SL1

Question 1

Why is data security important in IoT?

Answer 1

Trusted devices and data that make impactful decisions, add value to the device.

Question 2

What are the 6 security requirements of IoT?

Answer 2

Confidentiality: ensures the system data is only available to the authorised users and no other user can read the data

Integrity: ensures accurate data and that the data cannot be modified through illegal means

Availability: the system devices and the data are always available to its valid users

Authenticity: only valid and authorised devices can connect to the system and gain access to data and resources

Privacy: the data can only be controlled by its corresponding user

Trust: the security and privacy objectives are achieved

Question 3

What is the difference between authentication and identification?

Answer 3

Identification ensures that only genuine and valid devices or applications can gain access
(recognizing the identity)

Authentication ensures that the devices or applications that request the data are legitimate
(verifying the claimed identity)

Question 4

What is the difference between side channel attacks and node capture attacks?

Answer 4

Side channel attacks do not want to fully control nodes, but node capture attacks do. Side channel attack simply want to monitor the node.

Question 5

Which security requirement do eavesdropping and interference attacks violate?

Answer 5

Eavesdropping attacks violate confidentiality because they involve unauthorized access to and interception of sensitive information.

Interference attacks violate integrity because they disrupt the normal flow of data and can manipulate or corrupt the transmitted information.

Question 6

What are the vulnerabilites that could affect the sensing/perception layer?

Answer 6

Tampering with collected data

Destroying sensing devices

Question 7

What are the 6 security attacks at the sensing/perception layer?

Answer 7

Node capture attacks: attacker can capture and control the node or device in IoT by physically replacing the node or tampering with the hardware

Malicious code injection attacks: malicious code can be injected into the memory of the compromised node or device

False data injection attacks: the attacker can inject false data in place of normal data and transmit the false data to IoT applications

Side channel attacks: require physical access to the sensing devices and can be based on monitoring and analysing its physical parameters

Eavesdropping and interference attacks: the attackers may eavesdrop and capture the data during different phases

Sleep deprivation attacks: attackers try to drain the battery of low-powered IoT devices by keeping them awake unnecessarily

Question 8

How can the 6 security attacks at the sensing layer be solved?

Answer 8

Node capture attacks: Implementing identification and authentication protocols

Malicious code injection attacks: authentication schemes

False data injection attacks: design techniques to detect and drop the false data

Side channel attacks: encryption algorithms and key management schemes

Eavesdropping and interference attacks: secure encryption algorithms, key management schemes, and noise data adders

Sleep deprivation attacks: secured duty-cycle mechanism

Question 9

What are the 4 layers in an IoT architecture (security)?

Answer 9

sensing layer
network layer
middleware layer
application layer