Siksha Sarovar

Siksha Sarovar (sikshasarovar.com) is a free educational web application that helps students in India learn programming and prepare for academic and competitive exams. The platform offers structured coding courses (C, C++, Python, Java, HTML, CSS, PHP, Power BI, AI, Machine Learning, Data Science), complete university curriculum notes for BCA/MCA students with previous year question papers, Class 10 and Class 12 CBSE/HBSE school notes, and dedicated preparation material for SSC, UPSC, Banking, Railway and other government exams. Browsing the site is completely free and requires no account. Users may optionally sign in with Google solely to save their learning progress, quiz scores and personal preferences across devices.

Privacy Policy | Terms of Service | Contact Siksha Sarovar | About Siksha Sarovar

v4.0.9 · PWA
Siksha Sarovar logo
Siksha Sarovar
Your Learning Universe

Siksha Sarovar is a free e-learning platform for coding courses, BCA university notes and competitive exam preparation. Optional Google sign-in saves your learning progress across devices.

Initializing knowledge base…
Compiling modules 0%

4.2 Security Challenges in IoT: The Vulnerability Landscape

Lesson 24 of 31 in the free Internet of Things (IoT) notes on Siksha Sarovar, written by Rohit Jangra.

4.2.1 Why standard IT Security fails in IoT

Traditional security (like heavy Firewalls and Antivirus) requires massive CPU and RAM. IoT devices are "Constrained" and cannot run these tools. Furthermore, they are often deployed in unmonitored physical locations (e.g., a smart meter on a street).

4.2.2 Critical Security Challenges

  • Weak Authentication: Use of default passwords (e.g., admin/admin) and lack of multi-factor authentication for devices.
  • Insecure Web Interfaces: Vulnerable APIs that allow SQL injection or Cross-site scripting (XSS) into the IoT dashboard.
  • Lack of Encryption: Sending MQTT packets in plain text over public Wi-Fi.
  • Insecure OTA: Attacking the update process to inject a malicious kernel into the device.

4.2.3 IoT Security Attack Vector Taxonomy

  1. Physical Attacks: Tampering with the hardware, probing the PCB traces to extract cryptographic keys.
  2. Network Attacks: Jamming the RF signal, Sybil attacks (one node assuming multiple IDs), and Sinkhole routing attacks.
  3. Software Attacks: Exploiting buffer overflows in the network stack or OS kernel.
  4. Data Privacy Attacks: Eavesdropping on private sensor data (e.g., a smart camera or microphone).

4.2.4 The Defense-in-Depth Strategy

  • Root of Trust (RoT): A hardware-protected key storage area (Secure Element).
  • TLS/DTLS: Providing end-to-end encrypted tunnels for every data packet.
  • Intrusion Detection (IDS): AI models in the cloud that detect "Anomaly" behavior (e.g., a smart lightbulb suddenly trying to connect to a bank's server).