TITLE: ( IoT-Internet of Things - An Overview)

A MINIATURE THESIS

Submitted by

DHARUN KUMAR. M

ACADEMIC YEAR (2021-2022)

In partial fulfillment of the requirements for the award of

ALL INDIA SENIOR SECONDARY SCHOOL EXAMINATION

PHASE I

DEPARTMENT OF ENGLISH

BHARATH SENIOR SECONDARY SCHOOL

CHENNAI 600 020

MARCH 2022
 DECLARATION

It is hereby declared that this is an original piece of work carried out

by the undersigned under the supervision of Mrs. Latha Sharma and

has not been submitted elsewhere for the award of any other degree,

diploma, fellowship or any such similar titles.

Place: Bharath Senior Secondary School, Adyar, Chennai -20, India

Date:

Dharun Kumar.

Research

Scholar

41
 CERTIFICATE

Certified that the thesis entitled, “IoT – Internet of Things -

An Overview” is submitted to Bharath senior secondary school for

the internal assessment for English of Class XI embodies the result

of the bonafide research work carried out by Dharun Kumar. M

under the guidance and supervision of Mrs. Latha Sharma during the

study period of Class XI, Bharath Senior Secondary School, Chennai,

Tamil Nadu , India.

Mrs. Latha Sharma

Research Supervisor

Dharun Kumar. M

Research Scholar

41
 ACKNOWLEDGEMENT

I owe my sincere thanks to Dr. (Mrs.) K. Prem Shantha M.Sc.,

M.A., M.Ed. principal of BHARATH SENIOR SECONDARY
SCHOOL, for giving me the opportunity to do this project as a part of
my curriculum.

My sincere thanks Mrs. Latha Sharma., our English teacher for

helping me at each and every stage of this project.

Finally, for his divine guidance and blessings I am grateful to the

Almighty GOD

Name : Dharun Kumar. M

Class : XI A (2021-2022)
Internal examiner:

41
 ABSTRACT
Internet of Things (IoT) is a concept that encompasses various
objects and methods of communication to exchange information.
Nowadays Internet of Things (IoT) gained a great attention from
researchers, since IoT promises a smart human being life, by allowing
a communications between objects, machines and every things
together with peoples. IoT represents a system, which consists things
in the real world, and sensors attached to or combined to these things,
connected to the Internet via wired and wireless network structure.
The IoT sensors can use various types of connections such as RFID,
Wi-Fi, Bluetooth, in addition to allowing wide area connectivity using
many technologies such as 4G, LTE, etc.

By the technology of the IoT, the world will becomes smart in

every aspects, since the IoT will provides a means of smart cities,
smart healthcare, smart homes and building, in addition to many
important applications such as smart energy, grid, transportation,
waste management and monitoring . All objects will be connected and
able to communicate with each other, while they operate in
unprotected environments. This later aspect leads to major security
challenges. In this thesis, we review a concept of many IoT
applications and future possibilities for new related technologies in
addition to the challenges that facing the implementation of the IoT
and its solution.

Keywords: IoT Applications, Smart Cities, Smart Environment,

Smart Energy and Grid, Smart Manufacturing, Smart Health

41
Table of Contents
1. Introduction.......................................................................................................................9
1.1. IoT Definitions..............................................................................................................9
1.2. Connectivity Models...................................................................................................10
1.3. Transformational Potential........................................................................................10
1.3.1. Security.................................................................................................................11
1.3.2. Privacy..................................................................................................................11
1.3.3. Legal, Regulatory and Rights.............................................................................12
1.3.4. Emerging Economy and Development Issues...................................................13
2. Internet of Things Scope and Architecture.....................................................................14
2.1. Scope of Internet of Things........................................................................................14
2.2. The Architecture of Internet of Things.................................................................16
3. Internet of Things Application......................................................................................18
3.1. Smart Cities..................................................................................................................18
3.2. Smart Home and Buildings....................................................................................19
3.3. Smart Energy and the Smart Grid............................................................................21
3.4. Smart Health................................................................................................................23
3.5. Smart Transportation and Mobility..........................................................................24
3.6. Smart Factory and Smart Manufacturing................................................................26
4. Security Threats and Its Solutions................................................................................28
4.1. Existing Security Threats in IoT Systems.................................................................28
4.1.1. Threats of Perception Layer...............................................................................30
4.1.2 Threats of Network Layer....................................................................................32
4.1.3 Threats of Support Layer......................................................................................34
4.1.4 Threats of Application Layer................................................................................35
4.2 Solutions with Respect to Security in IoT..................................................................36
4.2.1. Security of Perception Layer...........................................................................36
4.2.2. Security of Network Layer..............................................................................38
4.2.3. Security of Support and Application Layers......................................................39
5. Conclusion......................................................................................................................41

41
Synopsis
The Internet of Things (IoT) represents a technologically
optimistic future where objects will be connected to the internet and
make intelligent collaborations with other objects anywhere, anytime.
IoT is such a system that supplies connectivity and
interactive communication for anything. Even though “being
connected” is usually used in term of electronic devices in our daily
life, physical objects that have hardware such as sensors or actuators,
connect to the Internet with unique addresses. Data of physical object
are transmitted continuously through wired/wireless networks to
platforms where it will be interpreted.. The revolutionary advance in
this case is that physical objects begin to be deployed and adopted
widely. In addition, most of them begin to work properly without
human intervention.
Nowadays Internet of Things (IoT) gained a great attention
from researchers, since it becomes an important technology that
promises a smart human being life, by allowing a communications
between objects, machines and every things together with peoples.
IoT represents a system which consists a things in the real world, and
sensors attached to or combined to these things, connected to the
Internet via wired and wireless network structure. So this thesis, gives
a overview of IoT, its application ,challenges and solutions which can
be rectified made in future.

41
 LIST OF TABLES
S.N TITLE Pg.No.
o
1. Security requirements 28
2. Security challenges. 29
3. Attacks and related risks on security mechanisms 32
of IoT.
4. Cryptographic algorithms. 37
5. Security of Network Layer on IoT. 39

LIST OF FIGURES
S.No TITLE Pg.No.
Fig. 1 IoT Architecture 16
Fig. 0.1 Smart Cities Aspects 18

Fig. 0.2. Smart Home & building applications 20

Fig. 0.3. Smart grid applications 22

Fig. 0.4 Smart healthcare concept 23

Fig. 0.5. Smart Transportation Aspects 25
Fig 0.6. Smart Factory (Industry 4) 27
Fig. 2. Threats on layers of IoT. 30
Fig. 3 Security solutions on layers of IoT. 36

41
IoT- Internet of Things
(An Overview)

1. Introduction

The Internet of Things engages a broad set of ideas that are complex
and intertwined from different perspectives. Key concepts that serve
as a foundation for exploring the opportunities and challenges of IoT
include:
1.1. IoT Definitions
The term Internet of Things generally refers to
scenarios where network connectivity and computing capability
extends to objects, sensors and everyday items not normally
considered computers, allowing these devices to generate, exchange
and consume data with minimal human intervention. There is,
however, no single, universal definition.

41
1.2. Connectivity Models
IoT implementations use different technical
communications models, each with its own characteristics. Four
common communications models described by the Internet
Architecture Board include: Device-to-Device, Device-to-Cloud,
Device-to-Gateway, and Back-End Data-Sharing. These models
highlight the flexibility in the ways that IoT devices can connect and
provide value to the user.

1.3. Transformational Potential

If the projections and trends towards IoT become
reality, it may force a shift in thinking about the implications and
issues in a world where the most common interaction with the Internet
comes from passive engagement with connected objects rather than
active engagement with content.

The potential realization of this outcome – a “ hyperconnected world

” -- is testament to the general-purpose nature of the Internet
architecture itself, which does not place inherent limitations on the
applications or services that can make use of the technology. Five key
IoT issue areas are examined to explore some of the most pressing
challenges and questions related to the technology. These include
security; privacy; legal, regulatory, and rights; and emerging
economies and development.

1.3.1. Security

41
 Users need to trust that IoT devices and related data services
are secure from vulnerabilities, especially as this technology become
more pervasive and integrated into our daily lives. Poorly secured IoT
devices and services can serve as potential entry points for cyber
attack and expose user data to theft by leaving data streams
inadequately protected. The interconnected nature of IoT devices
means that every poorly secured device that is connected online
potentially affects the security and resilience of the Internet globally.
This challenge is amplified by other considerations like the mass-
scale deployment of homogenous IoT devices, the ability of some
devices to automatically connect to other devices, and the likelihood
of fielding these devices in unsecure environments. Accordingly, a
collaborative approach to security will be needed to develop effective
and appropriate solutions to IoT security challenges that are well
suited to the scale and complexity of the issues.

1.3.2. Privacy

The full potential of the Internet of Things depends on

strategies that respect individual privacy choices across a broad
spectrum of expectations.
The data streams and user specificity afforded by IoT devices can
unlock incredible and unique value to IoT users, but concerns about
privacy and potential harms might hold back full adoption of the
Internet of Things.
This means that privacy rights and respect for user privacy
expectations are integral to ensuring user trust and confidence in the
Internet, connected devices, and related services.

41
Indeed, the Internet of Things is redefining the debate about privacy
issues, as many implementations can dramatically change the ways
personal data is collected, analyzed, used, and protected.

1.3.3. Legal, Regulatory and Rights

The use of IoT devices raises many new regulatory

and legal questions as well as amplifies existing legal issues around
the Internet. The questions are wide in scope, and the rapid rate of
change in IoT technology frequently outpaces the ability of the
associated policy, legal, and regulatory structures to adapt.
One set of issues surrounds crossborder data flows, which
occur when IoT devices collect data about people in one jurisdiction
and transmit it to another jurisdiction with different data protection
laws for processing. Further, data collected by IoT devices is
sometimes susceptible to misuse, potentially causing discriminatory
outcomes for some users. Other legal issues with IoT devices include
the conflict between law enforcement surveillance and civil rights;
data retention and destruction policies; and legal liability for
unintended uses, security breaches or privacy lapses.
While the legal and regulatory challenges are broad and
complex in scope, adopting the guiding Internet Society principles of
promoting a user’s ability to connect, speak, innovate, share, choose,
and trust are core considerations for evolving IoT laws and
regulations that enable user rights.

41
1.3.4. Emerging Economy and Development Issues

The Internet of Things holds significant promise for

delivering social and economic benefits to emerging and developing
economies. This includes areas such as sustainable agriculture, water
quality and use, healthcare, industrialization, and environmental
management, among others. As such, IoT holds promise as a tool in
achieving the United Nations Sustainable Development Goals.
The broad scope of IoT challenges will not be unique to
industrialized countries. Developing regions also will need to respond
to realize the potential benefits of IoT. In addition, the unique needs
and challenges of implementation in less-developed regions will need
to be addressed, including infrastructure readiness, market and
investment incentives, technical skill requirements, and policy
resources.
The Internet of Things is happening now. It promises to
offer a revolutionary, fully connected “smart” world as the
relationships between objects, their environment, and people become
more tightly intertwined. Yet the issues and challenges associated
with IoT need to be considered and addressed in order for the
potential benefits for individuals, society, and the economy to be
realized.
Ultimately, solutions for maximizing the benefits of the
Internet of Things while minimizing the risks will not be found by
engaging in a polarized debate that pits the promises of IoT against its
possible perils. Rather, it will take informed engagement, dialogue,
and collaboration across a range of stakeholders to plot the most
effective ways forward.

41
2. Internet of Things Scope and Architecture

2.1. Scope of Internet of Things

IoT purposes to enable things to be connected anyplace and anytime

using any service/network. Having this purpose of IoT in mind, it is
stated that a correct and easy implementation of an IoT system mainly
depends on identifying the right principles regarding the proper
discovery, identification, configuration and manipulation of
interconnected devices and sensors.

In the study, a classification is proposed that helps in defining the

various elements of IoT from a higher level perspective;

a) Hardware: Sensors, central units and built-in communication

hardware are included in this level. Since a sensor has limited
hardware, it is usually utilized in sensor networks that multiple
sensors are linked together.
A central unit that is a source of centralized services in IoTs, has
a capable of storing, processing, and delivering data to users.

b) Middleware: It consists of storage and calculation tools for

data analytics.

Cloud computing is given as an example in this section.

Cloud computing is the integrity of several traditional technologies
such as hardware virtualization , service-oriented architecture, load-
balancing, distributed computing, grid computing, utility computing
and autonomic computing. It can be considered as a natural step
forward from the grid-utility model. This style of computing relies on
sharing of resources are provided as a service over the Internet to
achieve coherence and economy of scale.

41
 c) Presentation: There are visualization and interpretation tools in
presentation level. These tools are designed for various
applications and can be accessed from any platform.

From the network point of view, the opportunity of accessing

information through tagged object by browsing on Internet primarily
inspired the idea of IoT.

Bringing objects into the digital world and identifying them by using
their Internet addresses are supplied with different tagging
technologies such as RFID and QR Codes. RFID, intelligence
embedded technology, sensor technology and nano-technology are
pioneer technologies for the development of IoT.

Radio frequency identification (RFID) is the foundation and

networking core of the construction of IoT among them . Kevin
Ashton who was a pioneer of IoT underlines this issue in his article
that RFID and the sensor technology strengthen traditional computers
and gain them some significant features such as observation,
identification and understanding the world of sensor data.

Wireless sensor network (WSN) is another type of data collection

technology of the IoT that has some features to maintain the control
over many nodes through wireless communication such as multi-
hopping and self-organization. A WSN system contains a central unit
that provides wireless connectivity back to the wired world and
distributed nodes. Each node is equipped with a sensor to detect
physical phenomena such as light, heat, pressure, etc. Cooperative
sensing, collecting and processing sensor information are purposes of
this network model. The system can execute data collection and
quantification, pro- cessing fusion and transmission application.

41
 2.2. The Architecture of Internet of Things

The architecture of IoT should be an open architecture,

using open protocols to support a variety of existing network
applications.
Likewise, it should additionally incorporate security,
adaptability and semantic representation middleware to promote data
world integration with Internet.
In consideration of these ideas and some related studies,
the architecture in Fig. 1 is proposed to guide theoretical research.

Fig. 1. IoT Architecture.

IoT architecture will change across different IoT projects,

but the need to handle large amounts of data will always be part of
your project.

41
From Fig 1,we can see the following Layers:

1) Perception Layer:
The sensor technology, intelligence embedded
technology, nano technology and tagging technology are located
in this layer. Main purpose of the layer is the identification of
unique objects and the collection of information from the
physical world with the help of its sensors.

2) Network Layer:
It contains WSN, optical fiber communication
networks, broad television networks, 2G/3G
communications networks, fixed telephone networks and closed
IP data networks for each carrier.

Transfer of collected information from sensors, devices,

etc., to an information processing system is under the
responsibility of this layer.

3) Support Layer:
The layer involves information processing systems
which takes information in one form and processes
(transforms) it into another form. This processed data is stored
in a database and will be available when there is a demand. This
layer works very closely with applications. Therefore,
researchers prefer to place it in application layer.

4) Application Layer:
In this layer, there are practical and useful applications
which are developed based on user requirements or industry
specifications such as smart traffic, precise agriculture, smart
home, mining monitor, etc

41
3. Internet of Things Application

Internet of things promises many applications in human life,

making life easier, safe and smart. There are many applications such
as smart cities, homes, transportation, energy and smart environment.

3.1. Smart Cities

Fig. 0.1 Smart Cities Aspects

Many major cities were supported by smart projects, like

Seoul, New York, Tokyo, Shanghai, Singapore, Amsterdam,
and Dubai. Smart cities may still be viewed as a cities of the
future and smart life, and by the innovation rate of creating
smart cities today’s, it will became very feasible to enter the IoT
technology in cities development.

Smart cities demand require careful planning in

every stage, with support of agreement from governments,

41
 citizens to implement the internet of things technology in every
aspects.
By the IoT, cities can be improved in many levels, by
improving infrastructure, enhancing public transportation by
reducing traffic congestion, and keeping citizens safe, healthy
and more engaged in the community as shown in Fig. 0.1.

By connection all systems in the cities like

transportation system, healthcare system, weather monitoring
systems and etc., in addition to support people by the internet in
every place to accessing the database of airports, railways,
transportation tracking operating under specified protocols,
cities will become smarter by means of the internet of things.

3.2. Smart Home and Buildings

Wi-Fi’s technologies in home automation has been

used primarily due to the networked nature of deployed
electronics where electronic devices such as TVs, mobile
devices, etc are usually supported by Wi-Fi. Wi-Fi have started
becoming part of the home IP network and due the increasing
rate of adoption of mobile computing devices like smart phones,
tablets, etc. For example a networking to provide online
streaming services or network at homes, may provide a mean to
control of the device functionality over the network.

At the same time mobile devices ensure that

consumers have access to a portable ‘controller’ for the
electronics connected to the network. Both types of devices can
be used as gateways for IoT applications. Many companies are
considering developing platforms that integrate the building
automation with entertainment, healthcare monitoring, energy

41
monitoring and wireless sensor monitoring in the home and
building environments.
By the concept of the internet of things, homes and
buildings may operate many devices and objects smartly, of the
most interesting application of IoT in smart homes and
buildings are smart lighting, smart environmental and media, air
control and central heating, energy management and security as
shown in Fig. 0.2 below.

Fig. 0.2. Smart Home & building applications

Wireless sensor networks (WSNs) with integration to

the internet of things technology will provides an intelligent
energy management in buildings, in addition to the obvious
economic and environmental gains. Internet together with
energy management systems also offers an opportunity to

41
 access a buildings’ energy information and control systems
from a laptop or a smartphone placed anywhere in the world.
The future Internet of Things, will provide an intelligent
building management systems which can be considered as a part
of a much larger information system used by facilities managers
in buildings to manage energy use and energy procurement and
to maintain buildings systems

3.3. Smart Energy and the Smart Grid

A smart grid is related to the information and control and

developed to have a smart energy management. A smart grid that
integrate the information and communications technologies (ICTs) to
the electricity network will enable a real time, two way
communication between suppliers and consumers, creating more
dynamic interaction on energy flow, which will help deliver
electricity more efficiently and sustainably.

The Key elements of information and communications

technologies will include sensing and monitoring technologies for
power flows; digital communications infrastructure to transmit data
across the grid; smart meters with in home display to inform energy
usage; coordination, control and automation systems to aggregate and
process various data, and to create a highly interactive,responsive
electricity.

Many applications can be handling due to the internet of

things for smart grids, such as industrial, solar power, nuclear power,
vehicles, hospitals and cities power control.

41
Fig. 0.3 shows the most important application may be enabled by the
internet of things as in smart grid aspect.

Fig. 0.3. Smart grid applications

Today’s grid is very reliable and can deal with normal electricity
fluctuations and it will take a step further towards using a low carbon
energy system, by allowing integration between the renewable energy
and green technologies, and offering many benefits to customer in
cost savings through efficient energy use at home.

41
3.4. Smart Health

A close attention that required to hospitalized patients

whose physiological status should be monitored continuously can be
constantly done by using IoT monitoring technologies. For smart
health sensors are used to collect comprehensive physiological
information and uses gateways and the cloud to analyze and store the
information and then send the analyzed data wirelessly to caregivers
for further analysis and review as shown in Fig. 0.4 below.
It replaces the process of having a health professional come by at
regular intervals to check the patient’s vital signs, instead providing a
continuous automated flow of information.
In this way, it simultaneously improves the quality of care through
constant attention and lowers the cost of care by reduces the cost of
traditional ways of care in addition to data collection and analysis
.

41
 Fig. 0.4 Smart healthcare concept
Many peoples around the worlds are suffering from the bad
health because they don’t have ready access to effective health
monitoring and may be a suspected to be as critical situation patients.
But with small, powerful wireless solutions connected
through the IoT are now making possible for monitoring to come to
these patients. These solutions can be used to securely capture patient
health data from a variety of sensors, apply complex algorithms to
analyze the data and then share it through wireless connectivity with
medical professionals who can make appropriate health
recommendations.

3.5. Smart Transportation and Mobility

The development in transportation is one of the factors to

indicate the wellbeing of the country. A road condition monitoring
and alert application is one of the most important of IoT
transformation application. The main idea of the concept of smart

41
transportation and mobility is to apply the principles of crowd
sourcing and participatory sensing. The process began with user
identified the route wishes and marked some points as pothole in the
smart phone's application.
The smart transportation is deal with three main conceptions
as shown in Figure 0.5, they are transportation analytic, transportation
control, and vehicle connectivity.
The transportation analytic represents the analysis of demand
prediction and anomaly detection. The routing of vehicles and speed
control in addition to traffic management are all known as
transportation control which they actually tightly related to the way of
the vehicles connectivity (V2X communication), and overall
governed by multi-technology dissemination.

Fig. 0.5. Smart Transportation Aspects

41
 IoT can also be used in transportation is an electric vehicles,
an important means to reduce both the fuel cost and the impact of
global warming have also gained considerable attention from drivers.
Government in many countries has supported researches on
systems to monitor performance of Lithium-ion (Li-on) battery for
electric vehicle as explored. The system presented was designed to
detect the functions of Li-on power battery by deriving the driving
situation from the realistic working conditions for driver so that the
driver was able to get the idea of the route status.
This solution was embedded with many essential
functions such as dynamic performance test of the Li-on battery,
remote monitoring with on-line debugging and error correction that
could significantly reduce the maintenance cost.
For example, Tesla is a leading electronic car company which
uses IoT and AI (Artificial Intelligence).

3.6. Smart Factory and Smart Manufacturing

Smart factory added a new values in manufacturing

revolution by integrates artificial intelligence, machine learning, and
automation of knowledge work and M2M communication (Machine-
to-machine) with the manufacturing process.
The smart factory will fundamentally change how products are
invented, manufactured and shipped. At the same time it will improve
worker safety and protect the environment by enabling low emissions
and low incident manufacturing. These advances in the way machines
and other objects communicate and the resulting way in which
decision-making moves from humans to technical systems means that
manufacturing becomes “smarter” .
New technologies such ; Automation, robotics, and autonomous
mobility are all provides a means of smart manufacturing but M2M

41
communications enabled by the “industrial” internet of things will
provides a full meaning of smart factory and smart manufacturing by
the way of Big Data concept which in this context, refers to the
analytical possibilities offered by the volume and variety of data that
is generated by a networked economy to optimize the industrial
processes to implying less maintenance downtime, fewer outages and
much reduced energy consumption.
Industries and manufacturing revolution became one of
the most developed technologies nowadays, the growth of the
industry evolution taken many generations. The first generation
related to the mechanical machines in addition to water and stream
power. The second industry generation deal with mass production,
assembly lines and electricity. In the end of the last century, industries
operated under control of computers and automation, which
recognized as third generation of industries.

41
 Fig 0.6. Smart Factory (Industry 4)

The smart industry as a fourth generation known as

industry 4.0 is based on cypher physical systems which can able to
connect with the internet.
The industry 4.0 concept with the internet of things can
achieve a great expectations for industries resolution deals with many
aspects a shown in Fig. 0.6 By introducing the high-tech strategy
2020 initiative focusing the country’s research and innovation policy
on selected forward-looking projects related to scientific and
technological developments.

4. Security Threats and Its Solutions

4.1. Existing Security Threats in IoT Systems

Security requirements are examined in some studies in

different dimensions. The requirements addressed in many studies can
be summarized under five headings in Table 1.

Only legal users should be allowed to access the

Authenticity:
system or sensitive information.

The privileges of device components and

applications should be limited as so they are able to
Authorization:
access only the resources they need to do their
addressed tasks.

41
 Information transmission between the nodes should
Confidentiality:
be protected from intruders.
Integrity: Related information should not be tampered.

In order to avoid any potential operational failures

Availability and
and interruptions, availability and continuity in the
Continuity:
provision of security services should be ensured.

Table 1. Security requirements.

In order to fulfil these requirements in Table 1, there are

several challenges that must be handled in Table 2.

Relevant security solutions should not prevent the

Interoperability: functionality of interconnected heterogeneous devices
in IoT network system.
In IoT architecture, most of nodes lack of storage
capacity, power and CPU. They generally use low-
bandwidth communication channels. Hence, it is
Resource
unable to apply some security techniques such as
constraints:
frequency hopping communication and public key
encryption algorithm. Setup of security system is very
difficult under these circumstances.
Although some IoT applications use brief and
infrequent communication channels, there are
considerable number of IoT system such as sensor-
Data volumes:
based, logistics and large-scale system that have
potentials to entail huge volume of data on central
network or servers.
Privacy Since a great number of RFID systems are short of

41
 suitable authentication mechanism, anyone can tracks
tags and find the identity of the objects carrying them.
protection:
Intruders can not only read the data, but can also
modify or even delete data as well.
The IoT network consists of a large number of nodes.
Scalability: The proposed security mechanism on IoT should be
scalable.
Traditional computers need users to configure and
adapt them to different application domains and
different communication environments. However,
objects in IoT network should establish connections
Autonomic
spontaneously, and organize themselves for adapting
control:
to the platform they are operating in. This kind of
control also involves some techniques and
mechanisms such as self-configuring, self-optimizing,
self-management, self-healing and self-protecting.
Table 2. Security challenges.
In this section, existing threats in IoT systems are examined
in four categories based on IoT architecture which have been
addressed in Section 2.
The examination is summarized in Figure 2.

41
 Fig. 2. Threats on layers of IoT.

4.1.1. Threats of Perception Layer

Sensor and intelligence embedded technologies including RFID

readers, sensors or GPS are under threat because of various security
flaws. Main threats are discussed below:

Spoofing: It is initiated with a fake broadcast message sent to sensor

network by the attackers. It makes it to assume its originality falsely
which makes it appearing from the original source. It is quite often
that this scenario is results in the attacker obtaining full access to the
system making it vulnerable.

Signal/Radio Jamming:
It is a type of DoS attack that it occupies the
communication channel between the nodes and hinders them from
communicating with each other.

41
Device-tampering/Node-capturing:
The attacker captures the sensor node physically
replaces the node with their malicious node. This type of attack
usually results in the attacker gaining total control over the captured
node and harms the network.

Path-based DoS Attack (PDoS):

In this type of DoS attack, the attacker overpowers
sensor nodes a long distance away by flooding a multihop end-to-end
communication path with either replayed packets or injected spurious
packets. Diminished system availability and exhaustion in batteries of
nodes are impacts of this physical attack.

Node Outage:
The attack is applied logically or physically to the
network and it stops the functionality of network components. Node
services such as reading, collecting and initiating operations are
stopped because of this attack.

Eavesdropping:
Wireless characteristics of RFID system make it
possible that attacker sniffs out the confidential information such as
password or any other data flowing from tag-to-reader or reader-to-
tag making the system vulnerable.

Various kinds of perception layer attacks are listed below with related
risks on security mechanisms of IoT in Table 3.

4.1.2 Threats of Network Layer

Attacks Risks
Spoofing Authenticity, integrity and

41
 confidentiality.
Signal/Radio
Availability and integrity.
Jamming
Device-tampering/ Availability, integrity, authenticity
Node-capturing and confidentiality.
Path-based
Availability and authenticity.
DoSAttack
Node Outage Availability and authenticity.
Eavesdropping Confidentiality.

Table 3. Attacks and related risks on security mechanisms of IoT.

Network layer which is known as the next-generation network are

exposed to many kinds of threats. Related threats that come from this
layer are listed below:

Selective Forwarding:
In such attacks, malicious nodes do not forward some
messages and selectively drop them, ensuring that they cannot
propagate later on.

The attacker who is responsible for suppression or modification of

packets originating from a select few nodes can sometimes forward
the remaining traffic not to reveal her wrongdoing.
There are different types of selective forwarding attacks. In one type,
the malicious node can selectively drop the packets coming from a
particular node or a group of nodes. This situation poses a risk of DoS
attack for that node or a group of nodes. Another type of selective
forwarding attack is called Neglect and Greed.
In this type of attack, the subverted node arbitrarily skips
routing some messages.

41
Sybil Attack: It is clarified as a malicious device illegitimately taking
on multiple identities. Sybil attack, an attacker can “be in more than
one place at once” as a single malicious node. It presents multiple
identities to other nodes in the network reducing the effectiveness of
fault tolerant schemes.

Sinkhole Attack (Blackhole): The sink hole is defined in by intense

resource contention among neighbouring nodes of the malicious node
for the limited bandwidth and channel access. It results in congestion
and can accelerate the energy consumption of the nodes involved.
With sink holes forming in a sensor network, it is vulnerable to
several other types of denial of service attacks.

Wormhole: This form of DoS attack induces relocation of bits of data

from its original position in the network. This relocation of data
packet is carried out through tunnelling of bits of data over a link of
low latency.

Man-in-the-Middle Attack: This attack is described as a form of

eavesdropping in which the unauthorized party can monitor or control
all the private communications between the two parties hideously.
The unauthorized party can even fake the identity of the victim and
communicate normally to gain more information.

Hello-flood Attack: High traffic in channels is the main disrupting

effect of this attack which congests the channel with an unusually
high number of useless messages. Basically, a single malicious node
sends a useless message which is then replied by the attacker to create
a high traffic.

Acknowledgement Flooding: Routing algorithms in sensor-based

systems need acknowledgements from time to time. In this type of
DoS attack, a malicious node sends false information to destined
neighboring nodes by the help of these acknowledgements.

4.1.3 Threats of Support Layer

41
Target of threats in support layer are mainly data storage
technologies. These threats are discussed below:

Tampering with Data:

The attack appears when a person from the inside
tampers the data for personal benefits or commercial benefits of any
3rd party companies. The data can be extracted and modified easily
on purpose from the inside.

DoS (Denial-of-Service) Attack:

Similar effects of DoS attacks that are discussed in
previous layers are seen in this layer, too;
e.g. it shuts down the system which results in
unavailability of the services.

Unauthorized Access:
The attacker can easily infiltrate into the system and
damage the system by preventing the access to the related services of
IoT or deleting sensitive data. Hence, an unauthorized access can be
fatal for the system.

4.1.4 Threats of Application Layer

The personalized services based on the needs of the users are included
in the application layer; e.g. the interface that user can control devices
in IoT. Threats in this layer mainly target these services as mentioned
below:

Sniffer/Loggers:

41
 Attackers can introduce sniffer/logger programs into the
system that take important information from the network traffic. The
main goal of the sniffer is to steal passwords, files (FTP files, E-mail
files), and E-mail text. Many protocols are prone to sniffing .

Injection:
Attackers may enter code directly into the application that is
executed on the server. This is a very common attack, easy to exploit,
and can cause some bad results such as data loss, data corruption and
lack of accountability .

Session Hijacking:
This attack reveals personal identities by exploiting security
flaws in authentication and session management. This type of attack is
very common and effects of attack are really important. With the
identity of someone else, attacker can do anything the real user can
do.

DDoS (Distributed Denial of Service):

Its working principle is the same as the traditional Denial of
Service attack. However, it is executed by multiple attackers at the
same time.

Social Engineering: A serious threat for application layer where

attackers can obtain information from users via chats, knowing each
other etc.

4.2 Solutions with Respect to Security in IoT

Recommended solutions and research directions with respect to
security in IoT are examined in three categories: security of
perception layer, security of network layer and security of support and
application layers. The examination is summarized in Figure 3.

4.2.1. Security of Perception Layer

41
Taking security measures for the perception layer dates back times
before IoT.

Fig. 3 Security solutions on layers of IoT.

Equipments such as RFID readers, sensors, gateways, GPS and other

devices require to be secured efficiently. OWASP has identified poor
physical security in the top 10 IoT vulnerabilities. The first step is to
ensure that only authorized people can have access to sensitive data
produced by physical objects, that’s why a physical identity and
access management policy need to be defined . Authentication and
authorization requirements from IoT are satisfied in this similar
fashion.

Data collection is an important issue for this layer. In a particular

article, this issue is examined in two separate headings. In one
heading which is presented as multimedia data collection, there are
some recommended security techniques such as multimedia
compression, stenography, water marking, encryption, time session
and intellectual property. The second heading is image data
collection, to use security in images as image compression, and CRC.

41
 Type Algorithm Purpose

Symmetric Advanced encryption

Confidentiality
Encryption standard (AES)

Rivestshamir Adelman Digital

Asymmetric
(RSA) / Elliptic curve Signatures, Key
Encryption
cryptography (ECC) Transport

Asymmetric
Diffie-hellman (DH) Key Agreement
Key Agreement
Hashing SHA-1/SHA-256 Integrality

Table 4. Cryptographic algorithms.

Cryptographic processing is one of the main tasks in security

mechanisms for sensor data on IoT. These operations that are often
used in order to guarantee privacy of data include encryption and
decryption, key and hash generation, and sign and verify
hashes. Table 4 gives some frequently used cryptographic algorithms
and their use purposes in Internet security protocols based on studies.

In a study, they have compare two asymmetric algorithms

in Table 4, RSA and Elliptic Curve Cryptography (ECC) , on sensor
nodes and prove that ECC is more efficient than RSA, and
asymmetric cryptography is applicable for resource-constrained
hardware.
Hence, researchers focus on reducing complexity of
asymmetric cryptographic algorithms and key distribution protocols.
In two of those studies, present hardware cryptographic solutions for
smart objects in their solution.

41
 Key distribution mechanism of those studies are
demonstrated in order to use in lightweight communication channels
in resource-constrained networks. These improvements make
cryptographic mechanisms in the context of WSNs more applicable.
However, unique customized solutions are created and still there has
been no standardized way of implementing services.

Risk Assessment is a fundamental of IoT security which determines

the extent of the potential threat and the risk associated with an IoT
system. The output of this process helps to identify appropriate
controls for reducing or eliminating risk during the risk mitigation
process.
A number of organizations have developed guidelines for conducting
risk assessment such as:
the U.S. National Institute of Standards and Technology (NIST) ; the
International Standards Organization (ISO) and the International
Electro-technical Commission (IEC).

4.2.2. Security of Network Layer

The security of network layer can be examined in two main sub-

layers; wireless and wired. One of the initial actions in wireless
security sub-layer is the development of protocols for authentication
and key management. For example; SSL/TLS is developed to encrypt
the link in the transport layer, and IP security protocol (IPSec) is
developed to keep the network layer secure. They can provide
authenticity, confidentiality and integrity in the each layer.

Also, using PPSK (Private Pre-Shared Key) for each sensor or

device connected to the network provides another security measure
for IoT system. By providing different unique keys, the access
domain for each type of device can be defined easily.
Moreover, disabling guest and default passwords in network devices
such as routers and gateways should be done immediately upon
installing a new network device. This includes strong password
policies, password management and periodic change of passwords.

41
 The wired security sub-layer is concerned with devices, which
communicate with other devices on the IoT system using wired
channels. Common security techniques are applied in wired type
networks are firewalls and Intrusion Prevention System (IPS). If the
network has firewall or IPS, it can inspect network packets deeply
that are destined towards the destination. However, existing IoT has
no ability in terms of packet inspection and packet filtering.

There is an ongoing research on this issue where security

researchers try to design a low resource-hungry firewall for IoT to
provide the ability of packet inspection. All information about the
security of network layer that is discussed above is summarized
in Table 5.

4.2.3. Security of Support and Application Layers

In a study they claim that this topic contains two sub-layers.
In one sub- layer, there are local applications and related middleware
functions which should be secured with various techniques.

Sub-layers Security Techniques Purposes

TLS/SSL
Wireless IPSec
Authenticity,
PPSK Confidentiality,
Integrity
Firewall
Wired
IPS

Table 5. Security of Network Layer on IoT.

For example, intelligent transportation systems can use encryption

techniques, while smart home/smart metering systems uses
steganography techniques.

41
The second sublayer corresponds to national applications and their
security systems, ensuring that sent and received data are secure.
Therefore, various security techniques are applied in these systems
based on the scope of each system such as authentication,
authorization, access control list, selective disclosure, intrusion
detection, firewall, and antivirus.

According to a study, authentication mechanism preventing the access

of intruders is applied in support and application layer by integrated
identity identifications. This identity security mechanism is exactly
similar to that in the network layer. The difference is that these layers
focus on authentications by some certain cooperating services which
means users can even choose the associated information to be shared
with the services.

Data security is another issue on these layers. There are various

precautions taken by security system on IoT such as:

・ Safe programming and anti-virus software testing against

malicious code injections and service loopholes,
・ Verification of data and developing temporary cache against
malicious operations,
・ Session inspection mechanism to stop attacks of hijacking and
redo sessions,
・ Boundary inspection, data encryption mechanism and resource
access control to avoid leakage of privacy.

The IoT is vulnerable to a number of attacks that are mentioned in

previous sections to disrupt the whole system, thus intrusion detection
is a crucial concept for IoT deployments in real world such as
industrial automation, building automation, smart metering and smart
grids. Attacks against a system are detected during analysis of actions
in the system by a security mechanism broadly termed as Intrusion
Detection System (IDS). When an attack is detected, IDS may log
information about it and/or report an alarm. There are different
existing intrusion detection techniques such as anomaly detection,
data mining techniques, statistical analysis etc.

41
5. Conclusion

Internet of things is a new technology which provides many

applications to connect the things to things and human to things
through the internet. Each objects in the world can be identified,
connected to each other through internet taking decisions
independently.
All networks and technologies of communication are used in
building the concept of the internet of things such technologies are
mobile computing, RFID, wireless sensors networks, and embedded
systems, in addition to many algorithms and methodologies to get
management processes, storing data, and security issues.
Internet of things may facing two major challenges in
order to guarantee seamless network access; the first issue relates to
the fact that today different networks coexist and the other issue is
related to the big data size of the IoT.
The Internet Society cares about IoT because it represents
a growing aspect of how people and institutions are likely to interact
with and combine the Internet and network connectivity into their
personal, social, and economic lives. Solutions to maximizing the
benefits of IoT while minimizing the risks will not be found by
engaging in a separated debate that depths of the promises of IoT
against its possible threats. Moreover, We can believe that IoT will
we developed with a high level Security in upcoming years.

REFERENCES

41
 https://www.internetsociety.org/
 https://www.scirp.org/journal/paperinformation.aspx?
paperid=73675#ref1
 https://www.sciencedirect.com/science/article/pii/
S0166361517307285
 https://www.sciencedirect.com/science/article/pii/
S0167404820304211
 https://www.mdpi.com/2624-831X/2/1/9
 https://ieeexplore.ieee.org/abstract/document/8972389
 https://www.aylanetworks.com/iot-technical-articles

41