Internet of Things: a review of vulnerabilities, threats and countermeasures

Internet de las Cosas: una revisión sobre los retos de seguridad y sus contramedidas

Main Article Content

Luis Fernando Gélvez-Rodríguez
Luz Marina Santos-Jaimes
Abstract

En la última década con el surgimiento del paradigma de Internet de las Cosas y su gran acogida y expansión en diferentes dominios de aplicación, han surgido nuevos retos que dejan ver una gran problemática en lo referente a la gestión de la seguridad de la información, los cuales representan un riesgo importante para las organizaciones y los usuarios finales que ya están implementando este paradigma en sus actividades y procesos. Frente a esta problemática se han venido desarrollando algunos estudios desde diferentes puntos de vista, abarcando varios dominios de aplicación, pero sin presentar aún una visión unificada de cómo afrontar los riesgos asociados a la implementación de tecnologías IoT en las organizaciones. En el presente estudio se ha recopilado diversos trabajos de la última década donde se expone diferentes vulnerabilidades y amenazas que suelen presentarse de forma específica en entornos que implementan Internet de las Cosas, así como diferentes propuestas para gestionar la seguridad de información frente a los retos emergentes.

Downloads

Download data is not yet available.

Article Details

Author Biography (SEE)

Luis Fernando Gélvez-Rodríguez, Universidad de Pamplona, Pamplona - Colombia

Ingeniero de Sistemas con 9 años de experiencia en administración de sistemas, virtualización, servicios en la nube, manejo de base de datos MySQL y PostgreSQL, administración de servidores en Windows y Linux, servicios de Backup, desarrollo de páginas web dinámicas (JSP), gestión de proyectos, ingeniería de software y planeación estratégica, ciencias de la computación, análisis, diseño e implementación de sistemas de información.

He prestado mis servicios para empresas como CENS S.A E.S.P Grupo EPM y EMSITEL S.A.S manejando diferentes servicios de infraestructura tecnológica en clientes corporativos y de gobierno.

References

J. H. Ziegeldorf, O. Garcia y K. Wehrle, "Privacy in the Internet of Things: threats and challenges," Security and Communication Networks, vol. 7, nº 12, pp. 2728-2742, 2014. Recuperado de: https://arxiv.org/ftp/arxiv/papers/1505/1505.07683.pdf DOI: https://doi.org/10.1002/sec.795

L. A. Zabala Jaramillo, "Gestión de la Seguridad en el Internet de las Cosas," Universidad Piloto de Colombia, 2016.

C. Stergiou, K. E. Psannis, B. G. Kim y B. Guptac, "Secure integration of IoT and cloud computing," Future Generation Computer Systems, vol. 78, pp. 964-975, 2018. Doi: 10.1016/j.future.2016.11.031 DOI: https://doi.org/10.1016/j.future.2016.11.031

M. Alcaraz, "Internet de las Cosas," Universidad Católica Nuestra Señora de la Asuncón, pp. 1-27,2014.Recuperado de: http://jeuazarru.com/wpcontent/uploads/2014/10/Internet-of-Things.pdf

F. Aljaafari, L. C. Cordeiro y M. A. Mustafa, "Verifying Software Vulnerabilities in IoT Cryptographic Protocols," arXiv preprint, 2020. Recuperado de: https://arxiv.org/abs/2001.09837

L. Atzori, A. Iera y G. Morabito, "The internet of things: A survey," Computer networks, vol. 54, nº 15, pp. 2787--2805, 2010. Doi: https://doi.org/10.1016/j.comnet.2010.05.010 DOI: https://doi.org/10.1016/j.comnet.2010.05.010

J. S. Kumar y D. R. Patel, "A survey on internet of things: Security and privacy issues," International Journal of Computer Applications, vol. 90, nº 11, pp. 20-26, 2014. Doi: 10.5120 / 15764-4454 DOI: https://doi.org/10.5120/15764-4454

I. Butun, P. Österberg y H. Song, "Security of the Internet of Things: Vulnerabilities, Attacks and Countermeasures," IEEE Communications Surveys & Tutorials, pp. 1-24, 2019. DOI: https://doi.org/10.1109/COMST.2019.2953364

J. Gubbi, R. Buyya, S. Marusic y M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions," Future generation computer systems, vol. 29, nº 7, pp. 1645-1660, 2013. Doi: https://doi.org/10.1016/j.future.2013.01.010 DOI: https://doi.org/10.1016/j.future.2013.01.010

A. R. Sfar, E. Natalizio, Y. Challal y Z. Chtourou, "A roadmap for security challenges in the Internet of Things," Digital Communications and Networks, vol. 4, nº 2, pp. 118-137, 2018. Doi: https://doi.org/10.1016/j.dcan.2017.04.003 DOI: https://doi.org/10.1016/j.dcan.2017.04.003

Y. G. Gonzalez Larin, "El Internet de las Cosas y sus riesgos para la privacidad," Universidad Piloto de Colombia, pp. 1-10,2017. Recuperado de: http://polux.unipiloto.edu.co:8080/00003525.pdf

K. Chen, S. Zhang, Z. Li, Y. Zhang, Q. Deng, S. Ray y Y. Jin, "Internet-of-Things Security and Vulnerabilities: Taxonomy, Challenges, and Practice," Journal of Hardware and Systems Security, pp. 1--14, 2018. Recuperado de: https://link.springer.com/article/10.1007/s41635-017-0029-7

H. Ning y H. Liu, "Cyberentity Security in the Internet of Things," Computer, vol. 46, nº 4, pp. 46-53, 2013. Doi: 10.1109/MC.2013.74 DOI: https://doi.org/10.1109/MC.2013.74

A. Tejero, "Metodología de Análisis de Riesgos para la mejora de la seguridad de Internet de las cosas," Universidad Politécnica de Madrid, Madrid,pp.1-36,2017.Doi: 10.13140/RG.2.2.16026.24005

J. A. Molina Garcia, "La Importancia de la Gestion de Riesgos y Seguridad en el Internet de las Cosas," Universidad de Piloto de Colombia, Bogotá,pp. 1-12, 2019.

CORDIS, "Project Final Report: Internet of Things Architecture," 2013.

M. Farooq, M. Waseem, A. Khairi y S. Mazhar, "A Critical Analysis on the Security Concerns of Internet of Things (IoT)," International Journal of Computer Applications, vol. 111, nº 7, 2015. DOI: https://doi.org/10.5120/19547-1280

H. Suo, J. Wan, C. Zou y J. Liu, "Security in the Internet of Things: A Review," IEEE, vol. 3, pp. 648-651,2012.Recuperado de: https://ieeexplore.ieee.org/document/6188257

R. Khan, S. U. Khan, R. Zaheer y S. Khan, "Future internet: the internet of things architecture, possible applications and key challenges," in 2012 10th International Conference on Frontiers of Information Technology (FIT), 2012. DOI: https://doi.org/10.1109/FIT.2012.53

S. Alam, M. M. R. Chowdhury y J. Noll, "Interoperability of security-enabled internet of things," Wireless Personal Communications, vol. 61, nº 3, pp. 567--586, 2011. Doi: 10.1007/s11277-011-0384-6 DOI: https://doi.org/10.1007/s11277-011-0384-6

L. Zhou y H.-C. Chao, "Multimedia traffic security architecture for the internet of things," IEEE Network, vol. 25, nº 3, 2011. DOI: https://doi.org/10.1109/MNET.2011.5772059

P. P. Jayaraman, X. Yangb, A. Yavari y D. Georgakopoulos, "Privacy preserving Internet of Things: From privacy techniques to a blueprint architecture and efficient implementation," Future Generation Computer Systems, vol. 76, pp.540-549,2017.Doi: https://doi.org/10.1016/j.future.2017.03.001 DOI: https://doi.org/10.1016/j.future.2017.03.001

N. Madaan, M. A. Ahad y S. M. Sastry, "Data integration in IoT ecosystem: Information linkage as a privacy threat," Computer law & security review, vol. 34, nº 1, pp. 125-133, 2018. DOI: https://doi.org/10.1016/j.clsr.2017.06.007

J. L. Hernandez Ramos, Desarrollo de un Framework de Seguridad y Privacidad, Murcia: Universidad de Murcia, 2016.

S. Sicari, A. Rizzardi, L. Grieco y A. Coen-Porisini, "Security, privacy and trust in Internet of Things: The road ahead," Computer networks, vol.76,pp.146--164,2015.Doi: https://doi.org/10.1016/j.comnet.2014.11.008 DOI: https://doi.org/10.1016/j.comnet.2014.11.008

I. Andrea, C. Chrysostomou y G. Hadjichristofi, "Internet of Things: Security vulnerabilities and challenges," in 2015 IEEE Symposium on Computers and Communication, Larnaca, 2015. DOI: https://doi.org/10.1109/ISCC.2015.7405513

F. Hoffman, "Industrial internet of things vulnerabilities and threats: what stakeholders need to consider," Issues in Information Systems, vol. 20, nº 1, 2019.

L. Malina, J. Hajny, R. Fujdiak y J. Hosek, "On perspective of security and privacy-preserving solutions in the internet of things," Computer Networks, vol. 102, pp. 83-95, 2016.Doi: ttps://doi.org/10.1016/j.comnet.2016.03.011 DOI: https://doi.org/10.1016/j.comnet.2016.03.011

T. Alladi, V. Chamola, B. Sikda y K.-K. R. Choo, "Consumer IoT: Security Vulnerability Case Studies and Solutions," IEEE Consumer Electronics Magazine, pp. 17-25, 2020.Doi: 10.1109/MCE.2019.2953740 DOI: https://doi.org/10.1109/MCE.2019.2953740

K. V. English, I. Obaidat y M. Sridhar, "Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices," de 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Portland, 2019. DOI: https://doi.org/10.1109/DSN.2019.00036

R. Antrobus, B. Green, S. Frey y A. Rashid, "The forgotten i in iiot: a vulnerability scanner for industrial internet of things," 2019. Recuperado de: https://ieeexplore.ieee.org/document/9037990 DOI: https://doi.org/10.1049/cp.2019.0126

B. Khoo, "RFID as an Enabler of the Internet of Things: Issues of Security and Privacy," in Internet of Things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, New York, 2011. DOI: https://doi.org/10.1109/iThings/CPSCom.2011.83

G. HANCKE, K. MARKANTONAKIS y K. MAYES, "Security Challenges for User-Oriented RFID Applications within the "Internet of Things"," Internet Technology Journal, vol. 11, nº 3, pp. 307-313, Mayo 2010.

J. Granjal, E. Monteiro y J. S. Silva, "Security for the internet of things: a survey of existing protocols and open research issues," IEEE Communications Surveys & Tutorials, vol. 17, nº 3, pp. 1294--1312, 2015. Recuperado de: https://ieeexplore.ieee.org/document/7005393 DOI: https://doi.org/10.1109/COMST.2015.2388550

M. Ingham, J. Marchang y D. Bhowmik, "IoT Security Vulnerabilities and Predictive Signal Jamming Attack Analysis in LoRaWAN," IET Information Security,2020.Recuperado de: 10.1049/iet-ifs.2019.0447 DOI: https://doi.org/10.1049/iet-ifs.2019.0447

P. C. Evans y M. Annunziata, "Industrial internet: Pushing the boundaries of minds and machines," General Electric Reports, pp. 488-508, 2012.

H. Boyes, B. Hallaq, J. Cunningham y T. Watson, "The industrial internet of things (IIoT): An analysis framework," Computers in Industry, vol.101,pp.1-12,2018.Doi: https://doi.org/10.1016/j.compind.2018.04.015 DOI: https://doi.org/10.1016/j.compind.2018.04.015

J. Men, G. Xu, Z. Han, Z. Sun, X. Zhou, W. Lian y X. Cheng, "Finding sands in the eyes: vulnerabilities discovery in IoT with EUFuzzer on human machine interface," IEEE Access, vol. 7, pp. 103751--103759, 2019. DOI: https://doi.org/10.1109/ACCESS.2019.2931061

M. Zolanvari, M. A. Teixeira, L. Gupta, . K. M. Khan y R. Jain, "Machine Learning-Based Network Vulnerability Analysis of Industrial Internet of Things," IEEE Internet of Things Journal, vol. 6, nº 4, pp. 6822--6834, 2019. DOI: https://doi.org/10.1109/JIOT.2019.2912022

K. Angrishi, "Urning internet of things (iot) into internet of vulnerabilities (iov): Iot botnets," arXiv preprint, 2017.

D. Wang, X. Zhang, T. Chen y J. Li, "Discovering Vulnerabilities in COTS IoT Devices through Blackbox Fuzzing Web Management Interface," Security and Communication Networks,2019.Doi: https://doi.org/10.1155/2019/5076324 DOI: https://doi.org/10.1155/2019/5076324

L. Costa, J. P. Barros y M. Tavares, "Vulnerabilities in IoT Devices for Smart Home Environment," in 5th International Conference on Information Systems Security e Privacy, ICISSP 2019, Praga, 2019. DOI: https://doi.org/10.5220/0007583306150622

N. Apthorpe, D. Reisman y N. Feamster, "A smart home is no castle: Privacy vulnerabilities of encrypted iot traffic," arXiv preprint, 2017.

N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum y N. Ghani, "Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations," IEEE Communications Surveys & Tutorials, vol. 21, nº 3, pp. 2702--2733, 2019. DOI: https://doi.org/10.1109/COMST.2019.2910750

R. Roman, P. Najera y J. Lopez, "Securing the internet of things," Computer, vol. 44, nº 9, pp. 51--58, 2011. DOI: https://doi.org/10.1109/MC.2011.291

I. Salas Saenz, "Seguridad en la Internet de las Cosas," Universitat Oberta de Catalunya, 2019.

C. Liu, Y. Zhang, J. Zeng, L. Peng y R. Chen, "Research on Dynamical Security Risk Assessment for the Internet of Things inspired by immunology," in 2012 8th International Conference on Natural Computation, Chongqing, 2012. DOI: https://doi.org/10.1109/ICNC.2012.6234533

S. Gusmeroli, S. Piccione y D. Rotondi, "A capability-based security approach to manage access control in the internet of things," Mathematical and Computer Modelling, vol. 58, nº5-6,pp.1189--1205,2013.Doi: https://doi.org/10.1016/j.mcm.2013.02.006 DOI: https://doi.org/10.1016/j.mcm.2013.02.006

S. Raza, S. Duquennoy, J. Höglund, U. Roedig y T. Voigt, "Secure communication for the Internet of Things—a comparison of link-layer security and IPsec for 6LoWPAN," Security and Communication Networks, vol. 7, nº 12, pp. 2654--2668, 2014. Doi: 10.1002/sec.406 DOI: https://doi.org/10.1002/sec.406

M. Miettinen, S. Marchal, I. Hafeez, N. Asokan, A. R. Sadeghi y S. Tarkoma, "Iot sentinel: Automated device-type identification for security enforcement in IoT," in 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS), Atlanta, 2017. DOI: https://doi.org/10.1109/ICDCS.2017.283

C. Zenger, M. Pietersz, J. Zimmer, J. F. Posielek, T. Lenze y C. Paar, "Authenticated key establishment for low-resource devices exploiting correlated random channels," Computer Networks, vol. 109, pp. 105--123, 2016.Doi: https://doi.org/10.1016/j.comnet.2016.06.013 DOI: https://doi.org/10.1016/j.comnet.2016.06.013

D. Miorandi, S. Sicari, F. De Pellegrini y I. Chlamtac, "Internet of things: Vision, applications and research challenges," Ad Hoc Networks,pp.1497-1516,2012.Doi: https://doi.org/10.1016/j.adhoc.2012.02.016 DOI: https://doi.org/10.1016/j.adhoc.2012.02.016

T. Kothmayr, C. Schmitt, W. Hu, M. Brünig y G. Carle, "DTLS based security and two-way authentication for the Internet of Things," Ad Hoc Networks, vol. 11, nº 8, pp. 2710--2723, 2013.Doi: https://doi.org/10.1016/j.adhoc.2013.05.003 DOI: https://doi.org/10.1016/j.adhoc.2013.05.003

M. Henze, L. Hermerschmidt, D. Kerpen, R. Häubling, B. Rumpe y K. Wehrle, "A comprehensive approach to privacy in the cloud-based Internet of Things," Future Generation Computer Systems, vol. 56, pp. 701--718, 2016. Doi: https://doi.org/10.1016/j.future.2015.09.016 DOI: https://doi.org/10.1016/j.future.2015.09.016

D. Dinculeana y X. Cheng, "Vulnerabilities and limitations of MQTT protocol used between IoT devices," Applied Sciences, vol. 9, nº 5, p. 848, 2019. Doi: 10.3390/app9050848 DOI: https://doi.org/10.3390/app9050848

J. M. Kizza, "Guide to computer network security," Springer, 2009. DOI: https://doi.org/10.1007/978-1-84800-917-2

M. Abomhara y G. M. Køien, "Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks," Journal of Cyber Security and Mobility, vol. 4, nº 1, pp. 65-88,2015.Doi: https://doi.org/10.13052/jcsm2245-1439.414 DOI: https://doi.org/10.13052/jcsm2245-1439.414

Q. Jing, A. V. Vasilakos, J. Wan, J. Lu y D. Qiu, "Security of the Internet of Things: perspectives and challenges," Wireless Networks, vol. 20, nº 8, pp. 2481--2501, 2014. Doi: 10.1007 / s11276-014-0761-7 DOI: https://doi.org/10.1007/s11276-014-0761-7

S. Babar, A. Stango, N. Prasad, J. Sen y R. Prasad, "Proposed embedded security framework for internet of things (iot)," in 2011 2nd International Conference on {Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE), 2011. DOI: https://doi.org/10.1109/WIRELESSVITAE.2011.5940923

Most read articles by the same author(s)

OJS System - Metabiblioteca |