Professional Documents
Culture Documents
Unit II:
Security of Wireless Sensor Networks
Unit III:
Integrating Security in IoT Ecosystem
Unit IV:
Unit V:
Fundamentals
ISO OSI MODEL:
Architecture of IoT:
There is no single consensus on architecture for IoT, which is agreed universally. Different architectures
have been proposed by different researchers.
3. Outdated software
As vulnerabilities in software are discovered and resolved, it is important to distribute the updated
version to protect against the vulnerability. This means that IoT devices must ship with up-to-date
software without any known vulnerabilities, and that they must have update functionality to patch any
vulnerabilities that become known after the deployment of the device.
For example, the malware Linux.Darlloz was first discovered late 2013 and worked by exploiting a bug
reported and fixed more than a year earlier.
4. Lack of encryption
When a device communicates in plain text, all information being exchanged with a client device or
backend service can be obtained by a ‘Man-in-the-Middle’ (MitM). Anyone who is capable of obtaining
a position on the network path between a device and its endpoint can inspect the network traffic and
potentially obtain sensitive data such as login credentials. A typical problem in this category is using a
plain-text version of a protocol (e.g. HTTP) where an encrypted version is available (HTTPS). A Man-
in-the-Middle attack where the attacker secretly accesses, and then relays communications, possibly
altering this communication, without either parties being aware.
Even when data is encrypted, weaknesses may be present if the encryption is not complete or configured
incorrectly. For example, a device may fail to verify the authenticity of the other party. Even though
the connection is encrypted, it can be intercepted by a Man-in-the-Middle attacker.
Sensitive data that is stored on a device (at rest) should also be protected by encryption. Typical
weaknesses are lack of encryption by storing API tokens or credentials in plain text on a device. Other
problems are the usage of weak cryptographic algorithms or using cryptographic algorithms in
unintended ways.
5. Application vulnerabilities
Acknowledging that software contains vulnerabilities in the first place is an important step in securing
IoT devices. Software bugs may make it possible to trigger functionality in the device that was not
intended by the developers. In some cases, this can result in the attacker running their own code on the
device, making it possible to extract sensitive information or attack other parties.
Like all software bugs, security vulnerabilities are impossible to avoid completely when developing
software. However, there are methods to avoid well-known vulnerabilities or reduce the possibility of
vulnerabilities. This includes best practices to avoid application vulnerabilities, such as consistently
performing input validation.
6. Lack of Trusted Execution Environment
Most IoT devices are effectively general-purpose computers that can run specific software. This makes
it possible for attackers to install their own software that has functionality that is not part of the normal
functioning of the device. For example, an attacker may install software that performs a DDoS attack.
By limiting the functionality of the device and the software it can run, the possibilities to abuse the
device are limited. For example, the device can be restricted to connect only to the vendor’s cloud
service. This restriction would make it ineffective in a DDoS attack since it can no longer connect to
arbitrary target hosts.
To limit the software a device can run, code is typically signed with a cryptographic hash. Since only
the vendor has the key to sign the software, the device will only run software distributed by the vendor.
This way, an attacker can no longer run arbitrary code on a device.
To totally restrict the code run on the device, code signing must also be implemented in the boot process,
with the help of hardware. This can be difficult to implement correctly. So called ‘jailbreaks’ in devices
such as the Apple iPhone, Microsoft Xbox and Nintendo Switch are the result of errors in the
implementation of trusted execution environments.
9. Intrusion ignorance
When a device is compromised, it often keeps functioning normally from the viewpoint of the user.
Any additional bandwidth or power usage is usually not detected. Most devices do not have logging or
alerting functionality to notify the user of any security problems. If they have, these can be overwritten
or disabled when the device is hacked. The result is that users rarely discover that their device is under
attack or has been compromised, preventing them from taking mitigating measures.
1.2 Devices with limited or no physical security and limited security computing
capabilities
the importance of security when working remotely and highlights simple techniques that users
can employ to protect themselves while they are working remotely.
remote management of security refers to any security policy, solution, strategy or process that
exists to prevent unauthorized access to your network, its resources, or any confidential or
sensitive data. Essentially, secure remote access is a mix of security strategies and not
necessarily one specific technology like a VPN.
Secure Remote Access is a combination of security processes or solutions that are designed to
prevent unauthorized access to an organization's digital assets and prevent the loss of sensitive
data.
Why Security is Important While Working Remotely
o Working Remote Presents Many Risks You are responsible for your own security
o Public places can have criminals and competitors
o Lack of preparation can make you an easy target
When you work remotely, you are responsible for ensuring the security of yourself, your belongings,
and your information. When you work remotely, you do not have the benefit of the security you have
in your office. You typically do not often have control over your environment or the people you are
around. This makes working remotely more of a risk than your environment at work or at home. Lack
of preparation for working remotely can make you an easy target for thieves, pick-pockets,
unscrupulous competitors, and other criminals. Good preparation however can significantly reduce your
risks and make your experience far more relaxing and productive.
Risks of Working Remotely
o A lack of security can result in significant losses
Theft of property and valuables
Loss of confidential information
Simple techniques can make you secure
o Personal security to protect yourself
o Protection of your valuables and information
If you do not have good security habits, you can suffer a significant loss. You can have your property
or valuables stolen. This might include your wallet, money, jewellery, and identification documents.
You may also lose confidential information you’re carrying. The theft of wallets, check books, and the
identification cards, payment cards, and bank account information they contain is the main methods of
identity theft. The loss of these items can also hamper any plans or travel. The theft may include a
briefcase or a laptop. The information that they contain can include confidential company product plans,
customer names, proprietary knowledge, and other items that can be very valuable to a competitor. Even
the personal information that is stored there is valuable to a thief. The inconvenience that results can
spoil your work and your travel. What can seem like a simple incident can actually result in a significant
problem. Simple techniques can, however, protect you against many of these security risks. These
simple techniques should focus on your personal security to protect yourself, how to protect your
valuables and confidential information, knowing where to find assistance when you need it, and having
contingency plans in case of emergencies.
Definition: Risk identification is the process of determining risks that could potentially
prevent the program, enterprise, or investment from achieving its objectives. It includes
documenting and communicating the concern. Keywords: risk, risk identification, risk
management.
1.5Crypto resilience:
With cryptocurrency, the transaction cost is low to nothing at all—unlike, for example, the fee for
transferring money from a digital wallet to a bank account. You can make transactions at any time of
the day or night, and there are no limits on purchases and withdrawals. And anyone is free to use
cryptocurrency, unlike setting up a bank account, which requires documentation and other paperwork.
International cryptocurrency transactions are faster than wire transfers too. Wire transfers take about
half a day for the money to be moved from one place to another. With cryptocurrencies, transactions
take only a matter of minutes or even seconds.
Apart from the malware and MITM attacks discussed above, IoT systems can also be susceptible to
various cyberattacks. Here’s a list of the most common types of attacks on IoT devices:
role of firmware?
Firmware assumes an intermediary role between the hardware and software – including
potential future upgrades of the software. Some firmware (such as the BIOS on a PC) does the
job of booting up a computer by initialising the hardware components and loading the operating
system.
What's an example of firmware?
Examples of firmware include: The BIOS found in IBM-compatible Personal Computers.
Code inside a printer (in addition to the printer driver that is on the computer) Software
controlling a heart defibrillator.
UNIT 2: Security of Wireless Sensor Networks
Due to significant advances in wireless and mobile communication techniques and the broad
development of potential applications,
Wireless Sensor Networks (WSNs) have attracted great attention in recent years. Nevertheless,
WSNs are formed dynamically by a number of power-limited sensor nodes and the manager
node with long-lasting power.
WSNs are self-organized and autonomous systems consisting of common sensors, manager
nodes and back-end data centre.
Common sensors are responsible for transmitting the real-time sensor data of specific
monitoring environment to the intermediate collection nodes called manager node.
Finally, the back-end data centre will receive the sensed data from manager nodes to do further
process and analysis.
Undoubtedly, all communication between nodes is through the wireless transmission
techniques.
Furthermore, due to the property of self-organized, without support from the fixed
infrastructure and the topology of wireless sensor network changes dynamically, therefore,
broadcasting is the general way for communications in WSNs.
Wireless sensor network has been widely used in practical applications, such as monitoring of
forest fire, detection of military purpose, medical or science areas and even in our home life.
However, WSNs are easily compromised by attackers due to wireless communications use a
broadcast transmission medium and their lack of tamper resistance.
Therefore, an attacker can eavesdrop on all traffic, inject malicious packets, replay older
messages, or compromise a sensor node.
Generally, sensor nodes are most worried about two major security issues, which are privacy
o preserving and node authentication.
Privacy means the data confidentiality is achieved under security mechanism, and hence it
allows network communications between sensor nodes and the manager station to proceed
securely.
In addition, a well-structured authentication mechanism can ensure that no unauthorized node
is able to fraudulently participate and get sensitive information from WSNs.
As a result, several schemes have been proposed to secure communications in WSNs.
One of the challenges in WSNs is to provide high-security requirements with constrained
resources. The security requirements in WSNs are comprised of node authentication, data
confidentiality, anti-compromise and resilience against traffic analysis.
To identify both trustworthy and unreliable nodes from a security standpoint, the deployment
sensors must pass a node authentication examination by their corresponding manager nodes or
cluster heads and unauthorized nodes can be isolated from WSNs during the node
authentication procedure.
Similarly, all the packets transmitted between a sensor and the manager node must be kept
secret so that eavesdroppers cannot intercept, modify and analyse, and discover valuable
information in WSNs.
3. Multi-hop routing: The sensor range of nodes in the WSNs is assumed to be limited, so if a
node A would like to communicate with node D, which is out of communication range of node
A. The node B would be an intermediate node and is responsible for transmitting the
communication data to each other between node A and node B. The multi-hops are illustrated
Fig: Organization of WSNs
1.Hardware constraints: This part is related to physical property and many constraints on these areas
have been proposed. For example, limited energy. In addition, due to the influence of limited volume
of the sensor, some sensor can only provide limited storage, limited bandwidth, limited energy and
limited computation ability.
2. Communication: The existing communicating schemes show that there are three main types of
communications in WSNs; including direct, clustering-based, and multi-hops communication. In direct
communication, every sensor node transmits its sensor data to a manager node and the manager node
is responsible for collecting these data to back-end data centre for further processing. In clustering
communication, all sensor nodes are divided into several groups and each cluster head node is
responsible for collecting data within its group. Multi-hops communication is used because the
communication range of a sensor is assumed to be limited and the neighboring sensor nodes maybe
used for transmitting the communication packets to each other on their path between the source node
and the destination node.
3. Scalability: Another consideration is the scalability of sensor networks. In this case, networking
must keep on working whatever the number of sensor nodes are placed will not be affected.
4. Fault tolerance: Due to the influence of applied environment on sensors, many exceptions have been
addressed in sensor networks. For example, sensors may crash, power failure or shut down etc. Such
problems need to be avoided by the strategies of fault tolerance to keep on networking.
5. Fault tolerance: Due to the influence of applied environment on sensors, many exceptions have been
addressed in sensor networks. For example, sensors may crash, power failure or shut down etc. Such
problems need to be avoided by the strategies of fault tolerance to keep on networking.
6. Power saving: When the sensors are distributed to monitor some environments of interest, these
sensors may work over a long span of several weeks even for months. Therefore, how to provide a
mechanism of power saving to extend its lifespan is highly important. In general, there’s too great a
consumption of power during the transmitting message phase.
7. Cost: Depending on the application of sensor network, a large number sensors might be scattered
randomly over an environment, such as weather monitoring. If the overall cost was appropriate for
sensor networks and it will be more acceptable and successful to users which need careful consideration.
8. Mobility: In clustered (hierarchical) WSNs, sensor nodes are typically organized into many clusters,
with cluster controllers collecting sense data from ordinary sensor nodes in the managed cluster to the
back-end data center. Furthermore, compared to mobile ad hoc networks, when sensor nodes are
randomly deployed in a designated area, they only infrequently move from one cluster to another, and
thus mobility is not a critical issue in WSNs.
9. Sleep pattern: The sleep pattern is highly necessary in WSNs to extend the availability of the
networks. For example, the manager node can set fresh bootstrapping times for live sensors while other
sensor nodes can shut down to save power. Different sensor nodes are operated according to the
bootstrapping times to which they belong and the lifetime of WSNs is therefore extended in a
differentiated way.
10. Security: One of the challenges in WSNs is to provide high-security requirements with constrained
resources. The security requirements in WSNs are comprised of node authentication, data
confidentiality, anti-compromise and resilience against traffic analysis. To identify both trustworthy
and unreliable nodes from a security standpoint, the deployment sensors must pass an node
authentication examination by their corresponding manager nodes or cluster heads and unauthorized
nodes can be isolated from WSNs during the node authentication procedure. Similarly, all the packets
transmitted between a sensor and the manager node must be kept secret so that eavesdroppers cannot
intercept, modify and analyze, and discover valuable information in WSNs.
In addition to the characteristics and considerations mentioned above, security threats and requirements
are also critical for a variety of sensor network applications. In recent years, there are several security
issues in WSNs have been proposed. In this section, we will introduce some security threats and
requirements in WSNs.
Passive attacks: In passive attacks (such as eavesdropping attacks), eavesdroppers can unintrusive
monitor on the communication channel between two communicating nodes to collect and discover
valuable information without disturbing the communication.
Active attacks: active attacks (such as node replication attacks, sybil attacks, wormhole attacks, and
compromised node attacks) can be further classified into two categories: external attacks and internal
attacks. In external attacks (such as sybil attacks and wormhole attacks), a node does not belong to a
sensor network and it can first eavesdrop on packets sent or received by normal participating nodes
for the eventual purpose of malicious tempering, interfering, guessing, or spamming, and then injects
invalid packets to disrupt the network functionalities.
o For sybil attacks, a sensor node can illegitimately claim multiple IDs by either directly forging
false IDs, or else impersonating legal IDs. This harmful attack may lead to serious threats to
distributed storage, routing algorithm and data aggregation.
o For wormhole attacks, the malicious node may be located within transmission range of
legitimate nodes while legitimate nodes are not themselves within transmission range of each
other. Thus, the malicious node can tunnel control traffic between legitimate nodes and
nonexistent links which in fact are controlled by the malicious node. Finally, the malicious node
can drop tunnelled packet or carry out attacks on routing protocols.
Internal attacks (such as node replication attacks and node compromised attacks) are usually caused
by compromised members who are belong to the sensor network in question, and hence internal attacks
are more difficult to safeguard against than external attacks.
o For node replication attacks, when a sensor node is compromised by attackers, they can
directly place many replicas of this compromised node at different areas within the
networks. Thus, attackers may use these compromised nodes to subvert the network
functionalities, for example by injecting false sense data.
o For compromised attacks, due to the lack of tamper resistance in sensor nodes, attackers
may compromise a sensor node and use it to establish communication channels with non-
compromised sensors to launch other more serious attacks within the sensor network.
According to the above description of the security threats, we can infer that a secure sensor network
corresponds with the following requirements.
Node authentication: For this requirement, a deployed sensor node proves its validity to its
neighboring sensors and the manger node. Thus, an invalid outsider would be unable to send malevolent
data into the networks and the manager node can confirm that received sensed data has come from a
valid sensor node, not from malicious outsiders. This also implies that a sensor node joined in WSNs
has been authenticated and it has the right to access the sensor network.
Availability: The availability of the network should not be affected even if sensors can only provide
limited storage, limited power, and limited computational ability. Therefore, a mechanism regulating
of sleep patterns is necessary for a sensor to extend its lifetime.
Location awareness: The damage cannot be spread from the victimized area to the entire network by
security attacks even if the sensor node is compromised. A secure communication scheme must limit
the damage’s scope caused by the intruders; the mechanism of location awareness is used for this
purpose.
Key establishment For sensor-to-sensor key establishment, a shared key is established by two
communication nodes to protect communications. Thus, all sensed data transmitted between
participants could be verified and protected even if an attacker eavesdrops on the communications
between nodes or injects illegal sensed data into networks, this requirement still provides an adequate
level of security.
No verification table: The verification tables are not required to be stored inside the manager nodes to
prevent stolen-verifier attacks.
Confidentiality: Path-key establishment in every session must be secure against malicious intruders
even if those attackers collect transmission packets.
Perfect forward secrecy: In a two-party path-key establishment, a scheme is said to have perfect
forward secrecy if revealing of the secret key to an intruder cannot help him/her derive the session keys
of past sessions.
Key revocation: When the back-end system or the manager node decides to terminate a sensor utilizing
task, or when a sensor is lost, the sensor must not be allowed to make use of the credential which it
stores to connect to networks.
Re-keying: By introducing a re-keying mechanism, a manager node can conveniently update a sensor’s
credential without the intervention of back-end system for the purpose of reducing the communication
interactions and management burden on that back-end system.
2.1 Sensor Node:
Wireless Sensor Node
sensor
o – A transducer
a device that is actuated by power from one system and supplies power usually
in another form to a second system a loudspeaker is a transducer that
transforms electrical signals into sound energy.
Transducers are often employed at the boundaries of automation,
measurement, and control systems, where electrical signals are converted to
and from other physical quantities (energy, force, torque, light, motion,
position, etc.).
o – converts physical phenomenon e.g. heat, light, motion, vibration, and sound into
electrical signals.
sensor node
o – basic unit in sensor network
o – contains on-board sensors, processor, memory, transceiver, and power supply.
sensor network
o – consists of a large number of sensor nodes.
o – nodes deployed either inside or very close to the sensed phenomenon.
Characteristics
o Power consumption constraints for nodes using batteries or energy harvesting
o Ability to cope with node failures (resilience)
o Mobility of nodes
o Heterogeneity of nodes
o Scalability to large scale of deployment
o Ability to withstand harsh environmental conditions
o Ease of use
o Cross-layer design
Communication
Data processing
Applications
o Military Applications
o Environmental Applications
o Health Applications
o Home and Office Applications
o Automotive Applications
o Other Commercial Applications
Advantages
o It avoids a lot of wiring
o It can accommodate new devices at any time
o It's flexible to go through physical partitions
o It can be accessed through a centralized monitor
Disadvantages
o Lower speed compared to wired network.
o Less secure because hacker's laptop can act as Access Point. If you connected to their
laptop, they'll read all your information (username, password.. etc).
o More complex to configure than wired network.
o Gets distracted by various elementslike Blue-tooth .
o Still Costly at large.
o It does not make sensing quantities in buildings easier.
o It does not reduce costs for installation of sensors.
o It does not allow us to do more than can be done with a wired system.
Design Challenges
o Heterogeneity
The devices deployed may be of various types and need to collaborate with
each other.
o Distributed Processing
o The algorithms need to be centralized as the processing is carried out on different
nodes.
Low Bandwidth Communication
o – The data should be transferred efficiently between sensors
Wireless Sensor Network in IoT is an infrastructure-less wireless network that is used for
deploying a large number of wireless sensors that monitor the system, physical and
environmental conditions.
NETWORKS CONNECTING WIRELESS SENSORS:
To connect Sensors embedded in IoT devices, a communication protocol is used. A low-power wide-
area network ,LPWAN, is a type of wireless network designed to allow long-range communications
between these IoT devices.Lora based Wireless Sensor network is widely used. Sub-1 GHz,
Zigbee,Thread etc are also used to connect sensor networks and gateway and data collected from this
sensor network can be sent to cloud using cellular networks such as NBIoT, LTE-M or wifi etc.
WHAT IS LPWAN:
A low-power wide-area network (LPWAN) is a type of wireless telecommunication wide area network
designed to allow long-range communications at a low bit rate among things (connected objects), such
as sensors operated on a battery. A wireless wide area network used primarily for low-power devices is
known as a Low-Power Wide-Area Network (LPWAN). The sensor devices communicate on LPWAN
in Wireless sensor network.
A Wireless Sensor Network (WSN) is a network of distributed and autonomous devices that
use sensors to track what’s happening around.
The sensor nodes used in WSN systems are integrated with the onboard controllers.
The complete circuitry manages the operation and monitors it mainly. Everything is connected
with the base station known as the Gateway, where high end processing of data collected from
distributed sensors is done.
All the distributed sensors devices in WSN are mostly connected over a LPWAN technology
and communicate with the gateway.`
The Gateway acts as a bridge between the WSN or other networks and cloud.
This enables data to be stored and processed by devices with more resources, in a remotely
located server which is known as a gateway unit.
Edge Computing and Cloud computing both has an important role in IoT Applications.
Gateway or Edge Gateway is a device that allows the management (control) of the network and
aggregates the information received from the nodes to send real-time or near real-time data to
a user platform.
When the gateway is connected to a local laptop, the user can locally control and monitor the
WSN. Adding a cellular modem (works on LTE, NBIoT, LTE-catM1, etc) or an Internet
modem (works on wifi) to the gateway guarantees remote management and sends data to the
cloud.
The gateway is important because it coordinates the communication aspect of the WSN as well
as its sleeping protocol.
At a given time, the gateway wakes up nodes, data is exchanged, and then the nodes go back to
sleep.
Sleeping is necessary for WSNs to save power.
A sensor node generally spends 90% of its time sleeping.
IoT Gateways manage device connectivity, data filtering, processing, protocol translation,
security etc.
Some of the newer gateways also function as platforms for application code by processing data.
LoRa based wireless sensor network is a combination of two terms, LoRa (Long Range) and wireless
sensor networks. Now before knowing more about this let us first understand what these two terms
actually mean.
In the early years of the Internet, network bandwidth capacity was restrained due to technical
limitations.
Connections often depended on low-speed modems for transferring data. However, these low-
speed connections demonstrated that IP could run over low- bandwidth networks.
But today, the evolution of networking has seen the emergence of high-speed infrastructures.
However, high-speed connections are not usable by some IoT devices in the last mile.
The reasons include the implementation of technologies with low bandwidth, limited distance
and bandwidth due to regulated transmit power, and lack of or limited network services.
When link layer characteristics that we take for granted are not present, the network is
constrained.
A constrained network can have high latency and a high potential for packet loss. Constrained
networks have unique characteristics and requirements.
In contrast with typical IP networks, where highly stable and fast links are available,
constrained networks are limited by low-power, low bandwidth links (wireless and wired).
They operate between a few kbps and a few hundred kbps and may utilize a star, mesh, or
combined network topologies, ensuring proper operations.
With a constrained network, in addition to limited bandwidth, it is not unusual for the packet
delivery rate (PDR) to oscillate between low and high percentages.
Large bursts of unpredictable errors and even loss of connectivity at times may occur.
These behaviours can be observed on both wireless and narrowband power-line communication
links, where packet delivery variation may fluctuate greatly during the course of a day.
Unstable link layer environments create other challenges in terms of latency and control plane
reactivity.
One of the golden rules in a constrained network is to “underreact to failure.” Due to the low
bandwidth, a constrained network that overreacts can lead to a network collapse—which makes
the existing problem worse.
Control plane traffic must also be kept at a minimum; otherwise, it consumes the bandwidth
that is needed by the data traffic.
Finally, one has to consider the power consumption in battery-powered nodes. Any failure or
verbose control plane protocol may reduce the lifetime of the batteries.
To summarize, constrained nodes and networks pose major challenges for IoT connectivity in
the last mile. This in turn has led various standards organizations to work on optimizing
protocols for IoT.
IP Versions
For 20+ years, the IETF has been working on transitioning the Internet from IP version 4 to IP version
6. The main driving force has been the lack of address space in IPv4 as the Internet has grown. IPv6
has a much larger range of addresses that should not be exhausted for the foreseeable future. Today,
both versions of IP run over the Internet, but most traffic is still IPv4 based.
While it may seem natural to base all IoT deployments on IPv6, you must take into account current
infrastructures and their associated lifecycle of solutions, protocols, and products. IPv4 is entrenched in
these current infrastructures, and so support for it is required in most cases. Therefore, the Internet of
Things has to follow a similar path as the Internet itself and support both IPv4 and IPv6 versions
concurrently.
Techniques such as tunnelling and translation need to be employed in IoT solutions to ensure
interoperability between IPv4 and IPv6. A variety of factors dictate whether IPv4, IPv6, or both can be
used in an IoT solution. Most often these factors include a legacy protocol or technology that supports
only IPv4. Newer technologies and protocols almost always support both IP versions. The following
are some of the main factors applicable to IPv4 and IPv6 support in an IoT solution:
• Application Protocol:
IoT devices implementing Ethernet or Wi-Fi interfaces can communicate over both IPv4 and IPv6, but
the application protocol may dictate the choice of the IP version. For example, SCADA protocols such
as DNP3/IP (IEEE 1815), Modbus TCP, or the IEC 60870-5-104 standards are specified only for IPv4.
So, there are no known production implementations by vendors of these protocols over IPv6 today. For
IoT devices with application protocols defined by the IETF, such as HTTP/HTTPS, CoAP, MQTT, and
XMPP, both IP versions are supported. The selection of the IP version is only dependent on the
implementation.
• Serial Communications:
Many legacy devices in certain industries, such as manufacturing and utilities, communicate through
serial lines. Data is transferred using either proprietary or standards based protocols, such as DNP3,
Modbus, or IEC 60870-5-101. In the past, communicating this serial data over any sort of distance could
be handled by an analog modem connection. However, as service provider support for analog line
services has declined, the solution for communicating with these legacy devices has been to use local
connections. To make this work, you connect the serial port of the legacy device to a nearby serial port
on a piece of communications equipment, typically a router. This local router then forwards the serial
traffic over IP to the central server for processing. Encapsulation of serial protocols over IP leverages
mechanisms such as raw socket TCP or UDP. While raw socket sessions can run over both IPv4 and
IPv6, current implementations are mostly available for IPv4 only.
6LoWPAN
While the Internet Protocol is key for a successful Internet of Things, constrained nodes and constrained
networks mandate optimization at various layers and on multiple protocols of the IP architecture. Some
optimizations are already available from the market or under development by the IETF.
Wireless Sensor Networks have the main factor which makes the network vulnerable is its
broadcast nature of transmission.
WSNs are susceptible to broad range of security attacks due to wireless nature of
communication. Because of broadcast nature of communication always there is threat of
attacks.
Furthermore, as sensor nodes are often placed in open environment so there is bonus threat of
physical or natural attacks, because they are not physically protected. Attacks in WSN..
o Sinkhole Attack: Sinkhole attack is basically the attack in which opponents try to
attract the whole traffic of the particular network. It takes place by when a compromised
node creates centre of attraction for other nodes and attracts whole traffic. This takes
place only with the help of a compromised node.
o Selective forwarding: In selective forwarding attack the compromised node forward
only selected data packets not all to the receiver.
o Wormhole Attack: In wormhole attack the attacker records data packets in one
location and then stores those data packets in another location in order to retransmit
them later in the network.
o Hello flood attack: In hello flood attack an attacker sends a hello packet to the receiver
nodes, which is an attempt to make fool to the sensor nodes that this hello message is
send by the base station. This hello packet works as a weapon to convince other sensor
nodes
o Sybil Attack: In Sybil attack a node itself presents in many duplicate identities. This
attack basically goals to fault tolerant schemes such as multi-path routing and topology
maintenance and distributed storage.
o Message corruption: In this attack the attacker does modification in the message
during the transmission, this disturbs the integrity of the network.
o Denial of Service Attack: Denial of service attack (DoS) is a clear effort to prevent
the genuine user of a service or data. The ordinary technique of attack involves
overloading the target system with requests, so that it cannot service to genuine traffic.
This attack stops services for genuine users. The examples of attack are: Jamming,
Tapering, collision, homing, flooding, etc.
o Node malfunction: If a data-aggregating node such as a cluster leader is a malfunction
node then it will produce the inaccurate data that can harm the integrity of sensor
network.
o Node Outage: The situation when a node stops working is known as node outage. It
may be very much harmful if the victim node is the master node in the network.
o Node Subversion: If the node is captured by an attacker then there is threat of disclosure
of some secret data like cryptographic keys and therefore compromise the whole sensor
network. Any sensor node might be hacked, and secret information (key) accumulated
on it might be acquire by the attacker.
o False node: When an attacker adds an extra node in any network in order to inject
malicious data, comes under the category of false node. With the help of this false node
an intruder may add some false data which may disturb the communication. Malicious
code injected in the network with the help of false node could spread to all nodes, which
can harm whole network.
o Pulse delay attack: There may arise the problem when any intruder or snoopers snoops
the message transmission between two nodes, it may store the message pulses and then
retransmits the message after some modifications. This problem is known as pulse
delay attack.
o Node Replication Attack: In node replication attack as name implies a replicated copy
of a node is added to the network. An attacker adds a replicated node in a sensor
network by copying node ID and other details related to their identity. This malicious
node may be dangerous for the sensor network because by inserting this node attacker
can manipulate a specific network segment or even it can destroy the network.
o Traffic Analysis: If the message which is transferred is encrypted then also there is
risk of malicious harm. This harm can be possible when the intruder continuously study
the communication pattern. This study can give enough information to intruder to harm
the network.
o Camouflages Adversaries: Any attacker can insert a malicious node in the network or
can compromise a node in order to attract the data packets of the network and then
these packets can be misrouted or can be altered.
o Monitoring & Eavesdropping: This is the most widely recognized assault to
protection. Snooping is the process by which, the opponent can easily get the message
contents. Some times when nodes are communicating information about controls then
eavesdropping is very harmful.
Countermeasures:
2.6. Trust requirements for security protocols for WSNs :
SPINS: SPINS Security Protocol for Sensor Networks:
To study in detail the security protocol for sensor networks. We will go through the following
topics while studying security protocol for sensor networks security for sensor networks,
proposed techniques, application, related work, discussion.
Today sensor network are being widely used in many applications such as real-time traffic
monitoring, military applications, emergency and critical system.
Let us have a look at how security for sensor network is maintained.
There are some challenges faced in security protocol for sensor networks. The is faced in
resource constraints. Resources are been limited in terms of energy, computation, memory,
code size, communication, energy consuming communication. Now let us understand how
SPINS contributes in building protocols.
o a.) SNEP
o SNEP is sensor network protocol and it provides sensor network encryption protocol
and secure point to point communication. SNEP has some important factors data
confidentiality, data authentication, replay protection, weak protection, weak freshness,
low communication overhead.
o b.) µTESLA
o µTESLA is micro timed efficient stream loss-tolerant Authentication. It provides
broadcast authentication. Problems with µTESLA is digital signatures for initial
packet authentication, limited overhead 24bytes per packet, passing one-way key
chain is too big the key is passed from base station to all the nodes through network.
Let is now study the factors essential for system.
a.) Communication Pattern
Communication in the sensor networks takes place from node to base
station, from base station to node, base station to all nodes.
b.) Base Station
A base station is a component or factor which has sufficient memory
and power, and shares secret key with each node while
communication.
c.) Node
Node in a network is a component which has limited resource and
limited trust.
Drawbacks in the above stated is in µTESLA there is need of initial key for each node which
will probably lead to intensive communication. Spins uses source routing so it is not vulnerable
for analysing traffic.
o LEAP was introduced by Cisco Systems back in the year 2000. The aim of this was to
counter some of the earlier vulnerabilities suffered by previous authentication
technologies (CHAP and PAP). Even though attacks against the LEAP protocol were
previously known, Cisco maintained for a long time that the protocol was secure if
users could implement complex passwords. However, much safer protocols were
introduced that included EAP-TLS, EAP-TTLS and PEAP.
o LEAP is designed to provide more secure authentication for 802.11 WLANs (wireless
local area networks) that support 802.1X port access control.
o LEAP uses dynamic Wired Equivalent Privacy (WEP) keys that are changed with more
frequent authentications between a client and a RADIUS server.
2.6.4. TinySEC:
What is TinySec?
Link-layer security architecture for wireless sensor networks
Why do we need TinySec?
Sensor Networks need a way to communicate securely
Wireless inherently insecure due to it’s broadcast nature
Existing secure protocols are too bloated for wireless sensor networks
TinySec is the first fully-implemented link-layer security protocol for wireless sensor networks
TinySec is implemented in official TinyOS release
Tradeoffs between performance, transparency and security are discussed
The authors try to balance this tradeoff for the application (wireless sensor networks)
Sensor Networks:
Mica2
Several cubic inches
8 MHz 8-bit Atmel CPU
128 kB instruction memory
4 kB RAM (data)
512 kB flash memory
19.2 kbps radio with a range of ~100 meters
Operates for ~ 2 weeks at full power
Run TinyOS
Broadcast medium
Adversaries can listen to data, intercept data, inject data and alter transmitted data
Access Control
Unauthorized parties should not be able to participate
Solution: MAC code
Message Integrity
If a message is modified in transit, it needs to be detected
Solution: MAC code
Message Confidentiality
Information needs to be kept private from unauthorized parties
Solution: Encryption
Replay Protection
An unauthorized party resends a legitimate packet which it overheard at a later time
Typical defense: associate counter with each message
Problem: state needs to be kept for this and we don’t have the resources for this
Solution: Let a higher level protocol deal with this if it is a problem
Overhead
Increase in message length
Decrease throughput
Increase latency
Transparency
TinySec should be transparent to the application developer when in use
Portability
TinySec should support different CPU and radio hardware
Any necessary porting should be as painless as possible
TinySec Design:
TinySec-AE
Authentication & Encryption
MAC computed over encrypted data and the packet header
Ensures data received is from a trusted node
Prevents adversaries from seeing data
TinySec-Auth
Authentication Only
Only ensure data received is from a trusted node
Good when data does not need to be private
TinySec Encryption:
Encryption Scheme
Cipher block chaining (CBC)
IV format
8 byte IV
Want to minimize overhead while getting enough security
Part of IV is a counter
More on this later…
Block ciphers
Keyed pseudorandom permutation over bit strings
Operates on blocks of data (message broken up into blocks)
Examples include:
DES, AES, RC5, Skipjack
Skipjack chosen due to licensing issues and practicality of software implementation
Packet Format:
Take 2 bytes for CRC and put them toward 4 bytes used for MAC (+2 bytes)
MAC computed over entire packet (data + header)
Security Analysis:
Message Integrity and Authenticity
Based on MAC length (4 bytes for TinySec)
1 in 2^32 chance to guess it
Adversary must send 2^32 packets to correctly fake a message
This is not OK for regular networks, given our data rate, this is ok
Message Confidentiality
Security based on IV length, assuming no reuse
Try to maximize packets each node can send before global reuse of an IV
Each node can send 2^16 packets before IV reuse
Keying Mechanisms:
Keys preconfigured
Network-wide
1 key for all nodes in the network
Per-link
Each pair of nodes that communicate share a key
Per-group
Each set of nodes that communicate share a key
2.6.5. SM:
2.6.6. ZigBee:
Zigbee is wireless PAN (Personal Area Network) technology developed to support automation,
machine-to-machine communication, remote control and monitoring of IoT devices. It evolved
from IEEE 802.15.4 wireless standard and supported by the ZigBee Alliance.
Zigbee is considered to be a secure wireless communication protocol, with security architecture
built in accordance with IEEE 802.15. 4 standards. Security services provided by Zigbee
include key establishment, key transportation and frame protection via symmetric
cryptography.
However, Zigbee security features are based on certain assumptions:
Zigbee assumes an “open trust” model. The protocol stack layers trust each other. The
layer that originates a frame is responsible for its security.
The security services cryptographically protect the interfaces between different devices
only.
Interfaces between different stack layers in the same device are arranged non-
cryptographically.
The secret keys are not discovered during key-transport. An exception to this is during
pre-configuration of a new device, in which a single key may be sent unprotected.
Availability of almost perfect random number generators.
Availability of tamper-resistant hardware.
There are two types of security models in Zigbee networks, as presented in Figure 6. They mainly
differ according to the implemented mechanism, how new devices are admitted into the network and
how they protect the messages in the network – Centralized security network and Distributed security
network.
1. Centralized Security model is complex but more secure and involves the Trust Center
(network coordinator). Only Zigbee Coordinators with Trust Center can establish
centralized networks. Nodes join the network, receive the network key and establish
unique link key with Trust Center. The Trust Center is responsible for:
Configuring and authenticating routers and end devices that join the network.
Generating network key to be used for encrypted communication across the network.
Periodically or as required, switching to a new network key, as a security protection
method. If an attacker acquires a network key, it will have a limited lifetime.
Establishing a unique link key for each device, as they join the network.
Maintaining the overall security of the network.
1. Distributed security model is simple, but less secure. This model supports only routers and
end devices. Routers find their role in formatting the distributed network and they are
responsible for sign up of other routers and end devices. Routers publish network keys
(used to encrypt messages) to newly joined routers and end-devices. All the nodes in the
network use the same network key for encrypting messages. Also, all nodes are pre-
configured with a link key (used to encrypt the network key) before entering the network,
as there is no Coordinator and Trust Center.
IEEE 802.1X:
Devices attempting to connect to a LAN or WLAN require an authentication mechanism. IEEE
802.1X, an IEEE Standard for Port-Based Network Access Control (PNAC), provides protected
authentication for secure network access.
An 802.1X network is different from home networks in one major way; it has an authentication
server called a RADIUS Server. It checks a user's credentials to see if they are an active member
of the organization and, depending on the network policies, grants users varying levels of access
to the network.
This allows unique credentials or certificates to be used per user, eliminating the reliance on a
single network password that can be easily stolen.
802.1X is a network authentication protocol that opens ports for network access when an
organization authenticates a user's identity and authorizes them for access to the network.
The user's identity is determined based on their credentials or certificate, which is confirmed
by the RADIUS server. The RADIUS server is able to do this by communicating with the
organization's directory, typically over the LDAP or SAML protocol.
KEY TAKEAWAYS
802.1X is an authentication protocol to allow access to networks with the use of a RADIUS
server.
802.1X and RADIUS based security is considered the gold standard to secure wireless and
wired networks today.
LEACH (Low-Energy Adaptive Clustering Hierarchy) is a routing protocol for wireless sensor
networks in which:
o The base station (sink) is fixed
o Sensor nodes are homogenous
LEACH conserves energy through:
o Aggregation
o Adaptive Clustering
– Direct-Transmission
• Single-hop
– Minimum-Transmission Energy
• Multi-hop
– Static Clustering
• Multi-hop
Direct-Transmission:
Most efficient when there is a small coverage area and/or high receive cost
Static Clustering:
2.6.9. TeenySec:
A Wireless Sensor Network (WSN) link layer security protocol called TeenySec.
WSNs are caused by a lot of vulnerability because of factors such as hardware constraints of
the sensor nodes, wireless communication medium, real-time computing, heterogeneous
structure, large number of nodes, scalability, mobility, weight and cost requirements of
application environment.
In sensitive WSN applications like surveillance of enemy lines or border areas, security
protocols must be used which provide confidential data transfer from sensors to base station.
new data link layer protocol is developed which is called TeenySec.
TeenySec provides data confidentiality, data integrity, data freshness and data authentication
and is also energy efficient.
Step 1: Purpose & Requirements Specification • The first step in IoT system design methodology is to
define the purpose and requirements of the system. In this step, the system purpose, behavior and
requirements (such as data collection requirements, data analysis requirements, system management
requirements, data privacy and security requirements, user interface requirements, ...) are captured.
Step 2: Process Specification • The second step in the IoT design methodology is to define the process
specification. In this step, the use cases of the IoT system are formally described based on and derived
from the purpose and requirement specifications.
Step 3: Domain Model Specification • The third step in the IoT design methodology is to define the
Domain Model. The domain model describes the main concepts, entities and objects in the domain of
IoT system to be designed. Domain model defines the attributes of the objects and relationships between
objects. Domain model provides an abstract representation of the concepts, objects and entities in the
IoT domain, independent of any specific technology or platform. With the domain model, the IoT
system designers can get an understanding of the IoT domain for which the system is to be designed.
Step 4: Information Model Specification • The fourth step in the IoT design methodology is to define
the Information Model. Information Model defines the structure of all the information in the IoT system,
for example, attributes of Virtual Entities, relations, etc. Information model does not describe the
specifics of how the information is represented or stored. To define the information model, we first list
the Virtual Entities defined in the Domain Model. Information model adds more details to the Virtual
Entities by defining their attributes and relations.
Step 5: Service Specifications • The fifth step in the IoT design methodology is to define the service
specifications. Service specifications define the services in the IoT system, service types, service
inputs/output, service endpoints, service schedules, service preconditions and service effects.
Step 6: IoT Level Specification • The sixth step in the IoT design methodology is to define the IoT level
for the system.
Step 7: Functional View Specification • The seventh step in the IoT design methodology is to define
the Functional View. The Functional View (FV) defines the functions of the IoT systems grouped into
various Functional Groups (FGs). Each Functional Group either provides functionalities for interacting
with instances of concepts defined in the Domain Model or provides information related to these
concepts.
Step 8: Operational View Specification • The eighth step in the IoT design methodology is to define the
Operational View Specifications. In this step, various options pertaining to the IoT system deployment
and operation are defined, such as, service hosting options, storage options, device options, application
hosting options, etc
Step 9: Device & Component Integration • The ninth step in the IoT design methodology is the
integration of the devices and components.
Step 10: Application Development • The final step in the IoT design methodology is to develop the IoT
application.
First developed in the 1960s for aerospace and the military, embedded computing systems
continue to support new applications through numerous feature enhancements and cost- to-
performance improvements of microcontrollers and programmable logic devices.
Today, embedded computing systems control everyday devices which we don’t generally think
ofas “computers”: digital cameras, automobiles, smart watches, home appliances, and even
smart garments. These embedded computing systems are commonly found in consumer,
industrial, automotive, medical, commercial, and military applications.
Unlike general-purpose computers, embedded control systems are typically designed to
perform specific tasks. The embedded computing system designer’s task is to identify the set
of components that will implement the system’s functional, performance, usability, and
reliability requirements, typically within tight cost and development timeline constraints.
Accordingly, the selection of a microcontroller and its characteristics, including data
processing capabilities, speed, peripherals, and power consumption, is one of the earliest and
most critical aspects of system design.
Part of the designer’s responsibility involves being aware of trends in their particular industry
and taking advantage of relevant components and techniques .
Let’s look forexamples among the top industries for microcontroller applications,
the Internet of Things.
The embedded system that uses the devices for the operating system is based on the language
platform, mainly where the real-time operation would be performed.
Manufacturers build embedded software in electronics, e.g., cars, telephones, modems,
appliances, etc.
The embedded system software can be as simple as lighting controls running using an 8-bit
microcontroller.
It can also be complicated software for missiles, process control systems, airplanes etc.
Microcontrollers for Embedded Computing with IoT Devices
IoT devices are meant to be inexpensive, therefore the microcontroller needs to be chosen so
that its capabilities are not underutilized by the application.
The microcontroller specifications that determine the best part for your application are:
o Bit depth: The register and data path width impacts the speed and accuracy with which
microcontrollers can perform non-trivial computations.
o Memory: The amount of RAM and Flash in a microcontroller determines the code size
and complexity the component can support at full speed. Large memories have larger
die area and component cost.
o GPIO: These are the microcontroller pins used to connect to sensors and actuators in
the system. These often share their functionality with other microcontroller peripherals,
such as serial communication, A/D, and D/A converters.
o Power consumption: Power consumption is critically important for battery-operated
devices and it typically increases with microcontroller speed and memory size.
System on Chips:
System on Chip in IoT designed by Redpine Signals is discussed below.This IoT SoC supports
WLAN, bluetooth and Zigbee systems on a single chip. It also supports 2.4 and 5GHz radio
frequencies.
As we know IoT is the technology which will provide communication between things,
between things and people using internet and IP enabled protocols.
As we have seen in IoT tutorial any IoT compliant system will have two major parts viz.
front end and back end.
Front end provides connectivity with physical world and consists of sensors while backend
consists of processing and network connectivity interfaces.
Typical IoT system on chip support more than one RATs (Radio Access Technologies). It
will have following modules.
• Transmit and receive switch.
• RF part mainly consists of Trasmitter, receiver, oscillator and
amplifiers.
• Memoriesi.e. Program memory, data memory to
store the code and data
• Physical layer(baseband processing) either on FPGA or on processor based on
complexityand latency requirement.
• MAC layer and upper protocol stacks TCP/IP etc. running on
processor
• ADC and DAC to provide interface between digital baseband and analog RF
portions.
• Various interfaces such as SDIO, USB, SPI etc to provide interface with the
host.
• Other peripherals such as UART, I2C, GPIO, WDT etc. to use the IoT SoC for
variousconnections.
This IoT SoC (system on chip in IoT) can be used for numerous applications
as mentioned below:
• Mobile
• M2M-Communication
• Smart meters
• Home automation
• Health care devices and equipments
Figure: Simplified block diagram of the basic building blocks of the IoT
Sensors:
• These form the front end of the IoT devices. These are the so-called “Things” of the system.
Their main purpose is to collect data from its surroundings (sensors) or give out data to its
surrounding (actuators).
• These have to be uniquely identifiable devices with a unique IP address so that they can be
easily identifiable over a large network.
• These have to be active in nature which means that they should be able to collect real-time
data. These can either work on their own (autonomous in nature) or can be made to work by
the user depending on their needs (user-controlled).
• Examples of sensors are gas sensor, water quality sensor, moisture sensor, etc.
Processors:
• Processors are the brain of the IoT system.
• Their main function is to process the data captured by the sensors and process them so as to
extract the valuable data from the enormous amount of raw data collected.
• In a word, we can say that it gives intelligence to the data.
• Processors mostly work on real-time basis and can be easily controlled by applications.
• These are also responsible for securing the data – that is performing encryption and decryption
of data.
• Embedded hardware devices, microcontroller, etc are the ones that process the data because they
have processors attached to it.
Gateways:
• Gateways are responsible for routing the processed data and send it to proper locations for its
(data) proper utilization.
• In other words, we can say that gateway helps in to and fro communication of the data. It
provides network connectivity to the data. Network connectivity is essential for any IoT system
to communicate.
• LAN, WAN, PAN, etc are examples of network gateways.
Applications:
• Applications form another end of an IoT system. Applications are essential for proper utilization
of all the data collected.
• These cloud-based applications which are responsible for rendering the effective meaning to
the data collected. Applications are controlled by users and are a delivery point of particular
services.
• Examples of applications are home automation apps, security systems, industrial control hub,
etc.
Figure: Basic building blocks of IoT
• In a nutshell, from the figure we can determine that the information gathered by the sensing
node (end node) is processed first then via connectivity it reaches the embedded processing
nodes that can be any embedded hardware devices and are processed there as well.
• It then passes through the connectivity nodes again and reaches the remote cloud- based
processing that can be any software and is sent to the application node for the proper applied
usage of the data collected and also for data analysis via big data.
• More and more, we’re filling out homes with “smart” / connected devices beyond old school
• Enterprises are bringing a whole range of processes, objects and spaces online to amplify human
potential as well.
• The Internet of Things (IoT) has enormous potential, but connecting everything has a side
• We must consider the fundamentals of IoT cybersecurity to protect ourselves personally and
professionally. Top concerns are best practices, the concept of “security by design” and device
Key steps to securing IoT devices include the following best practices:
Perform routine updates. Manufacturers release updates as they recognize ways their
products can be improved. Once the product is in your hands, rapidly installing updates will
help protect you against the most recently discovered threats. But keep in mind that
imperfect updates can expose new security vulnerabilities.
Control access. Consider whether you need to be connected to the internet in order to use
the device. If you don’t need to be connected, then you only want to grant access to your
home network.
Turn off Universal Plug and Play. UPnP is a weak point for routers, cameras, printers and
other devices. At the same time, secure interoperability is a must for IoT.
Improve the passwords. They should be long and alphanumeric, while avoiding repetition,
dictionary words and personal details. Many devices currently ship with incredibly horrible
passwords like “admin” and “password,” so always check with your hardware vendor and
Beyond knowing a few steps you can take with devices, it helps to choose a manufacturer that
follows security by design.
Security by design is a set of principles within hardware and software development focused on
securing the system and reducing the risk of a compromise.
Following these principles allows a manufacturer to know that they are protecting users and
complying with the European Union’s General Data Protection Regulation (GDPR).
Systems built using this method incorporate elements such as abiding by coding best practices,
The key reason that secures by design is so important is that software is typically considered
first and foremost in terms of its function. Security becomes a secondary concern, and the
developers must address security holes and vulnerabilities as an ongoing concern rather than
building it with optimized security.
With secure by design, you can be certain that the manufacturer is fixing security issues
effectively and rapidly.
Secure defaults. Create a secure experience standardly. Allow users to remove protections
if desired.
Correctly repair security issues. Be careful about design patterns, which can introduce
regressions when you attempt to fix your code. Test on all relevant applications.
Keep security simple. You want your code to be as simple as possible. It is easier to reduce
The principle of defense in depth. While it may be reasonable to just have a single control,
The principle of least privilege. Accounts should be given the minimum possible level of
Avoid security by obscurity. You should not attempt to protect critical data simply by
user.
Secure failures. Verify that your code never fails in a manner that makes the user an
administrator by default.
Minimize attack surface area.The attack surface area should be restricted as much as
Threat modelling works by identifying the types of threat agents that cause harm to an
application or computer system.
It adopts the perspective of malicious hackers to see how much damage they could do. When
conducting threat modelling, organizations perform a thorough analysis of the software
architecture, business context, and other artifacts (e.g., functional specifications, user
documentation).
This process enables a deeper understanding and discovery of important aspects of the system.
Typically, organizations conduct threat modelling during the design stage (but it can occur at
other stages) of a new application to help developers find vulnerabilities and become aware of
the security implications of their design, code, and configuration decisions.
Generally, developers perform threat modelling in four steps:
When performed correctly, threat modelling can provide a clear line of sight across a software
project, helping to justify security efforts.
The threat modelling process helps an organization document knowable security threat to an
application and make rational decisions about how to address them. Otherwise, decision-makers
could act rashly based on scant or no supporting evidence.
Overall, a well-documented threat model provides assurances that are useful in explaining and
defending the security posture of an application or computer system. And when the
development organization is serious about security, threat modelling is the most effective way
to do the following:
Detect problems early in the software development life cycle (SDLC)—even before
coding begins.
Spot design flaws that traditional testing methods and code reviews may overlook.
Evaluate new forms of attack that you might not otherwise consider.
Maximize testing budgets by helping target testing and code review.
Identify security requirements.
Remediate problems before software release and prevent costly recoding post-
deployment.
Think about threats beyond standard attacks to the security issues unique to your
application.
Keep frameworks ahead of the internal and external attackers relevant to your
applications.
Highlight assets, threat agents, and controls to deduce components that attackers will
target.
Model the location of threat agents, motivations, skills, and capabilities to locate
potential attackers in relation to the system architecture.
Impact assessment:
Risk impact assessment is the process of assessing the probabilities and consequences of risk
events if they are realized.
The results of this assessment are then used to prioritize risks to establish a most-to-least-critical
importance ranking.
Ranking risks in terms of their criticality or importance provides insights to the project's
management on where resources may be needed to manage or mitigate the realization of high
probability/high consequence risk events.
3.3. Security system integration, framework, Secure APIs, cryptography,
authentication:
Consumer applications – IoT consumer products include smartphones, smart watches and smart
homes, which control everything from air conditioning to door locks, all from a single device.
Business applications – Businesses use a wide range of IoT devices, including smart security
cameras, trackers for vehicles, ships and goods, as well as sensors that capture data about
industrial machinery.
Governmental applications – Governmental IoT applications include devices used to track
wildlife, monitor traffic congestion and issue natural disaster alerts.
The number of IoT devices worldwide now numbers in the billions. Their increased presence in our
daily lives has led to increased scrutiny of their inherent security issues, which we will be exploring
here.
How Internet of Things devices are managed:
To function as intended, IoT devices need to be managed both internally, (e.g., software maintenance)
and externally (i.e., their communication with other devices).
C&C centres and APIs effectively manage day-to-day IoT operations. That said, their centralized nature
creates a number of exploitable weak spots, including:
The dangers posed by exploitable devices can be broken into two categories: threats that they pose to
their users and threats that they pose to others.
Threats to users:
A compromised IoT device places its users at risk in a number of ways, such as:
Data Theft:
An IoT device contains vast amounts of data, much of which is unique to its individual users, including
online browsing/purchase records, credit card details and personal health information.
An improperly secured device leaves this data vulnerable to theft. What’s more, vulnerable devices can
be used as gateways to other areas of the network they are deployed on, allowing for more sensitive
data to be extracted.
Physical Harm
IoT devices are now commonplace in the medical industry, with examples including pacemakers, heart
monitors and defibrillators. While convenient (e.g., a doctor can fine-tune a patient’s pacemaker
remotely), these devices are also vulnerable to security threats.
An improperly secured device can be exploited to interfere with a patient’s medical care. It’s an
exceedingly rare occurrence, albeit one to be considered when developing a strategy for securing IoT
devices.
Threats to others
• Insecure IoT devices are vulnerable to being hijacked and used in a botnet — a collection of
malware-infected internet connected devices, possibly numbering in the millions, controlled
from a remote location.
• For perpetrators, discovering unprotected devices is not difficult and can be easily achieved by
running widely available scripts or tools. This is best exemplified by the existence of Shodan,
a publically available search engine made for the discovery of such devices.
• As IoT devices have become more sophisticated, so have the threats that they pose. This has
manifested itself in all manner of cyberattacks, including widespread spam
and phishing campaigns, as well as DDoS attacks. The latter have been growing in size in
recent years, mostly due to the increased availability of under protected IoT devices.
• One prominent example of this trend occurred in 2016 when a public release of the Mirai
malware prompted perpetrators to create massive IoT botnets and use them for DDoS assaults.
• This lead to an unprecedented wave of attacks, the most notorious of which took down Dyn
DNS services, cutting access to some of the most popular domains in the world including Etsy,
GitHub, Netflix, Spotify and Twitter.
• The malware itself was a relatively simple script that scanned open remote access ports and
tried to gain access using a short list of commonly used login credentials (e.g., admin/admin).
• Still, the lackluster IoT security measures made these simple tactics extremely successful. In
the word of the alleged Mirai malware author, Anna-Senpai: “With Mirai, I usually pull max
380K bots from telnet alone.”
• The sheer volume of Internet of Things devices makes their security a high priority and is
crucial for the future wellbeing of the internet ecosystem.
• For device users, this means abiding by basic security best practices, such as changing default
security passwords and blocking unnecessary remote access (e.g., when not required for a
device’s functionality).
• Vendors and device manufacturers, on the other hand, should take a broader approach and
invest heavily in securing IoT management tools. Steps that should be taken include:
• Imperva cloud WAF helps IoT manufacturers protect their C&C centers by providing on-edge
traffic filtering services that ensure only authorized and authenticated client requests are
allowed to reach their APIs.
• Combining industry-leading WAF services and DDoS mitigation solutions, Imperva cloud
WAF is able to secure its users against all online threats and efficiently handle multi-versioning
from different devices.
• For added reliability, the service is also equipped with load balancing and failover features that
help operators handle organic traffic spikes, such as the kind that can occur upon the release of
a new firmware patch.
Frameworks break down into three types based on the needed function.
Control Frameworks
Program Frameworks
Risk Frameworks
Identify
To manage the security risks to its assets, data, capabilities, and systems, a company must fully
understand these environments and identify potential weak spots.
Protect
Companies must create and deploy appropriate safeguards to lessen or limit the effects of potential
cyber security breaches and events.
Detect
Organizations should put in motion the necessary procedures to identify cyber security incidents as
soon as possible.
Respond
Companies must be capable of developing appropriate response plans to contain the impacts of any
cyber security events.
Recover
Companies must create and implement effective procedures that restore any capabilities and services
damaged by cyber security events.
What is web API security? REST API security vs. SOAP API security.
Web API security is concerned with the transfer of data through APIs that are connected to the
internet. OAuth (Open Authorization) is the open standard for access delegation.
It enables users to give third-party access to web resources without having to share passwords.
OAuth is the technology standard that lets you share that Corgi belly flop compilation
video onto your social networks with a single “share” button.
Most API implementations are either REST (Representational State Transfer) or SOAP (Simple
Object Access Protocol).
REST APIs use HTTP and support Transport Layer Security (TLS) encryption. TLS is a
standard that keeps an internet connection private and checks that the data sent between two
systems (a server and a server, or a server and a client) is encrypted and unmodified.
This means that a hacker trying to expose your credit card information from a shopping website
can neither read your data nor modify it.
You know if a website is protected with TLS if the URL begins with “HTTPS” (Hyper Text
Transfer Protocol Secure).
REST APIs also use JavaScript Object Notation (JSON), which is a file format that makes it
easier to transfer data over web browsers.
By using HTTP and JSON, REST APIs don’t need to store or repackage data, making them
much faster than SOAP APIs.
SOAP APIs use built-in protocols known as Web Services Security (WS Security). These
protocols define a rules set that is guided by confidentiality and authentication.
SOAP APIs support standards set by the two major international standards bodies,
the Organization for the Advancement of Structured Information Standards (OASIS) and
the World Wide Web Consortium (W3C).
They use a combination of XML encryption, XML signatures, and SAML tokens to verify
authentication and authorization.
In general, SOAP APIs are praised for having more comprehensive security measures, but they
also need more management. For these reasons, SOAP APIs are recommended for
organizations handling sensitive data.
What are some of the most common API security best practices?
You probably don’t keep your savings under your mattress. Most people their money in a trusted
environment (the bank) and use separate methods to authorize and authenticate payments. API security
is similar. You need a trusted environment with policies for authentication and authorization.
Here are some of the most common ways you can strengthen your API security:
Use tokens. Establish trusted identities and then control access to services and resources by
using tokens assigned to those identities.
Use encryption and signatures. Encrypt your data using a method like TLS(see above).
Require signatures to ensure that the right users are decrypting and modifying your data, and
no one else.
Identify vulnerabilities. Keep up with your operating system, network, drivers, and API
components. Know how everything works together and identify weak spots that could be used
to break into your APIs. Use sniffers to detect security issues and track data leaks.
Use quotas and throttling. Place quotas on how often your API can be called and track its use
over history. More calls on an API may indicate that it is being abused. It could also be a
programming mistake such as calling the API in an endless loop. Make rules for throttling to
protect your APIs from spikes and Denial-of-Service attacks.
Use an API gateway. API gateways act as the major point of enforcement for API traffic. A
good gateway will allow you to authenticate traffic as well as control and analyse how your
APIs are used.
API management and security
Finally, API security often comes down to good API management. Many API management
platforms support three types of security schemes. These are:
An API key that is a single token string (i.e. a small hardware device that provides
unique authentication information).
Basic Authentication (APP ID / APP Key) that is a two token string solution (i.e.
username and password).
OpenID Connect (OIDC) that is a simple identity layer on top of the popular OAuth
framework (i.e. it verifies the user by obtaining basic profile information and using an
authentication server).
When you select an API manager know which and how many of these security schemes it can handle,
and have a plan for how you can incorporate the API security practices outlined above.
They can also use cryptography for encrypting and decrypting the data within the IoT
ecosystem, using one of the various available options.
Security experts and analysts didn't have figures available on cryptography use in IoT
environments, but they said its use seems to be on the rise.
"It's being used more than it was, but I'm not sure it's being used as much as it should be,"
Pittman said. "All modern devices come with the ability to facilitate encryption natively.
It's no longer something you have to put on devices, so its implementation is trivial compared
to what it was just five years ago."
Still, experts said many organizations aren't using cryptography to secure their IoT
deployments.
They said they hear IT leaders and IoT managers give different reasons for forgoing
cryptography.
For instance, some IT admin don't employ cryptography capabilities because it blocks visibility,
making network analysis and troubleshooting difficult.
Others opt not to use it because they believe managing it or configuring it is beyond their
existing expertise and their ability to pay for needed skills.
Some organizations decide to use cryptography to secure only part of their IoT environment,
such as encrypting data at rest.
Some experts countered those reasons, saying cryptography's benefits outpaces its challenges.
"Security is often a cost center and an afterthought," Fox said. "But using cryptography can be
a quick win when you want to persuade people [of its worth]."
3.3.4 Authentication:
Strong IoT device authentication is required to ensure connected devices on the IoT can be
trusted to be what they purport to be.
Consequently, each IoT device needs a unique identity that can be authenticated when the
device attempts to connect to a gateway or central server.
How authentication of devices is performed in an IoT?
o Depending on the IoT device and its network role, IT admins can use other software
authentication methods such as digital certificates, organization-based access control
and distributed authentication through the Message Queuing Telemetry Transport
(MQTT) protocol.
What is the difference between IoT authentication and authorization?
o What is the difference between IoT authentication and
authorization? Authentication is the process of device identification, and
authorization provides permissions. Authentication provides an undisputed
connection, and authorization is the process of writing identification.
IoT device identity is a critical component of IoT security for connected devices. Unsecured
IoT devices put entire ecosystems at risk.
Provisioning and then managing device identities throughout their lifetimes protects against
malicious cyber security threats.
Provision and secure device identities with a purpose-built, PKI-based platform for exceptional
security.
The IoT Identity Platform is a digital identity architecture designed and built for the demanding
and evolving specifications of the IoT and IoT.
It protects IoT devices, data and communications from chip to cloud through encryption,
authentication and authorization. It:
Is a Public Key Infrastructure (PKI)-based platform
Delivers exceptional encrypted security
Provisions secure digital certificates backed by trusted GlobalSign Certificate Authority
(CA)
By leveraging standards-based PKI to authenticate and establish trust between devices and
services (ie cloud platforms), we ensure the integrity, source and encryption of all data
transmitted within an ecosystem.
Access management is responsible for dealing with requests from users for access. This
process involves username and password control, but also includes the creation of groups or
roles with defined access privileges, and then controlling access by defining group membership.
3. Outdated software
As vulnerabilities in software are discovered and resolved, it is important to distribute the
updated version to protect against the vulnerability.
This means that IoT devices must ship with up-to-date software without any known
vulnerabilities, and that they must have update functionality to patch any vulnerabilities that
become known after the deployment of the device.
For example, the malware Linux.Darlloz was first discovered late 2013 and worked by
exploiting a bug reported and fixed more than a year earlier.
4. Lack of encryption
When a device communicates in plain text, all information being exchanged with a client device
or backend service can be obtained by a ‘Man-in-the-Middle’ (MitM).
Anyone who is capable of obtaining a position on the network path between a device and its
endpoint can inspect the network traffic and potentially obtain sensitive data such as login
credentials.
A typical problem in this category is using a plain-text version of a protocol (e.g. HTTP) where
an encrypted version is available (HTTPS). A Man-in-the-Middle attack where the attacker
secretly accesses, and then relays communications, possibly altering this communication,
without either parties being aware.
Even when data is encrypted, weaknesses may be present if the encryption is not complete or
configured incorrectly. For example, a device may fail to verify the authenticity of the other
party. Even though the connection is encrypted, it can be intercepted by a Man-in-the-Middle
attacker.
Sensitive data that is stored on a device (at rest) should also be protected by encryption. Typical
weaknesses are lack of encryption by storing API tokens or credentials in plain text on a device.
Other problems are the usage of weak cryptographic algorithms or using cryptographic
algorithms in unintended ways.
5. Application vulnerabilities
Acknowledging that software contains vulnerabilities in the first place is an important step in
securing IoT devices.
Software bugs may make it possible to trigger functionality in the device that was not
intended by the developers.
In some cases, this can result in the attacker running their own code on the device, making it
possible to extract sensitive information or attack other parties.
Like all software bugs, security vulnerabilities are impossible to avoid completely when
developing software.
However, there are methods to avoid well-known vulnerabilities or reduce the possibility of
vulnerabilities.
This includes best practices to avoid application vulnerabilities, such as consistently
performing input validation.
9. Intrusion ignorance
When a device is compromised, it often keeps functioning normally from the viewpoint of the
user. Any additional bandwidth or power usage is usually not detected.
Most devices do not have logging or alerting functionality to notify the user of any security
problems.
If they have, these can be overwritten or disabled when the device is hacked. The result is that
users rarely discover that their device is under attack or has been compromised, preventing
them from taking mitigating measures.
The IoT gateway is ba sically a bridge between the devices with sensors and
the cloud. IoT gateway solutions may also offer local processing and storage
capabilities.
Additionally, gateway devices can control field-deployed IoT devices based on
the sensor input data.
Since an Edge Gateway is located between the local intranet and external internet,
it is a critical point for network connectivity.
The gateway also has higher processing power than field -deployed IoT controllers
(retrofitted with sensors).
This implies that the gateway has superior software that, in turn, is vulnerable for
hackers to exploit. Hence, it is crucial that the gateway is adequately protected .
The hardware and soft ware security measure s for a gateway device are similar to that for
the IoT sensor devices. We have explained this in part 1 of this blog series; so we will
not go into the details here.
Here is an overview of IoT gateway security elements at the hardware and soft ware level.
As far as PAN level security is concerned, ther e are several security components
that can be incorporated in the s ystem:
PENIOT is a penetration testing tool for Internet of Things (IoT) devices. It helps you to
test/penetrate your devices by targeting their internet connectivity with different types of
security attacks.
In other words, you can expose your device to both active and passive security attacks.
After deciding target device and necessary information (or parameters) of that device, you
can perform active security attacks like altering/consuming system resources, replaying
valid communication units and so on. Also, you can perform passive security attacks such
as breaching of confidentiality of important information or reaching traffic analysis. Thanks
to PENIOT, all those operations can be semi-automated or even fully automated. In short,
PENIOT is a package/framework for targeting IoT devices with protocol-based security
attacks.
Also, it gives you a baseline structure for your further injections of new security attacks or
new IoT protocols.
One of the most important features of PENIOT is being extensible. By default, it has several
common IoT protocols and numerous security attacks related to those protocols. But it can
be extended further via exporting basic structure of internally used components so that you
can develop your attacks in harmony with the internal structure of the PENIOT.
Why is PENIO Required:
The IoT paradigm has experienced immense growth in the past decade, with billions of
devices connected to the Internet.
Most of these devices lack even basic security measures due to their capacity constraints
and designs made without security in mind due to the shortness of time-to-market.
Due to the high connectivity in IoT, attacks that have devastating effects in extended
networks can easily be launched by hackers through vulnerable devices.
Up until now, penetration testing was done manually if it was not ignored at all. This
procedure made testing phase of devices very slow.
On the other hand, the firms which produce IoT devices should always be up to date on
testing their devices in terms of reliability, robustness as well as their provided
functionalities since being exposed to security attacks by malicious people could cause
unexpected impacts on end-users.
The main aim of PENIOT is to accelerate the process of security testing. It enables you to
figure out security flaws on your IoT devices by automating the time-consuming
penetration testing phase.
Testing:
Most of the attacks have their own sample integration tests under their attack scripts. In order to run
those tests, you need to have a running program for the target protocol. We try to provide you with
example programs for each protocol where one can find server/client scripts under each
protocol's examples directory.
Penetration testing has become an essential part of the security verification process. While it’s great
that there are many penetrations testing tools to choose from, with so many that perform similar
functions it can become confusing which tools provide you the best value for your time.
We are going to review some of the best pentesting tools available to pentesters today and organize
them by category.
Ways to Best Use Penetration Testing Tools
While pentesting tools are usually used in the context of a larger security assessment of a network or
service, there’s nothing holding back sysadmin’s or developers from deploying the exact same tools to
validate the strength of their own work.
1. Powershell-Suite
The PowerShell-suite is a collection of PowerShell scripts that extract information about the
handles, processes, DLLs, and many other aspects of Windows machines. By scripting
together specific tasks, you can quickly navigate and check which systems on a network are
vulnerable to exploit.
Best Used For: Easily automated tasks to discover weak exploitable assets on a
network.
Supported Platforms: Windows
2. Zmap
Zmap is a lightweight network scanner that is capable of scanning everything from a home
network to the entire Internet. This free network scanner is best used to gather baseline details
about a network. If you only have an IP range to go off of, use to get a lay of the land quickly.
Best Used For Information gathering and initial triage of the attack landscape.
Supported Platforms: Zmap is supported on various Linux platforms and macOS
3. Xray
Xray is an excellent network mapping tool that uses the OSINT framework to help guide its
tactics.
Xray uses wordlists, DNS requests, and any API keys to help identify open ports on a
network from the outside looking in.
Best Used For: Pentesters tasked with gaining access to a network with no help
Supported Platforms: Linux and Windows
4. SimplyEmail
SimplyEmail is an email recon tool used to help gather associated information found on the
internet based on someone’s email address. SimplyEmail is based on the harvester solution and
works to search the internet for any data that can help provide intelligence around any given
email address.
Best Used For Pentesters looking to create account lists for enterprise testing
engagements.
Supported Platforms: Docker, Kali, Debian, Ubuntu, macOS
5. Wireshark
Wireshark is likely the most widely used network protocol analyzer across the world. Network
traffic captured via Wireshark can show what protocols and systems are live, what accounts are
most active, and allow attackers to intercept sensitive data.
Best Used For Deep level network visibility into communications.
Supported Platforms: Windows, Linux, macOS, Solaris
6. Hashcat
Hashcat is one of the fastest password recovery tools to date. By downloading the Suite version,
you have access to the password recovery tool, a word generator, and a password cracking
element. Dictionary, combination, brute-force, rule-based, toggle-case, and Hybrid password
attacks are all fully supported. Best of all is hashcat has a great online community to help
support the tool with patching, a WiKi page, and walkthroughs.
Best Used For Up and coming pentesters or system recovery specialists looking for the best
password recovery tool to stake a claim in their business.
Supported Platforms: Linux, Windows, and macOS
8. Hydra
Hydra is another password cracking tool but with a twist. Hydra is the only password
pentesting tool that supports multiple protocols and parallel connections at once.
This feature allows a penetration tester to attempt to crack numerous passwords on different
systems at the same time without losing connection if unbeaten.
Best Used For: Password cracking for professionals
Supported Platforms: Linux, Windows, Solaris, macOS
9. Aircrack-ng
Aircrack-ng is a wireless network security tool that is an all in one package for penetration
testing. Aircrack-ng has four primary functions that make it the ultimate standout in its class;
It does monitoring of network packets, attacking via packet injection, testing of WiFi
capabilities, and finally, password cracking.
Best Used For Command-line heavy users that prefer to script out attacks or defense
measures.
Supported Platforms: Windows, OS X Solaris, Linux
10. Burp Suite
For pentesting web applications, Burp Suite is your go-to tool. Incorporating not only
vulnerability scanning but Fully Proxy capturing and command injection services as well.
Burps UI is fully optimized for the working professional with built-in profiles to allow you to
save your configurations on a per-job basis.
Best Used For Enterprise professionals in charge of application security
Supported Platforms: Windows, macOS, and Linux
11. Metasploit
Comparable to Burp Suite, Metasploit started as an open-source solution and has gained some
traction over the years. Some of the tasks that can be accomplished in Metasploit from a
pentesting perspective include vulnerability scanning, listening, exploiting known
vulnerabilities, evidence collection, and project reporting.
Best Used For Pentesters managing several different companies at once or have
multiple applications to be tested.
Supported Platforms: Windows, macOS, and Linux
12. Nikto
Nikto is a loud and proud web application scanning solution. It is open-source and contains
features like a web server scanner, a pre-packaged list of potentially dangerous files, and a
misconfiguration checker as well.
Nikto is not stealthy, nor does it try to be; it doesn’t try to hide its presence, but it will get the
job done.
Best Used For Enterprise Pentesters or SOCs that have the full permission to scan
systems in a purple team type exercise. Best used to help build out monitoring around
scanning activity within a SOC environment.
Supported Platforms: Windows and Linux
13. Fuzzdb
Fuzzdb is a special kind of penetration testing tool as it contains pre-built attack payloads to
run against web applications to discover if vulnerabilities are genuinely exploitable.
On top of being able to simulate attack patterns, Fuzzdb can run discovery scans and perform
analysis on the responses received from these scans to narrow better the focus of where
vulnerabilities exist.
Best Used For Pentesting professionals that are hired to attempt to exploit
vulnerabilities.
Supported Platforms: Windows, Linux, and macOS
14. NMAP/ZenMap
NMAP is a pentesters best friend. This network security mapping tool gives you a quick look
at the open ports on any given network. NMAP commands allow you to dig into the feasibility
of specific network-level vulnerabilities.
NMAP also has a friendly GUI interface called ZenMap that is easy to use for any skill level.
NMAP also comes with a debugging tool, a comparison tool for comparing scan results, and a
packet generation tool as well.
Best Used For: All skill level pentesters or security professionals to validate and test
vulnerability management.
Supported Platforms: Linux, Microsoft Windows, FreeBSD, OpenBSD, Solaris,
IRIX, Mac OS X, HP-UX, NetBSD, Sun OS, and Amiga
15. sqlmap
Sqlmap is an open-source penetration tool that helps bring validity to possible SQL injection
flaws that may affect your database servers. This automated testing tool comes with a slew of
detailed features, including DB fingerprinting, remote commands, and its detection engine.
Best Used For Expert Pentesters strictly focusing on exploiting databases.
Supported Platforms: MySQL, Oracle, PostgreSQL, Microsoft SQL Server,
Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB
16. MobSF
For mobile platform vulnerability discovery, MobSF is your tool. This hacking tool is an all in
one platform for pen-testing and vulnerability discovery via static and dynamic application
analysis. MobSF also has built-in REST APIs to provide an integrated experience into your
development pipeline. ModSF is ultimately a vulnerability scanner for mobile applications.
Best Used For Enterprise or individual mobile application vulnerability pentesting.
Supported Platforms: Android, iOS, and Windows
17. Linux-Exploit-Suggester
Linux-Exploit-Suggester is an excellent tool for on the fly security testing of Linux systems
without dealing with the overhead of a beefy vulnerability scanner. LES was created for system
admins to get a quick sense of the. Based on its lightweight compatibility, LES is a great
vulnerability catalog for pentesters looking to get a quick overview of a systems configuration,
without creating too much noise via resource consumption.
Best Used For: Pentesters to quickly find a potential host that is vulnerable to start
crafting an exploit without drawing too much attention to themselves.
Supported Platforms: Linux
18. Apktool
Apktool is for those Pentesters or security researchers that are attempting to reverse engineer
malware to determine a way to better protect against it. Apktool only supports 3rd party,
android applications.
Apktool’s feature set includes being able to disassemble and reassemble to original form,
debugging and help to automate repetitive tasks.
Best Used For Pentesters looking to craft a custom payload specific to a company’s
android application or security researchers looking to find a fix for a known android
vulnerability.
Supported Platforms: Android
20. IDA
IDA is the Kleenex of disassembler tools as it is widely supported and used in commercial
validation testing. IDA is interactive as a disassembler as well as a debugger, thus providing
you with a whole solution as a professional. Best of all, it supports all major OS system types.
Best Used For Professional level malware disassembly.
Supported Platforms: Windows, Linux, macOS
21. Radare
Lastly, we have Radare, which is one of the most widely accepted and versatile disassembly
tools available. Some of its features include multiple OS and mobile OS support, file system
forensics, data carving capabilities, and visualizing data structures.
Best Used For: experienced pentesters who have a vast knowledge of multiple
platforms.
Supported Platforms: Linux, *BSD, Windows, OSX, Android, iOS, Solaris and
Haiku
23. Srm
Srm stands for Secure remove, and it takes the hassle out, ensuring a file is entirely removed
from a system. As a pentester, Srm is great for removing temporary files created while accessing
a system, If your intent is to cover up your tracks, Srm is the tool required to remove any rootkit
files that may have been used during the exploit process.
Srm removes and rewrites over the data location to ensure all traces of the data are thoroughly
wiped from the system. Best of all, it is a command-line program that is quick to set up and
use.
Best Used For: permanent file deletion, not even forensics software can recover.
Supported Platforms: Unix and Windows
24. Catfish
Catfish is a pentesting tool that is used by many to quickly search for specific files that tend to
contain sensitive data or can provide them with additional access (like a password
file). Catfish allows the end-user to explore a system for any files containing a particular string
within its name. It is simple but highly effective at what it does.
Best Used For Quick file name searching on a machine.
Supported Platforms: Linux based OS
Performing penetration tests is an essential part of verifying that systems are secure. Using the right
penetration testing tools saves time and helps to improve your overall security posture.
UNIT-4
Hard-coded and embedded credentials are a danger for IT systems and as much hazardous for IoT
devices.
Guessable or hard-coded credentials are a windfall for hackers to attack the device directly.
With default passwords, the attacker may already know the password to the machine!
Mirai infected IoT devices from routers to video cameras and video recorders by successfully
attempting to log in using a table of 61 common hard-coded default usernames and passwords.
The malware created a vast botnet. It "enslaved" a string of 400,000 connected devices.
In September 2016, Mirai-infected devices (who became "zombies") were used to launch the world's
first 1Tbps Distributed Denial-of-Service (DDoS) attack on servers at the heart of internet services.
It took down parts of Amazon Web Services and its clients, including GitHub, Netflix, Twitter, and
Airbnb.
There's more.
Based partly on Mirai, Reaper first came to light at the end of 2017.
Around 20-30,000 devices were found to have been compromised by Reaper, which can be used to
launch crippling DDoS attacks.
Arbor Networks says that it thinks Reaper has been created for the "DDoS-for-hire" market, in which
criminals can rent out botnets to attempt to take down websites that they disagree with.
They should include flexible, secure default settings and, in particular, optional mechanisms like
password complexity, password expiration, account lock-out, one-time password that forces users to
modify the default credentials when setting up the device.
Network managers using adapted IoT Identity and Access Management solutions have a wide range
of device authentication features to reduce IoT attack exposure.
Two-factor authentication, multi-factor authentication, biometric authentication, or digital certificates
(using a Public Key Infrastructure) can ensure that no one can get unauthorized access to the
connected devices.
Gartner notes that privileged access management (PAM) for all devices is essential for slashing IoT
security issues and ensuring IoT networks cannot be hacked.
2. Lack of regular patches and updates and weak update mechanism
IoT products are developed with ease of use and connectivity in mind.
They may be secure at purchase but become vulnerable when hackers find new security issues or bugs.
If they are not fixed with regular updates, the IoT devices become exposed over time.
Let us explain this IoT security concern with Satori.
Satori is another malware that spreads and acts similarly to Mirai.
Satori delivers a worm so that infection can spread from device to device with no human interaction.
First, it doesn't just spread via credential guessing but has been found to target known
vulnerabilities in specific ranges of WiFi routers.
Second, Satori has been discovered infecting smart processor architectures previously ignored
All IoT devices process and communicate data. They need apps, services, and protocols for
communication and many IoT vulnerabilities originate from insecure interfaces.
They are related to web, application API, cloud, and mobile interfaces and can compromise the device
and its data.
Common issues include a lack of/or insufficient device authentication and authorization and weak
encryption or none.
Solutions involve:
Device authentication. It is used to secure access to a connected device and data it generates,
only to authorized people and applications who can prove they know the secret.
Digital certificates. They enable a digital entity (IoT device, computer, etc.) to transfer data
securely to authorized parties. X509 certificates are standard certificate formats usually
signed by a trusted Certificate Authority. They allow us to identify and verify each IoT device
uniquely.
Don't get left behind.
The first thing to do is build applications using the latest security standards and protocols. Various
policies, standards, best practices, and guidelines are available from different sources.
In the United States, the National Institute of Standards and Technology (NIST) released in
January 2020 its second draft of its "Recommendations for IoT Device Manufacturers:
Foundational Activities and Core Device Cybersecurity Capability Baseline."
The European Union Agency for Network and Information Security (ENISA) actively
contributes to European cybersecurity policy. ENISA is about to create a certification
framework for IoT devices in particular. ENISA recently published "Good Practices
for Security of IoT - Secure Software Development Lifecycle" (November 2019). This
document details how to implement security by design for IoT. It comes as a supplement to
its 2017 publication on "Baseline Security Recommendations for IoT Security."
4. Insufficient data protection (communication and storage)
The most frequent concerns in the data security of IoT applications are due to insecure communications
and data storage.
One of the significant challenges for IoT privacy and security is that compromised devices can be used
to access confidential data.
Cryptography is an effective way to address this challenge.
Data encryption prevents data visibility in the event of unauthorized access or theft. It is commonly
used to protect data in motion and is increasingly utilized for protecting data at rest.
The data encryption and decryption make certain that data privacy and confidentiality are preserved,
and the risks of data theft are minimized.
It's an efficient solution against eavesdropping attacks (used in industrial espionage), also known as
sniffing attacks, when the cybercriminal passively accesses data as it is being sent or received on the
network.
Cryptography is also the standard defense against active eavesdropping (aka Man-in-The-Middle
attack) in which the hacker intercepts all relevant messages and injects new ones between two
devices.
The same rule applies to communication between connected smart objects and interfaces such as
web and mobile apps.
A study published in July 2020 analyzed over 5 million IoT, IoMT (Internet of Medical Things), and
unmanaged connected devices in healthcare, retail, manufacturing, and life sciences.
It reveals an astonishing number of vulnerabilities and risks across a stunningly diverse set of
connected objects.
They include shadow IoT (devices in active use without IT's knowledge), compliance violations, and US
Food and Drug Administration recalled (defective and risky) medical devices.
49% of IT teams were guessing or had tinkered with their existing IT solutions to get visibility.
51% of them were unaware of what types of smart objects were active in their network.
86% of healthcare deployments included more than ten FDA recalled devices.
95% of healthcare networks integrated Amazon Alexa and Echo devices alongside hospital
surveillance equipment.
A privacy impact assessment states what personally identifiable information (PII) is collected and
explains how that information is maintained, how it will be protected and how it will be shared. A PIA
should identify: Whether the information being collected complies with privacy-related legal and
regulatory compliance requirements. The risks and effects of collecting, maintaining and
disseminating PII. Protections and processes for handling information to alleviate any potential privacy
risks. Options and methods for individuals to provide consent for the collection of their PII. Under the
E-Government Act of 2002, federal agencies are required to conduct privacy impact assessments for
government programs and systems that collect personal information online. Federal agency CIOs, or
an equivalent official as determined by the head of the agency, are responsible for ensuring that the
privacy impact assessments are conducted and reviewed for applicable IT systems. The Act also
mandates a privacy impact assessment be conducted when an IT system is substantially revised.
Federal agencies such as the U.S. Department of Homeland Security and the Department of Health
and Human Services offer guidance for writing PIAs, such as providing blank privacy impact assessment
templates to assist and facilitate their development.
Privacy by Design is the concept of embedding privacy into any new product,
Organizations are collecting, storing and using personal data more than ever through
a host of fast-evolving technologies that are already known. Products and services –
like smart cars, smart meters and smart homes connected through the Internet of
Things (IoT) – create new challenges in the management of personal data. Arguably,
an even greater challenge is those technologies that are yet to come.
Few would have envisaged the COVID-19 pandemic; fewer still the emergence of
dedicated tracing applications and the privacy implications that mass surveillance
and monitoring would bring. Recent findings from the EY Global Consumer Privacy
Survey 2020 found that the pandemic makes consumers more willing to share
personal data for the benefit of the greater good. However, trust is still a significant
issue. Almost half (47%) of consumers globally don't trust their governments to use
their data beyond its stated purpose.
measures to safeguard the privacy rights of individuals and safeguard their own
organizations to comply with stringent regulations. But this is not about ticking
boxes; it is about embedding a new culture and shifting a mindset that sees privacy at
the heart of any new technology, system or process being designed. More than this, it
is about re-engineering existing systems with a fresh eye on privacy, and a new
respect for the risk of falling foul of the regulators and the law.
Privacy by Design is the concept of embedding privacy into any new product, system
marketing initiative, an early focus and understanding of privacy have clear benefits.
operational efficiencies. It helps build trust and loyalty within a brand and removes
the challenge of managing and storing data needlessly, and all the issues this can
cause. It similarly removes the likelihood of retrospective and often costly privacy
features being required. A further benefit is that it serves to design "out" the
mitigates risk where possible and applies intermediate solutions if needed, pending a
more permanent answer.
"privacy" is not seen simply as the sole domain (and therefore the sole responsibility)
of the privacy officer. It should embrace and be embraced by the whole of the
organization.
Even though Privacy by Design has been around for more than 30 years, many
privacy professionals are still challenged as to the best place to start embedding the
Imagine you have been recently appointed as Head of Privacy and have been tasked
with transforming the organization's privacy practices. What actions should you take
effective, any Privacy by Design strategy needs to be tailored around your own
organization's culture and working practices. That said, there are perhaps five
general steps you can take to infuse Privacy by Design thinking in your people:
1. Raise awareness and build your network
Create awareness of your role and the concept of Privacy by Design. Showcase the
advantages that embedding privacy within the design of new processes and products
can bring. Be positive and show you can bring value to the teams you are going to
support. Build your network within the organization, identifying who will benefit
from embracing Privacy by Design most. Surprisingly, you might find allies across
Senior management will be your greatest ally in this journey because they can
provide the right level of support to infuse Privacy by Design at every level. Make
them understand the value of embedding privacy within product and services you
Privacy by Design will help build customer trust, but it will also generate value for
the organization and help them comply with global data protection regulations. Find
early as possible
Get an understanding of the most important projects and select those with the
highest visibility and high "payback" in terms of results. Proactively reach out to the
This is a crucial component, as it is here that the value of Privacy by Design will be
measured in the field and success stories will support your case. Take a positive and
collaborative approach; do not behave or appear to be a roadblock.
4. Recognize the organization's capabilities and build upon them
and mechanisms that may have implemented "ad-hoc" on specific products that can
support a privacy strategy. Re-use successful strategies into the projects you are
supporting, and foster cross-referencing and collaboration between teams to
strategy. Establish a vision and develop a long-term plan to infuse privacy into the
culture of the organization. The roadmap should involve how and when privacy tools
inform those who are most directly affected, and how to ensure data is used within
the boundaries of your organization's ethical structures.
In an IoT trust model, a thing has to collect information about the candidates it wants to get
service from (or sometimes provide service to, depending on the scenario). If there are
multiple candidates, there should be a ranking mechanism to prioritize them.
The process of threat modeling can be very beneficial in determining how to best protect a
computer application or network. The purpose of the threat modeling is to evaluate the
system from the perspective of a potential attacker, then select appropriate controls for
reducing the risk of those attacks.
o Spoofing – Impersonating another user or system component to obtain its access to
the system
o Tampering – Altering the system or data in some way that makes it less useful to the
intended users
o Repudiation – Plausible deniability of actions taken under a given user or process
o Information Disclosure – Release of information to unauthorized parties (e.g., a data
breach)
o Denial of Service – Making the system unavailable to the intended users
o Elevation of Privilege – Granting a user or process additional access to the system
without authorization
For IoT security to be successful, there needs to be an effective way to reason about how
humanity can trust the security, safety, and privacy of this massive transformation of the
world. Most importantly, “ordinary people,” whether they are consumers or workers, must
be able to safely, reliably, and intuitively interact with vast, complex, interconnected systems
of IoT devices. It can be overwhelming to think about all the ways individuals and society can
be damaged by the haphazard engineering of systems that merge the physical and digital
worlds. Technologists have done a terrible job with security technology so far, yet now we are
about to impose those failures onto the physical world on a scale that only ubiquitous,
pervasive, even invasive computing and connectivity can accomplish. Continuing the status
quo is unsustainable.
The IoT can be thought of as a hyper-connected, hyper-distributed collection of resources. The
complex ecosystem surrounding IoT devices means trusting them will not be intuitive. These
connected devices can potentially be controlled and observed by others anywhere on the
planet. For example, before the IoT, it was always easy to physically check the locks on your
doors and decide to trust those who had the keys. Now with Internet connected “smartlocks,”
you can check or alter their state from anywhere. How can an “ordinary person” track who
has the electronic key and discern that the software controlling the lock is secure and resistant
to hacker attacks? A February 2017 survey of IoT consumers showed that 72% were not sure
how to check if their devices had been compromised.
Users should still be able to delegate trust and authority with the same level of certainty as
when using purely physical devices. Whether home automation devices or industrial devices,
technologists have a responsibility to provide people intuitive and simple methods to
accurately discern what devices and services can be relied on, and what threats they should
rationally worry about. This poses the question, “How can we get back to a place of relative
simplicity of function and where the average user has a reasonable understanding of the
integrity of their connected devices?”
Devices and hosted applications: When I bring an IoT device into my environment, what
aspects can I rely on for security, safety, and privacy? What are the intrinsic properties and
capabilities of the device that make it trustworthy? What are my responsibilities? What can I
expect from other entities such as the device supplier or the services that interact with the
device? If it’s a simple thing, I certainly don’t want a long list of instructions about how to keep
it, myself, and my household safe. Making this intuitive will be a challenge.
Resources: It helps to identify certain components a trust model will need to address. An IoT
device can have various resources made available to a number of entities through the Internet.
They might consist of device controls and state information, as well as streams of information
from connected sensors and computation capabilities. How do I know what those resources are
and who has access to them? How do I govern access to the device? There is also the question
of how well these devices protect themselves from attacks and how robust are those defenses?
Again, the challenge will be to make the answers intuitive for a broad range of people.
Virtual composite devices: Part of the reason for why these human-centered difficulties need
to be considered in IoT trust models is that physical devices can be virtualized as well as be
parts of virtual composite devices, the components of which may interact. In home
automation, such composite devices may be called “scenes” where multiple devices cooperate
to perform a certain household task. In an industrial or metropolitan context, composite virtual
devices will be arbitrarily complex.
Automated performance aids: These are systems that can help us understand the implications
of actions such as including something as a component in a virtual device or system, or the
implications of delegating trust to some entity. These will be an important part of a human-
centric trust model that addresses both the scale and complexity of the evolving IoT. One
potential example of such an aid are intuitive gestures used when in interaction with the IoT.
Typically, such gestures are used in a specific context to point to specific things or virtual
things, and refer to specific entities.
Identity management systems: For these automated performance aids, as well as other IoT
related systems, to properly function, the right device or group of devices and the right entities
who are to be trusted need to be identified. This will require identity management systems that
are vastly larger in scale and much more intuitive. Here again, it is fair to say that the current
inventory of identity management systems (such as username/password pairs, and X.509 and
SAML certs) are woefully inadequate and rarely address many of the already known use cases
for identity. And, of course, it is difficult to claim that these systems are intuitive and easy to
use. While advances are being made in some aspects of identity management (notably
biosensors), the territory that must be covered here is vast, and includes reliable references for
virtual things and their configuration into composites and virtual systems that ordinary people
will need to interact with.
The role of security associations and reference monitors:
Trust models will have various layers. One layer will address the secure actuation of a trusted
process. This layer will use the concept of security association and will need to be made both
reliable and intuitive. For example, when I want to give someone access to my front door, I
typically give them a physical key. I trust that they won’t copy that key and give the copy to
someone else. With electronic locks, I can use an intuitive gesture on my phone to indicate I
want one of my friends to be able to open the front door. One way (of many) that might be
actuated is by causing an electronic key to be securely transmitted to both the lock and to my
friend’s mobile phone. The lock will keep a security association between those keys and a
permission to open the door.
Now my security association with the lock gives me the right to modify the security association
table, but my friend’s security association with the lock does not. That is, I have delegation
rights and she does not. This delegation process involves security protocols, key bindings,
permissions, and other security processes. The idea of a reference monitor was mentioned
before, and it will be an extremely important concept in IoT trust models, since all IoT devices
can harbor one. A reference monitor can be appropriately simple or elaborate. It is typically
implemented as a core (or kernel) process that checks each command against a list of security
associations for permissions to take an action or access to some resource. Now, when my friend
wants to open the door, the lock’s reference monitor will evaluate her command, and use of the
electronic key I gave her, and perhaps the identity of the device she used if it is part of the
security association. Much of this will usually be hidden from the user in a trust model layer.
People should use simple gestures for this delegation of trust, but the model needs to understand
how those gestures precisely carry out the intention of the command giver (and do no more).
Yet another part of an IoT trust model will be the concept of a secure update process. This is
an area that has seen some success, at least in some contexts. That’s good, because the need to
fix things that can potentially go wrong will surely be great as we integrate the physical world
with the cyberworld. Again, the scale of IoT and its multitude of contexts will be challenging.
Given the massive scale of IoT, it will likely be a good strategy to give devices the responsibility
to update themselves and to do so in response to trusted notifications from automated systems
such as attack monitoring systems. However, people have gotten used to updating their mobile
phone OS and apps, but that process still causes disruption. In an IoT context, this may not be
tolerable, especially when updates may subtly change the user experience of a faithful, reliable
thing.
communications security hasn’t been covered, and as alluded, comsec processes may not want
to be included as an intrinsic aspect of a trust model. Sometimes they will be part of the security
actuation layer, but given the overall context of IoT and the myriad communications processes
that may be both intrinsic and extrinsic to devices and systems of devices, in general an effective
trust model will have to be actuated at the device and application layer, and not require isolation
from communication processes.
1. Proactive not Reactive. Instead of assuming a product respects users’ data until a
regulator finds otherwise, tackle privacy concerns early by consulting a privacy engineer
in the initial phases of product development.
2. Privacy as the Default Setting. Identify the ways in which a product processes personal
data, from collecting it to analyzing it to destroying it. In each of those events, the
framework calls for more privacy-respecting settings to be the default, across issues of
data minimization, purpose specification, collection limitation, and more.For instance, if
a user does not need to provide their Social Security Number in order to receive a service,
the service should not collect it in the first place.
3. Privacy Embedded into Design. The design process should regularly assess privacy
impacts and risks before products go out into the wild.
4. Full Functionality—Positive-Sum, not Zero-Sum. A fallacy in privacy debates is that in
order to respect someone’s privacy, some party must be put at a disadvantage. Privacy
engineers work to create products and services that are not impaired by privacy
protections.
5. End-to-End Security. Security and privacy are tightly related,and poor security
undermines privacy. If unauthorized parties can access personal data, individuals’ data
rights are directly jeopardized. Activities like access control and encryption must be
secure from a technical standpoint.
6. Visibility and Transparency. At first glance, it might seem bizarre that Privacy by Design
calls for visibility, but visibility is integral to trustworthy systems. Privacy-related policies
and procedures, when appropriate, should be clearly accessible to users and internal
stakeholders.
7. Respect for User Privacy. Users’ privacy controls should be usable, from straightforward
consent toggles to timely fulfillment of DSRs. User-facing visuals, copy, and workflows
should prioritize accuracy and accessibility.
4.6 Privacy preservation and data dissemination – for IoT used in smart
buildings, privacy protection in personal IoT applications:
Privacy preservation in IOT is an important concept, because when the data is transferred
or communicated between different parties then it's compulsory to provide security to
that data so that other parties do not know what data is communicated between original
parties.
During data dissemination, the IoT devices are communicating through different
technologies in order to build information about the process. This allows an application
to come to the reality in view to their integration within the IoT realm.
IoT in Home Automation Smart Homes (SH) are equipped with different types of
sensors and RFID to monitor and efficiently use the resources. The IoT devices are
connected via wireless connection forming a network and share the data via edge
networks. The home automation system collects information about the daily usage of
power and other user behaviors. Such data are highly sensitive and should not be
revealed. Hence, it is important to develop an efficient privacy preserving home
automation system. Privacy preserving home automation system protects the user
identity, location privacy and daily behavior.
IoT in Health Care IoT health care applications consists of wearable sensors, smart
pill box, smart bed etc., to remotely monitor the patients’ health. However, it has
various security and privacy concerns as it collects patient health related information.
IoT devices utilizes fog based system or cloud based systems to store the health care
information. Patients healthcare applications should collect the user data
anonymously and the sensitive health related information must be removed. Such
privacy preserved data is a rich resource of disease diagnosis and health care systems.
So, developing health care application with privacy concern has become a mandate.
IoT in Fog & Cloud Computing The ubiquitous nature of cloud and pervasive nature
of IoT together called as cloudIoT. Cloud computing based IoT system collects
information from IoT sensors and it stores data in the cloud. The cloud computing
offers different services to the IoT system such as storage, service, computation etc.
It reduces the computation burden of IoT devices. Fog computing is also called as edge
computing which is an extension of cloud.
computing. Fog computing differs from cloud computing in the distributed network.
Fog computing is a network of edge smart devices connected with cloud. Having fog
nodes in the edge network eases the burden of cloud servers and improves ubiquity.
Fog enabled IoT applications consists of fog nodes which performs routing, data
collection and aggregation. The data are then transmitted to cloud for storage.
IoT in Blockchain Blockchain is another emerging technology which is used in
transaction and interactions. Blockchain for IoT applications can build the trust
between the devices, reduces the computational costs, and accelerate transactions.
Blockchain in IoT provides solution for the data synchronization among thousands of
IoT devices. Traditional client server model fails to synchronize huge number of IoT
devices.
The platform is a key building block of the ecosystem and the focus of much investment and
commentary in the industry. Examples include Microsoft’s Azure IoT suite and AWS IoT. Whereas this
element is key, it is the other two that are more nuanced and challenging for businesses to figure out.
Indeed, building an IoT ecosystem is a complex undertaking with many interconnected factors that
need to be juggled with. Supporting an ecosystem requires more than just having a platform and
making APIs available to third parties. Companies offering platforms need to be able to create the
right incentives (financial and other kinds), support systems for partners, and define how they – and
not competing players – will create more value for their partners.
There are a number of key enablers that enterprises should focus on, when developing their IoT
ecosystems. These are briefly discussed below.
Enabling platforms: as mentioned above, platforms are the foundation of the ecosystem.
Businesses need to deploy IoT platforms that fulfil the expectations of both customers and
partners in terms of functionality, reliability, security and flexibility. The platform needs to
enable not only vertical solutions, but a true ecosystem in the form of a marketplace for IoT
products and services.
APIs: APIs are the basic building blocks of an IoT ecosystem, and businesses must therefore
develop a strong API strategy. This strategy should be based on a deep understanding of the
IoT markets that the business intends to target. Designing and supporting APIs for everyone
is impractical, which means that a focused approach is recommended. The business should
also develop an API roadmap that is in line with its overall IoT strategy, while the API pricing
and support model must be aligned with the business’ ecosystem revenue model. APIs can
ultimately foster – or discourage – network effects. If using your APIs is too onerous or does
not create sufficient value, ecosystem partners will be reluctant to invest time or effort. It is
therefore vital that businesses define their API strategies with market and partner needs in
mind.
Communities: for ecosystems to be true ecosystems, communities of partners need to exist.
These partners should be able to develop products and services based on the company
resources (via APIs), as well as those of other ecosystem participants. The benefits to
businesses can be immense. By enabling others to invest and create new products and
services, the business is able to boost innovation. This is achieved without incurring every cost
and risk involved, but by sharing these with the ecosystem partners. Companies like IBM,
Amazon and Microsoft are very active in this area sponsoring hackathons and sponsoring
university research programs and incubators.
Own branded services: in many cases, it makes sense for businesses to offer complete IoT
solutions, either with their own products or through integration with partners. This to signal
commitment to market and to kick-start the ecosystem expansion. A good example is Digital
Life from AT&T, a telco in the US – the company has developed an integrated home monitoring
service together with partners, and markets the service as an AT&T-branded product. This
branded service serves to signal AT&T’s commitment to the IoT and, as the service establishes
itself in the market, AT&T is looking at opening it to a wider array of partners, thus further
developing the initial ecosystem.
Revenue models: revenue models are a key aspect for the successful development of
IoT ecosystems. Businesses looking to attract ecosystem partners need to define the right
revenue generation and sharing model – one that incentivizes partners to join the ecosystem,
reduces risks for partners to innovate and fits with the business model of the individual
partners. Some partners will be attracted to a revenue sharing model, while others will prefer
a licencing or fixed royalty-based model. Models like “freemium” can be good to encourage
experimentation and early adoption in IoT communities. This means that firms will need to
support several revenue and partnership models, which in turn will require new decision and
management systems.
Ecosystem support functions: the final (and perhaps most overlooked) enabler is the internal
organization and the related support functions. A critical function here is partner
management, which not only means being able to recruit but to incentivize and support
ecosystem partners throughout the partnership lifecycle. This is a capability that goes beyond
basic reseller agreements. Businesses will also require dedicated teams to support the
ecosystem. This support includes technical (e.g. how to use an API) but also marketing (e.g.
sell your apps on our marketplace) and operational (e.g. “fulfilled by Amazon”).
Moreover, a governance model that establishes clear ‘ecosystem rules’ is critical in order to maintain
harmony among members and a healthy cooperative ecosystem.
Unit V
Best Practices in IoT Security
Being prepared for incident response in IoT requires planning on how you will deal with two
types of incidents in your IoT workload. The first incident is an attack against an individual IoT
device in an attempt to disrupt the performance or impact the device's behaviour.
The second incident is a larger scale IoT event, such as network outages and DDoS attack. In
both scenarios, the architecture of your IoT application plays a large role in determining how
quickly you will be able to diagnose incidents, correlate the data across the incident, and then
subsequently apply runbooks to the affected devices in an automated, reliable fashion.
For IoT applications, follow the following best practices for incident responses:
IoT devices are organized in different groups based on device attributes such as location
and hardware version.
IoT devices are searchable by dynamic attributes, such as connectivity status, firmware
version, application status, and device health.
OTA updates can be staged for devices and deployed over a period of time. Deployment
rollouts are monitored and can be automatically aborted if devices fail to maintain the
appropriate KPIs.
Any update process is resilient to errors, and devices can recover and roll back from a
failed software update.
Detailed logging, metrics, and device telemetry are available that contain contextual
information about how a device is currently performing and has performed over a period
of time.
Fleet-wide metrics monitor the overall health of your fleet and alert when operational
KPIs are not met for a period of time.
Any individual device that deviates from expected behavior can be quarantined,
inspected, and analyzed for potential compromise of the firmware and applications.
How do you prepare to respond to an incident that impacts a single device or a fleet of
devices?
Implement a strategy in which your InfoSec team can quickly identify the devices that need
remediation.
Ensure that the InfoSec team has runbooks that consider firmware versioning and patching for
device updates.
Create automated processes that proactively apply security patches to vulnerable devices as
they come online.
At a minimum, your security team should be able to detect an incident on a specific device
based on the device logs and current device behavior. After an incident is identified, the next
phase is to quarantine the application.
To implement this with AWS IoT services, you can use AWS IoT Things Groups with more
restrictive IoT policies along with enabling custom group logging for those devices. This allows
you to only enable features that relate to troubleshooting, as well as gather more data to
understand root cause and remediation.
Lastly, after an incident has been resolved, you must be able to deploy a firmware update to the
device to return it to a known state.
Ideally, misuse cases will be created during the upfront threat modeling process. Many specific
misuse patterns can then be generated for each misuse case.
Misuse patterns should be low-level enough that they can be decomposed into signature sets
applicable to the monitoring technology (for example, IDS/IPS, SIEM, and so on) that will be
used both on-premises and in your cloud environment. Patterns can include device patterns,
network patterns, service performance, and just about anything that indicates potential misuse,
malfunction or outright compromise.
IoT vulnerabilities might cause catastrophic disruptions, ranging from privacy breaches to
breakdowns of public ecosystems.
User privacy concerns are among the key obstacles to the widespread adoption of connected IoT
devices. Smart gadgets offer incredible value creation and capture opportunities, but their vulnerabilities
might cause catastrophic disruptions, ranging from privacy breaches to breakdowns of public
ecosystems. In this article, we assess the risks of IoT adoption and consider privacy management
standards, approaches, and paradigms.
The Scope of IoT Security Vulnerabilities
According to a report by Deloitte, among the 49 countries that possess a defense budget of over $1
billion and keep exposed IoT systems found online, Slovakia, Lithuania, Estonia, Latvia, and the Czech
Republic are the top five most-exposed countries based on IoT targets per unit of GDP. Their quick
adoption of IoT systems without proper security measures might cause significant economic damage to
individual businesses, entire industries, and the national economy as a whole. The US is lower on the
list of the most vulnerable states, despite the largest number of exposed IoT systems located, as its
economy is more diverse and stable in the face of a potential attack.
China, Iran, and the Russian Federation are less vulnerable to IoT attacks, possibly because of lower
adoption or the ongoing development of statewide cyber-security systems. Japan is one of the most
secure economies, despite the widespread adoption of industrial and household automation. This may
be the result of the Japanese approach to developing custom software instead of adopting available
solutions as well as security-conscious design and implementation of IoT systems.
IoT: Targeted and Weaponized
IoT systems can be both a weapon and a target of malicious attacks. Millions of unsecured devices have
been infected with Botnet technology and participated in Distributed Denial of Service (DDoS) attacks.
Krebs On Security, Dyn, and other companies fell victim to attacks that did not require big budgets and
sophisticated technology due to IoT devices’ vulnerability.
Targeting IoT systems is another serious security concern. Three major categories of IoT systems with
huge potential for economic and public safety repercussions include:
Industrial infrastructure. Switches, valves, CNC, and production environment controls are at
risk. Tampering with any of the exposed industrial systems may lead to asset damage, lost
production, equipment malfunctions, and accidents.
Communications infrastructure. VoIP systems and routers are the most vulnerable among
communication IoT devices. Physical damage of the networks, large-scale losses of
communication, and panic among the population are all high-impact risks.
Building infrastructure. Power, security, elevators, and environmental controls are commonly
exposed systems. Their vulnerabilities can cause physical damage to the systems and buildings,
denial of service, and panic among the tenants.
Other emerging IoT targets include traffic control and autonomous driving systems, as well as critical
objects of national infrastructure, like nuclear power plants or major telecommunication switches.
Although their security is usually better, they still present alluring targets for cyberterrorists.
IoT Identity Management and Privacy Security Standards
The US and the EU countries focus their security efforts on critical infrastructure and military targets,
leaving the protection of privately owned systems to their operators and owners. However, this approach
leaves a window of opportunity for malicious cyber attacks as the adoption of IoT systems spreads
across public, commercial, and industrial sectors. Foreseeing the economic, financial, and psychological
impact of IoT vulnerabilities, the international community has been working on standards for security
techniques to protect user identity and privacy.
The breaches in data security cause loss of personally-identifiable information that affects organizations
and individuals. Identity theft, legal liability, recovery costs, and reputation risks are among the
common consequences of security breaches in IoT and other sectors.
ISO/IEC 29100
ISO/IEC 29100 is designed for organizations that develop, operate, or maintain systems handling
personally identifiable information. The privacy framework outlined by the standard enables businesses
to identify security terminology, define critical roles engaged in personal data processing, describe
privacy security considerations, and reference common privacy principle used for IT.
According to the ISO/IEC 29100 Privacy Framework, users, subscribers, and data owners take on the
role of personal information providers, while application owners and operators act as PI receivers. A
user-centric, privacy security framework is established if PI receivers employ privacy safeguarding
controls to meet the PI providers’ privacy preferences at all stages of information handling, from
collection and storage to usage, transfer, and deleting.
ISO/IEC 24760
This standard provides guidance for identity information management. While the first part outlines
terminology and concepts, the second one defines reference architecture and requirements, and the third
part suggests the practical implementation of an identity management system. The practices address
identity-related risk when acquiring, processing, storing, transferring, and using personally identifiable
information.
According to the ISO/IEC 24760, application owners should manage the risk of identity errors and
ensure the confidentiality, integrity, and availability of identity information they store, process, and
communicate. The standard also suggests the use of identifiers. They allow businesses to distinguish
entities and facilitate their representation in some situations, e.g. hiding the entity’s identity when
providing identity information for use.
Privacy-By-Design in IoT
Existing international standards and regulations concerning privacy and protection of personal data
leave multiple consumer issues unanswered. While ISO Consumer Policy Committee (COPOLCO) is
working on standards for identity management and privacy technologies, researchers and IoT pioneers
rely on the principles of Privacy-by-Design (PbD).
Balancing Privacy Risks and Benefits
Studies conducted for the World Economic Forum demonstrate that data owners (IoT users) are willing
to release personal information to data consumers for sufficient benefits. However, to make a pragmatic
decision, users should realize the risks associated with sharing private data. Additionally, users should
be able to change their privacy preferences according to context.
Privacy risks awareness implies that:
Data sensitivity can be direct or indirect. While power consumption is not sensitive on its own,
frequent measurements allow data consumers to infer sensitive data, including the use of
specific devices, presence or absence, behavior patterns and more.
Trust in data consumer depends on the data consumer’s reputation and interaction history.
State-owned companies might be more trustworthy than private businesses.
Data leakage reflects the accuracy of the personal data shared and often depends on the
sampling frequency. Increased sample frequency boosts the confidence degree of the inferences
made by data consumers based on the IoT data.
Data providers can expect physical, financial, or psychological benefits of sharing personal information.
Common examples of data sharing benefits include reduced rates, lower consumption, feelings of self-
satisfaction, and confidence.
Privacy-By-Design Development Principles
Researchers of the Privacy and Big Data Institute, Ryerson University, outlined IoT security concepts
based on seven basic Privacy-by-Design principles. They are recommended for IoT devices’ designers,
developers, testers, and operators.
1. Anticipate and eliminate opportunities for abuse. Only IoT users can approve their personal
information gathering, processing, and sharing. In the user-centric development cycle, privacy abuse
potential is accessed and eliminated at every stage.
2. Configure privacy by default. To foster consumer trust and benefit from a public perception gap
that favors reliable technologies, businesses design intrinsic privacy before adding information
management capabilities.
3. Embed integrity into design. Layering privacy security at all levels of IoT design is becoming an
industry standard, making application designers and developers introduce security features from the
bottom-up.
4. Fuse optimized experiences to full functionality. Forward-thinking companies do not make
customers choose between privacy and full functionality. Instead, they maximize user experience while
protecting user interests and rights.
5. Clarify and simplify for protective design. Complexity reduces the usability of privacy security
measures. To support full lifecycle protection, developers adopt privacy best practices and introduce
simple but overlapping security measures.
6. Control monitoring and awareness. Fear, uncertainty, and doubt among users can be overcome by
introducing customers to the implemented transparent and protective measures.
7. Include users as stakeholders, not victims. Building trust with consumers starts with treating them
as stakeholders, whose primary needs are privacy and safety.
Secure. Vigilant. Resilient Model.
Deloitte considers IoT privacy through a Secure. Vigilant. Resilient. paradigm. To establish a secure
information management system, experts focus on three aspects of privacy security.
1. Software, hardware, and data must be secured at all levels of development and operation, and at all
stages of the lifecycle. Without proper safety measures, IoT device breaches might transform from a
privacy theft to a threat to life.
2. Companies must stay vigilant when dealing with connected devices and collected data, as both
software and hardware are prone to aging and deterioration. Moreover, the attack approaches evolve
and utilize weaknesses of which IoT developers are not aware.
3. To quickly detect the breach, eliminate the threat, and stop the spread, companies must have security
protocols and procedures in place. They help limit the damage done to the systems and the business
reputation as well as reestablish normal operations.
Apart from generating value, IoT systems can cause significant losses for businesses that do not
establish user-centric privacy management systems. Following international standards and relying on
Privacy-by-Design principles are essential to fostering customer trust and promoting wider adoption of
smart connected devices. Disruptive companies ensure privacy considerations lay at the foundation of
every piece of IoT software and hardware and maintain the best security practices throughout the
system’s lifecycle.
5.4 UL’s IoT certification
The Internet of Things (IoT) provides amazing possibilities for product development and is
accelerating innovation at perhaps the fastest rate in history. Things that were nearly unheard
of just a few years ago — tracking wellness on your watch or phone, a refrigerator that orders
your groceries for you, payment from your phone with biometrics, and even mobile driver’s
licenses are all now reality.
Building cybersecurity into connected devices is a critical component needed to unlock the vast
potential of IoT innovation. If done well, it empowers companies to successfully implement
their business strategy, mitigate risks, protect their brand reputation, create product
differentiation, and establish market leadership.
UL helps innovators create safer, more secure products, devices and technologies to enable
their safe adoption by guiding them through the growing complexities across the supply chain.
Interconnected technology is inherently linked with cyberthreats used by attackers who manipulate
software vulnerabilities and weak links in ecosystems. As these threats continue to rise, companies must
build cybersecurity into their organization, processes and product development life cycle, including
updates and end-of-life after successful launch. Otherwise they risk being bypassed by competitors or,
worse yet, may find themselves the center of the next breach.
We’ve seen wide industry acceptance of its cybersecurity solutions and standards. Recent UL
achievements include recognition from the U.S. Food and Drug Administration (FDA) for UL’s
cybersecurity Standard for testing of medical devices, designation as an Amazon-approved lab to
perform security assessments for Alexa-enabled devices, standardizing the mobile driver’s license
globally, and authorization as an approved cybersecurity provider for the Society for Worldwide
Interbank Financial Telecommunication (SWIFT).
While there is no silver bullet for solving IoT cybersecurity challenges, companies must begin to
understand and address cybersecurity risks. This enables them to continue innovating and tackling an
increasingly complex world of product and system interconnectivity with greater confidence.
Cyber Physical System (CPS) is a mechatronic system in which entities are connected to each other
through wired or wireless solutions with means of information and communication technology.
While there is some overlap between the two, it is surprisingly not as much as one might expect.
HIPAA regulations never mention the word ‘firewall’ and instead include vague language such as
“implement technical security measures to guard against unauthorized access...” What does that mean?
Experienced security personnel can connect the dots and know it likely means firewall implementation.
Covered entities, their office staff, and even lawyers probably wouldn’t be able to come to that
conclusion on their own. On the opposing side, PCI has an entire section devoted to firewalls including
frequency of firewall rule review, inbound/outbound restrictions, and so forth.
For those who learn best by facts and statistics, here are numeric comparisons to help clarify the
disparity between HIPAA and PCI.
Each requirement usually requires multiple validation points. A validation point is specific evidence
needed to support the appropriate implementation of the requirement. For example, interviewing
management and reviewing policy documentation are two different validation points.
If you are required to comply with both PCI and HIPAA mandates, you should understand they are
distinct and require mostly different security procedures and protections. Just because you’re compliant
with HIPAA, doesn’t mean your card processes are secure, and vise versa.