Abstract

     The last two decades have experienced a steady rise in the production and deployment of sensing-and-connectivity-enabled electronic devices, replacing “regular” physical objects. The resulting Internet-of-Things (IoT) will soon become indispensable for many application domains. Smart objects are continuously being integrated within factories, cities, buildings, health institutions, and private homes.

     Approximately 30 years after the birth of IoT, society is confronted with significant challenges regarding IoT security. Due to the interconnectivity and ubiquitous use of IoT devices, cyberattacks have widespread impacts on multiple stakeholders. Past events show that the IoT domain holds various vulnerabilities, exploited to generate physical, economic, and health damage. Despite many of these threats, manufacturers struggle to secure IoT devices properly.

     Thus, this work overviews the IoT security landscape with the intention to emphasize the demand for secured IoT-related products and applications. Therefore, (a) a list of key challenges of securing IoT devices is determined by examining their particular characteristics, (b) major security objectives for secured IoT systems are defined, (c) a threat taxonomy is introduced, which outlines potential security gaps prevalent in current IoT systems, and (d) key countermeasures against the aforementioned threats are summarized for selected IoT security-related technologies available on the market.

Introduction

     The Fourth Industrial Revolution, also commonly referred to as Industry 4.0, is expected to alter almost every business sector with unprecedented velocity fundamentally. Industry 4.0 is characterized by the blurring lines between physical and virtual reality. One cornerstone of this technological revolution is Internet-of-Things (IoT) [1]. IoT is defined as an overall, intelligent system with comprehensive awareness, reliable transmission, and intelligent processing of data [2].

     With the increasing ubiquity of IoT devices, the number of devices to be used in potential attacks increases, respectively [3], [4]. Currently, around 31 billion “things” are connected, and it is estimated that this number will rise to 75 billion by 2025 [4], [5]. Most of these devices used by private consumers are Smart Home devices, like TVs, set-top boxes [6], entertainment systems, speakers or lighting, and heating sensors [7]. These apparatuses can theoretically monitor people without drawing attention from their victims. Consumers expect monitoring activities, such that gadgets can provide their intended functionality. E.g., an intelligent light system is expected to listen to voice commands. However, a user cannot control that only commands are being processed. The private conversations may be listened to, processed, or stored.

Summary and conclusions

     While the market of IoT in general grows at a strong pace, the market for IoT security is still in its infancy. Vulnerabilities of IoT devices have been and will be exploited in cyberattacks. The Mirai Botnet or the computer worm Stuxnet will not be the last ones of their kind. However, recognizing threats posed by insecure IoT devices, their use in dedicated scenarios, and identifying the need for basic (or additional) security measures are the first step in the right direction.

     For the development of IoT security measures, it is essential to question why it is technically challenging to secure IoT devices. The analysis of particular characteristics of IoT devices revealed clearly that features like usability, limited resources, ubiquity, short time-to-market, and interconnectivity prove that traditional security measures cannot be applied one-to-one. Dedicated models and, in turn, products are needed to secure the IoT domain. The list of IoT security objectives compiled, and the threat taxonomy developed can serve as a guideline for manufacturers to specify, design, and implement secure devices and to decrease the number of attack vectors an adversary can potentially use to target an attack. Gratifyingly, as Section 9 outlines, several promising technologies and products on the market exist, which can make the use of IoT technology secure. In addition to these products available, institutions and working groups unite their forces and knowledge to formulate guidelines such that manufacturers can build secure IoT devices in the first place. However, there is room for additional security products and services as the markets’ growth trajectories demand.