Cybersecurity and Web of Things: A review on Ad hoc issues

Abstract

Cyber Security is employed for shielding knowledge systems like networks, computers, databases, information centers, and applications with acceptable procedural and technical security measures. As most of the issues pop up the thoughts, ‘cyber-crimes’ can mix colossally daily. Crime is rising as a grave threat in today’s world. It’s an aggressive space of crime. As the number of web users has grown, so has offense. For example, the current Covid-19 pandemic has had a notable consequence for organizations and establishments, resulting in security vulnerabilities; as a result, network security is becoming progressively diverse and complex, and as a matter of fact, completely different ways are being devised to exploit it. Network engineers got to sustain with recent advances in each hardware and software package field to forestall them from being employed, together with user information. Historically, solely mobile computers and phones were connected to the internet; however, with the advancement of technology, other items such as security cameras, microwaves, automobiles, and industrial machinery are all now connected to the internet. The web of stuff is the term given to this network of interconnected things. Prime Securities for the Web of Things are involved[1]. This paper gives detailed information on cyber security and crime as little more than a result. It addresses forms of cyber security, the need for cyber security, issues regarding cyber security, benefits and drawbacks, criminal background, and criminal offenses.

Introduction

I. PURPOSE

The article includes information on Cyber Security, Threats, and Malicious Practices that arise. In its subsections, it covers data regarding different matters. The paper identifies cybersecurity tendencies and the roles of social networking sites in cybersecurity. The article presents some essential information and solutions linked to the Web of Things.

Over the last 10-12 decades, cybersecurity is becoming a prominent concern in the IT industry. In the meantime, everybody here is struggling with a slew of cyber threats, whether through hacking or other techniques since hackers are snatching crucial information from the government and certain enterprise enterprises. People were worried because the cybersecurity attack could trigger everything, including mass fraud, to coerce large corporations. Many distinct types of cyber-crimes arise, but everyone should be aware of scammers. There are many measures and tools which may implement to avoid cyber-crimes. Getting hacked entails not just losing essential documents but also losing commercial relationships. (May 2017 WannaCry ransomware assault)

II. INTRODUCTION

Amongst the most promising technologies of the twentieth century that has influenced everyday lives, an individual can now receive and send any information over the internet. Currently, the internet has subdivided all obstacles, revolutionizing ways we communicate, play online games, work, shop, make friends, listen to music, watch movies, order cuisine, pay bills, and greet pals on special occasions such as birthdays and anniversaries. Anything you might think of, we've got an app for it. It has made life a lot easier by making things increasingly comfortable. We no longer wait in enormous lines to pay our phone and energy bills. We can now pay it with the click of a button from the safety within our own home or workplace. Innovation has progressed to the point that we no more need a computer to access the web. Humans now have internet-enabled smartphones, laptop computers, and other systems that allow us to stay connected to our friends, family, and office 24 hours a day. Not only has the web made it more convenient, but it has also rendered many commodities more affordable to the middle class. This wasn't long ago that the eyes on the pulse monitor were smitten while making an ISD or perhaps an STD communication. Then comes Cybersecurity in the show, where Security plays a significant role. Cyber Security is the practice of protecting systems, networks, and programs from Digital Attacks[2].

Cyber Security is a methodology for safeguarding data systems from intrusions with the intent of embezzling cash, confidential info, infrastructure components (e.g., cryptocurrency jack, botnets), and a multitude of other disgusting things.

III. WHAT IS CYBER SECURITY?

The practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks is known as cyber security. It's also referred to as information technology security or electronic data security[3].

The measures are designed to combat threats against networked systems and applications, whether those threats originate from inside or outside of an organization.  In 2020, the worldwide average cost of cybercrime was $ 3.86 million, with the US costing $ 8.64 million. These charges have included the expenses of identifying and responding to the intrusion, the cost of downtime and lost revenue, and the long-term reputational damage to a company and its brand. Clients' individually identifiable information (PII) - names, addresses, national id numbers (e.g., Social Security numbers in the United States, fiscal codes in Italy), credit card information - is tailored by cybercriminals, who instead sell these records in underground digital marketplaces. Trustworthiness is frequently damaged as a result of breached PII, regulatory intervention, and even legal action. The sophistication of surveillance systems, driven by fragmented technologies and a paucity of in-house competence, can exacerbate these expenses. However, institutions with a robust cybersecurity strategic approach that is steered by guiding principles and done automatically through the use of analysis tools, artificial intelligence (AI), and deep learning can counteract cybersecurity threats more efficiently and avoid the entire life cycle and influence of transgressions when they eventuate [4].

As an outcome, Cybersecurity is extremely crucial because it encapsulates everything about safeguarding our sensitive data, personal identifying information (PII), personal health information (PHI), private information, intellectual property, data, and budgetary as well as economic technology infrastructure from physical loss or damage attempted by felons and antagonists.

A. Threats

1. Malicious Software: Malware is an anagram for "Malicious Software," the substance remains the same. Malicious software alludes to any malicious application that causes harm to a computer system or network. Malicious Malware Software attacks a computer system or a network under the guise of viruses, worms, Trojan horses, spyware, adware, or keyloggers.
2. VIRUS: A virus is a computer program that really can damage our equipment and information by infiltrating them and rendering them ineffective. When viral software is executed, it replicates itself by modifying other computer software and injecting its coding. This code attacks a file or app, and if it spreads extensively, this could trigger the gadget to collapse.
3. Worms: A computer virus is malicious software that multiplies on its own and attacks neighboring computers, simultaneously keeping active on infected systems. A computer worm duplicates itself to trick unprotected systems. It frequently manages this by using aspects of an operating system that are autonomous and undetectable by the user. Worms are often discovered only when their uncontrolled proliferation demands system resources, impeding or interrupting other actions. A computer worm is not just about a WORM (write once, read many).
4. Denial of Service (DoS): A denial of service (DoS) attack is a cyber-attack that overwhelms a computer system or network, preventing processing requests. A decentralized denial of service (DDoS) assault has the same impact as a centralized denial of service (DoS) attack, except the attack begins on a computer system. Malicious hackers frequently utilize a flood attack to disrupt the "gesture" procedure and carry out a DoS. Some threat actors may take advantage of the period that a network is offline to launch new attacks. A botnet is a type of DDoS in which millions of devices are infected with malware and controlled by a hacker, according to Jeff Melnick of Netwrix, an information technology security firm. Botnets, also known as zombie systems, are designed to target and overpower processing capabilities. Botnets are challenging to track down and can be found on various websites.
5. Emolet: Emotet is described by the Cybersecurity and Infrastructure Security Agency (CISA) as "an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans." Emotet remains among the most expensive and destructive malware.”
6. Man in the Middle (MITM): When hackers inject themselves into a two-party transaction, this is known as a man-in-the-middle (MITM) assault. According to Cisco, they can filter and take data after blocking transmission. MITM attacks are common when a visitor utilizes an unsecured public Wi-Fi network. Attackers create a barrier between the visitor and the network, using malware to install software and steal data.
7. Phishing: Phishing attacks use forged communication, such as an email to persuade the recipient to open it and follow the instructions therein, such as submitting a credit card number. "The purpose is to steal sensitive data such as credit card and login information or to infect the victim's computer with malware," says the statement.
8. SQL Injection: SQL injection is a cyber-attack that occurs when malicious code is injected into a SQL server. When a server is infected, it releases data. It's as simple as typing the malicious code into a search field on a susceptible website.
9. Password Attacks: A cyber attacker can gain access to various information with the appropriate password. Data Insider defines social engineering as a "tactic cyber attackers utilize that depends primarily on human interaction and frequently entails luring people into breaching basic security standards." Accessing a password database or guessing a password are two different password attacks.
10. Blended Attacks: Blended attacks compromise a target by employing various tactics. Attackers have malware that is a mix of worms, Trojan horses, spyware, keyloggers, spam, and phishing schemes because they use several different attack strategies simultaneously. Blended attacks are exposing more sophisticated malware and putting user data in jeopardy.

IV. IMPACT REDUCTION

While most of today's successful businesses are aware of primary security risks and make significant efforts to avoid them, no set of security measures is 100% effective. Companies and organizations must also be prepared to contain the harm if a breach occurs because the price is enormous. It is essential to understand that the impact of a breach is not only related to the technical aspect of it, stolen data, damaged databases, or damage to intellectual property; the damage also extends to the company's reputation. Responding to a data breach is a very dynamic process. Below are some essential measures a company should take when a security breach is identified, according to many security experts:

1. Make the problem clear. Employees should be made aware of the issue and encouraged to take action internally. Clients should be kept up to date by direct communication and official statements from the outside. Transparency is essential in this scenario, and contact produces it.
2. If the company is at fault, be honest and accountable.
3. Give specifics. Explain why the incident occurred and what was jeopardized. The corporation is also obliged to cover the expenses of identity theft protection services for affected clients.
4. Recognize what caused and aided the breach. Hire forensics experts if necessary to conduct research and learn the information.
5. Apply what you've learned from the forensics investigation to prevent future security breaches.
6. Ensure that all systems are in good working order, that no backdoors have been installed, and that nothing else has been hacked. Attackers frequently try to leave a backdoor to make future breaches easier. Make sure that this does not occur.
7. Employees, partners, and customers should be educated on avoiding repeat breaches.

V. EVOLUTION OF CYBER SECURITY

As algorithms are used and artificial intelligence is becoming more prevalent in impacting daily work and life, cyberattacks can become more destructive. Furthermore, as attackers grow more sophisticated, it is not adequate for a firm to defend network systems to detect a concern before, during, or even after their network devices have been hacked. As the internet and digitally reliant businesses expand and evolve, so do cyber security protocols. According to SecureWorks, those interested in cyber security emphasize the two themes listed below.

A. The Web (Internet) of Things

Standalone gadgets that access the web provide cybercriminals with an entry point. The Internet of Things (IoT) integrates various items and gadgets to the internet. There is also an urgent need to safeguard Internet of Things gadgets and the networking to which they are tethered. IoT devices in business situations include industrial machinery, microgrids, smart buildings, and other personal IoT devices that staff bring to work (see Figure 5.1 for more information).

1. Web ( Internet) of Things Design Considerations

Wireless Capability

Functionality

Interoperability

Secure Storage

Immediate Boot Capacity

Device Categorization

Bandwidth

Cryptographic Controls

Power Management.

2. Protocols

Now we will focus on the Communication Protocols and Standards:

a. Near Field Communication (NFC):  Enables short-distance data exchange.

b. Bluetooth: Enables a short range of data exchange.

c. RFID: Identifies sensors and objects that have been used in the devices.

d. Satellite: Enables cell phone communications.

e. Wi-Fi: This is the most important thing we need as it provides Internet Access.

f. Radio Frequency (RF): Consumes Low Energy.

g. Constrained Application Protocol (CoAP): CoAP is intended to enable basic, confined gadgets to surf the web of Things including in constrained environments with limited performance and reliability.

h. MQTT (Message Queuing Telemetry Transport): MQTT (Message Queuing Telemetry Transport) is a lightweight Web of Things (WoT) verification. It leverages a publishing house transmission architecture and facilitates easy file transfers between nodes.

i. AMQP (Advanced Message Queuing Protocol): AMQP (Advanced Message Queuing Protocol) is an interoperable open standard that is used for transactional information across hosts.

The following are the primary purposes of these IoT guidelines:

• Getting messages and putting them in batches
• Message storage
• Creating a connection between these elements

B. Security Threats in IoT

According to the study released by Roman et al., there are numerous difficulties to making the Internet of Things (IoT) effective in the real world. Still, cybersecurity is at the top of the list. As we know, the Internet of Things (IoT) connects all of the devices' "things" to do particular duties such as sensing, communicating, and processing information. Still, each of these connections might be a possible gateway into the Internet of Things (IoT) architecture, which is a hazard. Because of its integration with cloud technology, the Internet of Things (IoT) has created several potential risks. The inherent dangers of cloud computing technology are most likely to affect Internet of Things (IoT) services. Refer to Figure 5.2 for a deeper understanding, as it presupposes elements such as always connected, experiential subject mapping, major decision making in User to User, End devices, Destination Ip, Detectors in Folks to Machine, financial returns, and finally action incarnation in Machine to Information and sent and crunching numbers in info to Equipment.

Since The suppliers reveal the architecture setup to diverse intrusions, the Internet of Things (IoT) offers many privacy concerns. Devices, programs, and applications based on computer/network interfaces or interfaces are examples of these sources. These dynamic and multi ports enable object-to-object communication, making the whole thing open to internet attacks. The most typical scenario is the security vulnerability of the Routing Protocol (IP), which lowers system efficiency and durability. As the Internet of Things (IoT) becomes more user-accessible and interactive through to the utilization of web pages or mobile applications that also are good vision using Application Programming Interface (API) employing PHP, JAVA, XML, HTML Essentially, the Internet - Of - things (IoT) architecture and the system is constructed with computer hackers and vulnerability in mind. Still, any malfunctioning or error at any level of the Internet of Things (IoT) may inevitably fail in performance. For example, in any rechargeable batteries Internet of Things (IoT) system, power surges can cause data loss, leading to dysfunction.

VI. PROTECT YOUR COMPUTING DEVICE

Your computing devices store your data and portal to your online life. Refer to Figure 6. Below is a shortlist of steps you can take to protect your computing devices from intrusion:

1. Keep the Firewall On: Whether an application fortress or an equipment wall on a router, the fortress should be configured and updated to prevent hackers from accessing your personal and business data.
2. Use Antivirus and Antispyware: Backdoor, such as worms, Keyloggers, Worms, extortion, and espionage, is installed without your knowledge on your smart devices to obtain access to your computer and documents. Infections potentially ruin your data, slow right down your machine, or even seize command of it. Allowing spammers to send emails from your account is one method infections may take over your machine. Spyware may track your internet behavior, acquire your personally identifiable information, and display intrusive squeeze advertising on your web browser while you're surfing the web. Cybersecurity software is intended to detect and remove bugs from your computer and incoming email. Antispyware is sometimes considered part of antivirus software. Keep your software up to date to secure your machine against the latest harmful malware.
3. Manage Your Operating System and Browser: Hackers are continually looking for methods to exploit flaws in your operating systems and web browsers. Set the security settings on your computer and browser to medium or higher to secure your machine and data. Regularly download and install the newest software patches and security updates from the vendors, as well as your computer's operating system and web browsers.
4. Protect All Your Devices: To prevent unwanted access; you should password protect your electronic devices, whether PCs, laptops, tablets, or cellphones. Encrypted data, particularly sensitive or confidential data, should be stored. If your mobile devices are stolen or lost while away from home, only keep the essential information. If one of your devices is hacked, hackers may access all of your data via a cloud storage service like iCloud or Google Drive.

VII. ENCRYPT YOUR DATA

Your information should be secured at all moments. You may assume that you have no secrets or anything to cover, so why employ cryptography? Sometimes you believe that no one wants your info. This is most likely not the case.

This may be made worse because a rogue application infects your computer or mobile device and takes potentially crucial data, including account numbers and passwords, as well as other legal paperwork. This data can lead to identity theft, forgery, or kidnapping. Criminals may protect your information and deem it inoperable until you accept the money.

A. What is Encryption?

Encryption is transforming the data while a third person cannot read it. Only a trustworthy, permitted individual who possesses the secret key or password may decode the information or access it in its original form (see Fig 7.1. Cryptography doesn't preclude the data from being intercepted. Encryption could only block malicious parties from accessing or copying the material. It is also used to encrypt information, directories, and even whole disks.

VIII. GOALS OF CYBER SECURITY?

The main goal of Cyber Security is to protect data from being stolen, compromised, or attacked. Cybersecurity can be measured by at least one of three goals-

1. Protect the confidentiality of data.
2. Preserve the integrity of data.
3. Promote the availability of data for authorized users.

These goals form the confidentiality, integrity, availability (CIA) triad, the basis of all security programs. The CIA triad (Refer Figure 8) is a security backbone that helps to design the policies for information security within the premises of any organization or company. This model of security backbone is also referred to as the AIC (Availability, Integrity, and Confidentiality) triad to avoid confusion with the Central Intelligence Agency. The triad elements are considered the three most crucial components of security[10].

A. Availability

The principle of availability asserts that systems, functions, and data must be available on-demand according to agreed-upon parameters based on levels of service refer to figure 8.1.

Tools for Availability:

1. Physical Protections: Physical safeguard here tells us to keep the information available even in the event of physical challenges, and also it makes sure that the sensitive data and critical information technology are housed in secure areas.
2. Computational Redundancies: It is applied as the ability of a system to keep the flow of operation without interruption when one or more of its components fail (fault-tolerant) against accidental faults. Also, it makes sure to protect computers and the storage devices that serve as fallbacks in the case of failures.

 Threats to Availability

• Denial of Services
• Distributed Denial of Services
• Human action like Bomb or Strikes
• Natural disasters like Fire, Flood, etc.

B. Integrity

Integrity (refer to figure 8.2) ensures that data is authentic, accurate, and safeguarded from unofficial user alteration.  It is the property that information has not been altered illegitimately, and the source of information is unfeigned.

Tools for Integrity

1. Backups: Backup is the cyclic archiving of data. It’s a process of creating copies of data or files to make use of it when the original data or files are lost or destroyed. It is also used to fabricate the documents for historical purposes, such as for longitudinal studies or historical records, or to meet the requirements of a data recall policy. Many applications, mainly in Windows, produce backup files with the.BAK file extension.
2. CheckSums: A checksum is a numerical value used to check the integrity of a file or a data transfer. They are commonly used to estimate two sets of data and make sure that the data is identical.
3. Data Correcting Codes: It is a procedure for storing data so that small transform can be easily identified and then automatically corrected.

Figure 8.2

Threats to Integrity

• Hackers
• Masqueraders
• Unauthorized User activity
• Unprotected files download
• Unprotected Networks
• Unprotected Programs
• Social engineering attacks
• Authorized subjects corrupting data and programs accidentally. 

C. Confidentiality

Confidentiality (refer to figure 8.3) is approximately equivalent to privacy and avoids the illegal announcement of information.   It implies data protection; it provides access to those who are allowed to view it while rejecting others from learning anything about its content. It also prevents the information from reaching inaccurate people while ensuring that the right people can get it. Data encryption is one of the best examples to ensure confidentiality.

Threats to Confidentiality

1. Hackers
2. Masqueraders
3. Unauthorized User activity
4. Unprotected files download
5. Unprotected Networks
6. Unprotected Programs
7. Social engineering attacks

Conclusion

In the framework of this study, we have examined the concepts of Cyber-Security, the Internet of Things (IoT) and its application, and the security threat it has gone through. The new challenges regarding security are also growing exponentially. As with most things connected to daily life usage, everything has been online in these pandemic years. So, the number of crime rates has increased and the Internet of Things (IoT) is becoming extremely famous among the masses and its security against cyber-attacks is getting numerously difficult. Nowadays the Internet of Things (IoT) is merged with cloud computing and different kinds of other platforms and comes with their inherent infirmity as a major concern. Hence in this paper, we have listed the number of cyber security threats that are experienced and about the Internet of Things (IoT), protocols and also tried to provide countermeasures to make the Internet of Things (IoT) a more stable and secure system. We have also discussed the goals in cyber security and have highlighted about encrypting the data to make it confidential. We have specified the number of palliatives against such cyber security attacks which are feasible and can be easily applied. Therefore, this will help to work on the security concerns and provide more information curative to such concerns. In the future years, there will be greater numbers of intelligence that are difficult to explain and possibly infinite as digital talents interact with humanoids across practically all aspects of legislation, community, families, and the outside globe. We designed this study on the idea that the “internet security” and “surveillance” process and the notion of “cybersecurity” are on full alert throughout the 2020s. That effort is much more prone to accelerate than to delay, even though its trajectory varies considerably depending on our conditions. That this is not a facet of our analysis technique; it is the focal focus of the endeavor. We anticipate that in the not-too-distant future (assuming it is not already the case), cybersecurity will be widely acknowledged as the “multi-objective optimization problem” of the era of the internet. That positions everything at the peak of every tough challenge that societies confront, more comparable to a virtually apocalyptic obstacle like global warming than to a professional concern that technologies firms must overcome in order to thrive. IoT encounters a multitude of vulnerabilities that must be addressed in addition to preventative measures to be adopted. Security vulnerabilities and privacy concerns to IoT were introduced in this paper. The overarching purpose was to determine capabilities and record potential risks, assaults, and pitfalls that the IoT may encounter. An outline of the most prominent IoT security concerns was addressed, with specific attention on security concerns associated with IoT devices and services. Confidentiality, privacy, and entity trust were highlighted as cybersecurity threats. The discussion mainly concentrated on cyber threats, which include perpetrators, desire, and competence, all of which are driven by the distinctive features of virtual worlds. It was revealed that dangers presented through security agencies and crime syndicates seem to be more likely to be difficult to overcome than just those posed by solitary hackers. The justification for this is that their victims may be less foreseeable, whereas the consequence of a particular strike is anticipated to be a little catastrophic. It must have been concluded that many contributions to the field of IoT security work are to be explored by both suppliers and finished. It is crucial that forthcoming protocols tackle the inadequacies of present IoT security systems. The goal of ongoing research is to discover a better knowledge of the risks to the IoT ecosystem, as well as to predict the probability and repercussions of threats to IoT. Earlier in product innovation, definitions of necessary security techniques for password protection, verification, access control, and a dynamic trust framework should be addressed. We believe that our research will be valuable to intelligence officials by aiding in the identification of relevant difficulties in IoT security and providing a better grasp of threats and their attributes stemming from various entrants such as firms and intelligence agencies.

References

[1] Internet of Things is a revolutionary approach for future technology enhancement: a review | Journal of Big Data | Full Text (springeropen.com) [2] Cyber Security (Halvorsen.blog) [3] What is Cyber Security? | Definition, Types, and User Protection | Kaspersky [4] What is Cybersecurity? | IBM [5] THE EVOLUTION OF CYBER SECURITY. Benefits of SOAR Technology and… | by cloud cover | Medium [6] What are IoT Devices? (techtarget.com) [7] IRJEt Cybersecurity threats and vulnerabilities in IoT IRJET-V7I3582.pdf [8] Mohamed Abomhara and Geir M. Køien “Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks” Publication 22 May 2015 [9] Roman, R., Zhou, J., & Lopez, J. (2013). On the features and challenges of security and privacy in distributed internet of things. Computer Networks, 57(10), 2266–2279 [10] Cyber Security Goals – javatpoint https://www.javatpoint.com/cyber-security-goals [11] A Complete Guide to IoT Protocols & Standards In 2021 (nabto.com)

Copyright

Copyright © 2022 Yelena Mujibur Sheikh , Yash B Dobhal. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.