Ullah Ikram, de Roode Gerard, Meratnia Nirvana, Havinga Paul
Pervasive Systems Group, Department of Computer Science, University of Twente Enschede, 7522 NB Enschede, The Netherlands.
Faculty of Electrical Engineering, Mathematics and Computer Science, University of Twente, 7522 NB Enschede, The Netherlands.
Sensors (Basel). 2021 Mar 6;21(5):1834. doi: 10.3390/s21051834.
Internet of Things (IoT) has been deployed in a vast number of smart applications with the aim to bring ease and comfort into our lives. However, with the expansion of IoT applications, the number of security and privacy breaches has also increased, which brings into question the resilience of existing security and trust mechanisms. Furthermore, the contemporaneous centralized technology is posing significant challenges viz scalability, transparency and efficiency to wide range of IoT applications such as smart logistics, where millions of IoT devices need to be connected simultaneously. Alternatively, IOTA is a distributed ledger technology that offers resilient security and trust mechanisms and a decentralized architecture to overcome IoT impediments. IOTA has already been implemented in many applications and has clearly demonstrated its significance in real-world applications. Like any other technology, IOTA unfortunately also encounters security vulnerabilities. The purpose of this study is to explore and highlight security vulnerabilities of IOTA and simultaneously demonstrate the value of threat modeling in evaluating security vulnerabilities of distributed ledger technology. IOTA vulnerabilities are scrutinized in terms of feasibility and impact and we have also presented prevention techniques where applicable. To identify IOTA vulnerabilities, we have examined existing literature and online blogs. Literature available on this topic is very limited so far. As far as we know IOTA has barely been addressed in the traditional journals, conferences and books. In total we have identified six vulnerabilities. We used Common Vulnerability Scoring System (CVSS v3.0) to further categorize these vulnerabilities on the basis of their feasibility and impact.
物联网(IoT)已被部署在大量智能应用中,旨在给我们的生活带来便利和舒适。然而,随着物联网应用的扩展,安全和隐私漏洞的数量也在增加,这使得现有安全和信任机制的弹性受到质疑。此外,同期的集中式技术对诸如智能物流等广泛的物联网应用在可扩展性、透明度和效率方面构成了重大挑战,在智能物流中,数百万物联网设备需要同时连接。相比之下,IOTA是一种分布式账本技术,它提供了弹性的安全和信任机制以及去中心化架构,以克服物联网的障碍。IOTA已经在许多应用中得到实施,并在实际应用中清楚地证明了其重要性。不幸的是,与任何其他技术一样,IOTA也存在安全漏洞。本研究的目的是探索和突出IOTA的安全漏洞,同时展示威胁建模在评估分布式账本技术安全漏洞方面的价值。我们从可行性和影响方面仔细审查了IOTA的漏洞,并在适用的情况下提出了预防技术。为了识别IOTA的漏洞,我们查阅了现有文献和在线博客。到目前为止,关于这个主题的可用文献非常有限。据我们所知,传统期刊、会议和书籍中几乎没有涉及IOTA的内容。我们总共识别出了六个漏洞。我们使用通用漏洞评分系统(CVSS v3.0)根据这些漏洞的可行性和影响对其进行进一步分类。
