes this, CIA read all messages through mails, phones, etc., of its
introduction and essential components of IoTs. Further, the citizens (also put surveillance on its citizens). Hence, there was no
organization of this paper is discussed as: Section 2 discusses a privacy protection mechanism, even companies made to bind to
vision for future, i.e., how near future can be changed/ will be with share their user’s data with the respective government. As another
Internet of Things and Machine Learning or intelligence together. example, in China (now a day) mobile companies have to share its
Further, section 3 discusses about some current trends in IoTs user’s data with respective governments (as a mandatory rule). Such
technologies. Then several Threats to Internet of Things Ecosystem examples are complete violation of personal privacy. Basically, a
like human and cyber-attacks (also some vision of IoTs in future) user’s privacy need to be protected and kept preserved, because
are being discussed in section 4. Further, will secure an IoT

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 387

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

privacy a fundamental right for citizens of a country (e.g., India, information on the Internet) created by Tim Berners-Lee [7, 8].
USA, etc.). Today’s Internet users are in billions, it is being in maximum
Hence, major security issues in IoTs/ Internet Connected Devices devices (i.e., interlinked human and creates new generations of
are: handling data encryption, data authentication, IoT hardware interactive experiences). Within a few years, Internet will be the
issues, hardware testing (as inevitable), and managing updates (in prime complement to plethora of IoT integrated environments (a
devices). Also, major trust issues in IoT are: lack of security, whole new world filled with interlinked smart gadgets which are
leaking of privacy/ tracking footprints of users, safety (smart locks, combined with sensors, connected to the Internet, all exchanging
etc.). To overcome such raised issues in IoTs and need to fulfil data and details among each other without mundane interference). It
some goals with respect to privacy and trust. Primary security goals is because today Internet has a lot of information (due to having a
in IoT are confidentiality, integrity, authentication and large network of information). In simple terms, Internet became a
authorization, availability, accountability, auditing, non- bigger platform/ source of information (also it is due to large
repudiation. On the other hand, privacy goals in IoTs are: privacy in number of websites available on it).
devices, privacy during communication, privacy in storage, privacy Value Propositions: Internet connected gadgets being the tech-
in processing, identity privacy and location privacy and building giants among modern day individuals have been linked to four
trust with respect to respective service provider (who own IoTs major components which include Big Data, Cloud, Social Media,
devices). Hence, this section discusses about how internet and mobile devices [4]. Interaction of these components (together)
connected devices may affect user’s privacy in a crowd places and will fuel and shape the IoT to a new level. The ‘Internet of Things’
non-crowded places. Now how IoTs can be useful to a human being generate a lot of data (called as ‘Big Data’), which is used by data
can be discussed via two scenarios (see figure 1). Here, neededto scientists, researchers or organisations (or manufacturer) to do
discuss one day of a user with two different scenarios [4, 5], in that prediction/ make some decision for future. The volume of data
intelligence or machine learning are much helpful/ in helping them attributable to the ‘Internet of Things’ is substantial. As sensors
to get ready for next day (for job/ work). Hence, what noticed from (embedded in IoTs) interact with the other things (or devices),
the discussed scenarios (discussed in [4]]) and learned here, ‘Things’ such as RFID tags generates huge and huge of data. In
differences among life living with and without intelligence, and result, traditional tools fail to handle this large amount of data.
importance of Machine Learning or intelligence/ artificial Digital computation has turned out to be necessity with flexible
intelligence in near future. For new users, no matter when a user viability. The significance of data related to IoT is contrasted with
gets up, shower and coffee are being ready without ever-getting the typical transaction processes and it’s to be noted that these sensors
chance to waste water or warm or cold using intelligence with (in) are capable of capturing data meticulously. The variety of data is
IoTs devices. Smart things keep/ perform event in flow/ in manner generated by ‘Internet of Things’ is also increasing/ changing
(see figure 1). Above all tasks which were done by user only (in frequently (due to using different types of sensors in different
scenario 1), can be done in sequential or in parallelized way with applications). Data (from IoT systems) authenticity has been refined
Intelligence. But, depending more on technology also creates due to the increased quality of the sensor while rest of the system
several problems like leaking of privacy/ personal information, enhances with time and experience. Consider the case of Radio
storing information without user’s permission, trust, safety, etc. Frequency Identification (RFID) tags. These tags create highly
validated and authentic information from the past decade or so.
Such massive amount of data, integrated with rapidly rising data
significance, combined with larger variations in data elucidates the
urge of Internet of Things to produce Big Data. Therefore, a
complete outlook of IoT devices can be observed from the below
mentioned implementations:
 IoTs for manufacturing
Figure 1: Flow of Events with Internet of Things and new  IoTs for retail
Technology like Machine Learning, or Deep Learning [4]  IoTs for electronics
 IoTs for automotive
Hence, this section discusses about internet connected things, i.e.,  IoTs for energy and utilities
how they (IoTs) are changing human’s being life or making their  IoTs for insurance
life better. Later, this section also discusses uses of IoTs (with  IoTs for industrial
intelligence or machine learning) in human’s being life with an
 IoTs for aviation
example (i.e., with two scenario). Now next section will discuss
Above discussed point and uses of IoTs in several applications has
about the technologies which are trending now and in near future.
been discussed in [3]. Hence, this section discusses trending
technology of Internet of Things (IoTs) in several applications.
III. Technologies Trending Now and in Near Future
Now, next section will discuss several raised threats in an IoT
ecosystem.
As discussed above, most of the benefits (from cloud based IoTs )
are coming with huge risks, like losing of privacy loss and security
IV. Potential Threat to Internet of Things Ecosystem
breaches. To secure the IoT devices (also to preserve privacy of
user in IoTs), several novel ideas/ proposed work have been
As discussed in [1, 4], ‘Internet of Things’ Generates ‘Big Data’.
proposed by many researchers [6]. The Internet is the main
The above discussed points are four pillars (of technology) and
backbone for making a communication among devices/ machines,
they’re interlinked with one another and work effectively (from the
also a platform to reveal people’s information to malicious users/
aspects of cost and accessibility of records/database). However,
hackers. In 1990, internet/ worldwide web (a method of publishing

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 388

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

IoTs have a completely different prospect for these pillars, i.e.  Unordered threats and issues which contain a majority of
tracking and distributing personal details to malicious users (e.g. in inexperienced users who avail the easily accessible
a Hollywood movie "Eagle Eye," released in 2008, in which hacking tools.
computer systems or army personnel track a user or their location  Ordered and sequenced threats, create and make use of
everywhere with the help of a small drone) [4]. With increasing codes and contents, i.e., Advanced Persistent Threats
number of gadgets entering the IoT family, researchers have (APT) [13]. APT is an intensive network attack which
performed many privacy tests to identify the threats to IoT and to aims at highly important details pertaining to business and
create awareness. The key threat vectors , discussed in [11], also other institutions, in order to breach data [14].
including here: Hence due to weaknesses in security vulnerabilities or Rogue
a) Threat Posed by Compromised Devices: IoT devices security software, malicious users can enter in another user’s
contain information and the attacker have the potential system and can steal their data.
target to exploit that information, for example, User fixes
a security camera, it may show personal information about b. Common Cyber-Attacks
the user. This information can be hacked easily and the
attacker can control and manage it [4, 11]. Using malicious code, i.e., in form of worms, virus, etc., Cyber-
b) Threat over Communication Link: An interlinked set of attacks are being done to harm users or their data (which is a
IoT devices sends and receives large volumes of data, cybercrime due to stealing of information and identity theft of
during which numerous potential threats and attacks are users). In general terms, any effort to reveal, modify, kill, ruin, rob
possible. This transmission can be interrupted, seized or or obtain unauthorized access to or allow unauthorized use of an
manipulated during transmission. For example, an attacker object is a cyber-assault assault. [15]. Generally, cyber-attacks are
can always track the footprints of a client with the help of socially or politically motivated on internet-connected systems/
his/her conversational details. Further, attacker can also things, i.e., stealing, altering, or damaging someone information on
track the energy usage of the user so as to execute an an internet connected system/ things. Today’s several attacks have
attack which would destroy the complete smart system. been performed or formed one thing/ computer (system) to another
Here, successful threats would affect the privacy and trust things/ computer (systems). Many attacks on these things (internet
existing between the user, the gadgets, the companies, etc. connected devices) have been detected in the past decade. Some of
pertaining to the data transmitted in the IoT framework. these Cyber-Attacks on IoTs are listed here as:
c) Threat on the Master: The threat (here) is on the producer 1. Physical attacks: It is the subset of physical threats. Attack
and Cloud Service Provider (CSP) giving rise to problems means that there is some attacker and his intention to do
like safety, trust and privacy. Both the manufacturers and attack and tempers with hardware components. Usually,
IoT cloud possess trillions of data in quantity which prove most systems run in urban settings that are particularly
to be extremely volatile and are a structured asset as it’s susceptible to physical assaults.
determined by analytics. It’s also to be noticed that this 2. Reconnaissance attacks: It involves the illegal discovery
has greater competitive details with respect to APT (Asia- and tracking of systems, work, or threats , fore example,
Pacific Tele-community) group, if leaked/ intercepted. If analysing the network ports [16], packet sniffers [17].
the master is negotiated with, it offers an opportunity to Traffic jam analysis, and forwarding queries and other
the intruders to modify and alter numerous devices concerns related to IP address.
simultaneously, few of which are likely to have been 3. Denial-of-Service (DoS): A Denial of Service (DoS) attack
implemented in the field already. happens as a device normally makes a computer or network
In addition to all the advantages of the IoT program, many resource inaccessible for its expected users. In this attack,
protection risks are found in IoTs and addressed in [4, 11]. the intruder (hacker) sends unnecessary messages
Remember that internet connected devices or machines are demanding authentication of requests with invalid return
extremely valuable for cyber attackers for several purposes : addresses.
i. Most Internet Networking (IoT) machines run unattended by 4. Access attacks: The attacker wants to gain to a system
humans and it is convenient for an intruder to reach them network, where the intruder has to find out the
physically. vulnerabilities or weaknesses in the network authentication,
ii. A majority of the IoT components converse with each other i.e., FTP and web services. This attack is of two types:
using wireless networks such that the intruder could obtain Physical access and Remote access.
even the intimate details by eavesdropping. 5. Attacks on Privacy: Securing privacy in IoT turns out to be
iii. Also, many of these components don’t support sophisticated a herculean task which is easily accessible due to remote
safety plans due to the reduced power and processing access algorithms and techniques. The most common
resource capabilities. attacks on user privacy are:
 Data mining: The attacker can extract useful
a. Human Threats information and patterns from data in large
databases.
Malevolent human behaviour may be a significant challenge to your  Cyber espionage: The attacker use malicious
machine, for example, a disgruntled employee can attempt to software and cracking techniques to steal the secret
exploit or kill data [12]. Human is constantly trying to find new information of the individuals, organizations or the
ways to annoy, steal, and harm. Human threats can be classified as government.
mentioned below:

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 389

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

 Eavesdropping: listening to a conversation between Therefore, developing intelligent worlds, content, and
two parties [20]. business apps (which support users) will entail the
 Tracking: The attacker can track the movements of collection, review, and understanding of essential user
the user with the help of devices Unique background knowledge.
Identification Number (UID), for example, mobile c) Seamless Connectivity and Interoperability: Internet
number. Connected Things or IoT requires seamless connectivity
 Password-based attacks: Intruders try to recreate an and Interoperability, so that context information can be
authentic password which is done in two different shared among heterogeneous devices.
ways: i) dictionary attack- figuring out all the d) Network Neutrality: Network neutrality (a cornerstone of
plausible combination of letters and number to the IoT vision) notes that "no information should be
guess the password ii) brute force attack – taking granted preference over another detail." The idea of
the aid of cracking tools to find out the possible linking some system to other devices at any time from
combination of passwords and to figure out the everywhere therefore allows the most efficient physical
valid one. route in a network / communication between the sender
6. Cyber-crimes: The Web and smart devices are used to and the recipient.
misuse consumers and data for materialistic benefit, Hence, this section discusses about several threats notified in the
including stealing of intellectual property, identity theft, IoT ecosystem. Also, this section discusses about human and cyber-
image infringement and fraud [18, 19, and 21]. attacks (including vision of IoTs things) in detail. Now, next section
7. Destructive attacks: large scale chaos and devastation often will discuss some mechanism to secure an IoTs ecosystem in detail.
take place at the space. Terrorism and acts of vengeance
are some examples. V. Securing Internet Connecting Things Ecosystem
8. Supervisory Control and Data Acquisition (SCADA)
Attacks: Just like any other TCP/IP structures, SCADA IoT will be a game changer for the applications and business but it
[22] is also susceptible to a number of Cyber attacks [23, will raise issues like security and privacy on a large scale and
24]. Attackers can exploit the systems in the following requires attention from manufacturer. Usually, safety and security
manner: i) Making use of denial-of-service to switch off norms of IoT depends on the efficiency to spot and detect devices
the system. ii) Making use of malwares like Trojans or and gadgets which safeguard IoT hosting platforms and data which
other viruses to take control over the system. For example, are then shared with numerous trusted IoT gadgets (a trusted device
Stuxnet was the malicious virus launched on the Iranian is loyally detectable and is linked with the provider). Passing on
nuclear reactor in Natanz (in 2008) [25]. information with the trusted objects would further enhance the trust
Some other cyber-attacks are: Phishing. Man-in-the-middle attack, among users and on technical developments. Now, here discussing
Denial-of-service attack, SQL injection, Zero-day exploit, etc and all necessary tasks/ components to require/ secure an IoT
need to remember here that as the number of IoT devices are ecosystem.
integrating together and becoming a reality to user’s life, and then
obviously several security threats also will be occurred. Everyday a. Maintaining Data Integrity with Internet of
unfortunately, IoT devices are getting new attacks (with new Things/ Internet Connected Things
mechanisms, code).
Internet of Things promises to open up new opportunities for
c. Vision of the Internet of Things businesses to offer exciting services. These days’ insurance
providers are installing IoT apps in the cars to gather customer
As discussed IoTs are being used everywhere now days. Also safety data and driving information and enable insurance claims
several threats have been mitigated on IoTs devices. So, a decisions. To prevent the data from the malicious user, the data
manufacturer (of these devices) needs to build these devices in should be encrypted at network layer. The principle of Blockchain
future with considering issues like privacy, safety, and quality of (firstly used in Bit coin: the modern form of crypto currency [30],
life (for other user/ firm, which will use it in a distributed multi-user in 2009) is often used to complete this task, i.e., can offer higher
system with internet). Internet of Things is being look at outer safety to a dispatched and distributed system.
world in the following way
a) Large Scale Ubiquitous and Pervasive Connectivity : b. Establishing Trusted Identity Internet of Things
Today’s in vision of the IoT, these devices are using in
creating smart environments, i.e., to makes energy, As discussed earlier, IoT has laid its foundation on a framework of
transport, cities, etc., more intelligent [29]. Integration of distinctly detectable gadgets and devices, while, pubic key
IoTs makes an environment which provides efficient encryption plays a major role in developing trusteed identities.
services to users anytime, anyplace (using optimal path). Public key cryptography has made use of the technique which
IoTs in near future will be used in several areas like involves two variant keys to exchange information amidst
businesses and industrial Internet (with creating an open, users/systems. One of the keys are public while the other is private.
global network of people, data, and things). Information can be accessed and read only if both the keys are
b) Context-Aware Computing: This needs the most in the implemented right on an encrypted data. This is done with
Internet of Things, i.e. consumers need to be conscious of Certification Authority (CA). Further, trust is established by
the computational elements (to maximize their creating blocks and maintaining the encoded data in blocks with
performance and to enable automation of services). consistent data with respect to the preceding and the succeeding
block’s records.

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 390

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

(providing security). Now, next section will discuss several

c. Establishing a Public Key Infrastructure for security and privacy required in IoTs (via 3600 view).
Internet of Things
VI. Security and Privacy Goals with internet of Thing’s
As seen above, identity architecture is created on a combination of Devices (via a 360 0 view)
public and private keys. If the private key is not safe enough then
the integrity of the key is often lost. The safe creation and In above discussion (in section 5), storing or learning patterns of
maintenance of these keys are of prime importance. Public keys user’s daily activities is ok, but it is critical when it is shared with
must be secured from tamper-resistant software / encrypted data by unknown device/ users. It is a major and essential challenge (issue)
a new workaround (which is successfully implemented along with to overcome. Privacy is a fundamental right, which needs to be
real-time attacks). The function will easily eliminate a network protected. It can be protected with complete isolation from outside
attacker / attack. world/ Internet-world. A user starts to interact with other devices/
people; he/she starts sharing/ is willing to share information about
d. Protecting Aggregated Big Data with Encryption itself with others. Hence, some privacy goals in IoT based Cloud
are included as:
The data gathered, sent and maintained in clouds/IoT can be  Privacy in devices: It depends on physical and
safeguarded with encryption methodologies. Blockchain techniques commutation protection. Personal/ Sensitive information
are used to secure the data, i.e., securing the data in the blocks and may be transmitted to other applications from a device
connect them to the succeeding blocks. Data is present in two forms (e.g., in cases of data theft or loss and resistance to side
- static data and dynamic data. channel attacks).
 Protection of Data at Rest: Each time the devices interact,  Privacy during communication: It is dependent on the
a lot of data is generated which is stored at numerous accessibility, integrity and trust of the gadget. IoT devices
locations with secure methods and techniques. Encrypting must interact at the time of need, to derogate and disclose
data and storing them at the server offers scalability, cost the data privacy during their interaction.
efficient storage, and quicker computation. These  Privacy in storage: It is to protect the privacy of data
encoding mechanisms offer availability, veracity and stored in devices by taking into account the following:
accessibility of the collected data (i.e., accessible to users manageable amount of data must only be maintained in
all the time). Storing data in a safe and secure manner and the devices and regulation is to be expanded for offering
evading thee plausible entry points to harmful intruders is safety and privacy of the user’s data.
an issue of prime importance. To tackle this problem,  Privacy in processing: This is completely dependant on
institutions need to implement efficient encoding communication integrity [26]. Information is to be stored
techniques with Big Data clusters. This requires flexible from third parties without acknowledging the data owners.
and autonomous file-system level encryption which can  Identity privacy: It’s the uniqueness of any gadget and can
protect complicated data on the dispatched nodes. be spotted by valid entities alone.
 Protection of Data in Motion: Encryption of information  Location Privacy: The geographical position of relevant
poses a significant challenge as it possesses a variation device should only be discovered by authorized entity
increasing at rapid rates. When data moves between (human/device) [27, 28].
locations, it’s often exposed to malicious attacks like  A user consists data, information, identity, location and
fibre-tapping attack, man in the middle attack, etc. Note genomic types of privacy in communication of/ with
that an attacker can overhear the internet of things. Such types of privacy contain valuable
conversations/interactions by attaching cables without and sensitive information, which require protection
being identified by any other device. In this case, attackers against malicious users. Similarly, some security
can capture all the activities which participates in a protection required with IoTs as:
network, which is then stolen without the owner’s  Security of IoT devices: Security of IoT ecosystem need
knowledge. In the worst-case scenario, these attacks often to be provided physically. When an IoT ecosystem is
tamper the data and can override the controls on the full being like smart grid, then from require some manpower/
system. It’s to be highlighted that encryption is mandatory human being to take care that site, i.e., protection site
at the back-end for cloud service providers, against any kind of damages. For example, organisations
manufacturers, etc. are hiring persons for taking care of their infrastructure
Data can further be secured with the help of Blockchain. Security (i.e., in telecom industry).
can be offered to different data types by creation of blocks and  Security in IoT devices: Proper encryption mechanism,
maintaining encoded data/information with the help of consistent
efficient algorithms to collect data in a database, access
information when compared to the preceding and succeeding control to known users, etc., are some essential
block records. This process isn’t a compromised by any attack. components need to include when IoTs devices is being
Note that Physical protection is actually more of a concern,
used.
because such machines are typically out in the open in remote Hence, this section discusses several security and privacy goals
areas where anyone can access them physically. The security
with respect to internet connected things via 3600 view. In this,
issues escalate significantly if anyone has physical access to the found that privacy of information stored/ communicated in devices
computer. This research therefore provides many ideas or
should be persevered and protected, also security of devices and
strategies for protecting an IoT or cloud-based IoT network

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 391

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

enough level of security need to be provided in IoTs. Now, next issues. Problems like data transmission, computation, and
section will discuss about some challenge in IoTs. supervision becomes a challenge.
b) Heterogeneity: IoTs provide a heterogeneous, complex
VII. Issues and Challenges in Internet Connected Things network structure. This, in effect, increases the confusion
between specific types of devices through means of
In the past decade, several challenges have been investigated in multiple networking systems revealing the network's rude
IoTs and need to focus on these challenges to encourage higher actions to be dishonest, sluggish, and unstandardized.
growth rate of IoT (in near future), and to provide opportunities to Managing linked artefacts through encouraging and
future researchers to do their research work. Industry also can managing them by interaction between systems, such as
consider these challenges to capture new competencies and hardware components and/or software resources, after
capacities. These challenges (investigated in an IoT ecosystem) can providing architectural and protocol level addressing,
be discussed as: recognition and optimization is a significant research task.
 Infrastructure: An Infrastructure is an environment which c) Lack of Service Description Language (SDL): The
is interoperable, trustable, mobile, distributed, valuable, absence of Service Description Language in connected
and powerful for provide services to human beings. An services leads to development, execution and source
IoT ecosystem consist several emerging applications in it, integration a herculean task by elongating the
i.e., like Smarter Cities, Smart Grid, Smart Building, dissemination time (due to/ causing loss in market). A
Smart Home, Intelligent Transport Systems, and Novel SDL may and change or solve several problems
ubiquitous healthcare, etc. Due to that, large numbers of like product dissemination and must identify a commonly
address schemes are required to provide address to each accepted SDL, so powerful service discovery methods and
and every connected IoTs (to offer offers scalability, object naming services need to be implemented.
flexibility, tested, extended, ubiquitous, open, and end-to- d) Lack of a Unified infrastructure: IoT is designed with a
end connectivity). Note that Addressing schemes are used traditional network/ IoT makes CT environment. This
to identify with respect to identify sender’s identification/ environment is affected by its connection. So, require a
location, to provide security to devices. unified information infrastructure to connect large number
 Data and Information: Lots of data is being generated with of IoTs devices (to produce real-time data).
these devices (in integration), which is a major challenge e) Handling Large Data base: Today’s existing/ Traditional
to handle, and analysis. Modern analytic tools/ new big Data Base Management System (DBMS) cannot handle
data solutions are required (by service providers) to the originated data, because of the huge data (generated or
analyse data, and discover relevant trends and patterns for collected). The current fault tolerance system is in capable
future purpose. of managing the high-speed generated data. A new IoT
 Security and Privacy: Internet Connected Devices (ICD) based data centric architecture need to be proposed to
can communicate with consumers, transmit data back to tackle this issue.
service providers, and compile data for third parties such f) Format of Data generated by IoTs: The data generated
as researchers, health care providers, or even other from IoTs devices (connected through internet) will be in
consumers. Hence, issues including privacy related to present in different volume, variety and formation. So big
personal data, and data sharing are emerging, which data/ IoTs generated data specific design should be
shows the importance of trust in an IoT ecosystem. invented to handle these types of data.
 Ecosystem: IoT has been evolving quite a lot. ‘Things’
seem to possess increased number of details linked to B. Issues in Internet of Things
them, and have started to sense, interact, and create novel
data. Services linked to IoT are likely fetch £200bn IoT system includes large number of nodes which should be
annually. This would further bring about innovation, and identified uniquely in the network configuration. Since the IPv4
development in arenas like components, devices, wireless numbered addresses are about to exhaust, so have to find a new
connectivity, system integration and decision-support addressing scheme like IPv6 to configure all IoTs devices. Further,
tools. different devices use different protocols to handle hardware/
software compatibility, this is also a major issue with IoTs. Hence,
A. Challenges in Internet of Things the lack of standardised tools for security, communication and
identification need to be solved to make the IoT system efficient,
A key challenge in machine learning is “How to interpret the Input accurate and safe (privacy preserved). The universal applicability of
Data and what are potential Security Threats and Device IoT and associated technology would rely in large measure on
Vulnerabilities”? A lot of comprehensive research has been network cum cyber security and data protection. IoT is extremely
performed from the viewpoint of IoT protection up until now and dynamic and heterogeneous in design, and is often facing serious
similar work can be categorized into device security, program challenges to protection and privacy. The key obstacles that hinder
security, and network security. Some few problems in this regard IoT to being damn secure are delivery, versatility and
can be included as: sophistication. From [4] and due to the large number of attack
a) Design of Service oriented Architecture (SoA) for IoT: vector presences on IoT entities, privacy protection in the IoT
SoA has to handle massive amounts of devices which are environment is more vulnerable than in traditional information and
linked to the system which help organize scalability communication technology (ICT) networks. For example, the IoT-
based health care tracking device would gather data from patients
(e.g., heart rate, heartbeat, body temperature, breathing, etc.) and

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 392

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

then transmit this information back to the doctor's office or hospital 2019: 2 nd International Conference on Advanced Computing and
over the Web. When tata is transmitted over the network, there are Software Engineering, KNIT Sultanpur, 2019, India, 8-9 February 2019.
[4] Amit Kumar T yagi, and M.Shamila, Spy in the Crowd: How User’s
chances of data being breached. In these cases, the life of the user is Privacy is getting affected with the Integration of Internet of T hing’s
at stake and at high risk. In such cases, most of the frameworks Devices, SUSCOM-2019: International Conference on Sustainable
don’t consider the safety and security of the user which is one of the Computing in Science, Technology & Management (SUSCOM-2019).
major drawbacks which need to be addressed. Hence, as Data is Amity University Rajasthan, India, 26-28 February 2019.
collected or produced in raw form, i.e., consist non -relevant [5] https://towardsdatascience.com/iot -machine-learning-is-going-to-
change-the-world-7c4e0cd7ac32
handouts. And this generated data is too helpful in decision making [6] Arbia Riahi, Sfar Enrico Natalizio,Yacine Challal, Zied Chtourou, A
in several applications. The value of this collected/ generated data is roadmap for security challenges in the Internet of T hings, Digital
only possible after analysis/ filtering process. So efficient and Communications and Networks, Volume 4, Issue 2, April 2018, Pages
modern tools to analysis this collected data needs to developed. 118-137.
Also, a commonly accepted service description language (which is [7] https://en.wikipedia.org/wiki/T im_Berners-Lee
compactable with different communication and implementation) [8] https://www.w3.org/People/Berners-Lee/
[9] https://impact.com/marketing-intelligence/7-vs-big-data/
must be identified to make the development process easier. [10] https://www.optimusinfo.com/blog/understanding-the-7-vs-of-big-data
Hence, this section discusses several challenges in internet of [11] Amit Kumar T yagi, G. Rekha, and N. Sreenath, Beyond the Hype -
things like heterogeneity, lack of unified infrastructure, lack of Internet of T hings Concepts, Security and Privacy Concerns, 22 -23
unified standards, huge data base, huge consumption of energy, etc. March 2019, in Proceeding of Springer/ International Conference on
Some more work towards IoTs devices has been discussed in Table Emerging T rends in Engineering, College of Engineering (ICET E),
Osmania University, Hyderabad, T elangana, India.
1 (in appendix A). Hence, these issues, challenges can be [12] http://online-passport.info/comsecpriv/?page_id=41
considered as future work in near future from/ by respective [13] C. T ankard, Advanced persistent threats and how to monitor and deter
interested researchers/ research community. Now, next section will them, Network security, vol. 2011, no. 8, pp. 16–19, 2011.
conclude this work in brief (with some future scope of this work for [14] F. Li, A. Lai, and D. Ddl, Evidence of advanced persistent threat: A case
future). study of malware for political espionage, in Malicious and Unwanted
Software (MALWARE), 2011 6th International Conference on. IEEE,
2011, pp. 102–109.
VIII. Conclusion and Future Scope [15] American Government, Power and Purpose: Political science, Political
science, book, CT I Reviews – 2016.
Today’s internet of things are being used everywhere, i.e., in many [16] S. Ansari, S. Rajeev, and H. Chandrashekar, Packet sniffing: a brief
applications (like smart home, smart transportation, smart farming, introduction, Potentials, IEEE, vol. 21, no. 5, pp. 17–19, 2002.
etc.) to make human life easier. Even some countries are insisting [17] M. De Vivo, E. Carrasco, G. Isern, and G. O. de Vivo, A review of port
scanning techniques, ACM SIGCOMM Computer Communication
their citizens to use these devices, for example, in India, Amravati Review, vol. 29, no. 2, pp. 41–48, 1999.
(new capital of Andhra Pradesh state) will be first smart city. [18] B. Schneier, Secrets and lies: digital security in a networked world. John
Similarly, Dubai will work completely on smart things , i.e., as a Wiley & Sons, 2011.
smart city before 2022. So, as uses of these devices are increasing, [19] J. M. Kizza, Guide to Computer Network Security. Springer, 2013.
attacks will also be increased in near future. This work provides a [20] I. Naumann and G. Hogben, Privacy features of european eid card
specifications, Network Security, vol. 2008, no. 8, pp. 9 –13, 2008.
detail description of internet connected things. It also discusses [21] C.Wilson, Botnets, cybercrime, and cyber-terrorism: Vulnerabilities and
some serious concerns and challenges in IoTs in near future. These policy issues for congress.” DT IC Document, 2008.
investigated issues, challenges need to be overcome or require [22] A. Daneels and W. Salter, What is SCADA, in International Conference
attention from research community. Also, major limitations of IoTs on Accelerator and Large Experimental Physics Control Systems, 1999,
like Battery life extension and Lightweight Computation are also pp. 339–343.
[23] A. Nicholson, S. Webber, S. Dyer, T . Patel, and H. Janicke, Scada
needed to be improved (for providing efficient, smart, and secure security in the light of cyber-warfare, Computers and Security, vol. 31,
services for a longer-time). Therefore, system level security, master no. 4, pp. 418–436, 2012.
computer safety, encryption of information / communication ties is [24] V. M. Igure, S. A. Laughter, and R. D.Williams, Security issues in scada
essential to conducting secure operations (including IoTs). In networks, Computers & Security, vol. 25, no. 7, pp. 49 8–506, 2006.
summary, instead of searching for a new tool, current methods can [25] M. Kelleye, Business Insider. The Stuxnet attack on Irans Nuclear Plant
be developed to protect IoTs / IoT ecosystem. For the future works, was Far more Dangerous T han Previously T hought,
http://www.businessinsider.com/stuxnet -was-far-more-dangerous-
must concentrate on providing the existent security controls and thanprevious-thought-2013-11/,2013, [Online; accessed 03-Sep-2014].
enhance the novel and sophisticated applications to drill the further [26] C. P. Mayer, Security and P rivacy challenges in the internet of things,
implementation of IoT (because integration of IoTs in several Electronic Communications of the EASST , vol. 17, 2009.
applications and in many counties is growing exponentially). [27] A. R. Beresford, Location privacy in ubiquitous computing, Computer
Laboratory, University of Cambridge, T ech. Rep, vol. 612, 2005.
[28] Amit Kumar Tyagi, N. Sreenath, Future Challenging Issues in Location
References Based Services, International Journal of Computer Applications (ISSN:
0975 –8887), Volume 114, No. 5, pp.51-56, March 2015.
[1] T ELEFÓNICA I+D: Internet of Things + Internet of Services (2008). [29] Misra, Sridipta, Maheswaran, Muthucumaru, Hashmi, Salman, Security
[2] Simona Jankowski, et al., The Internet of T hings: Making sense of the Challenges and Approaches in Internet of Things,Engineering Signals &
next mega-trend, Goldman Sachs Global Investment Research’s report, Communication, 2017 (Available at:
Sptemmber 3, 2014. https://www.springer.com/in/book/9783319442297#reviews).
[3] Amit Kumar Tyagi, Nandula Anuradha, G. Rekha, Sonam Sharma, and [30] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” 2008.
Sreenath Niladhuri, How a User will look at the Connection of Internet [Online]. Available: https://bitcoin.org/bitcoin.pdf
of T hings Devices?: A Smarter Look of Smarter Environment, ICACSE:

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 393

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.
 Proceedings of the Fifth International Conference on Communication and Electronics Systems (ICCES 2020)
IEEE Conference Record # 48766; IEEE Xplore ISBN: 978-1-7281-5371-1

Appendix - A

Table 1: Challenges, Issues and Cyber-Attacks including Solutions in Internet of Things

S.No Challenges Issues Cyber Attacks O vercoming Solutions

1. Security As the IoT connected devices - A collaborative approach to security
increases it will also increases the will be needed to resolve this issue
opportunity to exploit security
vulnerabilities for an attacker
2. Privacy T he gathering of these details - Strategies and techniques need to be
showcases legal and governing created to assure and respect
tasks which face data security and individual privacy decisions
privacy norms. spanning across a wide spectrum of
choices, by embedding innovation
in methods and services.

3. Standards Absence of standards can enable - It requires a creative architecture

stupid behaviour by IoT devices. and normalization of computation
tools, methods, and interfaces,
combined with the implication of
IPv6, will be essential in the future.
4. IOT botnets T he rising mining competition - IoT implementations, frameworks,
aiming which is joined with the novel use and interfaces which depend on
at cryptocurrency of cryptocurrency proves to be Blockchain have to be governed and
ana rea of interest for hackers. consistently monitored.

5. Home Invasions It has chances of portraying your Such crucial details can be sold by the -
IP address which can indicate hackers to malicious people.
your residential details.

6. Remote Vehicle It also possesses a greater risk of - -

access a car hijack.

7. Easy exposure IoT devices are not resilient to T his means that an intruder can either -
third-party exposure — they easily steal the device, connect the device
either lay open or easily to another device containing harmful data,
accessible to anyone. or try to extract cryptographic secrets,
modifying the programming or even
replacing those devices with malicious
ones in which the intruder has complete
control.
8 Machine Phishing - Hackers increasingly will try to infiltrate -
IoT and operational networks to send false
signals that in turn cause owners or plant
operators to take actions that can be
damaging.
9 Infrastructure It requires large number of - -
address schemes. Addressing
schemes are used to identify with
respect to identify sender’s
identification/ location, to provide
security to devices.
10. Data and T o handle and analyse the data - Analytic tools / new big data is
Information generated by the devices required
11. Security and 1. With IoT being in the lime- - -
Privacy light, numerous challenges for
supervisors and users are being
exposed,
2. Privacy linked to personal
details and data exchange.

12. Ecosystem It stimulate innovation and - -

growth in areas such as
components, devices, wireless
connectivity, system integration
and decision-support tools

978-1-7281-5371-1/20/$31.00 ©2020 IEEE 394

Authorized licensed use limited to: Missouri State University. Downloaded on July 02,2024 at 20:32:36 UTC from IEEE Xplore. Restrictions apply.