Challenges Posed by Internet of Things
Internet of Things (IoT) solutions are presenting us with numerous benefits such as assisting farmers in monitoring their crops and cattle (through connected sensors) to enhance production, efficiency and the health of their herds. Similarly, through intelligent health-connected devices (such as wearables), IoT can save or improve the lives of many patients. However, despite its many benefits, IoT also poses numerous challenges in relation to the (1) privacy of the end users, (2) Cybersecurity and (3) Digital Forensics (DF). This article aims to highlight some of the challenges that IoT presents in relation to the stated three areas of concerns.
So, what is exactly Internet of Things?
IoT is the interconnection of uniquely identifiable embedded digital devices within the current Internet infrastructure. IoT devices can be ordinary items with built-in Internet connectivity or can be sensing devices. Technologies covered by IoT include, but are not limited to, unmanned aerial vehicles (UAVs), smart swarms, the smart grid, smart buildings and home appliances, autonomous cyber-physical and cyber-biological systems, wearables, embedded digital items, machine to machine communications, RFID sensors, and context-aware computing, etc. While IoT presents numerous benefits, at the same time it poses a wide range of challenges. IoT devices gather substantial amount of personal data about individuals. For instance, the whereabouts of employees in an organisation can be tracked through their security access cards to establish how much time they have spent in their office or on a break. Similarly, through smart meters, it can be determined when an individual is at home or what types of electronic devices they use. This personal data is often shared with other devices and stored in databases by different companies.
Regarding the security challenges, IoT poses a wider security attack surface than that presented by other technologies such as Cloud Computing. IoT devices can come under cyberattacks. For instance, cyber criminals can turn IoT nodes into zombies, intercept and hack into cardiac devices, launch DDoS attacks using compromised IoT devices, hack In-Vehicle Infotainment (IVI) systems, and various CCTV and IP cameras. Forensic acquisition and analysis of digital evidence from an IoT device can be very difficult from a DF perspective owing to various reasons such as different proprietary hardware and software, data formats, protocols, and physical interfaces, etc.
Furthermore, in civil or criminal investigations, it would be essential to gather evidence in a forensically-sound manner and preserve chain of custody. However, ownership and preservation of evidence in an IoT environment could prove difficult and as a result, raise serious questions in a court setting as to whether the evidence collected is reliable. Furthermore, current forensic tools and methods employed to analyse IoT devices have been mainly developed for conventional computing devices such as PCs and laptops. However, forensic analysis of IoT devices requires specialised handling procedures, tools and techniques, and understanding of different operating systems and file systems.
Considering the above discussion, one of the ways to address the challenges posed by IoT-connected devices is that cloud cybersecurity will need to be reviewed since each IoT device generates data that is stored in the cloud. This review could cover evidence identification, data integrity, preservation, and accessibility. Cloud service providers will also need to ensure the integrity of the digital evidence acquired from cloud computing components so as to facilitate an unbiased investigation process in establishing the root cause of the cyberattack in IoT. Thus, as the IoT paradigm is further developed, it becomes essential to design adaptive processes, accredited tools and dynamic solutions tailored to the IoT model.