The Internet of Things (IoT) is one of the modern technologies that has significantly impacted human lives. The Internet of Things refers to the connection of objects and devices over the Internet through a wireless or wired approach ( DeNardis, 2020a ). The popularity of IoT has led to increased use and multiple applications in areas like transportation, communication, business development, and education. The number of IoT devices has increased significantly in the recent past due to the massive use of wearable technologies, home automation, and smart energy meters (DeNardis, 2020b). Approximately 30 billion IoT devices exist in the current world, and the prediction is that there will be more than 50 billion devices by the end of 2022 (DeNardis, 2020a). However, the increase in IoT devices has also led to a new problem of cybersecurity issues. Lee (2020) discovered that 80% of organizations had experienced an attack on their IoT devices within the past 12 months. Cybersecurity threats could lead to damages in terms of stolen data. IoT devices are a new technology, and cybercriminals can take advantage of its cybersecurity challenges. Research shows that improving cybersecurity practices in the Internet of Things technologies should specifically focus on solving challenges that include inadequate industry standards, privacy issues, authentication problems, and poor testing and updating procedures.
Inadequate Security Industry Standards
One of the biggest cybersecurity challenges identified in research was the inadequate security challenges that govern IoT devices. Security standards are critical in ensuring safety for almost every technology device. However, the IoT is a technology that has undergone rapid development. The speed of development of IoT technology has outpaced the development of security standards. According to Chatfield and Reddick (2019), the United States federal government has been strategic and forward-thinking in the deployment of IoT technologies. However, there are no comprehensive policies or IoT best practice guidelines that can guide the manufacture and implementation of the devices. The security standards that govern IoT devices are unclear and ambiguous. Another challenge with the implementation of standard practices is that IoT devices can involve multiple components manufactured in different parts of the world ( Lu & Xu, 2018 ). Creating different parts separately creates a problem where different manufacturers can have different security standards.
Delegate your assignment to our experts and they will do the rest.
The speed of development of IoT devices shows that there is an urgent need for IoT research, policies, and use. Chatfield and Reddick (2019) observe that IoT policies should be created and implemented on both a national and international scale. The development of clear policies regarding the detection practices of IoT devices can create a standard framework for the development of the devices. Detection policies will ensure that every IoT device should showcase all other minor devices and components connected to the network system. The strategy will ensure that different manufacturers will be proactive in the development of secure devices. Any security breach due to the application of IoT devices will be easier to detect and analyze when all the devices in the network have been identified. Matheu et al. (2019) advocate for the development of a cybersecurity certification framework. Such a procedure will ensure that there is a comprehensive set of rules, technical requirements, standards, and procedures when implementing IoT technologies. The certification framework can be implemented on a regional or global scale to ensure that devices manufactured in different parts of the world meet the required standards.
Privacy Issues
Privacy is another security concern that comes about with the implementation of multiple IoT devices. IoT devices primarily function by transmitting and receiving data wirelessly. Hackers can also take over cameras and speakers to spy on businesses and individuals. Most IoT devices record information, and hackers can gain control of the devices to steal data or eavesdrop. Privacy concerns are also caused by the increased tracking and video recording capabilities of most devices. IoT devices are also interconnected, meaning that when a hacker gets access to a single device can use it to tap into other devices in the network (Matheu et al., 2019). One of the attacks that could take place due to the interconnected nature of IoT devices is man-in-the-middle (MITM) attacks. Such an attack involves a third party that hijacks communication and spoofing the identities of the devices involved in the communication exchange (Conti et al., 2017). The MITM attack occurs primarily on network technologies like GSM, and it targets the data flow between two endpoints. The confidentiality and integrity of the data in a MITM can be significantly compromised.
The issues of privacy when implementing IoT devices can be improved by focusing on improving the security of most devices. Abomhara & Koein (2015) observed that improving the security policies should focus on ensuring that the devices used for security exchange can be trusted and are reliable. Trust in the IoT implies that the hardware and software resources that make up the devices should come from reliable sources. As the IoT market continues to grow, many manufacturers and service providers continue to manufacture multiple devices that may not have the proper privacy and security measures. A man-in-in-the-middle attack can be prevented through having strong encryption mechanisms on the wireless communication channels (Cekerevac et al., 2017). Weak encryption can allow the attacker to use brute force and find a way through the network. A device that implements a strong encryption mechanism should generally be safer (Conti et al., 2017). One should also consider using various strategies like virtual private networks (VPNs) and strong login credentials when accessing IoT devices. Tawalbeh et al. (2020) advocated for a cloud/edge-supported IoT system reduce privacy issues. Implementing an IoT device using data stored in the cloud like Amazon Web Services (AWS) was found to improve the security procedures. The cloud service facilitates security protocols between different layers, ensuring the privacy of user’s information. Implementing certificates before allowing data transfer between layers of IoT technologies eliminated any possible security vulnerabilities.
Authentication Problems
Issues with device authentication can lead to a significant security threat when implementing IoT devices. Many IoT devices have poor authentication and authorization mechanisms that allow for the attacker to launch malicious attacks remotely and gain administrative privileges (Islam & Aktheruzzaman, 2020). Authentication is a method of identifying and verifying IoT devices and users so that it can only provide access to authorized users in the device's network. IoT devices are made of several interconnected devices that communicate with each other. It is necessary to properly control and authenticate all the devices connected to the network to prevent unauthorized devices and ensure that only genuine devices can access the network. Authentication vulnerabilities can lead to other threats in the network. For instance, one of the threats like a Denial of Service (DoS) attack can occur due to a poor authentication procedure on devices. Islam & Aktheruzzaman (2020) identified some technologies that could be compromised through having poor authentication procedures. The increased use of IoT technologies has made it possible to have contactless credit cards. Without having a proper authentication procedure, hackers can easily get access to the information on the cards, steal the information and use it to perform criminal activities.
One of the approaches to authenticated IoT devices involves using a shared secret key between them. The authentication procedure can be improved by ensuring that the sender and receiver have a way to authenticate the communication. All the devices in the IoT network need to verify other devices to assist in the prevention and detection of spoofing. Implementing software and systems that can facilitate the creation of shared keys can improve the security of the systems. For instance, having an algorithm like Triple Data Encryption Algorithm or using an Advanced Encryption Standard (AES) can facilitate proper authentication protocols (Surendran et al., 2018). Using public-key cryptography can also facilitate an improvement in IoT security. The PKI can be implemented in the form of an on-chip device on the device that allows for the generation of a key (Islam & Aktheruzzaman, 020). Using such a key will have other benefits like ensuring proper encryption, decryption, signature, and signing of interconnected IoT devices. The limit to using such a system is that the attacker can gain access to the secret key and use it to compromise the entire network infrastructure. Nevertheless, it is necessary to properly authenticate and control IoT devices. Strong authentication can prevent other attacks like eavesdropping, replay attacks, man-in-the-middle attacks, and brute force attacks.
Poor Testing and Updating Procedures
IoT technologies have the challenge of determining whether it has been properly tested to comply with various security issues. The IoT technology is growing rapidly, and most manufacturers are hardly keen to ensure that the devices have the proper security standards. The concern of most manufacturers is to quickly invent new products and to ensure that the development process is quick. Hastening the manufacturing process means that manufacturers may not be keen on compliance and testing requirements. The result is that there can be the production of IoT devices that have poor security protocols. One example of such a vulnerability can occur when wearable devices like fitness trackers can remain connected on Bluetooth devices after use, and that smart refrigerators can expose login credentials and email addresses. (Bures et al., 2018). The rapid manufacture of IoT devices also increases the likelihood of having rogue and counterfeit devices. Rogue IoT devices can be connected with other platforms without much authorization. Such devices can easily get access to the access point, video cameras, and other devices using wireless technology. Manufacturers of IoT devices need to ensure that their devices undergo proper testing to prevent any possible rogue devices from accessing their systems.
Most IoT devices are rarely updated and become insecure after some time. The challenge with the use of IoT devices is that they are designed for manufacture and deployment on a massive scale. The deployment of similar devices increases the risks of security that could be on a large scale. Hackers can take advantage of the security issues and establish communication among devices in an irregular way (Matheu et al., 2019). Updating IoT devices is critical to ensuring that any bugs or security issues are resolved before hackers take advantage of them. However, IoT manufacturers rarely produce devices with longevity in mind and thus do not provide a way to update the IoT devices. Manufacturers can be constantly involved in the production of the next IoT device and may not critically consider having the right updates and solutions for a device already in use. There is a need for all IoT devices to have a systematic approach to update them to resolve any possible security issues.
Improving the security of IoT devices should focus on the connection of the devices. Bures et al. (2018) advocate for an improvement in the quality assurance and testing methods applied in IoT solutions. The primary approach to be taken should involve analyzing the security issues of the device when connected to other devices and checking for any problems that could be caused by using the devices on different platforms. Having a cybersecurity certification framework for testing IoT devices will also be critical in improving the security policies of the devices (Matheu et al., 2019). Having a policy and standard for testing the IoT devices and ensuring that the devices meet certain security guidelines throughout the testing phase will improve the security practices.
Conclusion
The analysis of cybersecurity issues in the implementation of the Internet of Things revealed that security policies, privacy, authentication, and testing and updating of the devices were the most prominent issues. The future of IoT is dependent on solving these security challenges. The development of security policies should match the current development and growth of IoT devices. Future research should focus on how the security standards can be implemented at an international scale as IoT devices are manufactured in different parts of the world. Privacy is also a major concern when using and implementing IoT devices. Most devices can be used for surveillance and tracking, presenting problems when a hacker gets access to the device. Research should focus on various privacy issues that could emerge and strategies to mitigate them. Authentication issues occurred due to the interception of communication between two devices. Future research should focus on how strategies like encryption and public key infrastructures can be specifically applied to improve the security of IoT devices. Updating and testing of the devices should also be thorough. Research should focus on specific policies and standards that can be implementing for testing and updating the devices.
References
Abomhara, M., & Køien, G. M. (2015). Cybersecurity and the internet of things: vulnerabilities, threats, intruders, and attacks. Journal of Cyber Security and Mobility , 65-88.
Bures, M., Cerny, T., & Ahmed, B. S. (2018, June). Internet of things: Current challenges in the quality assurance and testing methods. In International Conference on Information Science and Applications (pp. 625-634). Springer, Singapore.
Chatfield, A. T., & Reddick, C. G. (2019). A framework for Internet of Things-enabled smart government: A case of IoT cybersecurity policies and use cases in US federal government. Government Information Quarterly , 36 (2), 346-357.
Cekerevac, Z., Dvorak, Z., Prigoda, L., & Cekerevac, P. (2017). Internet of things and the man-in-the-middle attacks–security and economic risks. MEST Journal , 5 (2), 15-25.
Conti, M., Dragoni, N., & Lesyk, V. (2017). A survey of man in the middle attacks. IEEE Communications Surveys & Tutorials , 18 (3), 2027-2051.
DeNardis, L. (2020a). The Internet in everything: Freedom and security in a world with no off switch . Yale University Press.
DeNardis, L. (2020b). 2. The Cyber-Physical Disruption. In The Internet in Everything (pp. 25-56). Yale University Press.
Islam, M. R., & Aktheruzzaman, K. M. (2020). An Analysis of Cybersecurity Attacks against Internet of Things and Security Solutions. Journal of Computer and Communications , 8 (4), 11-25.
Lee, I. (2020). Internet of Things (IoT) Cybersecurity: Literature Review and IoT Cyber Risk Management. Future Internet , 12 (9), 157.
Lu, Y., & Da Xu, L. (2018). Internet of Things (IoT) cybersecurity research: A review of current research topics. IEEE Internet of Things Journal , 6 (2), 2103-2115.
Matheu, S. N., Hernandez-Ramos, J. L., & Skarmeta, A. F. (2019). Toward a cybersecurity certification framework for the Internet of Things. IEEE Security & Privacy , 17 (3), 66-76.
Surendran, S., Nassef, A., & Beheshti, B. D. (2018, May). A survey of cryptographic algorithms for IoT devices. In 2018 IEEE Long Island Systems, Applications, and Technology Conference (LISAT) (pp. 1-8).
Tawalbeh, L. A., Muheidat, F., Tawalbeh, M., & Quwaider, M. (2020). IoT Privacy and security: Challenges and solutions. Applied Sciences , 10 (12), 4102.
