Unit I:

Security Challenges within IoT Systems

Unit II:
Security of Wireless Sensor Networks

Unit III:
Integrating Security in IoT Ecosystem

Unit IV:

Overview of Privacy in IoT

Unit V:

Best Practices in IoT Security

 Unit I
Security Challenges within IoT Systems

1.1 Network layers of IoT Architecture and Security challenges

1.2 Devices with limited or no physical security and limited security computing capabilities,
1.3 Remote management of security
1.4 Identification and management of risks of scaling end point devices including sensors,
1.5 Crypto resilience
1.6 Security management of distributed systems
1.7 Privacy concerns, threats and attacks to IoT
1.8 Hacking IoT firmware
1.9 Consumerization of IoT security, case studies

Fundamentals
ISO OSI MODEL:

 What is ISO in OSI model?

ISO stands for international organization of Standardization. This is called a model for Open
System Interconnection (OSI) and is commonly known as OSI model. The ISO-OSI model is a seven-
layer architecture. It defines seven layers or levels in a complete communication system.
  physical layer is the lowest layer of the OSI model. This layer controls the way unstructured,
raw, bit -stream data is sent and received over a physical medium. This layer is composed of
the electrical, optical, and physical components of the network.
 Data Link Layer provides the functional and procedural means to transfer data between
network entities and to detect and possibly correct errors that may occur in the physical layer.
... Both WAN and LAN service arrange bits from the physical layer into logical sequences
called frames.
 Network layer uses network addresses (typically Internet Protocol addresses) to route packets
to a destination node. The data link layer establishes and terminates a connection between two
physically-connected nodes on a network. It breaks up packets into frames and sends them from
source to destination.
 Transport Layer provides transparent transfer of data between end users, providing reliable
data transfer services to the upper layers. The transport layer controls the reliability of a given
link through flow control, segmentation and desegmentation, and error control.
 Session Layer is the layer of the ISO Open Systems Interconnection (OSI) model that controls
the dialogues (connections) between computers. It establishes, manages, and terminates the
connections between the local and remote application.
 presentation layer transforms data into the form that the application accepts. This layer
formats and encrypts data to be sent across a network.
 application layer is an abstraction layer that specifies the shared communications protocols
and interface methods used by hosts in a communications network. An application layer
abstraction is specified in both the Internet Protocol Suite (TCP/IP) and the OSI model.

1.1Network layers of IoT Architecture and Security challenges

Network layers of IoT Architecture and Security challenges

 What is network layer in IoT architecture?
o Network layer is also known as transmission layer.
o It acts like a bridge between perception layer and application layer.
o It carries and transmits the information collected from the physical objects through
sensors.
o The medium for the transmission can be wireless or wire based.

 What are the security issues in the IoT?

o Vulnerabilities. Vulnerabilities are a large problem that constantly plague users and
organizations. ...
 o Malware. ...
 Malware (short for “malicious software”) is a file or code, typically delivered
over a network, that infects, explores, steals or conducts virtually any
behaviour an attacker wants. And because malware comes in so many variants,
there are numerous methods to infect computer systems.
o Escalated cyberattacks. ...
o Information theft and unknown exposure. ...
o Device mismanagement and misconfiguration.

Architecture of IoT:
There is no single consensus on architecture for IoT, which is agreed universally. Different architectures
have been proposed by different researchers.

Three- and Five-Layer Architectures

The most basic architecture is a three-layer architecture [3–5] as shown in Figure 1. It was introduced
in the early stages of research in this area. It has three layers, namely, the perception, network, and
application layers.
(i)The perception layer is the physical layer, which has sensors for sensing and gathering information
about the environment. It senses some physical parameters or identifies other smart objects in the
environment.
(ii)The network layer is responsible for connecting to other smart things, network devices, and servers.
Its features are also used for transmitting and processing sensor data.
(iii)The application layer is responsible for delivering application specific services to the user. It
defines various applications in which the Internet of Things can be deployed, for example, smart homes,
smart cities, and smart health.
The three-layer architecture defines the main idea of the Internet of Things, but it is not sufficient for
research on IoT because research often focuses on finer aspects of the Internet of Things. That is why,
we have many more layered architectures proposed in the literature. One is the five-layer architecture,
which additionally includes the processing and business layers [3–6]. The five layers are perception,
transport, processing, application, and business layers (see Figure 1). The role of the perception and
application layers is the same as the architecture with three layers. We outline the function of the
remaining three layers.
(i)The transport layer transfers the sensor data from the perception layer to the processing layer
and vice versa through networks such as wireless, 3G, LAN, Bluetooth, RFID, and NFC.
(ii)The processing layer is also known as the middleware layer. It stores, analyzes, and
processes huge amounts of data that comes from the transport layer. It can manage and provide
a diverse set of services to the lower layers. It employs many technologies such as databases,
cloud computing, and big data processing modules.
(iii)The business layer manages the whole IoT system, including applications, business and
profit models, and users’ privacy. The business layer is out of the scope of this paper. Hence,
we do not discuss it further.
Security challenges in IOT:

The Most Important Security Problems with IoT Devices

1. Incorrect access control. ...
2. Overly large attack surface. ...
3. Outdated software. ...
4. Lack of encryption. ...
5. Application vulnerabilities. ...
6. Lack of Trusted Execution Environment. ...
7. Vendor security posture. ...
8. Insufficient privacy protection.

1. Incorrect access control

Services offered by an IoT device should only be accessible by the owner and the people in their
immediate environment whom they trust. However, this is often insufficiently enforced by the security
system of a device.
IoT devices may trust the local network to such level that no further authentication or authorisation is
required. Any other device that is connected to the same network is also trusted. This is especially a
problem when the device is connected to the Internet: everyone in the world can now potentially access
the functionality offered by the device.
A common problem is that all devices of the same model are delivered with the same default password
(e.g. “admin” or “password123”). The firmware and default settings are usually identical for all devices
of the same model. Because the credentials for the device – assuming that, as is often the case, they are
not changed by the user - are public knowledge, they can be used to gain access to all devices in that
series.
IoT devices often have a single account or privilege level, both exposed to the user and internally. This
means that when this privilege is obtained, there is no further access control. This single level of
protection fails to protect against several vulnerabilities.

2. Overly large attack surface

Each connection that can be made to a system provides a new set of opportunities for an attacker to
discover and exploit vulnerabilities. The more services a device offers over the Internet, the more
services can be attacked. This is known as the attack surface. Reducing the attack surface is one of the
first steps in the process of securing a system.
A device may have open ports with services running that are not strictly required for operation. An
attack against such an unnecessary service could easily be prevented by not exposing the service.
Services such as Telnet, SSH or a debug interface may play an important role during development but
are rarely necessary in production.

3. Outdated software
As vulnerabilities in software are discovered and resolved, it is important to distribute the updated
version to protect against the vulnerability. This means that IoT devices must ship with up-to-date
software without any known vulnerabilities, and that they must have update functionality to patch any
vulnerabilities that become known after the deployment of the device.
For example, the malware Linux.Darlloz was first discovered late 2013 and worked by exploiting a bug
reported and fixed more than a year earlier.

4. Lack of encryption
When a device communicates in plain text, all information being exchanged with a client device or
backend service can be obtained by a ‘Man-in-the-Middle’ (MitM). Anyone who is capable of obtaining
a position on the network path between a device and its endpoint can inspect the network traffic and
potentially obtain sensitive data such as login credentials. A typical problem in this category is using a
plain-text version of a protocol (e.g. HTTP) where an encrypted version is available (HTTPS). A Man-
in-the-Middle attack where the attacker secretly accesses, and then relays communications, possibly
altering this communication, without either parties being aware.
Even when data is encrypted, weaknesses may be present if the encryption is not complete or configured
incorrectly. For example, a device may fail to verify the authenticity of the other party. Even though
the connection is encrypted, it can be intercepted by a Man-in-the-Middle attacker.
Sensitive data that is stored on a device (at rest) should also be protected by encryption. Typical
weaknesses are lack of encryption by storing API tokens or credentials in plain text on a device. Other
problems are the usage of weak cryptographic algorithms or using cryptographic algorithms in
unintended ways.

5. Application vulnerabilities
Acknowledging that software contains vulnerabilities in the first place is an important step in securing
IoT devices. Software bugs may make it possible to trigger functionality in the device that was not
intended by the developers. In some cases, this can result in the attacker running their own code on the
device, making it possible to extract sensitive information or attack other parties.
Like all software bugs, security vulnerabilities are impossible to avoid completely when developing
software. However, there are methods to avoid well-known vulnerabilities or reduce the possibility of
vulnerabilities. This includes best practices to avoid application vulnerabilities, such as consistently
performing input validation.
6. Lack of Trusted Execution Environment
Most IoT devices are effectively general-purpose computers that can run specific software. This makes
it possible for attackers to install their own software that has functionality that is not part of the normal
functioning of the device. For example, an attacker may install software that performs a DDoS attack.
By limiting the functionality of the device and the software it can run, the possibilities to abuse the
device are limited. For example, the device can be restricted to connect only to the vendor’s cloud
service. This restriction would make it ineffective in a DDoS attack since it can no longer connect to
arbitrary target hosts.
To limit the software a device can run, code is typically signed with a cryptographic hash. Since only
the vendor has the key to sign the software, the device will only run software distributed by the vendor.
This way, an attacker can no longer run arbitrary code on a device.
To totally restrict the code run on the device, code signing must also be implemented in the boot process,
with the help of hardware. This can be difficult to implement correctly. So called ‘jailbreaks’ in devices
such as the Apple iPhone, Microsoft Xbox and Nintendo Switch are the result of errors in the
implementation of trusted execution environments.

7. Vendor security posture

When security vulnerabilities are found, the reaction of the vendor greatly determines the impact. The
vendor has a role to receive input on potential vulnerabilities, develop a mitigation, and update devices
in the field. The vendor security posture is often determined by whether the vendor has a process in
place to adequately handle security issues.
The consumer mainly perceives the vendor security posture as improved communication with the
vendor in relation to security. When a vendor does not provide contact information or instructions how
to take action in case of reporting a security issue, it will likely not help to mitigate the issue.
Without knowledge of limitations, end users will continue to use the device in the method intended.
This may result in a less secure environment. Vendors could make things easier for customers by
advising of the frequency of device security updates, and how to securely dispose or resell the device
so that sensitive data is not passed on.

8. Insufficient privacy protection

Consumer devices typically store sensitive information. Devices that are deployed on a wireless
network store the password of that network. Cameras can provide a video and audio recording of the
home in which they are deployed. If this information were accessed by attackers, it would amount to a
severe privacy violation.
IoT devices and related services should handle sensitive information correctly, securely, and only after
consent of the end-user of the device. This applies to both storage and distribution of sensitive
information.
In case of privacy protection, the vendor plays an important role. Other than an external attacker, the
vendor or an affiliated party may be responsible for a privacy breach. The vendor or service provider
of an IoT device could, without explicit consent, gather information on consumer behaviour for
purposes like market research. Several cases are known where IoT devices, for instance smart
televisions, may be listening in on conversations within a household.

9. Intrusion ignorance
When a device is compromised, it often keeps functioning normally from the viewpoint of the user.
Any additional bandwidth or power usage is usually not detected. Most devices do not have logging or
alerting functionality to notify the user of any security problems. If they have, these can be overwritten
or disabled when the device is hacked. The result is that users rarely discover that their device is under
attack or has been compromised, preventing them from taking mitigating measures.

10. Insufficient physical security

If attackers have physical access to a device, they can open the device and attack the hardware. For
example, by reading the contents of the memory components directly, any protecting software can be
bypassed. Furthermore, the device may have debugging contacts, accessible after opening up the device,
that provide an attacker with additional possibilities.
Physical attacks have an impact on a single device and require physical interaction. Since it not possible
to perform these attacks en-masse from the Internet, we do not recognize this as one of the biggest
security problems, but it is nevertheless included.
A physical attack can be impactful if it uncovers a device key that is shared amongst all devices of the
same model, and thus compromises a wide range of devices. However, in that case we consider sharing
the key amongst all devices to be the more important problem, not physical security.

11. User interaction

Vendors can encourage secure deployment of their devices by making it easy to configure them
securely. By giving proper attention to usability, design, and documentation, users can be nudged into
configuring secure settings.
There is partial overlap between this category and other categories listed above. For example, the
problem of incorrect access control mentioned above includes using unsafe or default passwords. One
way to solve this is to make the user interaction with the device such that it is very easy or even
mandatory to configure a secure password.
For most of the above security categories, it is difficult for a non-technical user to evaluate whether a
device meets the requirement. However, user interaction can, by definition, be perceived by the end-
user, and so the consumer can evaluate how well a device performs on user interaction.
User interaction is an important category to make sure implemented security measures are activated and
correctly used. If it is possible to change the default password, but the user does not know or cannot
discover the functionality, it is useless.

1.2 Devices with limited or no physical security and limited security computing
capabilities

limitations of IoT devices:

Many IoT devices come with inherent limitations in power, processing and memory. As a
consequence, they are not always managed with the advanced security patterns the need, which is why
they are at greater risk of being attacked or succumbing to defects.
IoT devices security:
IoT security is the practice that keeps your IoT systems safe. IoT security tools protect from threats
and breaches, identify and monitor risks and can help fix vulnerabilities. IoT security ensures the
availability, integrity, and confidentiality of your IoT solution.
What is IoT security?
IoT security is the practice that keeps your IoT systems safe.
IoT security tools protect from threats and breaches, identify and monitor risks and can help fix
vulnerabilities.
IoT security ensures the availability, integrity, and confidentiality of your IoT solution.
Why is IoT security so important?
From increasing the safety of roads, cars, and homes, to fundamentally improving the way we
manufacture and consume products, IoT solutions provide valuable data and insights that will enhance
the way we work and live.
Success depends on ensuring the integrity and confidentiality of IoT solutions and data while mitigating
cybersecurity risks.
So, what should we know about IoT security?
Build trust in IoT connected devices
The benefits of IoT are undeniable, and yet, high-profile attacks, combined with uncertainty about
security best practices and their associated costs, are keeping many businesses from adopting the
technology.
Besides, end-users are wary of the consequences of IoT security breaches.
Recent research indicates that 90% of consumers lack confidence in IoT device security.
A 2019 survey done in Australia, Canada, France, Japan, the U.K., and the U.S. revealed that 63% of
consumers even find connected devices "creepy."
This illustrates one of the many aspects of IoT security challenges.
Digital security must be designed into IoT devices from the ground up and at all points in the ecosystem
to prevent vulnerabilities in one part from jeopardising the security of the whole.
As the global leader in digital security and, in particular, securing IoT devices, Thales provides
customers with the knowledge, solutions, and services needed to mitigate cybersecurity risk and trust
in the power of the IoT.
Understanding IoT security risks
Modern IoT ecosystems are complex.
Machines and objects in virtually any industry can be connected and configured to send data over
cellular networks to cloud applications and backends.
The digital security risk is present at every step along the IoT journey, and there is a bunch of hackers
that would take advantage of a system's vulnerability.
Unfortunately, diverse data types and computing power among IoT devices mean there's no 'one size
fits all' cybersecurity solution that can protect any IoT deployment.
The first step for any IoT business is to undergo a thorough security risk assessment that examines
vulnerabilities in devices and network systems and user and customer backend systems.
Risk must be mitigated for the entire IoT lifecycle of the deployment, especially as it scales and expands
geographically.

reason why IoT devices have such poor security?

Vulnerabilities are a large problem that constantly plague users and organizations. One of the main
reasons IoT devices are vulnerable is because they lack the computational capacity for built-in
security.
1.3 remote management of security

 the importance of security when working remotely and highlights simple techniques that users
can employ to protect themselves while they are working remotely.
 remote management of security refers to any security policy, solution, strategy or process that
exists to prevent unauthorized access to your network, its resources, or any confidential or
sensitive data. Essentially, secure remote access is a mix of security strategies and not
necessarily one specific technology like a VPN.
 Secure Remote Access is a combination of security processes or solutions that are designed to
prevent unauthorized access to an organization's digital assets and prevent the loss of sensitive
data.
 Why Security is Important While Working Remotely
o Working Remote Presents Many Risks You are responsible for your own security
o Public places can have criminals and competitors
o Lack of preparation can make you an easy target
When you work remotely, you are responsible for ensuring the security of yourself, your belongings,
and your information. When you work remotely, you do not have the benefit of the security you have
in your office. You typically do not often have control over your environment or the people you are
around. This makes working remotely more of a risk than your environment at work or at home. Lack
of preparation for working remotely can make you an easy target for thieves, pick-pockets,
unscrupulous competitors, and other criminals. Good preparation however can significantly reduce your
risks and make your experience far more relaxing and productive.
 Risks of Working Remotely
o A lack of security can result in significant losses
 Theft of property and valuables
 Loss of confidential information
 Simple techniques can make you secure
o Personal security to protect yourself
o Protection of your valuables and information
If you do not have good security habits, you can suffer a significant loss. You can have your property
or valuables stolen. This might include your wallet, money, jewellery, and identification documents.
You may also lose confidential information you’re carrying. The theft of wallets, check books, and the
identification cards, payment cards, and bank account information they contain is the main methods of
identity theft. The loss of these items can also hamper any plans or travel. The theft may include a
briefcase or a laptop. The information that they contain can include confidential company product plans,
customer names, proprietary knowledge, and other items that can be very valuable to a competitor. Even
the personal information that is stored there is valuable to a thief. The inconvenience that results can
spoil your work and your travel. What can seem like a simple incident can actually result in a significant
problem. Simple techniques can, however, protect you against many of these security risks. These
simple techniques should focus on your personal security to protect yourself, how to protect your
valuables and confidential information, knowing where to find assistance when you need it, and having
contingency plans in case of emergencies.

Prepare Your Computer

 Check that you have prepared your computer to work securely while you are remote
o Ensure you have a physical computer lock
 Ensure your operating system is patched, and all security tools and anti-virus are enabled and
up-to-date
 Only take the information that you absolutely need Encrypt the data on your computer Perform
a computer data backup before you leave the office
If you are taking your computer, it is important to ensure that it is secure. Not only is the computer itself
valuable to a thief, but the data contained on it is also valuable to thieves and competitors. Many people
have been the victim of computer theft which has resulted in the loss of sensitive company secrets,
millions of personal records and information, and government secrets. Proper preparation might have
prevented these losses. A good computer lock will allow you to secure your computer while you are
working on it, and will prevent most snatch-and-grab thefts. Patching your computer and making sure
it is up-to-date gives you the most recent security tools before you go on the road. It will minimize the
exposure to malware, and attacks when your ability to make updates may be limited. If you must take
confidential or sensitive information and data on your laptop, encrypt it. Your company should be able
to provide you with a solution, as many newer operating systems include disk encryption technology,
and many third party tools are available as well. Performing a data backup allows you to restore
information if your system is stolen, damaged or has an accident while you are remote. Knowing that
any damage to your computer can be mitigated by having a backup of your data can make you breathe
a little bit easier.
Basic Security Tips for Remote Desktop
 Use strong passwords. ...
 Use Two-factor authentication. ...
 Update your software. ...
 Restrict access using firewalls. ...
 Enable Network Level Authentication. ...
 Limit users who can log in using Remote Desktop. ...
 Set an account lockout policy.
1. Use strong passwords
Strong passwords on any accounts with access to Remote Desktop should be considered a required step
before enabling Remote Desktop. Refer to the campus password complexity guidelines for tips.
2. Use Two-factor authentication
Departments should consider using a two-factor authentication approach. This topic is beyond the scope
of this article, but RD Gateways can be configured to integrate with the Campus instance of DUO.
Other unsupported by campus options available would be a simple mechanism for controlling
authentication via two-factor certificate based smartcards. This approach utilizes the Remote Desktop
host itself, in conjunction with YubiKey and RSA as examples.
3. Update your software
One advantage of using Remote Desktop rather than 3rd party remote admin tools is that components
are updated automatically with the latest security fixes in the standard Microsoft patch cycle. Make sure
you are running the latest versions of both the client and server software by enabling and auditing
automatic Microsoft Updates. If you are using Remote Desktop clients on other platforms, make sure
they are still supported and that you have the latest versions. Older versions may not support high
encryption and may have other security flaws.
4. Restrict access using firewalls
Use firewalls (both software and hardware where available) to restrict access to remote desktop listening
ports (default is TCP 3389). Using an RDP Gateway is highly recommended for restricting RDP access
to desktops and servers (see discussion below). As an alternative to support off-campus connectivity,
you can use the campus VPN software to get a campus IP address and add the campus VPN network
address pool to your RDP firewall exception rule. Visit our page for more information on the campus
VPN service.
5. Enable Network Level Authentication
Windows 10, Windows Server 2012 R2/2016/2019 also provide Network Level Authentication (NLA)
by default. It is best to leave this in place, as NLA provides an extra level of authentication before a
connection is established. You should only configure Remote Desktop servers to allow connections
without NLA if you use Remote Desktop clients on other platforms that don't support it.
 NLA should be enabled by default onWindows 10, Windows Server 2012 R2/2016/2019.
 To check you may look at Group Policy setting Require user authentication for remote
connections by using Network Level Authentication found at Computer\Policies\Windows
Components\Remote Desktop Services\Remote Desktop Session Host\Security. This Group
Policy setting must be enabled on the server running the Remote Desktop Session Host role.
 https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-
services/clients/remote-desktop-allow-access(link is external)
6. Limit users who can log in using Remote Desktop
By default, all Administrators can log in to Remote Desktop. If you have multiple Administrator
accounts on your computer, you should limit remote access only to those accounts that need it. If
Remote Desktop is not used for system administration, remove all administrative access via RDP, and
only allow user accounts requiring RDP service. For Departments that manage many machines remotely
remove the local Administrator account from RDP access at and add a technical group instead.
1. Click Start-->Programs-->Administrative Tools-->Local Security Policy
2. Under Local Policies-->User Rights Assignment, go to "Allow logon through Terminal
Services." Or “Allow logon through Remote Desktop Services”
3. Remove the Administrators group and leave the Remote Desktop Users group.
4. Use the System control panel to add users to the Remote Desktop Users group.

1.4 identification and management of risks of scaling end point devices

including sensors:

Definition: Risk identification is the process of determining risks that could potentially
prevent the program, enterprise, or investment from achieving its objectives. It includes
documenting and communicating the concern. Keywords: risk, risk identification, risk
management.

steps involved in identifying and managing risks?

The 4 essential steps of the Risk Management Process are:

 Identify the risk.
 Assess the risk.
 Treat the risk.
 Monitor and Report on the risk.
Step 1: Risk Identification
The first step in the risk management process is to identify all the events that can negatively (risk) or
positively (opportunity) affect the objectives of the project:
 Project milestones
 Financial trajectory of the project
 Project scope
These events can be listed in the risk matrix and later captured in the risk register.
A risk (or opportunity) is characterized by its description, causes and consequences, qualitative
assessment, quantitative assessment and mitigation plan. It can also be characterized by who is
responsible for its action. Each of these characteristics are necessary for a risk (or opportunity) to be
valid.
In order to be managed effectively, the Risks and Opportunities (R&O) identified must be as precise
and specific as possible. The title of the risk or opportunity must be succinct, self-explanatory and
clearly defined.
All members of the project can and should identify R&O, and the content of these is the responsibility
of the Risk (or Opportunity) Owners. Risk Managers are responsible for ensuring that a formal process
for identifying risks and developing response plans are conducted through exchanges with risk owners.
We will explain each of these roles in further detail in our next article on Risk Management Team Roles.
Below are examples of tools to help identify R&O:
 Analysis of existing documentation
 Interviews with experts
 Conducting brainstorming meetings
 Using the approaches of standard methodologies – such as Failure Modes, Effects and
Criticality Analysis (FMECA), cause trees, etc.
 Considering the lessons learned from R&Os encountered in previous projects
 Using pre-established checklists or questionnaires covering the different areas of the project
(Risk Breakdown Structure or RBS).

Step 2: Risk Assessment

There are two types of risk and opportunity assessments: qualitative and quantitative. A qualitative
assessment analyzes the level of criticality based on the event’s probability and impact. A quantitative
assessment analyzes the financial impact or benefit of the event. Both are necessary for a comprehensive
evaluation of risks and opportunities.
Qualitative Assessment
The Risk Owner and the Risk Manager will rank and prioritize each identified risk and opportunity
by occurrence probability and impact severity, according to the project’s criticality scales.
Evaluating occurrence probability (P):
This is determined preferably based on experience, the progress of the project, or else by speaking to a
risk expert, and is on a scale of 1 to 99%.
For example, suppose the risk that: “the inability of supplier X to conduct studies on a modification Y
by the end of 2025” is 50% probable. This could be determined from feedback and analysis of the
supplier’s workload.
Evaluating impacts severity (I):
To assess the overall impact, it is necessary to estimate the severity of each of the impacts defined at
the project level. A scale is used to classify the different impacts and their severities. This ensures that
the assessment of the risk and opportunity is standardized and reliable.
The criticality level of a risk or opportunity is obtained by the equation: Criticality = P x I
The purpose of the qualitative assessment is to ensure that the risk management team prioritizes the
response on critical items first.
Quantitative Assessment
In most projects, the objective of the quantitative assessment is to establish a financial evaluation of a
risk’s impact or an opportunity’s benefit, should it occur. This step is carried out by the Risk Owner,
the Risk Manager (with support of those responsible for estimates and figures), or the management
controller depending on the organizational set up in the company. These amounts represent a potential
additional cost (or a potential profit if we are talking about an opportunity) not anticipated in the project
budget.
For this, it is therefore necessary:
 To evaluate the additional costs incurred by financially reviewing:
o Hours of internal engineering
o Hours of subcontracting
o Additional work to do
o Amendments and/or claims made to contracts
o Etc.
 To calculate the cost of the undesired event’s consequences by adding these values.
This step will make it possible to estimate the need for additional budget for risks and opportunities of
the project.
Step 3: Risk Treatment
In order to treat risks, an organization must first identify their strategies for doing so by developing a
treatment plan. The objective of the risk treatment plan is to reduce the probability of occurrence of the
risk (preventive action) and/or to reduce the impact of the risk (mitigation action). For an opportunity,
the objective of the treatment plan is to increase the likelihood of the opportunity occurring and/or to
increase its benefits. Depending on the nature of the risk or opportunity, a response strategy is defined
for the project. The following 7 strategies are possible:
7 Risk Response Strategies
 Accept: Do not initiate any action but continue to monitor.
 Mitigate/Enhance: Reduce (for a risk) or increase (for an opportunity) the probability of
occurrence and/or the severity of impact.
 Transfer/Share: Transfer responsibility of a risk to a third party who would bear the
consequences of the problem (share the benefits of a realized opportunity).
 Avoid/Exploit: Entirely eliminate uncertainty / take advantage of the opportunity.
Monitoring the progress of the treatment plan is the responsibility of the risk owner. They must report
regularly to the risk manager, who must keep the risk register up to date.
Note: The cost of a risk mitigation plan must be integrated into the budget of the project.
When defining a treatment plan:
 Each action begins with an action verb and has a clear purpose.
 Each action has an actionee and a deadline.
 Actions that could generate costs must be tracked and considered in the project.
 For example: to reduce the risk of my car breaking down, a treatment plan could be to have it
checked annually by a repair shop.
When does risk become an issue?

Anticipating Risks and Opportunities

It is possible that, despite the actions put in place to mitigate or prevent it, a risk probability could
increase and reach 100%. Once a risk is confirmed, we no longer refer to it as a risk but as an issue. The
Risk Manager must then inform the various project stakeholders who will relay that a risk has become
an issue and transfer it to the issue log.
Step 4: Risk Monitoring and Reporting
Risks and opportunities and their treatment plans need to be monitored and reported on. The frequency
of this will depend on the criticality of risk/opp. By developing a monitoring and reporting structure it
will ensure there are appropriate forums for escalation and that appropriate risk responses are being
actioned.
What is risk management and risk identification?
Risk identification is the process of documenting any risks that could keep an organization or
program from reaching its objective. It's the first step in the risk management process, which is
designed to help companies understand and plan for potential risks.

risk identification methods?

8 ways to identify risk
 Brainstorming. Brainstorming is the act of gathering team members to think about and discuss
a subject and to form solutions to any identified problems. ...
 Stakeholder interviews. ...
 NGT technique. ...
 Affinity diagram. ...
 Requirements review. ...
 Project plans. ...
 Root cause analysis. ...
 SWOT analysis.
main purpose of risk identification:
 The objective of risk identification is to identify all possible risks, not to eliminate risks from
consideration or to develop solutions for mitigating risks—those functions are carried out
during the risk assessment and risk mitigation steps.
5 identified risks?
It is important to identify as many of these risk factors as possible. In a manual environment, these risks
are noted down manually.
...
Step 1: Identify the Risk
 Legal risks.
 Environmental risks.
 Market risks.
  Regulatory risks etc.

1.5Crypto resilience:
With cryptocurrency, the transaction cost is low to nothing at all—unlike, for example, the fee for
transferring money from a digital wallet to a bank account. You can make transactions at any time of
the day or night, and there are no limits on purchases and withdrawals. And anyone is free to use
cryptocurrency, unlike setting up a bank account, which requires documentation and other paperwork.
International cryptocurrency transactions are faster than wire transfers too. Wire transfers take about
half a day for the money to be moved from one place to another. With cryptocurrencies, transactions
take only a matter of minutes or even seconds.

1.6Security management of distributed systems:

Security encompasses many things, including authenticating users and data, hiding data contents while
they are at rest (e.g., stored in files) or in motion (moving over a network), destruction of data,
masquerading as another server or user, providing false data (e.g., the wrong IP address for a DNS
query), and physical premises security. We will focus only on a few topics here.
Security in distributed systems introduces two specific concerns that centralized systems do not have.
The first is the use of a network where contents may be seen by other, possibly malicious, parties. The
second is the use of servers. Because clients interact with services (applications) running on a server,
the application rather than the operating system is responsible for authenticating the client and
controlling access to services. Moreover, physical access to the system and the security controls
configured for the operating system may be unknown to the client.
Computer security is about keeping systems, programs, and data secure. It addresses three broad
areas: confidentiality, integrity, and availability. Together, these are referred to as the CIA Triad.
Confidentiality
Confidentiality deals with keeping resources and data hidden from, or inaccessible to,
unauthorized individuales. It is addressed by access control mechanisms in operating systems
or application software. If the data may be accesseed through the file system or visible over a
network, confidentiality is addressed by encrypting the data. An application’s decisions on
whether data should be made accessible to a user depends on identification and authentication
of the user or service.
Integrity
Integrity deals with the trustworthiness of the data or the resources. Integrity mechanisms are
responsible for preventing unauthorized changes to data or detecting that changes have been
made. Integrity mechanisms are used to validate the identity of users, systems, and services
through authentication algorithms.
 Availability
Availability is about having access to the data or computing services. It’s the property that a
system is accessible and properly functioning. Accessibility includes fault tolerance, recovery,
and restoration.
Security is a systems issue and pervades the design of an entire system. It’s not a module or add-on
component. Security spans the hardware, firmware, and perating system up through the
applicationsoftware. It includes all the networking and even the users. Security also includes the
processes, procedures, and policies that are defined and implemented to ensure proper access,
availability, and recovery.

1.7Privacy concerns, threats and attacks to IoT

Apart from the malware and MITM attacks discussed above, IoT systems can also be susceptible to
various cyberattacks. Here’s a list of the most common types of attacks on IoT devices:

What Are IoT Attacks?

The IoT landscape includes a host of network-connected devices many of which we use in our daily
lives, including cell phones, smartwatches, smart locks and appliances, cameras, and industrial
equipment and sensors. The entire IoT attack surface is the sum total of the security risk eposure from
these devices and the larger network ecosystem and infrastructure they are embedded within.
IoT devices are essentially “headless” without onboard security features or the ability to install software.
This limitation didn’t matter in traditional operational technology (OT) settings because they were
isolated from the larger IT networks and not connected to the outside world in any way. But as
technology has advanced, so has the interconnectedness of IoT ecosystems with the enterprise network
and the entirety of the internet.
This new connectivity has made IoT and industrial IoT devices a prime target for cyber criminals. IoT
attacks include any cyberattacks that seek to gain access to (or control over) IoT devices with the intent
to either cause harm to the devices or use them in attacks against other targets.
Challenges Associated with IoT Security
Most IoT devices are not designed with security in mind, and many do not have traditional operating
systems or even enough memory or processing power to incorporate security features. Not only that,
but IoT devices are growing in number, with over a million new devices connecting to the internet each
day. The result is a significant quantity of data moving freely between devices and across network
environments, remote offices, mobile workers, and public clouds with minimal visibility, making it
difficult to track and secure this data.
What Are the Risks of IoT?
IoT devices are vulnerable to hijacking and weaponization for use in distributed denial of service
(DDoS) attacks, as well as targeted code injection, man-in-the-middle attacks, and spoofing. Malware
is also more easily hidden in the large volume of IoT data, and IoT devices sometimes even come with
malware already onboard. Further, some IoT devices can be remotely controlled or have their
functionality disabled by bad actors. In fact, swarms of compromised IoT devices can act as swarms
which could really change the game in terms of protecting against these types of attacks.
Additional IoT threats include the following:
1. Convergence of IT, OT, and IoT
IoT devices have become ubiquitous in operational technology (OT); they are used for everything from
sensing temperature and pressure to robotic devices that improve assembly line efficiency.
Historically, OT systems and IT networks were "air-gapped" ; OT was separated from the rest of the
enterprise and not connected to the outside internet. However, as OT and IT have converged, IoT
devices are now regularly connected and accessible from both inside and outside the corporate network.
This new connectivity leaves both the OT and IT networks vulnerable to IoT threats and requires new,
more holistic approaches to security.
2. Botnets
Cyber-crime groups can compromise IoT devices connected to the internet and use them en masse to
carry out attacks. By installing malware on these devices, cyber criminals can commandeer them and
use their collective computing power to take on larger targets in DDoS attacks, send spam, steal
information, or even spy using IoT devices with a camera or sound recording capabilities.
Massive botnets made up of hundreds of thousands or even millions of IoT devices have also been used
to carry out attacks.
3. Ransomware
Ransomware is a form of malware designed to lock files or devices until a ransom is paid. IoT devices,
however, rarely have much – if any – files stored on them. Hence, an IoT ransomware attack is unlikely
to prevent users from accessing critical data (which is what forces the payment of the ransom). With
this in mind, cyber criminals launching IoT ransomware attacks may attempt to lock the device itself
instead, though this can often be undone by resetting the device and/or installing a patch.
How ransomware truly makes headway in the IoT world is by focusing on critical IoT devices (such as
those used in industrial settings or those upon which significant business operations depend) and
requiring ransoms to be paid in a very short time span (before a device could be properly reset).
4. AI-based Attacks
Bad actors have been using AI in cyberattacks for over a decade – mostly for social engineering
attacks – though it is only in recent years that this trend has really started to take off. AI is now being
used more broadly across the cyber-crime landscape.
With cyber crime becoming a booming business, the tools needed for building and using AI in
cyberattacks are often available for purchase on the dark web, enabling just about anyone to take
advantage of this technology. AI systems can perform the repetitive tasks required to scale up IoT
threats rapidly, in addition to being able to mimic normal user traffic and avoid detection.
5. IoT Device Detection and Visibility
One difficulty in securing networks with IoT devices is that many such devices are not readily detected
by network security. And if the security system is unable to detect a device, it won’t be able to easily
identify threats to that device. Network security often lacks visibility into these devices and their
network connections, as well. Hence, one of the key pieces in securing a network with IoT is readily
identifying new devices and monitoring them.
Managing IoT Security Threats
Robust IoT security requires integrated solutions that are capable of providing visibility, segmentation,
and seamless protection across the entire network infrastructure. Key features of such a solution include
the following:
 Complete network visibility, which makes it possible to authenticate and classify IoT devices,
as well as build and assign risk profiles to IoT device groups.
 Segmentation of IoT devices into policy-driven groups based on their risk profiles.
 Monitoring, inspection, and policy enforcement based on activity at different points within
the infrastructure.
 The ability to take automatic and immediate action if any network devices become
compromised.

IOT Privacy Concerns:

 nternet of Things privacy is the special considerations required to protect the information of
individuals from exposure in the IoT environment, in which almost any physical or logical
entity or object can be given a unique identifier and the ability to communicate autonomously
over the Internet or similar network.
 As endpoints (things) in the IoT environment transmit data autonomously, they also work in
conjunction with other endpoints and communicate with them. Interoperability of things is
 essential to the IoT's functioning so that, for example, networked elements of a home work
together smoothly.
 The data transmitted by a given endpoint might not cause any privacy issues on its own.
However, when even fragmented data from multiple endpoints is gathered, collated and
analyzed, it can yield sensitive information.
 The idea of networking appliances and other objects is relatively new, especially in terms of
the global connectivity and autonomous data transfer that are central to the Internet of Things.
As such, security has not traditionally been considered in product design, which can make even
everyday household objects points of vulnerability. Researchers at Context Information
Security, for example, found a vulnerability in a Wi-Fi-enabled light bulb that allowed them to
request its Wi-Fi credentials and use those credentials to get network access.

role of firmware?
 Firmware assumes an intermediary role between the hardware and software – including
potential future upgrades of the software. Some firmware (such as the BIOS on a PC) does the
job of booting up a computer by initialising the hardware components and loading the operating
system.
What's an example of firmware?
 Examples of firmware include: The BIOS found in IBM-compatible Personal Computers.
Code inside a printer (in addition to the printer driver that is on the computer) Software
controlling a heart defibrillator.
 UNIT 2: Security of Wireless Sensor Networks

2.0. Security of Wireless Sensor Networks

2.1. Sensor Node
2.2. Sensor Node Communication Architecture
2.3. Important protocols used in IoT wireless sensor network (WSN)
2.4. Security aspects of existing protocols
2.5. Attacks on sensor network routing and countermeasures.
2.6. Trust requirements for security protocols for WSNs
2.6.1. SPINS
2.6.2. SNEP and μTESLA protocols
2.6.3. Secure SPINS, LEAP.
2.6.4. TinySEC.
2.6.5. SM.
2.6.6. ZigBee.
2.6.7. (D)TLS, 802.1AR, 802.1X.
2.6.8. Secure LEACH, TLEACH, CSLEACH.
2.6.9. TeenySec.
2.6.10. security features in IPV6 (IPng).
2.0. Security of Wireless Sensor Networks:

 Due to significant advances in wireless and mobile communication techniques and the broad
development of potential applications,
 Wireless Sensor Networks (WSNs) have attracted great attention in recent years. Nevertheless,
WSNs are formed dynamically by a number of power-limited sensor nodes and the manager
node with long-lasting power.
 WSNs are self-organized and autonomous systems consisting of common sensors, manager
nodes and back-end data centre.
 Common sensors are responsible for transmitting the real-time sensor data of specific
monitoring environment to the intermediate collection nodes called manager node.
 Finally, the back-end data centre will receive the sensed data from manager nodes to do further
process and analysis.
 Undoubtedly, all communication between nodes is through the wireless transmission
techniques.
 Furthermore, due to the property of self-organized, without support from the fixed
infrastructure and the topology of wireless sensor network changes dynamically, therefore,
broadcasting is the general way for communications in WSNs.
 Wireless sensor network has been widely used in practical applications, such as monitoring of
forest fire, detection of military purpose, medical or science areas and even in our home life.
 However, WSNs are easily compromised by attackers due to wireless communications use a
broadcast transmission medium and their lack of tamper resistance.
 Therefore, an attacker can eavesdrop on all traffic, inject malicious packets, replay older
messages, or compromise a sensor node.
 Generally, sensor nodes are most worried about two major security issues, which are privacy
o preserving and node authentication.
 Privacy means the data confidentiality is achieved under security mechanism, and hence it
allows network communications between sensor nodes and the manager station to proceed
securely.
 In addition, a well-structured authentication mechanism can ensure that no unauthorized node
is able to fraudulently participate and get sensitive information from WSNs.
 As a result, several schemes have been proposed to secure communications in WSNs.
  One of the challenges in WSNs is to provide high-security requirements with constrained
resources. The security requirements in WSNs are comprised of node authentication, data
confidentiality, anti-compromise and resilience against traffic analysis.
 To identify both trustworthy and unreliable nodes from a security standpoint, the deployment
sensors must pass a node authentication examination by their corresponding manager nodes or
cluster heads and unauthorized nodes can be isolated from WSNs during the node
authentication procedure.
 Similarly, all the packets transmitted between a sensor and the manager node must be kept
secret so that eavesdroppers cannot intercept, modify and analyse, and discover valuable
information in WSNs.

Wireless Sensor Network:

Compared with the traditional communication networks, some characteristics and considerations for
wireless sensor networks are discussed and addressed in the design of WSNs. These are briefly reviewed
in this section.

2.0.1 Characteristics of Wireless Sensor Network:

1. Non-centralized architecture: In WSNs, the status of every node is identical and no one is
responsible for providing normal services. It is lack of a central administration and every node
can join or disjoin the network any time. Besides, it does not affect the whole sensor network
if some node failed and is reliable for applications with high stable requirement.

2. Self-organized: Because WSNs are characterized as infrastructure-less networks and lack of

fixed infrastructure. Thus, the sensor network is fully constructed by themselves when it is
begin working with some pre-defined layering protocols and distributed algorithms. Once
sensor networks are constructed completely, the sensor data would be collected and send to
back-end system for further processing through the networks they built.

3. Multi-hop routing: The sensor range of nodes in the WSNs is assumed to be limited, so if a
node A would like to communicate with node D, which is out of communication range of node
A. The node B would be an intermediate node and is responsible for transmitting the
communication data to each other between node A and node B. The multi-hops are illustrated
 Fig: Organization of WSNs

2.0.2 Consideration of Wireless Sensor Networks:

1.Hardware constraints: This part is related to physical property and many constraints on these areas
have been proposed. For example, limited energy. In addition, due to the influence of limited volume
of the sensor, some sensor can only provide limited storage, limited bandwidth, limited energy and
limited computation ability.

2. Communication: The existing communicating schemes show that there are three main types of
communications in WSNs; including direct, clustering-based, and multi-hops communication. In direct
communication, every sensor node transmits its sensor data to a manager node and the manager node
is responsible for collecting these data to back-end data centre for further processing. In clustering
communication, all sensor nodes are divided into several groups and each cluster head node is
responsible for collecting data within its group. Multi-hops communication is used because the
communication range of a sensor is assumed to be limited and the neighboring sensor nodes maybe
used for transmitting the communication packets to each other on their path between the source node
and the destination node.

3. Scalability: Another consideration is the scalability of sensor networks. In this case, networking
must keep on working whatever the number of sensor nodes are placed will not be affected.

4. Fault tolerance: Due to the influence of applied environment on sensors, many exceptions have been
addressed in sensor networks. For example, sensors may crash, power failure or shut down etc. Such
problems need to be avoided by the strategies of fault tolerance to keep on networking.

5. Fault tolerance: Due to the influence of applied environment on sensors, many exceptions have been
addressed in sensor networks. For example, sensors may crash, power failure or shut down etc. Such
problems need to be avoided by the strategies of fault tolerance to keep on networking.
6. Power saving: When the sensors are distributed to monitor some environments of interest, these
sensors may work over a long span of several weeks even for months. Therefore, how to provide a
mechanism of power saving to extend its lifespan is highly important. In general, there’s too great a
consumption of power during the transmitting message phase.

7. Cost: Depending on the application of sensor network, a large number sensors might be scattered
randomly over an environment, such as weather monitoring. If the overall cost was appropriate for
sensor networks and it will be more acceptable and successful to users which need careful consideration.

8. Mobility: In clustered (hierarchical) WSNs, sensor nodes are typically organized into many clusters,
with cluster controllers collecting sense data from ordinary sensor nodes in the managed cluster to the
back-end data center. Furthermore, compared to mobile ad hoc networks, when sensor nodes are
randomly deployed in a designated area, they only infrequently move from one cluster to another, and
thus mobility is not a critical issue in WSNs.

9. Sleep pattern: The sleep pattern is highly necessary in WSNs to extend the availability of the
networks. For example, the manager node can set fresh bootstrapping times for live sensors while other
sensor nodes can shut down to save power. Different sensor nodes are operated according to the
bootstrapping times to which they belong and the lifetime of WSNs is therefore extended in a
differentiated way.

10. Security: One of the challenges in WSNs is to provide high-security requirements with constrained
resources. The security requirements in WSNs are comprised of node authentication, data
confidentiality, anti-compromise and resilience against traffic analysis. To identify both trustworthy
and unreliable nodes from a security standpoint, the deployment sensors must pass an node
authentication examination by their corresponding manager nodes or cluster heads and unauthorized
nodes can be isolated from WSNs during the node authentication procedure. Similarly, all the packets
transmitted between a sensor and the manager node must be kept secret so that eavesdroppers cannot
intercept, modify and analyze, and discover valuable information in WSNs.

2.0.3. Security Threats and Requirements in Wireless Sensor Networks:

In addition to the characteristics and considerations mentioned above, security threats and requirements
are also critical for a variety of sensor network applications. In recent years, there are several security
issues in WSNs have been proposed. In this section, we will introduce some security threats and
requirements in WSNs.
Passive attacks: In passive attacks (such as eavesdropping attacks), eavesdroppers can unintrusive
monitor on the communication channel between two communicating nodes to collect and discover
valuable information without disturbing the communication.

Active attacks: active attacks (such as node replication attacks, sybil attacks, wormhole attacks, and
compromised node attacks) can be further classified into two categories: external attacks and internal
attacks. In external attacks (such as sybil attacks and wormhole attacks), a node does not belong to a
sensor network and it can first eavesdrop on packets sent or received by normal participating nodes
for the eventual purpose of malicious tempering, interfering, guessing, or spamming, and then injects
invalid packets to disrupt the network functionalities.
o For sybil attacks, a sensor node can illegitimately claim multiple IDs by either directly forging
false IDs, or else impersonating legal IDs. This harmful attack may lead to serious threats to
distributed storage, routing algorithm and data aggregation.
o For wormhole attacks, the malicious node may be located within transmission range of
legitimate nodes while legitimate nodes are not themselves within transmission range of each
other. Thus, the malicious node can tunnel control traffic between legitimate nodes and
nonexistent links which in fact are controlled by the malicious node. Finally, the malicious node
can drop tunnelled packet or carry out attacks on routing protocols.

Internal attacks (such as node replication attacks and node compromised attacks) are usually caused
by compromised members who are belong to the sensor network in question, and hence internal attacks
are more difficult to safeguard against than external attacks.

o For node replication attacks, when a sensor node is compromised by attackers, they can
directly place many replicas of this compromised node at different areas within the
networks. Thus, attackers may use these compromised nodes to subvert the network
functionalities, for example by injecting false sense data.

o For compromised attacks, due to the lack of tamper resistance in sensor nodes, attackers
may compromise a sensor node and use it to establish communication channels with non-
compromised sensors to launch other more serious attacks within the sensor network.

According to the above description of the security threats, we can infer that a secure sensor network
corresponds with the following requirements.
Node authentication: For this requirement, a deployed sensor node proves its validity to its
neighboring sensors and the manger node. Thus, an invalid outsider would be unable to send malevolent
data into the networks and the manager node can confirm that received sensed data has come from a
valid sensor node, not from malicious outsiders. This also implies that a sensor node joined in WSNs
has been authenticated and it has the right to access the sensor network.

Availability: The availability of the network should not be affected even if sensors can only provide
limited storage, limited power, and limited computational ability. Therefore, a mechanism regulating
of sleep patterns is necessary for a sensor to extend its lifetime.

Location awareness: The damage cannot be spread from the victimized area to the entire network by
security attacks even if the sensor node is compromised. A secure communication scheme must limit
the damage’s scope caused by the intruders; the mechanism of location awareness is used for this
purpose.
Key establishment For sensor-to-sensor key establishment, a shared key is established by two
communication nodes to protect communications. Thus, all sensed data transmitted between
participants could be verified and protected even if an attacker eavesdrops on the communications
between nodes or injects illegal sensed data into networks, this requirement still provides an adequate
level of security.

No verification table: The verification tables are not required to be stored inside the manager nodes to
prevent stolen-verifier attacks.

Confidentiality: Path-key establishment in every session must be secure against malicious intruders
even if those attackers collect transmission packets.

Perfect forward secrecy: In a two-party path-key establishment, a scheme is said to have perfect
forward secrecy if revealing of the secret key to an intruder cannot help him/her derive the session keys
of past sessions.

Key revocation: When the back-end system or the manager node decides to terminate a sensor utilizing
task, or when a sensor is lost, the sensor must not be allowed to make use of the credential which it
stores to connect to networks.

Re-keying: By introducing a re-keying mechanism, a manager node can conveniently update a sensor’s
credential without the intervention of back-end system for the purpose of reducing the communication
interactions and management burden on that back-end system.
2.1 Sensor Node:
Wireless Sensor Node

 sensor
o – A transducer
 a device that is actuated by power from one system and supplies power usually
in another form to a second system a loudspeaker is a transducer that
transforms electrical signals into sound energy.
 Transducers are often employed at the boundaries of automation,
measurement, and control systems, where electrical signals are converted to
and from other physical quantities (energy, force, torque, light, motion,
position, etc.).
o – converts physical phenomenon e.g. heat, light, motion, vibration, and sound into
electrical signals.

 sensor node
o – basic unit in sensor network
o – contains on-board sensors, processor, memory, transceiver, and power supply.

 sensor network
o – consists of a large number of sensor nodes.
o – nodes deployed either inside or very close to the sensed phenomenon.

2.2 Sensor Node Communication Architecture:

 Data Aggregation in WSNs

o – Solves implosion and overlap problem
o – Energy efficient
 Wireless Sensor Network (WSN) vs. Mobile Ad Hoc Network (MANET)

 Characteristics
o Power consumption constraints for nodes using batteries or energy harvesting
o Ability to cope with node failures (resilience)
o Mobility of nodes
o Heterogeneity of nodes
o Scalability to large scale of deployment
o Ability to withstand harsh environmental conditions
o Ease of use
o Cross-layer design

 Factors Influencing WSN Design

o Fault tolerance
o Scalability
o Production costs
o Hardware constraints
o Sensor network topology
o Environment
o Transmission media
o Power Consumption
 Sensing

 Communication
 Data processing
 Applications
o Military Applications
o Environmental Applications
o Health Applications
 o Home and Office Applications
o Automotive Applications
o Other Commercial Applications

 Advantages
o It avoids a lot of wiring
o It can accommodate new devices at any time
o It's flexible to go through physical partitions
o It can be accessed through a centralized monitor
 Disadvantages
o Lower speed compared to wired network.
o Less secure because hacker's laptop can act as Access Point. If you connected to their
laptop, they'll read all your information (username, password.. etc).
o More complex to configure than wired network.
o Gets distracted by various elementslike Blue-tooth .
o Still Costly at large.
o It does not make sensing quantities in buildings easier.
o It does not reduce costs for installation of sensors.
o It does not allow us to do more than can be done with a wired system.
 Design Challenges
o Heterogeneity
 The devices deployed may be of various types and need to collaborate with
each other.
o Distributed Processing
o The algorithms need to be centralized as the processing is carried out on different
nodes.
 Low Bandwidth Communication
o – The data should be transferred efficiently between sensors

 Large Scale Coordination

o The sensors need to coordinate with each other to produce required results.
 Utilization of Sensors
 o The sensors should be utilized in a ways that produce the maximum performance and
use less energy.
 Real Time Computation
o The computation should be done quickly as new data is always being generated.

 Operational Challenges of Wireless Sensor Networks

o Energy Efficiency
o Limited storage and computation
o Low bandwidth and high error rates
o Errors are common
o Wireless communication
o Noisy measurements
o Node failure are expected
o Scalability to a large number of sensor nodes
o Survivability in harsh environments
o Experiments are time- and space-intensive

2.3 Important Protocols used in IoT Wireless Sensor Network (WSN):

 Wireless Sensor Network in IoT is an infrastructure-less wireless network that is used for
deploying a large number of wireless sensors that monitor the system, physical and
environmental conditions.
NETWORKS CONNECTING WIRELESS SENSORS:

To connect Sensors embedded in IoT devices, a communication protocol is used. A low-power wide-
area network ,LPWAN, is a type of wireless network designed to allow long-range communications
between these IoT devices.Lora based Wireless Sensor network is widely used. Sub-1 GHz,
Zigbee,Thread etc are also used to connect sensor networks and gateway and data collected from this
sensor network can be sent to cloud using cellular networks such as NBIoT, LTE-M or wifi etc.

WHAT IS LPWAN:
A low-power wide-area network (LPWAN) is a type of wireless telecommunication wide area network
designed to allow long-range communications at a low bit rate among things (connected objects), such
as sensors operated on a battery. A wireless wide area network used primarily for low-power devices is
known as a Low-Power Wide-Area Network (LPWAN). The sensor devices communicate on LPWAN
in Wireless sensor network.

COMMONLY USED LPWAN TECHNOLOGIES:

 SUB-1 GHZ
 NBIOT
 ZIGBEE
 LORAWAN
 LTE CAT-M1 OR LTE-M
  SIGFOX

WIRELESS SENSOR NETWORK (WSN) USING LPWAN TECHNOLOGY:

 A Wireless Sensor Network (WSN) is a network of distributed and autonomous devices that
use sensors to track what’s happening around.
 The sensor nodes used in WSN systems are integrated with the onboard controllers.
 The complete circuitry manages the operation and monitors it mainly. Everything is connected
with the base station known as the Gateway, where high end processing of data collected from
distributed sensors is done.
 All the distributed sensors devices in WSN are mostly connected over a LPWAN technology
and communicate with the gateway.`

HOW DO SENSOR DEVICES COMMUNICATE ON LPWAN?:

 A wireless sensor node is equipped with sensing and computing devices, radio transceivers,
and power components.
 The individual nodes in a wireless sensor network (WSN) are inherently resource-constrained:
they have limited processing speed, storage capacity, and communication bandwidth.
 The sensor nodes communicate among themselves using radio signals.
 After the sensor nodes are deployed, they are responsible for self-organizing an appropriate
network infrastructure often with multi-hop communication with them.
 Then the onboard sensors start collecting information of interest.
 Wireless sensor devices also respond to queries sent from a control site or the gateway, to
perform specific instructions or provide sensing.
WHAT IS A GATEWAY UNIT IN LPWAN? HOW DOES SENSOR DEVICES
COMMUNICATE WITH GATEWAY IN LPWAN?:

 The Gateway acts as a bridge between the WSN or other networks and cloud.
 This enables data to be stored and processed by devices with more resources, in a remotely
located server which is known as a gateway unit.
 Edge Computing and Cloud computing both has an important role in IoT Applications.
 Gateway or Edge Gateway is a device that allows the management (control) of the network and
aggregates the information received from the nodes to send real-time or near real-time data to
a user platform.
 When the gateway is connected to a local laptop, the user can locally control and monitor the
WSN. Adding a cellular modem (works on LTE, NBIoT, LTE-catM1, etc) or an Internet
modem (works on wifi) to the gateway guarantees remote management and sends data to the
cloud.
 The gateway is important because it coordinates the communication aspect of the WSN as well
as its sleeping protocol.
 At a given time, the gateway wakes up nodes, data is exchanged, and then the nodes go back to
sleep.
 Sleeping is necessary for WSNs to save power.
 A sensor node generally spends 90% of its time sleeping.
 IoT Gateways manage device connectivity, data filtering, processing, protocol translation,
security etc.
 Some of the newer gateways also function as platforms for application code by processing data.

COMMUNICATION OF COLLECTED SENSOR DATA TO THE CLOUD IN LPWAN

 IoT Gateway devices sit at the intersection of the cloud and IoT device nodes or sensor devices
connecting over LPWAN.
 The data collected from wireless sensor networks or the other IoT devices will be transmitted
through gateways to the cloud.
 The received data is then stored in the cloud and from there it is provided as a service to the
users.
 Cloud IoT Core is a fully managed service from Google that allows to easily and securely
connect, manage, and ingest data from millions of globally dispersed devices.
 Cloud IoT Core supports two protocols for device connection and communication: MQTT and
HTTP.
  Devices communicate with Cloud IoT Core across a “bridge” — either the MQTT bridge or
the HTTP bridge. The MQTT/HTTP bridge is a central component of Cloud IoT Core.
 When you create a device registry, you select protocols to enable: MQTT, HTTP, or both.
o MQTT is a standard publish/subscribe protocol that is frequently used and supported
by embedded devices, and is also common in machine-to-machine interactions.
o HTTP is a “connectionless” protocol: with the HTTP bridge, devices do not maintain
a connection to Cloud IoT Core. Instead, they send requests and receive responses.
Cloud IoT Core supports HTTP.

VISUALIZING DATA COLLECTED FROM SENSOR DEVICES ON MOBILE APP

OR IOT DASHBOARD:
 The data generated from IoT devices is analysed with respect to time.
 The timestamp data is processed and this data is pushed to the IoT devices’ cloud storage,
forming a database.
 The IoT Dashboard reads the data from the database and creates data visuals for the user.
 The IoT Dashboard is said to be useful only if it can load data efficiently and create visuals
from the database.
 Some IoT web apps provide users with an optimised experience by coupling the data (which is
collected through remotely distributed smart devices) with its own database.

LORA BASED WIRELESS SENSOR NETWORK IN IOT:

LoRa based wireless sensor network is a combination of two terms, LoRa (Long Range) and wireless
sensor networks. Now before knowing more about this let us first understand what these two terms
actually mean.

WIRELESS SENSOR NETWORK:

 Wireless Sensor Network is defined as a self-configured and infrastructure-less wireless
network that is used to monitor physical and environmental conditions like temperature, sound,
vibration, pressure, motion, pollutants, etc.
 The data collected from wireless sensors is passed to the gateway through the network where it
is observed and analysed. And this data is further sent to the cloud.
LONG RANGE :
 Long Range (LoRa) is a wireless technology that is capable of offering long range, low power
and a secure data transmission for IoT devices.
 It was developed by a French company called Cycleo. LoRa is used to connect sensors,
gateways, machines, devices, etc. wirelessly to the cloud.
 It is a chirp based spectrum modulation that has low power characteristics and can be used for
long range communication. LoRa has different operating bands for different regions. They are-

 915 MHz band for USA

 868 MHz band for Europe
 865 to 867 MHz and 920 to 923 MHz band for Asia

 Some key features of LoRa-

 Long Range
 Low Power
 Secure
 Low Cost
 High Capacity

WHY USE A LORA BASED WIRELESS SENSOR NETWORK?

 Wireless Sensor Network is a very popular and has a widespread use in the field of IoT.
 But there are primarily two challenges faced by WSN, energy consumption and coverage area.
Recently advancements are being made to enhance the performance of WSN and that is what
gave rise to LoRa based Wireless Sensor Network that uses low energy and has a long range of
coverage.
  These features of LoRa based Wireless Sensor Network make it ideal for applications where
the network infrastructure has to work in an autonomous manner for a longer time and over a
wide range of areas.
 Today LoRa powered sensor networks can be found in major applications of IoT like smart
homes, smart agriculture, etc. Let’s have a closer look at some of these applications in detail.

SOME APPLICATIONS OF LORA BASED WIRELESS SENSOR NETWORK

SMART HOME USING LORAWAN:
LoRa based wireless sensor network aims to monitor different devices and sensors and update the user
in real-time. The main focus is on monitoring smoke, humidity, temperature and other environmental
parameters. This system allows remote monitoring and raises an alarm if the value from any sensor goes
beyond the threshold. LoRaWAN ( Long Range Wide Area Network) module connects sensors to
microcontrollers which can be connected over the internet for better communication.

LORA BASED SMART AGRICULTURE:

Many sensors today are being used for collection of various types of agricultural data. But these sensors
can only perform the data collection, they lack effective use and analysis of this data. To solve this
problem an intelligent platform has to be developed. This platform can be used to collect information
from the field and transmit it to remote computers to be analysed. LoRa technology is a great fit for this
as it can transmit data over a long range, it is battery-operated and can be used for several years without
changing the batteries which is very suitable for outdoors like the fields.

2.4 Security aspects of existing protocols:

What are the security protocols used in IoT?

 It combines protocols such as MQTT, TCP, 6LoWPAN, and IEEE 802.15. 4, to work on the
application, transport, network, data link, and the physical layer respectively. As the protocol
is a combination of protocols on each layer that is individually secured, it provides robust
security throughout.
THE NETWORK LAYER:
Constrained Nodes
 In IoT solutions, different classes of devices coexist.
 Depending on its functions in a network, “thing” architecture may or may not offer similar
characteristics compared to a generic PC or server in an IT environment.
  Another limit is that this network protocol stack on an IoT node may be required to
communicate through an unreliable path.
 Even if a full IP stack is available on the node, this causes problems such as limited or
unpredictable throughput and low convergence when a topology change occurs.
 Finally, power consumption is a key characteristic of constrained nodes.
 Many IoT devices are battery powered, with lifetime battery requirements varying from a few
months to 10+ years.
 This drives the selection of networking technologies since high-speed ones, such as Ethernet,
Wi-Fi, and cellular, are not (yet) capable of multi-year battery life.
 Current capabilities practically allow less than a year for these technologies on battery-powered
nodes. Of course, power consumption is much less of a concern on nodes that do not require
batteries as an energy source.
 The power consumption requirements on battery-powered nodes impact communication
intervals.
 To help extend battery life, one could enable a “low-power” mode instead of one that is “always
on.” Another option is “always off,” which means communications are enabled only when
needed to send data.
 While it has been largely demonstrated that production IP stacks perform well in constrained
nodes. IoT constrained nodes can be classified as follows:
o Devices that are very constrained in resources, may communicate infrequently to
transmit a few bytes, and may have limited security and management capabilities: This
drives the need for the IP adaptation model, where nodes communicate through
gateways and proxies.
o Devices with enough power and capacities to implement a stripped-down IP stack or
non- IP stack: In this case, you may implement either an optimized IP stack and directly
communicate with application servers (adoption model) or go for an IP or non-IP stack
and communicate through gateways and proxies (adaptation model).
o Devices that are similar to generic PCs in terms of computing and power resources but
have constrained networking capacities, such as bandwidth: These nodes usually
implement a full IP stack (adoption model), but network design and application
behaviours must cope with the bandwidth constraints.
The definition of constrained nodes is evolving. The costs of computing power, memory, storage
resources, and power consumption are generally decreasing. At the same time, networking
technologies continue to improve and offer more bandwidth and reliability. In the future, the push to
optimize IP for constrained nodes will lessen as technology improvements and cost decreases address
many of these challenges.
Constrained Networks:

 In the early years of the Internet, network bandwidth capacity was restrained due to technical
limitations.
 Connections often depended on low-speed modems for transferring data. However, these low-
speed connections demonstrated that IP could run over low- bandwidth networks.
 But today, the evolution of networking has seen the emergence of high-speed infrastructures.
 However, high-speed connections are not usable by some IoT devices in the last mile.
 The reasons include the implementation of technologies with low bandwidth, limited distance
and bandwidth due to regulated transmit power, and lack of or limited network services.
 When link layer characteristics that we take for granted are not present, the network is
constrained.
 A constrained network can have high latency and a high potential for packet loss. Constrained
networks have unique characteristics and requirements.
 In contrast with typical IP networks, where highly stable and fast links are available,
constrained networks are limited by low-power, low bandwidth links (wireless and wired).
They operate between a few kbps and a few hundred kbps and may utilize a star, mesh, or
combined network topologies, ensuring proper operations.
 With a constrained network, in addition to limited bandwidth, it is not unusual for the packet
delivery rate (PDR) to oscillate between low and high percentages.
 Large bursts of unpredictable errors and even loss of connectivity at times may occur.
 These behaviours can be observed on both wireless and narrowband power-line communication
links, where packet delivery variation may fluctuate greatly during the course of a day.
 Unstable link layer environments create other challenges in terms of latency and control plane
reactivity.
 One of the golden rules in a constrained network is to “underreact to failure.” Due to the low
bandwidth, a constrained network that overreacts can lead to a network collapse—which makes
the existing problem worse.
 Control plane traffic must also be kept at a minimum; otherwise, it consumes the bandwidth
that is needed by the data traffic.
 Finally, one has to consider the power consumption in battery-powered nodes. Any failure or
verbose control plane protocol may reduce the lifetime of the batteries.
 To summarize, constrained nodes and networks pose major challenges for IoT connectivity in
the last mile. This in turn has led various standards organizations to work on optimizing
protocols for IoT.
IP Versions

For 20+ years, the IETF has been working on transitioning the Internet from IP version 4 to IP version
6. The main driving force has been the lack of address space in IPv4 as the Internet has grown. IPv6
has a much larger range of addresses that should not be exhausted for the foreseeable future. Today,
both versions of IP run over the Internet, but most traffic is still IPv4 based.
While it may seem natural to base all IoT deployments on IPv6, you must take into account current
infrastructures and their associated lifecycle of solutions, protocols, and products. IPv4 is entrenched in
these current infrastructures, and so support for it is required in most cases. Therefore, the Internet of
Things has to follow a similar path as the Internet itself and support both IPv4 and IPv6 versions
concurrently.
Techniques such as tunnelling and translation need to be employed in IoT solutions to ensure
interoperability between IPv4 and IPv6. A variety of factors dictate whether IPv4, IPv6, or both can be
used in an IoT solution. Most often these factors include a legacy protocol or technology that supports
only IPv4. Newer technologies and protocols almost always support both IP versions. The following
are some of the main factors applicable to IPv4 and IPv6 support in an IoT solution:

• Application Protocol:
IoT devices implementing Ethernet or Wi-Fi interfaces can communicate over both IPv4 and IPv6, but
the application protocol may dictate the choice of the IP version. For example, SCADA protocols such
as DNP3/IP (IEEE 1815), Modbus TCP, or the IEC 60870-5-104 standards are specified only for IPv4.
So, there are no known production implementations by vendors of these protocols over IPv6 today. For
IoT devices with application protocols defined by the IETF, such as HTTP/HTTPS, CoAP, MQTT, and
XMPP, both IP versions are supported. The selection of the IP version is only dependent on the
implementation.

• Cellular Provider and Technology:

IoT devices with cellular modems are dependent on the generation of the cellular technology as well as
the data services offered by the provider. For the first three generations of data services—GPRS, Edge,
and 3G— IPv4 is the base protocol version. Consequently, if IPv6 is used with these generations, it
must be tunneled over IPv4. On 4G/LTE networks, data services can use IPv4 or IPv6 as a base protocol,
depending on the provider.

• Serial Communications:
Many legacy devices in certain industries, such as manufacturing and utilities, communicate through
serial lines. Data is transferred using either proprietary or standards based protocols, such as DNP3,
Modbus, or IEC 60870-5-101. In the past, communicating this serial data over any sort of distance could
be handled by an analog modem connection. However, as service provider support for analog line
services has declined, the solution for communicating with these legacy devices has been to use local
connections. To make this work, you connect the serial port of the legacy device to a nearby serial port
on a piece of communications equipment, typically a router. This local router then forwards the serial
traffic over IP to the central server for processing. Encapsulation of serial protocols over IP leverages
mechanisms such as raw socket TCP or UDP. While raw socket sessions can run over both IPv4 and
IPv6, current implementations are mostly available for IPv4 only.

• IPv6 Adaptation Layer:

IPv6-only adaptation layers for some physical and data link layers for recently standardized IoT
protocols support only IPv6. While the most common physical and data link layers (Ethernet, Wi-Fi,
and so on) stipulate adaptation layers for both versions, newer technologies, such as IEEE 802.15.4
(Wireless Personal Area Network), IEEE 1901.2, and ITU G.9903 (Narrowband Power Line
Communications) only have an IPv6 adaptation layer specified. This means that any device
implementing a technology that requires an IPv6 adaptation layer must communicate over an IPv6-only
sub network. This is reinforced by the IETF routing protocol for LLNs, RPL, which is IPv6 only.

6LoWPAN
While the Internet Protocol is key for a successful Internet of Things, constrained nodes and constrained
networks mandate optimization at various layers and on multiple protocols of the IP architecture. Some
optimizations are already available from the market or under development by the IETF.

Optimizing IP for IoT Using an Adaptation Layer

 In the IP architecture, the transport of IP packets over any given Layer 1 (PHY) and Layer 2
(MAC) protocol must be defined and documented.
 The model for packaging IP into lower-layer protocols is often referred to as an adaptation
layer.
  Unless the technology is proprietary, IP adaptation layers are typically defined by an IETF
working group and released as a Request for Comments (RFC).
 An RFC is a publication from the IETF that officially documents Internet standards,
specifications, protocols, procedures, and events. For example, RFC 864 describes how an IPv4
packet gets encapsulated over an Ethernet frame, and RFC 2464 describes how the same
function is performed for an IPv6 packet.
 IoT-related protocols follow a similar process. The main difference is that an adaptation layer
designed for IoT may include some optimizations to deal with constrained nodes and networks.
 The main examples of adaptation layers optimized for constrained nodes or “things” are the
ones under the 6LoWPAN working group and its successor, the 6Lo working group.
 The initial focus of the 6LoWPAN working group was to optimize the transmission of IPv6
packets over constrained networks such as IEEE 802.15.4.

Comparison of an IoT Protocol Stack Utilizing 6LoWPAN and an IP Protocol Stack

2.5 Attacks on sensor network routing and countermeasures:

 Wireless Sensor Networks have the main factor which makes the network vulnerable is its
broadcast nature of transmission.
 WSNs are susceptible to broad range of security attacks due to wireless nature of
communication. Because of broadcast nature of communication always there is threat of
attacks.
 Furthermore, as sensor nodes are often placed in open environment so there is bonus threat of
physical or natural attacks, because they are not physically protected. Attacks in WSN..

o Sinkhole Attack: Sinkhole attack is basically the attack in which opponents try to
attract the whole traffic of the particular network. It takes place by when a compromised
 node creates centre of attraction for other nodes and attracts whole traffic. This takes
place only with the help of a compromised node.
o Selective forwarding: In selective forwarding attack the compromised node forward
only selected data packets not all to the receiver.
o Wormhole Attack: In wormhole attack the attacker records data packets in one
location and then stores those data packets in another location in order to retransmit
them later in the network.
o Hello flood attack: In hello flood attack an attacker sends a hello packet to the receiver
nodes, which is an attempt to make fool to the sensor nodes that this hello message is
send by the base station. This hello packet works as a weapon to convince other sensor
nodes
o Sybil Attack: In Sybil attack a node itself presents in many duplicate identities. This
attack basically goals to fault tolerant schemes such as multi-path routing and topology
maintenance and distributed storage.
o Message corruption: In this attack the attacker does modification in the message
during the transmission, this disturbs the integrity of the network.
o Denial of Service Attack: Denial of service attack (DoS) is a clear effort to prevent
the genuine user of a service or data. The ordinary technique of attack involves
overloading the target system with requests, so that it cannot service to genuine traffic.
This attack stops services for genuine users. The examples of attack are: Jamming,
Tapering, collision, homing, flooding, etc.
o Node malfunction: If a data-aggregating node such as a cluster leader is a malfunction
node then it will produce the inaccurate data that can harm the integrity of sensor
network.
o Node Outage: The situation when a node stops working is known as node outage. It
may be very much harmful if the victim node is the master node in the network.
o Node Subversion: If the node is captured by an attacker then there is threat of disclosure
of some secret data like cryptographic keys and therefore compromise the whole sensor
network. Any sensor node might be hacked, and secret information (key) accumulated
on it might be acquire by the attacker.
o False node: When an attacker adds an extra node in any network in order to inject
malicious data, comes under the category of false node. With the help of this false node
an intruder may add some false data which may disturb the communication. Malicious
code injected in the network with the help of false node could spread to all nodes, which
can harm whole network.
o Pulse delay attack: There may arise the problem when any intruder or snoopers snoops
the message transmission between two nodes, it may store the message pulses and then
 retransmits the message after some modifications. This problem is known as pulse
delay attack.
o Node Replication Attack: In node replication attack as name implies a replicated copy
of a node is added to the network. An attacker adds a replicated node in a sensor
network by copying node ID and other details related to their identity. This malicious
node may be dangerous for the sensor network because by inserting this node attacker
can manipulate a specific network segment or even it can destroy the network.
o Traffic Analysis: If the message which is transferred is encrypted then also there is
risk of malicious harm. This harm can be possible when the intruder continuously study
the communication pattern. This study can give enough information to intruder to harm
the network.
o Camouflages Adversaries: Any attacker can insert a malicious node in the network or
can compromise a node in order to attract the data packets of the network and then
these packets can be misrouted or can be altered.
o Monitoring & Eavesdropping: This is the most widely recognized assault to
protection. Snooping is the process by which, the opponent can easily get the message
contents. Some times when nodes are communicating information about controls then
eavesdropping is very harmful.

Countermeasures:
2.6. Trust requirements for security protocols for WSNs :
SPINS: SPINS Security Protocol for Sensor Networks:
 To study in detail the security protocol for sensor networks. We will go through the following
topics while studying security protocol for sensor networks security for sensor networks,
proposed techniques, application, related work, discussion.
 Today sensor network are being widely used in many applications such as real-time traffic
monitoring, military applications, emergency and critical system.
 Let us have a look at how security for sensor network is maintained.

 a.) Data Authentication

 b.) Data Confidentiality

 c.) Data Integrity

 d.) Data Freshness

 There are some challenges faced in security protocol for sensor networks. The is faced in
resource constraints. Resources are been limited in terms of energy, computation, memory,
code size, communication, energy consuming communication. Now let us understand how
SPINS contributes in building protocols.
o a.) SNEP

o SNEP is sensor network protocol and it provides sensor network encryption protocol
and secure point to point communication. SNEP has some important factors data
confidentiality, data authentication, replay protection, weak protection, weak freshness,
low communication overhead.
o b.) µTESLA
o µTESLA is micro timed efficient stream loss-tolerant Authentication. It provides
broadcast authentication. Problems with µTESLA is digital signatures for initial
packet authentication, limited overhead 24bytes per packet, passing one-way key
chain is too big the key is passed from base station to all the nodes through network.
Let is now study the factors essential for system.
 a.) Communication Pattern
 Communication in the sensor networks takes place from node to base
station, from base station to node, base station to all nodes.
 b.) Base Station
 A base station is a component or factor which has sufficient memory
and power, and shares secret key with each node while
communication.
 c.) Node
 Node in a network is a component which has limited resource and
limited trust.
  Drawbacks in the above stated is in µTESLA there is need of initial key for each node which
will probably lead to intensive communication. Spins uses source routing so it is not vulnerable
for analysing traffic.

 LEAP security protocol

o LEAP was introduced by Cisco Systems back in the year 2000. The aim of this was to
counter some of the earlier vulnerabilities suffered by previous authentication
technologies (CHAP and PAP). Even though attacks against the LEAP protocol were
previously known, Cisco maintained for a long time that the protocol was secure if
users could implement complex passwords. However, much safer protocols were
introduced that included EAP-TLS, EAP-TTLS and PEAP.
o LEAP is designed to provide more secure authentication for 802.11 WLANs (wireless
local area networks) that support 802.1X port access control.
o LEAP uses dynamic Wired Equivalent Privacy (WEP) keys that are changed with more
frequent authentications between a client and a RADIUS server.

2.6.4. TinySEC:

 What is TinySec?
 Link-layer security architecture for wireless sensor networks
 Why do we need TinySec?
 Sensor Networks need a way to communicate securely
 Wireless inherently insecure due to it’s broadcast nature
 Existing secure protocols are too bloated for wireless sensor networks

 Sensor networks have limited computational resources, battery life and

communication capabilities
Contributions:

 TinySec is the first fully-implemented link-layer security protocol for wireless sensor networks
 TinySec is implemented in official TinyOS release
 Tradeoffs between performance, transparency and security are discussed
 The authors try to balance this tradeoff for the application (wireless sensor networks)

 Bandwidth, latency and power consumption are analyzed for TinySec

 It is feasible to implement this in software
  TinySec is a basis for higher level security protocols

Sensor Networks:

 Heterogeneous system of sensor with general-purpose computing elements

 Most networks will consist of hundreds or thousands of sensors

 Generally used to collection some information about an environment

Representative Hardware:

 Mica2
 Several cubic inches
 8 MHz 8-bit Atmel CPU
 128 kB instruction memory
 4 kB RAM (data)
 512 kB flash memory
 19.2 kbps radio with a range of ~100 meters
 Operates for ~ 2 weeks at full power
 Run TinyOS

Security Risks & Threat Models:

 Broadcast medium
 Adversaries can listen to data, intercept data, inject data and alter transmitted data

 What TinySec does

 Guarantee message authenticity, integrity and confidentiality

 What TinySec doesn’t protect against

 Resource consumption attacks
 Physical tamper resistance
 Node capture attacks
Link-Layer vs End-to-End:
  End-to-end security
 Typical approach in wired networks
 Packets are encrypted by the sender and decrypted by the receiver
 Nodes relaying the message don’t decrypt the message, relay as-is
 Transport layer
 Link-layer security
 Each physical transmission of the packet gets encoded and decoded
 Data link layer

Why Link-Layer Security?

 Sensor networks typically have a many-to-one architecture

 All sensors transmit their readings to the base station
 Ideally duplicate messages (from different sensors) will be dropped
 Link-layer architecture needed

 Link-layer architecture detects “bad” packets immediately

 Saves resources

Design Goals: Security:

 Access Control
 Unauthorized parties should not be able to participate
 Solution: MAC code

 Message Integrity
 If a message is modified in transit, it needs to be detected
 Solution: MAC code

 Message Confidentiality
 Information needs to be kept private from unauthorized parties
 Solution: Encryption

Design Goals: Security (Omission):

 Replay Protection
 An unauthorized party resends a legitimate packet which it overheard at a later time
 Typical defense: associate counter with each message
  Problem: state needs to be kept for this and we don’t have the resources for this
 Solution: Let a higher level protocol deal with this if it is a problem

Design Goals: Performance:

 Overhead
 Increase in message length

 Decrease throughput
 Increase latency

 Increase power consumption

 Increase in computation (encryption)
 Increase power consumption

 8 bytes is ~25% of packet size

 Traditional security protocols use 8-16 bytes at least

Design Goals: Ease of Use:

 Higher level security protocols will rely on TinySec

 Transparency
 TinySec should be transparent to the application developer when in use

 Portability
 TinySec should support different CPU and radio hardware
 Any necessary porting should be as painless as possible

Security Primitives: MAC:

 Message Authentication Code (MACs)

 Solution to message authenticity and integrity
 Cryptographically secure CRC
 Sender and Receiver share a private key
 Sender computes MAC over message using private key and includes it in the packet
 Receiver does the same, if MAC computed is different from MAC in the message,
receiver rejects the message

Security Primitives: Initialization Vectors

  Initialization Vectors (IVs)
 Encryption mechanism
 Side input to encryption algorithm
 Helps to achieve Semantic Security
 Adversaries should have no better than a 50% chance at guessing any yes/no
question about a message
 IV adds variation to Encryption

 Important when encrypted messages vary little

 IV is publicly included as part of message
 Tradeoff on IV length of overhead vs resource usage

TinySec Design:
 TinySec-AE
 Authentication & Encryption
 MAC computed over encrypted data and the packet header
 Ensures data received is from a trusted node
 Prevents adversaries from seeing data
 TinySec-Auth
 Authentication Only
 Only ensure data received is from a trusted node
 Good when data does not need to be private
TinySec Encryption:
 Encryption Scheme
 Cipher block chaining (CBC)

 IV format
 8 byte IV
 Want to minimize overhead while getting enough security
 Part of IV is a counter
 More on this later…

Encryption Algorithm Options:

  Stream ciphers
 Faster than block ciphers (good!)
 If we ever use the same IV, it is highly likely both messages can be decrypted (bad!)

 We have limited resources to vary the IV

 Must use a block cipher algorithm

 Block ciphers
 Keyed pseudorandom permutation over bit strings
 Operates on blocks of data (message broken up into blocks)

More on Block Ciphers:

 Good MAC algorithms use block cipher-s
 Two bird with one stone (save code space)
 Mode of operation
 Counter (CTR)
 Similar to stream ciphers – reject
 Cipher block chaining (CBC)

 Can be made to work with IVs that may repeat

 XOR encryption of message length with first plaintext block

 Examples include:
 DES, AES, RC5, Skipjack
 Skipjack chosen due to licensing issues and practicality of software implementation

Packet Format:

Packet Format Explained:

  Destination, AM and length sent unencrypted
 Used for early rejection of messages
 Only data is encrypted (TinySec-AE)

 Take 2 bytes for CRC and put them toward 4 bytes used for MAC (+2 bytes)
 MAC computed over entire packet (data + header)

 Group field dropped (-1 byte)

 Differentiates between multiple sensor networks
 MAC does this for us

 TinySec-AE additional fields (+4 bytes)

 src – source address
 ctr – counter
 These add variability to the IV

Security Analysis:
 Message Integrity and Authenticity
 Based on MAC length (4 bytes for TinySec)
 1 in 2^32 chance to guess it
 Adversary must send 2^32 packets to correctly fake a message
 This is not OK for regular networks, given our data rate, this is ok

 It would take 20 months to send this many packets at 19.2kb/s

 (What if hardware improves significantly?)

 (How will TinySec keep up?)

 (Authors argue that the trend is not in this direction)

Security Analysis:

 Message Confidentiality
 Security based on IV length, assuming no reuse

 8 byte counter or 16 byte random would be sufficient

 However, we have an 8 byte total IV

 2 Destination, 1 AM, 1 Length, 2 Source and 2 Counter

 Try to maximize packets each node can send before global reuse of an IV
 Each node can send 2^16 packets before IV reuse

 Assume same destination, AM and length

  At 1 packet per minute -> reuse will not occur for 45 days

 (Again, what if this changes?)

 IV reuse only problem when using same private key

Keying Mechanisms:

 How do we distribute private keys to trusted nodes?

 Keys preconfigured

 Network-wide
 1 key for all nodes in the network

 Per-link
 Each pair of nodes that communicate share a key

 Per-group
 Each set of nodes that communicate share a key

 (Slightly off topic, but relevant to making the system work)

2.6.5. SM:
2.6.6. ZigBee:
 Zigbee is wireless PAN (Personal Area Network) technology developed to support automation,
machine-to-machine communication, remote control and monitoring of IoT devices. It evolved
from IEEE 802.15.4 wireless standard and supported by the ZigBee Alliance.
 Zigbee is considered to be a secure wireless communication protocol, with security architecture
built in accordance with IEEE 802.15. 4 standards. Security services provided by Zigbee
include key establishment, key transportation and frame protection via symmetric
cryptography.
However, Zigbee security features are based on certain assumptions:

 Zigbee assumes an “open trust” model. The protocol stack layers trust each other. The
layer that originates a frame is responsible for its security.
 The security services cryptographically protect the interfaces between different devices
only.
 Interfaces between different stack layers in the same device are arranged non-
cryptographically.
 The secret keys are not discovered during key-transport. An exception to this is during
pre-configuration of a new device, in which a single key may be sent unprotected.
 Availability of almost perfect random number generators.
  Availability of tamper-resistant hardware.

Zigbee security models

There are two types of security models in Zigbee networks, as presented in Figure 6. They mainly
differ according to the implemented mechanism, how new devices are admitted into the network and
how they protect the messages in the network – Centralized security network and Distributed security
network.

1. Centralized Security model is complex but more secure and involves the Trust Center
(network coordinator). Only Zigbee Coordinators with Trust Center can establish
centralized networks. Nodes join the network, receive the network key and establish
unique link key with Trust Center. The Trust Center is responsible for:

 Configuring and authenticating routers and end devices that join the network.
 Generating network key to be used for encrypted communication across the network.
 Periodically or as required, switching to a new network key, as a security protection
method. If an attacker acquires a network key, it will have a limited lifetime.
 Establishing a unique link key for each device, as they join the network.
 Maintaining the overall security of the network.

1. Distributed security model is simple, but less secure. This model supports only routers and
end devices. Routers find their role in formatting the distributed network and they are
responsible for sign up of other routers and end devices. Routers publish network keys
(used to encrypt messages) to newly joined routers and end-devices. All the nodes in the
network use the same network key for encrypting messages. Also, all nodes are pre-
configured with a link key (used to encrypt the network key) before entering the network,
as there is no Coordinator and Trust Center.

2.6.7. Datagram Transport Layer Security

 Datagram Transport Layer Security (DTLS) protocol.
 DTLS allows client/server applications to communicate over the Internet in a way that is
designed to prevent eavesdropping, tampering, and message forgery.
 The DTLS protocol is intentionally based on the Transport Layer Security (TLS) protocol
and provides equivalent security guarantees.
 Datagram semantics of the underlying transport are preserved by the DTLS protocol.
 DTLS is a standardised protocol which is built into all browsers that support Web Real-Time
Communication, and is one protocol consistently used in web browsers, email, and VoIP
platforms to encrypt information.

802.1AR:( 802.1AR: Secure Device Identity)

 IEEE Standard for Local and metropolitan area networks–Secure Device Identity
 A Secure Device Identifier (DevID) is cryptographically bound to a device and supports
authentication of the device's identity.
 Local Area Networks (LANs) are often deployed in networks that provide publicly accessible
services or cannot be completely physically secured.
 Protocols that configure, manage, and regulate access to these networks typically run over the
networks themselves.
 Secure and predictable network operation depends on authenticating each device attached to
and participating in the network, so that the degree of trust and authorization to be accorded to
that device by its communicating peers can be determined.
 Authentication of a human user, through a credential known to or possessed by that user, is
often used to authenticate devices such as laptop personal computers, but many network devices
are designed for unattended autonomous operation and do not support user authentication.
 This standard specifies Secure Device Identifiers (DevIDs) designed to be used as interoperable
secure device authentication credentials with Extensible Authentication Protocol (EAP) and
other industry standard authentication and provisioning protocols.
 A standardized device identity facilitates interoperable secure device authentication and
simplifies secure device deployment and management.

IEEE 802.1X:
  Devices attempting to connect to a LAN or WLAN require an authentication mechanism. IEEE
802.1X, an IEEE Standard for Port-Based Network Access Control (PNAC), provides protected
authentication for secure network access.


 An 802.1X network is different from home networks in one major way; it has an authentication
server called a RADIUS Server. It checks a user's credentials to see if they are an active member
of the organization and, depending on the network policies, grants users varying levels of access
to the network.
 This allows unique credentials or certificates to be used per user, eliminating the reliance on a
single network password that can be easily stolen.
 802.1X is a network authentication protocol that opens ports for network access when an
organization authenticates a user's identity and authorizes them for access to the network.
 The user's identity is determined based on their credentials or certificate, which is confirmed
by the RADIUS server. The RADIUS server is able to do this by communicating with the
organization's directory, typically over the LDAP or SAML protocol.
KEY TAKEAWAYS

 802.1X is an authentication protocol to allow access to networks with the use of a RADIUS
server.
 802.1X and RADIUS based security is considered the gold standard to secure wireless and
wired networks today.

Secure LEACH, TLEACH, CSLEACH:

 LEACH (Low-Energy Adaptive Clustering Hierarchy) is a routing protocol for wireless sensor
networks in which:
o The base station (sink) is fixed
o Sensor nodes are homogenous
 LEACH conserves energy through:
o Aggregation
o Adaptive Clustering

Existing Routing Protocols:

  LEACH is compared against three other routing protocols:

– Direct-Transmission

• Single-hop

– Minimum-Transmission Energy

• Multi-hop

– Static Clustering

• Multi-hop

Direct-Transmission:

 Each sensor node transmits directly to the sink, regardless of distance

 Most efficient when there is a small coverage area and/or high receive cost

Sensor Status after 180 rounds with 0.5J/node

Minimum Transmission Energy (MTE):

 Traffic is routed through intermediate nodes
– Node chosen by transmit amplifier cost
– Receive cost often ignored
 Most efficient when the average transmission distance is large and Eelec is low
 Sensor Status after 180 rounds with 0.5J/node

Static Clustering:

 Indirect upstream traffic routing

 Cluster members transmit to a cluster head
– TDMA
 Cluster head transmits to the sink
– Not energy-limited
 Does not apply to homogenous environments

2.6.9. TeenySec:
 A Wireless Sensor Network (WSN) link layer security protocol called TeenySec.

 WSNs are caused by a lot of vulnerability because of factors such as hardware constraints of
the sensor nodes, wireless communication medium, real-time computing, heterogeneous
 structure, large number of nodes, scalability, mobility, weight and cost requirements of
application environment.
 In sensitive WSN applications like surveillance of enemy lines or border areas, security
protocols must be used which provide confidential data transfer from sensors to base station.
 new data link layer protocol is developed which is called TeenySec.

 TeenySec provides data confidentiality, data integrity, data freshness and data authentication
and is also energy efficient.

2.6.10. security features in IPV6 (IPng):

 UNIT-3
Integrating Security in IoT Ecosystem

3.1. Building Security in design and development, secure design

3.2. Threat modelling, impact assessment
3.3. Security system integration
3.3.1 framework
3.3.2 Secure APIs
3.3.3 Cryptography
3.3.4 Authentication
3.4. Identity and access management
3.5. Security monitoring
3.6. Secure gateway and network configurations
3.7. Managing roles and attributes
3.8. IoT penetration testing tools and techniques.
3.1. Building Security in design and development, secure design

IoT Design Methodology – Steps

Step 1: Purpose & Requirements Specification • The first step in IoT system design methodology is to
define the purpose and requirements of the system. In this step, the system purpose, behavior and
requirements (such as data collection requirements, data analysis requirements, system management
requirements, data privacy and security requirements, user interface requirements, ...) are captured.
Step 2: Process Specification • The second step in the IoT design methodology is to define the process
specification. In this step, the use cases of the IoT system are formally described based on and derived
from the purpose and requirement specifications.

Step 3: Domain Model Specification • The third step in the IoT design methodology is to define the
Domain Model. The domain model describes the main concepts, entities and objects in the domain of
IoT system to be designed. Domain model defines the attributes of the objects and relationships between
objects. Domain model provides an abstract representation of the concepts, objects and entities in the
IoT domain, independent of any specific technology or platform. With the domain model, the IoT
system designers can get an understanding of the IoT domain for which the system is to be designed.

Step 4: Information Model Specification • The fourth step in the IoT design methodology is to define
the Information Model. Information Model defines the structure of all the information in the IoT system,
for example, attributes of Virtual Entities, relations, etc. Information model does not describe the
specifics of how the information is represented or stored. To define the information model, we first list
the Virtual Entities defined in the Domain Model. Information model adds more details to the Virtual
Entities by defining their attributes and relations.

Step 5: Service Specifications • The fifth step in the IoT design methodology is to define the service
specifications. Service specifications define the services in the IoT system, service types, service
inputs/output, service endpoints, service schedules, service preconditions and service effects.

Step 6: IoT Level Specification • The sixth step in the IoT design methodology is to define the IoT level
for the system.

Step 7: Functional View Specification • The seventh step in the IoT design methodology is to define
the Functional View. The Functional View (FV) defines the functions of the IoT systems grouped into
various Functional Groups (FGs). Each Functional Group either provides functionalities for interacting
with instances of concepts defined in the Domain Model or provides information related to these
concepts.
Step 8: Operational View Specification • The eighth step in the IoT design methodology is to define the
Operational View Specifications. In this step, various options pertaining to the IoT system deployment
and operation are defined, such as, service hosting options, storage options, device options, application
hosting options, etc

Step 9: Device & Component Integration • The ninth step in the IoT design methodology is the
integration of the devices and components.
Step 10: Application Development • The final step in the IoT design methodology is to develop the IoT
application.

Embedded Computing Logic:

 It is essential to know about the embedded devices while learning the IoT or building the
projects on IoT.
 The embedded devices are the objects that build the unique computing system. These systems
may or may not connect to the Internet.
 An embedded device system generally runs as a single application. However, these devices can
connect through the internet connection, and able communicate through other network devices.

 First developed in the 1960s for aerospace and the military, embedded computing systems
continue to support new applications through numerous feature enhancements and cost- to-
performance improvements of microcontrollers and programmable logic devices.
 Today, embedded computing systems control everyday devices which we don’t generally think
ofas “computers”: digital cameras, automobiles, smart watches, home appliances, and even
smart garments. These embedded computing systems are commonly found in consumer,
industrial, automotive, medical, commercial, and military applications.
 Unlike general-purpose computers, embedded control systems are typically designed to
perform specific tasks. The embedded computing system designer’s task is to identify the set
of components that will implement the system’s functional, performance, usability, and
reliability requirements, typically within tight cost and development timeline constraints.
 Accordingly, the selection of a microcontroller and its characteristics, including data
processing capabilities, speed, peripherals, and power consumption, is one of the earliest and
most critical aspects of system design.
  Part of the designer’s responsibility involves being aware of trends in their particular industry
and taking advantage of relevant components and techniques .
 Let’s look forexamples among the top industries for microcontroller applications,
the Internet of Things.

Embedded System Hardware:

 The embedded system can be of type microcontroller or type microprocessor. Both of these
types contain an integrated circuit (IC).
 The essential component of the embedded system is a RISC family microcontroller like
Motorola 68HC11, PIC 16F84, Atmel 8051 and many more.
 The most important factor that differentiates these microcontrollers with the microprocessor
like 8085 is their internal read and writable memory.
 The essential embedded device components and system architecture are specified below.

Embedded System Software:

 The embedded system that uses the devices for the operating system is based on the language
platform, mainly where the real-time operation would be performed.
 Manufacturers build embedded software in electronics, e.g., cars, telephones, modems,
appliances, etc.
 The embedded system software can be as simple as lighting controls running using an 8-bit
microcontroller.
 It can also be complicated software for missiles, process control systems, airplanes etc.
Microcontrollers for Embedded Computing with IoT Devices

 IoT devices are meant to be inexpensive, therefore the microcontroller needs to be chosen so
that its capabilities are not underutilized by the application.
 The microcontroller specifications that determine the best part for your application are:
o Bit depth: The register and data path width impacts the speed and accuracy with which
microcontrollers can perform non-trivial computations.
o Memory: The amount of RAM and Flash in a microcontroller determines the code size
and complexity the component can support at full speed. Large memories have larger
die area and component cost.
o GPIO: These are the microcontroller pins used to connect to sensors and actuators in
the system. These often share their functionality with other microcontroller peripherals,
such as serial communication, A/D, and D/A converters.
o Power consumption: Power consumption is critically important for battery-operated
devices and it typically increases with microcontroller speed and memory size.

System on Chips:
 System on Chip in IoT designed by Redpine Signals is discussed below.This IoT SoC supports
WLAN, bluetooth and Zigbee systems on a single chip. It also supports 2.4 and 5GHz radio
frequencies.

 As we know IoT is the technology which will provide communication between things,
between things and people using internet and IP enabled protocols.
 As we have seen in IoT tutorial any IoT compliant system will have two major parts viz.
front end and back end.
 Front end provides connectivity with physical world and consists of sensors while backend
consists of processing and network connectivity interfaces.
 Typical IoT system on chip support more than one RATs (Radio Access Technologies). It
will have following modules.
• Transmit and receive switch.
• RF part mainly consists of Trasmitter, receiver, oscillator and
amplifiers.
• Memoriesi.e. Program memory, data memory to
store the code and data
• Physical layer(baseband processing) either on FPGA or on processor based on
complexityand latency requirement.
• MAC layer and upper protocol stacks TCP/IP etc. running on
processor
• ADC and DAC to provide interface between digital baseband and analog RF
portions.
• Various interfaces such as SDIO, USB, SPI etc to provide interface with the
host.
• Other peripherals such as UART, I2C, GPIO, WDT etc. to use the IoT SoC for
variousconnections.

As IoT system on chip supports multiple wireless protocols and RF

hardware to support multiple frequency bands, following factors need to be
carefully analyzed and to be optimized.
• Power-consumption
•Data-throughput
• Device-size
• Performance in terms of latency and other factors
Figure depicts one such IoT System on Chip model no. RS9113,which has
been designed and developed by Redpine Signals recently. It supports
WLAN (802.11n), Bluetooth version 4.0 and Zigbee (802.15.4-2006) in the
same chip. Hence the IoT device can be connected with any of the said
wireless technology based networks.

This IoT SoC (system on chip in IoT) can be used for numerous applications
as mentioned below:
• Mobile

• M2M-Communication

• Real time location finding tags

 • Thermostats

• Smart meters

• Wireless sensor devices

• Serial to WiFi converter

• Voice Over WiFi compliant phones

• Home automation
• Health care devices and equipments

Building Blocks Of IoT:

• Four things form basic building blocks of the IoT system –sensors, processors, gateways,
applications. Each of these nodes has to have its own characteristics in order to form an useful
IoT system.

Figure: Simplified block diagram of the basic building blocks of the IoT

Sensors:
• These form the front end of the IoT devices. These are the so-called “Things” of the system.
Their main purpose is to collect data from its surroundings (sensors) or give out data to its
surrounding (actuators).
• These have to be uniquely identifiable devices with a unique IP address so that they can be
easily identifiable over a large network.
 • These have to be active in nature which means that they should be able to collect real-time
data. These can either work on their own (autonomous in nature) or can be made to work by
the user depending on their needs (user-controlled).
• Examples of sensors are gas sensor, water quality sensor, moisture sensor, etc.

Processors:
• Processors are the brain of the IoT system.
• Their main function is to process the data captured by the sensors and process them so as to
extract the valuable data from the enormous amount of raw data collected.
• In a word, we can say that it gives intelligence to the data.
• Processors mostly work on real-time basis and can be easily controlled by applications.
• These are also responsible for securing the data – that is performing encryption and decryption
of data.
• Embedded hardware devices, microcontroller, etc are the ones that process the data because they
have processors attached to it.
Gateways:

• Gateways are responsible for routing the processed data and send it to proper locations for its
(data) proper utilization.
• In other words, we can say that gateway helps in to and fro communication of the data. It
provides network connectivity to the data. Network connectivity is essential for any IoT system
to communicate.
• LAN, WAN, PAN, etc are examples of network gateways.

Applications:

• Applications form another end of an IoT system. Applications are essential for proper utilization
of all the data collected.
• These cloud-based applications which are responsible for rendering the effective meaning to
the data collected. Applications are controlled by users and are a delivery point of particular
services.
• Examples of applications are home automation apps, security systems, industrial control hub,
etc.
 Figure: Basic building blocks of IoT
• In a nutshell, from the figure we can determine that the information gathered by the sensing
node (end node) is processed first then via connectivity it reaches the embedded processing
nodes that can be any embedded hardware devices and are processed there as well.
• It then passes through the connectivity nodes again and reaches the remote cloud- based
processing that can be any software and is sent to the application node for the proper applied
usage of the data collected and also for data analysis via big data.

IoT Security by Design:

 Secure by design is the inclusion of security design principles, technology, and governance at
every stage of the IoT journey. When an organization looks at creating, deploying, and
leveraging connected technology to drive its business, security must be integrated into every
component, tier, and application to preserve the integrity of the IoT solution and minimize the
risk of cyber threats.
 Developing IoT solutions around a standard platform allows organizations to develop security
solutions for IoT devices in a consistent manner. In contrast, when organizations develop IoT
platforms from scratch it can unknowingly increase the potential for cyber-related risks. IoT
platforms typically include standard tools and methods that can promote good design habits and
help developers build strong security into their solutions from the outset.
 In addition, IoT platforms are commonly designed and tested holistically to validate that there
is a high level of security deployed at every level, not only within individual components but
also for all components working together as a whole.
• Our homes and our businesses are filled with "smart" / connected devices, which are great, but
they also expose numerous new attack surfaces.
• The "security by design" framework may offer a path forward.
 • It's a set of principles within hardware and software development focused on making security
a core concern in the design and development process.

• More and more, we’re filling out homes with “smart” / connected devices beyond old school

computers, from thermostats to security systems to kitchen appliances.

• Enterprises are bringing a whole range of processes, objects and spaces online to amplify human

potential as well.

• The Internet of Things (IoT) has enormous potential, but connecting everything has a side

effect: increased vulnerability.

• We must consider the fundamentals of IoT cybersecurity to protect ourselves personally and

professionally. Top concerns are best practices, the concept of “security by design” and device

security certification programs.

IoT Device Security:

Key steps to securing IoT devices include the following best practices:

 Perform routine updates. Manufacturers release updates as they recognize ways their

products can be improved. Once the product is in your hands, rapidly installing updates will

help protect you against the most recently discovered threats. But keep in mind that
imperfect updates can expose new security vulnerabilities.

 Control access. Consider whether you need to be connected to the internet in order to use
the device. If you don’t need to be connected, then you only want to grant access to your

home network.

 Turn off Universal Plug and Play. UPnP is a weak point for routers, cameras, printers and

other devices. At the same time, secure interoperability is a must for IoT.

 Improve the passwords. They should be long and alphanumeric, while avoiding repetition,

dictionary words and personal details. Many devices currently ship with incredibly horrible

passwords like “admin” and “password,” so always check with your hardware vendor and

make sure to secure your IoT endpoints.

  Secure your connections. Use a virtual private network (VPN) to connect your devices to
the Internet. To improve your stability, make sure the VPN you use is well-suited for the
type of device.

Security by Design & Privacy by Design:

 Beyond knowing a few steps you can take with devices, it helps to choose a manufacturer that
follows security by design.
 Security by design is a set of principles within hardware and software development focused on
securing the system and reducing the risk of a compromise.
 Following these principles allows a manufacturer to know that they are protecting users and
complying with the European Union’s General Data Protection Regulation (GDPR).

 Systems built using this method incorporate elements such as abiding by coding best practices,

implementing authentication protections and deploying continuous testing.

 The key reason that secures by design is so important is that software is typically considered
first and foremost in terms of its function. Security becomes a secondary concern, and the
developers must address security holes and vulnerabilities as an ongoing concern rather than
building it with optimized security.
 With secure by design, you can be certain that the manufacturer is fixing security issues
effectively and rapidly.

Security by design incorporates the following principles:

 Secure defaults. Create a secure experience standardly. Allow users to remove protections

if desired.

 Correctly repair security issues. Be careful about design patterns, which can introduce

regressions when you attempt to fix your code. Test on all relevant applications.

 Keep security simple. You want your code to be as simple as possible. It is easier to reduce

your attack surface area in that context.

 The principle of defense in depth. While it may be reasonable to just have a single control,

add more controls so that your defenses are deeper.

 The principle of least privilege. Accounts should be given the minimum possible level of

privilege in order to complete their business functions.

  Do not trust services. You may utilize outside providers for processing. Keep in mind,
though, that services should not be trusted, by default.

 Avoid security by obscurity. You should not attempt to protect critical data simply by

hiding key details. It is an insufficient security control.

 Separation of duties. Typically, administrators should not be users of an application. For

instance, an administrator should not be able to buy from a storefront as a super-privileged

user.

 Secure failures. Verify that your code never fails in a manner that makes the user an

administrator by default.

 Minimize attack surface area.The attack surface area should be restricted as much as

possible. All features add risk. They should warrant it.

3.2. Threat modelling & Impact assessment:

Threat modelling:
 Threat modelling is a process by which potential threats, such as structural vulnerabilities or
the absence of appropriate safeguards, can be identified, enumerated, and mitigations can be
prioritized.

 Threat modelling is a structured process with these objectives:

o identify security requirements
o pinpoint security threats and potential vulnerabilities,
o quantify threat and vulnerability criticality,
o prioritize remediation methods.
 Threat modelling methods create these artifacts:

 An abstraction of the system

  Profiles of potential attackers, including their goals and methods
 A catalog of threats that could arise

How does threat modelling work?:

 Threat modelling works by identifying the types of threat agents that cause harm to an
application or computer system.
 It adopts the perspective of malicious hackers to see how much damage they could do. When
conducting threat modelling, organizations perform a thorough analysis of the software
architecture, business context, and other artifacts (e.g., functional specifications, user
documentation).
 This process enables a deeper understanding and discovery of important aspects of the system.
Typically, organizations conduct threat modelling during the design stage (but it can occur at
other stages) of a new application to help developers find vulnerabilities and become aware of
the security implications of their design, code, and configuration decisions.
 Generally, developers perform threat modelling in four steps:

 Diagram. What are we building?

 Identify threats. What could go wrong?
 Mitigate. What are we doing to defend against threats?
 Validate. Have we acted on each of the previous steps?

Advantages of threat modeling:

 When performed correctly, threat modelling can provide a clear line of sight across a software
project, helping to justify security efforts.
 The threat modelling process helps an organization document knowable security threat to an
application and make rational decisions about how to address them. Otherwise, decision-makers
could act rashly based on scant or no supporting evidence.
 Overall, a well-documented threat model provides assurances that are useful in explaining and
defending the security posture of an application or computer system. And when the
development organization is serious about security, threat modelling is the most effective way
to do the following:

 Detect problems early in the software development life cycle (SDLC)—even before
coding begins.
 Spot design flaws that traditional testing methods and code reviews may overlook.
 Evaluate new forms of attack that you might not otherwise consider.
  Maximize testing budgets by helping target testing and code review.
 Identify security requirements.
 Remediate problems before software release and prevent costly recoding post-
deployment.
 Think about threats beyond standard attacks to the security issues unique to your
application.
 Keep frameworks ahead of the internal and external attackers relevant to your
applications.
 Highlight assets, threat agents, and controls to deduce components that attackers will
target.
 Model the location of threat agents, motivations, skills, and capabilities to locate
potential attackers in relation to the system architecture.

Impact assessment:

 Risk impact assessment is the process of assessing the probabilities and consequences of risk
events if they are realized.
 The results of this assessment are then used to prioritize risks to establish a most-to-least-critical
importance ranking.
 Ranking risks in terms of their criticality or importance provides insights to the project's
management on where resources may be needed to manage or mitigate the realization of high
probability/high consequence risk events.
3.3. Security system integration, framework, Secure APIs, cryptography,
authentication:

Security system integration:

(The IoT and smart home security systems that revolutionised 2016)
The Internet of Things (IoT) is a network of connected devices, each with a unique identifier that
automatically collects and exchanges data over a network.
IoT devices are used in multiple sectors and industries, including:

 Consumer applications – IoT consumer products include smartphones, smart watches and smart
homes, which control everything from air conditioning to door locks, all from a single device.
 Business applications – Businesses use a wide range of IoT devices, including smart security
cameras, trackers for vehicles, ships and goods, as well as sensors that capture data about
industrial machinery.
 Governmental applications – Governmental IoT applications include devices used to track
wildlife, monitor traffic congestion and issue natural disaster alerts.
The number of IoT devices worldwide now numbers in the billions. Their increased presence in our
daily lives has led to increased scrutiny of their inherent security issues, which we will be exploring
here.
How Internet of Things devices are managed:

To function as intended, IoT devices need to be managed both internally, (e.g., software maintenance)
and externally (i.e., their communication with other devices).

• This is accomplished by connecting every IoT device to a management unit, known as a

command and control (C&C) centre.
• Centres are responsible for software maintenance, configurations, firmware updates to patch
bugs and vulnerabilities, as well as the provisioning and authentication of tasks, such as device
enrolment.
• Communication between devices is enabled via application program interface (API). Once a
device’s manufacturer exposes its API, other devices or applications can use it to gather data
and communicate.
• Some APIs even allow control over devices. For example, a building manager can use an API
to remotely lock doors inside a specific office.

IOT vulnerabilities and security issues:

C&C centres and APIs effectively manage day-to-day IoT operations. That said, their centralized nature
creates a number of exploitable weak spots, including:

 Unpatched vulnerabilities – Connectivity issues or the need for end-users to manually

download updates directly from a C&C center often result in devices running on outdated
software, leaving them open to newly discovered security vulnerabilities.
  Weak authentication – Manufacturers often release IoT devices (e.g., home routers)
containing easily decipherable passwords, which might be left in place by vendors and end-
users. When left open to remote access, these devices become easy prey for attackers running
automated scripts for bulk exploitation.
 Vulnerable APIs – As a gateway to a C&C center, APIs are commonly targeted by a variety
of threats, including Man in the Middle (MITM), code injections (e.g., SQLI), and distributed
denial of service (DDoS) assaults. More information about the implications of API-targeting
attacks can be found here.

The dangers posed by exploitable devices can be broken into two categories: threats that they pose to
their users and threats that they pose to others.

Threats to users:

A compromised IoT device places its users at risk in a number of ways, such as:

Data Theft:

An IoT device contains vast amounts of data, much of which is unique to its individual users, including
online browsing/purchase records, credit card details and personal health information.
An improperly secured device leaves this data vulnerable to theft. What’s more, vulnerable devices can
be used as gateways to other areas of the network they are deployed on, allowing for more sensitive
data to be extracted.

Physical Harm

IoT devices are now commonplace in the medical industry, with examples including pacemakers, heart
monitors and defibrillators. While convenient (e.g., a doctor can fine-tune a patient’s pacemaker
remotely), these devices are also vulnerable to security threats.
An improperly secured device can be exploited to interfere with a patient’s medical care. It’s an
exceedingly rare occurrence, albeit one to be considered when developing a strategy for securing IoT
devices.
Threats to others

• Insecure IoT devices are vulnerable to being hijacked and used in a botnet — a collection of
malware-infected internet connected devices, possibly numbering in the millions, controlled
from a remote location.
• For perpetrators, discovering unprotected devices is not difficult and can be easily achieved by
running widely available scripts or tools. This is best exemplified by the existence of Shodan,
a publically available search engine made for the discovery of such devices.
• As IoT devices have become more sophisticated, so have the threats that they pose. This has
manifested itself in all manner of cyberattacks, including widespread spam
and phishing campaigns, as well as DDoS attacks. The latter have been growing in size in
recent years, mostly due to the increased availability of under protected IoT devices.
• One prominent example of this trend occurred in 2016 when a public release of the Mirai
malware prompted perpetrators to create massive IoT botnets and use them for DDoS assaults.
• This lead to an unprecedented wave of attacks, the most notorious of which took down Dyn
DNS services, cutting access to some of the most popular domains in the world including Etsy,
GitHub, Netflix, Spotify and Twitter.
• The malware itself was a relatively simple script that scanned open remote access ports and
tried to gain access using a short list of commonly used login credentials (e.g., admin/admin).
• Still, the lackluster IoT security measures made these simple tactics extremely successful. In
the word of the alleged Mirai malware author, Anna-Senpai: “With Mirai, I usually pull max
380K bots from telnet alone.”

Internet of Things security management:

• The sheer volume of Internet of Things devices makes their security a high priority and is
crucial for the future wellbeing of the internet ecosystem.
• For device users, this means abiding by basic security best practices, such as changing default
security passwords and blocking unnecessary remote access (e.g., when not required for a
device’s functionality).
• Vendors and device manufacturers, on the other hand, should take a broader approach and
invest heavily in securing IoT management tools. Steps that should be taken include:

1. Proactively notifying users about devices running outdated software/OS versions.

 2. Enforcing smart password management (e.g., mandatory default password changes).
3. Disabling remote access to a device, unless it’s necessary for core functions.
4. Introducing a strict access control policy for APIs.
5. Protecting C&C centres from compromise attempts and DDoS attacks.

• Imperva cloud WAF helps IoT manufacturers protect their C&C centers by providing on-edge
traffic filtering services that ensure only authorized and authenticated client requests are
allowed to reach their APIs.
• Combining industry-leading WAF services and DDoS mitigation solutions, Imperva cloud
WAF is able to secure its users against all online threats and efficiently handle multi-versioning
from different devices.
• For added reliability, the service is also equipped with load balancing and failover features that
help operators handle organic traffic spikes, such as the kind that can occur upon the release of
a new firmware patch.

3.3.1 IOT Security Framework:

• IOT security frameworks are sets of documents describing guidelines, standards, and best
practices designed for IOT security risk management. The frameworks exist to reduce an
organization's exposure to weaknesses and vulnerabilities that hackers and other cyber
criminals may exploit.
• The word “framework” makes it sound like the term refers to hardware, but that’s not the case.
It doesn’t help that the word “mainframe” exists, and its existence may imply that we’re dealing
with a tangible infrastructure of servers, data storage, etc.
• But much like a framework in the “real world” consists of a structure that supports a building
or other large object, the IOT security framework provides foundation, structure, and support
to an organization’s security methodologies and efforts.
• As we are about to see, these frameworks come in many types.

What Are the Types of IOT Security Frameworks:

Frameworks break down into three types based on the needed function.

Control Frameworks

 Develops a basic strategy for the organization’s IOT security department

 Provides a baseline group of security controls
 Assesses the present state of the infrastructure and technology
  Prioritizes implementation of security controls

Program Frameworks

 Assesses the current state of the organization’s security program

 Constructs a complete IOT ecurity program
 Measures the program’s security and competitive analysis
 Facilitates and simplifies communications between the IOT security team and the
managers/executives

Risk Frameworks

 Defines the necessary processes for risk assessment and management

 Structures a security program for risk management
 Identifies, measures, and quantifies the organization’s security risks
 Prioritizes appropriate security measures and activities

Why Do We Need IOT Security Frameworks:

• IOT security frameworks remove some of the guesswork in securing digital assets. Frameworks
give IOT security managers a reliable, standardized, systematic way to mitigate cyber risk,
regardless of the environment’s complexity.
• IOT security frameworks help teams address IOT security challenges, providing a strategic,
well-thought plan to protect its data, infrastructure, and information systems. The frameworks
offer guidance, helping IT security leaders manage their organization’s cyber risks more
intelligently.
• Companies can adapt and adjust an existing framework to meet their own needs or create one
internally. However, the latter option could pose challenges since some businesses must adopt
security frameworks that comply with commercial or government regulations. Home-grown
frameworks may prove insufficient to meet those standards.
• Bottom line, businesses are increasingly expected to abide by standard cyber security practices,
and using these frameworks makes compliance easier and smarter. The proper framework will
suit the needs of many different-sized businesses regardless of which of the countless industries
they are part of.
• Frameworks help companies follow the correct security procedures, which not only keeps the
organization safe but fosters consumer trust. Customers have fewer reservations about doing
 business online with companies that follow established security protocols, keeping their
financial information safe.

IOT Security Framework Best Practices:

Although every framework is different, certain best practices are applicable across the board. Here,
we are expanding on NIST’s five functions mentioned previously.

 Identify
To manage the security risks to its assets, data, capabilities, and systems, a company must fully
understand these environments and identify potential weak spots.

 Protect
Companies must create and deploy appropriate safeguards to lessen or limit the effects of potential
cyber security breaches and events.

 Detect
Organizations should put in motion the necessary procedures to identify cyber security incidents as
soon as possible.

 Respond
Companies must be capable of developing appropriate response plans to contain the impacts of any
cyber security events.

 Recover
Companies must create and implement effective procedures that restore any capabilities and services
damaged by cyber security events.

3.3.2 Secure API’s

What is API:

 Application programming interfaces, or APIs, simplify software development and

innovation by enabling applications to exchange data and functionality easily and securely.

What are APIs used for?

  An API (Application Programming Interface) is a set of functions that allows
applications to access data and interact with external software components, operating
systems, or microservices.
 To simplify, an API delivers a user response to a system and sends the system's response
back to a user.

Why is API security important?

 Businesses use APIs to connect services and to transfer data. Broken, exposed, or hacked APIs
are behind major data breaches.
 They expose sensitive medical, financial, and personal data for public consumption. That said,
not all data is the same nor should be protected in the same way.
 How you approach API security will depend on what kind of data is being transferred.
 If your API connects to a third-party application, understand how that app is funnelling
information back to the internet.
 To use the example above, maybe you don’t care if someone finds out what’s in your fridge,
but if they use that same API to track your location you might be more concerned.

What is web API security? REST API security vs. SOAP API security.

 Web API security is concerned with the transfer of data through APIs that are connected to the
internet. OAuth (Open Authorization) is the open standard for access delegation.
 It enables users to give third-party access to web resources without having to share passwords.
OAuth is the technology standard that lets you share that Corgi belly flop compilation
video onto your social networks with a single “share” button.
 Most API implementations are either REST (Representational State Transfer) or SOAP (Simple
Object Access Protocol).
 REST APIs use HTTP and support Transport Layer Security (TLS) encryption. TLS is a
standard that keeps an internet connection private and checks that the data sent between two
systems (a server and a server, or a server and a client) is encrypted and unmodified.
 This means that a hacker trying to expose your credit card information from a shopping website
can neither read your data nor modify it.
 You know if a website is protected with TLS if the URL begins with “HTTPS” (Hyper Text
Transfer Protocol Secure).
 REST APIs also use JavaScript Object Notation (JSON), which is a file format that makes it
easier to transfer data over web browsers.
  By using HTTP and JSON, REST APIs don’t need to store or repackage data, making them
much faster than SOAP APIs.
 SOAP APIs use built-in protocols known as Web Services Security (WS Security). These
protocols define a rules set that is guided by confidentiality and authentication.
 SOAP APIs support standards set by the two major international standards bodies,
the Organization for the Advancement of Structured Information Standards (OASIS) and
the World Wide Web Consortium (W3C).
 They use a combination of XML encryption, XML signatures, and SAML tokens to verify
authentication and authorization.
 In general, SOAP APIs are praised for having more comprehensive security measures, but they
also need more management. For these reasons, SOAP APIs are recommended for
organizations handling sensitive data.

What are some of the most common API security best practices?
You probably don’t keep your savings under your mattress. Most people their money in a trusted
environment (the bank) and use separate methods to authorize and authenticate payments. API security
is similar. You need a trusted environment with policies for authentication and authorization.
Here are some of the most common ways you can strengthen your API security:
 Use tokens. Establish trusted identities and then control access to services and resources by
using tokens assigned to those identities.
 Use encryption and signatures. Encrypt your data using a method like TLS(see above).
Require signatures to ensure that the right users are decrypting and modifying your data, and
no one else.
 Identify vulnerabilities. Keep up with your operating system, network, drivers, and API
components. Know how everything works together and identify weak spots that could be used
to break into your APIs. Use sniffers to detect security issues and track data leaks.
 Use quotas and throttling. Place quotas on how often your API can be called and track its use
over history. More calls on an API may indicate that it is being abused. It could also be a
programming mistake such as calling the API in an endless loop. Make rules for throttling to
protect your APIs from spikes and Denial-of-Service attacks.
 Use an API gateway. API gateways act as the major point of enforcement for API traffic. A
good gateway will allow you to authenticate traffic as well as control and analyse how your
APIs are used.
API management and security

 Finally, API security often comes down to good API management. Many API management
platforms support three types of security schemes. These are:

 An API key that is a single token string (i.e. a small hardware device that provides
unique authentication information).
 Basic Authentication (APP ID / APP Key) that is a two token string solution (i.e.
username and password).
 OpenID Connect (OIDC) that is a simple identity layer on top of the popular OAuth
framework (i.e. it verifies the user by obtaining basic profile information and using an
authentication server).

When you select an API manager know which and how many of these security schemes it can handle,
and have a plan for how you can incorporate the API security practices outlined above.

3.3.3 Cryptography in IOT:

Cryptography:
Cryptography is the study of secure communications techniques that allow only the sender and intended
recipient of a message to view its contents. The term is derived from the Greek word kryptos, which
means hidden.
 Encryption in general is a security best practice, and that applies to IoT use cases to encrypt
data in transit from device to back end and at rest.
 It should be used everywhere, because the more you can encrypt data, the stronger protection
you're offering,"

Challenges with IoT security:

 Any electronic device that holds data can be compromised, regardless of whether it's connected
to the internet. A bad actor can steal a laptop and break into the files it holds, for example.
 But the risk of unauthorized access to electronic devices and the data they hold skyrockets as
soon as those devices connect to the internet.
 IoT significantly expands that risk of unauthorized access simply due to the huge number of
devices being connected to the internet.
 That number is staggering. IoT Analytics, an IoT market research firm, calculated the
number of active endpoints in the world in 2021 at 12.3 billion; it predicts more than 27 billion
IoT connections by 2025.
  Meanwhile, IDC researchers predict that there will be 55.7 billion connected devices in the
world by 2025, with 75% of them connected to an IoT platform. They further estimate that
those IoT devices will generate 73.1 zettabytes of data by 2025, up from 18.3 zettabytes in
2019.
 That massive volume isn't the only security challenge.
 IoT deployments also increase hacking risks because their data exists in different places: in
endpoint devices, on gateways and in centralized servers, as well as in transit among all those
points. Minimizing those risks is where cryptography comes in.

Where to apply cryptography in IoT:

 Cryptography can be used in various areas of an IoT deployment.

 Organizations can use cryptography to secure communication channels. For example,

developers can use the cryptographic protocol Transport Layer Security for secure
communications.

 They can also use cryptography for encrypting and decrypting the data within the IoT
ecosystem, using one of the various available options.

 Options including single-key or symmetric-key encryption algorithms such as the Advanced

Encryption Standard (AES), public-key infrastructure (PKI) or asymmetric-key encryption
algorithms such as the Rivest-Shamir-Adleman algorithm and the digital signature algorithm.

Adoption of cryptography in IoT use cases:

 Security experts and analysts didn't have figures available on cryptography use in IoT
environments, but they said its use seems to be on the rise.

 "It's being used more than it was, but I'm not sure it's being used as much as it should be,"
Pittman said. "All modern devices come with the ability to facilitate encryption natively.

 It's no longer something you have to put on devices, so its implementation is trivial compared
to what it was just five years ago."

 Still, experts said many organizations aren't using cryptography to secure their IoT
deployments.
  They said they hear IT leaders and IoT managers give different reasons for forgoing
cryptography.

 For instance, some IT admin don't employ cryptography capabilities because it blocks visibility,
making network analysis and troubleshooting difficult.

 Others opt not to use it because they believe managing it or configuring it is beyond their
existing expertise and their ability to pay for needed skills.

 Some organizations decide to use cryptography to secure only part of their IoT environment,
such as encrypting data at rest.

 Some experts countered those reasons, saying cryptography's benefits outpaces its challenges.

 "Security is often a cost center and an afterthought," Fox said. "But using cryptography can be
a quick win when you want to persuade people [of its worth]."

3.3.4 Authentication:
 Strong IoT device authentication is required to ensure connected devices on the IoT can be
trusted to be what they purport to be.
 Consequently, each IoT device needs a unique identity that can be authenticated when the
device attempts to connect to a gateway or central server.
 How authentication of devices is performed in an IoT?
o Depending on the IoT device and its network role, IT admins can use other software
authentication methods such as digital certificates, organization-based access control
and distributed authentication through the Message Queuing Telemetry Transport
(MQTT) protocol.
 What is the difference between IoT authentication and authorization?
o What is the difference between IoT authentication and
authorization? Authentication is the process of device identification, and
authorization provides permissions. Authentication provides an undisputed
connection, and authorization is the process of writing identification.

3.4. IOT-Identity and Access Management:

With the Internet of Things (IoT) and a rapid increase in connected devices, the lack of proper IAM is
a major concern. It leaves devices open to identity theft, encryption and unauthorized parties taking
control of smart devices like medical equipment.

 IoT device identity is a critical component of IoT security for connected devices. Unsecured
IoT devices put entire ecosystems at risk.
 Provisioning and then managing device identities throughout their lifetimes protects against
malicious cyber security threats.
 Provision and secure device identities with a purpose-built, PKI-based platform for exceptional
security.
 The IoT Identity Platform is a digital identity architecture designed and built for the demanding
and evolving specifications of the IoT and IoT.
 It protects IoT devices, data and communications from chip to cloud through encryption,
authentication and authorization. It:
 Is a Public Key Infrastructure (PKI)-based platform
 Delivers exceptional encrypted security
 Provisions secure digital certificates backed by trusted GlobalSign Certificate Authority
(CA)
 By leveraging standards-based PKI to authenticate and establish trust between devices and
services (ie cloud platforms), we ensure the integrity, source and encryption of all data
transmitted within an ecosystem.

Access Management in IOT:

  Access control is a set of permissions for a connected camera (or any IoT Device) that specify
which users are granted access and the operations they are permitted to perform.
 Each entry in an Access Control List (ACL) specifies a camera, a user, and an associated access
level.

Role of access management:

 Access management is responsible for dealing with requests from users for access. This
process involves username and password control, but also includes the creation of groups or
roles with defined access privileges, and then controlling access by defining group membership.

3.5. Security Monitoring in IOT:

security concerns need to be monitored related to IoT?
1. Incorrect access control
 Services offered by an IoT device should only be accessible by the owner and the people in
their immediate environment whom they trust.
 However, this is often insufficiently enforced by the security system of a device.
 IoT devices may trust the local network to such level that no further authentication or
authorisation is required. Any other device that is connected to the same network is also trusted.
 This is especially a problem when the device is connected to the Internet: everyone in the world
can now potentially access the functionality offered by the device.
  A common problem is that all devices of the same model are delivered with the same default
password (e.g. “admin” or “password123”). The firmware and default settings are usually
identical for all devices of the same model.
 Because the credentials for the device – assuming that, as is often the case, they are not changed
by the user - are public knowledge, they can be used to gain access to all devices in that series.
 IoT devices often have a single account or privilege level, both exposed to the user and
internally.
 This means that when this privilege is obtained, there is no further access control. This single
level of protection fails to protect against several vulnerabilities.

2. Overly large attack surface

 Each connection that can be made to a system provides a new set of opportunities for an
attacker to discover and exploit vulnerabilities.
 The more services a device offers over the Internet, the more services can be attacked. This is
known as the attack surface.
 Reducing the attack surface is one of the first steps in the process of securing a system.
 A device may have open ports with services running that are not strictly required for
operation.
 An attack against such an unnecessary service could easily be prevented by not exposing the
service.
 Services such as Telnet, SSH or a debug interface may play an important role during
development but are rarely necessary in production.

3. Outdated software
 As vulnerabilities in software are discovered and resolved, it is important to distribute the
updated version to protect against the vulnerability.
 This means that IoT devices must ship with up-to-date software without any known
vulnerabilities, and that they must have update functionality to patch any vulnerabilities that
become known after the deployment of the device.
 For example, the malware Linux.Darlloz was first discovered late 2013 and worked by
exploiting a bug reported and fixed more than a year earlier.

4. Lack of encryption
 When a device communicates in plain text, all information being exchanged with a client device
or backend service can be obtained by a ‘Man-in-the-Middle’ (MitM).
  Anyone who is capable of obtaining a position on the network path between a device and its
endpoint can inspect the network traffic and potentially obtain sensitive data such as login
credentials.
 A typical problem in this category is using a plain-text version of a protocol (e.g. HTTP) where
an encrypted version is available (HTTPS). A Man-in-the-Middle attack where the attacker
secretly accesses, and then relays communications, possibly altering this communication,
without either parties being aware.
 Even when data is encrypted, weaknesses may be present if the encryption is not complete or
configured incorrectly. For example, a device may fail to verify the authenticity of the other
party. Even though the connection is encrypted, it can be intercepted by a Man-in-the-Middle
attacker.
 Sensitive data that is stored on a device (at rest) should also be protected by encryption. Typical
weaknesses are lack of encryption by storing API tokens or credentials in plain text on a device.
Other problems are the usage of weak cryptographic algorithms or using cryptographic
algorithms in unintended ways.

5. Application vulnerabilities
 Acknowledging that software contains vulnerabilities in the first place is an important step in
securing IoT devices.
 Software bugs may make it possible to trigger functionality in the device that was not
intended by the developers.
 In some cases, this can result in the attacker running their own code on the device, making it
possible to extract sensitive information or attack other parties.
 Like all software bugs, security vulnerabilities are impossible to avoid completely when
developing software.
 However, there are methods to avoid well-known vulnerabilities or reduce the possibility of
vulnerabilities.
 This includes best practices to avoid application vulnerabilities, such as consistently
performing input validation.

6. Lack of Trusted Execution Environment

 Most IoT devices are effectively general-purpose computers that can run specific software.
 This makes it possible for attackers to install their own software that has functionality that is
not part of the normal functioning of the device.
 For example, an attacker may install software that performs a DDoS attack.
  By limiting the functionality of the device and the software it can run, the possibilities to abuse
the device are limited.
 For example, the device can be restricted to connect only to the vendor’s cloud service. This
restriction would make it ineffective in a DDoS attack since it can no longer connect to arbitrary
target hosts.
 To limit the software a device can run, code is typically signed with a cryptographic hash. Since
only the vendor has the key to sign the software, the device will only run software distributed
by the vendor.
 This way, an attacker can no longer run arbitrary code on a device.
 To totally restrict the code run on the device, code signing must also be implemented in the
boot process, with the help of hardware.
 This can be difficult to implement correctly.
 So called ‘jailbreaks’ in devices such as the Apple iPhone, Microsoft Xbox and Nintendo
Switch are the result of errors in the implementation of trusted execution environments.

7. Vendor security posture

 When security vulnerabilities are found, the reaction of the vendor greatly determines the
impact.
 The vendor has a role to receive input on potential vulnerabilities, develop a mitigation, and
update devices in the field.
 The vendor security posture is often determined by whether the vendor has a process in place
to adequately handle security issues.
 The consumer mainly perceives the vendor security posture as improved communication with
the vendor in relation to security.
 When a vendor does not provide contact information or instructions how to take action in case
of reporting a security issue, it will likely not help to mitigate the issue.
 Without knowledge of limitations, end users will continue to use the device in the method
intended. This may result in a less secure environment.
 Vendors could make things easier for customers by advising of the frequency of device security
updates, and how to securely dispose or resell the device so that sensitive data is not passed on.

8. Insufficient privacy protection

 Consumer devices typically store sensitive information. Devices that are deployed on a wireless
network store the password of that network.
 Cameras can provide a video and audio recording of the home in which they are deployed.
 If this information were accessed by attackers, it would amount to a severe privacy violation.
  IoT devices and related services should handle sensitive information correctly, securely, and
only after consent of the end-user of the device.
 This applies to both storage and distribution of sensitive information.
 In case of privacy protection, the vendor plays an important role. Other than an external
attacker, the vendor or an affiliated party may be responsible for a privacy breach.
 The vendor or service provider of an IoT device could, without explicit consent, gather
information on consumer behaviour for purposes like market research.
 Several cases are known where IoT devices, for instance smart televisions, may be listening in
on conversations within a household.

9. Intrusion ignorance
 When a device is compromised, it often keeps functioning normally from the viewpoint of the
user. Any additional bandwidth or power usage is usually not detected.
 Most devices do not have logging or alerting functionality to notify the user of any security
problems.
 If they have, these can be overwritten or disabled when the device is hacked. The result is that
users rarely discover that their device is under attack or has been compromised, preventing
them from taking mitigating measures.

10. Insufficient physical security

 If attackers have physical access to a device, they can open the device and attack the hardware.
For example, by reading the contents of the memory components directly, any protecting
software can be bypassed. Furthermore, the device may have debugging contacts, accessible
after opening up the device, that provide an attacker with additional possibilities.
 Physical attacks have an impact on a single device and require physical interaction. Since it not
possible to perform these attacks en-masse from the Internet, we do not recognize this as one
of the biggest security problems, but it is nevertheless included.
 A physical attack can be impactful if it uncovers a device key that is shared amongst all devices
of the same model, and thus compromises a wide range of devices. However, in that case we
consider sharing the key amongst all devices to be the more important problem, not physical
security.

11. User interaction

 Vendors can encourage secure deployment of their devices by making it easy to configure them
securely. By giving proper attention to usability, design, and documentation, users can be
nudged into configuring secure settings.
  There is partial overlap between this category and other categories listed above. For example,
the problem of incorrect access control mentioned above includes using unsafe or default
passwords. One way to solve this is to make the user interaction with the device such that it is
very easy or even mandatory to configure a secure password.
 For most of the above security categories, it is difficult for a non-technical user to evaluate
whether a device meets the requirement. However, user interaction can, by definition, be
perceived by the end-user, and so the consumer can evaluate how well a device performs on
user interaction.
 User interaction is an important category to make sure implemented security measures are
activated and correctly used. If it is possible to change the default password, but the user does
not know or cannot discover the functionality, it is useless.

 3.6. Secure gateway and network configurations

IoT Gateway Security:

 The IoT gateway is ba sically a bridge between the devices with sensors and
the cloud. IoT gateway solutions may also offer local processing and storage
capabilities.
 Additionally, gateway devices can control field-deployed IoT devices based on
the sensor input data.
 Since an Edge Gateway is located between the local intranet and external internet,
it is a critical point for network connectivity.
 The gateway also has higher processing power than field -deployed IoT controllers
(retrofitted with sensors).
 This implies that the gateway has superior software that, in turn, is vulnerable for
hackers to exploit. Hence, it is crucial that the gateway is adequately protected .

 IoT gateway security includes the incorporation of security feature s at multiple

layers. Let us take a look at these in detail:
  Device hardware/soft ware level
 Bluetooth PAN level
 WAN level security

IoT device security (Gate way hardware/software leve l):

The hardware and soft ware security measure s for a gateway device are similar to that for
the IoT sensor devices. We have explained this in part 1 of this blog series; so we will
not go into the details here.

Here is an overview of IoT gateway security elements at the hardware and soft ware level.

 Physical and Tamper security

 Secure Boot and Root of Trust
 ASLR
 Guard band in OS
 TPM/HSM
 Chip Security
 Disable debug access

Blu etooth Personal Area Network ( PAN) level security

As far as PAN level security is concerned, ther e are several security components
that can be incorporated in the s ystem:

 Access Control Models – Access control models for an IoT environment

are usually classified according to the basis for access control. Hence, you
can have Role-based access control, Usage control, Attribute -based access
control, Capability-based access control or Organizational -based access
control models, to name a few. These models ensure that there is easy
identification to enable execution of tasks permitted for eac h entity/use r.

 Blac klisting/Whitelisting of Bluetooth MAC Addresses – It is possibl e to

create a list of denied/allowed wireless clients that can connect to the device
based on their MAC addresse s. MAC addresses that are included in the
whitelist will have access to the device, and all other clients are denied the
access. Conversely, MAC addresses in the blacklist will not have access t o
the device, while all other clients are allowed access.

 Firmware Update Administration – Whenever there is a firmware upd ate

on the gateway device, there should be strong authentication mechanisms.
Ideally, the firmware update should be cryptographically signed, and the
 gateway should be able to verify the signature before the firmware update
process.
 Logging and Usage Meters – IoT data can be effectively managed and used
by organizations for generating security intelligence through Artificial
Intelligence (AI) technology. Data can be easily collected, organized and
processed through logging or usage meters. Device logs will provide
information such as connections, errors and other such lifecycle events. The
results gained from this ra w data can be ut ilized for reinforcing the security
of the IoT ecosystem.

 Control Pairing/Bonding – BLE pairing is the process in which temporary

keys will be found and exchanged with a Bluetooth device. This temporary
key encrypts the connection and maintains it for a sh ort period of time. BLE
bonding refers to the e stablishment of a long -term connection with another
device. The devices would have exchanged long -term encryption keys and
during the pairing process, these keys are utilised. Hence, the devices do
not have to generate new encryption keys at the time of each connection.

Bluetooth Security of IoT devices encompass multiple security modes and

security levels. Security during the pairing and bonding processe s includes
three phases:

o Phase 1 (Pairing) – Capability exchange

o Phase 2 (Pairing) – Secure key generation
o Phase 3 (Bonding) – Transport specific key distribution
Wide Area Network (WAN) level security:
IoT gateway security elements at the WAN level include the following:
 Fire walls – An IoT firewall can be deployed in the network to protect the
system against several security threats:
o Network threats – The firewall is capable of preventing DDoS
and application layer security breaches.
o Abuse of se rvice – IoT devices (including gateways) are
protected from bei ng used unexpectedly, without
authorization.
o Device threats – The firewall ensure s that the devices in the
IoT network are connected only with known and safe locations.
Usually, the administrator of the network configure s the firewall setting by
defining the destination IP addresse s, IP networks, destination protocols,
port s or host/domain name s that are permitted in the network.
 Port Loc kdown – In each IoT device, disabling the open external ports can
protect the hardware and the data within. IoT Security attacks suc h as
fuzzing, buffer overflow, DoS attacks, etc. can be prevented in this manner.
 Software-Defined Perimete r (SDP) Inte rface – Software-defined
perimeter is a security frame work that manages access to IoT re sources
based on identity. It work s on the principle of hiding crucial assets within
an opaque cloud that is inaccessible to outsiders. The hidden assets ma y
also be on premise s, in a perimeter network, data center server or an
 application server. The SDP interface acts as a broker between the protected
applications and users who are allowed access on fulfilling the validation
criteria. Essentially, SDP forms an invisible screen that protects IoT
components against cyberattacks, malware and other such security breaches.
IoT gateway security (WAN level) can also be ascertained in several other ways. Thi s
includes maintaining Access control lists and Blacklisting/Whitelisting MAC addresses.

3.7. Managing roles and attributes:

Role of Things in IoT:

 The Internet of Things (IoT) describes the network of physical objects—“things”—that are
embedded with sensors, software, and other technologies for the purpose of connecting and
exchanging data with other devices and systems over the internet.

What are the attributes of IoT?

There are 7 crucial IoT characteristics:

 Connectivity. This doesn't need too much further explanation. ...
 Things. Anything that can be tagged or connected as such as it's designed to be connected. ...
 Data. ...
 Communication. ...
 Intelligence. ...
 Action. ...
 Ecosystem.
3.8. IoT Penetration Testing Tools and Techniques:
An IoT penetration test is the assessment and exploitation of various components present in an IoT
device solution to help make the device more secure. These how typical penetration testing engagement
looks.

What is PEN(Penetration Testing)IOT:

 PENIOT is a penetration testing tool for Internet of Things (IoT) devices. It helps you to
test/penetrate your devices by targeting their internet connectivity with different types of
security attacks.
 In other words, you can expose your device to both active and passive security attacks.
After deciding target device and necessary information (or parameters) of that device, you
can perform active security attacks like altering/consuming system resources, replaying
valid communication units and so on. Also, you can perform passive security attacks such
as breaching of confidentiality of important information or reaching traffic analysis. Thanks
to PENIOT, all those operations can be semi-automated or even fully automated. In short,
PENIOT is a package/framework for targeting IoT devices with protocol-based security
attacks.
 Also, it gives you a baseline structure for your further injections of new security attacks or
new IoT protocols.
 One of the most important features of PENIOT is being extensible. By default, it has several
common IoT protocols and numerous security attacks related to those protocols. But it can
be extended further via exporting basic structure of internally used components so that you
can develop your attacks in harmony with the internal structure of the PENIOT.
Why is PENIO Required:
 The IoT paradigm has experienced immense growth in the past decade, with billions of
devices connected to the Internet.
 Most of these devices lack even basic security measures due to their capacity constraints
and designs made without security in mind due to the shortness of time-to-market.
 Due to the high connectivity in IoT, attacks that have devastating effects in extended
networks can easily be launched by hackers through vulnerable devices.
 Up until now, penetration testing was done manually if it was not ignored at all. This
procedure made testing phase of devices very slow.
 On the other hand, the firms which produce IoT devices should always be up to date on
testing their devices in terms of reliability, robustness as well as their provided
functionalities since being exposed to security attacks by malicious people could cause
unexpected impacts on end-users.
 The main aim of PENIOT is to accelerate the process of security testing. It enables you to
figure out security flaws on your IoT devices by automating the time-consuming
penetration testing phase.

What does PENIOT provide:

 First of all, PENIOT provides novelty. It is one of the first examples of penetration testing
tools on IoT field.
 There are only one or two similar tools which are specialized on IoT, but they are still on
development phase, so not completed yet.
 Since the number of IoT devices is increasing drastically, IoT devices become more and
more common in our daily life.
 Smart homes, smart bicycles, medical sensors, fitness trackers, smart locks and connected
factories are just a few examples of IoT products. Given this, we felt the need to choose
some of the most commonly used IoT protocols to plant into PENIOT by default. We chose
the following protcols as the default IoT protocols included in the PENIOT.
 These IoT protocols are tested with various types of security attacks such as DoS, Fuzzing,
Sniffing and Replay attacks.
Following protocols are currently supported:
 Advanced Message Queuing Protocol (AMQP)
 Bluetooth Low Energy (BLE)
 Constraint Application Protocol (CoAP)
 Message Queuing Telemetry Transport (MQTT)
  Moreover, it enables you to export internal mainframe of its own implemented protocol and
attacks to implement your own protocols or attacks. Also, you can extend already existing
protocols with your newly implemented attacks.
 And lastly, it provides you an easy to use, user friendly graphical user interface.

Testing:

Most of the attacks have their own sample integration tests under their attack scripts. In order to run
those tests, you need to have a running program for the target protocol. We try to provide you with
example programs for each protocol where one can find server/client scripts under each
protocol's examples directory.

24 Essential Penetration Testing Tools in 2020

Penetration testing has become an essential part of the security verification process. While it’s great
that there are many penetrations testing tools to choose from, with so many that perform similar
functions it can become confusing which tools provide you the best value for your time.
We are going to review some of the best pentesting tools available to pentesters today and organize
them by category.
Ways to Best Use Penetration Testing Tools

While pentesting tools are usually used in the context of a larger security assessment of a network or
service, there’s nothing holding back sysadmin’s or developers from deploying the exact same tools to
validate the strength of their own work.

1. Powershell-Suite
 The PowerShell-suite is a collection of PowerShell scripts that extract information about the
handles, processes, DLLs, and many other aspects of Windows machines. By scripting
together specific tasks, you can quickly navigate and check which systems on a network are
vulnerable to exploit.
 Best Used For: Easily automated tasks to discover weak exploitable assets on a
network.
 Supported Platforms: Windows

2. Zmap
 Zmap is a lightweight network scanner that is capable of scanning everything from a home
network to the entire Internet. This free network scanner is best used to gather baseline details
about a network. If you only have an IP range to go off of, use to get a lay of the land quickly.
 Best Used For Information gathering and initial triage of the attack landscape.
 Supported Platforms: Zmap is supported on various Linux platforms and macOS
3. Xray
 Xray is an excellent network mapping tool that uses the OSINT framework to help guide its
tactics.
  Xray uses wordlists, DNS requests, and any API keys to help identify open ports on a
network from the outside looking in.
 Best Used For: Pentesters tasked with gaining access to a network with no help
 Supported Platforms: Linux and Windows

4. SimplyEmail
 SimplyEmail is an email recon tool used to help gather associated information found on the
internet based on someone’s email address. SimplyEmail is based on the harvester solution and
works to search the internet for any data that can help provide intelligence around any given
email address.
 Best Used For Pentesters looking to create account lists for enterprise testing
engagements.
 Supported Platforms: Docker, Kali, Debian, Ubuntu, macOS

5. Wireshark
 Wireshark is likely the most widely used network protocol analyzer across the world. Network
traffic captured via Wireshark can show what protocols and systems are live, what accounts are
most active, and allow attackers to intercept sensitive data.
 Best Used For Deep level network visibility into communications.
 Supported Platforms: Windows, Linux, macOS, Solaris
6. Hashcat
 Hashcat is one of the fastest password recovery tools to date. By downloading the Suite version,
you have access to the password recovery tool, a word generator, and a password cracking
element. Dictionary, combination, brute-force, rule-based, toggle-case, and Hybrid password
attacks are all fully supported. Best of all is hashcat has a great online community to help
support the tool with patching, a WiKi page, and walkthroughs.
 Best Used For Up and coming pentesters or system recovery specialists looking for the best
password recovery tool to stake a claim in their business.
 Supported Platforms: Linux, Windows, and macOS

7. John the Ripper

 John the Ripper is the original password cracking tool. Its sole purpose is to find weak
passwords on a given system and expose them.
 John the Ripper is a pentesting tool that can be used for both a security and a compliance
perspective. John is famous for its ability to expose weak passwords within a short timeframe
quickly.
 Best Used For: Password cracking for novices
 Supported Platforms: Windows, Unix, macOS, Windows

8. Hydra
 Hydra is another password cracking tool but with a twist. Hydra is the only password
pentesting tool that supports multiple protocols and parallel connections at once.
 This feature allows a penetration tester to attempt to crack numerous passwords on different
systems at the same time without losing connection if unbeaten.
 Best Used For: Password cracking for professionals
 Supported Platforms: Linux, Windows, Solaris, macOS

9. Aircrack-ng
 Aircrack-ng is a wireless network security tool that is an all in one package for penetration
testing. Aircrack-ng has four primary functions that make it the ultimate standout in its class;
It does monitoring of network packets, attacking via packet injection, testing of WiFi
capabilities, and finally, password cracking.
 Best Used For Command-line heavy users that prefer to script out attacks or defense
measures.
 Supported Platforms: Windows, OS X Solaris, Linux
10. Burp Suite
 For pentesting web applications, Burp Suite is your go-to tool. Incorporating not only
vulnerability scanning but Fully Proxy capturing and command injection services as well.
Burps UI is fully optimized for the working professional with built-in profiles to allow you to
save your configurations on a per-job basis.
 Best Used For Enterprise professionals in charge of application security
 Supported Platforms: Windows, macOS, and Linux

11. Metasploit
 Comparable to Burp Suite, Metasploit started as an open-source solution and has gained some
traction over the years. Some of the tasks that can be accomplished in Metasploit from a
pentesting perspective include vulnerability scanning, listening, exploiting known
vulnerabilities, evidence collection, and project reporting.
 Best Used For Pentesters managing several different companies at once or have
multiple applications to be tested.
 Supported Platforms: Windows, macOS, and Linux

12. Nikto
 Nikto is a loud and proud web application scanning solution. It is open-source and contains
features like a web server scanner, a pre-packaged list of potentially dangerous files, and a
misconfiguration checker as well.
 Nikto is not stealthy, nor does it try to be; it doesn’t try to hide its presence, but it will get the
job done.
  Best Used For Enterprise Pentesters or SOCs that have the full permission to scan
systems in a purple team type exercise. Best used to help build out monitoring around
scanning activity within a SOC environment.
 Supported Platforms: Windows and Linux

13. Fuzzdb
 Fuzzdb is a special kind of penetration testing tool as it contains pre-built attack payloads to
run against web applications to discover if vulnerabilities are genuinely exploitable.
 On top of being able to simulate attack patterns, Fuzzdb can run discovery scans and perform
analysis on the responses received from these scans to narrow better the focus of where
vulnerabilities exist.
 Best Used For Pentesting professionals that are hired to attempt to exploit
vulnerabilities.
 Supported Platforms: Windows, Linux, and macOS

14. NMAP/ZenMap
 NMAP is a pentesters best friend. This network security mapping tool gives you a quick look
at the open ports on any given network. NMAP commands allow you to dig into the feasibility
of specific network-level vulnerabilities.
  NMAP also has a friendly GUI interface called ZenMap that is easy to use for any skill level.
NMAP also comes with a debugging tool, a comparison tool for comparing scan results, and a
packet generation tool as well.
 Best Used For: All skill level pentesters or security professionals to validate and test
vulnerability management.
 Supported Platforms: Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris,
IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, and Amiga

15. sqlmap
 Sqlmap is an open-source penetration tool that helps bring validity to possible SQL injection
flaws that may affect your database servers. This automated testing tool comes with a slew of
detailed features, including DB fingerprinting, remote commands, and its detection engine.
 Best Used For Expert Pentesters strictly focusing on exploiting databases.
 Supported Platforms: MySQL, Oracle, PostgreSQL, Microsoft SQL Server,
Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB

16. MobSF
 For mobile platform vulnerability discovery, MobSF is your tool. This hacking tool is an all in
one platform for pen-testing and vulnerability discovery via static and dynamic application
analysis. MobSF also has built-in REST APIs to provide an integrated experience into your
development pipeline. ModSF is ultimately a vulnerability scanner for mobile applications.
 Best Used For Enterprise or individual mobile application vulnerability pentesting.
 Supported Platforms: Android, iOS, and Windows

17. Linux-Exploit-Suggester
 Linux-Exploit-Suggester is an excellent tool for on the fly security testing of Linux systems
without dealing with the overhead of a beefy vulnerability scanner. LES was created for system
admins to get a quick sense of the. Based on its lightweight compatibility, LES is a great
vulnerability catalog for pentesters looking to get a quick overview of a systems configuration,
without creating too much noise via resource consumption.
 Best Used For: Pentesters to quickly find a potential host that is vulnerable to start
crafting an exploit without drawing too much attention to themselves.
 Supported Platforms: Linux
18. Apktool
 Apktool is for those Pentesters or security researchers that are attempting to reverse engineer
malware to determine a way to better protect against it. Apktool only supports 3rd party,
android applications.
 Apktool’s feature set includes being able to disassemble and reassemble to original form,
debugging and help to automate repetitive tasks.
 Best Used For Pentesters looking to craft a custom payload specific to a company’s
android application or security researchers looking to find a fix for a known android
vulnerability.
 Supported Platforms: Android

19. Resource Hacker

 Resource Hacker is a windows specific file editor that allows anyone to decompile a windows
file and recompile it at a later time. The great thing about this reverse engineering tool is that it
comes with a GUI interface that makes it easy for novice pentesters to learn and use.
 Best Used For Novice file editor for windows files.
 Supported Platforms: Windows

20. IDA
 IDA is the Kleenex of disassembler tools as it is widely supported and used in commercial
validation testing. IDA is interactive as a disassembler as well as a debugger, thus providing
you with a whole solution as a professional. Best of all, it supports all major OS system types.
  Best Used For Professional level malware disassembly.
 Supported Platforms: Windows, Linux, macOS

21. Radare
 Lastly, we have Radare, which is one of the most widely accepted and versatile disassembly
tools available. Some of its features include multiple OS and mobile OS support, file system
forensics, data carving capabilities, and visualizing data structures.
 Best Used For: experienced pentesters who have a vast knowledge of multiple
platforms.
 Supported Platforms: Linux, *BSD, Windows, OSX, Android, iOS, Solaris and
Haiku

22. Email or Chat Software

 If it is available to you, the best way to send out compromised data is through the account you
compromised in the first place.
 Most of the time you will have the ability to use the user’s account to send ether emails out or
you could try to use the installed enterprise chat solution in place to accomplish the same
outcome. For pentesters trying to remain anonymous, this is a great technique as long as you
limit the size of the emails so that it isn’t detected as an anomaly by any DLP solution that
might be watching.
 Best Used For: Pentesters trying to remain anonymous and test the detection
capabilities of any DLP solutions in place.
 Supported Platforms: Supported on most OS

23. Srm
 Srm stands for Secure remove, and it takes the hassle out, ensuring a file is entirely removed
from a system. As a pentester, Srm is great for removing temporary files created while accessing
a system, If your intent is to cover up your tracks, Srm is the tool required to remove any rootkit
files that may have been used during the exploit process.
 Srm removes and rewrites over the data location to ensure all traces of the data are thoroughly
wiped from the system. Best of all, it is a command-line program that is quick to set up and
use.
 Best Used For: permanent file deletion, not even forensics software can recover.
 Supported Platforms: Unix and Windows
24. Catfish
 Catfish is a pentesting tool that is used by many to quickly search for specific files that tend to
contain sensitive data or can provide them with additional access (like a password
file). Catfish allows the end-user to explore a system for any files containing a particular string
within its name. It is simple but highly effective at what it does.
 Best Used For Quick file name searching on a machine.
 Supported Platforms: Linux based OS
Performing penetration tests is an essential part of verifying that systems are secure. Using the right
penetration testing tools saves time and helps to improve your overall security posture.
 UNIT-4

Overview of Privacy in IoT

4.1 Privacy challenges introduced by IoT

4.2 Privacy impact assessment
4.3 Embedding privacy into design and development
4.4 Transparency and trust, trust models,
4.5 Privacy engineering – principles, compliance monitoring,
4.6 Privacy preservation and data dissemination – for IoT used in smart buildings, privacy
protection in personal IoT applications,
4.7 legal framework relevant to complex IoT ecosystem and importance of informed
consent.
4.1 Privacy challenges introduced by IoT:
There are often vulnerabilities around the security of new IoT infrastructure and gaps in protecting
legacy systems that may connect to more open environments. In that case, a breach of an IoT device
may even result in unauthorized access to legacy systems.

Let us show you how.

1. Weak password protection

Hard-coded and embedded credentials are a danger for IT systems and as much hazardous for IoT
devices.

Guessable or hard-coded credentials are a windfall for hackers to attack the device directly.

With default passwords, the attacker may already know the password to the machine!

The Mirai malware is a good illustration of such an attack.

Mirai infected IoT devices from routers to video cameras and video recorders by successfully
attempting to log in using a table of 61 common hard-coded default usernames and passwords.

The malware created a vast botnet. It "enslaved" a string of 400,000 connected devices.

In September 2016, Mirai-infected devices (who became "zombies") were used to launch the world's
first 1Tbps Distributed Denial-of-Service (DDoS) attack on servers at the heart of internet services.

It took down parts of Amazon Web Services and its clients, including GitHub, Netflix, Twitter, and
Airbnb.

There's more.

Based partly on Mirai, Reaper first came to light at the end of 2017.

Around 20-30,000 devices were found to have been compromised by Reaper, which can be used to
launch crippling DDoS attacks.

Arbor Networks says that it thinks Reaper has been created for the "DDoS-for-hire" market, in which
criminals can rent out botnets to attempt to take down websites that they disagree with.

They should include flexible, secure default settings and, in particular, optional mechanisms like
password complexity, password expiration, account lock-out, one-time password that forces users to
modify the default credentials when setting up the device.
Network managers using adapted IoT Identity and Access Management solutions have a wide range
of device authentication features to reduce IoT attack exposure.
Two-factor authentication, multi-factor authentication, biometric authentication, or digital certificates
(using a Public Key Infrastructure) can ensure that no one can get unauthorized access to the
connected devices.
Gartner notes that privileged access management (PAM) for all devices is essential for slashing IoT
security issues and ensuring IoT networks cannot be hacked.
2. Lack of regular patches and updates and weak update mechanism
IoT products are developed with ease of use and connectivity in mind.
They may be secure at purchase but become vulnerable when hackers find new security issues or bugs.
If they are not fixed with regular updates, the IoT devices become exposed over time.
Let us explain this IoT security concern with Satori.
Satori is another malware that spreads and acts similarly to Mirai.
Satori delivers a worm so that infection can spread from device to device with no human interaction.
 First, it doesn't just spread via credential guessing but has been found to target known
vulnerabilities in specific ranges of WiFi routers.
 Second, Satori has been discovered infecting smart processor architectures previously ignored

by IoT malware, SuperH, and ARC.

 nterprises can then provide critical security updates to IoT devices in the field.
 Network managers should also pay special attention to update mechanisms, including only
signed updates and encrypted exchanges for authenticity.
 Unexpected firmware updates have taught developers some hard lessons about the
importance of a well-planned Firmware Over the Air (FOTA) strategy.
 If you're eager to use Low Power Wide Area network technologies (LPWAN), you should
explore incremental FOTA solutions.
 It comes as no surprise that California's and Oregon's IoT cybersecurity laws (effective 1
January 2020) or the UK's proposed IoT cybersecurity law (2020) require the IoT devices sold
in their respective territories to be fitted with "reasonable security features".
3. Insecure interfaces

All IoT devices process and communicate data. They need apps, services, and protocols for
communication and many IoT vulnerabilities originate from insecure interfaces.

They are related to web, application API, cloud, and mobile interfaces and can compromise the device
and its data.

Common issues include a lack of/or insufficient device authentication and authorization and weak
encryption or none.

Solutions involve:
  Device authentication. It is used to secure access to a connected device and data it generates,
only to authorized people and applications who can prove they know the secret.
 Digital certificates. They enable a digital entity (IoT device, computer, etc.) to transfer data

securely to authorized parties. X509 certificates are standard certificate formats usually
signed by a trusted Certificate Authority. They allow us to identify and verify each IoT device
uniquely.
Don't get left behind.

The first thing to do is build applications using the latest security standards and protocols. Various
policies, standards, best practices, and guidelines are available from different sources.

 In the United States, the National Institute of Standards and Technology (NIST) released in

January 2020 its second draft of its "Recommendations for IoT Device Manufacturers:
Foundational Activities and Core Device Cybersecurity Capability Baseline."
 The European Union Agency for Network and Information Security (ENISA) actively
contributes to European cybersecurity policy. ENISA is about to create a certification
framework for IoT devices in particular. ENISA recently published "Good Practices
for Security of IoT - Secure Software Development Lifecycle" (November 2019). This
document details how to implement security by design for IoT. It comes as a supplement to
its 2017 publication on "Baseline Security Recommendations for IoT Security."
4. Insufficient data protection (communication and storage)
The most frequent concerns in the data security of IoT applications are due to insecure communications
and data storage.
One of the significant challenges for IoT privacy and security is that compromised devices can be used
to access confidential data.
Cryptography is an effective way to address this challenge.

Data encryption prevents data visibility in the event of unauthorized access or theft. It is commonly
used to protect data in motion and is increasingly utilized for protecting data at rest.

The data encryption and decryption make certain that data privacy and confidentiality are preserved,
and the risks of data theft are minimized.

It's an efficient solution against eavesdropping attacks (used in industrial espionage), also known as
sniffing attacks, when the cybercriminal passively accesses data as it is being sent or received on the
network.
Cryptography is also the standard defense against active eavesdropping (aka Man-in-The-Middle
attack) in which the hacker intercepts all relevant messages and injects new ones between two
devices.

The same rule applies to communication between connected smart objects and interfaces such as
web and mobile apps.

5. Poor IoT device management

A study published in July 2020 analyzed over 5 million IoT, IoMT (Internet of Medical Things), and
unmanaged connected devices in healthcare, retail, manufacturing, and life sciences.

It reveals an astonishing number of vulnerabilities and risks across a stunningly diverse set of
connected objects.

They include shadow IoT (devices in active use without IT's knowledge), compliance violations, and US
Food and Drug Administration recalled (defective and risky) medical devices.

The report brings to light disturbing facts and trends:

 Up to 15% of devices were unknown or unauthorized.

 5 to 19% were using unsupported legacy operating systems.

 49% of IT teams were guessing or had tinkered with their existing IT solutions to get visibility.
 51% of them were unaware of what types of smart objects were active in their network.

 75% of deployments had VLAN violations

 86% of healthcare deployments included more than ten FDA recalled devices.

 95% of healthcare networks integrated Amazon Alexa and Echo devices alongside hospital

surveillance equipment.

4.2 Privacy impact assessment:

A privacy impact assessment (PIA) is a tool for identifying and assessing privacy risks throughout the
development life cycle of a program or system. A PIA should identify: Whether the information being
collected complies with privacy-related legal and regulatory compliance requirements.

A privacy impact assessment states what personally identifiable information (PII) is collected and
explains how that information is maintained, how it will be protected and how it will be shared. A PIA
should identify: Whether the information being collected complies with privacy-related legal and
regulatory compliance requirements. The risks and effects of collecting, maintaining and
disseminating PII. Protections and processes for handling information to alleviate any potential privacy
risks. Options and methods for individuals to provide consent for the collection of their PII. Under the
E-Government Act of 2002, federal agencies are required to conduct privacy impact assessments for
government programs and systems that collect personal information online. Federal agency CIOs, or
an equivalent official as determined by the head of the agency, are responsible for ensuring that the
privacy impact assessments are conducted and reviewed for applicable IT systems. The Act also
mandates a privacy impact assessment be conducted when an IT system is substantially revised.
Federal agencies such as the U.S. Department of Homeland Security and the Department of Health
and Human Services offer guidance for writing PIAs, such as providing blank privacy impact assessment
templates to assist and facilitate their development.

4.3 Embedding privacy into design and development

 Privacy by Design is the concept of embedding privacy into any new product,

system or process at the point it is being conceptualized and developed.

 New apps and smart technologies are accelerating Privacy by Design

requirements, meaning a "one size" privacy strategy rarely fits all.

pivacy, defined variously as the state in which one is not observed or disturbed by
other people, has a broader meaning in the context of, for example, the General
Data Protection Regulation (GDPR) in the EU and California Consumer
Protection Act (CCPA). Here, it is more about protecting personal data.
Specifically, how it is gathered, stored and used.

Organizations are collecting, storing and using personal data more than ever through

a host of fast-evolving technologies that are already known. Products and services –
like smart cars, smart meters and smart homes connected through the Internet of

Things (IoT) – create new challenges in the management of personal data. Arguably,
an even greater challenge is those technologies that are yet to come.

Few would have envisaged the COVID-19 pandemic; fewer still the emergence of

dedicated tracing applications and the privacy implications that mass surveillance
and monitoring would bring. Recent findings from the EY Global Consumer Privacy
Survey 2020 found that the pandemic makes consumers more willing to share

personal data for the benefit of the greater good. However, trust is still a significant

issue. Almost half (47%) of consumers globally don't trust their governments to use
their data beyond its stated purpose.

In a complex world, businesses need to consider and implement controls and

measures to safeguard the privacy rights of individuals and safeguard their own

organizations to comply with stringent regulations. But this is not about ticking

boxes; it is about embedding a new culture and shifting a mindset that sees privacy at

the heart of any new technology, system or process being designed. More than this, it

is about re-engineering existing systems with a fresh eye on privacy, and a new

respect for the risk of falling foul of the regulators and the law.

Designing privacy into any new product, system or process

Privacy by Design is the concept of embedding privacy into any new product, system

or process when it is conceptualized and as it is being developed.

From a new app or Smart Technology to the latest advertising campaign or

marketing initiative, an early focus and understanding of privacy have clear benefits.

It helps to "design-in" essential privacy safeguards and improves financial and

operational efficiencies. It helps build trust and loyalty within a brand and removes

the challenge of managing and storing data needlessly, and all the issues this can

cause. It similarly removes the likelihood of retrospective and often costly privacy
features being required. A further benefit is that it serves to design "out" the

likelihood of any regulatory fines and penalties. Simultaneously, the concept of

"privacy by default" helps build consumer trust and a best-in-class reputation.

Crucially, however, Privacy by Design is not only about the "new." Organizations can
also take a transformative approach and apply privacy principles to existing

applications, business processes and supporting infrastructure. It enables

organizations with legacy IT platforms to apply certain principles retrospectively,

taking a risk-based approach based on operational and commercial priorities. This

mitigates risk where possible and applies intermediate solutions if needed, pending a
more permanent answer.

Infusing Privacy by Design within the wider organization

Infusing Privacy by Design is a desirable mechanism for any organization

confronting the challenge of managing personal data. What is essential is that

"privacy" is not seen simply as the sole domain (and therefore the sole responsibility)
of the privacy officer. It should embrace and be embraced by the whole of the

organization.

Even though Privacy by Design has been around for more than 30 years, many

privacy professionals are still challenged as to the best place to start embedding the

concept within their operations.

Imagine you have been recently appointed as Head of Privacy and have been tasked

with transforming the organization's privacy practices. What actions should you take

within the first 90 days?

To begin with, it is important to understand that no one-size-fits-all solution. To be

effective, any Privacy by Design strategy needs to be tailored around your own

organization's culture and working practices. That said, there are perhaps five

general steps you can take to infuse Privacy by Design thinking in your people:
1. Raise awareness and build your network

Create awareness of your role and the concept of Privacy by Design. Showcase the
advantages that embedding privacy within the design of new processes and products

can bring. Be positive and show you can bring value to the teams you are going to

support. Build your network within the organization, identifying who will benefit
from embracing Privacy by Design most. Surprisingly, you might find allies across

various departments, from the commercial teams to IT.

2. Align with senior management and get their buy-in

Senior management will be your greatest ally in this journey because they can

provide the right level of support to infuse Privacy by Design at every level. Make

them understand the value of embedding privacy within product and services you

deliver to your end-customers, as well as to internal stakeholders. Demonstrate that

Privacy by Design will help build customer trust, but it will also generate value for

the organization and help them comply with global data protection regulations. Find

ways of explaining the benefits in a language they will understand.

3. Understand the project's lifecycle, identify and be involved in key projects as

early as possible

Get an understanding of the most important projects and select those with the

highest visibility and high "payback" in terms of results. Proactively reach out to the

project owners providing an overview of the benefits of a Privacy by Design strategy.

This is a crucial component, as it is here that the value of Privacy by Design will be

measured in the field and success stories will support your case. Take a positive and
collaborative approach; do not behave or appear to be a roadblock.
4. Recognize the organization's capabilities and build upon them

Depending on your organization's maturity, there might be different tools and

solutions in place – but at least something is out there. Identify the key technologies

and mechanisms that may have implemented "ad-hoc" on specific products that can

support a privacy strategy. Re-use successful strategies into the projects you are
supporting, and foster cross-referencing and collaboration between teams to

accelerate knowledge transfer.

5. Define a roadmap for Privacy by Design

While working on the operational, short-term actions, start working on a longer-term

strategy. Establish a vision and develop a long-term plan to infuse privacy into the

culture of the organization. The roadmap should involve how and when privacy tools

and privacy-enhancing technologies are implemented, how best to educate and

inform those who are most directly affected, and how to ensure data is used within
the boundaries of your organization's ethical structures.

4.4 Transparency and trust, trust models:

 In an IoT trust model, a thing has to collect information about the candidates it wants to get
service from (or sometimes provide service to, depending on the scenario). If there are
multiple candidates, there should be a ranking mechanism to prioritize them.
 The process of threat modeling can be very beneficial in determining how to best protect a
computer application or network. The purpose of the threat modeling is to evaluate the
system from the perspective of a potential attacker, then select appropriate controls for
reducing the risk of those attacks.
o Spoofing – Impersonating another user or system component to obtain its access to
the system
 o Tampering – Altering the system or data in some way that makes it less useful to the
intended users
o Repudiation – Plausible deniability of actions taken under a given user or process
o Information Disclosure – Release of information to unauthorized parties (e.g., a data
breach)
o Denial of Service – Making the system unavailable to the intended users
o Elevation of Privilege – Granting a user or process additional access to the system
without authorization

 For IoT security to be successful, there needs to be an effective way to reason about how
humanity can trust the security, safety, and privacy of this massive transformation of the
world. Most importantly, “ordinary people,” whether they are consumers or workers, must
be able to safely, reliably, and intuitively interact with vast, complex, interconnected systems
of IoT devices. It can be overwhelming to think about all the ways individuals and society can
be damaged by the haphazard engineering of systems that merge the physical and digital
worlds. Technologists have done a terrible job with security technology so far, yet now we are
about to impose those failures onto the physical world on a scale that only ubiquitous,
pervasive, even invasive computing and connectivity can accomplish. Continuing the status
quo is unsustainable.
 The IoT can be thought of as a hyper-connected, hyper-distributed collection of resources. The
complex ecosystem surrounding IoT devices means trusting them will not be intuitive. These
connected devices can potentially be controlled and observed by others anywhere on the
planet. For example, before the IoT, it was always easy to physically check the locks on your
doors and decide to trust those who had the keys. Now with Internet connected “smartlocks,”
you can check or alter their state from anywhere. How can an “ordinary person” track who
has the electronic key and discern that the software controlling the lock is secure and resistant
to hacker attacks? A February 2017 survey of IoT consumers showed that 72% were not sure
how to check if their devices had been compromised.
 Users should still be able to delegate trust and authority with the same level of certainty as
when using purely physical devices. Whether home automation devices or industrial devices,
technologists have a responsibility to provide people intuitive and simple methods to
accurately discern what devices and services can be relied on, and what threats they should
rationally worry about. This poses the question, “How can we get back to a place of relative
simplicity of function and where the average user has a reasonable understanding of the
 integrity of their connected devices?”

The need for a human-centric IoT trust model:

 There currently isn’t an effective and widely adopted trust model to guide IoT device designers
and service providers. A trust model can describe how IoT resources are protected and
governed, how their ability to preserve security, safety, and privacy can be relied on and how
they may have capabilities to defend themselves from attack. It is fair to say that currently,
designers haphazardly add device connectivity, remote control, and other IoT features to
devices, while leaving the user with risks that are hard to understand and manage. An effective
trust model will clarify device providers and service providers’ responsibilities and point to
ways in which we can ensure that people can use IoT devices with little worry.
 Currently, there’s not a reliable and complete inventory of threats for the IoT, nor have the
threats that have been identified been properly prioritized. As an example, a relatively new
threat has burst on the scene over the past few years, called ransomware. In the context of IoT,
this should be fairly high in priority. A new trust model that takes this into account is needed
to underpin the means for mitigating associated risks.
 What then is a trust model and how can it be “human-centric?” The word “trust” in this context
means reliance. A trust model shows how each entity in an ecosystem relies (or could rely) on
another. And human-centric in this context means a trust model aimed at giving effective
administration of security, not to computing professionals, but to average users. A human-
centric trust model can be created to show how ordinary people can sensibly delegate to others
access to controls and data associated with IoT devices and systems.
 With such a trust model one can ask such questions as how can IoT devices be relied on to
defend against viruses? Can they update themselves to repel new attacks or do I need to take
responsibility for that? If a device is compromised, do I need to isolate it or can a service take
care of that? If I delegate access to my home sensor information to my power utility, what can
they do with the information and how is it protected? A human-centric trust model can help
developers determine things such as: Who and what I can rely on for protection? When I give
others access to my devices or information from their sensors, how I can rely on them? How
can I limit the ability of others to use those devices?

Scaling a human-centric IoT trust model:

 What are the components of this new IoT trust model? What will likely be different from
existing security models? The most obvious answer here is scale. We need to address many
(billions) of devices containing multiple sensors and controls (sometimes dozens or more per
 device). These are also truly hyper-connected devices (part of multiple networks and can
somewhat randomly intersect with many networks over time).
 Two things come to mind when dealing with such massive scale. The first being how can
devices autonomously defend themselves? Secondly, can we rely on network security
techniques to keep our things out of trouble? The answers are: 1) a scalable trust model needs
to place a lot of responsibility on device and application self-defense and provide for distributed
security administration, and 2) we cannot rely on network security techniques since they subject
an ecosystem to weak-link vulnerabilities. Once any network is penetrated, the attack can work
its way to multiple networks by exploiting devices that overlap with other networks. A network
security approach attempts to isolate devices that by their nature want to communicate. Such
an approach cannot scale.
 Another property of an IoT model that helps deal with massive scale is the use of services and
distributed applications that help individuals visualize and easily administer security for
devices. For example, a homeowner or factory manager could subscribe to specialized, cloud-
based services that scan sensors in their networks for anomalies or behavior signatures that
indicate illicit behavior. Such services can use sophisticated information sharing capabilities to
formulate knowledge bases of device behavior patterns. These can be drawn upon by local
applications that administer privately managed sets of devices and sensors. In essence, there
can be automated, distributed “neighborhood watch” systems that share observations and
disseminate warnings of wide-scale attacks. How these systems behave, especially with respect
to their own autonomy and their functioning as human decision support systems are also
potentially parts of a trust model. It would also be necessary to consider how to make this
information accessible and comprehensible to the average user or worker.
 Will simple things like a light switch, home speaker, or toaster also need sophisticated security
sub-systems? Maybe, but the use of a trust model in conjunction with system analysis can help
keep things simple and scalable. If a device is “IoT enabled” by merely adding a generic
computation and communications stack with a generic operating system that enables arbitrary
applications and device interactions, then you are at risk for security problems, even with so-
called simple devices. However, if the system design is guided by a trust model for governing
interactions and functionality, then designers can more easily keep things simple and limit risks.
 The trust model can also call for a secure update capability, allowing new features to be safely
added when a need is identified rather than loading a device with potentially exploitable
features. In addition, devices can be asked to implement a relatively simple reference monitor
that accepts commands from other devices on a very limited network or from a limited number
of other devices. More generally, IoT device designers should keep functionality limited and
explicitly enable new features only after fully vetting the inherent security risks.
What would an IoT trust model look like?:
 This article won’t prescribe a detailed plan for a trust model. But, it makes sense to enumerate
some of the components of a trust model that address some of the unique challenges for the
IoT. In this context, a trust model consists of entities and processes that one may rely on to help
preserve security, safety, and privacy for Internet connected things. Below are a series of points
that will help identify various components of such a model.

 Devices and hosted applications: When I bring an IoT device into my environment, what
aspects can I rely on for security, safety, and privacy? What are the intrinsic properties and
capabilities of the device that make it trustworthy? What are my responsibilities? What can I
expect from other entities such as the device supplier or the services that interact with the
device? If it’s a simple thing, I certainly don’t want a long list of instructions about how to keep
it, myself, and my household safe. Making this intuitive will be a challenge.

 Resources: It helps to identify certain components a trust model will need to address. An IoT
device can have various resources made available to a number of entities through the Internet.
They might consist of device controls and state information, as well as streams of information
from connected sensors and computation capabilities. How do I know what those resources are
and who has access to them? How do I govern access to the device? There is also the question
of how well these devices protect themselves from attacks and how robust are those defenses?
Again, the challenge will be to make the answers intuitive for a broad range of people.

 Trusted attributes: To make decisions regarding the trustworthiness of devices, processes

associated with them, or entities accessing the device or my network of devices, I may rely on
assertions made by others that I trust (such as a device is “child-safe”). Setting aside, for the
moment, the question of what makes an attribute trustworthy, how can I reliably use these
trusted assertions? Consider this context: if I give a youngster access to some home automation
capabilities, I might want to be reminded that this action includes a hot water temperature
control and is not considered child safe by the developer. Sensor data might have attributes.
Some data may be sensitive (such as motion data with time stamped GPS coordinates) and
derivatives of that data might be claimed to be anonymized. How can such data be reliably
labeled? How can proper usage of labels be ensured? Classification and labeling can be
complex and has liability implications, but must be addressed as part of an IoT trust model.
 Delegating trust: Another important aspect of any effective trust model will address the
concept of delegation. How do I practically delegate trust to someone else? There are a number
of contexts for this. For example, when I bring a device home, I claim it as mine, perhaps with
some straightforward gesture. Only I can control it and be privy to the data it collects. But, if I
want to give others access to it, how can that be done reliably and with full understanding of
the implications? How can I ensure that this delegation of trust will be enforced? The answers
may not be straightforward and I may require some aids to guide me.

 Virtual composite devices: Part of the reason for why these human-centered difficulties need
to be considered in IoT trust models is that physical devices can be virtualized as well as be
parts of virtual composite devices, the components of which may interact. In home
automation, such composite devices may be called “scenes” where multiple devices cooperate
to perform a certain household task. In an industrial or metropolitan context, composite virtual
devices will be arbitrarily complex.

 Automated performance aids: These are systems that can help us understand the implications
of actions such as including something as a component in a virtual device or system, or the
implications of delegating trust to some entity. These will be an important part of a human-
centric trust model that addresses both the scale and complexity of the evolving IoT. One
potential example of such an aid are intuitive gestures used when in interaction with the IoT.
Typically, such gestures are used in a specific context to point to specific things or virtual
things, and refer to specific entities.

 Identity management systems: For these automated performance aids, as well as other IoT
related systems, to properly function, the right device or group of devices and the right entities
who are to be trusted need to be identified. This will require identity management systems that
are vastly larger in scale and much more intuitive. Here again, it is fair to say that the current
inventory of identity management systems (such as username/password pairs, and X.509 and
SAML certs) are woefully inadequate and rarely address many of the already known use cases
for identity. And, of course, it is difficult to claim that these systems are intuitive and easy to
use. While advances are being made in some aspects of identity management (notably
biosensors), the territory that must be covered here is vast, and includes reliable references for
virtual things and their configuration into composites and virtual systems that ordinary people
will need to interact with.
The role of security associations and reference monitors:
 Trust models will have various layers. One layer will address the secure actuation of a trusted
process. This layer will use the concept of security association and will need to be made both
reliable and intuitive. For example, when I want to give someone access to my front door, I
typically give them a physical key. I trust that they won’t copy that key and give the copy to
someone else. With electronic locks, I can use an intuitive gesture on my phone to indicate I
want one of my friends to be able to open the front door. One way (of many) that might be
actuated is by causing an electronic key to be securely transmitted to both the lock and to my
friend’s mobile phone. The lock will keep a security association between those keys and a
permission to open the door.
 Now my security association with the lock gives me the right to modify the security association
table, but my friend’s security association with the lock does not. That is, I have delegation
rights and she does not. This delegation process involves security protocols, key bindings,
permissions, and other security processes. The idea of a reference monitor was mentioned
before, and it will be an extremely important concept in IoT trust models, since all IoT devices
can harbor one. A reference monitor can be appropriately simple or elaborate. It is typically
implemented as a core (or kernel) process that checks each command against a list of security
associations for permissions to take an action or access to some resource. Now, when my friend
wants to open the door, the lock’s reference monitor will evaluate her command, and use of the
electronic key I gave her, and perhaps the identity of the device she used if it is part of the
security association. Much of this will usually be hidden from the user in a trust model layer.
People should use simple gestures for this delegation of trust, but the model needs to understand
how those gestures precisely carry out the intention of the command giver (and do no more).
 Yet another part of an IoT trust model will be the concept of a secure update process. This is
an area that has seen some success, at least in some contexts. That’s good, because the need to
fix things that can potentially go wrong will surely be great as we integrate the physical world
with the cyberworld. Again, the scale of IoT and its multitude of contexts will be challenging.
Given the massive scale of IoT, it will likely be a good strategy to give devices the responsibility
to update themselves and to do so in response to trusted notifications from automated systems
such as attack monitoring systems. However, people have gotten used to updating their mobile
phone OS and apps, but that process still causes disruption. In an IoT context, this may not be
tolerable, especially when updates may subtly change the user experience of a faithful, reliable
thing.
 communications security hasn’t been covered, and as alluded, comsec processes may not want
to be included as an intrinsic aspect of a trust model. Sometimes they will be part of the security
actuation layer, but given the overall context of IoT and the myriad communications processes
 that may be both intrinsic and extrinsic to devices and systems of devices, in general an effective
trust model will have to be actuated at the device and application layer, and not require isolation
from communication processes.

4.5 Privacy engineering – principles, compliance monitoring:

 Privacy engineering is a methodological framework of integrating privacy in the life cycle of IT
system design and development. It operationalizes the Privacy by Design (PbD) framework by
bringing together methods, tools and metrics, so that we can have privacy protecting
systems. With the pandemic, digital innovation has become the need of the hour and thus,
has brought PbD even more in the limelight. The goal of privacy engineering is to make Privacy
by Design the de-facto standard for IT systems.
 Different bodies have different definitions of privacy engineering, but the gist is the same –
To address complete lifecycle of individual privacy and not just during data storage and
analysis. Privacy engineering incorporates a more holistic approach covering legalities, risk
analysis and user sentiment.
 US-based National Institute of Standards and Technology (NIST) defines privacy engineering
as “a specialty discipline of systems engineering focused on achieving freedom from conditions
that can create problems for individuals with unacceptable consequences that arise from the
system as it processes PII.” The below image sheds more light on the objectives of Privacy
Engineering:
  Privacy engineering, by making privacy an integral part of the designing and development
process (SDLC), tries to reduce risks and to protect privacy at scale.
 As per Gartner’s definition, “Privacy engineering is an approach to business process and
technology architecture that combines various methodologies in design, deployment and
governance. Properly implemented, it yields an end result with both:
 Easily accessible functionality to fulfill the Organisation for Economic Co-operation and
Development (OECD) eight privacy principles and,
 Mitigation against the impact of a breach of personal data by reimagining defense in
depth from a privacy-centric vantage.
 The process involves ongoing re-calculation and re-balancing of the risk to the individual
data owner while preserving optimum utility for personal data- processing use cases.”
 Thus, privacy engineering is the foundation of holistic privacy. It will help to build a
structured framework and bring privacy as a mainstream concept for Organizations to focus
on.
Privacy Engineering – bridging the gap between IT, Risk and Compliance, Privacy, Security and
Business
Privacy protection continues to be a very critical issue for individuals, businesses and governments all
across the globe. People in the form of consumers, want personalized content and service deliveries,
but at the same time they want privacy protections to be maintained at all costs and they expect
organizations and businesses to take action to protect consumers and from governments to protect
citizens’ data.
Few common things that I believe are true regarding this scenario are:
 Consumers want transparency about how businesses are storing, processing and utilizing their
data.
 They are very concerned about how their personal information is used by advanced
technologies like AI and any kind of abuse erodes their trust – completely.
 Many consumers don’t trust that private businesses will follow/have regulations and
compliances in place to keep their data secure. So, they look up to their government to protect
their data with laws, policies and other enforcement mechanisms.
 Once the trust is lost, consumers take action to protect themselves and their data. They even
switch companies or providers and move to the ones whom they trust can keep their data
safe. Many terminate relationships with traditional and online businesses over data privacy.
With the advent of different privacy laws like EU’s GDPR and more, framework has been formulated
for Data Subject Access Requests (DSAR). Many privacy laws enable consumers to raise requests
concerning their data and provide control in the hands of the consumers that they can take action if they
are dissatisfied with how their data is stored, processed or utilized.
Privacy engineering that bonds innovation with PbD, ensures that every IT system must provide the
highest possible privacy to personal data. This increases the consumers’ trust that their data is safe
because the privacy has been ingrained in the system.

Privacy engineering – principles:

 privacy engineering principles helps organizations develop trustworthy, secure, and

resilient systems and reduces the susceptibility to disruptions, hazards, threats, and the
creation of privacy problems for individuals.


 1. Proactive not Reactive. Instead of assuming a product respects users’ data until a
regulator finds otherwise, tackle privacy concerns early by consulting a privacy engineer
in the initial phases of product development.
 2. Privacy as the Default Setting. Identify the ways in which a product processes personal
data, from collecting it to analyzing it to destroying it. In each of those events, the
framework calls for more privacy-respecting settings to be the default, across issues of
data minimization, purpose specification, collection limitation, and more.For instance, if
a user does not need to provide their Social Security Number in order to receive a service,
the service should not collect it in the first place.
 3. Privacy Embedded into Design. The design process should regularly assess privacy
impacts and risks before products go out into the wild.
  4. Full Functionality—Positive-Sum, not Zero-Sum. A fallacy in privacy debates is that in
order to respect someone’s privacy, some party must be put at a disadvantage. Privacy
engineers work to create products and services that are not impaired by privacy
protections.
 5. End-to-End Security. Security and privacy are tightly related,and poor security
undermines privacy. If unauthorized parties can access personal data, individuals’ data
rights are directly jeopardized. Activities like access control and encryption must be
secure from a technical standpoint.
 6. Visibility and Transparency. At first glance, it might seem bizarre that Privacy by Design
calls for visibility, but visibility is integral to trustworthy systems. Privacy-related policies
and procedures, when appropriate, should be clearly accessible to users and internal
stakeholders.
 7. Respect for User Privacy. Users’ privacy controls should be usable, from straightforward
consent toggles to timely fulfillment of DSRs. User-facing visuals, copy, and workflows
should prioritize accuracy and accessibility.

Privacy engineering – compliance monitoring

 A privacy compliant organization provides solid administrative, technical, and physical

security safeguards to ensure confidentiality, integrity, and availability of data.
 This includes the effective ability to detect and prevent unauthorized or inappropriate
access to data.
 Privacy compliance refers to the responsibility of a company to practice caution while
handling sensitive data that passes through every day.
 It is a process that allows companies or organizations to meet business rules along with
legal rules and regulations of storage and management of data.
 It essentially deals with how companies that work with individuals’ personal information
are responsible for protecting how this sensitive data is collected and shared.

4.6 Privacy preservation and data dissemination – for IoT used in smart
buildings, privacy protection in personal IoT applications:

 Privacy preservation in IOT is an important concept, because when the data is transferred
 or communicated between different parties then it's compulsory to provide security to
that data so that other parties do not know what data is communicated between original
parties.
 During data dissemination, the IoT devices are communicating through different
technologies in order to build information about the process. This allows an application
to come to the reality in view to their integration within the IoT realm.

privacy protection in personal IoT applications:

 IoT in Home Automation Smart Homes (SH) are equipped with different types of
sensors and RFID to monitor and efficiently use the resources. The IoT devices are
connected via wireless connection forming a network and share the data via edge
networks. The home automation system collects information about the daily usage of
power and other user behaviors. Such data are highly sensitive and should not be
revealed. Hence, it is important to develop an efficient privacy preserving home
automation system. Privacy preserving home automation system protects the user
identity, location privacy and daily behavior.
 IoT in Health Care IoT health care applications consists of wearable sensors, smart
pill box, smart bed etc., to remotely monitor the patients’ health. However, it has
various security and privacy concerns as it collects patient health related information.
IoT devices utilizes fog based system or cloud based systems to store the health care
information. Patients healthcare applications should collect the user data
anonymously and the sensitive health related information must be removed. Such
privacy preserved data is a rich resource of disease diagnosis and health care systems.
So, developing health care application with privacy concern has become a mandate.
 IoT in Fog & Cloud Computing The ubiquitous nature of cloud and pervasive nature
of IoT together called as cloudIoT. Cloud computing based IoT system collects
information from IoT sensors and it stores data in the cloud. The cloud computing
offers different services to the IoT system such as storage, service, computation etc.
It reduces the computation burden of IoT devices. Fog computing is also called as edge
computing which is an extension of cloud.
 
computing. Fog computing differs from cloud computing in the distributed network.
Fog computing is a network of edge smart devices connected with cloud. Having fog
nodes in the edge network eases the burden of cloud servers and improves ubiquity.
Fog enabled IoT applications consists of fog nodes which performs routing, data
collection and aggregation. The data are then transmitted to cloud for storage.
 IoT in Blockchain Blockchain is another emerging technology which is used in
transaction and interactions. Blockchain for IoT applications can build the trust
between the devices, reduces the computational costs, and accelerate transactions.
Blockchain in IoT provides solution for the data synchronization among thousands of
IoT devices. Traditional client server model fails to synchronize huge number of IoT
devices.

4.7 legal framework relevant to complex IoT ecosystem and importance of

informed consent:

Three main elements that make up a successful IoT ecosystem

The Internet of Things (IoT) is one of today’s most widely discussed technology topics. From smart
agriculture through to smart cities to smart factories, the expectation is that IoT will be transformative.
The 4th industrial revolution. However, the reality is that IoT still remains a promise. And, more
significantly, IoT remains fragmented. Indeed, most of the applications that do exist are vertical
solutions that do not represent a dynamic, interconnected world that the name, internet-of-things, would
suggest. One key cause is the lack of true IoT ecosystems.
The IoT ecosystem
Clearly, no company has the capabilities and resources to do it all in the IoT. Instead, businesses
targeting this opportunity will always be part of an ecosystem. This means that ecosystems are
ultimately the competitive unit in the IoT – and that the battle will be between these ecosystems, not
between individual companies. Moreover, there will not be single but many interlinked ecosystems.
An ecosystem of ecosystems if you will.
Notably, an ecosystem is more than a set of arms-length partnerships. It is a network of independent
contributors who interact closely to create mutual value. This, in turn, creates interdependency among
partners in the ecosystem. All partners share the same fate – individual partners will be successful only
if the ecosystem is successful. This complex dynamic presents a challenge for businesses trying to figure
out an IoT strategy. A better understanding of how ecosystems are created is required.
Key elements and enablers for developing an IoT ecosystem
As shown in Figure 1, there are three main elements that make up a successful IoT ecosystem: these are
an IoT platform, the market expectation and the network effects.

Figure : Elements and enablers of an IoT ecosystem

The platform is a key building block of the ecosystem and the focus of much investment and
commentary in the industry. Examples include Microsoft’s Azure IoT suite and AWS IoT. Whereas this
element is key, it is the other two that are more nuanced and challenging for businesses to figure out.
Indeed, building an IoT ecosystem is a complex undertaking with many interconnected factors that
need to be juggled with. Supporting an ecosystem requires more than just having a platform and
making APIs available to third parties. Companies offering platforms need to be able to create the
right incentives (financial and other kinds), support systems for partners, and define how they – and
not competing players – will create more value for their partners.
There are a number of key enablers that enterprises should focus on, when developing their IoT
ecosystems. These are briefly discussed below.

 Enabling platforms: as mentioned above, platforms are the foundation of the ecosystem.
Businesses need to deploy IoT platforms that fulfil the expectations of both customers and
partners in terms of functionality, reliability, security and flexibility. The platform needs to
enable not only vertical solutions, but a true ecosystem in the form of a marketplace for IoT
products and services.
 APIs: APIs are the basic building blocks of an IoT ecosystem, and businesses must therefore
develop a strong API strategy. This strategy should be based on a deep understanding of the
IoT markets that the business intends to target. Designing and supporting APIs for everyone
is impractical, which means that a focused approach is recommended. The business should
also develop an API roadmap that is in line with its overall IoT strategy, while the API pricing
and support model must be aligned with the business’ ecosystem revenue model. APIs can
ultimately foster – or discourage – network effects. If using your APIs is too onerous or does
not create sufficient value, ecosystem partners will be reluctant to invest time or effort. It is
therefore vital that businesses define their API strategies with market and partner needs in
mind.
 Communities: for ecosystems to be true ecosystems, communities of partners need to exist.
These partners should be able to develop products and services based on the company
resources (via APIs), as well as those of other ecosystem participants. The benefits to
businesses can be immense. By enabling others to invest and create new products and
services, the business is able to boost innovation. This is achieved without incurring every cost
and risk involved, but by sharing these with the ecosystem partners. Companies like IBM,
Amazon and Microsoft are very active in this area sponsoring hackathons and sponsoring
university research programs and incubators.
 Own branded services: in many cases, it makes sense for businesses to offer complete IoT
solutions, either with their own products or through integration with partners. This to signal
commitment to market and to kick-start the ecosystem expansion. A good example is Digital
Life from AT&T, a telco in the US – the company has developed an integrated home monitoring
service together with partners, and markets the service as an AT&T-branded product. This
branded service serves to signal AT&T’s commitment to the IoT and, as the service establishes
itself in the market, AT&T is looking at opening it to a wider array of partners, thus further
developing the initial ecosystem.
  Revenue models: revenue models are a key aspect for the successful development of
IoT ecosystems. Businesses looking to attract ecosystem partners need to define the right
revenue generation and sharing model – one that incentivizes partners to join the ecosystem,
reduces risks for partners to innovate and fits with the business model of the individual
partners. Some partners will be attracted to a revenue sharing model, while others will prefer
a licencing or fixed royalty-based model. Models like “freemium” can be good to encourage
experimentation and early adoption in IoT communities. This means that firms will need to
support several revenue and partnership models, which in turn will require new decision and
management systems.
 Ecosystem support functions: the final (and perhaps most overlooked) enabler is the internal
organization and the related support functions. A critical function here is partner
management, which not only means being able to recruit but to incentivize and support
ecosystem partners throughout the partnership lifecycle. This is a capability that goes beyond
basic reseller agreements. Businesses will also require dedicated teams to support the
ecosystem. This support includes technical (e.g. how to use an API) but also marketing (e.g.
sell your apps on our marketplace) and operational (e.g. “fulfilled by Amazon”).
Moreover, a governance model that establishes clear ‘ecosystem rules’ is critical in order to maintain
harmony among members and a healthy cooperative ecosystem.
 Unit V
Best Practices in IoT Security

5.1 IoT security incident response management

5.2 Challenges associated with IoT Security compliance,
5.3 User-centric governance framework for security and privacy in IoT
5.4 UL’s IoT certification
5.5 NIST risk management framework and CPS efforts,
5.6 PCI DSS, HIPAA Security and Privacy
5.1 IoT security incident response management:

 Being prepared for incident response in IoT requires planning on how you will deal with two
types of incidents in your IoT workload. The first incident is an attack against an individual IoT
device in an attempt to disrupt the performance or impact the device's behaviour.
 The second incident is a larger scale IoT event, such as network outages and DDoS attack. In
both scenarios, the architecture of your IoT application plays a large role in determining how
quickly you will be able to diagnose incidents, correlate the data across the incident, and then
subsequently apply runbooks to the affected devices in an automated, reliable fashion.

For IoT applications, follow the following best practices for incident responses:

 IoT devices are organized in different groups based on device attributes such as location
and hardware version.
 IoT devices are searchable by dynamic attributes, such as connectivity status, firmware
version, application status, and device health.
 OTA updates can be staged for devices and deployed over a period of time. Deployment
rollouts are monitored and can be automatically aborted if devices fail to maintain the
appropriate KPIs.
 Any update process is resilient to errors, and devices can recover and roll back from a
failed software update.
 Detailed logging, metrics, and device telemetry are available that contain contextual
information about how a device is currently performing and has performed over a period
of time.
 Fleet-wide metrics monitor the overall health of your fleet and alert when operational
KPIs are not met for a period of time.
 Any individual device that deviates from expected behavior can be quarantined,
inspected, and analyzed for potential compromise of the firmware and applications.

How do you prepare to respond to an incident that impacts a single device or a fleet of
devices?

 Implement a strategy in which your InfoSec team can quickly identify the devices that need
remediation.
 Ensure that the InfoSec team has runbooks that consider firmware versioning and patching for
device updates.
  Create automated processes that proactively apply security patches to vulnerable devices as
they come online.
 At a minimum, your security team should be able to detect an incident on a specific device
based on the device logs and current device behavior. After an incident is identified, the next
phase is to quarantine the application.
 To implement this with AWS IoT services, you can use AWS IoT Things Groups with more
restrictive IoT policies along with enabling custom group logging for those devices. This allows
you to only enable features that relate to troubleshooting, as well as gather more data to
understand root cause and remediation.
 Lastly, after an incident has been resolved, you must be able to deploy a firmware update to the
device to return it to a known state.

Threats both to safety and security:

 Ideally, misuse cases will be created during the upfront threat modeling process. Many specific
misuse patterns can then be generated for each misuse case.
 Misuse patterns should be low-level enough that they can be decomposed into signature sets
applicable to the monitoring technology (for example, IDS/IPS, SIEM, and so on) that will be
used both on-premises and in your cloud environment. Patterns can include device patterns,
network patterns, service performance, and just about anything that indicates potential misuse,
malfunction or outright compromise.

A Re spo nse t o IoT Att ac ks :

IoT-related attacks, which often cross the line between cyber incidents and physical threats, are complex
and dynamic, making them especially challenging to respond to and resolve. Security leadership can
empower their teams by:
 Developing tested and measurable incident response plans;
 Enabling cross-organization coordination, communication and collaboration; and
 Arming analysts with technologies that enable them to make accurate decisions and take action
quickly.
An effective incident response platform helps orchestrate people and technologies across the entire
response process. A proven and repeatable incident response plan gives security teams the agility,
intelligence and efficiency they need to respond to all types of cyberattacks.

5.2 Challenges associated with IoT Security compliance:

5.3 User-centric governance framework for security and privacy in IoT

IoT vulnerabilities might cause catastrophic disruptions, ranging from privacy breaches to
breakdowns of public ecosystems.
User privacy concerns are among the key obstacles to the widespread adoption of connected IoT
devices. Smart gadgets offer incredible value creation and capture opportunities, but their vulnerabilities
might cause catastrophic disruptions, ranging from privacy breaches to breakdowns of public
ecosystems. In this article, we assess the risks of IoT adoption and consider privacy management
standards, approaches, and paradigms.
The Scope of IoT Security Vulnerabilities
According to a report by Deloitte, among the 49 countries that possess a defense budget of over $1
billion and keep exposed IoT systems found online, Slovakia, Lithuania, Estonia, Latvia, and the Czech
Republic are the top five most-exposed countries based on IoT targets per unit of GDP. Their quick
adoption of IoT systems without proper security measures might cause significant economic damage to
individual businesses, entire industries, and the national economy as a whole. The US is lower on the
list of the most vulnerable states, despite the largest number of exposed IoT systems located, as its
economy is more diverse and stable in the face of a potential attack.
China, Iran, and the Russian Federation are less vulnerable to IoT attacks, possibly because of lower
adoption or the ongoing development of statewide cyber-security systems. Japan is one of the most
secure economies, despite the widespread adoption of industrial and household automation. This may
be the result of the Japanese approach to developing custom software instead of adopting available
solutions as well as security-conscious design and implementation of IoT systems.
IoT: Targeted and Weaponized
IoT systems can be both a weapon and a target of malicious attacks. Millions of unsecured devices have
been infected with Botnet technology and participated in Distributed Denial of Service (DDoS) attacks.
Krebs On Security, Dyn, and other companies fell victim to attacks that did not require big budgets and
sophisticated technology due to IoT devices’ vulnerability.
Targeting IoT systems is another serious security concern. Three major categories of IoT systems with
huge potential for economic and public safety repercussions include:
 Industrial infrastructure. Switches, valves, CNC, and production environment controls are at
risk. Tampering with any of the exposed industrial systems may lead to asset damage, lost
production, equipment malfunctions, and accidents.
 Communications infrastructure. VoIP systems and routers are the most vulnerable among
communication IoT devices. Physical damage of the networks, large-scale losses of
communication, and panic among the population are all high-impact risks.
 Building infrastructure. Power, security, elevators, and environmental controls are commonly
exposed systems. Their vulnerabilities can cause physical damage to the systems and buildings,
denial of service, and panic among the tenants.
Other emerging IoT targets include traffic control and autonomous driving systems, as well as critical
objects of national infrastructure, like nuclear power plants or major telecommunication switches.
Although their security is usually better, they still present alluring targets for cyberterrorists.
IoT Identity Management and Privacy Security Standards
The US and the EU countries focus their security efforts on critical infrastructure and military targets,
leaving the protection of privately owned systems to their operators and owners. However, this approach
leaves a window of opportunity for malicious cyber attacks as the adoption of IoT systems spreads
across public, commercial, and industrial sectors. Foreseeing the economic, financial, and psychological
impact of IoT vulnerabilities, the international community has been working on standards for security
techniques to protect user identity and privacy.
The breaches in data security cause loss of personally-identifiable information that affects organizations
and individuals. Identity theft, legal liability, recovery costs, and reputation risks are among the
common consequences of security breaches in IoT and other sectors.
ISO/IEC 29100
ISO/IEC 29100 is designed for organizations that develop, operate, or maintain systems handling
personally identifiable information. The privacy framework outlined by the standard enables businesses
to identify security terminology, define critical roles engaged in personal data processing, describe
privacy security considerations, and reference common privacy principle used for IT.
According to the ISO/IEC 29100 Privacy Framework, users, subscribers, and data owners take on the
role of personal information providers, while application owners and operators act as PI receivers. A
user-centric, privacy security framework is established if PI receivers employ privacy safeguarding
controls to meet the PI providers’ privacy preferences at all stages of information handling, from
collection and storage to usage, transfer, and deleting.
ISO/IEC 24760
This standard provides guidance for identity information management. While the first part outlines
terminology and concepts, the second one defines reference architecture and requirements, and the third
part suggests the practical implementation of an identity management system. The practices address
identity-related risk when acquiring, processing, storing, transferring, and using personally identifiable
information.
According to the ISO/IEC 24760, application owners should manage the risk of identity errors and
ensure the confidentiality, integrity, and availability of identity information they store, process, and
communicate. The standard also suggests the use of identifiers. They allow businesses to distinguish
entities and facilitate their representation in some situations, e.g. hiding the entity’s identity when
providing identity information for use.
Privacy-By-Design in IoT
Existing international standards and regulations concerning privacy and protection of personal data
leave multiple consumer issues unanswered. While ISO Consumer Policy Committee (COPOLCO) is
working on standards for identity management and privacy technologies, researchers and IoT pioneers
rely on the principles of Privacy-by-Design (PbD).
Balancing Privacy Risks and Benefits
Studies conducted for the World Economic Forum demonstrate that data owners (IoT users) are willing
to release personal information to data consumers for sufficient benefits. However, to make a pragmatic
decision, users should realize the risks associated with sharing private data. Additionally, users should
be able to change their privacy preferences according to context.
Privacy risks awareness implies that:
 Data sensitivity can be direct or indirect. While power consumption is not sensitive on its own,
frequent measurements allow data consumers to infer sensitive data, including the use of
specific devices, presence or absence, behavior patterns and more.
 Trust in data consumer depends on the data consumer’s reputation and interaction history.
State-owned companies might be more trustworthy than private businesses.
 Data leakage reflects the accuracy of the personal data shared and often depends on the
sampling frequency. Increased sample frequency boosts the confidence degree of the inferences
made by data consumers based on the IoT data.
Data providers can expect physical, financial, or psychological benefits of sharing personal information.
Common examples of data sharing benefits include reduced rates, lower consumption, feelings of self-
satisfaction, and confidence.
Privacy-By-Design Development Principles
Researchers of the Privacy and Big Data Institute, Ryerson University, outlined IoT security concepts
based on seven basic Privacy-by-Design principles. They are recommended for IoT devices’ designers,
developers, testers, and operators.
1. Anticipate and eliminate opportunities for abuse. Only IoT users can approve their personal
information gathering, processing, and sharing. In the user-centric development cycle, privacy abuse
potential is accessed and eliminated at every stage.
2. Configure privacy by default. To foster consumer trust and benefit from a public perception gap
that favors reliable technologies, businesses design intrinsic privacy before adding information
management capabilities.
3. Embed integrity into design. Layering privacy security at all levels of IoT design is becoming an
industry standard, making application designers and developers introduce security features from the
bottom-up.
4. Fuse optimized experiences to full functionality. Forward-thinking companies do not make
customers choose between privacy and full functionality. Instead, they maximize user experience while
protecting user interests and rights.
5. Clarify and simplify for protective design. Complexity reduces the usability of privacy security
measures. To support full lifecycle protection, developers adopt privacy best practices and introduce
simple but overlapping security measures.
6. Control monitoring and awareness. Fear, uncertainty, and doubt among users can be overcome by
introducing customers to the implemented transparent and protective measures.
7. Include users as stakeholders, not victims. Building trust with consumers starts with treating them
as stakeholders, whose primary needs are privacy and safety.
Secure. Vigilant. Resilient Model.
Deloitte considers IoT privacy through a Secure. Vigilant. Resilient. paradigm. To establish a secure
information management system, experts focus on three aspects of privacy security.
1. Software, hardware, and data must be secured at all levels of development and operation, and at all
stages of the lifecycle. Without proper safety measures, IoT device breaches might transform from a
privacy theft to a threat to life.
2. Companies must stay vigilant when dealing with connected devices and collected data, as both
software and hardware are prone to aging and deterioration. Moreover, the attack approaches evolve
and utilize weaknesses of which IoT developers are not aware.
3. To quickly detect the breach, eliminate the threat, and stop the spread, companies must have security
protocols and procedures in place. They help limit the damage done to the systems and the business
reputation as well as reestablish normal operations.
Apart from generating value, IoT systems can cause significant losses for businesses that do not
establish user-centric privacy management systems. Following international standards and relying on
Privacy-by-Design principles are essential to fostering customer trust and promoting wider adoption of
smart connected devices. Disruptive companies ensure privacy considerations lay at the foundation of
every piece of IoT software and hardware and maintain the best security practices throughout the
system’s lifecycle.
5.4 UL’s IoT certification
The Internet of Things (IoT) provides amazing possibilities for product development and is
accelerating innovation at perhaps the fastest rate in history. Things that were nearly unheard
of just a few years ago — tracking wellness on your watch or phone, a refrigerator that orders
your groceries for you, payment from your phone with biometrics, and even mobile driver’s
licenses are all now reality.
Building cybersecurity into connected devices is a critical component needed to unlock the vast
potential of IoT innovation. If done well, it empowers companies to successfully implement
their business strategy, mitigate risks, protect their brand reputation, create product
differentiation, and establish market leadership.
UL helps innovators create safer, more secure products, devices and technologies to enable
their safe adoption by guiding them through the growing complexities across the supply chain.

Interconnected technology is inherently linked with cyberthreats used by attackers who manipulate
software vulnerabilities and weak links in ecosystems. As these threats continue to rise, companies must
build cybersecurity into their organization, processes and product development life cycle, including
updates and end-of-life after successful launch. Otherwise they risk being bypassed by competitors or,
worse yet, may find themselves the center of the next breach.
We’ve seen wide industry acceptance of its cybersecurity solutions and standards. Recent UL
achievements include recognition from the U.S. Food and Drug Administration (FDA) for UL’s
cybersecurity Standard for testing of medical devices, designation as an Amazon-approved lab to
perform security assessments for Alexa-enabled devices, standardizing the mobile driver’s license
globally, and authorization as an approved cybersecurity provider for the Society for Worldwide
Interbank Financial Telecommunication (SWIFT).
While there is no silver bullet for solving IoT cybersecurity challenges, companies must begin to
understand and address cybersecurity risks. This enables them to continue innovating and tackling an
increasingly complex world of product and system interconnectivity with greater confidence.

Why UL for IoT device security

As the global leader in safety science, we empower trust in the marketplace by helping manufacturers
and brands improve the security of IoT products, devices and systems through our full suite of
cybersecurity solutions. These services are designed to help you understand and manage your risks,
secure your products, and protect your brand’s integrity.
Benefits of working with UL for cybersecurity include:
  Independent trusted third party
 More than 20 years of cybersecurity expertise
 More than 550 security analysts globally
 Extensive knowledge of best practices
 Full life cycle solutions
 Industry knowledge
 Providing cybersecurity assurance
 Cybersecurity and safety
 Certification to standards

5.5 NIST risk management framework and CPS efforts:

A Comprehensive, Flexible, Risk-Based Approach

The Risk Management Framework provides a process that integrates security, privacy, and cyber supply
chain risk management activities into the system development life cycle. The risk-based approach
to control selection and specification considers effectiveness, efficiency, and constraints due to
applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing
organizational risk is paramount to effective information security and privacy programs; the RMF
approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control
systems), and within any type of organization regardless of size or sector.
5 core functions of the NIST cybersecurity framework?
Here, we'll be diving into the Framework Core and the five core functions: Identify, Protect, Detect,
Respond, and Recover. NIST defines the framework core on its official website as a set of
cybersecurity activities, desired outcomes, and applicable informative references common across
critical infrastructure sectors.

Cyber-Physical Systems (CPS):

Cyber-Physical Systems (CPS) are integrations of computation, networking, and physical processes.
Embedded computers and networks monitor and control the physical processes, with feedback loops
where physical processes affect computations and vice versa.
The economic and societal potential of such systems is vastly greater than what has been realized, and
major investments are being made worldwide to develop the technology. The technology builds on the
older (but still very young) discipline of embedded systems, computers and software embedded in
devices whose principle mission is not computation, such as cars, toys, medical devices, and scientific
instruments. CPS integrates the dynamics of the physical processes with those of the software and
networking, providing abstractions and modeling, design, and analysis techniques for the integrated
whole.
What is cyber physical system in IoT?

Cyber Physical System (CPS) is a mechatronic system in which entities are connected to each other
through wired or wireless solutions with means of information and communication technology.

5.6 PCI DSS, HIPAA Security and Privacy:

Why do you need to comply with PCI if you are already HIPAA compliant?
Some are required to comply with both HIPAA (Healthcare Information Portability and Accountability
Act) and the PCI DSS (Payment Card Industry Data Security Standard), namely, covered entities and
business associates that accept credit, debit, or other payment cards. Many believe if they are compliant
with one, it covers the other.
HIPAA and PCI are two distinct and different sets of requirements. Each is specifically designed for
different types of information. HIPAA was designed by government committees trying to protect citizen
data. PCI was designed by a private industry to reduce fraud-related costs regarding loss of card data.

The PCI DSS standard

The PCI standards have gone through several clarifying iterations that create the current set of PCI
requirements. These requirements are generally very specific and focused.
The HIPAA standard
Conversely, HIPAA regulations, even though they’ve existed for about as long, haven’t gone through
a single iteration. Because they were created without a sound basis of the types of technology required
to secure patient data, these standards are vague. Even after a thorough examination of the standard, it’s
difficult to know what really must be implemented to meet each requirement.

While there is some overlap between the two, it is surprisingly not as much as one might expect.

Let me give an example.

HIPAA regulations never mention the word ‘firewall’ and instead include vague language such as
“implement technical security measures to guard against unauthorized access...” What does that mean?
Experienced security personnel can connect the dots and know it likely means firewall implementation.
Covered entities, their office staff, and even lawyers probably wouldn’t be able to come to that
conclusion on their own. On the opposing side, PCI has an entire section devoted to firewalls including
frequency of firewall rule review, inbound/outbound restrictions, and so forth.
For those who learn best by facts and statistics, here are numeric comparisons to help clarify the
disparity between HIPAA and PCI.

Each requirement usually requires multiple validation points. A validation point is specific evidence
needed to support the appropriate implementation of the requirement. For example, interviewing
management and reviewing policy documentation are two different validation points.

HIPAA vs. PCI: validation points

HIPAA at a glance
 The Security Rule contains 75 requirements with 254 validation points
 The Breach Rule contains 10 requirements with 26 validation points
 The Privacy Rule contains 72 requirements with 255 validation points
PCI at a glance
 PCI DSS 2.0 contains 292 requirements with 1030 validation points

SEE ALSO: Staying Compliant: Visa’s New Level 4 Requirements

Overlap between HIPAA and PCI
 0 of 281 HIPAA Breach Rule/Privacy Rule validation points are covered in PCI
 70 of 254 HIPAA Security Rule validation points are covered in PCI
 316 of 1,030 PCI validation points are covered in HIPAA
I find that HIPAA assessors who have not performed PCI assessments typically don’t hold the
overlapping HIPAA requirements to the higher, specific standards that a PCI assessor would.

If you are required to comply with both PCI and HIPAA mandates, you should understand they are
distinct and require mostly different security procedures and protections. Just because you’re compliant
with HIPAA, doesn’t mean your card processes are secure, and vise versa.