Security aspects are always needed in all aspects of communication, including in IoT. Security is needed in the IoT environment because IoT has different characteristics compared to the Internet network in general, namely connected objects can be static or dynamic, and objects have limited energy. The more IoT objects that are used, the higher the security gaps that appear. Not only objects, other important elements of IoT such as people, technology, and processes are also vulnerable to attack. This arises as a logical consequence of the use of the Internet in IoT.
The need to meet security requirements such as authentication, scalability, integrity, and data availability is a mandatory thing that must be met by IoT. Some domains in IoT such as health services or smart transportations are very vulnerable to attacks due to the importance of the information being exchanged. For example, progress reports on a patient's medical condition are confidential, and this requires security mechanisms to prevent data from being exposed to unauthorized parties. Thus, no one can monitor and change information or provide false patient medical reports and prevent doctors from making mistakes in treating their patients. If no safety mechanism is adopted, this may lead to doctors prescribing the wrong drugs or providing poor care to their patients. For example, changes in the results of the electrocardiogram can worsen the patient's condition because the patient may receive treatment that is not in accordance with the results of the diagnosis.
Potential attacks in IoT can be categorized based on the layers of the communication protocol, namely:
1. Physical Layer
Attacks at this layer are more physical, such as changing the structure of the object so that it can be controlled to carry out attacks, radio wave interference.
2. Data Link Layer
Examples of attacks at this layer include: frames sent by objects are made to always collide or collide, the frequency is set to be the same between two objects so that they must always be retransmitted.
3. Layer Network
Some of the attacks that occur at the network layer include changing routing information, creating routing loops, flooding objects with Hello packets, monitoring and changing the contents of packets circulating on the network, duplicating an object and placing the fake object in different locations (Sybill attack). ).
4. Transport Layer
The connection-building function at this layer can be tampered with by flooding the object with packets of requests for a persistent connection, or by destroying an already established connection.
5. Application Layer
The application layer as a bridge between the user and the IoT system can be damaged by data availability. Another example of an attack is cloning a valid object.
Attacks that appear on IoT networks are not limited to those mentioned above, but there are many other types of attacks. Each type of attack has a specific target security parameters to disable. No exception with attacks to paralyze privacy aspects, especially the element of trust. These attacks, known as trust-based attacks, include:
a. Good-mouthing attacks: object assigns false trust values, i.e. values that are exaggerated in order to make the object look very good
b. Bad-mouthing attacks: object gives false trust value, i.e. low value in order to make the object look really bad
c. Ballot-stuffing attacks: objects of bad repute are given as much false trust as possible to make their reputation good
The vulnerability of IoT networks to attacks that have the potential to attack objects can be prevented in many ways. The use of the right security model can reduce the risk of attacks.
Commentaires