The IoT security issues are multifaceted, including the traditional network security problems, the security problems of computing systems and the special IoT security problems in the process of Internet of things perception. The following is a brief introduction to some special security issues in the Internet of things system.
- Information leakage caused by tag scanning of IoT
Since the operation of the Internet of things relies on tag scanning, and the tags of IoT devices contain very important information such as authentication related information and key. In the scanning process, the tag can automatically respond to the reader, but the query result will not be informed to the owner. In this way, the Internet of things tag scanning can release information to nearby readers, and the RF signal is not blocked by buildings and metal objects, and some private information in the tags connected with the items may be leaked. Personal privacy leakage during tag scanning may cause harm to individuals, even endanger social stability and national security.
- Internet of things RFID tag is under malicious attack
Internet of things can be widely used because most of its applications do not rely on people to complete, which not only saves manpower, but also improves efficiency. However, this kind of malicious operation provides an opportunity for the attacker to operate in a malicious way. Malicious attackers are likely to destroy the RF scanning equipment, or even obtain RF signals in the laboratory, tamper with and forge tags, which will threaten the IoT security.
- Tag users may be located and tracked
The RFID tag can only respond to the signal in accordance with the working frequency, but it can’t distinguish the illegal signal from the legal signal. In this way, the malicious attacker may use the illegal RF signal to interfere with the normal RF signal, and may locate and track the tag owner. In this way, it may not only cause hidden danger of life and property to the relevant personnel who are located and tracked, but also may cause the leakage of state secrets and bring security crisis to the country.
- Unsafe factors of the Internet of things may spread through the Internet
The Internet of things is built on the basis of the Internet, and the Internet is a complex and diverse platform, which itself has unsafe factors, such as viruses, Trojans and various loopholes. Internet of things based on the Internet will be disturbed by these security risks, and malicious attackers may use the Internet to destroy the IoT. The existing IoT security problems will also spread through the Internet, thus expanding the adverse impact.
- Internet of things encryption mechanism needs to be improved
At present, network transmission encryption uses hop by hop encryption, which only encrypts the protected chain, and any node in the middle can be interpreted, which may cause information leakage. The end-to-end encryption method is used in business transmission, but the source address and destination address are not kept secret, which will also cause security risks. The imperfection of encryption mechanism not only threatens the IoT security , but also threatens national security.
- The security risks of Internet of things will aggravate the security threat of industrial control network
The application of Internet of things faces all walks of life in the society, and effectively solves the problems of remote monitoring, control and transmission. However, the security risks in the perception, transmission and processing stages of the Internet of things may extend to the actual industrial network. These security risks have been lurking in IoT terminals, IoT sensing nodes and IoT transmission channels for a long time, waiting for the opportunity to carry out attacks, damaging industrial system security, and even threatening national security.
In the IoT security risks, the leakage of user privacy is a great potential security hazard to users, so when considering countermeasures, the first thing is to protect the privacy of users. At present, the main methods are encryption and authorization authentication, so that only the user who has the decryption key can read the user data and personal information in the communication, which can ensure that the transmission process is not monitored by others. But in this way, the use of encrypted data will become extremely inconvenient. Therefore, it is necessary to study the encryption algorithm supporting ciphertext retrieval and operation.