Perception layer attacks can be defined as actions that effectively lead to a denial of service of either transiting or receiving capabilities. The perception layer is constructed from physical objects such as sensors, nodes, devices, or actuators. An attack targeting the perception layer affects a physical object within the IoT structure. This can be achieved through a number of approaches, such as bypassing protocols or emitting radio signals that scramble regular operations. The most common types of perception layer attacks are usually botnets, sleep deprivation attacks, node tampering and jamming, and eavesdropping.
Botnets are usually a product of four major elements that impact the process of the disruption. First, a malware bot is able to infect a device or network. In such a situation, the bot focuses on two priority tasks which include the infection of misconfigured devices. It proceeds to attack a targeted server once a command is received from a botmaster, usually an individual controlling the bot. Second, a centralized management system begins monitoring the botnet’s ongoing condition and coordinating the attack through a Command and Control center. Third, the loader initiates the spread of executables that focus on a number of platforms, including but not limited to Acorn RISC Machine, x86, and MIPS. Fourth, a report server can be created to oversee a list of devices affected by the botnet.
A sleep deprivation attack focuses on battery-powered sensor nodes within devices. It is common for battery-powered devices to include and heed a sleep routine in order to extend a battery’s lifetime. However, a sleep deprivation attack targets the nodes and forces a device to stay awake for prolonged periods of time. This results in extended battery power consumption and the eventual shutting down of the nodes and the affected device.
Node tampering attacks refer to a process in which entire nodes or aspects of a node’s hardware are replaced physically. Nodes can be tampered with electronically in order to acquire routing tables and cryptographic keys through the interrogation and manipulation of sensitive information. On the other hand, node jamming attacks refer to incidents in which attackers employ radio frequencies on wireless sensor nodes. This causes signals to be jammed and communication to be delayed. As a result of jamming key sensor nodes, IoT services have the potential to be denied. Eavesdropping attacks include operations that threaten the confidentiality of a message. Essentially, such attacks would include an attacker overhearing information that has been exchanged on a private communication channel. A device that is especially susceptible to such an attack is radio frequency identification.
The network layer consists of a variety of network components, such as bridges, routers, and other networking devices. As such, a network layer attack is a process that aims to disrupt these network components within the IoT space. While a number of approaches exist, the ones discussed in this paper will include man0in-the-middle, spoofing, DOS/DDoS, and routing attacks. Man-in-the-middle, or MIM, attacks describe cases in which an attacker has gained total control over a communication channel that is occurring between two legitimate entities. In such a breach, an attacker is not only capable of reading messages but also has the ability to modify, erase, and insert messages within the affected communication channel. Some specific forms of these attacks include address resolution protocol cache poisoning, DNS spoofing, and session hijacking. DNS spoofing, in particular, refers to the use of DNS maps that create symbolic names to IP addresses for an attack. Such an attack is able to store malicious mapping information between IP addresses and symbolic names. As a result, a DNS server may be compromised by an attacker through forging responses within a recursive DNS queue.
A distributed or regular denial of service, DoS or DDoS for short, defines a malicious attack that focuses on the consumption of resources or bandwidths of legitimate and genuine users. The DDoS is a variant of the DoS but includes a number of several compromised nodes. Some specific variations of these attacks include a user datagram protocol flood which formulates UDP datagrams through bots in order to congest a network. Similarly, an internet control message protocol flood employs a ping flood that causes a host’s ingoing and outgoing communication resources to be consumed.
Routing attacks include the launch of routing-oriented operations on nodes, possibly with the intent to later perform DoS attacks. A Sybil attack defines a situation in which a malicious node disrupts the routing system and gains access to information that was obstructed by the node. It can be orchestrated through the creation of multiple false identities that acts as a peer-to-peer network. A sinkhole attack compromises a node that can draw traffic from certain specified areas, making it look promising to other nodes according to the routing metric. This malicious node can then attract traffic away from a base station which allows an attacker further possibility to disrupt or attack the system.
An application layer is defined by the software or application itself, such as smart homes, smart city, and smart grid systems. As such, an attack on an application layer relates to security breaches of applications within the IoT structure. Prominent attacks on application layers include malware, phishing attacks, and code injection attacks. Malware includes attacks that employ executable codes released by attackers in order to disrupt devices and networks. They can enable attackers to gain unsanctioned and illegal access to sensitive information, which may even be stolen. Within IoT structures, attackers may exploit firmware flaws that can lead to disruptions of an entire IoT architecture.
Phishing attacks aim to extract and obtain sensitive information, which can include passwords, usernames, and other relevant data, by appearing as an entity that is trustworthy. Once the information is gathered, it can be utilized by cybercriminals to harm either the affected users or an entire system. Spear phishing refers to attacks of this nature that target selected individuals or organizations, which requires attackers to gain certain knowledge prior to appearing as a trustworthy entity. Clone phishing is a process in which an earlier legitimate email is copied but with malicious elements, such as a link to the attacker’s website. Whaling is similar to spear phishing but targets corporate executives or government officials.
A code injection attack is defined as a process that aims to deposit malicious executable code within the address space of a victim’s procedure and then authorize control over this code. A structured query language, or SQL injection, benefits from insufficient validation of data flow between users and a database. A script injection refers to a malicious script being injected into a website in order to leak sensitive information. A shell injection provides malicious commands within a system in order to perform harmful activities.