Internet of Things (IoT) is revolutionizing numerous domains, including healthcare, transportation, smart homes, banking, and finance. IoT devices are designed to generate, process, and transmit data on a massive scale, making them an attractive target for cyber-attacks. Because the systems have been widely adopted, privacy and data breaches have become a significant concern for most businesses. Cyber-attacks or data breaches may interrupt network services, the normal flow of business activities and might even harm or disrupt people’s lives. Professionals must address these threats and develop security measures to ensure business continuity, foster trust, and protect business or people’s assets.
Typically, IoT systems have three architecture layers, with each layer presenting its security challenges. The systems’ security can be strengthened by enforcing security principles at each layer (Mahmoud et al., 2015). Encryption, authentication, and access control measures can minimize attacks, resolve confidentiality issues, and promote trust between devices. A mutual authentication scheme combines feature extraction and hash functions to authenticate communication when the IoT platform sends data to a terminal node, ensuring that communication is done between trusted servers. Authentication can also be done at sensor nodes through the cipher method, generating random coordinates that create encryption keys. It is difficult for hackers to access or read encrypted data.
Since IoT operates through communication from one device to another, trust between owners is essential. Access control promotes trust by enabling mutual identification between devices – trusted devices can recognize one another through special keys and timestamps. Each trusted device is assigned a key by the system, while the device’s owner can allocate it a token (a password). The token is combined with the RFID on the IoT device, allowing the system to identify other systems with similar keys. If the IoT device is operated in a different department, the system can change permissions if the owner assigns it, reducing owner overhead.
A federated architecture can also enhance security by overcoming the security risk posed by the heterogeneity of IoT devices and protocols. There are different IoT systems, each with its policies, design, and algorithm, making it difficult to control security. Federated architecture has a centralized unit that overcomes this heterogeneity, enhancing security. Another similar technique is the Secure Mediation GateWay (SMGW) that operates by discovering critical infrastructure information, overcoming the information’s heterogeneity, and securing communication between the IoT systems (Adamsky et al., 2018). SMGW can discover distributed information from any node, whether electrical, telecommunication, water distribution node, etc. Once the SMGW discovers the information, they are transmitted to a dedicated prediction tool that calculates the risk prediction for each system.
Quantum computing is an emerging security risk issue, but at the same time, it presents an opportunity for preventing security breaches. According to Routray et al. (2017), there is no solution as effective as quantum cryptography that can resolve future security risks. Quantum computers have an immense processing power that can break IoT algorithms easily. Thus, Routray et al. (2017) proposed quantum cryptography as the only viable solution to the risk posed by quantum computers. Tawalbeh et al. (2020) point out other essential security measures such as constant research on emerging threats, increasing the frequency of software updates, risk assessment through device monitoring tools, and increasing users’ awareness of security risks.
The expansion of the IoT market increases cybersecurity and privacy concerns. Possible solutions to data security and privacy issues include authentication, federated architecture, access control, SMGW model, and cryptography. Authentication promotes security in various IoT architecture layers. Furthermore, access control enables trust between devices, while federated architecture and the SMGW model resolve security risks posed by the system’s heterogeneity. Cryptography is a promising solution to the future threat posed by quantum computers.
References
Adamsky, F., Aubigny, M., Battisti, F., Carli, M., Cimorelli, F., Cruz, T., Di Giorgio, A., Foglietta, C., Galli, A., Giuseppi, A., Liberati, F., Neri, A., Panzieri, S., Pascucci, F., Proenca, J., Pucci, P., Rosa, L., & Soua, R. (2018). Integrated protection of industrial control systems from cyber-attacks: The ATENA approach.International Journal of Critical Infrastructure Protection, 21, 72–82. Web.
Mahmoud, R., Yousuf, T., Aloul, F., & Zualkernan, I. (2015). Internet of things (IoT) security: Current status, challenges and prospective measures.2015 10th International Conference for Internet Technology and Secured Transactions (ICITST) (pp. 1 – 15). IEEE. Web.
Tawalbeh, L., Muheidat, F., Tawalbeh, M., & Quwaider, M. (2020). IoT privacy and security: Challenges and solutions.Applied Sciences, 10(12), 4102. Web.
Routray, S. K., Jha, M. K., Sharma, L., Nyamangoudar, R., Javali, A., & Sarkar, S. (2017). Quantum cryptography for IoT: A perspective. 2017 International Conference on IoT and Application (ICIOT) (pp. 1- 22). IEEE. Web.