In recent years, the services related to internet of things (IoT) devices have become more pervasive all around the world and as they become more and more involved in our daily and personal lives. Its recent development was rapid since it has the ability to provide different types of services which makes our lives easier due to which it has become one of the fastest growing technology and has a huge impact our social lives and our business environments. We see the use of IoT devices all around us, such as businesses, healthcare systems, education, information storage, finances, marketing and much more. But with its enormous growing demand, there is a much greater need for analyzing and mitigating its security vulnerabilities.
In information systems, securing any system is defined as the process of protecting it against unauthorized access, which is achieved by maintaining the integrity and confidentiality of the system. But it is almost impossible to have an object/system in a perfectly secure state and still be useful (Kizza), there is and will always be a need for securing and protecting any system and the same security requirements are needed for securing IoT devices and ensuring the security of IoT environment includes the maintenance of security for both intangible objects such as data, information and services, as well as tangible objects such as devices.
In the IoT domain, there are three main concepts that are associated with each other to perform their functions to their fullest. These main concepts are; devices, entities and services where devices are attached to entities, which are in turn associated resources to provide services. Entities in the IoT could be a human for example that interact with the devices which then provide services. In today’s modern technology, M2M that stands for Machine to Machine is one of the most popular IoT application, and are currently used in many services such as retail, healthcare systems, transportation, oil and water industries. They aide in controlling, maintaining and monitoring the machinery, users and production processes in such industries. According to recent estimates made, by 2020, machine to machine form of IoT will possibly reach around 12 billion connections (Andreev and Koucheryavy).
The reason why the IoT devices are much vulnerable and valuable to cyber attackers is that most IoT systems uses wireless signals to communicate where the attacker can easily gain access to the system by eavesdropping. Most IoT devices are designed to operate unattended without the intervention and supervision of humans hence making it easier for attackers to obtain information. Moreover, IoT devices mostly are designed to support complex security schemes due to the fact that they are designed low powered. For instance, a home automation system can be easily gained accessed to, where the attackers can collect information through the sensors that are embedded In the heating and cooling systems and can find out when somebody is not home and can give this information to intruders hence endangering the security of someone’s home. Another example is of how attackers can hack the public infrastructure such as a utility system and can cause power outage or water outage problems.
The three key problems that the world of IoT devices face, include; confidentiality, data privacy and trust. Privacy on one hand is a a critical issue for IoT devices, since entities exchange information over the internet, it renders the privay of the users which is sensitive subject matter. Whereas, data confidentiality represents another critical issue, where attackers could easily access confidential data that they are not authorized to access. In addition, trust in IoT systems plays an important role in making sure that there is a secure channel established for communication that the entities can securely use.
Concerns over security and privacy for IoT devices are growing for both suppliers and users, therefore ensuring the security of IoT devices and services means both the devices and the services that they provide should be protected from any unauthorized and malicious activity both externally and within the device. The reason for these growing concerns is that IoT devices have particular set of vulnerabilities, such as weaknesses in; procedure and policies that the system uses, software and hardware, and the system users (Kizza). Hardware vulnerabilities are usually hard to identify and much difficult to fix after identifying the weakness and or flaws in the hardware of the system. Whereas software design flaws are due usually due to two factors; the complexity of the software used and human factors. Due to these vulnerabilities, the IoT devices can become potential targets to physical attacks, reconnaissance attacks, denial of service, access attacks and privacy attacks.
In conclusion, this exponential growth in the use of IoT devices is leading to greater concerns of privacy security risks, in order for the consumer to take full benefit of IoT devices they need full assurance of the security of IoT devices and much work and research needed to be done in order to fully ensure that. And both the vendors and the end-users have their own set of responsibilities to make that happen. In future works, the aim should be of gaining a deeper knowledge of the system’s infrastructure and the threats concerning IoT devices. During the early development of such products, the vendors need to consider flexible trust management framework, and a suitable security mechanism for access control to further help in identifying major issues and concerns and in providing a better understanding of its proper use to end-users to help them make good and secure use of their IoT system.