Data Communication And Computer Networks Prakash C Gupta Pdf 157l

The security of a computer system encompasses various methods and techniques that safeguard all kinds of resources from illegitimate access. Resources may include hardware, software, and data, whereas illegitimate access may include unauthorized usage or damage to resources. In IoT systems, security aspects focus on architecture, the security model of every device, bootstrapping, network security, and application security [27]. Security architecture demonstrates the various system components involved in ensuring the security of an IoT device. The security model of each device focuses on the implementation of security methods and criteria along with the management of various applications. Network security deals with the reliable functioning of IoT. Online application security is all about the authentication of various things on the network for communication and exchange of data. Network security is highly dependent on the internet, which is an anxious media of data exchange and leads to a large possibility of data stealing. The deployment of IoT is dependent on the internet and computer networks. Consequently, it is affected by all security issues related to computer networks as well as the internet. Before using IoT devices, all stakeholders should analyze the associated risks related to the security and privacy of the user information. Accordingly, more sophisticated security policies must be designed by governing organizations.

Data Communication And Computer Networks Prakash C Gupta Pdf 157l

Mahmoud et al. [42] surveyed IoT security principles. The authors also presented various security issues along with corrective measures. The need for advanced technologies to tackle hardware, software, user identification, and wireless communication issues is also discussed. Pescatore and Shpantzer [43] presented the viewpoint of people actively involved in the research of IoT security issues along with the future prospects in the field. They also highlighted that IoT developers should focus more on security issues instead of other ICT systems. Gil et al. [44] reviewed various technologies and security models in the context of data-related challenges. The authors impressed upon the collaboration of social networks and IoT and introduced a new concept of the Social Internet of Things (SIoT). IoT security is discussed but the concept of cybersecurity in IoT is not touched. Muhammad et al. [45] discussed the various possible attacks in IoT systems. The authors also highlighted the security and privacy challenges faced in the IoT environment by the various sensor nodes. In this survey, the requirements of secure end-to-end communication among smart devices using efficient encryption and authentication methods are suggested. Vignesh and Samydurai [46] reviewed the three-layered architecture of IoT comprised of the application, network, and perception layers, along with the different types of security threats at these layers. They explained the effect of wireless signals, movement of IoT in the external environment, and the dynamism of the network model as the major challenges at the perception layer. At the network layer, the major highlighted challenges are DoS and Man-in-the-Middle attacks. The major issue that persists at the application layer is the variety of application policies.

Razzaq et al. [47] surveyed the different security requirements of an IoT system. The authors categorized the various IoT attacks into four classes: low level, medium level, high level, and extremely high level. They also suggested the possible ways out in handling these attacks. Maple [48] discussed the role of IoT devices in various domains like autonomous vehicles, health, industry 4.0, logistics, smart grid, agriculture, homes, offices, and entertainment. Along with the security, threats in all these application areas are also reviewed. They highlighted the security issues related to the physical limitations of the things, the versatility of the devices, authentication, authorization, and implementation. Various issues related to the privacy of the users are also discussed in this survey. Rughani [49] presented the various challenges faced by crime investigators to collect pieces of evidence from the smart IoT devices available at crime scenes. The author impressed upon the need for corrective measures for the issues to help in crime investigation and make the process easy. Corser et al. [50] discussed that to make the IoT systems more secure, the security of smart devices and networks needs to be improved. To improve device-level security, protection of data and dynamic testing play a major role. To make communication networks more reliable, there is a requirement for authentication, secure protocols, network division, and organization. Burhan et al. [51] presented a detailed survey on the different layers of the IoT architecture along with the potential attacks at each layer. The authors also reviewed various available mechanisms to handle these attacks and their limitations. Security issues in various IoT technologies like sensors, ZigBee, Bluetooth, RFID, Wi-Fi, and 5G networks are discussed in detail.

Servida and Casey [12] presented a detailed study of the vulnerabilities of smart devices. The authors discussed how these vulnerabilities can cause these devices to become victims of attacks. On the positive side, it is featured that these vulnerabilities can help the investigators capture digital traces and investigate the crime. Therefore, device vulnerabilities are both challenges and opportunities in crime. Blythe et al. [60] highlighted that the IoT environment lacks security features as the devices are not manufactured with security challenges taken into consideration. It is also discussed that at some events, even users do not use the available security features of the devices due to a lack of knowledge about the customization of these features. In this work, the authors impressed on the need for the standardization of communication and security protocols in IoT systems and highlighted the need for government intervention to assure security at the device level. Adesola et al. [61] suggested a novel IoT and big data-based smart model to investigate and control criminal activities in Nigeria. The authors also developed a prototype for the model. This model is useful to keep records of criminals. Abdullah et al. [16] discussed the security aspects of IoT by focusing on cybersecurity. Open research issues related to cybersecurity are highlighted along with possible corrective measures. The authors also applied the usage of blockchain technology to strengthen the cybersecurity aspect of IoT. Butun et al. [1] presented an in-depth review of various types of security attacks in wireless sensor networks and IoT systems. Various mechanisms for the prevention and detection of these attacks are also discussed in detail. The authors categorized the IoT attacks as active and passive attacks. It is also spotlighted that passive attacks cannot be identified using any mechanism. On the other hand, active attacks violate the integrity and confidentiality of data. Active attacks also cause unauthorized access to user data.

Stoyanova et al. [62] surveyed the various available models for digital forensics. Special consideration is given to the methods which are used to extract digital data by maintaining the privacy of the users. The authors presented open research challenges in the field of digital forensics by paying special attention to the need for more advanced forensic analyzing techniques and universally acceptable protocols. Tawalbeh et al. [63] discussed the various security and privacy challenges of IoT. The authors also proposed and evaluated a cloud-based IoT security solution. Atlam et al. [64] reviewed IoT architecture and communication technologies. Various IoT security challenges and threats are also discussed. The authors also explained the role of digital forensics in crime investigation. The need for employing real-time techniques in IoT forensics is highlighted as the need of the hour. Al-Khater et al. [65] presented a detailed review of various categories of cybercrimes in detail. Various cybercrime detection techniques using statistical methods, neural networks, machine learning, deep learning, fuzzy logic, data mining, computer vision, biometrics, and forensics are also discussed. The authors proposed the requirement of cybercriminal profiling, which can be used as a data set by the investigators in the process of investigation. Table 3 presents the comparison of existing security parameters and approaches in IoT cybercrimes.

Every layer of IoT is prone to security attacks and threats. These attacks may fall under any of the categories of active or passive and internal or external attacks [41, 42]. In passive IoT attacks, only the information transmitted on the network is observed, but the service is not affected. On the other hand, in active attacks, a service stops responding [98]. The various devices and services supported by each layer of IoT are prone to Denial of Service (DoS) attacks. Under DoS attacks, devices, services, and networks become unsalable to unauthorized users. In the same manner, Figure 8 describes the security threats faced by the perception layer, network layer, application layer, and transport layer and services supported at each layer which are discussed as follows:(i)Security threats in the perception layer: the very first issue faced by the various device nodes functioning in this layer is the intensity of the wireless signals as the signals become weaker due to environmental disturbances. The second issue is related to the physical attacks on the IoT devices as the various IoT nodes usually operate in the outdoor environment. The third issue is related to the dynamic to pology of the IoT systems which allows the frequent movement of the IoT nodes in and around the network. Different devices working in this layer use sensors and RFIDs. Because of their limited adequacy from the storage and computational point of view, these devices are prone to different kinds of security threats [41, 99]. Various kinds of devices operating in this layer are susceptible to replay attack, timing attacks, node capture attacks [45], and DoS attacks. All these security challenges can be dealt with by encryption, access control, and authentication [100](ii)Security threats in the network layer: along with the DoS attacks discussed previously, the network layer of an IoT system can also be targeted for silent monitoring, traffic analysis, and eavesdropping. The major reasons behind these attacks are the remote access and exchange of data. The vulnerability of this layer to a man-in-the-middle attack is terrific [41]. An unsecure communication channel is the root cause of eavesdropping. Communication technologies and protocols play a major role in stopping eavesdropping and further stopping identity theft. As the heterogeneity of devices is a major issue in the IoT systems, it is the biggest challenge to have more secure protocols in the network layer to deal with this diversity. Attackers also misuse the connectivity of the devices to steal user information for future attacks [101]. Along with ensuring the security of the network from the attackers, ensuring the security of the devices operating in the network is equally important. Consequently, the devices in the network must have the comprehension to safeguard themselves against network attacks. This can be obtained only with secure network protocols as well as smart applications [102](iii)Security threats in the application layer: lack of standard policies related to IoT systems causes many security challenges in the IoT applications and their development. As a variety of authentication mechanisms are used in different IoT applications, it is difficult to warrant data security and user authentication. The second major challenge is how to deal with the interaction of the user with applications, how to deal with the volume of data exchanged, and how to manage the different applications. The IoT users must be checked to confirm what they wish to share about themselves and how that information is to be used and by whom [42](iv)Security threats in the transport layer: common threats in the transport layer include cross-site scripting (XSS). In this type of attack, the malicious user injects client-side-based scripts like Java, HTML, or VBScript into a webpage that is frequently visited by the user. These scripts will be masked as valid requests between the browser (client-side) and the webserver. It can lead to data theft and manipulation. The other attacks include session hijacking, cross-site request forgery (CSRF), and Lightweight Directory Access Protocol (LDAP) injection [103] 350c69d7ab