Hardware is usually limited in terms of restricted computation, memory,
radio bandwidth and battery resources. These hardware limitations mean
that computationally intensive security tasks are generally not feasible,
especially where a device is responsible for a heavy data stream
10.
These limiations can often be mitigated in applications where the physical
environment is conducive to enabling greater power consumption and heat
dissipation - such as a factory or vehicle
5.
The complacent attitudes of manufacturers, combined with a lack of
understanding regarding cyber threats is another issue plaguing IoT
devices1
. This can in part be attributed to the fact that IoT systems area
relatively new and typically less understood than traditional iT systems
5.
Systems are often deployed over wide geographic regions and in uncontrolled
open environments5
. This can introduce vulnerabilities in the form of a
single point of failure in the network compromising the availability and
integrity of the entire network
3.
Such devices can include WIFI enabled security cameras, Bluetooth enabled
hearing aids, or any number of WIFI and Bluetooth enabled smart home
devices6.
This results in a wide range of use cases and infrastructure configurations
that will have varied data and resource security requirements. Therefore,
whilst it typically falls upon the consumer to protect their devices from
physical threats and vulnerabilities such as theft, damage, and incorrect
user operation1
; it is critical that developers look toward working groups
such as the ISO and IEC and their recommended frameworks
5.
Assessment of security requirements based on the Confidentiality-Integrity-
Availability (CIA) triad9
. Confidentiality implies that network data packets
are not being intercepted or examined. Integrity refers to dynamic or static
data being protected from unauthorised manipulation. Availability requires
all devices to be functioning properly and in an uncompromised manner; free
from any viruses, worms or malware.
IoT systems must address security issues such as denial of service (DoS)
attacks, distrubuted denial of service (DDoS) attacks, jamming, man in the
middle attacks, and malware5
. These threats can be largely mitigated by
employing methods of authentication, access control, malware detection and
secure offloading techniques10.
At a higher level, blockchain technology is beginning to gain traction.
This is because most IoT problems arise as a result of the IP protocol
being the main standard for connectivity
4.
Blockchain is a paradigm shift as
it does not require the participation of a trusted third party for
authentication purposes due to its de-centralised nature
7.
Integrity is maintained due to the recursive nature of the digital
signatures in the ledger
5
. 'Smart Contracts' can also be established within
the blockchain protocol. These contracts can be devined as "a computerised
transaction protocol that executes the terms of a contract"
3.
In the context of IoT devices, smart contracts are required in order to
handle queries and transactions proposed from the devices typically found
within database applications such as query, create and update with regard
to device information held within the ledger
3.