: IoT Security Research Expertise
IoT Security Research Expertise

Iranian Expertise in IoT Security Research

: IoT Security Research Expertise
IoT Security Research Expertise

Iranian academic security researchers at the ITRC (Information Technology Research Center) have published several white papers on the Internet of Things (IoT) which are available here: www.iot.itrc.ac.ir/fa/doc/list and the Security Challenges and Problems (security and privacy) in IoT and Proposed Solutions paper is described here.

1. General Problems and IoT open issues [IJCN-265]

  • Volume, transfer and processing of data. 
  • Number of ‘things’.
  • TCP challenges.
  • Identifying ‘things’.
  • QoS (Quality of Service).

2. Security and Privacy

The wireless nature of data transfer in IoT makes security and privacy very important. Risks of attacks to the physical layer of IoT, whereby a hacker could exfil, alter or delete data from connected devices because these devices generally “roam free”. Risk of attack to wireless data (i.e., interception before receipt by receiver). This is considered a major challenge. Low defensive capability: most IoT devices are unable to receive security updates for a multitude of reasons. “Privacy is a serious matter in civilised countries.” For IoT, we need to be sure of: who is collecting our personal data; how this data is collected; how long it takes.

3. Connectivity

Is IPv6 suitable? What hardware is needed to connect such a large number of devices? Lack of a unified standard is problematic. The TCP problem: UDP is entirely unsuitable, so TCP is the transfer layer protocol needed for IoT systems. This is not without problems: establishing a connection (this problem is often overlooked because of the small amount of data transferred); volume control (again, the small volume of data involved makes this insignificant); data buffering. Buffering processes are costly in battery-less devices such as RFID labels.

4. Immediate identification of ‘things’

How should each ‘thing’ be defined? How should information about each ‘thing’ be obtained? This can be addressed by RFID, EPC or UID. However, these have problems such as privacy, radiation, errors and incompatibility. One solution could be to use machine sight / vision and image processing instead – in this process, each ‘thing’ can extract the specification of another ‘thing’ by seeing it. The problem is that this must happen instantly.

5. Varying QoS

6. Trust and privacy in IoT

The methods of data transfer need to be reliable and trustworthy. To this end, progress must be made in PKI, light key management systems, QoI, non-centralised and self-configured systems (as an upgrade to PKI), and new ways of assessing trust in people, devices and data across all systems must be developed. Assurance methods for all platforms, hardware, software and protocols. Access controls.

7. Security in IoT

IoT very vulnerable to DoS/DDoS attacks. Work needed to identify IoT-specific threats such as approval loops and malware attacks. IoT-connected devices must be monitorable. Security software must be updatable. IoT devices must be able to learn in order that the IoT can become self-managing.

8. Privacy

Encoding that enables protected data to be stored, processed and shared without sharing content with other sections is needed: homomorphic encoding is a good candidate for this. Privacy by design and data minimisation must be supported. Self-configuring and fine-grain access controls that mimic the real world. The ‘everywhere’ nature of IoT presents other difficulties: location privacy is important for things connected to people (watches, heart monitors, etc.); data leak prevention; local storage of data as far as possible, using non-centralised calculations and key management. Multiple ‘soft identities’ for one ‘real identity’ could be a way to protect privacy.

Article rating:

vote(s).

0 Comments

Write a Comment

:
Hosein)root Discovers XSS Vulnerability on Google Earth

On 25 November Hosein)root who asked ICNA publish his true name as Amir Hossein Sharbati on CX...


0 Comments | Read more +
:
35/000 Characters Tweet Shocks German Hackers!

Thinking that a person could send a tweet with more than 280 characters is more or less like a...


0 Comments | Read more +
:
4TT4CK3R Identifies Flaw in University of Tehran Website

Vulnerability researcher 4TT4CK3R discovered on 23 August a cross-ste scripting vulnerability ...


0 Comments | Read more +
: 4tt4ck3r Find Vuln In United Kingdom Government
4tt4ck3r Finds Flaw in UK Government Websites

Iranian hacker 4tt4ck3r has previously found Reflected XSS -Cross Site Script...


0 Comments | Read more +
: TYRANT Ransomware
Iranian TYRANT Ransomware

A new type of ransomware have been discovered on October 16 2017 which appear...


0 Comments | Read more +
: IoT Security Research Expertise
Iranian Expertise in IoT Security Research

Iranian academic security researchers at the ITRC (Information Technology Research Cen...


0 Comments | Read more +
: Mohammad Rezania -LinX64-
Android Security and Forensic Science by LinX64

A good article by Iranian academic is important step forward for people to understand security...


0 Comments | Read more +
: http://offsec.ir/writeups
OFFSEC Team Ice CTF Results

Offsec Research CTF Team: "Thinking out of t...


0 Comments | Read more +
:
Defacement of Hafez Institute of Higher Education by UnSec Team

ICNA was contacted yesterday, 19 October, by UnSec Team member Mostafa Asadi concerning the ha...


0 Comments | Read more +
:
Manoto Defaced by Cluwix

We can see in the picture that website of Manoto TV show "Stage" was hacked by Black Hat Hacke...


0 Comments | Read more +
: Eagle Security Team
Eagle Security Team Deface Shahrood University of Technology

MR 7KH4T of Iranian hacking group Eagle Security Team is mak...


0 Comments | Read more +
: MR.IMAN
Iranian Black Hat Hackers Mass Deface Iran Sites

Hackers of the team Iranian Black Hat Hackers has make deface of many Iranian...


0 Comments | Read more +
: Iranian Cyber News Agency
New Website

Welcome to Iranian Cyber News Agency website.

New sections now include Vulnerability N...


0 Comments | Read more +
خبرگزاری سایبر ایران

در ب...


0 Comments | Read more +
:
SMS Virus Developed by Iranian Hacker Claims 100/000 Victims in Iran

In recent weeks a story that has attracted attention of many people has been the development a...


0 Comments | Read more +
: Atash Security Group
Atash Security Group Attack Irancell

The hacker and administrator Omid Killer of the Iranian hacker group ...


0 Comments | Read more +
: Eagle Security Team
Eagle Security Team Hack Saudi Sites

Latest Iranian cyber news from the Eagle Security Team shows that hackers hav...


0 Comments | Read more +
: Lord Hacking Team
Lord Hacking Team Attack Google Telegram & Acunetix

Iranian hackers of Lord Hacking Team is claim attack against:

  • ...

0 Comments | Read more +
: Fake ANF News App
Open Source Research Company Claims Iranian Government Targets Iranian Citizens with Malwareware

Open source research company Check Point Research claims that what it called Iranian governmen...


0 Comments | Read more +
Twitter: Twitter Message
Hackers Take Down Mahan Air Website

It can be seen from Twitter posts that website of Mahan Air was hacked by Iranian group XileRe...


0 Comments | Read more +
U.S-INDICTED MABNA GROUP DIRECTED BY MINISTRY OF INTELLIGENCE

Previous, ICNA has reported on U.S. indictments and accusations of Iranian hackers and other c...


0 Comments | Read more +
A Vaccination Called Filtering

We took this text from the Telegram Channel of Iran Security Team Official Channel (


0 Comments | Read more +
:
IEDB Holds Gatherings Nationwide

In recent weeks and months users and friends of the hardworking IEDB team which has very activ...


0 Comments | Read more +
: Eagle Security Team
Eagle Team

The Iranian Eagle Security Team security researchers is make exposed many SQL...


0 Comments | Read more +
: Kheshtak Security Team
Kheshtak Security Team - Story Continues

More than ever in the 21st century, knowledge is power and information is the force that contr...


0 Comments | Read more +
:
Termint Security Team Have New Website

Although they have history going back a few momnths the Termint Security Team...


0 Comments | Read more +