Abstract

Internet of Things (IoT) has not yet reached a distinctive definition. A generic understanding of IoT is that it offers numerous services in many domains, utilizing conventional internet infrastructure by enabling different communication patterns such as human-to-object, object-to-objects, and object-to-object. Integrating IoT objects into the standard Internet, however, has unlocked several security challenges, as most internet technologies and connectivity protocols have been specifically designed for unconstrained objects. Moreover, IoT objects have their own limitations in terms of computation power, memory and bandwidth. IoT vision, therefore, has suffered from unprecedented attacks targeting not only individuals but also enterprises, some examples of these attacks are loss of privacy, organized crime, mental suffering, and the probability of jeopardizing human lives. Hence, providing a comprehensive classification of IoT attacks and their available countermeasures is an indispensable requirement. In this paper, we propose a novel four-layered IoT reference model based on building blocks strategy, in which we develop a comprehensive IoT attack model composed of four key phases. First, we have proposed IoT asset-based attack surface, which consists of four main components: 1) physical objects, 2) protocols covering whole IoT stack, 3) data, and 4) software. Second, we describe a set of IoT security goals. Third, we identify IoT attack taxonomy for each asset. Finally, we show the relationship between each attack and its violated security goals, and identify a set of countermeasures to protect each asset as well. To the best of our knowledge, this is the first paper that attempts to provide a comprehensive IoT attacks model based on a building-blocked reference model.

Highlights

  • Flooding a huge number of the physical objects into the Internet at an unprecedented scale is a consequence of the Internet of Things (IoT)[1], [2]

  • We propose a four-layered reference model based on building blocks strategy as shown in Fig. 4, the main contributions of such model are the following: First, the great contribution we intend to produce lies in merging each layer of IoT Reference Models (RMs) with the required building blocks

  • The appearance of IoT paradigm in the last few years has unleashed so many threats and feasible attacks against security and privacy of IoT objects and individuals. These threats lead to hamper the realization of this paradigm if they have been left without proper countermeasures

Read more

Summary

A Comprehensive IoT Attacks Survey based on a Building-blocked Reference Model

Hezam Akram Abdul-Ghani, Dimitri Konstantas Geneva School of Economics and Management Geneva University, Switzerland. Providing a comprehensive classification of IoT attacks and their available countermeasures is an indispensable requirement. We propose a novel four-layered IoT reference model based on building blocks strategy, in which we develop a comprehensive IoT attack model composed of four key phases. We have proposed IoT asset-based attack surface, which consists of four main components: 1) physical objects, 2) protocols covering whole IoT stack, 3) data, and 4) software. We describe a set of IoT security goals. We show the relationship between each attack and its violated security goals, and identify a set of countermeasures to protect each asset as well. To the best of our knowledge, this is the first paper that attempts to provide a comprehensive IoT attacks model based on a building-blocked reference model

INTRODUCTION
IOT REFERENCE MODELS
RELATED WORK
OUR PROPOSED IOT ATTACK MODEL
Identify Security Goals and Security Attack
IoT Attack Taxonomy and Countermeasures for Each Asset
Connectivity protocols-based attacks
RFID-based attacks
NFC-based attacks
Bluetooth-based attacks
Wifi-based attacks
ZigBee-based attacks
RPL-based attacks
Communication protocols-based attacks
TCP-UDP-based attacks
Application layer protocols-based attacks
Application-based attacks
Operating system-based attacks
Firmware-based attacks
Findings
CONCLUSION

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.