Literature Review on Security Problems of Internet of Things
Abstract
Security problem is always one factor that should be carefully considered when designing an Internet of Things (IoT) application. As the total number and density of IoT node keep increasing dramatically, more attention should be paid to the IoT’s security problems. From networking point of view, IoT can be divided into three layers, and each layer has its specific security problems. Through my research, I think that designing a lightweight key distribution method based on public key encryption could be my following research direction.
Introduction
The concept of Internet of Things(IoT) has become a research hotspot in both academic and industrial communities for a few years, and will still be a fast-developing innovation that will change humans live style to a great extent. With the rapid development of IoT, a variety of IoT applications have already been implemented and contribute to our every life. Typical examples are Smart Home, wearable devices, smart phones with sensors, Smart Grid and so on [1].
However, although various IoT applications have shown their impact to the society as a whole, all these applications used today are still the tip of the iceberg, and currently IoT is still at its early stage. With the quantity and density of sensing keep growing steadily, people believe that mature IoT applications will make a significant qualitative change in how we work and live, providing unpredictable services [2]. Achieving that requires improvements in IoT’s scalability, robustness as well as openness.
Security has always been an important factor when designing an IoT application. Indicating by the fact that IoT will play a more indispensable role in future society, security problem of IoT is getting more critical. If security problem cannot been appropriately solved, it will definitely restrict the development of IoT. Technically speaking, IoT is a technology born out of a network, and currently IoT applications are still mainly built on the basis of the Internet. Therefore, IoT also faces the security problems that arise in the Internet in same or different ways [4]. Moreover, the inherent difference between IoT and traditional network indicates that different security strategies should be considered when solving specific security problems.
In this report, I will firstly compare the difference of security problems between IoT and traditional networks. Then, I will introduce the framework of IoT security, dividing security architecture into layers. After that, I will mainly concentrate on the security problems and corresponding technologies in perception layer. At the last part of the report, I will introduce current security technologies for RFID and Wireless Sensor Networks which are most widely used technologies in IoT.
Analysis of Security Problem in IoT
3.1 Overview
Since IoT is developed from networks, IoT also faces all the security problems arise in Internet, such as confidential communication, data privacy, authentication algorithm, trust management and so on. In addition, Internet of Things application has its specific security problems due to the inherent limitations in computational resource, storage, and working environment. [5] analyzes the potential attacks on IoT systems, including physical attacks, side channel attacks, cryptanalysis attacks, software attacks and network attacks. To meet the security requirements for realistic application, IoT system must be able to continue to operate steadily in presence of, and to recover from, security attacks [2].
3.2 Difference of security problems between IoT and traditional networks
Security issues in Internet of Things are different from traditional networks in several aspects as shown below.
First and most important difference is about resources. The Internet of Things are composed with a plethora of cheap, tiny energy-efficient communicating devices, such as RFID tags and sensors. Meanwhile, sensor nodes will still be the main component of Internet of Things for a long period in the future[2]. So, the resource in IoT is extremely limited, which poses difficulties for using security applications that requires large computer power. In the contrary, traditional networks are composed with PC, routers, servers, smart phones whose resources are rich.
Secondly, the connections between IoT nodes are usually through slow, insecure wireless channel, while traditional networks are using faster, reliable , secure wire or wireless communication.
Last by not least, although some sensor nodes working in specific environment has operating system, most cheap IoT nodes usually only have a simple embedded program for the chip [6]. Different IoT applications are designed for diversity working tasks, and this will result in heterogeneous data contents and data formats. By contrast, although devices in the Internet are still different, their data formats obey familiar rules and are almost the same with Window Family and Unix-like operating systems [3].
3.3 Security framework for Internet of Things
Until now, there is not a standard architecture for the Internet of Things. Since 2014, the project IEEE P2413 WG starts to make the standard for an architectural framework for the Internet of Things, and the project is expected to be finished by 2020 [7]. According to the proposed architecture of ITU-Y Y2002, the Internet of Things is divided into three layers: perception layer, transportation layer, and application layer [8].
The main task for perception layer is about information collection. More detailed, from the hardware point of view, the perception layer can be divided into two sublayers: perception node layer and perception network. Perception node mainly concentrates on raw data collection and processing while the perception network transmits collected data to the gateway [3]. Radio Frequency Identifier (RFID) and Wireless Sensor Network (WSNs) are the two most widely used technologies in perception layer.
Different from the transportation layer in OSI network model, transportation layer in IoT provides ubiquitous access for corresponding perception layer, perception of information storage and transmission and application layer load other related businesses [9]. IoT’s transportation layer is composed with access network core network as well as local area network. Ad hoc network, GPRS, and WIFI are typical types of networks which are used as access networks.
IoT’s application layer consists application support layer and IoT application. The former includes Middleware technology, clouding computing, information development platform and so on.
The following content will concentrate on IoT perception layer’s security problems.
3.4 Security problem in IoT perception layer
As analyzed above, the main technologies used in perception layer are RFID and Wireless Sensor Networks. The following content will analyze the security problems and security support technologies for both RFID and WSNs one after another.
3.4.1 RFID Security
The security problems in RFID include, but not limit to, collision issue, data privacy, and standard encoding.
3.4.1.1 Collision
The collision issues of RFID can be divided into two categories, tag’s collision and reader’s collision [10]. Tag’s collision happens when a reader receives reflection signal from two or more tags simultaneously, and it will cause the reader unable to receive the data correctly. By contrast, reader’s collision is the case that one tag’s signal received by two or more readers, which will cause information redundancy and resource waste.
Tag’s anti-collision algorithm has been studied adequately, but methods for reader’s collision is still developing [3]. [11] presents a novel solution-central cooperator RFID, which shares the tag information among adjacent readers in RFID network to solve reader collision problem, based on the fact that if the same tags could be read by one reader and shared with others, the reading efficiency in collision problem will increase. Song et al. presented a anti-collision method using RFID reader slot occupied probability [12]. There is also algorithm to reducing the overlapping areas of RFID clusters, and consequently reduce the probability of RFID reader’s collision, by using adaptive and dynamic localized scheme [13].
3.4.1.2 Data privacy
Since RFID tags has limited computational resource and low storage capacity, they required lightweight solutions for privacy protection. Current RFID’s privacy technologies can be divided into two categories, schemes based on physical feature and based on password.
A well-known technique of physical-based privacy protection scheme was published by Juels et al. in 2004, called Blocker tag [15]. The main idea of Blocker tag was dynamically changing tag’s IDs, called pseudonyms to hinder tracking, and meanwhile user’s RFID tags should have their IDs changed at the same so that the adversary could not track the previous IDs. Based on [15], Blaskiewicz et al presented a set of methods to increase RFID privacy by using device called Hedgehog blocker [16]. There are also physical-based privacy protection method based on Kill Command method, clip tags and so on [17, 18].
Password-based schemes always using hash function to build the password scheme for the privacy protection algorithm. Juels et al used a method called “selective blocking” to protect consumers from unwanted scanning of RFID tags attached to items they had [19]. The main idea was when an RFID tags was carried by a consumer, a blocker tag could block the RFID tags selectively by simulating only selected subsets of ID codes.
3.4.1.3 Encoding Standard
Currently, the most widely used coding standards of RFID tags are the Universal Identification (UID) supported by Japan and Electronic Product Code (EPC) supported by European. However, there is still no official international encoding standard for RFID tags. RFID’s scalability will decease if there is no universal encoding standard [3].
3.4.2 Security of Wireless Sensor Networks
Same as RFID, WSNs have limited resources in computational capacity and storage, meanwhile, each sensor node in WSNs has limited sensing scope, so a large number of sensing codes are required to construct complex WSNs application, causing diverse security problems [3]. Security problems of wireless sensor networks include, but not limit to, cryptographic algorithms, key management, trust management and so on. The following content mainly concentrates on cryptographic algorithms and key management method in wireless sensor networks.
3.4.2.1 Cryptographic Algorithms of WSNs
Encryption has always been the method to ensure confidentiality of a system. Generally speaking, encryption method can be divided into two categories: symmetric encryption and asymmetric encryption. As for the confidentiality of wireless sensor network, currently symmetric encryption methods are widely used due to their simple mechanism and small amount of calculation, which fits the properties of sensor node very well. On the contrary, limited by the high computational complexity of energy consumption, asymmetric encryption methods are usually difficult to be applied to wireless sensor networks.
However, as known in general cryptography applications, symmetric encryption has its inherent limitation in key exchange protocol, confidentiality of the key and message authentication [20]. Recently, attracted by the simple key management protocol, research on using asymmetric encryption methods in wireless sensor networks developed rapidly.
Currently, research has shown that through appropriate platform and with well-selected parameters, public/asymmetric encryption can be used in wireless sensor networks whose resources are limited [21]. In 2004, Malan. et al first implemented elliptic curve cryptography for sensor networks based on the 8-bit, 7,3828-MHz MICA2 mote [22].
In summary, both symmetric encryption and asymmetric encryption have advantage for wireless sensor network, but neither of them could solve the confidentiality of WSNs individually. Symmetric encryption is simple to use in WSNs, but always as a compromise with security strength decreasing. Asymmetric encryption can ensure high security but current research is still in experimental stage [3].
3.4.2.2 Key management of WSNs
Generally speaking, key management can be divided into four parts: secret key generation, key distribution, key storage and key updating. In WSNs fields, how to design a lightweight key distribution method with high security strength is the main problem [3]. Same as cryptographic issues, key distribution in WSNs can also be divided into two categories: key distribution algorithm based on symmetric key encryption and algorithm based on asymmetric key encryption.
No surprise, key distribution algorithms based on symmetric encryption are currently widely used in wireless sensor networks due to their low requirements on computational resource, storage capacity and power consumption. Perrig et al presented a centralized key distribution scheme called SPINS. SPINS was composed with two parts: SNEP, which worked for data confidentiality, authentication, and TESLA worked for the broadcast in resource-constrained environment [23]. Chan. et al used pre-distributing scheme combined with random graph theory, which could guarantee the security of the system with high probability [24].
Key distribution based on public key encryption also draw more and more attention with the development in sensor hardware acceleration and software optimization, but research in this field is still developing. Similarly, the combination of public key and private key distribution is also a research spot of wireless sensor networks.
4 Conclusion
From the perception layer’s point of view, an efficient asymmetric encryption method as well as a lightweight key distribution method based on public key encryption are required, and could be considered as my future research direction. Meanwhile, research on transportation layer and application layer, such as lightweight routing protocol, should also be paid enough attention.