43
Security Issues in Blockchained IoT
TABLE 3.3 (CONTINUED)
Counteracting Actions on Common Security Challenges and Their Effect on Layers and Security Principles
Challenges
Description
Layer Affected
Security
Principle Affected
Security Counteract Actions
P
NT
AM
C
I
A
Insecure Software,
Firmware and
Interfaces
The applications used for accessing IoT resources are
focused on cloud, web or smartphone applications
that are extremely vulnerable to attacks and may
therefore impact the privacy of data. In comparison
to interfaces, vulnerabilities may be triggered by
insecure hardware or applications, and so their
upgrades must be carried out safely.
×
×
√
√
√
×
Regular device updates, file encryption using
acceptable encryption techniques, file
transmission via encrypted connection, secured
update server (OWASP, 2016)
CoAP and
Middleware
Security
CoAP implements a message format specified in
RFC-7252 to provide end-to-end protection in
restricted applications and uses Datagram Transport
Layer Security (DTLS) connections with several
security modes. CoAP messages based on
RFC-7252 require encryption for safe
communication because CoAP multicast support
needs authentication and key management.
×
×
√
√
×
×
VIRTUS Middleware(Conzon et al., 2012), security
policies, Secure Middleware for Embedded
Peer-to-Peer systems (SMEPP) (Caro et al., 2009),
lightweight DTLS (Rescorla & Modadugu, 2012),
Transport Layer Security- Datagram Transport
Layer Security (TLS-DTLS) mapping, Hyper Text
Trasfer Protocol (HTTP)-CoAP mapping,
TLS-DTLS tunnelling, message filtration using
6LBR, service layer Machine to Machine (M2M)
security (Brachmann, Keoh, et al., 2012; Granjal
et al., 2013; Sethi et al., 2012; Brachmann,
Garcia-Mochon, et al., 2012; Caro et al., 2009;
Conzon et al., 2012; Ferreira et al., 2014;
Gómez-Goiri et al., 2014; OneM2M, Security
Solutions – OneM2M Technical Specification,
2017; Rescorla & Modadugu, 2012)
Source: Gupta, M., et al., Security issues in Internet of Things: Principles, challenges, taxonomy. In Proceedings of Springer Lecture Notes Electrical Engineering at
3rd International Conference on Recent Innovations in Computing (ICRIC-2020), 2020.