Survey of DoS/DDoS attacks in IoT

The term internet of things (IoT) has gained much popularity in the last decade, which can be defined as various connected devices over the internet. IoT has rapidly spread to include all aspects of our lives. For instance, smart houses, smart cities, and variant wearable devices. IoT devices work to do their desired goals, which is to develop a person's living with his/her minimal involvement. At the same time, IoT devices have many weaknesses, which attackers exploit to affect these devices' security. Denial of Service (DoS) and Distributed Denial of Service (DDoS) are considered the most common attacks that strike IoT security. The main aim of these attacks is to make victim systems down and inaccessible for legitimate users by malicious malware. This paper's objective is to discuss and review security issues related to DoS/DDoS attacks and their countermeasures i.e. prevention based on IoT devices' layers structure.


Introduction
According to Nemade, "The Internet of Things (IoT) is the network of physical objects-devices, vehicles, buildings and other items-embedded with electronics, software, sensors, and network connectivity that enables these objects to collect and exchange data" [1]. Despite the fact that this term was invented in 1999 by Kevin Ashton, who was working on Radio Frequency Identification (RFID) technology, it took a decade for IoT to become a popular phenomenon around the world. Nowadays, there are billions of various devices connected to the Internet around us in different applications, such as home automation, social life, education systems, health care, entertainment, and transport systems [2]. The number of devices is expected to exceed 75 billion Internet of Things (IoT) devices by 2025 [3]. Furthermore, the fast and wide development of IoT devices comes with many challenges and security issues in these devices that should be addressed. Because these devices exist in all our life aspects, and gather information about our daily lives, there must be systems and solutions that mitigate the security challenges and security issues [4] which make them prone to different type of attacks. The most common attacks Denial of Service (DoS) and Distributed Denial of Service (DDoS) can be launched via various methods.
DoS aims to prevent services provided by Io applications. This is done by wasting and exhausting network resources by unnecessary traffic [5]. DDoS happens when the host server is flooded with massive number of unnecessary requests by geographically distributed zombie devices [6]. IoT applications do not have a standard architecture layers yet, but most of the researchers divide it into four major layers with some additional helper layers. These layers are: Perception, Network, Middleware, and Application [7]. Each layer has security issues which make it prone to different types of attacks. In this paper, we will discuss IoT architecture and protocols used in each layer, the main challenges and security issues that make IoT prone to different attacks, the major DoS/DDoS attacks that strike different IoT layers and possible countermeasures and prevention techniques that could be used.

Challenges and security issues in IoT
 Bandwidth and Power Consumption: IoT devices designed to be small, with less powerful computing capability, and less memory capacity. Thus, advanced cryptographic-algorithms cannot be applied to the IoT system, since it demands high computing and memory requirement. Meanwhile, IoT contains many connected sensors to do the desired job with maintaining security issues, which may consume high bandwidth. Therefore, security mechanisms should be applied with minimal overhead on IoT system [8].  Insufficient authentication and authorization mechanism: Most of IoT devices suffer from weak and default passwords, insecure credentials, and lack of access control. Therefore, attacker might exploit this to threaten privacy and data integrity [9].  Insecure web interface: Most of IoT devices have web interfaces that do not require the use of strong passwords. Some of them still do not lock out users who have made several failed login attempts. Therefore, these interfaces are prone to several attacks like brute force credentials, injections, and scripting [10].  Insecure network services: Because all IoT systems rely heavily on network communications, these networks must be secured. Otherwise, network services will be compromised through buffer overflows, fuzzing, DDoS, and other attack forms.  Poor phys cal security: If any malicious actor gains physical access to IOT device, he could break or remove storage card and use it to extract stored information. Moreover, if the device is equipped with external ports like a USB port, attacker can use it to attack the operating system [9].

Literature review
An extensive literature study has been conducted and results presented in next section where we present IoT DoS/DDoS attack types based on layered structure. Also some relevant solutions are presented hereby to give wide overview of the existing approaches. Farooq et al [11] review IoT layered architecture and main security goals which is data confidentiality, data integrity and data availability. They also talk about security issues and possible solutions at each layer. Ning et al [12] propose a systematic security architecture (named IPM) that consist of three security aspects: information, physical, and management. This security model introduces social layer, and intelligence and compatibility for security consideration. Authors [13] focus on authentication issue for Wireless Sensor Networks (WSN) in term of security and computational overhead. As a result of this research, sensors and tags limited resource posing a great challenge in mitigating DoS attacks in field of WSN.

The IoT architecture
As mentioned earlier, there are different architecture proposed for IOT application, but the basic architecture shown in Fig.1 consists of perception layer, network layer, middleware layer and application layer [7] [8]. In IoT architecture design, many things have to be considered, such as scalability and the ability to operate among different devices and models. Therefore devices must be able to interact with each other dynamically [11]. Fig. 1 presents used IoT layered architecture and used technologies and protocols in each layer. IoT consists of heterogeneous technologies used in different layers. This makes various researches to propose different approaches for designing homogeneous, and as possible secured from attacks, infrastructure [6]. In the next section, we will explore security challenges in each layer, famous types of Dos/DDos attacks that happen in each layer, and possible solutions for these problems.

. Security vulnerabilities at perception layer
This layer, which is sometimes called 'sensing layer', depends on physical resources part of IoT. It uses several sensing technologies and devices for collecting data, transforming them to digital signals and forwarding them to the network layer [12]. Perception layer technologies include RFID tags, cameras, wireless sensor network (WSN), GPS, and Bluetooth. These devices are chosen based on IoT applications functionalities. The data collected from the surrounding environment may come in different forms, such as motion, light, change in temperature, and location. Perception layer sensors and devices are presented to end users. These devices are intended to increase flexibility, reduce the cost, and have limited resources in computing and storage [13]. Moreover, they are limited in data transmission rate [14]. This restriction is exploited by intruders.
Famous types of attacks on this layer:  RF Jamming attack: Since most of wireless devices are using radio frequency (RF) signals to communicate with others, this signal can be jammed with other stronger signals. The attacker intercepts and denies communication between the sensor, or tag, and the reader of transmitted data [7] [15].


Eavesdropping: mainly affects confidentiality part of IoT device. It is a dangerous attack, because attacker can read and collect secret information committed between tag and the reader of data, and take advantage of the information gathered [16] [15]. These confident information could be phone calls, text messages, video conferences [17].

Security solution at perception layer
Authors [15] talk about possible countermeasures available against attacks on RFID, WSN. In the paper, one proposed countermeasure against jamming is to regulate transmitted power and Frequency Hopping Spread Spectrum (FHSS). It is a powerful solution to avoid interference and multi-path fading (distortion), it also decreases narrowband interference, increases signal capacity, and improves the signal to noise ratio [18]. Porambage et al. [19] have discussed a pervasive authentication (PAuthKey) method which is lightweight in nature. This algorithm has been developed keeping in mind the resource scarcity at sensors end. Moreover, key establishment process was also refined in light of it. This PAuthKey system allows users to establish secure connection at lower cost directed towards the sensor nodes. Lin Hu et al. [20] have researched on secrecy enhancing technique to minimize Secrecy Outage Probability (SOP) that come from eavesdropping at perception layer. It resulted in enhanced security service at minimal cost as compared to other methods available.

Security vulnerabilities at network layer
This layer operates in the same way of TCP/IP network layer, and also faces the same typical communication networks security problems that affect confidentiality, availability and integrity of data [21] [14]. It is responsible for transmitting the collected data from the perception layer devices and sensors [17].
Famous types of attacks on this layer:  Flooding Attacks: In this type of attacks, many useless traffics are sent through the network, causing the target system to become unreachable. More specifically, the system drain is done by huge number of requests from the attacker [22], for instance, UDP flood. Attacker floods different UDP (User Datagram Protocol) packets on different victim ports, therefore, the server host will inspect these ports for incoming requests over and over, causing exhaustion to victim resources [23].  Reflection-based flooding Attacks: The attacker, in this type of attacks, intercepts the authentic connection, and sends repeated fake requests to reflectors. These reflectors reply at the same time to the target system causing it to become unreachable [23].

Security solution at network layer
As for traditional IPv6, there is tested way to secure normal networks called IPsec. Since IoT devices added to the Internet using IPv6 over Low-power Wireless Personal Area Networks (6LoWPAN), Raza et al. [24] introduced a way to secure the IoT based on the tested IPsec extension added to 6LoWPAN. Moreover, Encapsulation Security Payload (ESP) and Authentication Header (AH) techniques are used to secure the communication from application layer devices to network layer.

Security vulnerabilities at middleware layer
This layer is responsible for data manipulation and intelligent decisions based on calculation and processing. The processing is done on massive amount of data collected from sensors and tags. These data is stored in database, also Cloud computing technology could be used in this layer [25] [8] . Different attacks and security threats are associated to this layer, because of accumulating large amount of data and using cloud computing [14]. The main aim of these attacks is cloud data to destroy users privacy [26].
Famous types of attacks on this layer:  Signature Wrapping Attack: For cloud services XML, signatures is used to verify authenticity of connection with another service. Attacker can change the eavesdropped messages and do arbitrary commands on behalf of a legitimate user, without any change in the signature. Likewise, Amazon Elastic Cloud Computing (EC2) uses Simple Object Access Protocol (SOAP) interface for controlling the deployed machine. Attackers exploit weakness in this interface and modify the sent messages or execute arbitrary commands [26].  Flooding Attack in Cloud: Attackers deplete the resources of the cloud service by sending extensive requests. Cloud system may transfer the affected services to another server causing to exhaust another server. This mainly affecting the quality of service [26].

Security solution at middleware layer
Shafagh et al. [33] proposed a mechanism called Encrypted Query Processing Approach, which allow users to initiate encrypted queries on database using cryptographic schema. In this way middleware layer can store data securely on the database and it is feasible in low-power devices.

Security vulnerabilities at application layer
This layer is considered as the top layer; it is responsible for the logical part in IoT application. In other words, this layer will do data manipulation and show it to end users using users interface (UI) [7] [23]. This layer face different security challenges, for example, access permissions and authentication are very likely to be hacked, because it is difficult to maintain within different types of applications and users [21]. In addition, hackers may exploits application layer vulnerabilities, such as buffer overflow, cross-site scripting, and SQL injection, as a result, maintaining data privacy and protection is difficult [22].
Famous types of attacks on this layer:  Reprogramming Attack: Attacker may change the program code if they have unauthorized access, which leads to data leakage. With access to the source-code of the program, they can alter the code to the use. Moreover, if they use infinite loop in the code, it will lead to exhaustion of the server resources [23].  Path based DoS attack: This attack called PDoS attack , which is done by flooding multi-hop end-toend communication paths with data packets [27].

Security solution at application layer
For authentication issue in application layer, Cirani et al. [28] proposed an authorization framework based on integration with external Open Authorization Service (OAS). The whole solution denoted as IoT-OAS, Which is targeting HTTP and CAP (Constrained Application Protocol) services. This method provide flexible and easy integration with existing services, in addition to lowering processing load.

Conclusions and future work
This paper discusses Dos/DDoS attacks and security solutions with respect to each IoT layer. It shows that every layer have different vulnerabilities exploited by attackers. Security possible solutions for the networks are also discussed, which makes the IoT network more secure. In order to have strong secure structure, we must take care of security issues for all different layers, not only single one. In other word, securing application layer only will not prevent attackers from hack network layer [29]. As declared earlier, perception layer devices characterized with flexibility and ease of use, for reducing costs. This make perception layer the most vulnerable layer and require extended research to identify capabilities [7]. Despite the massive number of DoS/DDoS prevention mechanism given in the literature, they need a lot of work and improvement. Because of IoT applications industry dynamically change. There is massive need to use technologies like machine learning and artificial intelligence to be able to make unified solution against different scenarios with heterogeneous devices, networks and protocols [6]. Furthermore, users of the applications must be aware of importance of using strong passwords and credentials, and update software as necessary.