Survey on Risks Cyber Security in Edge Computing for The Internet of Things Understanding Cyber Attacks Threats and Mitigation

Authors

  • Tiara Rahmania Hadiningrum Institut Teknologi Sepuluh Nopember
  • Resky Ayu Dewi Talasari Institut Teknologi Sepuluh Nopember
  • Karina Fitriwulandari Ilham Institut Teknologi Sepuluh Nopember
  • Royyana Muslim Ijtihadie Institut Teknologi Sepuluh Nopember

DOI:

https://doi.org/10.12962/j24068535.v23i1.a1210

Abstract

Dalam era pesatnya perkembangan teknologi, penggunaan IoT terus meningkat, terutama dalam konteks edge computing. Makalah survei ini secara teliti menjelajahi tantangan keamanan yang muncul dalam implementasi IoT pada edge computing. Fokus utama penelitian ini adalah potensi serangan dan ancaman siber yang dapat mempengaruhi keamanan sistem. Melalui metode survei literatur, makalah ini mengidentifikasi risiko keamanan siber yang mungkin timbul dalam lingkungan IoT di edge computing. Pendekatan metodologi penelitian digunakan untuk mengklasifikasikan serangan berdasarkan dampaknya pada infrastruktur, layanan, dan komunikasi. Keempat dimensi klasifikasi, yaitu Network Bandwidth Consumption Attacks, System Resources Consumption Attacks, Threats to Service Availability, dan Threats to Communication, memberikan dasar untuk memahami dan mengatasi risiko keamanan. Makalah ini diharapkan memberikan landasan pemahaman yang kokoh tentang keamanan pada IoT dalam edge computing, serta kontribusi untuk pengembangan strategi keamanan yang efektif. Dengan fokus pada pemahaman mendalam tentang risiko keamanan, makalah ini mendorong pengembangan solusi keamanan yang adaptif di masa depan untuk mengatasi tantangan keamanan yang berkembang seiring dengan pesatnya adopsi teknologi IoT di edge computing.

Author Biographies

  • Tiara Rahmania Hadiningrum, Institut Teknologi Sepuluh Nopember
    Department Teknik Informatika
  • Resky Ayu Dewi Talasari, Institut Teknologi Sepuluh Nopember
    Department Teknik Informatika
  • Karina Fitriwulandari Ilham, Institut Teknologi Sepuluh Nopember
    Department Teknik Informatika
  • Royyana Muslim Ijtihadie, Institut Teknologi Sepuluh Nopember
    Department Teknik Informatika

References

R. Vishwakarma and A. K. Jain, “A survey of DDoS attacking techniques and defence mechanisms in the IoT network,” Telecommun Syst, vol. 73, no. 1, pp. 3–25, Jan. 2020, doi: 10.1007/s11235-019-00599-z.

Md. I. Hussain, “Internet of Things: challenges and research opportunities,” CSI Transactions on ICT, vol. 5, no. 1, pp. 87–95, Mar. 2017, doi: 10.1007/s40012-016-0136-6.

W. Najib, T. Ancaman dan Solusi Keamanan, S. Sulistyo, and K. Kunci, “Tinjauan Ancaman dan Solusi Keamanan pada Teknologi Internet of Things (Review on Security Threat and Solution of Internet of Things Technology),” 2020.

O. Krianto Sulaiman and A. Widarma, “SISTEM INTERNET OF THINGS (IOT) BERBASIS CLOUD COMPUTING DALAM CAMPUS AREA NETWORK.”

X. Jin, C. Katsis, F. Sang, J. Sun, A. Kundu, and R. Kompella, “Edge Security: Challenges and Issues.” 2022.

A. Adhitama and T. Informasi, “Keamanan Edge Computing untuk Perangkat IoT Tersebar.”

P. Ahlawat and R. Bathla, “A survey on key management solutions for IoT security,” in 2023 4th International Conference on Computing and Communication Systems (I3CS), IEEE, Mar. 2023, pp. 1–6. doi: 10.1109/I3CS58314.2023.10127348.

A. Alwarafy, K. A. Al-Thelaya, M. Abdallah, J. Schneider, and M. Hamdi, “A Survey on Security and Privacy Issues in Edge Computing-Assisted Internet of Things.” 2020.

M. Taimoor Khan, “Towards Practical and Formal Security Risk Analysis of IoT (Internet of Things) Applications,” in 2022 IEEE 27th Interna-tional Conference on Emerging Technologies and Factory Automation (ETFA), IEEE, Sep. 2022, pp. 1–4. doi: 10.1109/ETFA52439.2022.9921511.

S. Kumar, P. Tiwari, and M. Zymbler, “Internet of Things is a revolutionary approach for future technology enhancement: a review,” J Big Data, vol. 6, no. 1, p. 111, Dec. 2019, doi: 10.1186/s40537-019-0268-2.

S. Millar, “IoT Security Challenges and Mitigations: An Introduction,” Dec. 2021.

K. Sha, T. A. Yang, W. Wei, and S. Davari, “A survey of edge computing-based designs for IoT security,” Digital Communications and Networks, vol. 6, no. 2, pp. 195–202, May 2020, doi: 10.1016/j.dcan.2019.08.006.

E. Fazeldehkordi and T.-M. Grønli, “A Survey of Security Architectures for Edge Computing-Based IoT,” IoT, vol. 3, no. 3, pp. 332–365, Jun. 2022, doi: 10.3390/iot3030019.

H. Kalariya, K. Shah, and V. Patel, “An SLR on Edge Computing Security and possible threat protection,” Dec. 2022, [Online]. Available: http://arxiv.org/abs/2212.04563

Y. Xiao, Y. Jia, C. Liu, X. Cheng, J. Yu, and W. Lv, “Edge Computing Security: State-of-The-Art and Challenges,” Proceedings of the IEEE, vol. 107, no. 8, pp. 1608–1631, Aug. 2019, doi: 10.1109/JPROC.2019.2918437.

C. Pvandana and A. Chikkamannur, “Internet of Things future in Edge Computing,” 2016.

R. Smith, D. Palin, P. P. Ioulianou, V. G. Vassilakis, and S. F. Shahandashti, “Battery draining attacks against edge computing nodes in IoT net-works,” Cyber-Physical Systems, vol. 6, no. 2, pp. 96–116, Apr. 2020, doi: 10.1080/23335777.2020.1716268.

R. Ghadiri, “Security and Performance Analysis of Edge Computing in IoT,” University of Twente, 2023.

W. Najib, S. Sulistyo, and Widyawan, “Tinjauan Ancaman dan Solusi Keamanan pada Teknologi Internet of Things,” Jurnal Nasional Teknik Elektro dan Teknologi Informasi, vol. 9, no. 4, pp. 375–384, Dec. 2020, doi: 10.22146/jnteti.v9i4.539.

R. Jansen, T. Vaidya, and M. Sherr, “Point Break: A Study of Bandwidth Denial-of-Service Attacks against Tor,” in Proceedings of the 28th USENIX Conference on Security Symposium, in SEC’19. USA: USENIX Association, 2019, pp. 1823–1840.

A. Kumar and D. Singh, “Detection of Security Attacks on Edge Computing of IoT Devices through NS2 Simulation,” J Phys Conf Ser, vol. 2327, no. 1, p. 012016, Aug. 2022, doi: 10.1088/1742-6596/2327/1/012016.

R. V. Deshmukh and K. K. Devadkar, “Understanding DDoS Attack & its Effect in Cloud Environment,” Procedia Comput Sci, vol. 49, pp. 202–210, 2015, doi: 10.1016/j.procs.2015.04.245.

A. Yudhana, I. Riadi, and S. Suharti, “Network Forensics Against Volumetric-Based Distributed Denial of Service Attacks on Cloud and the Edge Computing,” International Journal of Safety and Security Engineering, vol. 12, no. 5, pp. 577–588, Nov. 2022, doi: 10.18280/ijsse.120505.

S.-H. Lee, Y.-L. Shiue, C.-H. Cheng, Y.-H. Li, and Y.-F. Huang, “Detection and Prevention of DDoS Attacks on the IoT,” Applied Sciences, vol. 12, no. 23, p. 12407, Dec. 2022, doi: 10.3390/app122312407.

E. Gelenbe and M. Nasereddin, “Protecting IoT Servers Against Flood Attacks with the Quasi Deterministic Transmission Policy.” 2023.

K. Bhardwaj, J. C. Miranda, and A. Gavrilovska, “Towards IoT-DDoS Prevention Using Edge Computing,” in USENIX Workshop on Hot Topics in Edge Computing (HotEdge 18), Boston, MA: USENIX Association, Jul. 2018. [Online]. Available: https://www.usenix.org/conference/hotedge18/presentation/bhardwaj

H. Nihri, E. S. Pramukantoro, and P. H. Trisnawan, “Pengembangan IDS Berbasis J48 Untuk Mendeteksi Serangan DoS Pada Perangkat Middle-ware IoT,” Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, vol. 2, no. 12, pp. 6902–6907, 2018.

Y. Jia, F. Zhong, A. Alrawais, B. Gong, and X. Cheng, “FlowGuard: An Intelligent Edge Defense Mechanism Against IoT DDoS Attacks,” IEEE Internet Things J, vol. 7, no. 10, pp. 9552–9562, Oct. 2020, doi: 10.1109/JIOT.2020.2993782.

S. A. Bhat, I. B. Sofi, and C.-Y. Chi, “Edge Computing and Its Convergence With Blockchain in 5G and Beyond: Security, Challenges, and Op-portunities,” IEEE Access, vol. 8, pp. 205340–205373, 2020, doi: 10.1109/ACCESS.2020.3037108.

A. Yudhana, I. Riadi, and S. Suharti, “Network Forensics Against Volumetric-Based Distributed Denial of Service Attacks on Cloud and the Edge Computing,” International Journal of Safety and Security Engineering, vol. 12, no. 5, pp. 577–588, Nov. 2022, doi: 10.18280/ijsse.120505.

J. Abawajy, S. Huda, S. Sharmeen, M. M. Hassan, and A. Almogren, “Identifying cyber threats to mobile-IoT applications in edge computing paradigm,” Future Generation Computer Systems, vol. 89, pp. 525–538, Dec. 2018, doi: 10.1016/j.future.2018.06.053.

S. Hilt, F. Mercês, M. Rosario, and D. Sancho, “Worm War: The Botnet Battle for IoT Territory.”

Y. Yang, S. Zhu, and G. Cao, “Improving sensor network immunity under worm attacks: A software diversity approach,” Ad Hoc Networks, vol. 47, pp. 26–40, Sep. 2016, doi: 10.1016/j.adhoc.2016.04.011.

C. Wei, G. Xie, and Z. Diao, “A lightweight deep learning framework for botnet detecting at the IoT edge,” Comput Secur, vol. 129, p. 103195, Jun. 2023, doi: 10.1016/j.cose.2023.103195.

P. Beltrán-García, E. Aguirre-Anaya, P. J. Escamilla-Ambrosio, and R. Acosta-Bermejo, “IoT Botnets,” 2019, pp. 247–257. doi: 10.1007/978-3-030-33229-7_21.

N. Giachoudis, G.-P. Damiris, G. Theodoridis, and G. Spathoulas, “Collaborative Agent-based Detection of DDoS IoT Botnets,” in 2019 15th International Conference on Distributed Computing in Sensor Systems (DCOSS), IEEE, May 2019, pp. 205–211. doi: 10.1109/DCOSS.2019.00055.

T. Hasan et al., “Securing Industrial Internet of Things Against Botnet Attacks Using Hybrid Deep Learning Approach,” IEEE Trans Netw Sci Eng, vol. 10, no. 5, pp. 2952–2963, Sep. 2023, doi: 10.1109/TNSE.2022.3168533.

M. El-hajj, M. Chamoun, A. Fadlallah, and A. Serhrouchni, “Analysis of authentication techniques in Internet of Things (IoT),” in 2017 1st Cyber Security in Networking Conference (CSNet), IEEE, Oct. 2017, pp. 1–3. doi: 10.1109/CSNET.2017.8242006.

J. M. Borky and T. H. Bradley, “Protecting Information with Cybersecurity,” in Effective Model-Based Systems Engineering, Cham: Springer International Publishing, 2019, pp. 345–404. doi: 10.1007/978-3-319-95669-5_10.

L. Huraj, M. Šimon, and T. Horák, “Resistance of IoT Sensors against DDoS Attack in Smart Home Environment,” Sensors, vol. 20, no. 18, p. 5298, Sep. 2020, doi: 10.3390/s20185298.

S. Evmorfos, G. Vlachodimitropoulos, N. Bakalos, and E. Gelenbe, “Neural network architectures for the detection of SYN flood attacks in IoT systems,” in Proceedings of the 13th ACM International Conference on PErvasive Technologies Related to Assistive Environments, New York, NY, USA: ACM, Jun. 2020, pp. 1–4. doi: 10.1145/3389189.3398000.

F. Antony and R. Gustriansyah, “Deteksi Serangan Denial of Service pada Internet of Things Menggunakan Finite-State Automata,” MATRIK : Jurnal Manajemen, Teknik Informatika dan Rekayasa Komputer, vol. 21, no. 1, pp. 43–52, Nov. 2021, doi: 10.30812/matrik.v21i1.1078.

O. S. M. B. H. Almazrouei, P. Magalingam, M. K. Hasan, and M. Shanmugam, “A Review on Attack Graph Analysis for IoT Vulnerability As-sessment: Challenges, Open Issues, and Future Directions,” IEEE Access, vol. 11, pp. 44350–44376, 2023, doi: 10.1109/ACCESS.2023.3272053.

K. Xu, F. Wang, S. Jimenez, A. Lamontagne, J. Cummings, and M. Hoikka, “Characterizing DNS Behaviors of Internet of Things in Edge Net-works,” IEEE Internet Things J, vol. 7, no. 9, pp. 7991–7998, Sep. 2020, doi: 10.1109/JIOT.2020.2999327.

D. Suryono, “Analisis Keamanan Jaringan Hardware Trojan Pada IoT,” JATISI (Jurnal Teknik Informatika dan Sistem Informasi), vol. 9, no. 4, pp. 3529–3537, Dec. 2022, doi: 10.35957/jatisi.v9i4.2845.

S. Guo, J. Wang, Z. Chen, Y. Li, and Z. Lu, “Securing IoT Space via Hardware Trojan Detection,” IEEE Internet Things J, vol. 7, no. 11, pp. 11115–11122, Nov. 2020, doi: 10.1109/JIOT.2020.2994627.

A. S. Sumi, P. Purnawansyah, and L. Syafie, “Analisa Penerapan Algoritma Brute Force Dalam Pencocokan String,” in Prosiding SAKTI (Semi-nar Ilmu Komputer dan Teknologi Informasi), 2018, pp. 88–92.

D. Stiawan, Mohd. Y. Idris, R. F. Malik, S. Nurmaini, N. Alsharif, and R. Budiarto, “Investigating Brute Force Attack Patterns in IoT Network,” Journal of Electrical and Computer Engineering, vol. 2019, pp. 1–13, Apr. 2019, doi: 10.1155/2019/4568368.

P. Radanliev et al., “Cyber risk at the edge: current and future trends on cyber risk analytics and artificial intelligence in the industrial internet of things and industry 4.0 supply chains,” Cybersecurity, vol. 3, no. 1, p. 13, Dec. 2020, doi: 10.1186/s42400-020-00052-8.

M. Ficco, D. Granata, M. Rak, and G. Salzillo, “Threat Modeling of Edge-Based IoT Applications,” 2021, pp. 282–296. doi: 10.1007/978-3-030-85347-1_21.

D. Stiawan, Mohd. Y. Idris, R. F. Malik, S. Nurmaini, N. Alsharif, and R. Budiarto, “Investigating Brute Force Attack Patterns in IoT Network,” Journal of Electrical and Computer Engineering, vol. 2019, pp. 1–13, Apr. 2019, doi: 10.1155/2019/4568368.

X. Cheng, J. Zhang, and B. Chen, “Cyber Situation Comprehension for IoT Systems based on APT Alerts and Logs Correlation,” Sensors, vol. 19, no. 18, p. 4045, Sep. 2019, doi: 10.3390/s19184045.

Z. Rahman, X. Yi, and I. Khalil, “Blockchain-Based AI-Enabled Industry 4.0 CPS Protection Against Advanced Persistent Threat,” IEEE Internet Things J, vol. 10, no. 8, pp. 6769–6778, Apr. 2023, doi: 10.1109/JIOT.2022.3147186.

Z. Li, X. Cheng, J. Zhang, and B. Chen, “Predicting Advanced Persistent Threats for IoT Systems Based on Federated Learning,” 2021, pp. 76–89. doi: 10.1007/978-3-030-68851-6_5.

T. A. Ahanger, U. Tariq, F. Dahan, S. A. Chaudhry, and Y. Malik, “Securing IoT Devices Running PureOS from Ransomware Attacks: Leveraging Hybrid Machine Learning Techniques,” Mathematics, vol. 11, no. 11, p. 2481, May 2023, doi: 10.3390/math11112481.

M. Al-Hawawreh, E. Sitnikova, and N. Aboutorab, “Asynchronous Peer-to-Peer Federated Capability-Based Targeted Ransomware Detection Model for Industrial IoT,” IEEE Access, vol. 9, pp. 148738–148755, 2021, doi: 10.1109/ACCESS.2021.3124634.

S. Hamdan, M. Ayyash, and S. Almajali, “Edge-Computing Architectures for Internet of Things Applications: A Survey,” Sensors, vol. 20, no. 22, p. 6441, Nov. 2020, doi: 10.3390/s20226441.

C.-H. Liao, H.-H. Shuai, and L.-C. Wang, “Eavesdropping prevention for heterogeneous Internet of Things systems,” in 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), IEEE, Jan. 2018, pp. 1–2. doi: 10.1109/CCNC.2018.8319297.

L. Nie et al., “Intrusion Detection for Secure Social Internet of Things Based on Collaborative Edge Computing: A Generative Adversarial Net-work-Based Approach,” IEEE Trans Comput Soc Syst, vol. 9, no. 1, pp. 134–145, Feb. 2022, doi: 10.1109/TCSS.2021.3063538.

T. Shen, L. Ding, J. Sun, C. Jing, F. Guo, and C. Wu, “Edge Computing for IoT Security: Integrating Machine Learning with Key Agreement,” in 2023 3rd International Conference on Consumer Electronics and Computer Engineering (ICCECE), IEEE, Jan. 2023, pp. 474–483. doi: 10.1109/ICCECE58074.2023.10135211.

Christian Simko, “Man-in-the-Middle Attacks,” GlobalSign Blog. Accessed: Dec. 13, 2023. [Online]. Available: https://www.globalsign.com/en/blog/man-in-the-middle-attacks-iot

“How to Combat MITM Attacks in Edge Environments.” Accessed: Dec. 13, 2023. [Online]. Available: https://edgelabs.ai/blog/how-to-combat-mitm-attacks-in-edge-environments/

H. Fereidouni, O. Fadeitcheva, and M. Zalai, “IoT and Man-in-the-Middle Attacks,” Aug. 2023.

Downloads

Published

2025-02-25

Issue

Vol. 23, No. 1, January 2025

Section

Articles

License

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in JUTI unless they receive approval for doing so from the Editor-in-Chief.

JUTI open access articles are distributed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.