2017 2nd IEEE International Conference On Recent Trends in Electronics Information & Communication Technology (RTEICT), May 19-20,
2017, India
Cyber Security - IoT
Swapnil Naik
Research Scholar, Department of Computer Engineering,
KJCOEMR
Abstract—In the past, only mobiles and computers were
connected to the internet but in the new era with the advent of
new technologies other things like security cameras, microwaves,
cars and industrial equipment’s are now connected to internet.
This network of things is called the internet of things. There are
already 6 billion devices on the internet and within a few years
these number is anticipated to scale to 20 billion devices. PCs and
mobiles have dozens of software security solutions to protect
them from most of the attacks but similar security solutions are
missing to protect the rest of the internet of things. Recently,
thousands of security cameras were breached to launch a DDOS
attack that caused Twitter outage. IoT solutions is not just
software but an entire ecosystem of hardware, software, cloud,
web and mobile interfaces. This ecosystem is not very mature and
there are still major concerns lurking around IoT adoption
primarily due to security threats. IoT Top Security Concerns:
Device Cloning, Sensitive Data Exposure, Denial of Service,
Unauthorized Device Access and Control, Tampering Data. This
research work accomplishesthe need to mitigateIoT security
challenges Device Cloning and Sensitive Data Exposure.
Keywords—IoT, IoT Security, Controller, Cloud, Device, Sensor,
MQTT, MongoDB, Encryption, Decryption, Cipher, Secret key,
Encrypted session key, Session key
I. INTRODUCTION
I oT is the network of vehicles, devices, streets, buildings and
other itemsembedded with software, sensors, electronics and
network connectivity that enables these objects to collect and
exchange information. These devices that exchange
information to cloud where data is analyzed and valuable
services are offered can be compromised or breached by
malicious users for financial gain or cause reputation damage
to a targeted organization or user. Most common attacks are:
Guidelinesfor Manuscript Preparation
1. Device Cloning:
In this type of security threat, foreign hardware can connect
in a way that looks and acts like the correct device, but is not.
This type of issue can quickly scale, it can be hard to tell
which devices are authentic and which are clones. Bad data
can quickly overload servers, costing industries massive time
and budget to fix.
2. Sensitive Data Exposure
Sensitive Data Exposure occurs when an application does
not adequately protect sensitive information. Information
needs to be encrypted during transit. The data can vary A good
example is transferring data as clear text over the wire.
3. Denial of Service
A type of attack on a network that is designed to bring the
network down by simulating large useless traffic. DoS threats
978-1-5090-3704-9/17/$31.00 © 2017 IEEE
764
Authorized licensed use limited to: Guru Gobind Singh Indraprastha University. Downloaded on January 03,2022 at 14:27:43 UTC from IEEE Xplore. Restrictions apply.
Vikas Maral
Professor, Department of Computer Engineering, KJCOEMR
come in many types, with some directly targeting the
underlying server infrastructure. Others exploit vulnerabilities
in application and communication protocols.
4. Unauthorized Access or Control
While there are concerns about too much private
information being breached, one of the larger worries around
IoT is unauthorized access or control. No one wants a
malicious user to gain control of their devices. This is also the
most high profile security vulnerability that has crippled the
connected companies to date with multiple security attacks
making headlines.
The primary focus of this research work is to secure IoT
solutions from the below 2 security challenges:
1) Device cloning attacks
2) Sensitive data exposure
II. REVIEW OF LITERATURE
1. Hyun-Jin Kim, Hyun-Soo Chang, Jeong-Jun Suh, A
Study on Device Security in IoT Convergence, 2016 IEEE, in
this paper I learnt different types of IoT devices and threats of
each category and different security requirements of IoT
devices.[1]
2. Debdeep Mukhopadhyay,PUFs as Promising Tools for
Security in Internet of Things, 2015 IEEE, in this paper I have
studied the use of Physically Unclonable Functions (PUFs), as
a hardware security primitive for authentication.[4]
3. Shaza Zeitouni, Yossef Oren, Christian Wachsmann,
Patrick Koeberl, and AhmadReza Sadeghi, Remanence Decay
Side-Channel: The PUF Case, JUNE 2016 IEEE, in this paper
I have studied a side-channel attack based on remanence decay
in volatile memory and how it can be exploited effectively to
launch a non-invasive cloning attack against SRAM physically
unclonable functions (PUFs).[3]
4. Albandari Alsumayt , John Haggerty , Ahmad Lot ,Detect
DoS attack using MrDR method in merging two MANETs
2016 IEEE, in this paper I have studied how to detectdos
attack in the process of merging two MANETs.
5. Akashdeep Bharadwaj,Dr. GVB Subramanyam,Dr.Vinay
Aasthi,Dr.Hanumat Sastry, Solutions for DDos attacks on
cloud 2016 IEEE. A multi-tiered Network Architecture
forDDos mitigation has been proposed wherein hybrid cloud
model is used.[5]
6. Prabhakaran Kasinathan, Claudio Pastrone, Maurizio A.
Spirito, Mark Vinkovits Denial-of-Service detection in
6LoWPAN based Internet of Things, 2013 IEEE, in this paper
a denial of service(DOS) detection architecture for
6LoWPAN(ivp6 over low power wireless personnel area
network) is proposed.[2]
The author has carried out the research work based on some
 2017 2nd IEEE International Conference On Recent Trends in Electronics Information & Communication Technology (RTEICT), May 19-20, 2017, India

of the requirements described in the above mentioned paper the payload.

named “Study on device security in IoT convergence” and has D1 – f (I1, S1, K1) – based on these 3 keys, device
implemented a feasible solution which can help in securing authentication is carried out.
IoT solutions.
OUTPUT:
III. SYSTEM ARCHITECTURE / SYSTEM OVERVIEW O = {D1, D2 ... Dn}
A. Problem Formulation where D is a set of successfully authenticated devices
The IoT solutions today, have been delivered with the focus
on quick time to market addressing important customer
requirements to have an edge against other competitors. There
is little to no investment on designing these solutions
considering security aspects. Most IoT solutions today have
devices sending data to cloud that have no identity checks thus
allowing attackers to build software clones and upload bad
data in the same format to IoT backend in cloud. Besides,
devices send data in clear text over internet to cloud making
these solutions vulnerable for attacks.
Problem 1. Identification of authentic devices to prevent
malicious clones to be registered with the system and upload
malicious data.
Problem 2. Preventing a user to analyze clear text traffic
over the wire and be able to understand the sensitive data
being transmitted by IoT devices and then craft bad data for
malicious reasons.
B. System Description
As seen in Fig 1, the system comprises of IoT sensors that
are connected to devices where the sensor data is collected and
uploaded to cloud via GSM, WiFi etc technologies. The
devices are first authenticated to prevent clone attacks by
exchanging keys between devices and authentication server
hosted in cloud to ensure authenticity. If authentication is
successful, the device encrypts data and uploads to cloud to
prevent sensitive data exposure. The device used is Aurdinho
and sensor is ultrasonicsensor. Data uploaded via GSM and
sent via internet to a message bus like MQTT. The data is
further processed and stored in database like MongoDB.
Clients read this data using Tomcat webserver.
Fig. 1: Architecture
C. Mathematical Model D. Algorithm / Flowchart Used
Let S be the system representing the solution, I inputs, O Device before uploading data to cloud, executes
outputs and process would be the list of activities: authentication module which prevents clones from being
S = { I , O , Process } authenticated. The authentication module is described below
and also illustrated in Fig 2.
INPUT: 1. Device encrypts it’s device id using secret key and sends
I → f (device_id) the same to cloud over MQTT. The actual device idshould not
where device_id is unique to hardware and f is the function be sniffed on the network.
that fetches the device ID and encrypts the same. 2. Cloud server decrypts the device id with secret keyand
check whether it exists in the registered list of devices.
PROCESS: 3. Device id exists flag (yes, no) is returned to device by
K1 = {Secret Key} – key generated on auth server cloud server.
S → f (I) = {S ε I} – session key generated by device 4. If device id exists, device generates a unique session key
Sn = len (I) ! / (len ( I ) – len ( S ) ) ! which is a function of device id which is encryptedwith secret
C1 → f (I1, S1, K1) – based on I1 i.e. encrypted device id, key producing an encrypted session key using a custom
S1 i.e. session key and K1 the secret key a random encrypted encryption algorithm.
session key is generated for a session that is used to encrypt 5. The device posts the sensor data with encrypted device id

765
Authorized licensed use limited to: Guru Gobind Singh Indraprastha University. Downloaded on January 03,2022 at 14:27:43 UTC from IEEE Xplore. Restrictions apply.
 2017 2nd IEEE International Conference On Recent Trends in Electronics Information & Communication Technology (RTEICT), May 19-20, 2017, India

and encrypted session key to server over MQTT. attacker.

6. Cloud decrypts the encrypted session key with secret key 5. But the attacker can intercept encrypted session key
andretrieves the session key. The session key is checked if it is over internet and can replay messages using the
a function of device ID. If yes, it is stored in db where secret encrypted session key and to prevent this, we allow
key for that device is stored and a session of 60 mins is only one connection per device and so a fake clone
established. cannot replay traffic as a valid device can only establish
7. Every post of sensor data from device, the session key the 1st connection.
must match.
8. Post 60 mins, the session is forcefully broken and new IV. HARDWARE / SOFTWARE REQUIREMENT
session is established. SPECIFICATIONS
9. For encryption, the data uploaded is encrypted using A. Software
encrypted session key. 1.Operating System: Linux
2.IDE: Arduino
3.Programming Language: C
4.Putty
5.MQTT.client
6.MQTT.server
7. Wireshark

B. Hardware
1 Arduino 2.5-12V
2 Ultrasonic Sensor 5V and 40Hz

V. IMPLEMENTATION
The Arduino device firmware is coded in C that is involved in
authentication. The device sends authentication information
and payload from sensors by establishing a Wi-Fi connection
to server and publishes the same on MQTT message bus. The
server implemented in python subscribes to information
delivered on message bus and publishes the authentication
information that the device subscribes to successfully execute
the authentication function. Post successful authentication, the
server stores the payload i.e. sensor data in mongoDB that is
rendered in web console. The web console is html and java
script and makes rest api calls implemented in python flask.

VI. RESULTS
The authentication, encryption and detection of clones
happens within seconds. Detected clones are reported in UI as
shown in Fig 3.
The output of the program on the server:
Fig. 2: Flow Chart [root@ubuntu ]IoT/Src$ python main.py
In a nutshell, device cloning attack is prevented due to: Connected with device 1
1. Attacker simply cannot post data to IoT cloud but needs Topic: Identity - deviceidreceived: j*?xa deviceid valid :
to know the device id e.g. mac id. Yes
2. Device ids can be sniffed over internet so the algorithm Topic: Cipher - session keyreceived: k*?xa Generated
suggested considers encrypting device id with secret session
key. Secret key is not communicated over internet but key : 112
available with device and cloud during device Authentication : Success
qualification. Valid Session Device uploaded data : k*? Valid Session
3. But attacker can sniff traffic over internet and send the Topic : Data - Device uploaded data : k*?
encrypted device id without knowing the actual device
id.and to prevent this problem, we have a session key
which is also a must for authentication.
4. Session key is random and based on device id. This key
is encrypted using secret key that is not known to
766
Authorized licensed use limited to: Guru Gobind Singh Indraprastha University. Downloaded on January 03,2022 at 14:27:43 UTC from IEEE Xplore. Restrictions apply.
 2017 2nd IEEE International Conference On Recent Trends in Electronics Information & Communication Technology (RTEICT), May 19-20, 2017, India

Count. Physical Device Virtual Device

1 0.009876 0.007093
2 0.629226 0.446469
3 0.480636 0.130023
4 0.316180 0.159537
Avg 0.358979 0.185780
Table 2 : Authentication time taken in seconds

The size of message posted containing the sensor data were

recorded in logs before and after encryption. As one can see in
Table 3, the encryption does not increase the size of payload.

Before Encryption After Encryption

68 bytes 68+8 bytes of cipher
Table 3 : Data upload size (in bytes)
Fig. 3 Device Clone Detection

A. Outcome & Success definition
The desired outcome of preventing device clone attack and
preventing sensitive data exposure was achieved. The
solution is able to identify clone attacks in milliseconds and
the data size does not increase beyond 8 bytes post
encryption thus not adding to high costs from ISP as data is
sent over internet. This solution works on low powered
hardware and the processing times and data size does not
grow exponentially.
Device Message Data Format
Data = "{\"did\":\"18fe34q13ucf\",\"swv\":\"v1_0\",
\"payload\":{\"R\":[24,30,32],\"A\":[0,0,0]}"
Encrypted Data = "{\"did\": v?V[@.,\"swv\":\"v1_0\",
\"payload\":!&u(0%<@*-m"
VII. CONCLUSION
The 2 security challenges that constitute max security
breaches in IoT landscape have now solutions identified to
prevent attacks. The unique solution implemented is carefully
chosen due to hardware constraints of processing and memory
on IoT devices as well as minimize cost of data transfer
charged by ISP. Implementation is carried out to establish
device connection with cloud component for authenticating
devices to prevent device clone attacks. Post successful
authentication data is encrypted to prevent sensitive data
exposure. The solution is efficient as it is very secure with
very little overheads in terms of time required for
authentication which is not exponential and data size which
just adds additional 8 bytes of encrypted session key for every
data posted from device to cloud.The little cost overhead is
worth the huge security benefits.

B. Result Analysis Table ACKNOWLEDGMENT

Performance Measures:
The Encryption and Decryption start and end timings were The authors would like to thank the researcher and
logged and can be seen in the Table 1. publishers for assistance. We are thankful to the authorities of
Savitribai Phule University, Pune for all the support and
guidance.
No. Encryption Decryption
REFERENCES
1 0.000482 0.005902
2 0.000449 0.005985
3 [1] Hyun-Jin Kim, Hyun-Soo Chang, Jeong-Jun Suh, A Study on Device
0.000423 0.005793
Security in IoT Convergence, 2016 IEEE.
4 0.000465 0.006240 [2] Prabhakaran Kasinathan, Claudio Pastrone, Maurizio A. Spirito, Mark
Avg 0.000454 0.005980 Vinkovits Denial-of-Service detection in 6LoWPAN based Internet of Things,
Table 1 : Encryption Decryption time taken in seconds 2013 IEEE.
[3] Shaza Zeitouni,Yossef Oren,Christian Wachsmann, Remanence Decay
The proposed solution is implemented on both the physical SideChannel: The PUF Case, 2016 IEEE.
and virtualdevices. [4] Debdeep Mukhopadhyay, PUFs as Promising Tools for Security in
The authentication start and end times were recorded in logs Internet of Things, 2015 IEEE.
and the averages across physical and virtual devices is [5] Akashdeep Bharadwaj,Dr. GVB Subramanyam, Dr.Vinay
Aasthi,Dr.Hanumat Sastry,Solutions for DDos attacks on cloud, 2016 IEEE.
reported in table below. As one can see from Table 2, the [6] Detect DoS attack using MrDR method in merging two MANETs,
average timings are not growing exponentially as count of Albandari Alsumayt , John Haggerty , Ahmad Lot, IEEE 2016
devices are increasing.

767
Authorized licensed use limited to: Guru Gobind Singh Indraprastha University. Downloaded on January 03,2022 at 14:27:43 UTC from IEEE Xplore. Restrictions apply.