Advances in IoT Security: Vulnerabilities, Enabled Criminal Services, Attacks, and Countermeasures

Siwakoti, Yuba Raj; Bhurtel, Manish; Rawat, Danda B.; Oest, Adam; Johnson, RC

doi:10.1109/jiot.2023.3252594

Cited by 18 publications

(8 citation statements)

References 67 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This finding is in harmony with the strategic capacity of ERM to systematically identify and manage risks [11,14], enhanced by the structured risk management processes provided by ISO 27001 [30,31] and bolstered by the specialized investigative capabilities of mobile forensics [38,40]. This supports the assertion that a cohesive application of these methodologies significantly improves risk management outcomes compared to disjointed approaches, addressing both the strategic and tactical dimensions of digital risk management [2,6]. The integration effectively leverages ERM's comprehensive risk assessment, ISO 27001's information security controls, and mobile forensics' investigative insights, creating a more adequate and effective risk management strategy.…”

Section: Discussionsupporting

confidence: 66%

CyberFusion Protocols: Strategic Integration of Enterprise Risk Management, ISO 27001, and Mobile Forensics for Advanced Digital Security in the Modern Business Ecosystem

Olaniyi,

Omogoroye,

Olaniyi

et al. 2024

JERR

View full text Add to dashboard Cite

This research paper explores the integration of Enterprise Risk Management (ERM), the ISO 27001 standard, and mobile forensics methodologies as a comprehensive framework for enhancing digital security measures within modern business ecosystems. Employing a quantitative research design, this paper utilized a survey methodology, gathering data from 372 professionals across various sectors including risk management, IT/security, and forensic analysis. The analysis was conducted using Partial Least Squares Structural Equation Modeling (PLS-SEM) to test the research hypotheses and assess the impact of the integrated approach on organizational digital security capabilities. The findings reveal a significant positive effect of integrating ERM, ISO 27001, and mobile forensics on an organization’s ability to manage digital risks effectively. Specifically, the integrated approach was found to enhance strategic digital security management, improve the identification, assessment, and mitigation of digital risks, strengthen information security management practices, and elevate the effectiveness and efficiency of digital crime investigation processes. These outcomes underscore the value of a cohesive strategy that leverages the strengths of ERM, ISO 27001, and mobile forensics in addressing the complex and interconnected digital threat landscape. Based on the results, the study recommends adopting a holistic security framework, investing in continuous professional development, leveraging technological advancements for proactive security management, and fostering a culture of security and collaboration. Such measures are crucial for organizations aiming to enhance their resilience against cyber threats and protect their digital assets in the face of sophisticated cyber-attacks. This research contributes to the field of cybersecurity by providing empirical evidence on the benefits of an integrated approach to digital security, offering practical guidelines for organizations seeking to improve their digital security measures, and highlighting the need for continuous adaptation and collaboration in the fight against cyber threats.

show abstract

Section: Discussionsupporting

confidence: 66%

CyberFusion Protocols: Strategic Integration of Enterprise Risk Management, ISO 27001, and Mobile Forensics for Advanced Digital Security in the Modern Business Ecosystem

Olaniyi,

Omogoroye,

Olaniyi

et al. 2024

JERR

View full text Add to dashboard Cite

show abstract

“…Furthermore, TCP variants are vulnerable to blind TCP injection attacks, where attackers inject malicious payloads into ongoing TCP connections without directly observing the communication stream. By predicting or guessing sequence numbers used in TCP connections, attackers can inject forged packets into the communication stream, impersonate legitimate endpoints, or manipulate data exchanges [179]. Blind TCP injection attacks can exploit vulnerabilities in network services or applications, bypass security controls, or compromise sensitive information.…”

Section: Common Vulnerabilities In Tcpmentioning

confidence: 99%

A survey of transmission control protocol variants

Lydiah Moraa Machora

2024

World J. Adv. Res. Rev.

View full text Add to dashboard Cite

TCP (Transmission Control Protocol), is a reliable connection oriented end-to-end protocol. It contains within itself, mechanisms for ensuring reliability by requiring the receiver to acknowledge the segments that it receives. The network is not perfect and a small percentage of packets are lost enroute, either due to network error or due to the fact that there is congestion in the network and the routers are dropping packets. TCP ensures reliability by starting a timer whenever it sends a segment. If it does not receive an acknowledgement from the receiver within the ‘time-out’ interval then it retransmits the segment. In this paper a review of various TCP is carried out. There are a number of TCP variants for application in the management of network efficiency in terms of network congestion and transmission efficiency. These variants include: - TCP Tahoe, TCP Reno, TCP New Reno, TCP Vegas, TCP SACK, TCP FACK, TCP Asym, TCP RBP, Full TCP and TCP CUBIC. Therefore, the main objective of this paper is to study the tcp types on the network performance variances. All have different features and advantages but with maximal throughput as main objective, which are termed as the clones of TCP, have been incorporated into TCP/IP protocol for handling congestion efficiently in different network scenarios.

show abstract

“…The authors consider the problems and vulnerabilities that arise as a result of the introduction of cloud computing in IoT systems, and also identify future research directions. Also, a similar study is conducted in [10], where the authors analyze potential attacks in IoT systems, as well as known countermeasures. These studies examine security protocols, encryption methods, and access control mechanisms to address security issues and protect sensitive data.…”

Section: Literature Review and Problem Statementmentioning

confidence: 99%

Performance evaluation of the cloud computing application for IoT-based public transport systems

Zakutynskyi,

Sibruk,

Rabodzei

2023

EEJET

View full text Add to dashboard Cite

The object of research is cloud computing as an element of the server infrastructure for intelligent public transport systems. Given the increasing complexity and requirements for modern transportation, the application of the Internet of Things concept has a high potential to improve efficiency and passenger comfort. Since the load generated in IoT systems is dynamic and difficult to predict, the use of traditional infrastructure with dedicated servers is suboptimal. This study considers the use of cloud computing as the main server infrastructure for the above systems. The paper investigates the main cloud platforms that can be used to develop such systems and evaluates their advantages and disadvantages. The authors developed the overall architecture of the system and evaluated the performance and scalability of individual components of the server infrastructure. To test the system, a software emulator was developed that simulates the controller module installed in vehicles. Using the developed emulator, stress tests were conducted to analyze and confirm the ability to scale and process input data by the proposed architecture. The test scenarios were developed and conducted on the basis of the existing public transportation system in Kyiv, Ukraine. The experimental results showed that the proposed IoT architecture is able to scale efficiently according to the load generated by the connected devices. It has been found that when the number of incoming messages increases from 40 to 6000, the average message processing time remains unchanged, and the error rate does not increase, which is an indicator of stable system operation. The obtained results can be used in the development of modern public transport systems, as well as for the modernization of existing ones

show abstract

Advances in IoT Security: Vulnerabilities, Enabled Criminal Services, Attacks, and Countermeasures

Cited by 18 publications

References 67 publications

CyberFusion Protocols: Strategic Integration of Enterprise Risk Management, ISO 27001, and Mobile Forensics for Advanced Digital Security in the Modern Business Ecosystem

CyberFusion Protocols: Strategic Integration of Enterprise Risk Management, ISO 27001, and Mobile Forensics for Advanced Digital Security in the Modern Business Ecosystem

A survey of transmission control protocol variants

Performance evaluation of the cloud computing application for IoT-based public transport systems

Contact Info

Product

Resources

About