Securing IoT-Based Heating Control Systems in Critical Infrastructure: Challenges and Solutions

Boldizsár Bednárik; László Gogolák

doi:10.14232/analecta.2025.1.38-44

Authors

Boldizsár Bednárik Doctoral School on Safety and Security Sciences, Óbuda University
László Gogolák University of Szeged - Faculty of Engineering https://orcid.org/0000-0002-6653-3534

DOI:

https://doi.org/10.14232/analecta.2025.1.38-44

Keywords:

IoT, Critical Infrastructure, Cybersecurity, MQTT, ESP8266

Abstract

The integration of smart technology into heating systems has led to increased efficiency and remote management capabilities. However, these advancements also introduce security vulnerabilities, especially in critical infrastructure. This paper explores the development of an IoT-based heating control system utilizing MQTT, ESP8266 microcontrollers, and Node-RED for centralized management. The study examines system design, identifies potential security threats, and proposes strategies to mitigate risks. Additionally, real-world case studies illustrate how cybersecurity weaknesses have impacted similar IoT applications in critical infrastructure, reinforcing the importance of implementing robust security measures.

Downloads

Download data is not yet available.

References

R. H. Weber, “Internet of Things – New security and privacy challenges,” Comput. Law Secur. Rev., vol. 26, no. 1, pp. 23–30, Jan. 2010, doi: 10.1016/j.clsr.2009.11.008. Available: https://linkinghub.elsevier.com/retrieve/pii/S0267364909001939. [Accessed: Jan. 29, 2025]

A. Al-Fuqaha, M. Guizani, M. Mohammadi, M. Aledhari, and M. Ayyash, “Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications,” IEEE Commun. Surv. Tutor., vol. 17, no. 4, pp. 2347–2376, 2015, doi: 10.1109/COMST.2015.2444095. Available: https://ieeexplore.ieee.org/document/7123563/. [Accessed: Jan. 29, 2025]

S. Sicari, A. Rizzardi, L. A. Grieco, and A. Coen-Porisini, “Security, privacy and trust in Internet of Things: The road ahead,” Comput. Netw., vol. 76, pp. 146–164, Jan. 2015, doi: 10.1016/j.comnet.2014.11.008. Available: https://linkinghub.elsevier.com/retrieve/pii/S1389128614003971. [Accessed: Jan. 29, 2025]

Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, “A Survey on Security and Privacy Issues in Internet-of-Things,” IEEE Internet Things J., vol. 4, no. 5, pp. 1250–1258, Oct. 2017, doi: 10.1109/JIOT.2017.2694844. Available: http://ieeexplore.ieee.org/document/7902207/. [Accessed: Jan. 29, 2025]

M. S. Hossain and G. Muhammad, “Cloud-assisted Industrial Internet of Things (IIoT) – Enabled framework for health monitoring,” Comput. Netw., vol. 101, pp. 192–202, Jun. 2016, doi: 10.1016/j.comnet.2016.01.009. Available: https://linkinghub.elsevier.com/retrieve/pii/S1389128616300019. [Accessed: Jan. 29, 2025]

A. A. Diro and N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for Internet of Things,” Future Gener. Comput. Syst., vol. 82, pp. 761–768, May 2018, doi: 10.1016/j.future.2017.08.043. Available: https://linkinghub.elsevier.com/retrieve/pii/S0167739X17308488. [Accessed: Jan. 29, 2025]

M. Antonakakis et al., “Understanding the Mirai Botnet,” in 26th USENIX Security Symposium (USENIX Security 17), Vancouver, BC: USENIX Association, Aug. 2017, pp. 1093–1110. Available: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/antonakakis

S. N. Firdous, Z. Baig, C. Valli, and A. Ibrahim, “Modelling and Evaluation of Malicious Attacks against the IoT MQTT Protocol,” in 2017 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), Exeter: IEEE, Jun. 2017, pp. 748–755. doi: 10.1109/iThings-GreenCom-CPSCom-SmartData.2017.115. Available: http://ieeexplore.ieee.org/document/8276834/. [Accessed: Jan. 29, 2025]

A. Bashir and A. Hussain Mir, “Securing Communication in MQTT enabled Internet of Things with Lightweight security protocol,” EAI Endorsed Trans. Internet Things, vol. 3, no. 12, p. e1, Oct. 2017, doi: 10.4108/eai.6-4-2018.154390. Available: https://publications.eai.eu/index.php/IoT/article/view/672. [Accessed: Jan. 29, 2025]

F. A. Alaba, M. Othman, I. A. T. Hashem, and F. Alotaibi, “Internet of Things security: A survey,” J. Netw. Comput. Appl., vol. 88, pp. 10–28, Jun. 2017, doi: 10.1016/j.jnca.2017.04.002. Available: https://linkinghub.elsevier.com/retrieve/pii/S1084804517301455. [Accessed: Jan. 29, 2025]

C. M. Medaglia and A. Serbanati, “An Overview of Privacy and Security Issues in the Internet of Things,” in The Internet of Things, D. Giusto, A. Iera, G. Morabito, and L. Atzori, Eds., New York, NY: Springer New York, 2010, pp. 389–395. doi: 10.1007/978-1-4419-1674-7_38. Available: http://link.springer.com/10.1007/978-1-4419-1674-7_38. [Accessed: Jan. 29, 2025]

M. Conti, A. Dehghantanha, K. Franke, and S. Watson, “Internet of Things security and forensics: Challenges and opportunities,” Future Gener. Comput. Syst., vol. 78, pp. 544–546, Jan. 2018, doi: 10.1016/j.future.2017.07.060. Available: https://linkinghub.elsevier.com/retrieve/pii/S0167739X17316667. [Accessed: Jan. 29, 2025]

J. H. Ziegeldorf, O. G. Morchon, and K. Wehrle, “Privacy in the Internet of Things: threats and challenges,” Secur. Commun. Netw., vol. 7, no. 12, pp. 2728–2742, Dec. 2014, doi: 10.1002/sec.795. Available: https://onlinelibrary.wiley.com/doi/10.1002/sec.795. [Accessed: Jan. 29, 2025]

Institute of Electrical and Electronics Engineers and Ǧāmiʿat al-Qāhira, Eds., 8th International Conference on Informatics and Systems (INFOS), 2012: 14 - 16 May 2012, Giza, Egypt. Piscataway, NJ: IEEE, 2012.

R. Roman, J. Zhou, and J. Lopez, “On the features and challenges of security and privacy in distributed internet of things,” Comput. Netw., vol. 57, no. 10, pp. 2266–2279, Jul. 2013, doi: 10.1016/j.comnet.2012.12.018. Available: https://linkinghub.elsevier.com/retrieve/pii/S1389128613000054. [Accessed: Jan. 29, 2025]