CCF3451: INTERNET OF THINGS

GROUP ASSIGNMENT.
GROUP 7.

NAME REG. NO
EMMANUEL K KOSKEI CT206/0023/18
WELDON K KENEI CT206/0024/18
COLLINS KIPKOSGEI CT206/0023/16
NDUNG’U ERIC CT206/0020/15
Introduction
The era we live in is faces by the ever-growing technological advancements. The world’s
most used machines are now evolving to be smart just like other smart machines like
computers. In this document we give a summary of articles about Internet of Things (IoTs). It
explains what IoTs are, their impact and significance in today’s world, their applications,
threats and hoe to secure them from the threats.
Internet of things can be defined as a paradigm or a network of objects that are equipped with
actuators, sensors and processors where they communicate to serve their purpose. Sensors
and actuators are devices which help with interacting with the environment. Broadly, sensors
can be defined as devices that can provide input of its current state (internal state +
environment). Actuators on the other side are devices that are used to effect change on the
environment.

The Architecture of IoT

In the event that IoT is growing and more research being conducted due to its emergence,
there’s been no single architecture that has been agreed upon. Based on this fact, there is a
basic 3-5 architecture for IoT. The figure below gives a layout of the architecture.

Application layer Business layer

Application layer
Network layer Process layer

Transport layer
Perception layer
Perception layer
Figure 1: layers of IoT

The perception layer is the physical layer where sensors gather information from the
environment. It senses some physical parameter or identifies other smart objects.
The network layer is responsible for connection between other smart objects, network
devices and servers. Most of its features are used in transmitting and processing sensor data.
The application layer is the layer responsible for delivering application specific services to
users.

On the other five-layered architecture as shown above, the perception and application layer
perform same functionalities whereas the rest differ.
The network layer is responsible for transmission of sensor data from perception layer to
application layer and vice-versa using different channels such as wireless, 3G, Bluetooth,
RFID among others.
The processing layer also known as the middleware layer, stores, analyze, and process huge
amount of data that come from the transport layer. It employs other technologies such as
database, cloud computing and Big data processing modules.
The business layer manages the whole IoT system including the application, business and
profit models and user privacy.

The IoT protocols

At the application layer, communication protocols are fundamental components of IoT
ecosystem since it is the basis of all interaction between IoT devices and among IoT and
cloud infrastructure. These protocols typically deal with the messaging between device and
discovery of devices. They utilize TCP in messaging and UDP in discovery. Typically
messaging refers to sharing data among other devices while discovery refers to detecting
devices and services being offered.
The messaging protocols include MQTT, CoAP, AMQP, DDS and XMPP while the
discovery protocol include Mdns and SSDP. The choice of the protocol to be used is
dependent on the IoT systems and their requirements. MQTT and CoAP are particularly
suitable for services requiring data collection (e.g., sensor updates) in constrained
environments. On the contrary, AMQP, DDS and XMPP address specific service
requirements, namely business messaging, instant messaging and online presence detection
and real-time exchanges, respectively. In terms of service discovery, mDNS and SSDP are
the protocols of choice for IoT environments.

Threats and vulnerabilities facing IoT protocols

Under the messaging protocol, analysis of the MQTT and CoAP were considered on the
potential threats and vulnerable processes that may cause harm. They include:
From the analysis of the possible security threats of CoAP-enabled devices, we identified the
potentially vulnerable processes and we produced the following classification:
1. Message parsing: the processing logic of client and server parsers does not properly
handle incoming messages. This vulnerability could affect CoAP node availability
because of overload conditions and even open the ability to remotely execute
arbitrary code on the node under attack;
2. Proxying and caching: the access control mechanisms of proxies and caches are not
properly implemented. This vulnerability could compromise their content, thus
breaking confidentiality and integrity of CoAP messages;
3. Bootstrapping: the setup of new CoAP nodes is not properly implemented. This
vulnerability could grant unauthorized nodes the access to a CoAP environment;
4. Key generation: the generation of cryptographic keys is not sufficiently robust. The
usage of these keys could compromise CoAP nodes;
 5. IP address spoofing: by forging the IP addresses of CoAP nodes, an attacker could
perform a variety of side attacks including the generation of spoofed response
messages and acknowledgments as well as reflection/amplification attacks;
6. Cross-protocol exchanges: an attacker sends a CoAP node a message with a
spoofed IP address and a fake source port number; the response of this node will
reach the node under attack and force it to interpret the received message according
to the rules of the target protocol.
From the analysis of the possible security threats of MQTT-enabled devices, we identified the
potentially vulnerable processes and we produced the following classification:
o Authentication: the MQTT broker does not properly check the
publisher/subscriber identity and does not block repeated authentication
attempts. These vulnerabilities could grant an attacker the access to MQTT
devices or could overload the broker and eventually make it crash;
o Authorization: the MQTT broker does not properly set the
publishing/subscribing permissions. This vulnerability could grant an attacker
the control over data or functions of MQTT devices;
o Message delivery: a publisher sends messages that cannot be delivered
because of the lack of subscribers. This vulnerability could lead to significant
degradation of broker performance;
o Message validation: a publisher sends messages containing disallowed
characters that are not properly interpreted by brokers and subscribers. This
vulnerability could be exploited to perform many different malicious attacks;
o Message encryption: clients and servers exchange messages in plaintext,
thus allowing an attacker to eavesdrop and spoof the messages in transit. This
vulnerability could be exploited to perform Man-in-The-Middle (MiTM)
attacks.

From the analysis of the potential security threats of mDNS, we identified and classified the
attacks as follows:

 Denial of Service attacks: attackers flood mDNS-enabled nodes with messages that
exploit specific characteristics of the protocol. These messages could make nodes
unresponsive or unavailable by invalidating cache entries or blocking the probing
process;
 Poisoning attacks: attackers spoof mDNS response messages and advertise fake
services frequently exploited for further attacks towards unaware nodes;
 Remote attacks: attackers exploit mDNS-enabled nodes responding to queries from
outside to abuse services for various purposes, e.g., Distributed Denial of Service
reflection attacks, collection of sensitive information.
Types of attacks on IoT
The IoT in general as a system is prone to attacks such as:
1. Distributed denial-of-service attack (DDoS attack):
A DoS attack can be done in a several ways. The basic types of DoS attack include:
 Flooding the network to prevent legitimate network traffic
 Disrupting the connections between two machines, thus preventing access to a service
 Preventing a particular individual from accessing a service.
 Disrupting a service to a specific system or individual.
 Disrupting the state of information, such resetting of TCP sessions.

2. Eavesdropping Attack:
An eavesdropping attack, which are also known as a sniffing or snooping attack, is an
incursion where someone tries to steal information that computers, smartphones, or other
devices transmit over a network. An eavesdropping attack takes advantage of unsecured
network communications in order to access the data being sent and received. Eavesdropping
attacks are difficult to detect because they do not cause network transmissions to appear to be
operating abnormally.

3. Clickjacking:
Clickjacking (User Interface redress attack) is a malicious technique of tricking a Web user
(in this case an IoT) into clicking on something different from what the user perceives they
are clicking on, thus potentially revealing confidential information or taking control of their
computer while clicking on seemingly innocuous web pages. This makes the device in case to
be fooled to do malicious activities.

4. Phishing
Phishing is the fraudulent attempt to obtain sensitive information such as usernames,
passwords and credit card details, often for malicious reasons, by disguising as a trustworthy
entity in an electronic communication. Phishing can be used to trick IoTs into sending or
retrieving sensitive information of a particular system.

5. Spoofing
Spoofing is a malicious practice employed by cyber scammers and hackers to deceive
systems, individuals, and organizations into perceiving something to be what it is not.
Communication is initiated by the spoofer to the victim or system from an unknown source
but disguised to present itself as an authentic and safe sender.
Security of IoT

IoT Security is the area of effort concerned with safeguarding connected devices and
networks in the internet of Things. Most of the technical security concerns are similar to
those of conventional servers, workstations and smartphones, but security challenges unique
to the IoT continue to develop, including industrial security controls, hybrid systems, IoT-
specific business processes, and end nodes.

IoT security foundation (IoTSF)

As a response to increasing concerns over security, the Internet of Things Security Foundation
(IoTSF) was launched on 23 September 2015. IoTSF has a mission to secure the Internet of Things by
promoting knowledge and best practice.

While security is a concern there are many things being done to protect device. Device Data is
following cryptographic standards and encryption is being used in end-to-end scenarios. The overall
understanding of IoT is essential for basic user security. Keeping up with current antivirus software
and strengthening updates will help mitigate cyber attacks.

The following diagram gives a summary on how we can safeguard the IoT.

DATA
BACKUP
CRYPTOGRAP
HUMAN
HY
ASPECTS

SECURITY
MEASURES
FIREWALL ANTI
VIRUS

ANTI
SPYWARE

Figure 2 security of IoT