| Real Threats | Security Techniques |
|---|---|
| Messages can be read by anyone on the internet. | Various symmetric encryption techniques to make sure only sender and receivers can understand the message. Examples: – Advanced Encryption Standard(AES) – Data Encryption Standard(DES) |
| Unencrypted or encrypted messages can be altered by anyone on the internet. | Various Integrity protection techniques like Hash based solutions to detect alteration in messages. Examples: – SHA256 MAC |
| Stealing encryption key on the internet and calculating fixed key | Public private key infrastructure based techniques make sure that keys used for encrypting the message are not fixed and random for each session. Along with it, it also makes sure that message encryption key cannot be steal by anyone by using asymmetric public and private key concepts. Examples: – Rivest, Shamir and Adleman (RSA) – Elliptic Curve Cryptography (ECC) |
| Unauthorized access and illegal control of network and system resources | Authentication and Authorization techniques to make sure only authenticated users with valid credentials are allowed to enter into networks. Along with it, an adequate permission mechanism to set various authorization levels like admin, super admin, user level access, group level access, role based access control (RBAC) and attributes based access control (ABAC). Example: – oAuth (Open Authorization) |
| Physical attacks of devices computing, memory and storage devices | In build security techniques to make sure you have a secure run time execution environment, secure RAM or ROM and Secure storage for any physical attacks. |
Tag Archives: IoTSecurity
IoT – Common security in wireless communication Technologies
| Technologies | Security | Drawbacks |
|---|---|---|
| ZigBee | Three types of security: Control and managing who or what can view or use resources. Encryption Integrity It provides security by assigning a mandatory network key to each device for proper authorization. | Network key assigned to different devices are fixed and cannot be changed later. |
| Bluetooth | It provides encryption of data between sender & receiver. | It has some common threats like blue jacking & bluesnarfing. Blue Jacking: Sending unsolicited message in the form of business card, messages, or pictures. It does not steal any information from recipient device. Bluesnarfing: It is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and on some phones, users can copy pictures and private videos. |
| Radio Frequency Identification (RFID) | It provides encryption of data supporting AES & DES symmetric algorithm. | – It does not provide security to read information from tags because tags give information without verifying the authentication of reader. The attacker can make his own reader to collect information. – Even attacker can change the cipher text that leads to data integrity issue. |
| Wireless Sensor Network(WSN) | It provides encryption of data. | There are several attacks in WSN, such as – Denial of Service (DOS) – Distributed DOS (DDOS) |
| Wireless Fidelity (Wi-Fi) | Authentication and Authorization mechanism | – There is no proper encryption mechanism that may cause to change the message by attacker. – Eavesdropping & monitoring data |
Technology 