Analysis of Internet of Things Network Information Security(1)
2019-03-28

However, with the increasing frequency of Internet of Things security attacks in recent years, the impact on user privacy and basic network environment is becoming more and more prominent. This paper starts with the analysis of the current security situation faced by the Internet of Things, the security risks existing in the Internet of Things, and the main factors causing security problems, and then puts forward relevant countermeasures and suggestions to promote the healthy and orderly development of the Internet of Things.

First, the issue of network information security under the interconnection of everything has attracted much attention.


1. Various vertical application fields are affected by Internet of Things security issues


The application of the Internet of Things involves all aspects of national economy and human social life. However, security incidents have occurred in many fields in recent years: in the smart city field, over 30% of smart meters of Spain's three major power supply service providers were detected to have serious security vulnerabilities in 2014, which could be used by intruders to cheat on electricity charges or even shut down the circuit system. In the field of health care, as early as 2007, then U.S. vice president dick? Cheney had a heart attack and the investigation department suspected that his Automated External Defibrillator wireless connection was used by assassins, which was regarded as one of the possible cases of personal injury caused by Internet of Things attacks. In the field of industrial internet of things, security attacks are even more harmful. The attacks on TSMC's production base in 2018, the Ransomware incident in 2017 and the massive blackout in Ukraine in 2015 have all inflicted heavy losses on the target industrial networking equipment and systems.


2. Internet of Things security issues pose a serious threat to privacy protection


With the application of Internet of Things, massive data related to user privacy will be recorded by various Internet of Things devices, and its data security risks are becoming more and more serious. Since 2015, there have been many attacks on smart toys, smart watches and other loopholes at home and abroad, and more than one million family and children's information, conversation recording information, action track information and so on have been leaked. In July 2017, a vending machine of an American company was attacked by hackers, who stole personal information such as credit card accounts and biometric data of hundreds of thousands of users. The Internet of Things camera manufactured by a security company in China has been exposed to multiple vulnerabilities. Hackers can use default credentials to log in to the device to access the real-time images of the camera. In addition, according to relevant data, 10,000 households can generate up to 150 million discrete data points every day. According to IDC report, there will be 20-25 billion Internet of Things devices in the world by 2020. Massive user privacy data are recorded by huge Internet of Things devices, and their security risk factors are greatly enlarged.


3. Organizations and institutions are concerned about the security of the Internet of Things one after another.


In the past two years, RSA Conference, Black Hat and other security conferences have all paid attention to the Internet of Things in safety height, while CES and other conferences have also paid more attention to the security of the Internet of Things. At RSA 2018 Security Conference, many discussions on Internet of Things security vulnerabilities were mentioned, especially Internet of Things terminal equipment or Intelligent Home Furnishing products. In August 2016, at the annual Black Hat conference, Internet of Things security became one of the top ten security threats worthy of attention. Hackers demonstrated their attacks on Internet of Things devices such as Internet of Things cars, smart light bulbs and ATM. At CES 2016, the Internet of Things ranked first in terms of security concerns, ahead of smart homes, wearable devices and driverless cars.


Second, the Internet of Things network security risk analysis


At present, the Internet of Things has gradually formed a three-layer infrastructure with 'cloud, management and end' as the main components. Compared with the traditional Internet, the security problem of the Internet of Things is more complicated.


(a) 'end'-terminal layer security protection capabilities vary greatly


Terminal equipment is mainly responsible for sensing Surrounding Information in the Internet of Things, including collecting, capturing data or identifying objects. There are many kinds of RFID chips, reading and writing scanners, temperature and pressure sensors, network cameras, intelligent wearable devices, unmanned aerial vehicles, intelligent air-conditioning refrigerators, intelligent cars ... The size is small to large, the function is simple to rich, the state is connected or disconnected, and they are all in a white box attack environment. Due to the simple application scenario and the limited storage and computing capacity of many terminals, deploying security software or high-complexity encryption and decryption algorithms on them will increase the operation burden and may even lead to failure of normal operation. As another characteristic of Internet of Things terminals, mobility makes the traditional network boundary 'disappear' and the security products relying on the network boundary cannot function normally. In addition, many Internet of Things devices are deployed in unsupervised scenarios, making it easier for attackers to attack them.


(B) 'tube'-network layer structure complex communication protocol security is poor


The Internet of Things network uses a variety of heterogeneous networks. Compared with the Internet, the communication transmission model is more complex. Many attacks, such as algorithm cracking, protocol cracking, man-in-the-middle attack, and violent cracking, such as Key, protocol, core algorithm, and certificate, occur from time to time. The security issues of Internet of Things data transmission pipeline itself and transmission traffic content cannot be ignored. At present, hackers have realized the invasion and hijacking of Internet of Things terminals by analyzing and cracking the communication transmission protocols of Internet of Things devices such as Electric car balance and unmanned aerial vehicles. In some special Internet of Things environment inside, the transmitted information and data are only transmitted by simple encryption or even plaintext. Hackers can read the transmitted data by cracking the communication transmission protocol, and perform operations such as tampering and shielding.


(3) 'cloud'-platform layer security risks endanger the entire network ecology


Internet of Things applications usually connect intelligent devices to the cloud through the network, and then exchange information with the cloud through App, thus realizing remote management of the devices. Cloud platform can analyze and manage data information collected by Internet of Things terminals, and manage network security, such as authentication of equipment terminals, emergency response to attacks, monitoring and early warning, and protection and safe utilization of data information. The Internet of Things platform will be mostly loaded in the cloud in the future. At present, the level of Cloud security has become increasingly mature, and more security threats often come from internal management or external penetration. If the internal management mechanism of the enterprise is not perfect and the system security protection is not matched, then a small logical loophole may make the platform or the whole ecology completely fall. However, non-traditional network attacks using Social Engineering from outside always exist. Once the system becomes the target, the perfect protection measures may fall short from outside to inside.


Three, the main factors affecting the safety of the Internet of Things industry


The Internet of Things has gradually become a 'disaster area' for network information security due to various factors. Among them, there are not only the characteristics formed by the gradual accumulation of the technical characteristics of the Internet of Things technology itself, but also the common faults existing in the rapid development of emerging industries.


First, the industrial structure is complex. In the process of development, the Internet of Things has gradually formed a relatively complete ecological system. However, on the basis of the three-tier structure, it involves many industrial chain links, resulting in numerous participants and complicated structures. From hardware chips, sensors and wireless modules in the terminal layer, to communication operators in the network layer, to software development, system integration and platform services in the platform application layer, all of these links are indispensable in the entire industrial chain. This requires close cooperation and unified understanding of all links to ensure that no major safety problems occur.


Second, the safety awareness is weak. According to data released by Gartner, the global Internet of Things market will reach US$ 1.9 trillion by 2020. However, behind the rapid development of the industry and the rapid expansion of its scale, the Internet of Things manufacturers are weak in safety awareness and lack of safety investment. On the one hand, the number of Internet of Things equipment is huge and its price is low. Many manufacturers have seriously insufficient investment in safety for The compression cost. Gartner predicts that the global Internet of Things security spending will reach 1.5 billion US dollars in 2018, with an annual growth rate of about 27%, which is even less than 1‰ compared with the market size. On the other hand, most Internet of Things equipment and hardware manufacturers cannot attach the same importance to safety as Internet enterprises, and lack safety awareness and talent reserve. An AT&T survey of more than 5,000 enterprises worldwide found that 85% of enterprises are deploying or planning to deploy Internet of Things devices, while only 10% of enterprises expressed confidence in protecting devices from hacker attacks.


Third, there is a lack of regulatory policies and standard systems. In 2013, the State Council proposed in its Guiding Opinions on Promoting the Orderly and Healthy Development of the Internet of Things that 'the safety evaluation, risk assessment and safety protection of major systems and applications of the Internet of Things should be strengthened to ensure the safety and controllability of major infrastructure, major business systems and applications in key areas of the Internet of Things'. However, it has not yet entered the substantive stage and relevant policies and regulations need to be implemented. In terms of safety standard system construction, although there are many Internet of Things organizations in the industry promoting the construction of internet of things system, due to the rapid update of Internet of Things technology and rich application scenarios, the construction of internet of things system lags behind the development of Internet of Things, and there is a lack of perfect safety standard system and mature safety solutions.


Four, on further strengthening the Internet of Things network information security countermeasures and suggestions


The development of the Internet of Things has entered the fast lane, and the deployment of large-scale applications is also accelerating. Without supporting measures, the security of the Internet of Things cannot keep pace with its development. It is suggested that China further promote Internet of Things security policies, standards, applications and personnel training, strengthen security supervision, guide and promote the attention of the entire industry to security issues, enhance the attention of employees and users to security risks, and ensure the sustained and healthy development of the Internet of Things industry.


At the regulatory level, strengthen the implementation of supervision and promote the formulation of safety standards in the field of Internet of Things. It is suggested to strengthen the safety management of the whole industry, establish a safety compliance detection mechanism, raise the entry threshold of the industry, restrict the development of chaos, and promote the formulation and implementation of standards and regulations from the aspects of safety framework system, safety evaluation, risk assessment, safety prevention and safety disposal scheme.


At the industrial level, we will promote the construction of a three-dimensional defense system for the Internet of Things across Life cycle. We will build a unified security system between hardware, operating system, communication technology, cloud server, database and other modules. From development to manufacturing and integration, we will integrate security design into every step of the Internet of Things product Life cycle. From chip to hardware, software and system, we will take security protection as a necessary supporting means for every link of the Internet of Things, pushing the entire industry to change its demand for security from passive to active so that security can keep up with the pace of industrial development.


At the technical level, speed up the development of Internet of Things security technology and research on prevention technology. It is suggested that equipment manufacturers and research institutions should pay more attention to the security technologies of the Internet of Things in terms of software and hardware, operating system, communication protocol, cloud platform, etc., develop effective security threat monitoring and discovery technologies and security protection technologies, and unite industry forces to create a security ecology of the Internet of Things.


At the propaganda level, popularize information security knowledge and raise safety awareness. It is suggested that enterprises should establish a correct concept of development, pay attention to network information security at the same time, and carry out safety knowledge popularization and technical training for Internet of Things employees to improve their safety awareness and knowledge skills. In addition, it is suggested to raise users' awareness of network information security, and pay attention to safety precautions while selecting and using Internet of Things products.

  • Wechat

  • Telephone

    phone:86-755-86544346
  • Mail

    mail:glzx@esioniot.com
  • 企业微信

    长按,识别二维码
点击电话进行一键拨打
点击邮箱进行一键发送