Nesnelerin İnternetinin Kişisel, Kurumsal ve Ulusal Bilgi Güvenliği Açısından İncelenmesi

Yıl 2017, Cilt: 10 Sayı: 2, 28 - 41, 26.12.2017

Mehtap Ülker Yavuz Canbay Şeref Sağıroğlu

Öz

Kişisel kurumsal ve ulusal değer
varlıklarından olan bilginin korunması, kişisel güvenlik, kurum işleyişi ve
ulusal güvenlik açısından önemlidir. Bilgi güvenliğinin sağlanmasında birçok önlem
alınmasına rağmen, yine de istenilen düzeyde bir koruma sağlanmamaktadır. Son
yıllarda, Nesnelerin İnterneti (IoT) hayatımızın birçok alanına girmiş ve
bundan dolayı her alanda bu teknoloji için gerekli bilgi güvenliği tedbirlerin
alınması ihtiyacı ortaya çıkmıştır. Bu çalışmanın amacı, nesnelerin internetini
kişisel, kurumsal ve ulusal bilgi güvenliği açısından irdelemek, bu sistemlere karşı
yapılabilecek saldırıları araştırmak, incelemek ve alınabilecek önlemler
konusunda önerilerde bulunmaktır. Çalışma kapsamında nesnelerin interneti kişisel,
kurumsal ve ulusal bilgi güvenliği çerçevesinde ele alınmış, nesnelerin
internetinin bileşenleri, güvenlik mimarisi, bu sistemlere karşı yapılabilecek
güvenlik tehditleri ve alınabilecek önlemlere yer verilmiştir. Sonuç olarak, bu
araştırma sonucunda sunulan önerilerin IoT güvenliğine ve dolayısıyla sistem
güvenliğine katkı sağlayacağı değerlendirilmektedir.

Anahtar Kelimeler

Nesnelerin interneti, bilgi güvenliği, güvenlik tehditleri, kurumsal bilgi güvenliği, kişisel bilgi güvenliği, ulusal bilgi güvenliği

Kaynakça

• [1] S. Li, L. Da Xu, and S. Zhao, "The internet of things: a survey," Information Systems Frontiers, vol. 17, no. 2, pp. 243-259, 2015.
• [2] H. Karl, F. Mattern, and K. Rm̲er, Wireless Sensor Networks. Springer, 2006.
• [3] C. Perera, A. Zaslavsky, P. Christen, and D. Georgakopoulos, "Sensing as a service model for smart cities supported by internet of things," Transactions on Emerging Telecommunications Technologies, vol. 25, no. 1, pp. 81-93, 2014.
• [4] I. Gudymenko and M. Hutter, "Security in the Internet of Things," Proceedings of Intensive Program on Information Communication Security (IPICS 2011), pp. 22-31, 2011.
• [5] H. Suo, J. Wan, C. Zou, and J. Liu, "Security in the internet of things: a review," in Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on, 2012, vol. 3, pp. 648-651: IEEE.
• [6] L. Da Xu, W. He, and S. Li, "Internet of things in industries: A survey," IEEE Transactions on Industrial Informatics, vol. 10, no. 4, pp. 2233-2243, 2014.
• [7] V. Pachghare, Cryptography and information security. PHI Learning Pvt. Ltd., 2015.
• [8] Y. Vural and Ş. Sağıroğlu, "Kurumsal Bilgi Güvenliği ve Standartlari Üzerine Bir Inceleme," Gazi Üniversitesi Mühendislik-Mimarlık Fakültesi Dergisi, vol. 23, no. 2, 2008. [9] J. Du and S. Chao, "A study of information security for M2M of IOT," in Advanced Computer Theory and Engineering (ICACTE), 2010 3rd International Conference on, 2010, vol. 3, pp. V3-576-V3-579: IEEE.
• [10] M. Darwish, A. Ouda, and L. F. Capretz, "Cloud-based DDoS attacks and defenses," in Information Society (i-Society), 2013 International Conference on, 2013, pp. 67-71: IEEE.
• [11] A. Zuquete, "Improving the functionality of SYN cookies," in Advanced Communications and Multimedia Security: Springer, 2002, pp. 57-77.
• [12] A. Piskozub, "Denial of service and distributed denial of service attacks," in Modern Problems of Radio Engineering, Telecommunications and Computer Science, 2002. Proceedings of the International Conference, 2002, pp. 303-304: IEEE.
• [13] I. Mopari, S. Pukale, and M. Dhore, "Detection and defense against DDoS attack with IP spoofing," in Computing, Communication and Networking, 2008. ICCCn 2008. International Conference on, 2008, pp. 1-5: IEEE.
• [14] Y. Wang and J. Chen, "Hijacking spoofing attack and defense strategy based on Internet TCP sessions," in Instrumentation and Measurement, Sensor Network and Automation (IMSNA), 2013 2nd International Symposium on, 2013, pp. 507-509: IEEE.
• [15] S. Zadgaonkar, V. C. Pandey, and P. S. Pradhan, "Developing a Model to Enhance E-Mail Authentication against E-Mail Address Spoofing Using Application," International Journal of Science and Modern Engineering (IJISME), vol. 1, pp. 13-17, 2013.
• [16] A. A. Khan, "Preventing phishing attacks using one time password and user machine identification," arXiv preprint arXiv:1305.2704, 2013.
• [17] A. Prakash and D. P. Agarwal, "Data Security in Wired and Wireless Systems," in Handbook of Research on Modern Cryptographic Solutions for Computer and Cyber Security: IGI Global, 2016, pp. 1-27.
• [18] L. Yang, P. Yu, W. Bailing, B. Xuefeng, Y. Xinling, and L. Geng, "IOT secure transmission based on integration of IBE and PKI/CA," International Journal of Control & Automation, vol. 6, no. 2, pp. 50-61, 2013.
• [19] H. Ning and H. Liu, "Cyber-physical-social based security architecture for future internet of things," Advances in Internet of Things, vol. 2, no. 01, p. 1, 2012.
• [20] A. Sivabalan, M. Rajan, and P. Balamuralidhar, "Towards a Light Weight Internet of Things Platform Architecture," Journal of ICT Standardization, vol. 1, no. 2, pp. 241-252, 2013.
• [21] B. Yan, B. Fang, B. Li, and Y. Wang, "Detection and defence of DNS spoofing attack," Jisuanji Gongcheng/ Computer Engineering, vol. 32, no. 21, pp. 130-132, 2006.
• [22] W. G. Halfond, J. Viegas, and A. Orso, "A classification of SQL-injection attacks and countermeasures," in Proceedings of the IEEE International Symposium on Secure Software Engineering, 2006, vol. 1, pp. 13-15: IEEE.
• [23] K. Dunham, Mobile malware attacks and defense. Syngress, 2008.
• [24] K. Nirmal, B. Janet, and R. Kumar, "Phishing-the threat that still exists," in Computing and Communications Technologies (ICCCT), 2015 International Conference on, 2015, pp. 139-143: IEEE.
• [25] J. Gubbi, R. Buyya, S. Marusic, and M. Palaniswami, "Internet of Things (IoT): A vision, architectural elements, and future directions," Future Generation Computer Systems, vol. 29, no. 7, pp. 1645-1660, 2013.
• [26] J. Patarin, "Hidden fields equations (HFE) and isomorphisms of polynomials (IP): Two new families of asymmetric algorithms," in International Conference on the Theory and Applications of Cryptographic Techniques, 1996, pp. 33-48: Springer.
• [27] M. Feldhofer, S. Dominikus, and J. Wolkerstorfer, "Strong authentication for RFID systems using the AES algorithm," in International Workshop on Cryptographic Hardware and Embedded Systems, 2004, pp. 357-370: Springer.
• [28] G. Wu, S. Talwar, K. Johnsson, N. Himayat, and K. D. Johnson, "M2M: From mobile to embedded internet," IEEE Communications Magazine, vol. 49, no. 4, pp. 36-43, 2011.
• [29] Q. Jing, A. V. Vasilakos, J. Wan, J. Lu, and D. Qiu, "Security of the internet of things: Perspectives and challenges," Wireless Networks, vol. 20, no. 8, pp. 2481-2501, 2014.
• [30] A. Riahi, Y. Challal, E. Natalizio, Z. Chtourou, and A. Bouabdallah, "A systemic approach for IoT security," in Distributed Computing in Sensor Systems (DCOSS), 2013 IEEE International Conference on, 2013, pp. 351-355: IEEE.
• [31] A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, "Internet of things: A survey on enabling technologies, protocols, and applications," IEEE Communications Surveys & Tutorials, vol. 17, no. 4, pp. 2347-2376, 2015.
• [32] A. Botta, W. de Donato, V. Persico, and A. Pescapé, "Integration of cloud computing and internet of things: a survey," Future Generation Computer Systems, vol. 56, pp. 684-700, 2016.
• [33] D. C. Chou, "Cloud computing risk and audit issues," Computer Standards & Interfaces, vol. 42, pp. 137-142, 2015.
• [34] Y. Song, "Security in Internet of Things," 2013.
• [35] M. Presser, P. M. Barnaghi, M. Eurich, and C. Villalonga, "The SENSEI project: integrating the physical world with the digital world of the network of the future," IEEE Communications Magazine, vol. 47, no. 4, pp. 1-4, 2009.
• [36] Y. Song, "Security in Internet of Things," ed, 2013.
• [37] L. Atzori, A. Iera, and G. Morabito, "The internet of things: A survey," Computer networks, vol. 54, no. 15, pp. 2787-2805, 2010.
• [38] D. Molnar and D. Wagner, "Privacy and security in library RFID: Issues, practices, and architectures," in Proceedings of the 11th ACM conference on Computer and communications security, 2004, pp. 210-219: ACM.
• [39] F. L. Gandon and N. M. Sadeh, "Semantic web technologies to reconcile privacy and context awareness," Web Semantics: Science, Services and Agents on the World Wide Web, vol. 1, no. 3, pp. 241-260, 2004.
• [40] L. Yang, P. Yu, W. Bailing, B. Xuefeng, Y. Xinling, and L. Geng, "IOT secure transmission based on integration of IBE and PKI/CA," International Journal of Control and Automation, vol. 6, no. 2, pp. 245-254, 2013.
• [41] C. Liu and J. Qiu, "Study on a Secure Wireless Data Communication in Internet of Things Applications," International Journal of Computer Science and Network Security (IJCSNS), vol. 15, no. 2, p. 18, 2015.
• [42] P. N. Mahalle, B. Anggorojati, N. R. Prasad, and R. Prasad, "Identity authentication and capability based access control (iacac) for the internet of things," Journal of Cyber Security and Mobility, vol. 1, no. 4, pp. 309-348, 2013.
• [43] Q. Zhu, R. Wang, Q. Chen, Y. Liu, and W. Qin, "Iot gateway: Bridgingwireless sensor networks into internet of things," in Embedded and Ubiquitous Computing (EUC), 2010 IEEE/IFIP 8th International Conference on, 2010, pp. 347-352: IEEE.
• [44] A. F. Skarmeta, J. L. Hernandez-Ramos, and M. Moreno, "A decentralized approach for security and privacy challenges in the internet of things," in Internet of Things (WF-IoT), 2014 IEEE World Forum on, 2014, pp. 67-72: IEEE.
• [45] M. B. Shemaili, C. Y. Yeun, K. Mubarak, and M. J. Zemerly, "A new lightweight hybrid cryptographic algorithm for the internet of things," in Internet Technology And Secured Transactions, 2012 International Conference for, 2012, pp. 87-92: IEEE.
• [46] H. Shafagh and A. Hithnawi, "Security Comes First, A Public-key Cryptography Framework for the Internet of Things," in Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on, 2014, pp. 135-136: IEEE.
• [47] Z. Bohan, W. Xu, Z. Kaili, and Z. Xueyuan, "Encryption Node Design in Internet of Things Based on Fingerprint Features and CC2530," in Green Computing and Communications (GreenCom), 2013 IEEE and Internet of Things (iThings/CPSCom), IEEE International Conference on and IEEE Cyber, Physical and Social Computing, 2013, pp. 1454-1457: IEEE.
• [48] R. Prasad, My personal adaptive global NET (MAGNET). Springer, 2010.
• [49] W. Zhang and B. Qu, "Security Architecture of the Internet of Things Oriented to Perceptual Layer," International Journal on Computer, Consumer and Control (IJ3C), vol. 2, no. 2, pp. 37-45, 2013.
• [50] W. Jones, Keeping found things found: The study and practice of personal information management. Morgan Kaufmann, 2010.
• [51] S. Sciancalepore, A. Capossele, G. Piro, G. Boggia, and G. Bianchi, "On the design of lightweight link-layer security mechanisms in IoT systems," Networks (Elsevier), vol. 76, pp. 146-164, 2015.
• [52] D. Zissis and D. Lekkas, "Addressing cloud computing security issues," Future Generation computer systems, vol. 28, no. 3, pp. 583-592, 2012.
• [53] (27.01.2017). 2016-2019 Ulusal Siber Güvenlik Stratejisi ve Eylem Planı. Available: http://www.udhb.gov.tr/doc/siberg/2016-2019guvenlik.pdf
• [54] (24-07-2017). The Future is Here – Assaulting the Internet with MiraiAvailable: https://umbrella.cisco.com/blog/blog/2017/01/05/future-assaulting-internet-mirai/
• [55] (24-07-2017). Hajime worm battles Mirai for control of the Internet of Things Available: https://www.symantec.com/connect/blogs/hajime-worm-battles-mirai-control-internet-things
• [56] (24-07-2017). IoT Malware that Wipes Data from Infected Devices Available: https://antivirus.comodo.com/blog/computer-safety/iot-malware-wipes-data-infected-devices/