Assessing risks and threats with layered approach to Internet of Things security

Abstract

Internet of Things is the next-generation Internet network created by intelligent objects with software and sensors, employed in a wide range of fields such as automotive, construction, health, textile, education and transportation. With the advent of Industry 4.0, Internet of Things has been started to be used and it has led to the emergence of innovative business models. The processing and production capabilities of Internet of Things objects in hidden and critical data provide great advantages for the next generation of Internet. However, the integrated features of Internet of Things objects cause vulnerabilities in terms of security, making them the target of cyber threats. In this study, a security model which offers an integrated risk-based Internet of Things security approach for the Internet of Things vulnerabilities while providing detailed information about Internet of Things and the types of attacks targeting Internet of Things is proposed. In addition, in this study, the vulnerabilities of Internet of Things were explained by classifying attack types threatening the physical layer, network layer, data processing layer and application layer. Moreover, the risk-based security model has been proposed by examining the vulnerabilities and threats of smart objects that generate the Internet of Things. The proposed Internet of Things model is a holistic security model that separately evaluates the Internet of Things layers against vulnerabilities and threats based on the risk-level approach.