diplomsko delo visokošolskega študijskega programa Informacijska varnost
Luka Kanduč (Author), Kaja Prislan (Mentor)

Abstract

Skladno s sodobnimi tehnološkimi trendi internet stvari (t.i. IoT) postaja vse bolj razširjen pojav, tako v poslovnem okolju kot vsakodnevnem življenju. Zaradi ogromnih količin podatkov in tveganj, ki nastajajo pri uporabi in delovanju IoT naprav, je postala njihova varnost pomembna raziskovalna tema. IoT naprave namreč zbirajo in obdelujejo osebne in občutljive uporabniške informacije in prav zaradi tega morajo biti odporne na grožnje in napade ter omogočiti zaupanje, varnost in zasebnost podatkov ter uporabnikov. Dosedanje raziskave kažejo, da je z delovanjem in uporabo IoT naprav povezanih ogromno ranljivosti, z zagotavljanjem varnosti pa so povezani številni izzivi, ki izhajajo iz kompleksne arhitekture in dinamičnega IoT okolja. Izziv predstavlja tudi eksponenten tehnološki napredek. Zaradi hitrosti razvoja IoT je namreč varnost pogosto zanemarjena. Namen diplomskega dela je bil opraviti pregled aktualnih varnostnih izzivov in ključnih ranljivosti, povezanih z delovanjem in uporabo IoT naprav. Cilj je bil ugotoviti, katere varnostne ranljivosti so najpogostejše in kakšne so njihove značilnosti. Skladno s tem je bila v empiričnem delu opravljena analiza ranljivosti povezanih z IoT napravami, vključenih v CVE podatkovno bazo, ki vključuje seznam javno znanih ranljivosti in izpostavljenosti na področju kibernetske varnosti. Rezultati kažejo, da lahko izkoriščanje ranljivosti IoT naprav v večini primerov vpliva na zaupnost, celovitost in dostopnost sistemov, pri čemer za izvedbo napada najpogosteje ni potrebna uporabniška interakcija, zadostuje pa že dostop preko interneta. Med najpogostejše ranljivosti sodijo neustrezne omejitve delovanja pri delu s pomnilnikom, možnosti vrivanja ukazov in neustrezno filtriranje vhodnih podatkov. Ugotovitve diplomskega dela prispevajo k razumevanju ključnih tveganj na področju IoT. Predstavljena priporočila za varen razvoj in izvedbo IoT naprav pa prispevajo k učinkovitejšemu načrtovanju in prenovi IoT naprav ter sistemov, saj se z upoštevanjem najpogostejših ranljivosti lahko odpravi velik del varnostnih tveganj.

Keywords

diplomske naloge;internet stvari;varnostne ranljivosti;stopnja tveganja;vektorji napadov;posledice;

Data

Language: Slovenian
Year of publishing:
Typology: 2.11 - Undergraduate Thesis
Organization: UM FVV - Faculty of Criminal Justice
Publisher: [L. Kanduč]
UDC: 004.056:004.451.056(043.2)
COBISS: 29624835 Link will open in a new window
Views: 428
Downloads: 99
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Security vulnerabilities analysis of the internet of things
Secondary abstract: The Internet of Things [IoT] is becoming an increasingly widespread phenomenon amongst modern technological trends. Due to the huge amounts of data generated by the use and operation of IoT devices, security has become an important research priority. IoT devices are collecting and processing personal and sensitive user data, which is why they must be resistant to threats and attacks and enable the trust, security, and privacy of data and users. Research to date has shown that the operation and use of IoT devices are associated with enormous vulnerabilities, and that security challenges are associated with a number of challenges arising from the complex architecture and dynamic IoT environment. Exponential technological advancement is also a challenge. Due to the high speed of IoT development, security is often being neglected. The purpose of the thesis was to review current security challenges and key vulnerabilities related to the operation and use of IoT devices. The aim was to determine the most common security vulnerabilities and describe their characteristics. Accordingly, in the empirical part, an analysis of vulnerabilities related to IoT devices included in the CVE database was performed. The database includes a list of publicly known cybersecurity vulnerabilities. The results showed that exploiting the vulnerabilities of IoT devices in most cases can affect the system confidentiality, integrity and availability, while most often no user interaction is required to carry out the attack, and internet access is mostly sufficient. The most common vulnerabilities include inadequate IoT device memory restrictions, command injection options, and improper input validation. The findings of the thesis contribute to the understanding of key security risks in the field of IoT. Presented recommendations for safe development and implementation of IoT devices contribute to more efficient design and rebuilding of IoT devices and systems, because considering the most common vulnerabilities can eliminate a great part of security risks.
Secondary keywords: Internet of things;security vulnerabilities;risk level;attack vectors;consequences;
Type (COBISS): Bachelor thesis/paper
Thesis comment: Univ. v Mariboru, Fak. za varnostne vede, Ljubljana
Pages: V, 45 str.
ID: 12040796
Recommended works:
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, diplomsko delo visokošolskega študijskega programa Informacijska varnost
, no subtitle data available
, no subtitle data available
, no subtitle data available