Xem mẫu
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
INTERNET OF THINGS– TYPICAL ATTACKS AND COUNTERMEASURES
(VẠN VẬT KẾT NỐI INTERNET IoT – NHỮNG VỤ TẤN CÔNG TIÊU BIỂU
VÀ BIỆN PHÁP PHÒNG CHỐNG)
PhD. Nguyen Tran Hung
Department of Economic Information System and Electronic Commerce
Thuong Mai University
ABSTRACT
Internet security has been the subject of much debate over the past decade. Nowadays
every industry and every business sector is aware of the importance of cybersecurity,
however, the effects of the 4.0 revolution have raised issues of security and secure Internet
connection. At the present time, the world is at the beginning of the fourth industrial
revolution, one of its most prominent applications, the Internet of Things, which has shown a
strong impact on all areas and the edge of life. The core of Internet of Things is the idea of
using cyberspace as a means to improve performance, productivity, and customization of
things. Through this, data is collected and transmitted from various things, such as production
line equipment, sensors in the product at the customer base, sales data and more. This intense
and continuous impact of Internet of Things has expanded the complexity of data security and
information as things connect in the future.
In an effort to shed light on the development of security on the Internet when the trend
of typical application of the 4.0 Industrial Revolution is the Internet of Things developing
robust, this article tries to identify risks in a connected business. The main purpose of this
article is to show that the emergence of Internet of Things will reduce the gap between
existing security and security. Based on that, the paper proposes some practical solutions to
ensure Internet security for data transmission when things are connected.
TÓM LƢỢC
An ninh trên mạng Internet đã trở thành chủ đề của nhiều cuộc tranh luận trong thập
kỷ qua. Mặc dù đến nay, mọi ngành và mọi lĩnh vực kinh doanh đều có sự nhận thức về tầm
quan trọng của an ninh mạng, tuy nhiên những tác động của cách mạng công nghiệp 4.0 lại
làm nảy sinh nhiều vấn đề về đảm bảo an ninh, an toàn mạng kết nối Internet. Trong thời
điểm hiện tại, thế giới đang ở tiếp cận ban đầu của cuộc cách mạng công nghiệp lần thứ tư mà
một trong những ứng dụng tiêu biểu của nó là Internet of Things đã và đang thể hiện tác động
mạnh mẽ tới mọi lĩnh vực và góc cạnh của cuộc sống. Nội dung cốt lõi của Internet of Things
chính là ý tưởng sử dụng không gian mạng kết nối Internet như là phương tiện để nâng cao
hiệu quả hoạt động, năng suất và tuỳ biến với vạn vật. Thông qua đó, dữ liệu được thu thập và
truyền tải từ vạn vật khác nhau, chẳng hạn từ các thiết bị trên dây chuyền sản xuất, cảm biến
trong sản phẩm tại các cơ sở khách hàng, dữ liệu bán hàng và nhiều hơn nữa. Sự tác động
mạnh mẽ và liên tục này của Internet of Things đã mở rộng các yêu cầu phức tạp về an ninh
dữ liệu và thông tin khi vạn vật kết nối trong tương lai.
Trong một nỗ lực nhằm làm sáng tỏ về sự phát triển của an ninh trên mạng Internet khi
xu hướng ứng dụng tiêu biểu của cách mạng công nghiệp 4.0 là Internet of Things phát triển
mạnh mẽ, bài viết này cố gắng xác định các nguy cơ bảo mật trong một doanh nghiệp được
kết nối. Mục đích chính của bài báo này là để cho thấy sự xuất hiện của Internet of Things sẽ
làm giảm khoảng cách giữa an toàn và an ninh hiện đang tồn tại. Trên cơ sở đó, bài báo đề
xuất một số giải pháp có ý nghĩa thực tiễn để đảm bảo an ninh mạng Internet cho dữ liệu
truyền tải khi vạn vật được kết nối.
645
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
Key words: Internet of Things; internet security; secure Internet; secure Internet
connection; 4.0 Industrial revolution; issue of security.
Từ khóa: An ninh mạng; vạn vật kết nối; bảo mật Internet; an ninh trên mạng
Internet; cách mạng công nghiệp lần thứ tư; nguy cơ bảo mật.
1. INTRODUCTION
Industrial revolutions are the events of an era in global history. The 18th-century
steam-energy invention marks the beginning of the first revolution with machinery
applications in the manufacturing process. The second industrial revolution witnessed the
emergence of mass production by electric power and automation lines. With the third industry
revolution marking the beginning of the electronic information age, the popularity of
computers and the Internet has affected every aspect of life and business. While the fourth
industry revolution is a broad framework for the future, the trend of Internet of Things makes
the approach and application of the revolutionary 4.0 become more comprehensive, easier to
understand and reveals the version. Substantial changes in technology affect the business
activities of every business in the world.
The enormous trends driven by Internet of Things are primarily related to the
collection and transmission of data from the Internet to the Internet, thereby increasing the
volume of data, enhancing the ability to analyze and process data. Diversified data, improved
connectivity and communication between the digital and physical environment. Organizations
that find meaning in these rich data sources will gain competitive advantage. But collecting
detailed information means filtering out unnecessary information to obtain useful information
and protecting the security and privacy of information, ensuring information security is not
being accused of cards, blocking, theft or alteration by third parties.
2. CONCEPTS AND PROCESS OF NETWORKING – PHYSICS OF
INTERNET OF THINGS
a. Concepts of Internet of Things
According to the International Telecommunication Union (ITU) (2015), the Internet of
Things (IoT) is a network of physical devices, vehicles and other embedded electronic
gadgets with software, sensors and actuators. And networking allows these objects to collect
and exchange data. Each item is uniquely identified through its embedded computer system
but can interact in the existing Internet infrastructure. Experts estimate that IoT will cover
about 30 billion objects by 2020[4].
According to Kelvin Ashton (2009), Internet of Things (IoT) is a system of
interrelated computing devices, mechanical and digital machines, objects , animals or people
are provided with unique identifiers and the ability to transmit data over the network without
the need for interaction between the person and the computer[1].
Although accessible in a variety of ways, most views agree that IoT allows objects to
be sensed or controlled remotely through existing network infrastructures. It aims to further
integrate the physical world into computer systems and, as a result, improve efficiency,
accuracy and economic benefits in addition to reducing human intervention. As the IoT is
enhanced with sensors and actuators, the technology will become an example of common
cyberspace physics, including technologies such as smart grids, virtual power plants, smart
homes, smart traffic and smart cities.
Internet of Things can include a variety of devices such as heart transplants, biochip
chips on farm animals, wildlife feed cameras in coastal waters, umbrellas Built-in sensors,
DNA analyzers for environmental / feed / pathogens monitoring, or field operators support
firefighters in search and rescue operations. Rescue. Scholars around the world have
suggested the connection of the universe as an "inseparable mixture of hardware, software,
data, and services."[5]
646
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
These devices collect useful data with the help of various existing technologies and
then automatically circulate data among other devices. Examples of current markets include
home automation (also known as smart home appliances) such as control and automation of
lighting, heating, ventilation, air conditioning gas and household appliances such as washing
machines, air purifiers, ovens, fridges / freezers with Wi-Fi for remote monitoring.
b. Process of Networking – Physics of Internet of Things
The Industrial Internet Consortium (IIC) is an organization based on a combination of
government, academia and the industry. IIC was originally formed by leading market players
such as AT & T, Cisco Systems, General Electric, IBM and Intel. IIC now includes more than
200 leading institutions and research institutions around the world, including countries such as
India, China and Germany. These organizations focus specifically on promoting Internet of
Things by identifying potential applications and data security issues in the industry through
three key areas: technology, data collection and security.
According to IIC, the process of connecting the digital networking environment to the
physical environment of Internet of Things involves three steps:
+ Step 1: Collecting digital records includes digitizing physical products and
processing data through sensors. These sensors are attached to specific assets or objects and
can identify and capture data while imitating human senses. The technology that allows this
combination is called sensor feedback, which promotes a microcontroller to combine
individual packets from different sensors. This gives an overview of the data collected.
Figure 1: Process of Networking – Physics of Internet of Things
(Source:[3 ])
+ Step 2: Analysis & Visualization involves the application of analytical capabilities
to raw data collected from sensors, supported using various data visualization tools and
analysis tools. The infrastructure for this capability provided by the cloud can help store large
amounts of data collected and serve as a platform on which this data can be processed.
+ Step 3: Transfering insights which based on collected data into action. Detailed
action information involves the application of derived knowledge to automate decision
making, resulting in tangible performance or action in the physical environment.
With the Internet-of-Things connection process, the expansion of the scope of data
analysis would involve building appropriate capacity for the storage infrastructure. Data in
many ways will be a prerequisite for performance in the Internet of Things operating
environment, and all enterprise and individual user decisions will be motivated by time-based
647
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
data in real time. In such a scenario, the security and security of the data infrastructure posed
to business enterprises, regulators, and consumers alike should be addressed.
3. OUTSTANDING INTERNET ATTACKS IN THE INTERNET OF THINGS
As we have seen, the impact of Internet of Things offers tremendous opportunities for
end users to gain greater value in everyday operations. At the same time, the nature of the
interactions and decision-making process is based on data that has made Internet of Things on
new challenges, particularly cyber-security. Expanding the connectivity of the Internet to the
environment makes IT systems vulnerable to cyber attacks by new forms of attack. Many
processes in a connected environment can be manually intercepted. This is an important
reason why the Internet of Things emphasizes the need for physical security.
In addition, many of the IT security tools that are created to operate in the enterprise
layer may not necessarily work well in an environment where everything is connected to the
Internet. Such unforeseen circumstances could result in the suspension of the Internet of
Things, resulting in disruption of the process, loss of data and financial loss.
In fact, attacks on the Internet are becoming more complex and capable of creating
large-scale losses as attackers become more aggressive with new attack techniques. Figure 2
provides a list of the most prominent network attacks that systems have encountered since
2000.
As shown in Figure 2, we can list a number of well-known network attacks based on
wireless IP connections to devices that do not have control or weak control of the enterprise.
Specifically:
Figure 2: Time table of Internet attacks on systems
(Source:[2])
+ Stuxnet: One of the most notorious attacks is Stuxnet at an Iranian nuclear facility
in 2010. While the Stuxnet event is considered an important warning bell, there is a need for
understanding. More technical to understand the overall risk. The Stuxnet attack targeting
Iran's uranium enrichment facilities is a clear warning of the potential risk that may be due to
the attacks. network. Power sector is not without the usual attacks like Ransomware locking
system or Trojans stealing financial information. For example, in 2013, a US fuel distribution
company was financially stealing $800 million. Every business in any industry or business
648
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
has its own risks, but an attack on the energy industry can be particularly serious and costly.
Globally, the cost of a cyberattack in the energy sector is second only to attacks on financial
services.
+ Attack on the Ukrainian power grid: Another case is the attack on the Ukrainian
grid, December 2015 and December 2016. The attack on the Ukrainian power grid caused a
major disruption, affecting a large number of consumers in Western Ukraine. An organized
attack was made for the purpose of creating maximum disruption. Malicious software was
used to target the power supply network and use some penetration techniques such as online
fraud, software documentation containing malicious software, and BlackEnergy. The security
flaws have emerged from the availability of internal company information online and failed to
implement two-step authentication frameworks on its VPN. Although the power returned
within a few hours, the destructive programs destroyed a lot of valuable data. Exactly one
year later, in December 2016, the Ukrainian grid was once again suspected of being attacked,
leaving the entire city of Kiev in the dark. The attack was suspected due to external
interference through the data network.
+ Attacks Niche Pharmaceutical Company: One of the most well-known data theft
cases was made at Niche Pharmaceutical Company in 2015. A large pharmaceutical company
containing a database of over 50,000 customers were harmed by a hacker requesting a ransom
and threatening to sell data on a common forum to the highest bidder. Online attack
techniques like SQL injection have been used to perform this attack. The compromised data
includes details such as customer's personal information and DEA number. The failure to
apply appropriate encryption techniques was found to be one of the main reasons behind this
attack. So it is not surprising that pharmaceuticals are in the top 3 industries vulnerable to
online attacks. Electronic attacks on the pharmaceutical industry have grown faster than other
industries. In Frost & Sullivan's study, more than two thirds of the pharmaceutical industry
was severely affected, while the rest had at least one attack on the Internet.
However, the wireless network threats in a pharmaceutical enterprise come from
within the enterprise rather than from the external threats. More than twenty percent of IP
burglars have internal corporate records and are not external hackers. Due to opportunism,
revenge, greed or competitive advantage, people in the exploitation of their position to gain
access to the company's digital assets. Organizations should actively do their part in securing
digital assets. This can be achieved to a certain extent by educating staff about security and
other protocols and ensuring a convenient way for staff to report suspicion. Manufacturers
will need to ensure adequate protection of proprietary information and regularly monitor
computer networks for suspicious activity. Companies must also ensure access to security
measures, tools and frameworks for their employees, and ensure that access to corporate and
network data is revoked against any employee.
In many ways, the Stuxnet event, the Ukrainian Powerhouse, the Niche Pharmacy is a
wake-up call for an upcoming industrial demand that requires industry recognition and
planned investment. This gaining greater significance with the increasing complexity and
intensity of cyber attacks is expected in the future. Figure 3 shows how cyber attacks have
evolved over the years and what the industry is likely to see in the coming years.
649
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
Figure 3: The evolution of telephone attacks
(Source: [2])
Whether they are smartphone plants or refineries, businesses involve a myriad of
equipment, systems, assets, and human resources. Traditionally, networking between devices
and systems has been achieved through proprietary protocols. The proprietary nature of these
protocols makes them isolated and inaccessible to any outside intrusion. The nature of
protection against this cyber attack began to dwindle as businesses grew to new heights of
Internet of Things and applications in business production via IP (Internet Protocol)
connections connected to all devices, products in the business. For example, accepting IP-
based connections between devices in the enterprise with the core system has increased
security risks, a fact that has been ignored until now. Other developments of the Internet of
Things continue to expand the security risk is the increasing use of processors in the
enterprise. This has made the enterprise's core control system the most vulnerable asset for
attacks in the world of things that are naturally connected to the Internet. The uncontrolled
nature of this expansion has made it possible for third-party intrusion via the Internet to be
easily implemented across different layers of the enterprise. Some examples of devices within
the enterprises that have security and security risks are PLCs, supervisory control and control
(SCADA). data acquisition, distributed control systems (DCSs) and intelligent electronic
devices (IEDs). With weak control connections, they can be a bridge for hackers to cause
problems such as denial of access to systems (DDoS attacks), loss or manipulation of data on
large scale, which results in negative impacts on the environment and defective systems. All
of these breaches of confidentiality may result in loss of control over business operations,
which can lead to loss of revenue and damage to the brand reputation of the business.
4. BASIC SECURITY SOLUTIONS IN THE INTERNET OF THINGS
650
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
Many current security solutions in the IT world are not built to handle the complexity
of an Internet of Things environment. Thus, information security and data networks have been
identified as one of the top concerns in the field of business production - the sector has seen
an increase in the number of attacks on the global network.
Before applying the basic security solutions in the Internet of Things, for any network
in a business or factory, it is imperative that businesses understand the security layers.
Different approaches need to be applied to fully protect their production and business
activities. Here, the method "Defense in Depth" or "Castle Approach" is the method given by
the IIC. The "Defense in Depth" philosophy aims to secure many aspects of a business or
organization, including: personnel, procedures, technology and the physical. Different
security control layers include: Level of Government policy and security frameworks;
Physical levels; Level of Network; System level; Application and data layers as shown in
Figure 4 below.
Figure 4: Enterprise security layers in IoT
(Source: [2])
The application of in-depth protection involves a sequential and conditional approach.
Different levels of security acceptance include the following:
a. Security measures at the administrative level
These include laws, regulations, policies, rules, and guidelines governing the
organization's information security practices. Manufacturers who want to adopt online
security need to have a better understanding of the network security laws and frameworks that
protect specific area where the organization is located.
Common misconceptions about network security include:
+ It will not happen to me.
+ Antivirus and firewall is enough.
+ Not all endpoints need to be protected.
+ Endpoint security can not provide.
The Department of Homeland Security (DHS) emphasized on IoT security: When
some devices are connected to malicious code with increasing rely on national critical
infrastructure, ensuring that these systems are appropriate. It is a top priority. Manufacturers
can apply these principles as they design, manufacture and use interconnected systems. These
651
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
guidelines are important to help businesses make security decisions. The main high-level
principles defined by DHS include:
+ Combining security at the design stage: With the intention to maximize profits in a
shorter time, manufacturers fail to secure their systems and processes. This leaves room for
hackers to manipulate information in the network. The guidelines are set by DHS but instruct
manufacturers to incorporate these principles into network security right from the design
stage.
+ Activation of security updates and vulnerability management: The old industrial
machines are vulnerable to attack. These vulnerabilities can be solved by fixing
vulnerabilities, providing security updates, and managing vulnerabilities.
+ Using the best proven security practices: Proven and proven security best practices
can be a starting point for implementing effective security measures in Internet of Things.
+ Prioritized security by impact: The risks arising from network threats and
corresponding access measures vary with the types of objects that are connected to the
Internet. These security measures should be prioritized based on the magnitude and nature of
potential impact.
+ Enhancing transparency: Increasing transparency and visibility in plant processes
can help determine where and how to implement security measures.
+ Careful consideration of connectivity: Industrial enterprises should thoroughly
analyze their business practices and understand whether there is a need for continuous
connectivity when considering the risks associated with connectivity.
b. Security solutions at the grassroots level (physical)
Safeguards at the grassroots level can help companies build and maintain a positive
reputation with their customers. Improving enterprise security also means improving
productivity because it helps prevent unwanted theft or loss of data. This in turn can help
expand business opportunities. At all times, businesses must ensure that the material aspects
of the facilities include identifying and monitoring individuals in and out of the business.
Businesses also need to track the movement of assets, equipment in the enterprise and supply
chain, controlling access to sensitive areas in the enterprise. They also need to be constantly
alerted by optimizing response times with potential threats and alerts.
c. Security measures at the technical level
This includes the technological components of a network security system that
helps protect connected assets. Many IT security providers provide end-to-end protection
solutions, but not all provide comprehensive security for endpoints and the Internet of Things.
For end users, any attack on the Internet of Things network can cause business losses and a
loss of credibility. The growing complexity and intensity of wireless network attacks are
driving demand not only to prevent a possible attack, but also to anticipate and prepare for
future scenarios. It can happen if a real attack takes place.
5. CONCLUSION
Industrial Revolution 4.0 brings many new technology trends, such as the Internet of
Things, requiring a more rigorous approach to information security issues and attacks from
wireless connection environment through objects or devices. The connection between devices,
assets, processes, and people has made the boundaries between the internal and external
network lighter and more favorable for attackers to attack the system - the core of a business
or an organization. Ensuring Internet security in an increasingly complex environment has
become an inevitable strategic need for end users in all sectors and business areas. In order to
establish solutions in a holistic way, the all-power approach has been presented in a secure
order that ensures the security of the layers with different aspects that the enterprise needs to
652
- TRƯỜNG ĐẠI HỌC HẢI PHÒNG
establish in operating environment to minimize the disadvantages and maximize the
advantages of the trend of Internet connection.
REFERENCE
[1]. K. Ashton (2009), “That „Internet of Things‟ thing”, Retrieved 9 May 2017.
[2]. Frost & Sullivan (2017), Cyber Security in the era of Industrial IOT, A Frost &
Sullivan White Paper.
[3]. HBR (2014), "Internet of Things: Science Fiction or Business
Fact?" (PDF). Harvard Business Review. November 2014 Retrieved 23 October 2016.
[4]. ITU (2015), Internet of Things Global Standards Initiative, ITU Retrieved 26
June 2015.
[5]. T. Lindner(13July2015), "The Supply Chain: Changing at the Speed of
Technology", Connected World, Retrieved 18 September 2015.
[6]. F. Mattern & C. Floerkemeier (2016), "From the Internet of Computers to the
Internet of Things" (PDF), ETH Zurich, Retrieved 23 October 2016.
[7]. A. Nordrum (18 August 2016). Popular Internet of Things Forecast of 50 Billion
Devices by 2020 Is Outdated, IEEE Spectrum.
[8]. G. Santucci (2016), "The Internet of Things: Between the Revolution of the
Internet and the Metamorphosis of Objects" (PDF). European Commission Community
Research and Development Information Service, Retrieved 23 October 2016.
[9]. O. Vermesan & P. Friess (2013), “Internet of Things: Converging Technologies
for Smart Environments and Integrated Ecosystems” (PDF). Aalborg, Denmark: River
Publishers. ISBN 978-87-92982-96-4.
[10]. I. Wigmore (June 2014). "Internet of Things (IoT)", TechTarget, June 2014.
[11]. http://www.iiconsortium.org/members.htm
653
nguon tai.lieu . vn