Frameworks for Analyzing Security Risks of Smart Devices - ByteScout
  • Home
  • /
  • Blog
  • /
  • Frameworks for Analyzing Security Risks of Smart Devices

Frameworks for Analyzing Security Risks of Smart Devices

The development and advancement of the Internet of Things concept have led to an exponential growth of the number of smart devices connected to the internet. It is estimated that by 2020, the number of smart devices connecting to the internet will grow to about 50 billion. 

Smart devices have been developed to support different human activities, including their personal affairs, financial affairs, and business affairs, which has made people’s lives more convenient.

The concept of smart homes has been made possible by the integration and management of smart devices in people’s homes globally. All home appliances such as intelligent cooling and heating devices, smart TVs, smart washers, and smart refrigerators have been connected to the internet to make smart home systems possible. The systems can control access, lighting, temperatures, and entertainment to a person’s preference.

While it is convenient to control your smart devices from your phone regardless of time and space, the security of these smart devices continues to be a challenge. Smart devices fail to have an advanced security architecture, thereby getting exposed to many attacks. This article describes and reviews some of the frameworks developed to analyze the security risks of smart devices. These frameworks apply to most smart devices as well as smartphones.

Security Frameworks

Smart device Architecture

Smart devices have an architecture that consists of four layers, including; the application layer, the application framework, a module core library, and the Linux kernel layer. The applications that run in a smart device are defined in the application layer. 

In the application framework layer, the libraries and a manager that includes an activity manager, a package manager, and an install manager are defined. These enable applications to run in a smart device.

In the module core library layer, the libraries are responsible for processing the distinct functions of different smart devices. For instance, a smart TV has different modules such as a player that pays images, a middleware that receives images from an input, and then displays them on the screen, a configuration module, and an I/O kit. These modules execute particular functions of a device and are only inserted by the relevant manufacturers.

The Linux kernel layer is the layer that executes most core functions of smart devices. This layer includes the kernel, network, file system, and device driver. This layer is responsible for monitoring the functional execution of applications; it exits and reruns execution. The Linux kernel is unique for each device. 

Security Frameworks

Smart devices provide services over wireless networks. It is through the wireless networks that attackers can hack a smart device. Security frameworks have been proposed and developed to achieve the security requirements of smart devices. These requirements include integrity, availability, and authentication.

The most important factor of a smart device is its availability. A lowered availability means deterioration of the core function of a smart device. Loss or lack of availability causes user inconvenience, among other damages.

A hash function, as well as a digital signature, is used in smart devices for critical data to ensure its integrity. Without integrity, a smart device can easily get infected with malware from an attacker, thereby affecting the availability of its functions.

The security of smart devices is, in most cases, not taken into account. An attacker could easily insert malicious code in a device for malicious purposes such as the denial of service (DoS), distributed denial of service (DDoS), and leakage of personal information. Using a secure certificate in a smart device ensures the authentication of users, thereby mitigating this risk.

Firmware validation and update framework

This framework executes an ID-based authentication on a smart device. This is made possible in three steps. The first step is that the framework makes use of a key derivation algorithm for the distribution of the firmware image.

The second step involves making use of a hash chain that verifies the firmware image integrity. Fragmentation of the firmware image then happens and this is used as an input in the hash chain. In the third step, the fragmented pieces are transmitted by the device firmware.

User privacy-enhanced security framework

This is a security framework used in smart devices. It is specifically suitable for devices connected in a smart home environment. It works by providing a defense against malicious attacks that include unauthorized access to personal information as well as burst attacks on personal smart devices.

The framework provides security in the form of encryption, access control, digital signature, logging, and user authentication. The framework goes ahead to apply the authentication process to the existing modules of a smart device as well as newly added modules.

Lightweight lattice-based homomorphic privacy-preserving framework

This framework is a lightweight privacy-preserving aggregation framework. It deploys a lightweight cryptosystem that is dependent on simple multiplication and addition operations. The framework involves two phases; the initialization and the reading aggregation phases. It guarantees the confidentiality and privacy of users while ensuring a lightweight overhead.

A fourth framework makes use of an encryption algorithm as well as a hash function. This algorithm applies the AES256 encryption, the ephemeral Diffie-Hellman key exchange, and the RC4-based has function. The messages to be transmitted from a device are monitored in a central hub. The message is encrypted using three algorithms, after which a hash value is generated.

Conclusion

The exponential growth of the Internet of things concept has led to a rapid increase in the number of smart devices in smart homes and smart systems that are connected to the internet. This has led to the emergence of security threats as the technologies behind the manufacture of smart devices have failed to catch up with the security challenges coming up every day.

The increase of cyber threats continues to put personal information contained in smart devices at risk. Different security frameworks have thereby been developed to deal with these challenges. Some of these frameworks have a limited range mainly due to the fact that smart devices perform unique functions. The frameworks continue to be optimized to maximize functional availability and to ensure authentication, integrity and service delivery.

prev
next