Unit I:

Security Challenges within IoT Systems

Unit II:

Security of Wireless Sensor Networks

Unit III:

Integrating Security in IoT Ecosystem

Unit IV:

Overview of Privacy in IoT

Unit V:

Best Practices in IoT Security

Unit I
Security Challenges within IoT Systems

1.1 Network layers of IoT Architecture and Security challenges

1.2 Devices with limited or no physical security and limited security computing capabilities, 1.3
Remote management of security
1.4 Identification and management of risks of scaling end point devices including sensors, 1.5
Crypto resilience
1.6 Security management of distributed systems
1.7 Privacy concerns, threats and attacks to IoT
1.8 Hacking IoT firmware
1.9 Consumerization of IoT security, case studies

Fundamentals
ISO OSI MODEL:
 ∙ What is ISO in OSI model?
ISO stands for international organization of Standardization. This is called a model for Open
System Interconnection (OSI) and is commonly known as OSI model. The ISO-OSI model is a seven
layer architecture. It defines seven layers or levels in a complete communication system.
∙ physical layer is the lowest layer of the OSI model. This layer controls the way unstructured,
raw, bit -stream data is sent and received over a physical medium. This layer is composed of
the electrical, optical, and physical components of the network.
∙ Data Link Layer provides the functional and procedural means to transfer data between
network entities and to detect and possibly correct errors that may occur in the physical layer.
... Both WAN and LAN service arrange bits from the physical layer into logical sequences
called frames.
∙ Network layer uses network addresses (typically Internet Protocol addresses) to route packets to
a destination node. The data link layer establishes and terminates a connection between two
physically-connected nodes on a network. It breaks up packets into frames and sends them
from source to destination.
∙ Transport Layer provides transparent transfer of data between end users, providing reliable
data transfer services to the upper layers. The transport layer controls the reliability of a given
link through flow control, segmentation and desegmentation, and error control.
∙ Session Layer is the layer of the ISO Open Systems Interconnection (OSI) model that controls
the dialogues (connections) between computers. It establishes, manages, and terminates the
connections between the local and remote application.
∙ presentation layer transforms data into the form that the application accepts. This layer formats
and encrypts data to be sent across a network.
∙ application layer is an abstraction layer that specifies the shared communications protocols and
interface methods used by hosts in a communications network. An application layer
abstraction is specified in both the Internet Protocol Suite (TCP/IP) and the OSI model.

1.1Network layers of IoT Architecture and Security challenges

Network layers of IoT Architecture and Security challenges

 ∙ What is network layer in IoT architecture?
o Network layer is also known as transmission layer.
o It acts like a bridge between perception layer and application layer.
o It carries and transmits the information collected from the physical objects through
sensors.
o The medium for the transmission can be wireless or wire based.

∙ What are the security issues in the IoT?

o Vulnerabilities. Vulnerabilities are a large problem that constantly plague users and
organizations. ...
o Malware. ...
▪ Malware (short for “malicious software”) is a file or code, typically delivered
over a network, that infects, explores, steals or conducts virtually any
behaviour an attacker wants. And because malware comes in so many
variants, there are numerous methods to infect computer systems.
o Escalated cyberattacks. ...
o Information theft and unknown exposure. ...
o Device mismanagement and misconfiguration.

Architecture of IoT:
There is no single consensus on architecture for IoT, which is agreed universally. Different
architectures have been proposed by different researchers.

Three- and Five-Layer Architectures

The most basic architecture is a three-layer architecture [3–5] as shown in Figure 1. It was introduced
in the early stages of research in this area. It has three layers, namely, the perception, network, and
application layers.
(i)The perception layer is the physical layer, which has sensors for sensing and gathering information
about the environment. It senses some physical parameters or identifies other smart objects in the
environment.
(ii)The network layer is responsible for connecting to other smart things, network devices, and servers.
Its features are also used for transmitting and processing sensor data.
(iii)The application layer is responsible for delivering application specific services to the user. It
defines various applications in which the Internet of Things can be deployed, for example, smart
homes, smart cities, and smart health.
The three-layer architecture defines the main idea of the Internet of Things, but it is not sufficient for
research on IoT because research often focuses on finer aspects of the Internet of Things. That is why,
we have many more layered architectures proposed in the literature. One is the five-layer architecture,
which additionally includes the processing and business layers [3–6]. The five layers are perception,
transport, processing, application, and business layers (see Figure 1). The role of the perception and
application layers is the same as the architecture with three layers. We outline the function of the
remaining three layers.
(i)The transport layer transfers the sensor data from the perception layer to the processing
layer and vice versa through networks such as wireless, 3G, LAN, Bluetooth, RFID, and
NFC. (ii)The processing layer is also known as the middleware layer. It stores, analyzes, and
processes huge amounts of data that comes from the transport layer. It can manage and provide
a diverse set of services to the lower layers. It employs many technologies such as databases,
cloud computing, and big data processing modules.
(iii)The business layer manages the whole IoT system, including applications, business and
profit models, and users’ privacy. The business layer is out of the scope of this paper. Hence,
we do not discuss it further.
Security challenges in IOT:

The Most Important Security Problems with IoT Devices

1. Incorrect access control. ...
2. Overly large attack surface. ...
3. Outdated software. ...
4. Lack of encryption. ...
5. Application vulnerabilities. ...
6. Lack of Trusted Execution Environment. ...
7. Vendor security posture. ...
8. Insufficient privacy protection.

1. Incorrect access control

Services offered by an IoT device should only be accessible by the owner and the people in their
immediate environment whom they trust. However, this is often insufficiently enforced by the security
system of a device.
IoT devices may trust the local network to such level that no further authentication or authorisation is
required. Any other device that is connected to the same network is also trusted. This is especially a
problem when the device is connected to the Internet: everyone in the world can now potentially
access the functionality offered by the device.
A common problem is that all devices of the same model are delivered with the same default password
(e.g. “admin” or “password123”). The firmware and default settings are usually identical for all
devices of the same model. Because the credentials for the device – assuming that, as is often the case,
they are not changed by the user - are public knowledge, they can be used to gain access to all devices
in that series.
IoT devices often have a single account or privilege level, both exposed to the user and internally. This
means that when this privilege is obtained, there is no further access control. This single level of
protection fails to protect against several vulnerabilities.

2. Overly large attack surface

Each connection that can be made to a system provides a new set of opportunities for an attacker to
discover and exploit vulnerabilities. The more services a device offers over the Internet, the more
services can be attacked. This is known as the attack surface. Reducing the attack surface is one of the
first steps in the process of securing a system.
A device may have open ports with services running that are not strictly required for operation. An
attack against such an unnecessary service could easily be prevented by not exposing the service.
Services such as Telnet, SSH or a debug interface may play an important role during development but
are rarely necessary in production.

3. Outdated software
As vulnerabilities in software are discovered and resolved, it is important to distribute the updated
version to protect against the vulnerability. This means that IoT devices must ship with up-to-date
software without any known vulnerabilities, and that they must have update functionality to patch any
vulnerabilities that become known after the deployment of the device.
For example, the malware Linux.Darlloz was first discovered late 2013 and worked by exploiting a
bug reported and fixed more than a year earlier.

4. Lack of encryption
When a device communicates in plain text, all information being exchanged with a client device or
backend service can be obtained by a ‘Man-in-the-Middle’ (MitM). Anyone who is capable of
obtaining a position on the network path between a device and its endpoint can inspect the network
traffic and potentially obtain sensitive data such as login credentials. A typical problem in this
category is using a plain-text version of a protocol (e.g. HTTP) where an encrypted version is
available (HTTPS). A Man in-the-Middle attack where the attacker secretly accesses, and then relays
communications, possibly altering this communication, without either parties being aware.
Even when data is encrypted, weaknesses may be present if the encryption is not complete or
configured incorrectly. For example, a device may fail to verify the authenticity of the other party.
Even though the connection is encrypted, it can be intercepted by a Man-in-the-Middle attacker.
Sensitive data that is stored on a device (at rest) should also be protected by encryption. Typical
weaknesses are lack of encryption by storing API tokens or credentials in plain text on a device. Other
problems are the usage of weak cryptographic algorithms or using cryptographic algorithms in
unintended ways.

5. Application vulnerabilities
Acknowledging that software contains vulnerabilities in the first place is an important step in securing
IoT devices. Software bugs may make it possible to trigger functionality in the device that was not
intended by the developers. In some cases, this can result in the attacker running their own code on the
device, making it possible to extract sensitive information or attack other parties.
Like all software bugs, security vulnerabilities are impossible to avoid completely when developing
software. However, there are methods to avoid well-known vulnerabilities or reduce the possibility of
vulnerabilities. This includes best practices to avoid application vulnerabilities, such as consistently
performing input validation.
6. Lack of Trusted Execution Environment
Most IoT devices are effectively general-purpose computers that can run specific software. This makes
it possible for attackers to install their own software that has functionality that is not part of the normal
functioning of the device. For example, an attacker may install software that performs a DDoS attack.
By limiting the functionality of the device and the software it can run, the possibilities to abuse the
device are limited. For example, the device can be restricted to connect only to the vendor’s cloud
service. This restriction would make it ineffective in a DDoS attack since it can no longer connect to
arbitrary target hosts.
To limit the software a device can run, code is typically signed with a cryptographic hash. Since only
the vendor has the key to sign the software, the device will only run software distributed by the
vendor. This way, an attacker can no longer run arbitrary code on a device.
To totally restrict the code run on the device, code signing must also be implemented in the boot
process, with the help of hardware. This can be difficult to implement correctly. So called ‘jailbreaks’
in devices such as the Apple iPhone, Microsoft Xbox and Nintendo Switch are the result of errors in
the implementation of trusted execution environments.

7. Vendor security posture

When security vulnerabilities are found, the reaction of the vendor greatly determines the impact. The
vendor has a role to receive input on potential vulnerabilities, develop a mitigation, and update devices
in the field. The vendor security posture is often determined by whether the vendor has a process in
place to adequately handle security issues.
The consumer mainly perceives the vendor security posture as improved communication with the
vendor in relation to security. When a vendor does not provide contact information or instructions how
to take action in case of reporting a security issue, it will likely not help to mitigate the issue. Without
knowledge of limitations, end users will continue to use the device in the method intended. This may
result in a less secure environment. Vendors could make things easier for customers by advising of the
frequency of device security updates, and how to securely dispose or resell the device so that sensitive
data is not passed on.

8. Insufficient privacy protection

Consumer devices typically store sensitive information. Devices that are deployed on a wireless
network store the password of that network. Cameras can provide a video and audio recording of the
home in which they are deployed. If this information were accessed by attackers, it would amount to a
severe privacy violation.
IoT devices and related services should handle sensitive information correctly, securely, and only after
consent of the end-user of the device. This applies to both storage and distribution of sensitive
information.
In case of privacy protection, the vendor plays an important role. Other than an external attacker, the
vendor or an affiliated party may be responsible for a privacy breach. The vendor or service provider
of an IoT device could, without explicit consent, gather information on consumer behaviour for
purposes like market research. Several cases are known where IoT devices, for instance smart
televisions, may be listening in on conversations within a household.

9. Intrusion ignorance
When a device is compromised, it often keeps functioning normally from the viewpoint of the user.
Any additional bandwidth or power usage is usually not detected. Most devices do not have logging or
alerting functionality to notify the user of any security problems. If they have, these can be overwritten
or disabled when the device is hacked. The result is that users rarely discover that their device is under
attack or has been compromised, preventing them from taking mitigating measures.

10. Insufficient physical security

If attackers have physical access to a device, they can open the device and attack the hardware. For
example, by reading the contents of the memory components directly, any protecting software can be
bypassed. Furthermore, the device may have debugging contacts, accessible after opening up the
device, that provide an attacker with additional possibilities.
Physical attacks have an impact on a single device and require physical interaction. Since it not
possible to perform these attacks en-masse from the Internet, we do not recognize this as one of the
biggest security problems, but it is nevertheless included.
A physical attack can be impactful if it uncovers a device key that is shared amongst all devices of the
same model, and thus compromises a wide range of devices. However, in that case we consider
sharing the key amongst all devices to be the more important problem, not physical security.

11. User interaction

Vendors can encourage secure deployment of their devices by making it easy to configure them
securely. By giving proper attention to usability, design, and documentation, users can be nudged into
configuring secure settings.
There is partial overlap between this category and other categories listed above. For example, the
problem of incorrect access control mentioned above includes using unsafe or default passwords. One
way to solve this is to make the user interaction with the device such that it is very easy or even
mandatory to configure a secure password.
For most of the above security categories, it is difficult for a non-technical user to evaluate whether a
device meets the requirement. However, user interaction can, by definition, be perceived by the end
user, and so the consumer can evaluate how well a device performs on user interaction.
User interaction is an important category to make sure implemented security measures are activated
and correctly used. If it is possible to change the default password, but the user does not know or
cannot discover the functionality, it is useless.
1.2 Devices with limited or no physical security and limited security computing capabilities

limitations of IoT devices:

Many IoT devices come with inherent limitations in power, processing and memory. As a
consequence, they are not always managed with the advanced security patterns the need, which is why
they are at greater risk of being attacked or succumbing to defects.
IoT devices security:
IoT security is the practice that keeps your IoT systems safe. IoT security tools protect from threats
and breaches, identify and monitor risks and can help fix vulnerabilities. IoT security ensures the
availability, integrity, and confidentiality of your IoT solution.
What is IoT security?
IoT security is the practice that keeps your IoT systems safe.
IoT security tools protect from threats and breaches, identify and monitor risks and can help fix
vulnerabilities.
IoT security ensures the availability, integrity, and confidentiality of your IoT
solution. Why is IoT security so important?
From increasing the safety of roads, cars, and homes, to fundamentally improving the way we
manufacture and consume products, IoT solutions provide valuable data and insights that will enhance
the way we work and live.
Success depends on ensuring the integrity and confidentiality of IoT solutions and data while
mitigating cybersecurity risks.
So, what should we know about IoT security?
Build trust in IoT connected devices
The benefits of IoT are undeniable, and yet, high-profile attacks, combined with uncertainty about
security best practices and their associated costs, are keeping many businesses from adopting the
technology.
Besides, end-users are wary of the consequences of IoT security breaches.
Recent research indicates that 90% of consumers lack confidence in IoT device security. A 2019
survey done in Australia, Canada, France, Japan, the U.K., and the U.S. revealed that 63% of
consumers even find connected devices "creepy."
This illustrates one of the many aspects of IoT security challenges.
Digital security must be designed into IoT devices from the ground up and at all points in the
ecosystem to prevent vulnerabilities in one part from jeopardising the security of the whole. As the
global leader in digital security and, in particular, securing IoT devices, Thales provides customers
with the knowledge, solutions, and services needed to mitigate cybersecurity risk and trust in the
power of the IoT.
Understanding IoT security risks
Modern IoT ecosystems are complex.
Machines and objects in virtually any industry can be connected and configured to send data over
cellular networks to cloud applications and backends.
The digital security risk is present at every step along the IoT journey, and there is a bunch of hackers
that would take advantage of a system's vulnerability.
Unfortunately, diverse data types and computing power among IoT devices mean there's no 'one size
fits all' cybersecurity solution that can protect any IoT deployment.
The first step for any IoT business is to undergo a thorough security risk assessment that examines
vulnerabilities in devices and network systems and user and customer backend systems. Risk must be
mitigated for the entire IoT lifecycle of the deployment, especially as it scales and expands
geographically.

reason why IoT devices have such poor security?

Vulnerabilities are a large problem that constantly plague users and organizations. One of the main
reasons IoT devices are vulnerable is because they lack the computational capacity for built-in
security.
1.3 remote management of security

∙ the importance of security when working remotely and highlights simple techniques that users
can employ to protect themselves while they are working remotely.
∙ remote management of security refers to any security policy, solution, strategy or process that
exists to prevent unauthorized access to your network, its resources, or any confidential or
sensitive data. Essentially, secure remote access is a mix of security strategies and not
necessarily one specific technology like a VPN.
∙ Secure Remote Access is a combination of security processes or solutions that are designed to
prevent unauthorized access to an organization's digital assets and prevent the loss of sensitive
data.
∙ Why Security is Important While Working Remotely
o Working Remote Presents Many Risks You are responsible for your own security o
Public places can have criminals and competitors
o Lack of preparation can make you an easy target
When you work remotely, you are responsible for ensuring the security of yourself, your belongings,
and your information. When you work remotely, you do not have the benefit of the security you have
in your office. You typically do not often have control over your environment or the people you are
around. This makes working remotely more of a risk than your environment at work or at home. Lack
of preparation for working remotely can make you an easy target for thieves, pick-pockets,
unscrupulous competitors, and other criminals. Good preparation however can significantly reduce
your risks and make your experience far more relaxing and productive.
∙ Risks of Working Remotely
o A lack of security can result in significant losses
▪ Theft of property and valuables
▪ Loss of confidential information
∙ Simple techniques can make you secure
o Personal security to protect yourself
o Protection of your valuables and information
If you do not have good security habits, you can suffer a significant loss. You can have your property
or valuables stolen. This might include your wallet, money, jewellery, and identification documents.
You may also lose confidential information you’re carrying. The theft of wallets, check books, and the
identification cards, payment cards, and bank account information they contain is the main methods of
identity theft. The loss of these items can also hamper any plans or travel. The theft may include a
briefcase or a laptop. The information that they contain can include confidential company product
plans, customer names, proprietary knowledge, and other items that can be very valuable to a
competitor. Even
the personal information that is stored there is valuable to a thief. The inconvenience that results can
spoil your work and your travel. What can seem like a simple incident can actually result in a
significant problem. Simple techniques can, however, protect you against many of these security risks.
These simple techniques should focus on your personal security to protect yourself, how to protect
your valuables and confidential information, knowing where to find assistance when you need it, and
having contingency plans in case of emergencies.

Prepare Your Computer

∙ Check that you have prepared your computer to work securely while you are remote o
Ensure you have a physical computer lock
∙ Ensure your operating system is patched, and all security tools and anti-virus are enabled and up-
to-date
∙ Only take the information that you absolutely need Encrypt the data on your computer Perform a
computer data backup before you leave the office
If you are taking your computer, it is important to ensure that it is secure. Not only is the computer
itself valuable to a thief, but the data contained on it is also valuable to thieves and competitors. Many
people have been the victim of computer theft which has resulted in the loss of sensitive company
secrets, millions of personal records and information, and government secrets. Proper preparation
might have prevented these losses. A good computer lock will allow you to secure your computer
while you are working on it, and will prevent most snatch-and-grab thefts. Patching your computer
and making sure it is up-to-date gives you the most recent security tools before you go on the road. It
will minimize the exposure to malware, and attacks when your ability to make updates may be
limited. If you must take confidential or sensitive information and data on your laptop, encrypt it.
Your company should be able to provide you with a solution, as many newer operating systems
include disk encryption technology, and many third party tools are available as well. Performing a
data backup allows you to restore information if your system is stolen, damaged or has an accident
while you are remote. Knowing that any damage to your computer can be mitigated by having a
backup of your data can make you breathe a little bit easier.
Basic Security Tips for Remote Desktop
∙ Use strong passwords. ...
∙ Use Two-factor authentication. ...
∙ Update your software. ...
∙ Restrict access using firewalls. ...
∙ Enable Network Level Authentication. ...
∙ Limit users who can log in using Remote Desktop. ...
∙ Set an account lockout policy.
1. Use strong passwords
Strong passwords on any accounts with access to Remote Desktop should be considered a required
step before enabling Remote Desktop. Refer to the campus password complexity guidelines for tips.
2. Use Two-factor authentication
Departments should consider using a two-factor authentication approach. This topic is beyond the
scope of this article, but RD Gateways can be configured to integrate with the Campus instance of
DUO. Other unsupported by campus options available would be a simple mechanism for controlling
authentication via two-factor certificate based smartcards. This approach utilizes the Remote Desktop
host itself, in conjunction with YubiKey and RSA as examples.
3. Update your software
One advantage of using Remote Desktop rather than 3rd party remote admin tools is that components
are updated automatically with the latest security fixes in the standard Microsoft patch cycle. Make
sure you are running the latest versions of both the client and server software by enabling and auditing
automatic Microsoft Updates. If you are using Remote Desktop clients on other platforms, make sure
they are still supported and that you have the latest versions. Older versions may not support high
encryption and may have other security flaws.
4. Restrict access using firewalls
Use firewalls (both software and hardware where available) to restrict access to remote desktop
listening ports (default is TCP 3389). Using an RDP Gateway is highly recommended for restricting
RDP access to desktops and servers (see discussion below). As an alternative to support off-campus
connectivity, you can use the campus VPN software to get a campus IP address and add the campus
VPN network address pool to your RDP firewall exception rule. Visit our page for more information
on the campus VPN service.
5. Enable Network Level Authentication
Windows 10, Windows Server 2012 R2/2016/2019 also provide Network Level Authentication (NLA)
by default. It is best to leave this in place, as NLA provides an extra level of authentication before a
connection is established. You should only configure Remote Desktop servers to allow connections
without NLA if you use Remote Desktop clients on other platforms that don't support it.
 ∙ NLA should be enabled by default onWindows 10, Windows Server 2012 R2/2016/2019. ∙ To
check you may look at Group Policy setting Require user authentication for remote connections
by using Network Level Authentication found at Computer\Policies\Windows Components\
Remote Desktop Services\Remote Desktop Session Host\Security. This Group Policy setting must
be enabled on the server running the Remote Desktop Session Host role. ∙
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop services/clients/remote-
desktop-allow-access(link is external)
6. Limit users who can log in using Remote Desktop
By default, all Administrators can log in to Remote Desktop. If you have multiple Administrator
accounts on your computer, you should limit remote access only to those accounts that need it. If
Remote Desktop is not used for system administration, remove all administrative access via RDP, and
only allow user accounts requiring RDP service. For Departments that manage many machines
remotely remove the local Administrator account from RDP access at and add a technical group
instead.
1. Click Start-->Programs-->Administrative Tools-->Local Security Policy
2. Under Local Policies-->User Rights Assignment, go to "Allow logon through Terminal
Services." Or “Allow logon through Remote Desktop Services”
3. Remove the Administrators group and leave the Remote Desktop Users group.
4. Use the System control panel to add users to the Remote Desktop Users group.

1.4 identification and management of risks of scaling end point devices

including sensors:

Definition: Risk identification is the process of determining risks that could potentially
prevent the program, enterprise, or investment from achieving its objectives. It includes
documenting and communicating the concern. Keywords: risk, risk identification, risk
management.

steps involved in identifying and managing risks?

The 4 essential steps of the Risk Management Process are:

∙ Identify the risk.
∙ Assess the risk.
 ∙ Treat the risk.
∙ Monitor and Report on the risk.
Step 1: Risk Identification
The first step in the risk management process is to identify all the events that can negatively (risk) or
positively (opportunity) affect the objectives of the project:
∙ Project milestones
∙ Financial trajectory of the project
∙ Project scope
These events can be listed in the risk matrix and later captured in the risk register. A risk (or
opportunity) is characterized by its description, causes and consequences, qualitative assessment,
quantitative assessment and mitigation plan. It can also be characterized by who is responsible for its
action. Each of these characteristics are necessary for a risk (or opportunity) to be valid.
In order to be managed effectively, the Risks and Opportunities (R&O) identified must be as precise
and specific as possible. The title of the risk or opportunity must be succinct, self-explanatory and
clearly defined.
All members of the project can and should identify R&O, and the content of these is the responsibility
of the Risk (or Opportunity) Owners. Risk Managers are responsible for ensuring that a formal process
for identifying risks and developing response plans are conducted through exchanges with risk owners.
We will explain each of these roles in further detail in our next article on Risk Management Team
Roles. Below are examples of tools to help identify R&O:
∙ Analysis of existing documentation
∙ Interviews with experts
∙ Conducting brainstorming meetings
∙ Using the approaches of standard methodologies – such as Failure Modes, Effects and Criticality
Analysis (FMECA), cause trees, etc.
∙ Considering the lessons learned from R&Os encountered in previous projects ∙ Using pre-
established checklists or questionnaires covering the different areas of the project (Risk
Breakdown Structure or RBS).

Step 2: Risk Assessment

There are two types of risk and opportunity assessments: qualitative and quantitative. A qualitative
assessment analyzes the level of criticality based on the event’s probability and impact. A quantitative
assessment analyzes the financial impact or benefit of the event. Both are necessary for a
comprehensive evaluation of risks and opportunities.
Qualitative Assessment
The Risk Owner and the Risk Manager will rank and prioritize each identified risk and opportunity by
occurrence probability and impact severity, according to the project’s criticality scales. Evaluating
occurrence probability (P):
This is determined preferably based on experience, the progress of the project, or else by speaking to a
risk expert, and is on a scale of 1 to 99%.
For example, suppose the risk that: “the inability of supplier X to conduct studies on a modification Y
by the end of 2025” is 50% probable. This could be determined from feedback and analysis of the
supplier’s workload.
Evaluating impacts severity (I):
To assess the overall impact, it is necessary to estimate the severity of each of the impacts defined at
the project level. A scale is used to classify the different impacts and their severities. This ensures that
the assessment of the risk and opportunity is standardized and reliable.
The criticality level of a risk or opportunity is obtained by the equation: Criticality = P x I The
purpose of the qualitative assessment is to ensure that the risk management team prioritizes the
response on critical items first.
Quantitative Assessment
In most projects, the objective of the quantitative assessment is to establish a financial evaluation of a
risk’s impact or an opportunity’s benefit, should it occur. This step is carried out by the Risk Owner,
the Risk Manager (with support of those responsible for estimates and figures), or the management
controller depending on the organizational set up in the company. These amounts represent a potential
additional cost (or a potential profit if we are talking about an opportunity) not anticipated in the
project budget.
For this, it is therefore necessary:
∙ To evaluate the additional costs incurred by financially reviewing:
o Hours of internal engineering
o Hours of subcontracting
o Additional work to do
o Amendments and/or claims made to contracts
o Etc.
∙ To calculate the cost of the undesired event’s consequences by adding these values. This step will
make it possible to estimate the need for additional budget for risks and opportunities of the project.
Step 3: Risk Treatment
In order to treat risks, an organization must first identify their strategies for doing so by developing a
treatment plan. The objective of the risk treatment plan is to reduce the probability of occurrence of the
risk (preventive action) and/or to reduce the impact of the risk (mitigation action). For an opportunity,
the objective of the treatment plan is to increase the likelihood of the opportunity occurring and/or to
increase its benefits. Depending on the nature of the risk or opportunity, a response strategy is defined
for the project. The following 7 strategies are possible:

7 Risk Response Strategies

∙ Accept: Do not initiate any action but continue to monitor.
∙ Mitigate/Enhance: Reduce (for a risk) or increase (for an opportunity) the probability of
 occurrence and/or the severity of impact.
∙ Transfer/Share: Transfer responsibility of a risk to a third party who would bear the
consequences of the problem (share the benefits of a realized opportunity).
∙ Avoid/Exploit: Entirely eliminate uncertainty / take advantage of the opportunity. Monitoring
the progress of the treatment plan is the responsibility of the risk owner. They must report regularly to
the risk manager, who must keep the risk register up to date.
Note: The cost of a risk mitigation plan must be integrated into the budget of the
project. When defining a treatment plan:
∙ Each action begins with an action verb and has a clear purpose.
∙ Each action has an actionee and a deadline.
∙ Actions that could generate costs must be tracked and considered in the project. ∙ For example: to
reduce the risk of my car breaking down, a treatment plan could be to have it checked annually by
a repair shop.
When does risk become an issue?

Anticipating Risks and Opportunities

It is possible that, despite the actions put in place to mitigate or prevent it, a risk probability could
increase and reach 100%. Once a risk is confirmed, we no longer refer to it as a risk but as an issue.
The Risk Manager must then inform the various project stakeholders who will relay that a risk has
become an issue and transfer it to the issue log.
Step 4: Risk Monitoring and Reporting
Risks and opportunities and their treatment plans need to be monitored and reported on. The frequency
of this will depend on the criticality of risk/opp. By developing a monitoring and reporting structure it
will ensure there are appropriate forums for escalation and that appropriate risk responses are being
actioned.
What is risk management and risk identification?
Risk identification is the process of documenting any risks that could keep an organization or
program from reaching its objective. It's the first step in the risk management process, which is
designed to help companies understand and plan for potential risks.

risk identification methods?

8 ways to identify risk
∙ Brainstorming. Brainstorming is the act of gathering team members to think about and discuss a
subject and to form solutions to any identified problems. ...
 ∙ Stakeholder interviews. ...
∙ NGT technique. ...
∙ Affinity diagram. ...
∙ Requirements review. ...
∙ Project plans. ...
∙ Root cause analysis. ...
∙ SWOT analysis.
main purpose of risk identification:
∙ The objective of risk identification is to identify all possible risks, not to eliminate risks from
consideration or to develop solutions for mitigating risks—those functions are carried out
during the risk assessment and risk mitigation steps.
5 identified risks?
It is important to identify as many of these risk factors as possible. In a manual environment, these
risks are noted down manually. ...
Step 1: Identify the Risk
∙ Legal risks.
∙ Environmental risks.
∙ Market risks.
∙ Regulatory risks etc.

1.5Crypto resilience:
With cryptocurrency, the transaction cost is low to nothing at all—unlike, for example, the fee for
transferring money from a digital wallet to a bank account. You can make transactions at any time of
the day or night, and there are no limits on purchases and withdrawals. And anyone is free to use
cryptocurrency, unlike setting up a bank account, which requires documentation and other paperwork.
International cryptocurrency transactions are faster than wire transfers too. Wire transfers take about
half a day for the money to be moved from one place to another. With cryptocurrencies, transactions
take only a matter of minutes or even seconds.

1.6Security management of distributed systems:

Security encompasses many things, including authenticating users and data, hiding data contents while
they are at rest (e.g., stored in files) or in motion (moving over a network), destruction of data,
masquerading as another server or user, providing false data (e.g., the wrong IP address for a DNS
query), and physical premises security. We will focus only on a few topics here.
Security in distributed systems introduces two specific concerns that centralized systems do not have.
The first is the use of a network where contents may be seen by other, possibly malicious, parties. The
second is the use of servers. Because clients interact with services (applications) running on a server,
the application rather than the operating system is responsible for authenticating the client and
controlling access to services. Moreover, physical access to the system and the security controls
configured for the operating system may be unknown to the client.
Computer security is about keeping systems, programs, and data secure. It addresses three broad
areas: confidentiality, integrity, and availability. Together, these are referred to as the CIA Triad.
Confidentiality
Confidentiality deals with keeping resources and data hidden from, or inaccessible to,
unauthorized individuales. It is addressed by access control mechanisms in operating systems
or application software. If the data may be accesseed through the file system or visible over a
network, confidentiality is addressed by encrypting the data. An application’s decisions on
whether data should be made accessible to a user depends on identification and authentication
of the user or service.
Integrity
Integrity deals with the trustworthiness of the data or the resources. Integrity mechanisms are
responsible for preventing unauthorized changes to data or detecting that changes have been
made. Integrity mechanisms are used to validate the identity of users, systems, and services
through authentication algorithms.
Availability
Availability is about having access to the data or computing services. It’s the property that a
system is accessible and properly functioning. Accessibility includes fault tolerance, recovery,
and restoration.
Security is a systems issue and pervades the design of an entire system. It’s not a module or add-on
component. Security spans the hardware, firmware, and perating system up through the
applicationsoftware. It includes all the networking and even the users. Security also includes the
processes, procedures, and policies that are defined and implemented to ensure proper access,
availability, and recovery.

1.7Privacy concerns, threats and attacks to IoT

Apart from the malware and MITM attacks discussed above, IoT systems can also be susceptible to
various cyberattacks. Here’s a list of the most common types of attacks on IoT devices:

What Are IoT Attacks?

The IoT landscape includes a host of network-connected devices many of which we use in our daily
lives, including cell phones, smartwatches, smart locks and appliances, cameras, and industrial
equipment and sensors. The entire IoT attack surface is the sum total of the security risk eposure from
these devices and the larger network ecosystem and infrastructure they are embedded within.
IoT devices are essentially “headless” without onboard security features or the ability to install
software. This limitation didn’t matter in traditional operational technology (OT) settings because
they were isolated from the larger IT networks and not connected to the outside world in any way. But
as technology has advanced, so has the interconnectedness of IoT ecosystems with the enterprise
network and the entirety of the internet.
This new connectivity has made IoT and industrial IoT devices a prime target for cyber criminals. IoT
attacks include any cyberattacks that seek to gain access to (or control over) IoT devices with the
intent to either cause harm to the devices or use them in attacks against other targets.
Challenges Associated with IoT Security
Most IoT devices are not designed with security in mind, and many do not have traditional operating
systems or even enough memory or processing power to incorporate security features. Not only that,
but IoT devices are growing in number, with over a million new devices connecting to the internet
each day. The result is a significant quantity of data moving freely between devices and across
network environments, remote offices, mobile workers, and public clouds with minimal visibility,
making it difficult to track and secure this data.
What Are the Risks of IoT?
IoT devices are vulnerable to hijacking and weaponization for use in distributed denial of service
(DDoS) attacks, as well as targeted code injection, man-in-the-middle attacks, and spoofing. Malware
is also more easily hidden in the large volume of IoT data, and IoT devices sometimes even come with
malware already onboard. Further, some IoT devices can be remotely controlled or have their
functionality disabled by bad actors. In fact, swarms of compromised IoT devices can act as swarms
which could really change the game in terms of protecting against these types of attacks.
Additional IoT threats include the following:
1. Convergence of IT, OT, and IoT
IoT devices have become ubiquitous in operational technology (OT); they are used for everything
from sensing temperature and pressure to robotic devices that improve assembly line efficiency.
Historically, OT systems and IT networks were "air-gapped" ; OT was separated from the rest of the
enterprise and not connected to the outside internet. However, as OT and IT have converged, IoT
devices are now regularly connected and accessible from both inside and outside the corporate
network. This new connectivity leaves both the OT and IT networks vulnerable to IoT threats and
requires new, more holistic approaches to security.
2. Botnets
Cyber-crime groups can compromise IoT devices connected to the internet and use them en masse to
carry out attacks. By installing malware on these devices, cyber criminals can commandeer them and
use their collective computing power to take on larger targets in DDoS attacks, send spam, steal
information, or even spy using IoT devices with a camera or sound recording capabilities. Massive
botnets made up of hundreds of thousands or even millions of IoT devices have also been used to
carry out attacks.
3. Ransomware
Ransomware is a form of malware designed to lock files or devices until a ransom is paid. IoT devices,
however, rarely have much – if any – files stored on them. Hence, an IoT ransomware attack is
unlikely to prevent users from accessing critical data (which is what forces the payment of the
ransom). With this in mind, cyber criminals launching IoT ransomware attacks may attempt to lock
the device itself instead, though this can often be undone by resetting the device and/or installing a
patch.
How ransomware truly makes headway in the IoT world is by focusing on critical IoT devices (such as
those used in industrial settings or those upon which significant business operations depend) and
requiring ransoms to be paid in a very short time span (before a device could be properly reset). 4. AI-
based Attacks
Bad actors have been using AI in cyberattacks for over a decade – mostly for social engineering
attacks – though it is only in recent years that this trend has really started to take off. AI is now being
used more broadly across the cyber-crime landscape.
With cyber crime becoming a booming business, the tools needed for building and using AI in
cyberattacks are often available for purchase on the dark web, enabling just about anyone to take
advantage of this technology. AI systems can perform the repetitive tasks required to scale up IoT
threats rapidly, in addition to being able to mimic normal user traffic and avoid detection.
5. IoT Device Detection and Visibility
One difficulty in securing networks with IoT devices is that many such devices are not readily detected
by network security. And if the security system is unable to detect a device, it won’t be able to easily
identify threats to that device. Network security often lacks visibility into these devices and their
network connections, as well. Hence, one of the key pieces in securing a network with IoT is readily
identifying new devices and monitoring them.
Managing IoT Security Threats
Robust IoT security requires integrated solutions that are capable of providing visibility, segmentation,
and seamless protection across the entire network infrastructure. Key features of such a solution
include the following:
∙ Complete network visibility, which makes it possible to authenticate and classify IoT devices,
as well as build and assign risk profiles to IoT device groups.
∙ Segmentation of IoT devices into policy-driven groups based on their risk profiles. ∙
Monitoring, inspection, and policy enforcement based on activity at different points within the
infrastructure.
∙ The ability to take automatic and immediate action if any network devices become
compromised.

IOT Privacy Concerns:

∙ nternet of Things privacy is the special considerations required to protect the information of
individuals from exposure in the IoT environment, in which almost any physical or logical
entity or object can be given a unique identifier and the ability to communicate autonomously
over the Internet or similar network.
∙ As endpoints (things) in the IoT environment transmit data autonomously, they also work in
conjunction with other endpoints and communicate with them. Interoperability of things is
essential to the IoT's functioning so that, for example, networked elements of a home work
together smoothly.
∙ The data transmitted by a given endpoint might not cause any privacy issues on its own.
However, when even fragmented data from multiple endpoints is gathered, collated and
analyzed, it can yield sensitive information.
∙ The idea of networking appliances and other objects is relatively new, especially in terms of the
global connectivity and autonomous data transfer that are central to the Internet of Things. As
such, security has not traditionally been considered in product design, which can make even
everyday household objects points of vulnerability. Researchers at Context Information
 Security, for example, found a vulnerability in a Wi-Fi-enabled light bulb that allowed them to
request its Wi-Fi credentials and use those credentials to get network access.

role of firmware?
∙ Firmware assumes an intermediary role between the hardware and software – including
potential future upgrades of the software. Some firmware (such as the BIOS on a PC) does the
job of booting up a computer by initialising the hardware components and loading the
operating system.
What's an example of firmware?
∙ Examples of firmware include: The BIOS found in IBM-compatible Personal Computers.
Code inside a printer (in addition to the printer driver that is on the computer) Software
controlling a heart defibrillator.
UNIT 2: Security of Wireless Sensor Networks

2.0. Security of Wireless Sensor Networks

2.1. Sensor Node
2.2. Sensor Node Communication Architecture
2.3. Important protocols used in IoT wireless sensor network
(WSN) 2.4. Security aspects of existing protocols

2.5. Attacks on sensor network routing and countermeasures.

2.6. Trust requirements for security protocols for WSNs
2.6.1. SPINS
2.6.2. SNEP and μTESLA protocols
2.6.3. Secure SPINS, LEAP.
2.6.4. TinySEC.
2.6.5. SM.
2.6.6. ZigBee.
2.6.7. (D)TLS, 802.1AR, 802.1X.
2.6.8. Secure LEACH, TLEACH, CSLEACH.
2.6.9. TeenySec.
2.6.10. security features in IPV6 (IPng).
2.0. Security of Wireless Sensor Networks:

∙ Due to significant advances in wireless and mobile communication techniques and the broad
development of potential applications,
∙ Wireless Sensor Networks (WSNs) have attracted great attention in recent years. Nevertheless,
WSNs are formed dynamically by a number of power-limited sensor nodes and the manager
node with long-lasting power.
 ∙ WSNs are self-organized and autonomous systems consisting of common sensors, manager
nodes and back-end data centre.
∙ Common sensors are responsible for transmitting the real-time sensor data of specific
monitoring environment to the intermediate collection nodes called manager node. ∙ Finally, the
back-end data centre will receive the sensed data from manager nodes to do further process and
analysis.
∙ Undoubtedly, all communication between nodes is through the wireless transmission techniques.
∙ Furthermore, due to the property of self-organized, without support from the fixed infrastructure
and the topology of wireless sensor network changes dynamically, therefore, broadcasting is
the general way for communications in WSNs.
∙ Wireless sensor network has been widely used in practical applications, such as monitoring of
forest fire, detection of military purpose, medical or science areas and even in our home life. ∙
However, WSNs are easily compromised by attackers due to wireless communications use a
broadcast transmission medium and their lack of tamper resistance.
∙ Therefore, an attacker can eavesdrop on all traffic, inject malicious packets, replay older
messages, or compromise a sensor node.
∙ Generally, sensor nodes are most worried about two major security issues, which are privacy o
preserving and node authentication.
∙ Privacy means the data confidentiality is achieved under security mechanism, and hence it
allows network communications between sensor nodes and the manager station to proceed
securely.
∙ In addition, a well-structured authentication mechanism can ensure that no unauthorized node is
able to fraudulently participate and get sensitive information from WSNs.

∙ As a result, several schemes have been proposed to secure communications in WSNs.

∙ One of the challenges in WSNs is to provide high-security requirements with constrained
resources. The security requirements in WSNs are comprised of node authentication, data
confidentiality, anti-compromise and resilience against traffic analysis.
∙ To identify both trustworthy and unreliable nodes from a security standpoint, the deployment
sensors must pass a node authentication examination by their corresponding manager nodes
or cluster heads and unauthorized nodes can be isolated from WSNs during the node
authentication procedure.
∙ Similarly, all the packets transmitted between a sensor and the manager node must be kept
secret so that eavesdroppers cannot intercept, modify and analyse, and discover valuable
information in WSNs.

Wireless Sensor Network:

Compared with the traditional communication networks, some characteristics and considerations for
wireless sensor networks are discussed and addressed in the design of WSNs. These are briefly
reviewed in this section.

2.0.1 Characteristics of Wireless Sensor Network:

 1. Non-centralized architecture: In WSNs, the status of every node is identical and no one is
responsible for providing normal services. It is lack of a central administration and every node
can join or disjoin the network any time. Besides, it does not affect the whole sensor network
if some node failed and is reliable for applications with high stable requirement.

2. Self-organized: Because WSNs are characterized as infrastructure-less networks and lack of

fixed infrastructure. Thus, the sensor network is fully constructed by themselves when it is
begin working with some pre-defined layering protocols and distributed algorithms. Once
sensor networks are constructed completely, the sensor data would be collected and send to
back-end system for further processing through the networks they built.

3. Multi-hop routing: The sensor range of nodes in the WSNs is assumed to be limited, so if a
node A would like to communicate with node D, which is out of communication range of node
A. The node B would be an intermediate node and is responsible for transmitting the
communication data to each other between node A and node B. The multi-hops are illustrated

Fig: Organization of WSNs

2.0.2 Consideration of Wireless Sensor Networks:

1.Hardware constraints: This part is related to physical property and many constraints on these areas
have been proposed. For example, limited energy. In addition, due to the influence of limited volume
of the sensor, some sensor can only provide limited storage, limited bandwidth, limited energy and
limited computation ability.

2. Communication: The existing communicating schemes show that there are three main types of
communications in WSNs; including direct, clustering-based, and multi-hops communication. In direct
communication, every sensor node transmits its sensor data to a manager node and the manager node
is responsible for collecting these data to back-end data centre for further processing. In clustering
communication, all sensor nodes are divided into several groups and each cluster head node is
responsible for collecting data within its group. Multi-hops communication is used because the
communication range of a sensor is assumed to be limited and the neighboring sensor nodes maybe
used for transmitting the communication packets to each other on their path between the source node
and the destination node.
3. Scalability: Another consideration is the scalability of sensor networks. In this case, networking
must keep on working whatever the number of sensor nodes are placed will not be affected.

4. Fault tolerance: Due to the influence of applied environment on sensors, many exceptions have
been addressed in sensor networks. For example, sensors may crash, power failure or shut down etc.
Such problems need to be avoided by the strategies of fault tolerance to keep on networking.

5. Fault tolerance: Due to the influence of applied environment on sensors, many exceptions have
been addressed in sensor networks. For example, sensors may crash, power failure or shut down etc.
Such problems need to be avoided by the strategies of fault tolerance to keep on networking.
6. Power saving: When the sensors are distributed to monitor some environments of interest, these
sensors may work over a long span of several weeks even for months. Therefore, how to provide a
mechanism of power saving to extend its lifespan is highly important. In general, there’s too great a
consumption of power during the transmitting message phase.

7. Cost: Depending on the application of sensor network, a large number sensors might be scattered
randomly over an environment, such as weather monitoring. If the overall cost was appropriate for
sensor networks and it will be more acceptable and successful to users which need careful
consideration.

8. Mobility: In clustered (hierarchical) WSNs, sensor nodes are typically organized into many
clusters, with cluster controllers collecting sense data from ordinary sensor nodes in the managed
cluster to the back-end data center. Furthermore, compared to mobile ad hoc networks, when sensor
nodes are randomly deployed in a designated area, they only infrequently move from one cluster to
another, and thus mobility is not a critical issue in WSNs.

9. Sleep pattern: The sleep pattern is highly necessary in WSNs to extend the availability of the
networks. For example, the manager node can set fresh bootstrapping times for live sensors while
other sensor nodes can shut down to save power. Different sensor nodes are operated according to the
bootstrapping times to which they belong and the lifetime of WSNs is therefore extended in a
differentiated way.

10. Security: One of the challenges in WSNs is to provide high-security requirements with
constrained resources. The security requirements in WSNs are comprised of node authentication, data
confidentiality, anti-compromise and resilience against traffic analysis. To identify both trustworthy
and unreliable nodes from a security standpoint, the deployment sensors must pass an node
authentication examination by their corresponding manager nodes or cluster heads and unauthorized
nodes can be isolated from WSNs during the node authentication procedure. Similarly, all the packets
transmitted between a sensor and the manager node must be kept secret so that eavesdroppers cannot
intercept, modify and analyze, and discover valuable information in WSNs.

2.0.3. Security Threats and Requirements in Wireless Sensor Networks:

In addition to the characteristics and considerations mentioned above, security threats and
requirements are also critical for a variety of sensor network applications. In recent years, there are
several security issues in WSNs have been proposed. In this section, we will introduce some security
threats and requirements in WSNs.
Passive attacks: In passive attacks (such as eavesdropping attacks), eavesdroppers can unintrusive
monitor on the communication channel between two communicating nodes to collect and discover
valuable information without disturbing the communication.

Active attacks: active attacks (such as node replication attacks, sybil attacks, wormhole attacks, and
compromised node attacks) can be further classified into two categories: external attacks and internal
attacks. In external attacks (such as sybil attacks and wormhole attacks), a node does not belong to a
sensor network and it can first eavesdrop on packets sent or received by normal participating nodes
for the eventual purpose of malicious tempering, interfering, guessing, or spamming, and then injects
invalid packets to disrupt the network functionalities.
o For sybil attacks, a sensor node can illegitimately claim multiple IDs by either directly forging
false IDs, or else impersonating legal IDs. This harmful attack may lead to serious threats to
distributed storage, routing algorithm and data aggregation.
o For wormhole attacks, the malicious node may be located within transmission range of
legitimate nodes while legitimate nodes are not themselves within transmission range of each
other. Thus, the malicious node can tunnel control traffic between legitimate nodes and
nonexistent links which in fact are controlled by the malicious node. Finally, the malicious
node can drop tunnelled packet or carry out attacks on routing protocols.

Internal attacks (such as node replication attacks and node compromised attacks) are usually caused
by compromised members who are belong to the sensor network in question, and hence internal
attacks are more difficult to safeguard against than external attacks.

o For node replication attacks, when a sensor node is compromised by attackers, they can
directly place many replicas of this compromised node at different areas within the
networks. Thus, attackers may use these compromised nodes to subvert the network
functionalities, for example by injecting false sense data.

o For compromised attacks, due to the lack of tamper resistance in sensor nodes, attackers
may compromise a sensor node and use it to establish communication channels with non
compromised sensors to launch other more serious attacks within the sensor network.

According to the above description of the security threats, we can infer that a secure sensor network
corresponds with the following requirements.
Node authentication: For this requirement, a deployed sensor node proves its validity to its
neighboring sensors and the manger node. Thus, an invalid outsider would be unable to send
malevolent data into the networks and the manager node can confirm that received sensed data has
come from a valid sensor node, not from malicious outsiders. This also implies that a sensor node
joined in WSNs has been authenticated and it has the right to access the sensor network.
Availability: The availability of the network should not be affected even if sensors can only provide
limited storage, limited power, and limited computational ability. Therefore, a mechanism regulating
of sleep patterns is necessary for a sensor to extend its lifetime.

Location awareness: The damage cannot be spread from the victimized area to the entire network by
security attacks even if the sensor node is compromised. A secure communication scheme must limit
the damage’s scope caused by the intruders; the mechanism of location awareness is used for this
purpose.
Key establishment For sensor-to-sensor key establishment, a shared key is established by two
communication nodes to protect communications. Thus, all sensed data transmitted between
participants could be verified and protected even if an attacker eavesdrops on the communications
between nodes or injects illegal sensed data into networks, this requirement still provides an adequate
level of security.

No verification table: The verification tables are not required to be stored inside the manager nodes to
prevent stolen-verifier attacks.

Confidentiality: Path-key establishment in every session must be secure against malicious intruders
even if those attackers collect transmission packets.

Perfect forward secrecy: In a two-party path-key establishment, a scheme is said to have perfect
forward secrecy if revealing of the secret key to an intruder cannot help him/her derive the session
keys of past sessions.

Key revocation: When the back-end system or the manager node decides to terminate a sensor
utilizing task, or when a sensor is lost, the sensor must not be allowed to make use of the credential
which it stores to connect to networks.

Re-keying: By introducing a re-keying mechanism, a manager node can conveniently update a

sensor’s credential without the intervention of back-end system for the purpose of reducing the
communication interactions and management burden on that back-end system.
2.1 Sensor Node:
Wireless Sensor Node

∙ sensor
o – A transducer
▪ a device that is actuated by power from one system and supplies power usually
in another form to a second system a loudspeaker is a transducer that
transforms electrical signals into sound energy.
▪ Transducers are often employed at the boundaries of automation, measurement,
and control systems, where electrical signals are converted to and from other
physical quantities (energy, force, torque, light, motion, position, etc.).
 o – converts physical phenomenon e.g. heat, light, motion, vibration, and sound into
electrical signals.
∙ sensor node
o – basic unit in sensor network
o – contains on-board sensors, processor, memory, transceiver, and power supply. ∙
sensor network
o – consists of a large number of sensor nodes.
o – nodes deployed either inside or very close to the sensed phenomenon.

2.2 Sensor Node Communication Architecture:

∙ Data Aggregation in WSNs

o – Solves implosion and overlap problem
o – Energy efficient
∙ Wireless Sensor Network (WSN) vs. Mobile Ad Hoc Network (MANET)

∙ Characteristics
o Power consumption constraints for nodes using batteries or energy harvesting o
Ability to cope with node failures (resilience)
o Mobility of nodes
o Heterogeneity of nodes
o Scalability to large scale of deployment
o Ability to withstand harsh environmental conditions
 o Ease of use
o Cross-layer design
∙ Factors Influencing WSN Design
o Fault tolerance
o Scalability
o Production costs
o Hardware constraints
o Sensor network topology
o Environment
o Transmission media
o Power Consumption
▪ Sensing
▪ Communication
▪ Data processing
∙ Applications
o Military Applications
o Environmental Applications
o Health Applications
o Home and Office Applications
o Automotive Applications
o Other Commercial Applications

∙ Advantages
o It avoids a lot of wiring
o It can accommodate new devices at any time
o It's flexible to go through physical partitions
o It can be accessed through a centralized monitor
∙ Disadvantages
o Lower speed compared to wired network.
o Less secure because hacker's laptop can act as Access Point. If you connected to their
laptop, they'll read all your information (username, password.. etc).
o More complex to configure than wired network.
o Gets distracted by various elementslike Blue-tooth .
o Still Costly at large.
o It does not make sensing quantities in buildings easier.
o It does not reduce costs for installation of sensors.
o It does not allow us to do more than can be done with a wired system. ∙
 Design Challenges
o Heterogeneity
▪ The devices deployed may be of various types and need to collaborate with
each other.
o Distributed Processing
o The algorithms need to be centralized as the processing is carried out on different
nodes.

∙ Low Bandwidth Communication

o – The data should be transferred efficiently between sensors

∙ Large Scale Coordination

o The sensors need to coordinate with each other to produce required results. ∙
Utilization of Sensors
o The sensors should be utilized in a ways that produce the maximum performance and
use less energy.

∙ Real Time Computation

o The computation should be done quickly as new data is always being generated.

∙ Operational Challenges of Wireless Sensor Networks

o Energy Efficiency
o Limited storage and computation
o Low bandwidth and high error rates
o Errors are common
o Wireless communication
o Noisy measurements
o Node failure are expected
o Scalability to a large number of sensor nodes
o Survivability in harsh environments
o Experiments are time- and space-intensive

2.3 Important Protocols used in IoT Wireless Sensor Network (WSN):

∙ Wireless Sensor Network in IoT is an infrastructure-less wireless network that is used for
deploying a large number of wireless sensors that monitor the system, physical and
environmental conditions.
NETWORKS CONNECTING WIRELESS SENSORS:

To connect Sensors embedded in IoT devices, a communication protocol is used. A low-power wide
area network ,LPWAN, is a type of wireless network designed to allow long-range communications
between these IoT devices.Lora based Wireless Sensor network is widely used. Sub-1 GHz,
Zigbee,Thread etc are also used to connect sensor networks and gateway and data collected from this
sensor network can be sent to cloud using cellular networks such as NBIoT, LTE-M or wifi etc.

WHAT IS LPWAN:
A low-power wide-area network (LPWAN) is a type of wireless telecommunication wide area network
designed to allow long-range communications at a low bit rate among things (connected objects), such
as sensors operated on a battery. A wireless wide area network used primarily for low-power devices is
known as a Low-Power Wide-Area Network (LPWAN). The sensor devices communicate on LPWAN
in Wireless sensor network.
COMMONLY USED LPWAN TECHNOLOGIES:
∙ SUB-1 GHZ
∙ NBIOT
∙ ZIGBEE
∙ LORAWAN
∙ LTE CAT-M1 OR LTE-M
∙ SIGFOX

WIRELESS SENSOR NETWORK (WSN) USING LPWAN TECHNOLOGY:

∙ A Wireless Sensor Network (WSN) is a network of distributed and autonomous devices that use
sensors to track what’s happening around.
∙ The sensor nodes used in WSN systems are integrated with the onboard controllers. ∙ The
complete circuitry manages the operation and monitors it mainly. Everything is connected with
the base station known as the Gateway, where high end processing of data collected from
distributed sensors is done.
∙ All the distributed sensors devices in WSN are mostly connected over a LPWAN technology
and communicate with the gateway.`

HOW DO SENSOR DEVICES COMMUNICATE ON LPWAN?:

∙ A wireless sensor node is equipped with sensing and computing devices, radio transceivers, and
power components.
∙ The individual nodes in a wireless sensor network (WSN) are inherently resource-constrained:
they have limited processing speed, storage capacity, and communication bandwidth. ∙ The sensor
nodes communicate among themselves using radio signals.
∙ After the sensor nodes are deployed, they are responsible for self-organizing an appropriate
network infrastructure often with multi-hop communication with them.
∙ Then the onboard sensors start collecting information of interest.
∙ Wireless sensor devices also respond to queries sent from a control site or the gateway, to
perform specific instructions or provide sensing.
WHAT IS A GATEWAY UNIT IN LPWAN? HOW DOES SENSOR DEVICES
COMMUNICATE WITH GATEWAY IN LPWAN?:

∙ The Gateway acts as a bridge between the WSN or other networks and cloud. ∙ This enables data
to be stored and processed by devices with more resources, in a remotely located server which is
known as a gateway unit.
∙ Edge Computing and Cloud computing both has an important role in IoT Applications. ∙ Gateway
or Edge Gateway is a device that allows the management (control) of the network and aggregates
the information received from the nodes to send real-time or near real-time data to a user
platform.
∙ When the gateway is connected to a local laptop, the user can locally control and monitor the
WSN. Adding a cellular modem (works on LTE, NBIoT, LTE-catM1, etc) or an Internet
modem (works on wifi) to the gateway guarantees remote management and sends data to the
cloud.
∙ The gateway is important because it coordinates the communication aspect of the WSN as well
as its sleeping protocol.
∙ At a given time, the gateway wakes up nodes, data is exchanged, and then the nodes go back to
sleep.
∙ Sleeping is necessary for WSNs to save power.
∙ A sensor node generally spends 90% of its time sleeping.
∙ IoT Gateways manage device connectivity, data filtering, processing, protocol translation,
security etc.
∙ Some of the newer gateways also function as platforms for application code by processing data.

COMMUNICATION OF COLLECTED SENSOR DATA TO THE CLOUD IN LPWAN ∙

IoT Gateway devices sit at the intersection of the cloud and IoT device nodes or sensor devices
connecting over LPWAN.
∙ The data collected from wireless sensor networks or the other IoT devices will be transmitted
through gateways to the cloud.
∙ The received data is then stored in the cloud and from there it is provided as a service to the
users.
∙ Cloud IoT Core is a fully managed service from Google that allows to easily and securely
connect, manage, and ingest data from millions of globally dispersed devices. ∙ Cloud IoT Core
supports two protocols for device connection and communication: MQTT and HTTP.
∙ Devices communicate with Cloud IoT Core across a “bridge” — either the MQTT bridge or the
HTTP bridge. The MQTT/HTTP bridge is a central component of Cloud IoT Core. ∙ When you
create a device registry, you select protocols to enable: MQTT, HTTP, or both. o MQTT is a
standard publish/subscribe protocol that is frequently used and supported by embedded devices,
and is also common in machine-to-machine interactions. o HTTP is a “connectionless” protocol:
with the HTTP bridge, devices do not maintain a connection to Cloud IoT Core. Instead, they
send requests and receive responses. Cloud IoT Core supports HTTP.
VISUALIZING DATA COLLECTED FROM SENSOR DEVICES ON MOBILE APP OR
IOT DASHBOARD:
∙ The data generated from IoT devices is analysed with respect to time.
∙ The timestamp data is processed and this data is pushed to the IoT devices’ cloud storage,
forming a database.
∙ The IoT Dashboard reads the data from the database and creates data visuals for the user. ∙ The
IoT Dashboard is said to be useful only if it can load data efficiently and create visuals from the
database.
∙ Some IoT web apps provide users with an optimised experience by coupling the data (which is
collected through remotely distributed smart devices) with its own database.

LORA BASED WIRELESS SENSOR NETWORK IN IOT:

LoRa based wireless sensor network is a combination of two terms, LoRa (Long Range) and wireless
sensor networks. Now before knowing more about this let us first understand what these two terms
actually mean.

WIRELESS SENSOR NETWORK:

∙ Wireless Sensor Network is defined as a self-configured and infrastructure-less wireless network
that is used to monitor physical and environmental conditions like temperature, sound,
vibration, pressure, motion, pollutants, etc.
∙ The data collected from wireless sensors is passed to the gateway through the network where it
is observed and analysed. And this data is further sent to the cloud.
LONG RANGE :
∙ Long Range (LoRa) is a wireless technology that is capable of offering long range, low power
and a secure data transmission for IoT devices.
∙ It was developed by a French company called Cycleo. LoRa is used to connect sensors,
gateways, machines, devices, etc. wirelessly to the cloud.
∙ It is a chirp based spectrum modulation that has low power characteristics and can be used for
long range communication. LoRa has different operating bands for different regions. They
are-

▪ 915 MHz band for USA

▪ 868 MHz band for Europe
▪ 865 to 867 MHz and 920 to 923 MHz band for Asia

∙ Some key features of LoRa-

▪ Long Range
▪ Low Power
▪ Secure
 ▪ Low Cost
▪ High Capacity

WHY USE A LORA BASED WIRELESS SENSOR NETWORK?

∙ Wireless Sensor Network is a very popular and has a widespread use in the field of IoT. ∙ But
there are primarily two challenges faced by WSN, energy consumption and coverage area.
Recently advancements are being made to enhance the performance of WSN and that is what
gave rise to LoRa based Wireless Sensor Network that uses low energy and has a long range of
coverage.
∙ These features of LoRa based Wireless Sensor Network make it ideal for applications where
the network infrastructure has to work in an autonomous manner for a longer time and over a
wide range of areas.
∙ Today LoRa powered sensor networks can be found in major applications of IoT like smart
homes, smart agriculture, etc. Let’s have a closer look at some of these applications in
detail.

SOME APPLICATIONS OF LORA BASED WIRELESS SENSOR NETWORK

SMART HOME USING LORAWAN:
LoRa based wireless sensor network aims to monitor different devices and sensors and update the user
in real-time. The main focus is on monitoring smoke, humidity, temperature and other environmental
parameters. This system allows remote monitoring and raises an alarm if the value from any sensor
goes beyond the threshold. LoRaWAN ( Long Range Wide Area Network) module connects sensors
to microcontrollers which can be connected over the internet for better communication.

LORA BASED SMART AGRICULTURE:

Many sensors today are being used for collection of various types of agricultural data. But these
sensors can only perform the data collection, they lack effective use and analysis of this data. To solve
this problem an intelligent platform has to be developed. This platform can be used to collect
information from the field and transmit it to remote computers to be analysed. LoRa technology is a
great fit for this as it can transmit data over a long range, it is battery-operated and can be used for
several years without changing the batteries which is very suitable for outdoors like the fields.
2.4 Security aspects of existing protocols:

What are the security protocols used in IoT?

∙ It combines protocols such as MQTT, TCP, 6LoWPAN, and IEEE 802.15. 4, to work on the
application, transport, network, data link, and the physical layer respectively. As the protocol
is a combination of protocols on each layer that is individually secured, it provides robust
security throughout.
THE NETWORK LAYER:
Constrained Nodes
∙ In IoT solutions, different classes of devices coexist.
∙ Depending on its functions in a network, “thing” architecture may or may not offer similar
characteristics compared to a generic PC or server in an IT environment.
∙ Another limit is that this network protocol stack on an IoT node may be required to
communicate through an unreliable path.
∙ Even if a full IP stack is available on the node, this causes problems such as limited or
unpredictable throughput and low convergence when a topology change occurs. ∙ Finally, power
consumption is a key characteristic of constrained nodes.
∙ Many IoT devices are battery powered, with lifetime battery requirements varying from a few
months to 10+ years.
∙ This drives the selection of networking technologies since high-speed ones, such as Ethernet,
Wi-Fi, and cellular, are not (yet) capable of multi-year battery life.
∙ Current capabilities practically allow less than a year for these technologies on battery-powered
nodes. Of course, power consumption is much less of a concern on nodes that do not require
batteries as an energy source.
∙ The power consumption requirements on battery-powered nodes impact communication
intervals.
∙ To help extend battery life, one could enable a “low-power” mode instead of one that is “always
on.” Another option is “always off,” which means communications are enabled only when
needed to send data.
∙ While it has been largely demonstrated that production IP stacks perform well in constrained
nodes. IoT constrained nodes can be classified as follows:
o Devices that are very constrained in resources, may communicate infrequently to
transmit a few bytes, and may have limited security and management capabilities:
This drives the need for the IP adaptation model, where nodes communicate through
gateways and proxies.
o Devices with enough power and capacities to implement a stripped-down IP stack or
non- IP stack: In this case, you may implement either an optimized IP stack and
directly communicate with application servers (adoption model) or go for an IP or
non-IP stack and communicate through gateways and proxies (adaptation model).
o Devices that are similar to generic PCs in terms of computing and power resources but
have constrained networking capacities, such as bandwidth: These nodes usually
 implement a full IP stack (adoption model), but network design and application
behaviours must cope with the bandwidth constraints.
The definition of constrained nodes is evolving. The costs of computing power, memory, storage
resources, and power consumption are generally decreasing. At the same time, networking
technologies continue to improve and offer more bandwidth and reliability. In the future, the push to
optimize IP for constrained nodes will lessen as technology improvements and cost decreases address
many of these challenges.
Constrained Networks:

∙ In the early years of the Internet, network bandwidth capacity was restrained due to technical
limitations.
∙ Connections often depended on low-speed modems for transferring data. However, these low
speed connections demonstrated that IP could run over low- bandwidth networks. ∙ But today, the
evolution of networking has seen the emergence of high-speed infrastructures. ∙ However, high-
speed connections are not usable by some IoT devices in the last mile. ∙ The reasons include the
implementation of technologies with low bandwidth, limited distance and bandwidth due to
regulated transmit power, and lack of or limited network services. ∙ When link layer characteristics
that we take for granted are not present, the network is constrained.
∙ A constrained network can have high latency and a high potential for packet loss. Constrained
networks have unique characteristics and requirements.
∙ In contrast with typical IP networks, where highly stable and fast links are available, constrained
networks are limited by low-power, low bandwidth links (wireless and wired). They operate
between a few kbps and a few hundred kbps and may utilize a star, mesh, or combined
network topologies, ensuring proper operations.
∙ With a constrained network, in addition to limited bandwidth, it is not unusual for the packet
delivery rate (PDR) to oscillate between low and high percentages.
∙ Large bursts of unpredictable errors and even loss of connectivity at times may occur. ∙ These
behaviours can be observed on both wireless and narrowband power-line communication links,
where packet delivery variation may fluctuate greatly during the course of a day. ∙ Unstable link
layer environments create other challenges in terms of latency and control plane reactivity.
∙ One of the golden rules in a constrained network is to “underreact to failure.” Due to the low
bandwidth, a constrained network that overreacts can lead to a network collapse—which
makes the existing problem worse.
∙ Control plane traffic must also be kept at a minimum; otherwise, it consumes the bandwidth that
is needed by the data traffic.
∙ Finally, one has to consider the power consumption in battery-powered nodes. Any failure or
verbose control plane protocol may reduce the lifetime of the batteries.
∙ To summarize, constrained nodes and networks pose major challenges for IoT connectivity in
the last mile. This in turn has led various standards organizations to work on optimizing
protocols for IoT.
IP Versions
For 20+ years, the IETF has been working on transitioning the Internet from IP version 4 to IP version
6. The main driving force has been the lack of address space in IPv4 as the Internet has grown. IPv6
has a much larger range of addresses that should not be exhausted for the foreseeable future. Today,
both versions of IP run over the Internet, but most traffic is still IPv4 based.
While it may seem natural to base all IoT deployments on IPv6, you must take into account current
infrastructures and their associated lifecycle of solutions, protocols, and products. IPv4 is entrenched
in these current infrastructures, and so support for it is required in most cases. Therefore, the Internet
of Things has to follow a similar path as the Internet itself and support both IPv4 and IPv6 versions
concurrently.
Techniques such as tunnelling and translation need to be employed in IoT solutions to ensure
interoperability between IPv4 and IPv6. A variety of factors dictate whether IPv4, IPv6, or both can be
used in an IoT solution. Most often these factors include a legacy protocol or technology that supports
only IPv4. Newer technologies and protocols almost always support both IP versions. The following
are some of the main factors applicable to IPv4 and IPv6 support in an IoT solution:

• Application Protocol:
IoT devices implementing Ethernet or Wi-Fi interfaces can communicate over both IPv4 and IPv6,
but the application protocol may dictate the choice of the IP version. For example, SCADA protocols
such as DNP3/IP (IEEE 1815), Modbus TCP, or the IEC 60870-5-104 standards are specified only for
IPv4. So, there are no known production implementations by vendors of these protocols over IPv6
today. For IoT devices with application protocols defined by the IETF, such as HTTP/HTTPS, CoAP,
MQTT, and XMPP, both IP versions are supported. The selection of the IP version is only dependent
on the implementation.

• Cellular Provider and Technology:

IoT devices with cellular modems are dependent on the generation of the cellular technology as well as
the data services offered by the provider. For the first three generations of data services—GPRS, Edge,
and 3G— IPv4 is the base protocol version. Consequently, if IPv6 is used with these generations, it
must be tunneled over IPv4. On 4G/LTE networks, data services can use IPv4 or IPv6 as a base
protocol, depending on the provider.

• Serial Communications:
Many legacy devices in certain industries, such as manufacturing and utilities, communicate through
serial lines. Data is transferred using either proprietary or standards based protocols, such as DNP3,
Modbus, or IEC 60870-5-101. In the past, communicating this serial data over any sort of distance
could
be handled by an analog modem connection. However, as service provider support for analog line
services has declined, the solution for communicating with these legacy devices has been to use local
connections. To make this work, you connect the serial port of the legacy device to a nearby serial port
on a piece of communications equipment, typically a router. This local router then forwards the serial
traffic over IP to the central server for processing. Encapsulation of serial protocols over IP leverages
mechanisms such as raw socket TCP or UDP. While raw socket sessions can run over both IPv4 and
IPv6, current implementations are mostly available for IPv4 only.

• IPv6 Adaptation Layer:

IPv6-only adaptation layers for some physical and data link layers for recently standardized IoT
protocols support only IPv6. While the most common physical and data link layers (Ethernet, Wi-Fi,
and so on) stipulate adaptation layers for both versions, newer technologies, such as IEEE 802.15.4
(Wireless Personal Area Network), IEEE 1901.2, and ITU G.9903 (Narrowband Power Line
Communications) only have an IPv6 adaptation layer specified. This means that any device
implementing a technology that requires an IPv6 adaptation layer must communicate over an IPv6-
only sub network. This is reinforced by the IETF routing protocol for LLNs, RPL, which is IPv6 only.

6LoWPAN
While the Internet Protocol is key for a successful Internet of Things, constrained nodes and
constrained networks mandate optimization at various layers and on multiple protocols of the IP
architecture. Some optimizations are already available from the market or under development by the
IETF.

Optimizing IP for IoT Using an Adaptation Layer

∙ In the IP architecture, the transport of IP packets over any given Layer 1 (PHY) and Layer 2
(MAC) protocol must be defined and documented.
∙ The model for packaging IP into lower-layer protocols is often referred to as an adaptation layer.
∙ Unless the technology is proprietary, IP adaptation layers are typically defined by an IETF
working group and released as a Request for Comments (RFC).
∙ An RFC is a publication from the IETF that officially documents Internet standards,
specifications, protocols, procedures, and events. For example, RFC 864 describes how an
IPv4 packet gets encapsulated over an Ethernet frame, and RFC 2464 describes how the same
function is performed for an IPv6 packet.
∙ IoT-related protocols follow a similar process. The main difference is that an adaptation layer
designed for IoT may include some optimizations to deal with constrained nodes and networks. ∙
The main examples of adaptation layers optimized for constrained nodes or “things” are the
ones under the 6LoWPAN working group and its successor, the 6Lo working group. ∙ The
initial focus of the 6LoWPAN working group was to optimize the transmission of IPv6 packets
over constrained networks such as IEEE 802.15.4.
 Comparison of an IoT Protocol Stack Utilizing 6LoWPAN and an IP Protocol

Stack 2.5 Attacks on sensor network routing and countermeasures:

∙ Wireless Sensor Networks have the main factor which makes the network vulnerable is its
broadcast nature of transmission.
∙ WSNs are susceptible to broad range of security attacks due to wireless nature of
communication. Because of broadcast nature of communication always there is threat of
attacks.
∙ Furthermore, as sensor nodes are often placed in open environment so there is bonus threat of
physical or natural attacks, because they are not physically protected. Attacks in WSN..

o Sinkhole Attack: Sinkhole attack is basically the attack in which opponents try to
attract the whole traffic of the particular network. It takes place by when a
compromised
node creates centre of attraction for other nodes and attracts whole traffic. This takes
place only with the help of a compromised node.
o Selective forwarding: In selective forwarding attack the compromised node forward
only selected data packets not all to the receiver.
o Wormhole Attack: In wormhole attack the attacker records data packets in one
location and then stores those data packets in another location in order to retransmit
them later in the network.
o Hello flood attack: In hello flood attack an attacker sends a hello packet to the receiver
nodes, which is an attempt to make fool to the sensor nodes that this hello message is
send by the base station. This hello packet works as a weapon to convince other sensor
nodes
o Sybil Attack: In Sybil attack a node itself presents in many duplicate identities. This
attack basically goals to fault tolerant schemes such as multi-path routing and
topology maintenance and distributed storage.
o Message corruption: In this attack the attacker does modification in the message
during the transmission, this disturbs the integrity of the network.
o Denial of Service Attack: Denial of service attack (DoS) is a clear effort to prevent the
 genuine user of a service or data. The ordinary technique of attack involves
overloading the target system with requests, so that it cannot service to genuine traffic.
This attack stops services for genuine users. The examples of attack are: Jamming,
Tapering, collision, homing, flooding, etc.
o Node malfunction: If a data-aggregating node such as a cluster leader is a malfunction
node then it will produce the inaccurate data that can harm the integrity of sensor
network.
o Node Outage: The situation when a node stops working is known as node outage. It
may be very much harmful if the victim node is the master node in the network. o Node
Subversion: If the node is captured by an attacker then there is threat of disclosure of
some secret data like cryptographic keys and therefore compromise the whole sensor
network. Any sensor node might be hacked, and secret information (key) accumulated on
it might be acquire by the attacker.
o False node: When an attacker adds an extra node in any network in order to inject
malicious data, comes under the category of false node. With the help of this false
node an intruder may add some false data which may disturb the communication.
Malicious code injected in the network with the help of false node could spread to all
nodes, which can harm whole network.
o Pulse delay attack: There may arise the problem when any intruder or snoopers snoops
the message transmission between two nodes, it may store the message pulses and
then
retransmits the message after some modifications. This problem is known as pulse
delay attack.
o Node Replication Attack: In node replication attack as name implies a replicated copy
of a node is added to the network. An attacker adds a replicated node in a sensor
network by copying node ID and other details related to their identity. This malicious
node may be dangerous for the sensor network because by inserting this node attacker
can manipulate a specific network segment or even it can destroy the network.
o Traffic Analysis: If the message which is transferred is encrypted then also there is risk
of malicious harm. This harm can be possible when the intruder continuously study
the communication pattern. This study can give enough information to intruder to
harm the network.
o Camouflages Adversaries: Any attacker can insert a malicious node in the network or
can compromise a node in order to attract the data packets of the network and then
these packets can be misrouted or can be altered.
o Monitoring & Eavesdropping: This is the most widely recognized assault to
protection. Snooping is the process by which, the opponent can easily get the message
contents. Some times when nodes are communicating information about controls then
eavesdropping is very harmful.

Countermeasures:
2.6. Trust requirements for security protocols for WSNs :
SPINS: SPINS Security Protocol for Sensor Networks:
∙ To study in detail the security protocol for sensor networks. We will go through the following
topics while studying security protocol for sensor networks security for sensor networks,
proposed techniques, application, related work, discussion.
∙ Today sensor network are being widely used in many applications such as real-time traffic
monitoring, military applications, emergency and critical system.
∙ Let us have a look at how security for sensor network is maintained.

▪ a.) Data Authentication

▪ b.) Data Confidentiality

 ▪ c.) Data Integrity

▪ d.) Data Freshness

∙ There are some challenges faced in security protocol for sensor networks. The is faced in
resource constraints. Resources are been limited in terms of energy, computation, memory,
code size, communication, energy consuming communication. Now let us understand how
SPINS contributes in building protocols.
o a.) SNEP

o SNEP is sensor network protocol and it provides sensor network encryption protocol
and secure point to point communication. SNEP has some important factors data
confidentiality, data authentication, replay protection, weak protection, weak
freshness, low communication overhead.
o b.) µTESLA
o µTESLA is micro timed efficient stream loss-tolerant Authentication. It provides
broadcast authentication. Problems with µTESLA is digital signatures for initial packet
authentication, limited overhead 24bytes per packet, passing one-way key chain is too big
the key is passed from base station to all the nodes through network. Let is now study the
factors essential for system.
▪ a.) Communication Pattern
∙ Communication in the sensor networks takes place from node to base
station, from base station to node, base station to all nodes.
▪ b.) Base Station
∙ A base station is a component or factor which has sufficient memory
and power, and shares secret key with each node while
communication.
▪ c.) Node
∙ Node in a network is a component which has limited resource and
limited trust.
∙ Drawbacks in the above stated is in µTESLA there is need of initial key for each node which
will probably lead to intensive communication. Spins uses source routing so it is not
vulnerable for analysing traffic.

∙ LEAP security protocol

o LEAP was introduced by Cisco Systems back in the year 2000. The aim of this was to
counter some of the earlier vulnerabilities suffered by previous authentication
technologies (CHAP and PAP). Even though attacks against the LEAP protocol were
previously known, Cisco maintained for a long time that the protocol was secure if
users could implement complex passwords. However, much safer protocols were
introduced that included EAP-TLS, EAP-TTLS and PEAP.
o LEAP is designed to provide more secure authentication for 802.11 WLANs (wireless
 local area networks) that support 802.1X port access control.
o LEAP uses dynamic Wired Equivalent Privacy (WEP) keys that are changed with more
frequent authentications between a client and a RADIUS server.

2.6.4. TinySEC:

∙ What is TinySec?
■ Link-layer security architecture for wireless sensor networks
∙ Why do we need TinySec?
■ Sensor Networks need a way to communicate securely
■ Wireless inherently insecure due to it’s broadcast nature
■ Existing secure protocols are too bloated for wireless sensor networks
∙ Sensor networks have limited computational resources, battery life and
communication capabilities
Contributions:

∙ TinySec is the first fully-implemented link-layer security protocol for wireless sensor networks
■ TinySec is implemented in official TinyOS release

∙ Tradeoffs between performance, transparency and security are discussed

■ The authors try to balance this tradeoff for the application (wireless sensor networks) ∙
Bandwidth, latency and power consumption are analyzed for TinySec

■ It is feasible to implement this in software

∙ TinySec is a basis for higher level security protocols

Sensor Networks:

∙ Heterogeneous system of sensor with general-purpose computing elements ∙

Most networks will consist of hundreds or thousands of sensors

∙ Generally used to collection some information about an environment

Representative Hardware:
∙ Mica2
■ Several cubic inches
■ 8 MHz 8-bit Atmel CPU
■ 128 kB instruction memory
■ 4 kB RAM (data)
■ 512 kB flash memory
■ 19.2 kbps radio with a range of ~100 meters
■ Operates for ~ 2 weeks at full power
■ Run TinyOS
 ■

Security Risks & Threat Models:

∙ Broadcast medium
■ Adversaries can listen to data, intercept data, inject data and alter transmitted data ∙
What TinySec does

■ Guarantee message authenticity, integrity and confidentiality

∙ What TinySec doesn’t protect against
■ Resource consumption attacks
■ Physical tamper resistance
■ Node capture attacks
Link-Layer vs End-to-End:
∙ End-to-end security
■ Typical approach in wired networks
■ Packets are encrypted by the sender and decrypted by the receiver
■ Nodes relaying the message don’t decrypt the message, relay as-is
■ Transport layer
∙ Link-layer security
■ Each physical transmission of the packet gets encoded and decoded
■ Data link layer

Why Link-Layer Security?

∙ Sensor networks typically have a many-to-one architecture
■ All sensors transmit their readings to the base station
■ Ideally duplicate messages (from different sensors) will be dropped
■ Link-layer architecture needed

∙ Link-layer architecture detects “bad” packets immediately

■ Saves resources

Design Goals: Security:

∙ Access Control
■ Unauthorized parties should not be able to participate
■ Solution: MAC code
 ∙ Message Integrity
■ If a message is modified in transit, it needs to be detected
■ Solution: MAC code

∙ Message Confidentiality
■ Information needs to be kept private from unauthorized parties
■ Solution: Encryption

Design Goals: Security (Omission):

∙ Replay Protection
■ An unauthorized party resends a legitimate packet which it overheard at a later time
■ Typical defense: associate counter with each message
■ Problem: state needs to be kept for this and we don’t have the resources for this
■ Solution: Let a higher level protocol deal with this if it is a problem

Design Goals: Performance:

∙ Overhead
■ Increase in message length

∙ Decrease throughput
∙ Increase latency

∙ Increase power consumption

■ Increase in computation (encryption)
∙ Increase power consumption

∙ 8 bytes is ~25% of packet size

■ Traditional security protocols use 8-16 bytes at least

Design Goals: Ease of Use:

∙ Higher level security protocols will rely on TinySec

∙ Transparency
■ TinySec should be transparent to the application developer when in use

∙ Portability
■ TinySec should support different CPU and radio hardware
■ Any necessary porting should be as painless as possible

Security Primitives: MAC:

∙ Message Authentication Code (MACs)

■ Solution to message authenticity and integrity
 ■ Cryptographically secure CRC
■ Sender and Receiver share a private key
■ Sender computes MAC over message using private key and includes it in the packet
■ Receiver does the same, if MAC computed is different from MAC in the message,
receiver rejects the message

Security Primitives: Initialization Vectors

∙ Initialization Vectors (IVs)
■ Encryption mechanism
■ Side input to encryption algorithm
■ Helps to achieve Semantic Security
∙ Adversaries should have no better than a 50% chance at guessing any yes/no
question about a message
■ IV adds variation to Encryption
∙ Important when encrypted messages vary little
■ IV is publicly included as part of message
■ Tradeoff on IV length of overhead vs resource usage

TinySec Design:
∙ TinySec-AE
■ Authentication & Encryption
■ MAC computed over encrypted data and the packet header
■ Ensures data received is from a trusted node
■ Prevents adversaries from seeing data
∙ TinySec-Auth
■ Authentication Only
■ Only ensure data received is from a trusted node
■ Good when data does not need to be private
TinySec Encryption:
∙ Encryption Scheme
■ Cipher block chaining (CBC)
∙ IV format
■ 8 byte IV
■ Want to minimize overhead while getting enough security
■ Part of IV is a counter
■ More on this later…
Encryption Algorithm Options:
∙ Stream ciphers
■ Faster than block ciphers (good!)
■ If we ever use the same IV, it is highly likely both messages can be decrypted (bad!) ∙
We have limited resources to vary the IV

∙ Must use a block cipher algorithm

∙ Block ciphers
■ Keyed pseudorandom permutation over bit strings
■ Operates on blocks of data (message broken up into blocks)

More on Block Ciphers:

∙ Good MAC algorithms use block cipher-s
■ Two bird with one stone (save code space)
∙ Mode of operation
■ Counter (CTR)
∙ Similar to stream ciphers – reject
■ Cipher block chaining (CBC)

∙ Can be made to work with IVs that may repeat

■ XOR encryption of message length with first plaintext block
∙ Examples include:
■ DES, AES, RC5, Skipjack
■ Skipjack chosen due to licensing issues and practicality of software implementation

Packet Format:

Packet Format Explained:

∙ Destination, AM and length sent unencrypted
■ Used for early rejection of messages
■ Only data is encrypted (TinySec-AE)

∙ Take 2 bytes for CRC and put them toward 4 bytes used for MAC (+2 bytes) ■
MAC computed over entire packet (data + header)
 ∙ Group field dropped (-1 byte)
■ Differentiates between multiple sensor networks
■ MAC does this for us
∙ TinySec-AE additional fields (+4 bytes)
■ src – source address
■ ctr – counter
■ These add variability to the IV

Security Analysis:
∙ Message Integrity and Authenticity
■ Based on MAC length (4 bytes for TinySec)
■ 1 in 2^32 chance to guess it
■ Adversary must send 2^32 packets to correctly fake a message
■ This is not OK for regular networks, given our data rate, this is ok

∙ It would take 20 months to send this many packets at 19.2kb/s

∙ (What if hardware improves significantly?)
∙ (How will TinySec keep up?)

∙ (Authors argue that the trend is not in this direction)

Security Analysis:

∙ Message Confidentiality
■ Security based on IV length, assuming no reuse

∙ 8 byte counter or 16 byte random would be sufficient

■ However, we have an 8 byte total IV
∙ 2 Destination, 1 AM, 1 Length, 2 Source and 2 Counter
∙ Try to maximize packets each node can send before global reuse of an IV ■
Each node can send 2^16 packets before IV reuse

∙ Assume same destination, AM and length

∙ At 1 packet per minute -> reuse will not occur for 45 days
∙ (Again, what if this changes?)
■ IV reuse only problem when using same private key

Keying Mechanisms:
∙ How do we distribute private keys to trusted nodes?
∙ Keys preconfigured

∙ Network-wide
■ 1 key for all nodes in the network
 ∙ Per-link
■ Each pair of nodes that communicate share a key

∙ Per-group
■ Each set of nodes that communicate share a key
∙ (Slightly off topic, but relevant to making the system work)

2.6.5. SM:
2.6.6. ZigBee:
∙ Zigbee is wireless PAN (Personal Area Network) technology developed to support automation,
machine-to-machine communication, remote control and monitoring of IoT devices. It evolved
from IEEE 802.15.4 wireless standard and supported by the ZigBee Alliance.
∙ Zigbee is considered to be a secure wireless communication protocol, with security architecture
built in accordance with IEEE 802.15. 4 standards. Security services provided by Zigbee
include key establishment, key transportation and frame protection via symmetric
cryptography.
However, Zigbee security features are based on certain assumptions:

∙ Zigbee assumes an “open trust” model. The protocol stack layers trust each other. The
layer that originates a frame is responsible for its security.
∙ The security services cryptographically protect the interfaces between different devices
only.
∙ Interfaces between different stack layers in the same device are arranged non
cryptographically.
∙ The secret keys are not discovered during key-transport. An exception to this is during
pre-configuration of a new device, in which a single key may be sent unprotected.
∙ Availability of almost perfect random number generators.
∙ Availability of tamper-resistant hardware.

Zigbee security models

There are two types of security models in Zigbee networks, as presented in Figure 6. They mainly
differ according to the implemented mechanism, how new devices are admitted into the network and
how they protect the messages in the network – Centralized security network and Distributed security
network.

1. Centralized Security model is complex but more secure and involves the Trust Center
(network coordinator). Only Zigbee Coordinators with Trust Center can establish
centralized networks. Nodes join the network, receive the network key and establish
unique link key with Trust Center. The Trust Center is responsible for:

∙ Configuring and authenticating routers and end devices that join the network. ∙
Generating network key to be used for encrypted communication across the network.
∙ Periodically or as required, switching to a new network key, as a security protection
method. If an attacker acquires a network key, it will have a limited lifetime.
∙ Establishing a unique link key for each device, as they join the network.
 ∙ Maintaining the overall security of the network.

1. Distributed security model is simple, but less secure. This model supports only routers and
end devices. Routers find their role in formatting the distributed network and they are
responsible for sign up of other routers and end devices. Routers publish network keys
(used to encrypt messages) to newly joined routers and end-devices. All the nodes in the
network use the same network key for encrypting messages. Also, all nodes are pre
configured with a link key (used to encrypt the network key) before entering the network,
as there is no Coordinator and Trust Center.

2.6.7. Datagram Transport Layer Security

∙ Datagram Transport Layer Security (DTLS) protocol.
∙ DTLS allows client/server applications to communicate over the Internet in a way that is
designed to prevent eavesdropping, tampering, and message forgery.
∙ The DTLS protocol is intentionally based on the Transport Layer Security (TLS) protocol and
provides equivalent security guarantees.
∙ Datagram semantics of the underlying transport are preserved by the DTLS protocol. ∙ DTLS
is a standardised protocol which is built into all browsers that support Web Real-Time
Communication, and is one protocol consistently used in web browsers, email, and VoIP
platforms to encrypt information.

802.1AR:( 802.1AR: Secure Device Identity)

∙ IEEE Standard for Local and metropolitan area networks–Secure Device Identity ∙ A Secure
Device Identifier (DevID) is cryptographically bound to a device and supports authentication of
the device's identity.
∙ Local Area Networks (LANs) are often deployed in networks that provide publicly accessible
services or cannot be completely physically secured.
∙ Protocols that configure, manage, and regulate access to these networks typically run over the
networks themselves.
∙ Secure and predictable network operation depends on authenticating each device attached to and
participating in the network, so that the degree of trust and authorization to be accorded to that
device by its communicating peers can be determined.
∙ Authentication of a human user, through a credential known to or possessed by that user, is often
used to authenticate devices such as laptop personal computers, but many network devices are
 designed for unattended autonomous operation and do not support user authentication.
∙ This standard specifies Secure Device Identifiers (DevIDs) designed to be used as interoperable
secure device authentication credentials with Extensible Authentication Protocol (EAP) and
other industry standard authentication and provisioning protocols.
∙ A standardized device identity facilitates interoperable secure device authentication and
simplifies secure device deployment and management.

IEEE 802.1X:
∙ Devices attempting to connect to a LAN or WLAN require an authentication mechanism. IEEE
802.1X, an IEEE Standard for Port-Based Network Access Control (PNAC), provides
protected authentication for secure network access.

∙ ∙ An 802.1X
network is different from home networks in one major way; it has an authentication server called
a RADIUS Server. It checks a user's credentials to see if they are an active member of the
organization and, depending on the network policies, grants users varying levels of access to the
network.
∙ This allows unique credentials or certificates to be used per user, eliminating the reliance on a
single network password that can be easily stolen.
∙ 802.1X is a network authentication protocol that opens ports for network access when an
organization authenticates a user's identity and authorizes them for access to the network. ∙ The
user's identity is determined based on their credentials or certificate, which is confirmed by the
RADIUS server. The RADIUS server is able to do this by communicating with the organization's
directory, typically over the LDAP or SAML protocol.
KEY TAKEAWAYS

∙ 802.1X is an authentication protocol to allow access to networks with the use of a RADIUS
server.
∙ 802.1X and RADIUS based security is considered the gold standard to secure wireless and
wired networks today.

Secure LEACH, TLEACH, CSLEACH:

∙ LEACH (Low-Energy Adaptive Clustering Hierarchy) is a routing protocol for wireless sensor
networks in which:
o The base station (sink) is fixed
o Sensor nodes are homogenous
∙ LEACH conserves energy through:
o Aggregation
o Adaptive Clustering
Existing Routing Protocols:
▪ LEACH is compared against three other routing protocols:

– Direct-Transmission

• Single-hop

– Minimum-Transmission Energy

• Multi-hop

– Static Clustering

• Multi-hop

Direct-Transmission:

▪ Each sensor node transmits directly to the sink, regardless of distance ▪ Most

efficient when there is a small coverage area and/or high receive cost

Sensor Status after 180 rounds with 0.5J/node

Minimum Transmission Energy (MTE):

▪ Traffic is routed through intermediate nodes
– Node chosen by transmit amplifier cost
– Receive cost often ignored
▪ Most efficient when the average transmission distance is large and Eelec is low
Sensor Status after 180 rounds with 0.5J/node

Static Clustering:

▪ Indirect upstream traffic routing

▪ Cluster members transmit to a cluster head
– TDMA
▪ Cluster head transmits to the sink
– Not energy-limited
 ▪ Does not apply to homogenous environments

2.6.9. TeenySec:
∙ A Wireless Sensor Network (WSN) link layer security protocol called TeenySec. ∙ WSNs are
caused by a lot of vulnerability because of factors such as hardware constraints of the sensor
nodes, wireless communication medium, real-time computing, heterogeneous
structure, large number of nodes, scalability, mobility, weight and cost requirements of
application environment.

∙ In sensitive WSN applications like surveillance of enemy lines or border areas, security
protocols must be used which provide confidential data transfer from sensors to base station. ∙
new data link layer protocol is developed which is called TeenySec.

∙ TeenySec provides data confidentiality, data integrity, data freshness and data authentication
and is also energy efficient.

2.6.10. security features in IPV6 (IPng):

 UNIT-3
Integrating Security in IoT Ecosystem

3.1. Building Security in design and development, secure design 3.2.

Threat modelling, impact assessment
3.3. Security system integration
3.3.1 framework
3.3.2 Secure APIs
3.3.3 Cryptography
3.3.4 Authentication
3.4. Identity and access management
3.5. Security monitoring
3.6. Secure gateway and network configurations 3.7.
Managing roles and attributes
3.8. IoT penetration testing tools and techniques.
3.1. Building Security in design and development, secure design

IoT Design Methodology – Steps

Step 1: Purpose & Requirements Specification • The first step in IoT system design methodology is to
define the purpose and requirements of the system. In this step, the system purpose, behavior and
requirements (such as data collection requirements, data analysis requirements, system management
requirements, data privacy and security requirements, user interface requirements, ...) are captured.
Step 2: Process Specification • The second step in the IoT design methodology is to define the process
specification. In this step, the use cases of the IoT system are formally described based on and derived
from the purpose and requirement specifications.

Step 3: Domain Model Specification • The third step in the IoT design methodology is to define the
Domain Model. The domain model describes the main concepts, entities and objects in the domain of
IoT system to be designed. Domain model defines the attributes of the objects and relationships
between objects. Domain model provides an abstract representation of the concepts, objects and
entities in the IoT domain, independent of any specific technology or platform. With the domain
model, the IoT system designers can get an understanding of the IoT domain for which the system is
to be designed.

Step 4: Information Model Specification • The fourth step in the IoT design methodology is to define
the Information Model. Information Model defines the structure of all the information in the IoT
system, for example, attributes of Virtual Entities, relations, etc. Information model does not describe
the specifics of how the information is represented or stored. To define the information model, we
first list the Virtual Entities defined in the Domain Model. Information model adds more details to the
Virtual Entities by defining their attributes and relations.

Step 5: Service Specifications • The fifth step in the IoT design methodology is to define the service
specifications. Service specifications define the services in the IoT system, service types, service
inputs/output, service endpoints, service schedules, service preconditions and service effects.

Step 6: IoT Level Specification • The sixth step in the IoT design methodology is to define the IoT
level for the system.

Step 7: Functional View Specification • The seventh step in the IoT design methodology is to define
the Functional View. The Functional View (FV) defines the functions of the IoT systems grouped into
various Functional Groups (FGs). Each Functional Group either provides functionalities for interacting
with instances of concepts defined in the Domain Model or provides information related to these
concepts.
Step 8: Operational View Specification • The eighth step in the IoT design methodology is to define
the Operational View Specifications. In this step, various options pertaining to the IoT system
deployment and operation are defined, such as, service hosting options, storage options, device
options, application hosting options, etc

Step 9: Device & Component Integration • The ninth step in the IoT design methodology is the
integration of the devices and components.
Step 10: Application Development • The final step in the IoT design methodology is to develop the

IoT application.

Embedded Computing Logic:

∙ It is essential to know about the embedded devices while learning the IoT or building the
projects on IoT.
∙ The embedded devices are the objects that build the unique computing system. These systems
may or may not connect to the Internet.
∙ An embedded device system generally runs as a single application. However, these devices can
connect through the internet connection, and able communicate through other network
devices.
 ∙ First developed in the 1960s for aerospace and the military, embedded computing systems
continue to support new applications through numerous feature enhancements and cost- to
performance improvements of microcontrollers and programmable logic devices.
∙ Today, embedded computing systems control everyday devices which we don’t generally think
ofas “computers”: digital cameras, automobiles, smart watches, home appliances, and even
smart garments. These embedded computing systems are commonly found in consumer,
industrial, automotive, medical, commercial, and military applications.
∙ Unlike general-purpose computers, embedded control systems are typically designed to perform
specific tasks. The embedded computing system designer’s task is to identify the set of
components that will implement the system’s functional, performance, usability, and reliability
requirements, typically within tight cost and development timeline constraints.
∙ Accordingly, the selection of a microcontroller and its characteristics, including data processing
capabilities, speed, peripherals, and power consumption, is one of the earliest and most
critical aspects of system design.
∙ Part of the designer’s responsibility involves being aware of trends in their particular industry
and taking advantage of relevant components and techniques .
∙ Let’slook forexamples among the top industriesfor microcontroller applications,
the Internet of Things.

Embedded System Hardware:

∙ The embedded system can be of type microcontroller or type microprocessor. Both of these
types contain an integrated circuit (IC).
∙ The essential component of the embedded system is a RISC family microcontroller like
Motorola 68HC11, PIC 16F84, Atmel 8051 and many more.
∙ The most important factor that differentiates these microcontrollers with the microprocessor like
8085 is their internal read and writable memory.
∙ The essential embedded device components and system architecture are specified below.
Embedded System Software:
∙ The embedded system that uses the devices for the operating system is based on the language
platform, mainly where the real-time operation would be performed.
∙ Manufacturers build embedded software in electronics, e.g., cars, telephones, modems,
appliances, etc.
∙ The embedded system software can be as simple as lighting controls running using an 8-bit
microcontroller.
∙ It can also be complicated software for missiles, process control systems, airplanes etc.
Microcontrollers for Embedded Computing with IoT Devices
∙ IoT devices are meant to be inexpensive, therefore the microcontroller needs to be chosen so
that its capabilities are not underutilized by the application.
∙ The microcontroller specifications that determine the best part for your application are: o
Bit depth: The register and data path width impactsthe speed and accuracy with which
microcontrollers can perform non-trivial computations.
o Memory: The amount of RAM and Flash in a microcontroller determines the code size
and complexity the component can support at full speed. Large memories have larger
die area and component cost.
o GPIO: These are the microcontroller pins used to connect to sensors and actuators in
the system. These often share their functionality with other microcontroller
peripherals, such as serial communication, A/D, and D/A converters.
o Power consumption: Power consumption is critically important for battery-operated
devices and it typically increases with microcontroller speed and memory size.

System on Chips:
∙ System on Chip in IoT designed by Redpine Signals is discussed below.This IoT SoC supports
WLAN, bluetooth and Zigbee systems on a single chip. It also supports 2.4 and 5GHz radio
 frequencies.

∙ As we know IoT is the technology which will provide communication between things,
between things and people using internet and IP enabled protocols.
∙ As we have seen in IoT tutorial any IoT compliant system will have two major parts viz.
front end and back end.
∙ Front end provides connectivity with physical world and consists of sensors while backend
consists of processing and network connectivity interfaces.
∙ Typical IoT system on chip support more than one RATs (Radio Access Technologies). It
will have following modules.
• Transmit and receive switch.
• RF part mainly consistsof Trasmitter, receiver, oscillator and amplifiers.
• Memoriesi.e. Program memory, data memory to store the code and data
• Physical layer(baseband processing) either on FPGA or on processor based on
complexityand latency requirement.
• MAC layer and upper protocol stacks TCP/IP etc. runningon processor
• ADC and DAC to provide interface between digital baseband and analog RF
portions.
• Various interfaces such as SDIO, USB, SPI etc to provide interface with the host.
• Other peripherals such as UART, I2C, GPIO, WDT etc. to use the IoT SoC for
variousconnections.

As IoT system on chip supports multiple wireless protocols and RF

hardware to support multiple frequency bands, following factors need to be
carefully analyzed and to be optimized.
• Power-consumption
•Data-throughput
• Device-size
• Performance in terms of latency and other factors
Figure depicts one such IoT System on Chip model no. RS9113,which has
been designed and developed by Redpine Signals recently. It supports
 WLAN (802.11n), Bluetooth version 4.0 and Zigbee (802.15.4-2006) in the
same chip. Hence the IoT device can be connected with any of the said
wireless technology based networks.

This IoT SoC (system on chip in IoT) can be used for numerous applications
as mentioned below:
• Mobile

• M2M-Communication

• Real time location finding tags

• Thermostats

• Smart meters

• Wireless sensor devices

• Serial to WiFi converter

• Voice Over WiFi compliant phones

• Home automation
• Health care devices and equipments

Building Blocks Of IoT:

• Four things form basic building blocks of the IoT system –sensors, processors, gateways,
applications. Each of these nodes has to have its own characteristics in order to form an useful
IoT system.

Figure: Simplified block diagram of the basic building blocks of the IoT

Sensors:
• These form the front end of the IoT devices. These are the so-called “Things” of the system.
Their main purpose is to collect data from its surroundings (sensors) or give out data to its
surrounding (actuators).
 • These have to be uniquely identifiable devices with a unique IP address so that they can be
easily identifiable over a large network.
• These have to be active in nature which means that they should be able to collect real-time
data. These can either work on their own (autonomous in nature) or can bemade to work by
the user depending on their needs (user-controlled).
• Examples of sensors are gas sensor, water quality sensor, moisture sensor, etc.

Processors:
• Processors are the brain of the IoT system.
• Their main function is to process the datacaptured by the sensors and process them so as to
extract the valuable data from the enormous amount of raw data collected.
• In a word, we can say that it gives intelligence to the data.
• Processors mostly work on real-time basis and can be easily controlled by applications. • These
are also responsible for securing the data – that is performing encryption and decryption of data.
• Embedded hardware devices, microcontroller, etc are the ones that process the databecause they
have processors attached to it.
Gateways:

• Gateways are responsible for routing the processed data and send it to proper locations for its
(data) proper utilization.
• In other words, we can say that gateway helps in to and fro communication of the data. It
provides network connectivity to the data. Network connectivity is essential for any IoT
system to communicate.
• LAN, WAN, PAN, etc are examples of network gateways.

Applications:

• Applications form another end of an IoT system. Applications are essential for properutilization
of all the data collected.
• These cloud-based applications which are responsible for rendering the effective meaning to the
data collected. Applications are controlled by users and are a delivery point of particular
services.
• Examples of applications are home automation apps, security systems, industrial control hub,
etc.

Figure: Basic building blocks of IoT

 • In a nutshell, from the figure we can determine that the information gathered by the sensing
node (end node) is processed first then via connectivity it reaches the embedded processing
nodes that can be any embedded hardware devices and are processed there as well.
• It then passes through the connectivity nodes again and reaches the remote cloud- based
processing that can be any software and is sent to the application node for the properapplied
usage of the data collected and also for data analysis via big data.

IoT Security by Design:

∙ Secure by design is the inclusion of security design principles, technology, and governance at
every stage of the IoT journey. When an organization looks at creating, deploying, and
leveraging connected technology to drive its business, security must be integrated into every
component, tier, and application to preserve the integrity of the IoT solution and minimize the
risk of cyber threats.
∙ Developing IoT solutions around a standard platform allows organizations to develop security
solutions for IoT devices in a consistent manner. In contrast, when organizations develop IoT
platforms from scratch it can unknowingly increase the potential for cyber-related risks. IoT
platforms typically include standard tools and methods that can promote good design habits
and help developers build strong security into their solutions from the outset.
∙ In addition, IoT platforms are commonly designed and tested holistically to validate that there is
a high level of security deployed at every level, not only within individual components but
also for all components working together as a whole.
• Our homes and our businesses are filled with "smart" / connected devices, which are great, but
they also expose numerous new attack surfaces.
• The "security by design" framework may offer a path forward.
• It's a set of principles within hardware and software development focused on making security a
core concern in the design and development process .

• More and more, we’re filling out homes with “smart” / connected devices beyond old school
computers, from thermostats to security systems to kitchen appliances.

• Enterprises are bringing a whole range of processes, objects and spaces online to amplify human
potential as well.

• The Internet of Things (IoT) has enormous potential, but connecting everything has a side
effect: increased vulnerability.

• We must consider the fundamentals of IoT cybersecurity to protect ourselves personally and
professionally. Top concerns are best practices, the concept of “security by design” and device
security certification programs.

IoT Device Security:

Key steps to securing IoT devices include the following best practices:
 ∙ Perform routine updates. Manufacturers release updates as they recognize ways their

products can be improved. Once the product is in your hands, rapidly installing updates
will help protect you against the most recently discovered threats. But keep in mind that
imperfect updates can expose new security vulnerabilities.

∙ Control access. Consider whether you need to be connected to the internet in order to use

the device. If you don’t need to be connected, then you only want to grant access to your
home network.

∙ Turn off Universal Plug and Play. UPnP is a weak point for routers, cameras, printers and

other devices. At the same time, secure interoperability is a must for IoT.

∙ Improve the passwords. They should be long and alphanumeric, while avoiding repetition,

dictionary words and personal details. Many devices currently ship with incredibly horrible
passwords like “admin” and “password,” so always check with your hardware vendor and
make sure to secure your IoT endpoints.
∙ Secure your connections. Use a virtual private network (VPN) to connect your devices to

the Internet. To improve your stability, make sure the VPN you use is well-suited for the
type of device.

Security by Design & Privacy by Design:

∙ Beyond knowing a few steps you can take with devices, it helps to choose a manufacturer that
follows security by design.
∙ Security by design is a set of principles within hardware and software development focused on
securing the system and reducing the risk of a compromise.
∙ Following these principles allows a manufacturer to know that they are protecting users and
complying with the European Union’s General Data Protection Regulation (GDPR).

∙ Systems built using this method incorporate elements such as abiding by coding best practices,
implementing authentication protections and deploying continuous testing.

∙ The key reason that secures by design is so important is that software is typically considered first
and foremost in terms of its function. Security becomes a secondary concern, and the
developers must address security holes and vulnerabilities as an ongoing concern rather than
building it with optimized security.
∙ With secure by design, you can be certain that the manufacturer is fixing security issues
effectively and rapidly.

Security by design incorporates the following principles:

∙ Secure defaults. Create a secure experience standardly. Allow users to remove protections if
 desired.

∙ Correctly repair security issues. Be careful about design patterns, which can introduce

regressions when you attempt to fix your code. Test on all relevant applications. ∙ Keep
security simple. You want your code to be as simple as possible. It is easier to reduce your
attack surface area in that context.

∙ The principle of defense in depth. While it may be reasonable to just have a single control,

add more controls so that your defenses are deeper.

∙ The principle of least privilege. Accounts should be given the minimum possible level of

privilege in order to complete their business functions.

∙ Do not trust services. You may utilize outside providers for processing. Keep in mind,

though, that services should not be trusted, by default.

∙ Avoid security by obscurity. You should not attempt to protect critical data simply by

hiding key details. It is an insufficient security control.

∙ Separation of duties. Typically, administrators should not be users of an application. For

instance, an administrator should not be able to buy from a storefront as a super-privileged

user.

∙ Secure failures. Verify that your code never fails in a manner that makes the user an

administrator by default.

∙ Minimize attack surface area.The attack surface area should be restricted as much as

possible. All features add risk. They should warrant it.

3.2. Threat modelling & Impact assessment:

Threat modelling:
∙ Threat modelling is a process by which potential threats, such as structural vulnerabilities or the
absence of appropriate safeguards, can be identified, enumerated, and mitigations can be
prioritized.

∙ Threat modelling is a structured process with these objectives:

o identify security requirements
o pinpoint security threats and potential vulnerabilities,
o quantify threat and vulnerability criticality,
o prioritize remediation methods.
▪ Threat modelling methods create these artifacts:

∙ An abstraction of the system