Attack, Defense of Internet of Things

Internet of Things as Interconnections of Threats
Dr.MohitBansal Profile Pic
Published Date:26-10-2017
Your Website URL(Optional)
1.1 Introduction People worldwide are now ready to enjoy the benefits of the Internet of Things (IoT). The IoT incorporates everything from the body sensor to the recent cloud computing. It comprises major types of networks, such as distributed, grid, ubiq- uitous, and vehicular; these have conquered the world of IT over a decade. From parking vehicles to tracking vehicles, from entering patient details to observing postsurgery, from child care to elder care, from smart cards to near field cards, sensors are making their presence felt. Sensors play a vital role in the IoT as well. The IoT works across heterogeneous networks and standards. Exceptionally, no network is free from security threats and vulnerabilities. Each of the IoT layers is exposed to different types of threats. This chapter focuses on possible threats to be addressed and mitigated to achieve secure communication over the IoT. The concept of the IoT was proposed in 1999 by the Auto-ID laboratory of the Massachusetts Institute of Technology (MIT). ITU released it in 2005, begin- ning in China. The IoT can be defined as “data and devices continually available through the Internet.” Interconnection of things (objects) that can be addressedInternet of Things (IoT) as Interconnection of Threats (IoT)  5 RFID Sensor Smart technologies Nano-technologies To track and • To collect To enhance the To give identify the and process power of the smaller and data of data network by smaller things things devolving the ability • To detect processing to connect and changes in capabilities to interact physical different parts of status of the network things Figure 1.1: IoT underlying technologies. unambiguously and heterogeneous networks constitute the IoT. Radiofrequency identification (RFID), sensors, smart technologies, and nanotechnologies are the major contributors to the IoT for a variety of services, as shown in Figure 1.1. Goldman Sachs quoted that there are 28 billion reasons to care about the IoT. They also added that in the 1990s, the fixed Internet could connect one billion end users, while in the 2000s, the mobile Internet could connect another two bil- lion. With this growth rate, the IoT will bring as many as 28 billion “things” to the Internet by 2020. With the drastic reduction in the cost of things, sensors, band- width, processing, smartphones, and the migration toward IPv6, 5G could make the IoT easier to adopt than expected. Every “thing” comes under one umbrella encompassing all the things. The IoT also views everything as the same, not even discriminating between humans and machines. Things include end users, data centers (DCs), process- ing units, smartphones, tablets, Bluetooth, ZigBee, the Infrared Data Associ- ation (IrDA), ultra-wideband (UWB), cellular networks, Wi-Fi networks, near field communication (NFC) DCs, RFID and their tags, sensors and chips, house- hold equipment, wristwatches, vehicles, and house doors; in other words, IoT combines “factual and virtual” anywhere and anytime, attracting the attention of both “maker and hacker.” Inevitably, leaving devices without human intervention for a long period could lead to theft. IoT incorporates many such things. Protec- tion was a major issue when just two devices were coupled. Protection for the IoT would be unimaginably complex. 1.2 Phases of IoT System The IoT requires five phases, from data collection to data delivery to the end users on or off demand, as shown in Figure 1.2.6  Security and Privacy in Internet of Things (IoTs) Data collection Sensors/dynamic RFID Tags/static Storage Local/stateful Data centers/stateless Process Maker Hacker Data transmission Delivery Figure 1.2: Phases of IoT system. 1.2.1 Phase I: Data collection, acquisition, perception Be it a telemedicine application or vehicle tracking system, the foremost step is to collect or acquire data from the devices or things. Based on the characteristics of the thing, different types of data collectors are used. The thing may be a static body (body sensors or RFID tags) or a dynamic vehicle (sensors and chips). 1.2.2 Phase II: Storage The data collected in phase I should be stored. If the thing has its own local memory, data can be stored. Generally, IoT components are installed with low memory and low processing capabilities. The cloud takes over the responsibility for storing the data in the case of stateless devices. 1.2.3 Phase III: Intelligent processing The IoT analyzes the data stored in the cloud DCs and provides intelligent ser- vices for work and life in hard real time. As well as analyzing and responding to queries, the IoT also controls things. There is no discrimination between a boot and a bot; the IoT offers intelligent processing and control services to all things equally. 1.2.4 Phase IV: Data transmission Data transmission occurs in all phases:Internet of Things (IoT) as Interconnection of Threats (IoT)  7  From sensors, RFID tags, or chips to DCs  From DCs to processing units  From processors to controllers, devices, or end users 1.2.5 Phase V: Delivery Delivery of processed data to things on time without errors or alteration is a sensitive task that must always be carried out. 1.3 Internet of Things as Interconnections of Threats (IoT vs. IoT) In the future, maybe around the year 2020 with IPv6 and the 5G network, mil- lions of heterogeneous things will be part of the IoT. Privacy and security will be the major factors of concern at that time. The IoT can be viewed in differ- ent dimensions by the different sections of academia and industry; whatever the viewpoint, the IoT has not yet reached maturity and is vulnerable to all sorts of threats and attacks. The prevention or recovery systems used in the traditional network and Internet cannot be used in the IoT due to its connectivity. Change is the only thing that is constant, and end users strive to develop technology to suit their needs. The evolution of threats has caused an increase in the security measures that need to be taken into consideration. This chapter presents security issues in three dimensions, based on phase, architecture, and components. Figures 1.3 through 1.6 show all possible types of attacks in these three different views, thus depicting the IoT as the Interconnection of Threats. 1.3.1 Phase attacks Figure 1.3 demonstrates the variety of attacks on the five phases of IoT. Data leakage, sovereignty, breach, and authentication are the major concerns in the data perception phase. Data leakage or breach Data leakage can be internal or external, intentional or unintentional, authorized or malicious, involving hardware or software. Export of unauthorized data or information to an unintended destination is data leakage. Generally, this is done by a dishonest or dissatisfied employee of an organization. Data leakage is a serious threat to reliability. As the cloud data move from one tenant to several other tenants of the cloud, there is a serious risk of data leakage. The severity of data leakage can be reduced by the use of DLP (data leakage prevention).8  Security and Privacy in Internet of Things (IoTs) Data Perception • Data leakage, data sovereignty, • Data breach, data authentication Storage • Attack on availability, access control, integrity • Denial of service, impersonation, modification of sensitive data Processing • Attack on authentication Transmission • Channel security , session hijack • Routing protocols, flooding Delivery end-to-end • Man or machine • Maker or hacker Figure 1.3: Attacks on phases. Application layer • Revealing sensitive data User authentication • Data destruction Intellectual property Transport layer • Denial of servie Distributed denial of service • Masquerade Man-in-the-middle • Cross heterogenous Network layer • Routing protocol • Address compromise Sensing/perception layer • External attack Link layer attack • Witch attack HELLO flooding • Worm hole and sewage pool Selective forwarding • Boradcast authentication and flooding Access control Figure 1.4: Possible attacks based on architecture. Data sovereignty Data sovereignty means that information stored in digital form is subject to the laws of the country. The IoT encompasses all things across the globe and is hence liable to sovereignty.Internet of Things (IoT) as Interconnection of Threats (IoT)  9 Data loss Data loss differs from data leakage in that the latter is a sort of revenge-taking activity on the employer or administrator. Data loss is losing the work acciden- tally due to hardware or software failure and natural disasters. Data authentication Data can be perceived from any device at any time. They can be forged by intrud- ers. It must be ensured that perceived data are received from intended or legiti- mate users only. Also, it is mandatory to verify that the data have not been altered during transit. Data authentication could provide integrity and originality. Attack on availability Availability is one of the primary securities for the intended clients. Distributed denial of service (DDoS) is an overload condition that is caused by a huge number of distributed attackers. But this not the only overload condition that makes the DCs unavailable to their intended clients. The varieties of overload threat occurrence that cause DCs to freeze at malicious traffic are analyzed here:  Flooding by attackers  Flooding by legitimates (flash crowd)  Flooding by spoofing  Flooding by aggressive legitimates Flooding by attackers DDoS is flooding of malicious or incompatible packets by attackers toward the DCs. This kind of overload threat can be easily detected by Matchboard Profiler. If the attacker characteristic is found, the user can be filtered at the firewall. Flooding by legitimates (flash crowd) Flash crowd is an overload condition caused by huge numbers of legitimate users requesting the DC resources simultaneously. This can be solved by buffering an excess number of requests so that this overload condition remains live only for a certain period of time. Flooding by spoofing attackers This is caused by impersonation which can be detected by acknowledging each request and by maintaining the sequence number of the requests and requesters’ Internet protocol (IP) address. www.allitebooks.com10  Security and Privacy in Internet of Things (IoTs) Flooding by aggressive legitimates Aggressive legitimates are users who are restless and repeatedly initiate similar requests within a short time span. This leads to an overload condition, where the legitimate users flood the server with requests that slow down the DC perfor- mance. These attacks are difficult to detect because of their legitimate charac- teristics. By analyzing the inter-arrival time between data packets as well as the values of the back-off timers, those attacks can be detected. Modification of sensitive data During transit from sensors, the data can be captured, modified, and forwarded to the intended node. Complete data need not be modified; part of the message is sufficient to fulfill the intention. Modification takes place in three ways: (1) content modification, in which part of the information has been altered; (2) sequence modification, in which the data delivery has been disordered, making the message meaningless; and (3) time modification, which could result in replay attack. For example, if an ECG report has been altered during a telemedicine diagno- sis, the patient may lose his or her life. Similarly, in road traffic, if the congestion or accident has not been notified to following traffic, it could result in another disaster. 1.3.2 Attacks as per architecture The IoT has not yet been confined to a particular architecture. Different vendors and applications adopt their own layers. In general, the IoT is assumed to have four layers: the lowest-level perception layer or sensing layer, the network layer, the transmission layer, and the application layer. Figure 1.4 depicts the layers and the possible threats to each layer. External attack In order to make full use of the benefits of the IoT, security issues need to be addressed first. Trustworthiness of the cloud service provider is the key concern. Organizations deliberately offload both sensitive and insensitive data to obtain the services. But they are unaware of the location where their data will be pro- cessed or stored. It is possible that the provider may share this information with others, or the provider itself may use it for malicious actions. Wormhole attack Wormhole attack is very popular in ad hoc networks. IoT connects both station- ary and dynamic objects, ranging from wristwatches and refrigerators to vehicles. The link that binds these objects is also heterogeneous, may be wired or wireless,Internet of Things (IoT) as Interconnection of Threats (IoT)  11 and depends on the geographical location. Here, the intruder need not compro- mise any hosts in the network. The intruder just captures the data, forwards them to another node, and retransmits them from that node. Wormhole attack is very strange and difficult to identify. Selective forwarding attack Malicious nodes choose the packets and drop them out; that is, they selectively filter certain packets and allow the rest. Dropped packets may carry necessary sensitive data for further processing. Sinkhole attack Sensors, which are left unattended in the network for long periods, are mainly susceptible to sinkhole attack. The compromised node attracts the information from all the surrounding nodes. Thereby, the intruder posts other attacks, such as selective forward, fabrication, and modification. Sewage pool attack In a sewage pool attack, the malicious user’s objective is to attract all the mes- sages of a selected region toward it and then interchange the base station node in order to make selective attacks less effective. Witch attack The malicious node takes advantage of failure of a legitimate node. When the legitimate node fails, the factual link takes a diversion through the malicious node for all its future communication, resulting in data loss. HELLO flood attacks In HELLO flood news attacks, every object will introduce itself with HELLO messages to all the neighbors that are reachable at its frequency level. A mali- cious node will cover a wide frequency area, and hence it becomes a neighbor to all the nodes in the network. Subsequently, this malicious node will also broad- cast a HELLO message to all it neighbors, affecting the availability. Flooding attacks cause nonavailability of resources to legitimate users by distributing a huge number of nonsense requests to a certain service. Addressing all things in IoT Spoofing the IP address of virtual machines (VMs) is another serious security challenge. Malicious users obtain the IP address of the VMs and implant mali- cious machines to attack the users of these VMs. This enables hacking, and the attackers can access users’ confidential data and use it for malicious purposes.12  Security and Privacy in Internet of Things (IoTs) Since the cloud provides on-demand service and supports multitenancy, it is also more prone to DDoS attack. As the attacker goes on flooding the target, the tar- get will invest more and more resources into processing the flood request. After a certain time, the provider will run out of resources and will be unable to ser- vice even legitimate users. Unless DLP agents are embedded in the cloud, due to multitenancy and the movement of data from users’ control into the cloud environment, the problem of data leakage will also exist. The Internet has been expanding since its inception, and with it, threats to users and service providers. Security has been a major aspect of the Internet. Many organizations provide services through the Internet that involve banking transactions, registrations, and so on. As a consequence, these websites need to be protected from malicious attacks. Distributed denial of service (DDoS) DDoS, an attack initiated and continued by some hundreds or even thousands of attackers, starts by populating unwanted traffic packets with enormous size in order to capture and completely deplete memory resources. At the same time, the traffic disallows legitimate requests from reaching the DC and also depletes the bandwidth of the DC. This eventually leads to unresponsiveness to legitimate requests. A denial of service (DoS) or DDoS attack can overwhelm the target’s resources, so that authorized users are unable to access the normal services of the cloud. This attack is a cause of failure of availability. Table 1.1 shows the various types of DDoS attacks, the tools used, and the year of origination. Flash crowd A flash crowd is basically a sudden increase in the overall traffic to any specific web page or website on the Internet and the sudden occurrence of any event that triggers that particular massive traffic of people accessing that web page or website. Less robust sites are unable to cope with the huge increase in traffic and become unavailable. Common causes of flash crowd are lack of sufficient data bandwidth, servers that fail to cope with the high number of requests, and traffic quotas. IP spoof attack Spoofing is a type of attack in which the attacker pretends to be someone else in order to gain access to restricted resources or steal information. This type of attack can take a variety of different forms; for instance, an attacker can imper- sonate the IP address of a legitimate user to get into their accounts. IP address spoofing, or IP spoofing, refers to the creation of IP packets with a forged source IP address, called spoofing, with the purpose of concealing the identity of the sender or impersonating another computing system.Internet of Things (IoT) as Interconnection of Threats (IoT)  13 Table 1.1 Origin of DDoS attacks DDoS Tool Possible Attacks Year Fapi UDP, TCP (SYN and ACK), and June 1998 ICMP floods Trinoo Distributed SYN DoS attack June 1999 Tribe Flood Network ICMP flood, SYN flood, UDP August 1999 (TFN) flood, and SMURF-style attacks Stacheldraht ICMP flood, SYN flood, UDP Late summer of flood, and SMURF attacks 1999 Shaft Packet flooding attacks November 1999 Mstream TCP ACK April 2000 Flood attacks Trinity UDP, fragment, SYN, RST, ACK, August 2000 and other flood attacks Tribe Flood Network UDP, TCP, and ICMP Teardrop December 2000 2K (TFN2K) and LAND attacks Ramen Uses back chaining model for January 2001 automatic propagation of attack Code Red and Code TCP SYN Attacks July and August Red II 2001 Knight SYN attacks, UDP flood attacks July 2001 Nimda Attacks through e-mail September 2001 attachments and SMB networking and backdoors attacks SQL slammer SQL code injection attack January 2003 DDOSIM (version TCP-based connection attacks November 2010 0.2) Loris Slowloris attack and its variants, June 2009 viz. Pyloris Qslowloris Attacks the websites, e.g., IRC June 2009 bots, botnets L4D2 Propagation attacks 2009 XerXeS WikiLeaks attacks, QR code 2010 attacks Saladin Webservers attacks, Tweet attacks November 2011 Apachekiller Apache server attacks, scripting August 2011 attacks Tor’s Hammer http POST attacks 2011 Anonymous LOIC — 2013 tool14  Security and Privacy in Internet of Things (IoTs) IP spoofing is most frequently used in DoS attacks. In such attacks, the goal is to flood the victim with overwhelming amounts of traffic, and the attacker does not care about receiving responses to the attack packets. They have additional advantages for this purpose—they are more difficult to filter, since each spoofed packet appears to come from a different address, and they hide the true source of the attack. There are three different types of spoof attacks: impersonation, hiding attack, and reflection attack. Congestion is a threat in any network if the number of incoming packets exceeds the maximum capacity. The factor that is affected at the time of congestion is throughput. Types of spoof attacks Among the several types of spoofing attacks, the following attacks are addressed, as they are launched on behalf of clients and destroy the DC’s resources. Type I, Hiding attack: Attackers simultaneously send a large number of spoofed packets with random IP address. This creates chaos at the DC regard- ing which specific packets should be processed as legitimate packets, shown in Figure 1.5. Type II, Reflection attack: Attackers send spoof packets with the source IP address of the victim to any unknown user. This causes unwanted responses to reach the victim from unknown users and increases the flood rate, shown in Figure 1.6. Type III, Impersonation attack: Attackers send spoof packets with the source IP address of any unknown legitimate user and acting as a legitimate user. This is equivalent to a man-in-the-middle attack. The spoof attacker receives requests from clients, spoofs IP, and forwards the requests to the DC, acting as a legitimate user. The responses of the DC are again processed intermediately and sent to the clients. This leads to confidentiality issues and data theft or loss at the DC, as shown in Figure 1.7. Striving to identify original source code Source: random destination: DC Data center Spoof attacker Client Figure 1.5: Hiding attack.Internet of Things (IoT) as Interconnection of Threats (IoT)  15 Source: DC Destination: client Spoof attacker Client Reply message: Source: Client Destination: DC Replies without prioir requisition Data center Figure 1.6: Reflection attack. Packets from clients Source: client destination: DC Data center Spoof attacker Client Figure 1.7: Impersonation attack. If a proper spoof detection mechanism is not in place, the DC could respond badly, leading to a partial shutdown of services.  In network-level DDoS, the attackers will try to send invalid requests with the aim of flooding the cloud service provider (CSP); for example, requests for a half-open connection.  In service-level DDoS, the attacker will be sending requests that seem to be legitimate. Their content will be similar to a request made by a legitimate user. Only their intention is malicious. Goodput Goodput is the application-level throughput, that is, the number of useful infor- mation bits, delivered by the network to a certain destination, per unit of time.16  Security and Privacy in Internet of Things (IoTs) The amount of data considered excludes protocol overhead bits as well as retrans- mitted data packets. The goodput is a ratio between the amount of information delivered and the total delivery time. This delivery time includes interpacket time gaps, overhead in transmission delay, packet queuing delay, packet retransmis- sion time, delayed acknowledge, and processing delay. Data centers (DCs) A DC is a centralized repository, either physical or virtual, for the storage, man- agement, and dissemination of data and information organized around a particu- lar body of knowledge or pertaining to a particular business. A DC is a facility used to house computer systems and associated compo- nents and huge storage systems. The main purpose of a DC is to run the appli- cations that handle the core business and operational data of the organization. Such systems may be proprietary and developed in house by the organization, or bought from enterprise software vendors. Often, these applications will be com- posed of multiple hosts, each running a single component. Common components of such applications are databases, file servers, application servers, middleware, and various others. Botnet A botnet is a collection of Internet-connected computers whose security defenses have been breached and control ceded to a malicious party. Each such compromised device, known as a “bot,” is created when a computer is penetrated by software from a malware distribution, otherwise known as malicious soft- ware. The controller of a botnet is able to direct the activities of these compro- mised computers through communication channels formed by standards-based network protocols such as Internet Relay Chat (IRC) and hypertext transfer pro- tocol (http). In DDoS attacks, multiple systems submit as many requests as possible to a single Internet computer or service, overloading it and preventing it from ser- vicing legitimate requests. An example is an attack on a victim’s phone number. The victim is bombarded with phone calls by the bots, attempting to connect to the Internet. Confidentiality All the clients’ data are to be transacted in a network channel with greater visi- bility regarding assurance for the intended clients that data are tamperproof. Physical security Hardware involved in serving clients must be continuously audited with a safe checkpoint for the sake of hysteresis identification of threats.Internet of Things (IoT) as Interconnection of Threats (IoT)  17 Software security Corruption or modification of application software by threats could affect several clients who depend on that particular application programming interface (API) and related software interfaces. Network security Bandwidth attacks such as DoS and DDoS can cause severe congestion the net- work and also affect normal operations, resulting in communication failure. Legal service-level agreement (SLA) issues SLAs between customer and service provider must satisfy legal requirement, as the cyber laws vary for different countries. Incompatibilities may lead to compli- ance issues. Eavesdropping Eavesdropping is an interception of network traffic to gain unauthorized access. It can result in failure of confidentiality. The man in the middle attack is also a category of eavesdropping. The attack sets up a connection with both victims involved in a conversation, making them believe that they are talking directly but infecting the conversation between them. Replay attack The attacker intercepts and saves old messages and then sends them later as one of the participants to gain access to unauthorized resources. Back door The attacker gains access to the network through bypassing the control mech- anisms using a “back door,” such as a modem and asynchronous external connection. Sybil attack Impersonation is a threat in which a malicious node modifies the data flow route and lures the nodes to wrong positions. In Sybil attack, a malicious user pretends to be a distinct user after acquiring multiple identities and tries to create a rela- tionship with an honest user. If the malicious user is successful in compromising one of the honest users, the attacker gains unauthorized privileges that help in the attacking process.18  Security and Privacy in Internet of Things (IoTs) Byzantine failure Byzantine failure is a malicious activity that compromises a server or a set of servers to degrade the performance of the cloud. Data protection Data Protection It is difficult for the cloud customer to efficiently check the behavior of the cloud supplier, and as a result, the customer is confident that data is handled in a legal way. But practically, various data transformations intensify the job of data protection. Incomplete data deletion Incomplete Data Deletion Accurate data deletion is not possible, because copies of data are stored in the nearest replica but are not available. 1.3.3 Attacks based on components The IoT connects “everything” through the Internet. These things are heteroge- neous in nature, communicating sensitive data over a distance. Apart from atten- uation, theft, loss, breach, and disaster, data can also be fabricated and modified by compromised sensors. Figure 1.8 shows the possible types of attacks at the component level. Verification of the end user at the entry level is mandatory; distinguish- ing between humans and machines is extremely important. Different types of Completely Automated Public Turing test to tell Computers and Humans PC, PDA, mobile phone, Revealing private sensitive information sensors, controllers, Duplicated SIM / UIM Terminals gateways, and Virus, worms, trapdoors communication devices Data center, local Fabrication, modification, disclosure Storage storage space Impersonation, Intrusion Man, machine End user compromise Figure 1.8: Possible attacks based on components.Internet of Things (IoT) as Interconnection of Threats (IoT)  19 Lot?? Cloud Web Gopher WAIS Telnet E-mail FTP 1970 1975 1980 1985 1990 1995 2000 2005 2010 2020 Figure 1.9: Growth of IoT. (Courtesy of Forrester.) Apart (CAPTCHA) help in this fundamental discrimination. With its exponential growth, the IoT will soon dominate the IT industry, as shown in Figure 1.9. Bibliography 1 Chuankun, Wu. A preliminary investigation on the security architecture of the Internet of Things. Strategy and Policy Decision Research, 2010, 25(4): 411–419. 2 Goldman Sachs. IoT Primer, The Internet of Things: Making Sense of the Next Mega-Trend. September 3, 2014. 3 International Telecommunication Union. ITU Internet reports 2005: The Internet of Things. 2005. 4 Ibrahim Mashal, Osama Alsaryrah, Tein-Yaw Chung, Cheng-Zen Yang, Wen-Hsing Kuo, Dharma P. Agrawal. Choices for interaction with things on internet and underlying issues. Ad Hoc Networks, 2015, 28: 68–90. 5 Jeyanthi, N., N.Ch.S.N. Iyengar. Escape-on-sight: An efficient and scalable mechanism for escaping DDoS attacks in cloud computing environment. Cybernetics and Information Technologies, 2013, 13(1): 46–60. 6 Kang Kai, Pang Zhi-bo, Wang Cong. Security and privacy mechanism for health Internet of Things. The Journal of China Universities of Posts and Telecommunications, 2013, 20(Suppl. 2): 64–68. Internet users20  Security and Privacy in Internet of Things (IoTs) 7 Kim Thuat Nguyen, Maryline Laurent, Nouha Oualha. Survey on secure communication protocols for the Internet of Things. Ad Hoc Networks, 2015, 32: 17–31. 8 Lan Li. Study on security architecture in the Internet of Things. Measure- ment, International Conference on Information and Control (MIC), 2012, pp. 374–377. 9 Peng, Xi, Zheng Wu, Debao Xiao, Yang Yu. Study on security manage- ment architecture for sensor network based on intrusion detection. 2009 International Conference on Networks Security, Wireless Communications and Trusted Computing, IEEE, New York. 10 Prabadevi, B., N. Jeyanthi. Distributed denial of service attacks and its effects on cloud environment: A survey. The 2014 International Symposium on Networks, Computer and Communications, June 17–19, 2014, Ham- mamet, Tunisia, IEEE. 11 Qazi Mamoon Ashraf, Mohamed Hadi Habaebi. Autonomic schemes for threat mitigation in Internet of Things. Journal of Network and Computer Applications, 2015, 49: 112–127. 12 Qinglin, Cao. Review of research on the Internet of Things. Software Guide, 2010, 9(5): 6–7. 13 Rodrigo Roman, Jianying Zhou, Javier Lopez. On the features and chal- lenges of security and privacy in distributed Internet of Things. Computer Networks, 2013, 57: 2266–2279. 14 Rolf H. Weber. Internet of Things—New security and privacy challenges. Computer Law and Security Review, 2010, 26: 23–30. 15 Sicari, S., Rizzardi, A., Grieco, L.A., Coen-Porisini, A. Security, privacy and trust in Internet of Things: The road ahead. Computer Networks, 2015, 76: 146–164. 16 Wang, Y.F., Lin, W.M., Zhang, T., Ma, Y.Y. Research on application and security protection of Internet of Things in smart grid, Information IET International Conference on Science and Control Engineering 2012 (ICISCE 2012), 2012, pp. 1–5, Shenzhen, China. 17 Xingmei, Xu, Zhou Jing, Wang He. Research on the basic characteristics, the key technologies, the network architecture and security problems of the Internet of Things. 3rd International Conference on Computer Science and Network Technology (ICCSNT), 2013, pp. 825–828.Internet of Things (IoT) as Interconnection of Threats (IoT)  21 18 Yang Guang, Geng Guining, Du Jing, Liu Zhaohui, Han He. Security threats and measures for the Internet of Things. Tsinghua University (Sci- ence and Technology), 2011, 51(10): 19–25. 19 Yang Yongzhi, Gao Jianhua. A study on the “Internet of Things” and its scientific development in China. China’s Circulation Economy, 2010, 2: 46–49. 20 Yang Geng, Xu Jian, Chen Wei, Qi Zheng-hua, Wang Hai-yong. Security characteristic and technology in the Internet of Things. Journal of Nan- jing University of Posts and Telecommunications (Natural Science), 2010, 30(4): 21–28. 21 Zhang Fu-Sheng. Internet of Things: Open a New Life of Intelligent Era. ShanXi People’s Publishing House. 2010, pp. 175–184.

Advise: Why You Wasting Money in Costly SEO Tools, Use World's Best Free SEO Tool Ubersuggest.