Internet of Things Security: Firmware Approach
Corressponding author's email:
doandc@hcmute.edu.vnDOI:
https://doi.org/10.54644/jte.2024.1546Keywords:
Internet of Things (IoT), Embedded Systems, Firmware, Hardware, SecurityAbstract
Internet of Things (IoT) is increasingly widely used, creating many opportunities to bring people smart applications (smart city, smart home, smart health, etc.), making our life more convenient, higher production efficiency (smart industry, smart agriculture). Besides the advantages, many security challenges also arise such as privacy issues, authentication, management issues, information storage, etc. The different factors make the issue of security in the IoT environments more challenging than that of the regular information technology (IT) devices. The IoT environment gives rise to problems and vulnerabilities, the IoT applications create various cyber threats. There have been various security and privacy attacks on devices that have been deployed: the Mirai attack in 2016 was estimated to have infected about 2.5 million Internet-connected devices and launched the Distributed denial of service (DDOS) attack. The IoT devices are also implanted into the human body to monitor the vital status of various organs. These devices are targets for attacks to falsify data. Such attacks, if any, will very dangerous. This article focuses on presenting the challenges of securing the IoT systems, then diving into a security aspect of the IoT systems coming from inside the hardware device - the firmware of the device.
Downloads: 0
References
V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, and B. Sikdar, "A Survey on IoT Security: Application Areas, Security Threats, and Solution Architectures," Department of CSE and IT, Jaypee Institute of Information Technology, Noida, 201309 India, IEEE, 2019. DOI: https://doi.org/10.1109/ACCESS.2019.2924045
M. Toback. "An Introduction to IoT Security: Protecting Your Devices." https://smallbizepp.com/introduction-to-iot-security (accessed Sep. 16, 2023).
Ministry of Information and Communications, Vietnam. "IoT Devices - Information Security Risks and Remediation Solutions," (in Vietnamese). https://mic.gov.vn/atantt/Pages/TinTuc/143262/Thiet-bi-IoT---Cac-rui-ro-an-toan-thong-tin-va-giai-phap-khac-phuc.html (accessed Sep. 24, 2020).
Ministry of Information and Communications, Vietnam. "Information Security in IoT Worldwide and in Vietnam," (in Vietnamese). https://mic.gov.vn/atantt/Pages/TinTuc/143264/An-toan-thong-tin-trong-IoT-tren-the-gioi-va-Viet-Nam.html (accessed Sep. 24, 2020).
K. Yasar. "IoT security (internet of things security)." https://www.techtarget.com/iotagenda/definition (accessed Aug. 2023)
P. Ramesh and M. S. V. R. Reddy, "Architecture, Protocols, Layers and Elements of IoT," IJCRT, ISSN: 2320-2882, vol. 9, no. 9, Sep. 2021.
A. El bekkali and M. Essaaidi. "Systematic Literature Review of Internet of Things (IoT) Security." https://www.ripublication.com/adsa.htm (accessed Nov., 2022).
M. R. Ahmed and A. Al Shihimi, Internet of things network architecture and security challenges, AIRCC Publishing Corporation, 2023. DOI: https://doi.org/10.5121/csit.2023.131313
S. U. Haq and Y. Singh, A survey on IoT & embedded device firmware security: architecture, extraction techniques, and vulnerability analysis frameworks, Springer, October 2023. DOI: https://doi.org/10.1007/s43926-023-00045-2
A. Szász. "Firmware and Firmware Security." https://bugprove.com/knowledge-hub/7-questions-and-answers-about-firmware-and-firmware-security (accessed Apr. 4, 2023).
M. Toback. "OWASP Top 10 IoT Vulnerabilities: How to Avoid Them." https://smallbizepp.com/owasp-iot-top-10-vulnerabilities (accessed Sep. 2023).
S. Chougule. "IoT Device Penetration Testing." https://owasp.org/www-chapter-pune/meetups/2019/August (accessed Aug. 2019).
Intuz. "A Guide On IoT Firmware Development And Integration." https://www.intuz.com/guide-iot-firmware-development-and-integration (accessed Feb. 2023).
F. Bolandi, “Automated Security Analysis of Firmware,” KTH Royal Institute of Technology, 2022.
M. K. Kagita, "A framework for intelligent IoT firmware compliance testing," KeAi, September 2021. DOI: https://doi.org/10.1016/j.iotcps.2021.07.001
K. P. Siri. "The Various Facets of IoT Firmware Analysis." https://www.cigniti.com/blog/iot-firmware-analysis (accessed Jul. 11, 2023).
W. Wang, T. Zhao, and X. Li, "Research on Known Vulnerability Detection Method Based on Firmware Analysis." https://www.techscience.com/JCS/v4n1/47669/html (accessed Apr. 2022). DOI: https://doi.org/10.32604/jcs.2022.026816
P. Bourmeau, "A brief introduction to firmware extraction," 2020.
S. Vasile, D. Oswald, and T. Chothia, "Breaking all the things - a systematic survey of firmware extraction techniques for iot devices," University of Birmingham, 2018. DOI: https://doi.org/10.1007/978-3-030-15462-2_12
J. M. Smith, "Case Analysis of Firmware Vulnerabilities and Exploitation," 2016.
R. Sharma. "Unveiling Vulnerabilities: A Deep Dive into Firmware Penetration Testing- Part1." https://ravi73079.medium.com/unveiling-vulnerabilities-a-deep-dive-into-firmware-penetration-testing-part-1-904599cd79be (accessed Sep. 19, 2023).
D. D. Ruck, V. Goeman, and J. Lapon, "Hands-on workshop: Hacking and Protecting Embedded Devices," June 2022.
I. Nadir, H. Mahmood, and G. Asadullah, "A Taxonomy of IoT Firmware Security and Principal Analysis Techniques," March 2023. DOI: https://doi.org/10.1016/j.ijcip.2022.100552
Downloads
Published
How to Cite
Issue
Section
Categories
License
Copyright (c) 2024 Journal of Technical Education Science
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Copyright © JTE.
