Security Issues & Threats in IoT Infrastructure

— IoT (Internet of Things) expands the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level.IoT today has a wide scope and researches say that IoT will definitely be a huge reason in the change of human lifestyle. But irrespective of the scope of IoT, we cannot be sure enough to implement it due to the security concerns. There is a genuine need to secure IoT, which has therefore resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper discusses about the flaws in the security structure of IoT, it is a study about the various layers of IoT and how differentattacks are possible in those layers.


INTRODUCTION
Internet can be defined as a bunch of connected items, network technologies, sensing and gateway devices, endpoints, data analysis systems/approaches, protocols and standards including the Internet Protocol (IP). Internet of Things can be defined as the Interconnectivity of devices which are physical. The Internet of Things enables a smarter bridging of digital, physical and human spheres by adding data capture and communication capacities to objects in a secure way to a networked environment. Internets of Things allow objects to be interconnected and are controlled on remote using networking.According to Gartner "The Internet of Things (IoT) is the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment". The IoT is comprised of the three core components: A collection of smart, connected products, product systems, and other Things connected through an Internet-like communication infrastructure to a computing infrastructure that are creating new forms of value. Data from the product condition, operation, and environment are delivered in realtime enabling capabilities to control, service, and upgrade the product and system performance. For manufacturers (i.e., those in the Things business), these innovations not only have the potential to generate incredible amounts of new value, but also to disrupt the status quo. We live in a smart, connected world. The number of things connected to the Internet now exceeds the total number of humans on the planet, and we're accelerating to as many as 50 billion connected devices soon. The rise of the IoT has been driven by the convergence of market forces and parallel innovation of enabling technologies. Products have evolved from purely physical components to complex systems combining processors, sensors, software, and digital user interfaces that are now connected to the Internet and each other. As their definition has evolved, product capabilities have multiplied, creating new forms of value and even doing things well beyond their primary function. The impact is a fundamental transformation of how manufacturers create and exchange value with customers. This transformation is shifting the sources of value and differentiation to software, the cloud, and service, and spawning entirely new business models. To capture this great wave of value creation opportunity, manufacturers have an urgent need to rethink nearly everythingfrom how products are created, sold, operated, and serviced. IoT incorporates everything in itself such as body sensor or cloud computing [2]. No matter its parking your vehicle, or it's a detail of a patient, or your wrist watch that reminds you to take your medicine, or a device that track you activity around [3]. We are today living in the ocean of IoT where every physical device is interrelated. The key element in IoT is the sensors.
 Smart technologies: The smart Technologies develop some of the processing capabilities and then it can also modify the capacity of networks.  Nano technologies: Nano technologies are the smallest unit that can be used to interconnect the things using IoT.

Fig.1: Five phases of IoT
Phase 1: Data collection, acquisition, perception Firstly, we assemble and retrieve various kind of Information from things or devices. After this some of the important factors are examined and is preceded by the collection of data. The things that can be used in the data collection can be a static body or it can also be a dynamic vehicle. Phase 2: Storage All the data that has been collected in phase 1 is allocated to the memory locations and as we know that generally all the components of IoT are stored in small memories and usesthe cloud computing. Due to the low memory all kinds of data storage in the stateless devices is done in the form of cloud. Phase 3: Intelligent processing. The data stored in the cloud is analyzed and is provided with the intelligent processing for real time. And then IoT becomes capable of controlling things Phase 4: Data Transmission. We can say that data transmission is a part in all of the above phases;Data is transmitted from various kinds of sensors, and the different RFID tags or chips to the DCs. And then the data is transmitted from DCs to the processing unit.From processors the data is transmitted to the controllers and the end users. Phase 5: Delivery. All the delivery of information and data from the processors, processors to controllers and end user is completed in the delivery phase.

II. THREATS & ATTACKS IN IoT
Cyber threats could be launched against any IoT assets and facilities, potentially causing damage or disabling system operation, endangering the general populace or causing severe economic damage to owners and users [9,10]. Examples include attacks on home automation systems and taking control of heating systems, air conditioning, lighting and physical security systems. The information collected from sensors embedded in heating or lighting systems could inform the intruder when somebody is at home or out. Among other things, cyber-attacks could be launched against any public infrastructure like utility systems (power systems or water treatment plants) [11] to stop water or electricity supply to inhabitants. Security and privacy issues are a growing concern for users and suppliers in their shift towards the IoT [12]. Data Integrity, Data vulnerability & Data confidentiality must be kept in mind when we study anything related to the security issues of internet. A Threat can be defined as a possible danger that might exploit a vulnerability to beach security & therefore cause problem. Thus we can say that due to the evolution of threats security needs to be increased and steps must be taken to prevent various threats & attacks [1]. The attacks can be classified into three parts 2.

Fig.2: IoT layers
The possible threats that can be in these layers are.- External attack:These external terrifying attacks come from experienced & trained hackers. These external hackers can find vulnerable network or socially manipulate insiders to get past outer network defenses.  Wormhole attack: In the wormhole attack the intruder does not capture the data, instead the intruder forwards this data in another node and then he retransmits the data from that node [8].  Selective forwarding attacks: In this attack the intruder chooses some selective packets and drop them: i.e. , they select some packets and allow the rest.  Sinkhole attack: In Sinkhole attack, for long durations the sensors are not attended. Therefore the intruder attacks the information and post attacks like selective forward, fabrication, & modification.  Sewage Pool attack: In this malicious user select a particulars region and now the intruder changes the selected base station node so that the selective attacks becomes less successful.  Hello flood attack: In this a Hello message will be introduce to all the neighbor of the reachable area at a certain frequency level. And then, this malicious node converts itself into a neighbor for all the selected nodes of that region and starts to broadcast. And hence a flooding attack cause unavailability of the records by sending huge number of unwanted messages.  Addressing All Things in Iot: In this the malicious users implements the malicious machine to attack the virtual machine of the user. Using this, a person can hack all the confidential data and use the data for malicious purpose.

International Journal of Advanced Engineering, Management and Science (IJAEMS)
[ There are various kinds of Spoof attack  Hiding attack  Refraction attack  Impersonation attack  GoodPut: GoodPut is the rate at which the data can be transferred from one node to another. We can also say that GoodPut is the ratio between the total data we are receiving and the delivery time.  Data Center (DC's) : A DC can be said to be a centralized for storage purpose as well an management purpose. A DC can be used in house computer system as well as in large storage system.

Attacks based on Component
As we know that IOT connects everything from the internet. Data can not only be attended, theft loss, breach or disaster data can also be modified by some compromised sensors. Due to this reason it is mandatory for the end user to verify the received information.

III. SECURITY ISSUES & PRIVACY CONCERN
As we discussed from the threats we know that with the vast use of IOT in our day to day environment, we need to find measures for security so that we could own an IOT network that will be effective and the one that could manage security risk. There is immense potential in IOT but it all becomes flamed when we see it from the security point of view, There are some most common security issues that flaws the entire IOT systems.

Security issues in the wireless sensor networks-
As we study about the attack on network availability we learn that the DOS attack can affect all five layers which are physical layer, link layer, network layer, transport layer & application layer [6].

The DOS attacks the physical layer by-
1. Jamming-In this the intruder creates a jam between the communicating nodes and thus prevent nodes from communication.

Node
Tampering -Tampering the node physically so that some sensitive information may be tampered.

DOS (denial of service) attack at the link Layer
The data link layer in WSN multiplexes the data stream; it detects the data frame and checks the error control. The denial of service attack in link layer are-1) Collision-When two data nodes transfer packets of data at equal frequency and at the same time then this type of DOS attack ,i.e. collision can be initiated . Due to the collision attack small amount of data changes that result in the mismatch of result in the end node. Due to which the whole set of data needs to be re-transmitted. 2) Unfairness-In unfairness, the collision attack is repeated again and again and the data needs to be transmitted for every collision attack. 3) Battery Exhaustion-It is similar to jamming but battery Exhaustion attack creates high traffic due to which end nodes become incapable of communicating to one-another. This occurs when there are large numbers of requests in the system.

DOS attack on the network layer
The main and the most important usage of network layer are routing. The main DOS attack that takes place in the network layer are-1) Spoofing-In spoofing the intruder gains an unauthorized access, i.e., the confidential information is at a risk of leakage. The main reason to spoofing can be to gain vulnerability to someone else's confidential data 2) Hello flood attack-In Hello flood attack, as we have already discussed, a large amount of messages are sent that are useless, but these messages occupy the resources due to which two or more nodes are unable to communicate and hence the traffic or a Jam is created in the system. 3) Hamming-In this kind of network attack traffic is created of cluster heads these cluster heads have a capability to shut down the whole system and thus the entire network. 4) Selective Forwarding-In this type of a DOS attack only few selected nodes are send rather than all the nodes. And the criteria of selection of node are done as per the requirement of attacker so that this

DOS attack on the transport layer
In this a reliable data transmission comes into action i.e. all the congestion is avoided and all the high traffic jams and floods are prevented [5].
The main DOS attacks on the transport layer are:-1) Flooding: In this DOS attack a huge amount of unnecessary message are sent so that the attackers can successfully create congestion. 2) De Synchronization: In this DOS attack, a fake message is created either at one or both nodes of the system so that the retransmission can be requested for the correction of an error that not even exists. Due to which energy is lost at both ends and the attacker can be successful in his malicious motive.

DOS attack on the application layer
In this the traffic management is monitored. This layer also provides the software for application that translates data into different forms and sends queries. In application layer a path is based, denial of service attack is initiated so that the sensor node can create heavy traffic and congestion is created.

IV.
CONCLUSION AND FUTURE DIRECTIONS It is a challenge to secure IoT network. IoT networks have to worry about sophisticated attackers from both nation-states and competitors, and the misuse from employees, and vendors. As IoT uses network architecture which is similar to traditional network architecture for communication among different devices, flaws of traditional network architecture is also inherited in it. With the development of IoT, many kinds of attacks also have been invented to breach the security of IoT devices. This paper discusses about the possible threats and attacks which can arise from the application of IoT. This paper will be of much use for researchers in the field of securities; it will helpto identify the major problems in IoT security and will provide better knowledge of the threats, increase in the ethical issue, theft, and misuse of information and privacy issues.