SECURING IOT DEVICES AND SECURELY CONNECTING

THE DOTS USING REST API AND MIDDLEWARE

SEMINAR REPORT

SUBMITTED BY
KIRUTHIGA.V
18TC0639

DEPARTMENT OF ELECTRONICS AND COMMUNICATION

ENGINEERING

MANAKULA VINAYAGAR INSTITUTE OF TECHNOLOGY

Puducherry-605107
ABSTRACT:

Internet of Things (IoT) is a fairly disruptive

technology with inconceivable growth, impact,
and capability. We present the REST API in the
IoT Systems and some initial concepts of IoT,
whose technology is able to record and count
everything. We as well highlight the concept of
middleware that connects these devices and
cloud.
The appearance of new IoT applications in the
cloud has brought new threats to security and
privacy of data. Therefore it is required to
introduce a secure IoT system which doesn’t
allow attackers infiltration in the network
through IoT devices and also to secure data in
transit from IoT devices to cloud. We provide the
details on how Representational State Transfer
(REST) API allows to securely expose connected
devices to applications on cloud and users. In the
proposed model, middleware is primarily used to
expose device data through REST and to hide
details and act as an interface to the user to
interact with sensor data.
 INTRODUCTION:

The Internet of Things interconnects computer

devices integrated in everyday objects through
the Internet, allowing them to send and receive
data.

There are two-fold advantages, we can

empower our computers to gather information
about surroundings without depending on
humans and by processing the information
collected we can reduce extravagance, loss, and
cost.

The Internet of Things allows for interaction

between the physical world and the digital world.
The digital world interacts with the physical
world via sensors and actuators. These sensors
collect information that must be stored and
processed. Data processing can take place at the
edge of the network or at a remote server or
cloud.
What is a REST API?

OVERVIEW
A REST API (also known as RESTful API) is an
application programming interface (API or web API)
that conforms to the constraints of REST architectural
style and allows for interaction with RESTful web
services. REST stands for representational state transfer
and was created by computer scientist Roy Fielding.
What's an API?
An API is a set of definitions and protocols for building
and integrating application software. It’s sometimes
referred to as a contract between an information
provider and an information user—establishing the
content required from the consumer (the call) and the
content required by the producer (the response). For
example, the API design for a weather service could
specify that the user supply a zip code and that the
producer reply with a 2-part answer, the first being the
high temperature, and the second being the low.  
In other words, if you want to interact with a computer
or system to retrieve information or perform a function,
an API helps you communicate what you want to that
system so it can understand and fulfill the request. 
You can think of an API as a mediator between the
users or clients and the resources or web services they
want to get. It’s also a way for an organization to share
resources and information while maintaining security,
control, and authentication—determining who gets
access to what. 
Another advantage of an API is that you don’t have to
know the specifics of caching—how your resource is
retrieved or where it comes from.
REST

REST is a set of architectural constraints, not a protocol

or a standard. API developers can implement REST in a
variety of ways.
When a client request is made via a RESTful API, it
transfers a representation of the state of the resource to
the requester or endpoint. This information, or
representation, is delivered in one of several formats via
HTTP: JSON (Javascript Object Notation), HTML,
XLT, Python, PHP, or plain text. JSON is the most
generally popular file format to use because, despite its
name, it’s language-agnostic, as well as readable by
both humans and machines. 
Something else to keep in mind: Headers and
parameters are also important in the HTTP methods of
a RESTful API HTTP request, as they contain
important identifier information as to the
request's metadata, authorization, uniform resource
identifier (URI), caching, cookies, and more. There are
request headers and response headers, each with their
own HTTP connection information and status codes.
In order for an API to be considered RESTful, it has to
conform to these criteria:

 A client-server architecture made up of clients,

servers, and resources, with requests managed
through HTTP.
 Stateless client-server communication, meaning no
client information is stored between get requests
and each request is separate and unconnected.
 Cacheable data that streamlines client-server
interactions.
 A uniform interface between components so that
information is transferred in a standard form. This
requires that:
o resources requested are identifiable and
separate from the representations sent to the
client.
o resources can be manipulated by the client via
the representation they receive because the
representation contains enough information to
do so.
o self-descriptive messages returned to the client
have enough information to describe how the
client should process it.
 o hypertext/hypermedia is available, meaning
that after accessing a resource the client should
be able to use hyperlinks to find all other
currently available actions they can take.
 A layered system that organizes each type of server
(those responsible for security, load-balancing,
etc.) involved the retrieval of requested information
into hierarchies, invisible to the client.
 Code-on-demand (optional): the ability to send
executable code from the server to the client when
requested, extending client functionality. 
Though the REST API has these criteria to conform to,
it is still considered easier to use than a prescribed
protocol like SOAP (Simple Object Access Protocol),
which has specific requirements like XML messaging,
and built-in security and transaction compliance that
make it slower and heavier. 
In contrast, REST is a set of guidelines that can be
implemented as needed, making REST APIs faster and
more lightweight, with increased scalablity—perfect
for Internet of Things (IoT) and mobile app
development. 
A. REST for machine-to-machine connectivity and
IoT
APIs allow to expose the connected device to users
in a secure manner. RESTful APIs are widely being
used in the modern web. Data transfer is usually done
using JSON or XML over HTTP. It is a good model
for the heterogeneous systems. REST API makes the
device information easily available. They can
standardize on a way to create, read, update, and
delete this data. All these operations will be input to
the REST query calls. REST APIs allow to delegate
and manage authorization. The API can authenticate
on the server and the server can authenticate to the
API to prevent the man-in-the-middle attacks.

B. IoT Middleware architecture

One way to handle such heterogeneous
applications is that we can have a middleware
platform that will become the bridge between things
and applications in the cloud. Middleware packages
and abstracts hardware, and provides application
programming interfaces (APIs) for communication,
data processing, computing, privacy and security.
Figure gives the overall picture of the role of
middleware in IoT. In the broad category, there are
four main components of an IoT System – things
itself, the local network which can include a
gateway, middleware, cloud (for user access control,
Business Data Analysis etc.).
 IoT Middleware Architecture

I. SECURITY CHALLENGES IN IOT

IoT applications are becoming part of personal
lives and data collected is rather sensitive and
private to an individual. Privacy and Security issues
must be addressed in all of these environments. As
in the health sector, health data is highly critical for
personal privacy, therefore it should not be accessed
by an unauthorized entity.The recent voluminous
DDoS attacks (October 2016) on DYN’s servers
that brought down many popular online services in
the US, letting us know what can happen when
attackers are able to leverage up to 150,000 unsecure
IoT devices as malicious terminals. To understand
the overall approach to data security, there is a need
to know about the security requirements for all key
 components of IoT system i.e. IoT devices, IoT
users, Middleware/ IoT gateway, communication
channel, and cloud applications.
A. Need for Trusted Devices
IoT middleware needs to manage a trust relationship
with devices so that these devices can be authenticated
and authorized to share data. It needs to enforce
authentication prior to communication with any device
enabling proof of the origin of data. These devices are
assigned unique identities that disallow the reuse of
security credentials across devices
A. Connecting IoT devices to Middleware.
There is a requirement to connect a large number of
heterogeneous smart devices like connected cars,
connected wearables, smart cities etc. IoT devices are
typically connected to the Internet through an IP
stack. This stack now has its own complexity and
requires a lot of power and memory from connected
devices.

B. Security of Communication channel.

IoT Data needs to be secured while at rest as well as
while in transit to ensure data integrity. Security
solutions are implemented in a way to detect
unwanted intrusions and prevent malicious attacks on
the communication layer. Also securing against
attacks like Replay attacks, offline id guessing attacks,
unauthorized login, user anonymity, and sensor node
anonymity. It gives an overview of security
requirements for different pillars of IoT system.

Security Model for IoT System.

Device Registration
Data sharing

Proposed System Model

CONCLUSION

We proposed middleware architecture which

provides an end-to-end security solution for
contributors who upload sensing data. This approach
allows an end to end encryption of data to secure
data in transit. In the proposed middleware solution
all IoT system constraints are taken into
consideration. REST API is used for communication
and data exchange. Middleware successfully assists
IoT development by exposing REST API and
providing an interface to the user to register their
IoT devices and then securely accessing data
collected by the device.
CONTENT:

 ABSTRACT
 INTRODUCTION
 WHAT IS API?
 REST
 IOT MIDDLEWARE ARCHITECTURE
 SECURITY MODEL FOR IOT SYSTEM
 CONCLUSION