Connected device security in IoT

  • CERT Admin
  • Wed Apr 01 2020
  • Cyber Guardian Blog

VOLUME 105


Introduction
Cyber attacks are the new way of attacking method without using any physical media or equipment. Enormous number of devices are interconnected to the internet so that one of them can be easily accessed and utilized from personal devices to home appliances and public services. Basically, the connection of devices makes it possible for someone to hack into one's coffee machine and then access the whole internet. If proper configurations are not taken for security features, in the future people will run across security challenges.



For instance, new cars can be hijacked through wi-fi and when automatic driving becomes popular, the threat for human life which is in the high scale in risk management becomes riskier. Therefore, security and risk management in IoT device should not be taken lightly when creating the new era of IoT.

The growth of IoT devices came with several challenges such as component trust, device authentication, hardware theft, physical tampering, finite lifetime, access control, data management, data collection, data privacy, data confidentiality, availability and DoS issues. Finding solutions to these security challenges have taken major interest in modern world of information technology.



Internet of things is the solution of technology, get savvy, solution on click of smart mobile phone or numerous other significant things. But now there is a problem about securing the IoT devices without lose of someone’s information, life or may put into trouble. IoT device security is mostly dependent on software. Specific software that use in the hardware, gives access of hardware data and information. Hackers can directly hack the device and easily steal information.

IoT security Solutions
IoT device can be vulnerable, if its software is not up to date. Because software updating is very important to devices. But there are many IoT devices. Then it quit difficult to update devices one by one. Possibility of the data exposure will be reduced, if devices stored encrypted or limited sensitive data. Additionally, IoT devices must have automatic remote deletion features to delete unnecessary data from devices. Most IoT devices are wireless and always switch ON. But if it is switch OFF once it is not in use, it will good to security. Code Obfuscation is the way toward altering an executable so that it is no longer useful to an attacker, however remains completely work. Creating a nonexclusive attack that would deal with all examples of the device would be made about out of reach with appropriate diversi?cation. The better tools are required for maximal adequacy against vulnerability analysis and exploitation. Obscurity can be a helpful strategy in any event, when executed in a credulous way.
A normal installed IoT working framework is collected from different pieces. These pieces, or object ?les, are spread out into a ?nal address format for a device. Since the design order is deterministic between pieces, a hacker can utilize the information on a solitary device case to ?gure out the format of another device case and afterward utilize this information to attack the framework further. We can acquaint arti?cial diversity to the linking stage to shuf?e the memory format while protecting functionality, a type of diversi?cation. It is link time reordering.

Local variables and execution ?ow information of function calls are hold by the heap of the program. The limits of variables and the area of the stack is frequently deterministic and known to the hacker alongside how the information will be utilized in the stack. It can allow malicious actor to perform assaults utilizing buffer over?ows in stack variables. By changing how the stack is being built per device, we can make it more dif?cult to perform stack-based attacks. Stack shuf?ing would suit well to the IoT condition for ?nding bugs and forestalling misuse as a result of its irrelevant performance drop.

Universal Serial Bus(USB) use commonly among IoT devices. USB network can give hackers lot of various approaches to attack a device. The USB port can be utilized to get to the IoT device's storage or ?ash in new ?rmware. At the point when this component is available, malicious software can be infused to the device. Integrity veri?cation for USB connectivity is a critical element for fortified physical-layer security. The host device requires a speci?c manufacturer defined identi?cation number from the associated USB drive to give it read as well as compose benefits.

Prevent unauthorized accessing to by utilizing the high security codes. After a specific measure of time these security code must be explored. Infection safeguard system ought to be generally excellent. Sign codes are the acceptable choice for the code security with the goal that malicious software cannot influence the framework.

In numerous IoT gadgets contain some sort of system call interface. The objective of system call diversi?cation is to make developing significant system calls dif?cult for a hacker. The hacker can't then for instance compose into a ?le descriptor to additionally misuse the framework. System call diversi?cation should basically be possible by adjusting the order for system calls with the goal that every device has a one of a kind and remotely unguessable order of the potential calls, for example, run executable calls and keeping in touch with a ?i.e.

From a business perspective, organizations ought to uphold security and protection policies, e.g., BYOD strategy. This should be possible utilizing enterprise grade encryption mechanisms for get to control so as to recognize any new associated device in the system. Furthermore, authentication, authorization, and accountability systems for IoT gadgets that straightforwardly associate with the system is required. In addition, the standard of least benefit ought to be executed to limit the capability of representatives to read, write and limit from getting to delicate corporate information from IoT device that have been undermined.

If, for any reason, the security issues can't be relieved, IoT electronic gadgets will in the long run should be restricted in profoundly sensitive places.



Conclusion
The number of IoT devices are increasing, while giving rise for the number of cyber security attacks. The threats for IoT devices should not be considered lightly as the risk is very high. Updating software, storing encrypted or limited sensitive data, switch off wireless devices when not in use, code Obfuscation, stack shuffling, link time reordering, integrity verification for USB connectivity, use high security codes, system call interfaces, organizational security and protection policies, enterprise grade encryption mechanisms, authentication, authorization and accountability systems for IoT devices, standard of least benefit ought to be executed to limit the capability of representatives read, write are IoT security solutions. If these implementations are not considered in IoT devices, they should be restricted in sensitive places as the risk levels are high.
By: Dinuwan Randunu

Dinuwan is an undergraduate of Sri Lanka Institute of Information Technology, Faculty of Computing who is currently following Bachelor of Science Honors in Information Technology Specializing in Cyber Security, currently, he is working as an Intern - Information Security Engineer at Sri Lanka CERT|CC

Last updated: Wed Apr 01 2020

Audience

Tags