مشخصات مقاله | |
ترجمه عنوان مقاله | امنیت اینترنت اشیاء مصرفی، تجاری و صنعتی: طبقه بندی حملات و مطالعات موردی |
عنوان انگلیسی مقاله | Consumer, Commercial and Industrial IoT (In)Security: Attack Taxonomy and Case Studies |
انتشار | مقاله سال 2021 |
تعداد صفحات مقاله انگلیسی | 23صفحه |
هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
پایگاه داده | نشریه IEEE |
نوع نگارش مقاله |
مقاله پژوهشی (Research article) |
مقاله بیس | این مقاله بیس نمیباشد |
نمایه (index) | JCR – Master Journal List – Scopus |
نوع مقاله | ISI |
فرمت مقاله انگلیسی | |
ایمپکت فاکتور(IF) |
9.471 در سال 2020 |
شاخص H_index | 97 در سال 2020 |
شاخص SJR | 2.075 در سال 2020 |
شناسه ISSN | 2327-4662 |
شاخص Quartile (چارک) | Q1 در سال 2020 |
فرضیه | ندارد |
مدل مفهومی | ندارد |
پرسشنامه | ندارد |
متغیر | ندارد |
رفرنس | دارد |
رشته های مرتبط | مهندسی فناوری اطلاعات، کامپیوتر |
گرایش های مرتبط | اینترنت و شبکه های گسترده، شبکه های کامپیوتری، امنیت اطلاعات |
نوع ارائه مقاله |
ژورنال |
مجله / کنفرانس | مجله اینترنت اشیا – Internet of Things Journal |
دانشگاه | Center of Advanced Power Systems, Florida State University, Tallahassee, USA |
کلمات کلیدی | اینترنت اشیا، طبقه بندی، امنیت، حملات |
کلمات کلیدی انگلیسی | Internet of Things – taxonomy – security – attacks |
شناسه دیجیتال – doi |
https://doi.org/10.1109/JIOT.2021.3079916 |
کد محصول | E15926 |
وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
فهرست مطالب مقاله: |
Abstract |
بخشی از متن مقاله: |
Abstract Internet of Things (IoT) devices are becoming ubiquitous in our lives, with applications spanning from the consumer domain to commercial and industrial systems. The steep growth and vast adoption of IoT devices reinforce the importance of sound and robust cybersecurity practices during the device development life-cycles. IoT-related vulnerabilities, if successfully exploited can affect, not only the device itself, but also the application field in which the IoT device operates. Evidently, identifying and addressing every single vulnerability is an arduous, if not impossible, task. Attack taxonomies can assist in classifying attacks and their corresponding vulnerabilities. Security countermeasures and best practices can then be leveraged to mitigate threats and vulnerabilities before they emerge into catastrophic attacks and ensure overall secure IoT operation. Therefore, in this paper, we provide an attack taxonomy which takes into consideration the different layers of IoT stack, i.e., device, infrastructure, communication, and service, and each layer’s designated characteristics which can be exploited by adversaries. Furthermore, using nine real-world cybersecurity incidents, that had targeted IoT devices deployed in the consumer, commercial, and industrial sectors, we describe the IoT-related vulnerabilities, exploitation procedures, attacks, impacts, and potential mitigation mechanisms and protection strategies. These (and many other) incidents highlight the underlying security concerns of IoT systems and demonstrate the potential attack impacts of such connected ecosystems, while the proposed taxonomy provides a systematic procedure to categorize attacks based on the affected layer and corresponding impact. Introduction The number of Internet of Things (IoT) devices keeps increasing. By the end of 2030, the number of connected devices is expected to reach 24.1 billion, compared with around 500 C. Xenofontos is with the Department of Applied Mathematics and Computer Science, Richard Petersens Plads, Technical University of Denmark (DTU), Kongens Lyngby 2800, Denmark (e-mail: cxenof03@ieee.org). I. Zografopoulos and C. Konstantinou are with the Division of Computer, Electrical and Mathematical Sciences and Engineering, King Abdullah University of Science and Technology (KAUST), Thuwal 23955, Saudi Arabia (e-mail: jzographopoulos@gmail.com, ckonstantinou@ieee.org). A. Jolfaei is with the Department of Computing, Macquarie University, Sydney NSW 2113, Australia (e-mail: alireza.jolfaei@mq.edu.au). M. K. Khan is with the Center of Excellence in Information Assurance (CoEIA), King Saud University, Saudi Arabia (e-mail: mkhurram@ksu.edu.sa). K.-K. R. Choo is with the Department of Information Systems and Cyber Security, University of Texas at San Antonio (UTSA), 1 UTSA Circle, San Antonio, TX 78249-0631, USA. He also has courtesy appointments at UTSA’s Department of Electrical and Computer Engineering and Department of Computer Science, and UniSASTEM, University of South Australia, Adelaide, SA 5095, Australia. (e-mail: raymond.choo@fulbrightmail.org). *Work partly performed while these authors were with the Center of Advanced Power Systems (CAPS), Florida State University (FSU). |