A Primer on IoT Security Risks
The security requirements of an Internet of Things (IoT) system are complex. They extend past the traditional information security requirements of confidentiality, integrity and availability. They also need to address authentication, authorization, freshness of data, nonrepudiation, and forward and backward secrecy.
Taking Stock of Today’s IoT Security Risks
With these security requirements in mind, let’s take a look at some key IoT security risks. IoT architecture is not yet standardized and various vendors have their own architectures. In general, however, an IoT architecture contains at least the following three layers: a sensor layer, a network layer and an application layer. Attacks can be broadly categorized as physical, network, software or encryption attacks.
Physical attacks target the hardware of an IoT system and include breaches at the sensor layer. They typically require physical proximity to the system but can also involve actions that limit the efficacy of IoT hardware.
Attackers can tamper with nodes to gain control over sensor nodes or devices in an IoT environment and use that control to extract materials, data and code. With malicious node injection, attackers can physically deploy malicious nodes between legitimate nodes in an IoT network. Also known as a man-in-the-middle (MitM) attack, the malicious nodes can then control operations and the data flowing between linked nodes.
Injecting malicious code enables attackers to access IoT systems, for example by plugging a USB key into a device on the network. An attacker can compromise a node by physically injecting it with malicious code that would grant access to the IoT system.
Attackers can physically damage IoT devices to disrupt the availability of service. Also at risk are areas controlled by IoT systems or facilities that host them, such as data centers. Cybercriminals could also conduct distributed denial-of-service (DDoS) attacks through signal interference on radio-frequency identification (RFID) systems and radio frequency interference on wireless sensor networks.
Using social engineering, attackers can control users of an IoT system to serve their own ends. They can also launch sleep deprivation attacks, which target the vulnerability of battery drainage in devices and sensors in an IoT system. Most devices have a sleep mode to extend battery life, but sleep deprivation attacks maximize the power consumption of nodes to ultimately shut them down.
Network attacks target the IoT system network layer and can be conducted remotely. DDoS attacks are perhaps the most widely known network IoT security risk. Typically, they involve overflowing network devices with more requests than they can handle, thus preventing the server from answering legitimate requests. Using sniffing applications, attackers can perform traffic analysis to infer information based on communication patterns between devices in an IoT network. Even encrypted information can be deduced from this data without decryption.
Spoofing, Cloning and Unauthorized Access
RFID attacks include spoofing, cloning and unauthorized access. RFID spoofing is when an attacker impersonates an RFID signal to read and record transmitted data. Cloning occurs when the attacker copies data from a legitimate tag to gain access to an IoT network. Fraudsters can often gain unauthorized access to RFID tags due to poor authentication that enables them to read, change and delete data.
Attackers spoof RFID signals to read and record a data transmission from an RFID tag. In addition, attackers can used the spoofed RFID tag, then send their own data containing the original tag ID. In this way, an attack can gain full access to the system by pretending to be the original source.
An attacker can lure all traffic from wireless sensor network (WSN) nodes to create a metaphorical sinkhole. This type of attack breaches the confidentiality of the data and also denies service to the network by dropping all the packets instead of forwarding them to the desired destination.
In a sinkhole attack, attackers use compromised or malicious nodes to attract packets from neighboring nodes. They can then selectively forward, alter or drop traffic, leading to data confidentiality issues, or deny service to the network.
Cybercriminals can also launch MitM attacks using the network communication protocols. In real time, attackers can interfere in communications between two nodes by posing as a legitimate node. This enables the malicious actor to monitor, eavesdrop on and control communications between the two legitimate nodes.
Attackers might target the routing protocol in IoT networks to alter the traffic flow through a compromised node, reconfigure the network topology, create routing loops, generate false errors or modify source routes. In a Sybil attack, for example, fraudsters create fake node identities or mimic legitimate ones. These are then used to generate false and malicious information to compromise an IoT system.
The biggest IoT security risks involve software. Software attacks can exploit entire systems, steal information, alter data, deny service and compromise or damage devices.
In a phishing attack, for example, fraudsters gain access by impersonating a legitimate entity to trick users into providing access or credentials. Attackers also use malware, such as viruses, worms and Trojans, to damage or delete data, steal information, monitor users and disrupt key system functions. Meanwhile, malicious ActiveX scripts can target users with access to the network gateway to shut down the IoT system entirely.
Attackers can also target software at the application layer to execute DDoS attacks. In addition to shutting down access to legitimate users, application layer attacks expose databases and sensitive data.
IoT security risks also include attacks that target encryption schemes. Instead of targeting the cryptographic algorithms themselves, side-channel attacks target the implementation of those algorithms. Attackers can infer the encryption key by analyzing physical measurements during computation and the internal state of the physical device during processing.
Cryptanalysis attacks attempt to deduce encryption keys by searching for weaknesses in the cryptographic algorithm. Depending on the information available to the attacker, cryptanalysis attacks can take following forms: ciphertext-only, chosen-plaintext, adaptive-chosen-plaintext, chosen-ciphertext and adaptive-chosen-ciphertext.
Encryption schemes are also vulnerable to MitM attacks in which a malicious actor intercepts communication between two users and decrypts data using keys shared with both of them. As in other MitM attacks, users continue assume they are communicating only with each other.
Potential attacks on IoT systems are many and varied. In a future post, we will look at some measures and strategies IT managers can implement to mitigate risks and ensure the security and resilience of their IoT environments.