Anatomy of attacks on IoT systems: review of attacks, impacts and countermeasures

Abstract

Aim: The Internet of Things is a disruptive technology that converts physical objects into a constant source of information. Internet-connected devices bridge the gap between the physical and virtual worlds through their data-generating set of sensors. Due to the large-scale proliferation of Internet-of-Things systems into practically every sector of modern life, they have also become the centre of growing cybersecurity threats and attacks. This is exacerbated by the connectivity between different kinds of devices and the lack of standardisation to govern them. The majority of papers on the security of the Internet of Things discuss one attack or threat at a time, which could lead to a fragmented understanding of their overall security posture. The aim of this paper is to provide a concise review of attacks on an Internet-of-Things system, their impacts on IoT assets and possible countermeasures. Methods: We review the available layered representation and functional components of the Internet of Things. We then identify the system's assets and review the literature on IoT attacks. We categorise these attacks into groups using common classification criteria and map them against the assets they target. We also identify the possible impacts that these attacks could have on an IoT system. We explore a number of security controls that could be deployed to detect or prevent the attacks. Finally, we evaluate these countermeasures against the assets they protect and the impacts they intend to prevent. Results: To clearly show the security of IoT systems, we identify assets, categorise the different attacks and map them to the different components of an IoT system. Further, we identify the different countermeasures and evaluate their effectiveness against IoT assets and attacks. Conclusion: The paper provides a clear and concise description of IoT functional components and computational models. It also presents an anatomy of attacks on such a system. In addition, the main assets of a typical IoT system are identified and elaborated. The different types of attacks that can be launched in an IoT environment are categorised and mapped against the different functional components. Further, the different assets are identified and countermeasures are evaluated on their effectiveness to protect them.