Articles Data Breaches and Identity Theft | Page 8

Cyber security and the Internet of Things 71
Trust plays an important role in establishing secure communication when a
number of things communicate in an uncertain IoT environment. Two dimen-
sions of trust should be considered in IoT: trust in the interactions between
entities, and trust in the system from the users perspective [29] According
to Køien [9] the trustworthiness of an IoT device depends on the device
components including the hardware, such as processor, memory, sensors and
actuators, software resources like hardware-based software, operating system,
drivers and applications, and the power source. In order to gain user/services
trust, there should be an effective mechanism of defining trust in a dynamic
and collaborative IoT environment.
2.2 Security Threats, Attacks, and Vulnerabilities
Before addressing security threats, the system assets (system components)
that make up the IoT must first be identified. It is important to understand the
asset inventory, including all IoT components, devices and services.
An asset is an economic resource, something valuable and sensitive owned
by an entity. The principal assets of any IoT system are the system hardware
(include buildings, machinery, etc.) [11], software, services and data offered
by the services [30].
2.2.1 Vulnerability
Vulnerabilities are weaknesses in a system or its design that allow an intruder
to execute commands, access unauthorized data, and/or conduct denial-of-
service attacks [31, 32]. Vulnerabilities can be found in variety of areas in
the IoT systems. In particular, they can be weaknesses in system hardware
or software, weaknesses in policies and procedures used in the systems and
weaknesses of the system users themselves [7].
IoT systems are based on two main components; system hardware and
system software, and both have design flaws quite often. Hardware vulner-
abilities are very difficult to identify and also difficult to fix even if the
vulnerability were identified due to hardware compatibility and interoper-
ability and also the effort it take to be fixed. Software vulnerabilities can
be found in operating systems, application software, and control software
like communication protocols and devices drives. There are a number of
factors that lead to software design flaws, including human factors and
software complexity. Technical vulnerabilities usually happen due to human
weaknesses. Results of not understanding the requirements comprise starting