Q1

IoT devices ____________ some physical things or have direction connections to things.

 

Select one:

A.
control

B.
monitor

C.
manipulate

D.
Connect

ANs –D
connect

Q2

Six main aspects of security requirement consideration are: __________________

 

Select one:

A.
Confidentiality, Integrity, Availability, Security, Authority, Privacy

B.
Confidentiality, Integrity, Availability, Security, Authenticity, Authority

C.
Confidentiality, Integrity, Availability, Security, Authenticity, Privacy
D.
Confidentiality, Integrity, Availability, Nonrepudiation, Authenticity, Privacy

Ans -B

Q3

Security in a RFID system must focus on these aspects: control access to the information,
__________, confidence and trust.

Select one:

A.
control access to the system

B.
encryption

C.
using symmetry keys

D.
network security

Ans –A

Q4

The greatest vulnerability in identity and access management is ______________.

Select one:

A.
no password

B.
insecure firmware

C.
no network security
D.
insecure bootstrapping

Ans –c

Q5

Attack trees are conceptual diagrams showing how an asset, or target, might be
attacked. The main components are in the tree are ______________________.

Select one:

A.
activities

B.
targets

C.
threads

D.
attacks

Ans -D

Q6

In Asymmetric-Key Cryptography, although RSA can be used to encrypt and decrypt

actual messages, it is very slow if the message is ____________________.

Select one:

A.
Short

B.
Thin

C.
Long

D.
Flat

Ans –c

Q7

Which of this best describes how symmetry key encryption works?

Select one:

A.
A bingo number

B.
Scramble information

C.
Using one key to encode and decode information to preserve the confidentiality

D.
To protect the confidentiality of the information from eavesdroppers

Ans –c

Q8

Key zeroization means _________________________________________.

Select one:

A.
Newly generated keys

B.
Securely remove cryptography keys from memory
C.
Securely remove encryption keys from the computer hard disks

D.
Making copies of keys and storing them in other secure locations

Ans –c

Q9

Cipher suite of “TLS_AES_256_GCM_SHA384” means _______________________.

Select one:

A.
Transport Layer Security, AES algorithm with 256-bit length keys, Using Great Computing
Mode, SHA384 to be used as the hashing algorithm

B.
Transport Layer Security, AES algorithm with 256-bit length keys, Using Galois Counter
Mode, SHA384 to be used as the hashing algorithm

C.
Transport Layer Security, AES algorithm with 256-bit length keys, Using Great Computing
Mode, SHA384 to be used as the encryption algorithm

D.
Transport Layer Security, AES algorithm with 256-bit length keys, Using Galois Counter
Mode, SHA384 to be used as the encryption algorithm

Ans –A

Q10

Attack techniques in IoT Environment include_____________________.

Select one:

A.
Decryptions
B.
Hacking

C.
Impersonation

D.
Attacking

Ans -c
Q11

Discuss the Layered Application architecture of IoT networks, list and discuss any four (4)
of the IoT security challenges with examples. You can upload your diagram.

Four of the IOT security challenges

Feeble secret phrase assurance
Hard-coded and inserted qualifications are a risk for IT frameworks and as much unsafe
for IoT gadgets.
Guessable or hard-coded certifications are a bonus for programmers to assault the
gadget straightforwardly.

Absence of ordinary fixes and refreshes and frail update system

IoT items are created in light of usability and availability.

They might be secure at buy yet become weak when programmers observe new security
issues or bugs.

In the event that they are not fixed with ordinary updates, the IoT gadgets become
uncovered after some time.

Shaky connection points

All IoT gadgets process and convey information. They need applications, administrations,
and conventions for correspondence and numerous IoT weaknesses begin from
uncertain points of interaction.

Deficient information insurance (correspondence and capacity)

The most successive worries in the information security of IoT applications are because
of shaky interchanges and information stockpiling.

Q12

Considering the system shown in Figure-1 shown, discuss the privacy challenges in this
IoT system and what mechanisms/approaches should be deployed for securing
credentials.
Figure-1: Connected Vehicles and Infrastructure

Poor IoT gadget the board

IoMT (Internet of Medical Things), and unmanaged associated gadgets in medical services, retail,
and assembling as well as life sciences.It uncovers a shocking number of weaknesses and dangers
across an amazingly different arrangement of associated objects.

The IoT ability hole

Organizations are confronting an indispensable IoT abilities hole that is keeping them from taking
advantage of new open doors without limit, As it's beyond the realm of possibilities 100% of the
time to enlist new gifts, the choice is to depend in existing groups.

Preparing and upskilling programs should be set up.

In general network safety procedure should intend to safeguard three center points of support that
support associated gadgets and administrations:

Secrecy,

Uprightness,

Accessibility.

Guaranteeing that the objectives of the three security support points are met is an issue of
appropriate security by plan.

By executing the proposed security choices like gadget and confirmation the executives
arrangements, in view of encryption strategies, with the master information activated as soon as
possible potential, organizations can forestall unapproved admittance to information, gadgets, and
programming.

Q13

Discuss the process of SSL/TLS in details with an example (hint: using the message flow
diagram). You can upload your message flow diagram.
SSL/TLS utilizes both deviated and symmetric encryption to safeguard the privacy and
uprightness of information on the way. Uneven encryption is utilized to lay out a solid
meeting between a client and a server, and symmetric encryption is utilized to trade
information inside the got meeting.

A site should have a SSL/TLS authentication for their web server/area name to utilize
SSL/TLS encryption. When introduced, the testament empowers the client and server to
safely arrange the degree of encryption in the accompanying advances:

The client contacts the server utilizing a solid URL (HTTPS)

The server sends the client its authentication and public key.
The client checks this with a Trusted Root Certification Authority to guarantee the
authentication is genuine.
The client and server arrange the most grounded kind of encryption that each can uphold.
The client scrambles a meeting (secret) key with the server's public key, and sends it back to
the server.
The server unscrambles the client correspondence with its private key, and the meeting is laid
out.
The meeting key (symmetric encryption) is currently used to scramble and unscramble
information sent between the client and server.
Q14

Identity and Access Management is one the key security implementations in IoT. Discuss
the main functionality of IAM and its lifecycle in details. You can upload your diagram.

(IAM) guarantees that the ideal individuals and occupation jobs in your association
(characters) can get to the apparatuses they need to go about their responsibilities.
Personality the executives and access frameworks empower your association to oversee
worker applications without signing into each application as a head. Character and
access the executives frameworks empower your association to deal with a scope of
personalities including individuals, programming, and equipment like advanced
mechanics and IoT gadgets.

IAM to give online security and to expand worker usefulness.

Security. Conventional security frequently has one weak spot - the secret phrase.
Assuming a client's secret phrase is penetrated - or more awful yet, the email address for
their secret word recuperations - your association becomes helpless against assault. IAM
administrations thin the weak spots and screens them with instruments to get botches
when they're made.
Usefulness. When you sign on to your fundamental IAM entrance, your worker no longer
needs to stress over having the right secret phrase or right access level to play out their
obligations. Not exclusively does each representative gain admittance to the ideal set-up
of instruments for their work, their entrance can be overseen collectively or job rather
than independently, decreasing the responsibility on your IT experts.

dentity the executives arrangements by and large perform two undertakings:

IAM affirms that the client, programming, or equipment is who they say they are by
confirming their qualifications against an information base. IAM cloud character
instruments are safer and adaptable than customary username and secret phrase
arrangements.

Character access the executives frameworks award just the fitting degree of access.
Rather than a username and secret word permitting admittance to a whole
programming suite, IAM takes into consideration slender cuts of admittance to be
divided, for example supervisor, watcher, and analyst in a substance the board
framework.
Q15

Case 1: Working the Land and the Data – IoT in Farming

LEESBURG, Ind. — Kip Tom, a seventh-generation family farmer, harvests the staples of
modern agriculture: seed corn, feed corn, soybeans and data.
“I’m hooked on a drug of information and productivity,” he said, sitting in an office filled
with computer screens and a whiteboard covered with schematics and plans for his
farm’s computer network.
Mr. Tom, 59, is as much a chief technology officer as he is a farmer. Where his great-
great-grandfather hitched a mule, “we’ve got sensors on the combine, GPS data from
satellites, cellular modems on self-driving tractors, apps for irrigation on iPhones,” he
said.
The demise of the small family farm has been a long time coming. But for farmers like
Mr. Tom, IoT technology offers a lifeline, a way to navigate the boom-and-bust cycles of
making a living from the land. It is also helping them grow to compete with giant
agribusinesses.
While some benefit, others will lose. Silicon Valley is credited — or blamed — for tearing
down many old ways of doing things. With its adoption of the latest IoT technology, Mr.
Tom’s farm is expanding, to 20,000 acres today from 700 acres in the 1970s.
Furthermore, such costly technology is beyond the smallest farmers. Equipment makers
like John Deere and AGCO, for example, have covered their planters, tractors and
harvesters with sensors, computers and communications equipment. A combine
equipped to harvest a few crops cost perhaps $65,000 in 2000; now it goes for as much
as $500,000 because of the added information technology.
“We’ve seen a big uptick in the productivity of larger farms,” said David
Schimmelpfennig, an economist at the Agriculture Department. “It’s not that smaller
farms are less productive, but the big ones can afford these technology investments.”
And there is another risk. There is an incentive to grow single crops to maximize the
effectiveness of technology by growing them at the largest possible scale. Farmers with
diverse crops and livestock would need many different systems. Smaller farmers without
technology could also grow one crop, but they would not capture most of the gains.
Technology encourages farmers to move too aggressively toward easy-to-grow and
easy-to-sell crops that are more easily measured by instruments, rather than keeping
some diversity in the fields — an age-old hedge against bad weather and pests, said Ann
Thrupp, executive director of the Berkeley Food Institute, a policy and technology
research institute at the University of California, Berkeley. That is the fear. But there is
also the promise that technology can make farming far easier. Like Tom Farms, other
farms have also grown with the adoption of technology.
At a large family farm in the Rio Grande Valley in Texas, Brian Braswell uses satellite-
connected tractors to plow fields with accuracy of one inch between furrows. His soil was
tested with electrical charges, then mapped so that fertilizer is applied in exact doses
from computer-controlled machines. He uses drones, the newest new thing, to survey
flood irrigation. “It would be easy to put an infrared camera on one of these and spot
where crops are stressed,” he said, except that he is wary of Federal Aviation
Administration regulations.

Answer the following questions (2.5x4=10 marks):

1. Briefly describe the situation and the challenges faced by farmers.

Answer

Customary methodology

An excessive number of ranchers, industry agents, and proprietors of agri-organizations

all over the planet stick to their many years old practices. They are as yet not
philosophically prepared to take the jump towards present day ag tech. It appears to be
sensible to continue to do what you and your progenitors have been doing effectively.

Notwithstanding, times are effectively evolving. As it has as of now been referenced,

crop request will have an uncommon increment, while how much soil and clean water
accessible will diminish.

Specialized condition of ranches

A ton of homesteads have been in similar state for quite a long time. A few ranchers
have not rolled out any huge improvements since they didn't see the point in doing that.
Others needed more assets. Subsequently, the condition of many ranches is not exactly
good according to a specialized point of view. Be that as it may, for the individuals who
need to stay in business, neither of these contentions will work.

Land constraints

There is an enormous issue with land access in the U.S. Farmland expansion rates went
up by just about 150% from 2004 to 2018. Simultaneously, understudy obligation
continued to develop, so potential ranchers either couldn't bear to get into the business
or the people who were at that point in it couldn't get an advance and gain significant
headway. Some industry insiders guarantee that land constraints and challenges with
acquiring land are the principle justification for why youngsters battle with entering the
cultivating business. In addition, when one doesn't claim the land, the possibilities of the
rancher being prepared to contribute and work on the condition of the homestead are a
lot of lower.

Exorbitant costs

Setting up ranches for a more innovative methodology, purchasing unique hardware,

and carrying out different accuracy cultivating procedures are without a doubt costly.
Nonetheless, as it has as of now been expressed, these progressions are vital.

Absence of training and capability

As indicated by this report, north of 40% surprisingly on the planet work in the agrifood
area. This remembers 66% of all populace for helpless nations. Furthermore the issue is
that their experience regularly has a great deal of restrictions of its own.

In examination, the circumstance in the U.S. is very unique. Around 30% of American
ranchers set off for college, and about portion of them really graduated with a degree.
Nonetheless, as a result of the costs on training and costs that a homestead would
require, many need to settle on a decision between seeking after schooling or going into
cultivating. All things being equal, a few ranchers likewise figure out how to go to post-
graduate projects

Media communications foundation issues

Accessibility of Internet association is a significant component while executing ag tech
devices and strategies.

The attention on what's to come

In the case of something works today, it doesn't imply that it will be as productive
tomorrow. This connects with the cultivating approaches as well

2. What were the different technological solutions deployed and what did it allow
them to do?

Distributed computing for Farm Management

Distributed computing is one application that ranchers can use to more readily oversee
crops and their business through its application called programming as-a-administration
(Saas). In this area, fire up firms are creating business applications that are explicitly
useful to the rural area. A portion of these applications are with the end goal that
ranchers can make spending plans and functional timetables according to creation plans.
The cultivating explicit programming is accessible, through which labor force the board
can turn out to be more effective.

Portable Technology

Portable innovation is changing the manner in which observing and assessment is being
done. How has customarily been managed pencil and paper should now be possible
through cell phones and tablets. There are applications that are explicitly intended for
field groups to gather information.

It's likewise the most savvy method for giving information access in the field.

RFID and Security Technologies

The innovation utilized for agrarian following and security is called Radio Frequency
Identification RFID. For instance, domesticated animals can be followed utilizing 'animals
following labels' furnished with RFID. This can be useful in following dairy cattle
consistently, and can likewise be utilized for wellbeing checking, and keeping an
information base of the wellbeing history of every creature. Also, during crop shipments,
particularly affirmed natural harvests, utilizing this innovation helps in eliminating
forging/sullied food shipments through its security labeling.

Enormous Data, Analytics, and Smart Farming

Information investigation is one instrument that is being used for accuracy farming. This
is called 'savvy cultivating', which is currently being applied by numerous agri-
organizations to reduce expenses and increment yields. This is the manner by which it
works: Farm workplaces gather a lot of data about crop yields, compost applications, soil
planning, weather conditions, and animal wellbeing.

Deeply

At the center of this smooth working of e-agribusiness are solid correspondence

organization and PC foundation. In addition, every one of the information that is
assembled likewise should be coordinated for audits, and even information put away in
the cloud must be available for examination.

3. What were the benefits and outcomes of the new ways of farming?

Answer

Benefits of Modern Technology in Agriculture are: -

- Current machines can diminish the undertakings of ranchers.
- The utilization of HYV seeds has expanded the creation to manifolds.
- It can diminish creation time.
- It is used to effortlessly water to the yields.
- Machines are useful for sowing the seeds.
- Synthetics are utilized for bug control.
- Works on the ripeness of the dirt.
- Increase the expense and solicitation of the things.
- Decline the impact on the biological system.
- Present day cultivating has current stockpiling strategies that decrease wastage of food
grains.
- Crop insurance is a significant component of present day cultivating.
4.      Discuss the possible security issue when using infrared camera on the farming
lands.
Perhaps the greatest limit of an infrared camera is the way that it can't precisely catch a
picture through glass, or some other sparkling article. Glass will in general mirror the
fieriness of the item both in front and behind it, which extraordinarily slants anything
that picture you are attempting to get.

Q16

Case 2: Smart Home IoT Network Security Analysis

The smart home is one of the most prominent applications in the paradigm of the IoT.
While it has added a level of comfort and convenience to users’ everyday lives, it also
brings a unique security challenge of mitigating insider threats posed by legitimate
users. Such threats primarily arise due to the sharing of IoT devices and the presence of
complex social and trust relationships among users. State-of-the-art home IoT platforms
manage access control by deploying various multifactor authentication mechanisms.
Nevertheless, such hard security measures are inadequate to defend against insider
threats, and there is a growing need to integrate user behavior and environmental
context in order to make intelligent authorization decisions.
Some of the leading home IoT platforms that have emerged over the past few years are
Samsung’s SmartThings, Apple’s HomeKit, and Google’s Android Things. These platforms
are energy efficient, connect heterogeneous devices and protocols, allow remote control
and actuation, and support third-party application development.
The popularity of smart home appliances is causing the increasing development of the
IoT. For example, most smart home devices—such as smart televisions, fridges,
dishwashers, cooling systems, and heating machines, among others—are connected to
the Internet to make people’s lives more comfortable and easier. Nowadays, the ability
of smart home management to combine and control devices has increased and
developed significantly. A smart home is like a bespoke home based on personal
preferences and individual specifications. It can regulate and control the internal/external
features of a house, such as lighting, temperature, doors, and windows. Smart home
management can be used to set the brightness and warmth of a room, adjust
background music, and even schedule TV programs to be recorded and played, all
depending on the homeowner’s taste and decisions.
The case study is from https://www.hindawi.com/journals/wcmc/2020/8896637/
 
Answer the following questions:
1. Discuss the possible smart home IoT system architectural design. Illustrate with a
conceptual IoT system diagram.  You upload your diagram in the drop box.        [5
marks] 

Smart power frameworks reach out past savvy networks and meters to coordinate numerous
energy sources and types, creation and conveyance foundation, and working cycles and working
cases. Keeping these frameworks moving along as expected and ceaselessly requires secure
associations with convey the advantages they are intended for - further developed strength, more
noteworthy proficiency, lower cost and natural maintainability.

Energy the executives utilizing IoT is expanding, and with it, the obligation to involving IoT for energy
proficiency to help ecological manageability. As worldwide energy request develops, so do the issues
related with expanded utilization, maturing framework development, rising end expenses and
purchaser assumptions about energy accessibility.

With IoT-empowered shrewd power arrangements and assets, you can associate practical energy
resources and coordinate them with your current IT foundation to further develop energy
productivity and energy conveyance. IoT power the executives empowers various maintainability
rehearses, for example, simple admittance to constant machine data and purchaser data. These
practices assist you with using sound judgment about influence dissemination while assisting your
clients with setting aside energy and set aside money.
2. Discuss the security goals for your design.                                                      [5
marks]