China
Africa
Explore chapters and articles related to this topic
Analysis of Security Issues in IoT System
Published in Asis Kumar Tripathy, Chiranji Lal Chowdhary, Mahasweta Sarkar, Sanjaya Kumar Panda, Cognitive Computing Using Green Technologies, 2021
Likhet Kashori Sahu, Sudibyajyoti Jena, Sambit Kumar Mishra, Sonali Mishra
In this attack, the attacker tries to get into the network using physical features of IoT devices like power dissipation, electromagnetic emanation, running time, temperature, and acoustics. Some of the classes of side channel attack include cache attack, timing attack, power-monitor attack, electromagnetic attack, acoustic cryptanalysis, and differential fault analysis [30]. Power monitor attack exploits the data of a device’s power consumption that depends on parameters like data processed and the number of instructions implemented, while electromagnetic attack can exploit the data of device’s electromagnetic emanations.
Cryptography Threats
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Konstantinos Limniotis, Nicholas Kolokotronis
There is also a series of side-channel attacks that are applicable to specific versions of SSL/TLS. Note that the Lucky 13 attack described earlier, being a timing attack, also constitutes a side-channel attack. In this subsection though, we focus on other types of such general type of attacks, which mainly rest with the compression algorithm that these versions support.
Blockchain of Things: Benefits and Research Challenges
Published in Monika Mangla, Ashok Kumar, Vaishali Mehta, Megha Bhushan, Sachi Nandan Mohanty, Real-Life Applications of the Internet of Things, 2022
Sangita Chaudhari, Rashmi Dhumal, Tabassum Maktum
The major attacks at the perception layer are: jamming attack, insecure initialization, malicious code injection attack, low level Sybil and spoofing attack, Insecure physical interface, node capture attack, sleep deprivation attack, etc. The jamming attack can be easily launched on the wireless networks which are built upon shared medium. Jamming attacks affect working of wireless networks by radiating radio frequency signals, which are not pursued by MAC protocol on wireless IoT devices. This mainly influences network functioning and transfer of data between legitimate nodes. Another attack is insecure initialization at the physical layer. The initialization and configuration of IoT using secure mechanisms ensures smooth functioning of the whole system without disrupting network services. The secure mechanism for communication at the physical layer, protect it from access to unauthorized nodes. In low level Sybil and spoofing attack, a malicious Sybil node uses many fake identities to exhaust the system resources and disturbs the IoT functionality. At the physical layer, Sybil nodes may use random fake MAC values for concealing as a different device. This may lead to access denied to real IoT devices. The functioning of IoT devices can also be threatened due to poor physical security, physical interfaces used to access software and testing tools used. Another attack at this layer is sleep deprivation attack, where a fake node militaries real node to drop their energy. IoT devices have low power capacity. To save the battery, the devices are programmed with sleep routine. In IoT, sleep deprivation attack causes sensor nodes to stay awake till their battery gets discharged. In a node capture attack, an attacker may tamper the IoT device, replace it or take control over it. If an attacker captures a node, then the sensitive information may be exposed to the attacker. Along with the node capture attack, an attacker can inject malicious code in the memory of an IoT device which is called a malicious code injection attack. The malicious code that is injected by the attacker performs specific function and gain control over IoT system. The false data detection attack at the perception layer affects the effectiveness of an IoT system, an attacker can replace normal data with dummy/fake data which causes the IoT system to send erroneous responses. In cryptanalysis attacks and side-channel attacks, an attacker can use some techniques to obtain encryption keys from IoT devices by either applying a side-channel attack or timing attack in which encryption keys are obtained based on the time required to execute the encryption algorithm. In eavesdropping and interference attack at the physical layer, IoT devices are majorly communicating over wireless networks. The information transferred over wireless networks can be eavesdropped by an attacker.
Exploration for Software Mitigation to Spectre Attacks of Poisoning Indirect Branches
Published in IETE Technical Review, 2018
Baozi Chen, Qingbo Wu, Yusong Tan, Liu Yang, Peng Zou
Modern processors use cache to fill up the speed gap in memory hierarchy. At the same time, it introduces uncertainty to the system that time of memory accesses varies depending on whether the data are in cache or not. Cache timing attacks are a specific type of side-channel attack that exploit the effects of the cache memory on the execution time of algorithms. The attacker can determine the addresses allocated into cache by measuring the time taken to access entries and leak information. There are several techniques to exploit cache that have been demonstrated already. Prime+Probe [15–17] is the one that the attacker fills one or more cache lines with its own contents, waits for the victim to execute and then probes by timing accesses to preloaded cache lines. If the attacker observes remarkable increased memory access latency, it means that the cache lines have been evicted by the victim who has touched an address that maps to the same set. Flush+Reload [18] is contrast to Prime+Probe. The attacker first flushes targeted cache lines, waits for the victim to execute and then reloads the flushed cache line by touching it, in the meanwhile measuring the time taken. If the attacker observes a fast memory access, it means that the cache lines have been reloaded by the victim. Evict+Time [19] compares the overall execution time of the victim after evicting some cache lines of interest with a baseline. The variation of overall execution time is then used to deduce whether the lines of interested have been accessed by the victim.