A Layered Perspective for Addressing Cybersecurity Challenges and Countermeasures in IoT

The IoT is a growing concept with technical and socioeconomic importance. It is a cyber-physical ecosystem of interconnected services, devices (e.g., consumer electronics, sensors, actuators, etc.), and objects (e.g., vehicles, industrial and health components, etc.). The IoT merges the physical and cyber worlds into a new smart environment that significantly affects overall quality of life (QoL) and all its dimensions. One such dimension is the perception of cybersecurity, which is important for challenging IoT environments.

Cybersecurity is spread across the IoT architecture, which can be classified into one of three main categories: (i) three-layer architecture, (ii) four-layer architecture, and (iii) five-layer architecture. The layers are the sensor (perception) layer, the access layer, the middleware layer, the network layer, the service (application) layer, and the interface layer. Each layer contains various IoT devices and services vulnerable to malicious attacks that can disrupt or destroy the IoT environment.

In order to consider the cybersecurity perspective of IoT, a four-layer architecture consisting of the following layers may serve as follows:

1. The sensor layer, consisting of data sensors and networks, is characterized by four cybersecurity challenges: wireless signal strength, sensor exposure, topology dynamics, and communication, storage, and memory limitations. Confidentiality is the main focus of attacks on the sensing layer, which is vulnerable to the following attacks: timing attacks (where the attacker steals the encryption key connected to time information), malicious data attacks (where the attacker sends malicious data by adding another node to the network), replay attacks (where the attacker spoofs or changes the identity information of IoT devices), node capture attacks (where the attacker takes over nodes and captures useful information), and side-effect attacks (where the attacker leaks information through side channels).
2. Network layer serves the data transmission to different IoT devices over the Internet and mobile networks using recent technologies (e.g., Bluetooth, Zigbee, 3G/4G/5G, Wi-Fi, etc.). The main cybersecurity attacks, such as sybil attacks (stealing information by spreading malware, reducing integrity, and resource utilization), wormholes, spoofed, altered or replayed routing, focus on confidentiality, privacy, and compatibility.
3. Middleware layer is located between the network layer and the service layer for the purpose of data delivery. The authenticity, integrity, and confidentiality of data are the main focus of attacks on this layer. The following attack types are characteristic of this layer: malicious insider attacks (where internal attackers modify and extract data or information within the network), underlying attacks (Platform-as-a-Service (PaaS) attacks), attacks caused by third-party relationships (attacks caused by third-party components), and virtualization threats (damage to virtualization machines).
4. Application layer investigates all system functionalities for the end-users between whom malicious data is shared and exchanged. Common security issues at this layer include identity authentication and data privacy. This layer is sensitive to phishing attacks (where the attacker obtains useful information by stealing authentication authorization), Trojan horse attacks, viruses, worms, and spyware (where the attacker injects malware to deny service, modify data, or access confidential data), unauthorized access (where the attacker causes damage to the system), and malicious scripts.

At each IoT layer, security countermeasures have been proposed. Since Radio Frequency Identification (RFID) is the primary technology for IoT development, the cybersecurity measures involve data encryption, access control, Internet Protocol Security (IPSec)-based security channels, physical security, and cryptography technology schemes. Furthermore, Wireless Sensor Network (WSN) is an additional fundamental technology for IoT development and includes cybersecurity measures such as key management, secret key mechanisms, security routing protocols, access and authentication control, and physical security design. Finally, IoT security schemes can be summarized into three categories: Host Identity Protocol (HIP)-based schemes, Capability-based Access Control (CapBAC) schemes, and Datagram Transport Layer Security (DTLS)-based schemes.

Security schemes should be designed into IoT from the concept phase and integrated at each level. Security monitoring mechanisms should be embedded into IoT applications to prevent threats posed by other IoT applications and respond to unintended security or privacy breaches. Otherwise, IoT applications run the risk of undesirable results, such as insecure operation of IoT devices, stealing of confidential data, unauthorized access to payment channels, or impairment of user trust. Therefore, security solutions based on AI are required to cope with these outcomes. If not resolved, they may become barriers to the widespread deployment of IoT.

Author(s): Military Academy “General Mihailo Apostolski” – Skopje