Lesson Security and Privacy of IoT Systems - Internet of Things - ثاني ثانوي

194 Line to digital len Lesson 3 Security and Privacy of lot Systems www.len.edu. Security Internet, IoT, Cloud-Based Services, Cyber-Physical Systems (CPSs), and mobile devices define modern life in the 21st century. Technology allows worldwide communication, which benefits society. However, as technology evolves, cybercriminals can exploit more vulnerabilities. loT's impact on enterprises and business models grows. The success of lot for businesses depends on consumer trust. Nevertheless, many technological products and services are rushed to market with low concern for users' security and privacy. Security is a critical part of the design process from the starting level to each next level. Security policies, protocols, and standards must be created in parallel to support any technological development. The following table presents loT security principles Cyber-Physical System (CPS) A Cyber-Physical System (CPS) is a computer system that controls or monitors a mechanism using computer-based algorithms. Table 5.6; IoT security principles Principle Trust Description Allow only authorized users or services to access the device or data. Verify the identity of (hdividuals, services, and "things. ' Identity Privacy وزارة التعليم Protection Maintain the privacy of a user's device, personal information, and sensitive data Safeguard devices and users against physical, financial, and reputational harm.

User-Centered Challenges of lot Systems Traditional security measures are insufficient to provide comprehensive security to the modern connected world. Unlike many traditional electronic devices, IoT devices interact with services on the Internet. Many potential benefits will not be realized until people become comfortable with these technologies. Accountability is critical for trust between end-users and the creators of loT systems. The complexity of distributed data flows, inadequate consent mechanisms, and a lack of information to the user all contribute to the need to build accountability into the lot. comfortable trust Laumiliar knowledge Figure 5 28: Accountability in the lot IoT Security and Cybercrime Internet infrastructure is a physical construct inside sovereign nations' territorial boundaries. Nonetheless, the data flowing over this infrastructure traverses several national jurisdictions, which remains a cyberspace-specific concern. While illegal conduct in cyberspace easily crosses geographical borders, law enforcement does not. The gap between legislation and technology is a major obstacle in combating cybercrime. The criminal justice system is inherently retrospective and time-consuming, creating significant difficulties for cyberspace regulation. The rate at which technology is integrated into our society outpaces the creation of policy and legislation. As a result, cyberspace is controlled by a patchwork of inadequate, underdeveloped, and competing laws. Additionally, a consensus is difficult to achieve because each nation has its autonomous norms, beliefs, and practices, promoting different visions for cyberspace. Various nations, for instance, promote cyber sovereignty, arguing that national borders apply to cyberspace and that each nation should be able to regulate how individuals and corporations use the Internet within its borders وزارة التعليم Education X A System HACKED Figure 5 29 Kansomware malware altack and breach 195

Architectural Challenges of loT Security IoT requires a set of standards and a well-defined architecture with interfaces, data models, and protocols due to the variety of devices, protocols, and services involved. Numerous attacks are possible when loT devices connect with a cloud service and exchange data for the first time. Various loT device characteristics might pose security risks and issues. Mobility, interdependence, and other similar characteristics introduce various challenges and dangers, such as firmware vulnerabilities, storage, processing power, network attacks, rules, and standards, that necessitate additional study. The Internet of Things necessitates more IPv4-to-IPv6 transitioning devices, necessitating an increase in bandwidth.. The adoption of IPv6 and 5G, as well as the new generation of communication for improved speed, generate additional risks and difficulties. The following illustrations show how a simple architecture evolves from a simple system to an increasingly complex one. Each layer of complexity has new vulnerabilities to the system's components. Used Technology 005/ODOS attacks -Man-in-the-Middle WiFi Bluetooth Smart Home Smart City Smart Government Application *Poor access management Zigbee 3G/4G/5G IPV5/6 WIFI Router Access point Bluetooth Network + DHCP attacks وزارة التعليم 2173-1465 196 PC Sensors Perception RFID Unauthorized tag access Tag cloning RFID WSN GPS • GPS spoofing Sensors Figure 5.30 Security vulnerabilities of systems Cloud Computing Software Applications Data Mining Artificial Intelligence -Code injection • Unauthorized access •Spear phishing

5G Networks and IoT Security 5G is a promising technology that has been identified as the next step in the global evolution of mobile communication over the long term. SG is the primary component of a networked or loT/M2M-oriented society. It will enable fast access to information and services. The objective of 5G is mobile connectivity for humans as well as mobile and ubiquitous connectivity for any computing device and application that can benefit from being connected to the Internet (IoT) and the Web (WoT-Web of Things). Due to the development of 5g networks, it is reasonable to raise issues related to the impact of 5G on the communication security of loT devices. There will be a need for loT middleware and a security standard to implement new methods for interconnecting various cognitive networks and devices. With a better and faster network infrastructure, there will be greater interaction between things, particularly with the distribution of processing for cloud services, generating a high impact in terms of data security and enabling the development of new applications that improve people's lives. The following table illustrates the main loT 5G security concerns. Table 5.7: IoT 5G security concerns Concern Big Data Security Description IoT systems continuously create large amounts of heterogeneous data In addition, data traffic demands for mobile communication in loT systems will expand considerably. Therefore, it is necessary to devise an effective method for managing these large amounts of data created by IoT systems. 5G network technologies deliver data at a substantially lower cost per bit than previous networks. Secure protocols are needed to properly manage and organize these massive amounts of data to establish a comprehensive security solution for a SG-based loT system. Device and application protection Protecting numerous devices and applications is an additional difficulty A crucial feature of SG-based loT systems is the potential to support a far larger number of devices and applications than is now possible. The connections of millions of additional devices and applications will introduce new security concems. Even with a simple cyberattack victims could be locked out of their homes, cars, and other linked devices Communication Channels Protection التعليم 2173-1473 Maintain the privacy of a user's device, personal information, and sensitive data. 197

Privacy While online security remains a major concern and challenge in the loT environment, preserving privacy will also remain a significant challenge that requires additional attention. The privacy of loT end-users could be jeopardized if personal data is leaked to unauthorized parties. Given the diversity of IoT-connected devices and the inherent vulnerabilities of hardware and software in some of them, protecting end-user privacy may present numerous security challenges. The vast amount of personal data captured by big data systems allows organizations to combine different datasets, increasing the ability to identify individuals. The capacity to mine and analyze datasets grows in volume and variability daily. To overcome this, it is prudent to ensure that personal data is completely anonymized. Organizations that use anonymized data must demonstrate that they conducted a thorough risk assessment and implemented effective security techniques. This could include a variety of technical safeguards, such as data masking and pseudonymization, as well as legal and organizational safeguards. Virus Infects-->> Infects DOGO O IoT Device Mobile phone Router Thermostat IoT Device IoT Devic Datamasking Data masking is the process of changing sensitive data. The data is of no value to unauthorized intruders but is still usable by software and authorized personnel for further analysis. Pseudonymization. Pseudonymization is a data management and de-identification process that replaces personally identifiable information fields in a data record with one or more pseudonyms. Differential Privacy In differential privacy, a controlled amount of randomness is added to a data set without affecting dataset accuracy. This technique is used to prevent identifying any personal information of individuals in the data set. Example Figure 3.31, infection of a network Hackers can infect an loT network and collect private data by exploiting Universal Plug and Play (UPnP) devices. UPnP offers zero configuration, meaning no authentication is required to connect. Hackers exploit this feature to infect a device and then an loT network. For example, a mobile phone infected with a virus could connect to a thermostat in your smart home residence through WiFi. This thermostat is connected through UPnP to the router of your smart home. The whole loT network is infected with this virus, and now a data breach of private information has occurred. Universal Plug and Play (UPnP) Universal Plug and Play (UPnP) is a service that enables devices on the same local network to automatically find and connect to each other using standard networking protocols. Printers, routers, mobile devices, and smart TVs are all types of UPnP devices. Personal Sensitive Data This is the full data including. personal and special data Pseudonymous Data IDS are replaced and sensitive data is encrypted. Anonymous Data IDS removed and sensitive data randomised/generalised Name Date of birth. Email All Samin 24.02.34 asami@mail.com Name User 458230 Date of birth Email 24.02.84 Sex Age Male 30-49 #Sd24@104gTu 84_ASamiرارة السكون ليد Health Type 1 diabetes User ID Health %UTopRg#Ku11 Type 1 diabetes Health Type 1 diabetes Figure 3.32 Pseudonymization and data ma 198

Data protection and security are difficult in an loT environment because at the system's core is a communication interface between smart objects without human intervention. Given the rate of the evolution of such systems, it is not surprising that there is little evidence to suggest that data protection is keeping up. Even when legislators demonstrate an awareness of specific concerns in large-scale data processing, their understanding of risk implications may be insufficient in practice. The following table shows the current loT privacy concerns and their possible solutions. Table 5.8: IoT privacy concerns and their possible solutions Privacy concerns Data collection from various sources without careful verification of relevance or accuracy. Big data approaches enable organizations to merge multiple datasets, which enhances the possibility that data may identify living individuals. The lack of openness in data processing and the complexity of Big Data analytics might contribute to mistrust. Possible solutions Utilize Al to validate the accuracy of acquired data. Utilize a variety of technical precautions, such as data masking anonymization, pseudonymization, and aggregation, in addition to legal and organizational safeguards. Improve the level of openness by providing privacy disclosures before processing any data obtained. التعليم 3173-1435 The difficulty of determining if new uses are consistent with the original intent of data collection. An organization may collect personal data for one purpose and subsequently analyze it for a completely different purpose. In such a case, the users must be Informed of the change, and if necessary, further consent must be acquired. Any breaches will threaten users' privacy and harm the creators' credibility, decreasing trust and causing users to lose faith in the organization and system, Design of systems with privacy protection in mind Technical methods like encryption protocols and blockchain technology are utilized. Access control, video surveillance, and security records are physical security systems that can be implemented. A privacy risk assessment will give an early warning system for detecting privacy issues Ceflorelated national, regional, and global policies and regulatory frameworks. which can also conflict with technological development. It is essential to bring together nations, International organizations, industrial partners, and security and toT experts from industry and academia to develop solutions to protect loT-generated personal data. 199

240 Exercises 1 Read the sentences and tick True or False. 1. A cyber-physical system is a system that only monitors a mechanism. 2. The loT Protection principle includes the physical security of IoT devices. 3. Cybersecurity laws are implemented in the same way in each country 4. IPv6 and 5G technologies are completely secure, 5. M2M technologies can be created without human intervention. 6. Smart objects that are hackable can become a hazard for their users. 7. Middleware systems for communication between 5G networks are vulnerable to cyberattacks.. 8. Personal data generated by any smart object is automatically encrypted. 9. Pseudonymization techniques introduce fake data to protect the real data. 10. Blockchain technologies can help protect data in distributed IoT systems. True False 2 What is the main concern about loT systems' rapid development and deployment? وزارة التعليم

3 Classify the main principles of loT security: 4 Describe the main challenge of IoT security and cybercrime on the Internet. How can this issue be addressed? وزارة التعليم 1-1445 201

202 5 Distinguish various types of possible attacks on every layer of a simple loT architecture. 6 What is the most significant technological security challenge created by 5G networks in loT systems? Present your ideas below. وزارة التعليم 121-15

7 Analyze how Big Data technologies create new privacy challenges. 8 Classify the current privacy concerns present in loT systems. وزارة التعليم 203