A Systemic Security and Privacy Review: Attacks and Prevention Mechanisms over IOT Layers

Authors

DOI:

https://doi.org/10.4108/eetss.v8i30.590

Keywords:

Internet of Things, Security and Privacy, IoT layers, attacks with solution mechanisms

Abstract

In this contemporary era internet of things are used in every realm of life. Recent software’s (e.g., vehicle networking, smart grid, and wearable) are established in result of its use: furthermore, as development, consolidation, and revolution of varied ancient areas (e.g., medical and automotive). The number of devices connected in conjunction with the ad-hoc nature of the system any exacerbates the case. Therefore, security and privacy has emerged as a big challenge for the IoT. This paper provides an outline of IoT security attacks on Three-Layer Architecture: Three-layer such as application layer, network layer, perception layer/physical layer and attacks that are associated with these layers will be discussed. Moreover, this paper will provide some possible solution mechanisms for such attacks. The aim is to produce a radical survey associated with the privacy and security challenges of the IoT. This paper addresses these challenges from the attitude of technologies and design used. The objective of this paper is to rendering possible solution for various attacks on different layers of IoT architecture. It also presents comparison based on reviewing multiple solutions and defines the best one solution for a specific attack on particular layer.

References

Muhammad Shoaib Akhtar, Tao Feng, "Deep Learning-Based Framework for the Detection of Cyberattack Using Feature Engineering", Security and Communication Networks, vol. 2021, Article ID 6129210, 12 pages, 2021. https://doi.org/10.1155/2021/6129210

Muhammad Shoaib Akhtar,Tao Feng, Year: 2022, Comparison of Classification Model for the Detection of Cyber-attack using Ensemble Learning Models, SIS, EAI, DOI: 10.4108/eai.1-2-2022.173293

M. Demirbas and Y. Song. An rssi-based scheme for sybil attack detection in wireless sensor networks. In Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, pages 564–570. IEEE Computer Society, 2006.

Thakur, B. S., & Chaudhary, S. (2013). Content sniffing attack detection in client and server side: A survey. International Journal of Advanced Computer Research, 3(2), 7.

Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12), 1550147717741463.

Xu, W., Trappe, W., Zhang, Y., & Wood, T. (2005, May). The feasibility of launching and detecting jamming attacks in wireless networks. In Proceedings of the 6th ACM international symposium on Mobile ad hoc networking and computing (pp. 46-57).

Muhammad Shoaib Akhtar, Tao Feng Year: 2022 Comparison of Classification Model for the Detection of Cyber-attack using Ensemble Learning Models SIS EAI DOI: 10.4108/eai.1-2-2022.173293.

Nguyen, T. H., &Yoo, M. (2017). A hybrid prevention method for eavesdropping attack by link spoofing in software-defined Internet of Things controllers. International Journal of Distributed Sensor Networks, 13(11), 1550147717739157.

Najafabadi, S. G., Naji, H. R., &Mahani, A. (2013, December). Sybil attack Detection: Improving security of WSNs for smart power grid application. In 2013 Smart Grid Conference (SGC) (pp. 273-278). IEEE.

Çeker, H., Zhuang, J., Upadhyaya, S., La, Q. D., & Soong, B. H. (2016, November). Deception-based game theoretical approach to mitigate DoS attacks. In International conference on decision and game theory for security (pp. 18-38). Springer, Cham.

Grover, K., Lim, A., & Yang, Q. (2014). Jamming and anti–jamming techniques in wireless networks: a survey. International Journal of Ad Hoc and Ubiquitous Computing, 17(4), 197-215.

Gao, L., Li, Y., Zhang, L., Lin, F., & Ma, M. (2019). Research on detection and defense mechanisms of DoS attacks based on BP neural network and game theory. IEEE Access, 7, 43018-43030.

Qi, F., Bao, F., Li, T., Jia, W., & Wu, Y. (2006, April). Preventing web-spoofing with automatic detecting security indicator. In International Conference on Information Security Practice and Experience (pp. 112-122). Springer, Berlin, Heidelberg.

Gautam, B., Tripathi, J., & Singh, S. (2018). A Secure Coding Approach For Prevention of SQL Injection Attacks. International Journal of Applied Engineering Research, 13(11), 9874-9880.

Conti, M., Dragoni, N., &Lesyk, V. (2016). A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials, 18(3), 2027-2051.

Qadri, S. I. A., & Pandey, K. (2012). Tag based client side detection of content sniffing attacks with file encryption and file splitter technique. International Journal of Advanced Computer Research, 2(3), 215.

Barua, A., Shahriar, H., &Zulkernine, M. (2011, November). Server side detection of content sniffing attacks. In 2011 IEEE 22nd International Symposium on Software Reliability Engineering (pp. 20-29). IEEE.

SaiKiran, P., SureshBabu, E., Padmini, D., SriLalitha, V., &Krishnanand, V. (2017). Security issues and countermeasures of three tier architecture of IoT-a survey. International Journal of Pure and Applied Mathematics, 115(6), 49-57.

Iqbal, M. A., Olaleye, O. G., &Bayoumi, M. A. (2017). A review on internet of things (IoT): security and privacy requirements and the solution approaches. Global Journal of Computer Science and Technology.

Farooq MU, Waseem M, Khairi A, Mazhar S (2015) A critical analysis on the security concerns of Internet of Things (IoT). Int J ComputAppl 111:7

Jing, Q., Vasilakos, A. V., Wan, J., Lu, J., &Qiu, D. (2014). Security of the Internet of Things: perspectives and challenges. Wireless Networks, 20(8), 2481-2501.

Zhang, W., &Qu, B. (2013). Security architecture of the Internet of Things oriented to perceptual layer. International Journal on Computer, Consumer and Control (IJ3C), 2(2), 37-45.

Dubey, A., Gupta, R., &Chandel, G. S. (2013). An efficient partition technique to reduce the attack detection time with web based text and PDF files. International Journal of Advanced Computer Research (IJACR), 3(9), 80-86.

M. Demirbas and Y. Song. An rssi-based scheme for sybil attack detection in wireless sensor networks. In Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, pages 564–570. IEEE Computer Society, 2006.

S. G. Najafabadi, H. R. Naji, and A. Mahani. Sybil attack detection: Improving security of wsns for smart power grid application. In Smart Grid Conference (SGC), 2013, pages 273–278. IEEE, 2013.

S. Sharmila and G. Umamaeshwari. Energy and hop based detection of sybil attack for mobile wireless sensor networks. International Journal of Emerging Technology and Advanced Engineering, 4(4), 2014.

Krontiris,I., Dimitriou,T., Giannetsos,T. and Mpasoukos, M. (2008). Intrusion Detection Sinkhole Attacks in Wireless Sensor Network. In Networking and Communications, 2008. WIMOB’08. IEEE Interational Conference on Wireless and Mobile Computing, (pp. 526-531). IEEE.

Roy, D.S., Singh, A.S. and Choudhury, S. (2008). Countering Sinkhole and Blackhole Attacks on Sensor Networks using Dynamic Trust Management. In Computers and Communications, 2008. ISCC 2008. IEE Symposium on (pp. 537-542). IEEE.

AnimeshDubey, Ravindra Gupta, Gajendra Singh Chandel,” An Efficient Partition Technique to reduce the Attack Detection Time with Web based Text and PDF files”, International Journal of Advanced Computer Research (IJACR),Volume-3 Number-1 Issue-9 March-2013.

Qadri, S. I. A., & Pandey, K. (2012). Tag based client side detection of content sniffing attacks with file encryption and file splitter technique. International Journal of Advanced Computer Research, 2(3), 215.

AfrandAgah, KalyanBasu, and Sajal K Das. Preventing dos attack in sensor networks: a game theoretic approach. In Communications, 2005.ICC 2005. 2005 IEEE International Conference on, volume 5, pages 3218–3222. IEEE, 2005.

Maryam Mohi, Ali Movaghar, and PooyaMoradianZadeh. A bayesian game approach for preventing dos attacks in wireless sensor networks. In Communications and Mobile Computing, 2009. CMC’09. WRI International Conference on, volume 3, pages 507–511. IEEE, 2009.

Yi-ying Zhang, Xiang-zhen Li, and Yuan-an Liu. The detection and defence of dos attack for wireless sensor network. The journal of china universities of posts and telecommunications, 19:52–56, 2012.

Dines Kumar.V.S and Navaneethan.C. Protection against denial of service (dos) attacks in wireless sensor networks. International Journal of Advanced Research in Computer Science & Technology, 2:439–443, March 2014

B. Aziz, G. Hamilton, Detecting man-in-the-middle attacks by precise timing, in: 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009, pp. 81–86.

J. Liu, Y. Xiao, C. P. Chen, Authentication and access control in the internet of things, in: Distributed Computing Systems Workshops (ICDCSW), 2012 32nd International Conference on, IEEE, 2012, pp. 588–592.

A. Wood, J. Stankovic, and S. Son. JAM: A jammed-area mapping service for sensor networks. In 24th IEEE Real-Time Systems Symposium, pages 286 - 297, 2003.

J. G. Proakis. Digital Communications. McGraw-Hill, 4th edition, 2000.

C. Schleher. Electronic Warfare in the Information Age. MArtech House, 1999.

Bu K., Liu X., Luo J., Xiao B., and Wei G., ªUnreconciled collisions uncover cloning attacks in anonymous RFID systems,º Inf. Forensics Secur. IEEE Trans., vol. 8, no. 3, pp. 429±439, 2013.

Bu K., Xu M., Liu X., Luo J., Zhang S., and Weng M., ªDeterministic Detection of Cloning Attacks for Anonymous RFID Systems,º IEEE Trans. Ind. Informatics, vol. 11, no. 6, pp. 1±1, 2015.

Li, X., Dai, H. N., & Zhao, Q. (2014, November). An analytical model on eavesdropping attacks in wireless networks. In 2014 IEEE International Conference on Communication Systems (pp. 538-542). IEEE.

Nguyen, T. H., &Yoo, M. (2017). A hybrid prevention method for eavesdropping attack by link spoofing in software-defined Internet of Things controllers. International Journal of Distributed Sensor Networks, 13(11), 1550147717739157.

Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach. Web spoofing: An Internet Con Game. 20th National Information Systems Security Conference, 1997

Amir Herzberg, Ahmad Gbara, TrustBar: Protecting (evenNaive) Web Users from Spoofing and Phishing Attacks. 2004:CryptologyePrint Archive: Report 2004/155

Andre Adelsbach, Sebastian Gajek, and JorgSchwenk. Visual Spoofing of SSL Protected Web Sites and Effective Countermeasures. In Proceedings of Information Security Practice and Experience ’2005, LNCS 3469, pp.204-216, 2005.

Gould, C., Su, Z., &Devanbu, P. (2004, May). JDBC checker: A static analysis tool for SQL/JDBC applications. In Proceedings. 26th International Conference on Software Engineering (pp. 697-698). IEEE.

Gould, C., Su, Z., &Devanbu, P. (2004, May). JDBC checker: A static analysis tool for SQL/JDBC applications. In Proceedings. 26th International Conference on Software Engineering (pp. 697-698). IEEE.

McClure, R. A., & Kruger, I. H. (2005, May). SQL DOM: compile time checking of dynamic SQL statements. In Proceedings. 27th International Conference on Software Engineering, 2005. ICSE 2005. (pp. 88-96). IEEE.

Cook, W. R., &Rai, S. (2005, May). Safe query objects: statically typed objects as remotely executable queries. In Proceedings of the 27th international conference on Software engineering (pp. 97-106).

Durães, J., & Madeira, H. (2005, October). A methodology for the automated identification of buffer overflow vulnerabilities in executable software without source-code. In Latin-American Symposium on Dependable Computing (pp. 20-34). Springer, Berlin, Heidelberg.

Dudina, I. A., &Belevantsev, A. A. (2017). Using static symbolic execution to detect buffer overflows. Programming and Computer Software, 43(5), 277-288.

Rawat, S., &Mounier, L. (2010, October). An evolutionary computing approach for hunting buffer overflow vulnerabilities: A case of aiming in dim light. In 2010 European Conference on Computer Network Defense (pp. 37-45). IEEE.

Chen, J., &Guo, C. (2006, October). Online detection and prevention of phishing attacks. In 2006 First International Conference on Communications and Networking in China (pp. 1-7). IEEE.

Atighetchi, M., & Pal, P. (2009, July). Attribute-based prevention of phishing attacks. In 2009 Eighth IEEE International Symposium on Network Computing and Applications (pp. 266-269). IEEE.

Iliyev, D., & Sun, Y. B. (2010, April). Website forgery prevention. In 2010 International Conference on Information Science and Applications (pp. 1-8). IEEE.

Downloads

Published

05-08-2022

How to Cite

Akhtar, M. . S., & Feng, T. (2022). A Systemic Security and Privacy Review: Attacks and Prevention Mechanisms over IOT Layers. EAI Endorsed Transactions on Security and Safety, 8(30), e5. https://doi.org/10.4108/eetss.v8i30.590

Issue

Vol. 8 No. 30 (2021): EAI Endorsed Transactions on Security and Safety

Section

Review article

License

Copyright (c) 2022 EAI Endorsed Transactions on Security and Safety

Creative Commons License

This work is licensed under a Creative Commons Attribution 3.0 Unported License.

This is an open-access article distributed under the terms of the Creative Commons Attribution CC BY 3.0 license, which permits unlimited use, distribution, and reproduction in any medium so long as the original work is properly cited.