IoT Security Threats: Authentication and Denial of Service
IoT Security Threats: Authentication and Denial of Service
Recent Gartner research predicts that there will be more than 2.9 billion connected IoT devices in consumer smart home environments in 2015. These connected devices could provide a much larger surface for attackers to target home networks (Barcena & Wueest, 2015).
The use of weak passwords is a security issue that has repeatedly been seen in IoT devices. These devices often do not have a keyboard, so configuration has to be done remotely. Unfortunately, not all vendors force the user to change the devices' default passwords and many have unnecessary restrictions which make the implementation of long, complex passwords impossible (Barcena & Wueest, 2015).
Denial of Service attacks can affect the operations of an IoT device. The wireless medium is open by nature, so actions such as jamming, eavesdropping, or message injection are more practical and can go unnoticed. In most cases, it's possible to manipulate the execution of the wireless protocol via the transmission of forged media access control (MAC) layer messages. More precisely, the 802.11 (Wi-Fi) protocol has been shown to be susceptible to denial-of-service (DoS) and man-in-the-middle (MiM) attacks as well as to cracking of the secret key (Kolias, Stavrou, Voas, Bojanova, & Kuhn, 2016).
A quiet revolution that impacts several sectors, ranging over transport, home automation, energy, industrial control, and health services is undergoing with addition of new networked devices leading to enhanced services. Information security requirements that are common over several sectors, and in particular ones that impact critical societal services — namely the energy, water, and health management systems — must be identified and addressed (Barcena & Wueest, 2015).
Research Variables and Questions
Independent Variable: Weak authentication and authorization methods, denial of service attacks, and malware are security threats.
Dependent Variable: Internet of Things (IoT) devices correlated with security threats.
Research Questions:
Why do implementations of weak authentication and authorization methods change security risks to IoT devices?
Do denial of service attacks affect IoT device security and availability?
Hypothesis
Weak authentication and authorization methods on IoT devices increase the threat of device penetration because breaking into weak authentication and authorization (clear text HTTP post) devices will be easier and faster than breaking into an IoT device with a high or strong encryption method (HTTPS or SSL).
An increase in denial of service attacks on IoT devices will decrease the availability of those devices because it will not allow the IoT device to function by flooding the communication ports.
Null Hypothesis
Weak authentication and authorization methods on IoT devices does not increase the threat of device penetration because breaking into weak authentication and authorization (clear text HTTP post) devices will be easier and faster than breaking into an IoT device with a high or strong encryption method (HTTPS or SSL).
An increase in denial of service attacks on IoT devices will not decrease the availability of those devices because it will not allow the IoT device to function by flooding the communication ports.
Research Challenges
The APUS library information had more robust information compared to Google searches using the same keyword. Much of the information in the APUS library is peer reviewed and provides better quality and detail.
A Google search of "Internet of Things Security" returned a high amount of paid advertisements and then beyond those search results were many vendor white papers explaining the terms and laying out why their product or service can help with Internet of Things security.
References
Barcena, M. B., & Wueest, C. (2015). Insecurity in the Internet of Things. Symantec.
Kolias, C., Stavrou, A., Voas, J., Bojanova, I., & Kuhn, R. (2016). Learning Internet-of-Things security hands-on. IEEE Security & Privacy, 14(1), 37–46.