Internet de las Cosas: una revisión sobre los retos de seguridad y sus contramedidas

  • Luis Fernando Gélvez-Rodríguez Universidad de Pamplona
  • Luz Marina Santos-Jaimes Universidad de Pamplona
Palabras clave: Amenaza, Contramedida, Internet de las Cosas, Seguridad, Vulnerabilidad

Resumen

En la última década con el surgimiento del paradigma de Internet de las Cosas y su gran acogida y expansión en diferentes dominios de aplicación, han surgido nuevos retos que dejan ver una gran problemática en lo referente a la gestión de la seguridad de la información, los cuales representan un riesgo importante para las organizaciones y los usuarios finales que ya están implementando este paradigma en sus actividades y procesos. Frente a esta problemática se han venido desarrollando algunos estudios desde diferentes puntos de vista, abarcando varios dominios de aplicación, pero sin presentar aún una visión unificada de cómo afrontar los riesgos asociados a la implementación de tecnologías IoT en las organizaciones. En el presente estudio se ha recopilado diversos trabajos de la última década donde se expone diferentes vulnerabilidades y amenazas que suelen presentarse de forma específica en entornos que implementan Internet de las Cosas, así como diferentes propuestas para gestionar la seguridad de información frente a los retos emergentes.

Biografía del autor/a

Luis Fernando Gélvez-Rodríguez, Universidad de Pamplona

Ingeniero de Sistemas con 9 años de experiencia en administración de sistemas, virtualización, servicios en la nube, manejo de base de datos MySQL y PostgreSQL, administración de servidores en Windows y Linux, servicios de Backup, desarrollo de páginas web dinámicas (JSP), gestión de proyectos, ingeniería de software y planeación estratégica, ciencias de la computación, análisis, diseño e implementación de sistemas de información.

He prestado mis servicios para empresas como CENS S.A E.S.P Grupo EPM y EMSITEL S.A.S manejando diferentes servicios de infraestructura tecnológica en clientes corporativos y de gobierno.

Referencias bibliográficas

J. H. Ziegeldorf, O. Garcia y K. Wehrle, "Privacy in the Internet of Things: threats and challenges," Security and Communication Networks, vol. 7, nº 12, pp. 2728-2742, 2014. Recuperado de: https://arxiv.org/ftp/arxiv/papers/1505/1505.07683.pdf

L. A. Zabala Jaramillo, "Gestión de la Seguridad en el Internet de las Cosas," Universidad Piloto de Colombia, 2016.

C. Stergiou, K. E. Psannis, B. G. Kim y B. Guptac, "Secure integration of IoT and cloud computing," Future Generation Computer Systems, vol. 78, pp. 964-975, 2018. Doi: 10.1016/j.future.2016.11.031

M. Alcaraz, "Internet de las Cosas," Universidad Católica Nuestra Señora de la Asuncón, pp. 1-27,2014.Recuperado de: http://jeuazarru.com/wpcontent/uploads/2014/10/Internet-of-Things.pdf

F. Aljaafari, L. C. Cordeiro y M. A. Mustafa, "Verifying Software Vulnerabilities in IoT Cryptographic Protocols," arXiv preprint, 2020. Recuperado de: https://arxiv.org/abs/2001.09837

L. Atzori, A. Iera y G. Morabito, "The internet of things: A survey," Computer networks, vol. 54, nº 15, pp. 2787--2805, 2010. Doi: https://doi.org/10.1016/j.comnet.2010.05.010

J. S. Kumar y D. R. Patel, "A survey on internet of things: Security and privacy issues," International Journal of Computer Applications, vol. 90, nº 11, pp. 20-26, 2014. Doi: 10.5120 / 15764-4454

I. Butun, P. Österberg y H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures," IEEE Communications Surveys & Tutorials, pp. 1-24, 2019.

J. Gubbi, R. Buyya, S. Marusic y M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions," Future generation computer systems, vol. 29, nº 7, pp. 1645-1660, 2013. Doi: https://doi.org/10.1016/j.future.2013.01.010

A. R. Sfar, E. Natalizio, Y. Challal y Z. Chtourou, "A roadmap for security challenges in the Internet of Things," Digital Communications and Networks, vol. 4, nº 2, pp. 118-137, 2018. Doi: https://doi.org/10.1016/j.dcan.2017.04.003

Y. G. Gonzalez Larin, "El Internet de las Cosas y sus riesgos para la privacidad," Universidad Piloto de Colombia, pp. 1-10,2017. Recuperado de: http://polux.unipiloto.edu.co:8080/00003525.pdf

K. Chen, S. Zhang, Z. Li, Y. Zhang, Q. Deng, S. Ray y Y. Jin, "Internet-of-Things Security and Vulnerabilities: Taxonomy, Challenges, and Practice," Journal of Hardware and Systems Security, pp. 1--14, 2018. Recuperado de: https://link.springer.com/article/10.1007/s41635-017-0029-7

H. Ning y H. Liu, "Cyberentity Security in the Internet of Things," Computer, vol. 46, nº 4, pp. 46-53, 2013. Doi: 10.1109/MC.2013.74

A. Tejero, "Metodología de Análisis de Riesgos para la mejora de la seguridad de Internet de las cosas," Universidad Politécnica de Madrid, Madrid,pp.1-36,2017.Doi: 10.13140/RG.2.2.16026.24005

J. A. Molina Garcia, "La Importancia de la Gestion de Riesgos y Seguridad en el Internet de las Cosas," Universidad de Piloto de Colombia, Bogotá,pp. 1-12, 2019.

CORDIS, "Project Final Report: Internet of Things Architecture," 2013.

M. Farooq, M. Waseem, A. Khairi y S. Mazhar, "A Critical Analysis on the Security Concerns of Internet of Things (IoT)," International Journal of Computer Applications, vol. 111, nº 7, 2015.

H. Suo, J. Wan, C. Zou y J. Liu, "Security in the Internet of Things: A Review," IEEE, vol. 3, pp. 648-651,2012.Recuperado de: https://ieeexplore.ieee.org/document/6188257

R. Khan, S. U. Khan, R. Zaheer y S. Khan, "Future internet: the internet of things architecture, possible applications and key challenges," in 2012 10th International Conference on Frontiers of Information Technology (FIT), 2012.

S. Alam, M. M. R. Chowdhury y J. Noll, "Interoperability of security-enabled internet of things," Wireless Personal Communications, vol. 61, nº 3, pp. 567--586, 2011. Doi: 10.1007/s11277-011-0384-6

L. Zhou y H.-C. Chao, "Multimedia traffic security architecture for the internet of things," IEEE Network, vol. 25, nº 3, 2011.

P. P. Jayaraman, X. Yangb, A. Yavari y D. Georgakopoulos, "Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation," Future Generation Computer Systems, vol. 76, pp.540-549,2017.Doi: https://doi.org/10.1016/j.future.2017.03.001

N. Madaan, M. A. Ahad y S. M. Sastry, "Data integration in IoT ecosystem: Information linkage as a privacy threat," Computer law & security review, vol. 34, nº 1, pp. 125-133, 2018.

J. L. Hernandez Ramos, Desarrollo de un Framework de Seguridad y Privacidad, Murcia: Universidad de Murcia, 2016.

S. Sicari, A. Rizzardi, L. Grieco y A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer networks, vol.76,pp.146--164,2015.Doi: https://doi.org/10.1016/j.comnet.2014.11.008

I. Andrea, C. Chrysostomou y G. Hadjichristofi, "Internet of Things: Security vulnerabilities and challenges," in 2015 IEEE Symposium on Computers and Communication, Larnaca, 2015.

F. Hoffman, "Industrial internet of things vulnerabilities and threats: what stakeholders need to consider," Issues in Information Systems, vol. 20, nº 1, 2019.

L. Malina, J. Hajny, R. Fujdiak y J. Hosek, "On perspective of security and privacy-preserving solutions in the internet of things," Computer Networks, vol. 102, pp. 83-95, 2016.Doi: ttps://doi.org/10.1016/j.comnet.2016.03.011

T. Alladi, V. Chamola, B. Sikda y K.-K. R. Choo, "Consumer IoT: Security Vulnerability Case Studies and Solutions," IEEE Consumer Electronics Magazine, pp. 17-25, 2020.Doi: 10.1109/MCE.2019.2953740

K. V. English, I. Obaidat y M. Sridhar, "Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices," de 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, 2019.

R. Antrobus, B. Green, S. Frey y A. Rashid, "The forgotten i in iiot: a vulnerability scanner for industrial internet of things," 2019. Recuperado de: https://ieeexplore.ieee.org/document/9037990

B. Khoo, "RFID as an Enabler of the Internet of Things: Issues of Security and Privacy," in Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, New York, 2011.

G. HANCKE, K. MARKANTONAKIS y K. MAYES, "Security Challenges for User-Oriented RFID Applications within the "Internet of Things"," Internet Technology Journal, vol. 11, nº 3, pp. 307-313, Mayo 2010.

J. Granjal, E. Monteiro y J. S. Silva, "Security for the internet of things: a survey of existing protocols and open research issues," IEEE Communications Surveys & Tutorials, vol. 17, nº 3, pp. 1294--1312, 2015. Recuperado de: https://ieeexplore.ieee.org/document/7005393

M. Ingham, J. Marchang y D. Bhowmik, "IoT Security Vulnerabilities and Predictive Signal Jamming Attack Analysis in LoRaWAN," IET Information Security,2020.Recuperado de: 10.1049/iet-ifs.2019.0447

P. C. Evans y M. Annunziata, "Industrial internet: Pushing the boundaries of minds and machines," General Electric Reports, pp. 488-508, 2012.

H. Boyes, B. Hallaq, J. Cunningham y T. Watson, "The industrial internet of things (IIoT): An analysis framework," Computers in Industry, vol.101,pp.1-12,2018.Doi: https://doi.org/10.1016/j.compind.2018.04.015

J. Men, G. Xu, Z. Han, Z. Sun, X. Zhou, W. Lian y X. Cheng, "Finding sands in the eyes: vulnerabilities discovery in IoT with EUFuzzer on human machine interface," IEEE Access, vol. 7, pp. 103751--103759, 2019.

M. Zolanvari, M. A. Teixeira, L. Gupta, . K. M. Khan y R. Jain, "Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things," IEEE Internet of Things Journal, vol. 6, nº 4, pp. 6822--6834, 2019.

K. Angrishi, "Urning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets," arXiv preprint, 2017.

D. Wang, X. Zhang, T. Chen y J. Li, "Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface," Security and Communication Networks,2019.Doi: https://doi.org/10.1155/2019/5076324

L. Costa, J. P. Barros y M. Tavares, "Vulnerabilities in IoT Devices for Smart Home Environment," in 5th International Conference on Information Systems Security e Privacy, ICISSP 2019, Praga, 2019.

N. Apthorpe, D. Reisman y N. Feamster, "A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic," arXiv preprint, 2017.

N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum y N. Ghani, "Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations," IEEE Communications Surveys & Tutorials, vol. 21, nº 3, pp. 2702--2733, 2019.

R. Roman, P. Najera y J. Lopez, "Securing the internet of things," Computer, vol. 44, nº 9, pp. 51--58, 2011.

I. Salas Saenz, "Seguridad en la Internet de las Cosas," Universitat Oberta de Catalunya, 2019.

C. Liu, Y. Zhang, J. Zeng, L. Peng y R. Chen, "Research on Dynamical Security Risk Assessment for the Internet of Things inspired by immunology," in 2012 8th International Conference on Natural Computation, Chongqing, 2012.

S. Gusmeroli, S. Piccione y D. Rotondi, "A capability-based security approach to manage access control in the internet of things," Mathematical and Computer Modelling, vol. 58, nº5-6,pp.1189--1205,2013.Doi: https://doi.org/10.1016/j.mcm.2013.02.006

S. Raza, S. Duquennoy, J. Höglund, U. Roedig y T. Voigt, "Secure communication for the Internet of Things—a comparison of link-layer security and IPsec for 6LoWPAN," Security and Communication Networks, vol. 7, nº 12, pp. 2654--2668, 2014. Doi: 10.1002/sec.406

M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. R. Sadeghi y S. Tarkoma, "Iot sentinel: Automated device-type identification for security enforcement in IoT," in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, 2017.

C. Zenger, M. Pietersz, J. Zimmer, J. F. Posielek, T. Lenze y C. Paar, "Authenticated key establishment for low-resource devices exploiting correlated random channels," Computer Networks, vol. 109, pp. 105--123, 2016.Doi: https://doi.org/10.1016/j.comnet.2016.06.013

D. Miorandi, S. Sicari, F. De Pellegrini y I. Chlamtac, "Internet of things: Vision, applications and research challenges," Ad Hoc Networks,pp.1497-1516,2012.Doi: https://doi.org/10.1016/j.adhoc.2012.02.016

T. Kothmayr, C. Schmitt, W. Hu, M. Brünig y G. Carle, "DTLS based security and two-way authentication for the Internet of Things," Ad Hoc Networks, vol. 11, nº 8, pp. 2710--2723, 2013.Doi: https://doi.org/10.1016/j.adhoc.2013.05.003

M. Henze, L. Hermerschmidt, D. Kerpen, R. Häubling, B. Rumpe y K. Wehrle, "A comprehensive approach to privacy in the cloud-based Internet of Things," Future Generation Computer Systems, vol. 56, pp. 701--718, 2016. Doi: https://doi.org/10.1016/j.future.2015.09.016

D. Dinculeana y X. Cheng, "Vulnerabilities and limitations of MQTT protocol used between IoT devices," Applied Sciences, vol. 9, nº 5, p. 848, 2019. Doi: 10.3390/app9050848

J. M. Kizza, "Guide to computer network security," Springer, 2009.

M. Abomhara y G. M. Køien, "Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks," Journal of Cyber Security and Mobility, vol. 4, nº 1, pp. 65-88,2015.Doi: https://doi.org/10.13052/jcsm2245-1439.414

Q. Jing, A. V. Vasilakos, J. Wan, J. Lu y D. Qiu, "Security of the Internet of Things: perspectives and challenges," Wireless Networks, vol. 20, nº 8, pp. 2481--2501, 2014. Doi: 10.1007 / s11276-014-0761-7

S. Babar, A. Stango, N. Prasad, J. Sen y R. Prasad, "Proposed embedded security framework for internet of things (iot)," in 2011 2nd International Conference on {Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011.

Cómo citar
Gélvez-Rodríguez, L. F., & Santos-Jaimes, L. M. (2020). Internet de las Cosas: una revisión sobre los retos de seguridad y sus contramedidas. Revista Ingenio, 17(1), 36-44. https://doi.org/10.22463/2011642X.2370

Descargas

La descarga de datos todavía no está disponible.
Publicado
2020-01-01
Sección
Artículos de Revisión