Department of Multidisciplinary Engineering

A.Y. 2021-22

Internet Of Things

Blog
Need of secure protocols in IoT
Group no :-04

Name GR no. Roll no.

Devle Mayur 70
Gaikwad Rahul 12120183 73
Waghmare Gayatri 74
Joshi Rushikesh 12120041 79
Khanvilkar Jenifer 87
Mandage Pratiksha 91

1
 NEED OF SECURE PROTOCOLS IN IOT
What is IOT??
The things or the object that are individually connected in the physical
environment that can collect the real time data and also transfer,
retrieve, and respond to it with an action logically through the Internet
is called Internet of Things or IoT. The arrival of cheap computer
processors and the solution of wireless network has great impact on
Iot, Because of that now it is possible to operate anything from
something small to something very big because of IoT. By using IoT
we can connect all different objects and adding sensors to these
devices adds a level of digital intelligence to devices , By enabling
these devices to communicate real-time data without involving a
human being. The IoT systems are making the world more smarter
and more responsible by merging the digital and physical data
together.

Image Credit :-pixabay

Why is Internet of Things (IoT) so important?

IoT has became one of the most important technologies of the 21st
century so far. Now we can connect everyday objects like kitchen
appliances, cars, thermostats, baby monitors to the internet with the
help of embedded devices, Because of these devices a steady
communication is possible between people, process and things.

2
By the use of IoT the cloud, big data analytics, and mobile technologies,
physical things can share and collect data with least human
intervention. In this connected world, digital systems can record &
monitor, and can adjust each interaction between connected things
and peoples

So in above we have seen the what is iot and its importance now its
time to look at security in IoT.

What about IoT security?

IoT security  is nothing but an act of securing the Internet devices
and the networks from threats and risks by identifying, Protecting and
monitoring the risks .

Security is one the major issues with IoT systems.The sensors used in
IoT systems collects very sensitive data. Keeping the data secure is
very important for consumers trust .But so far the IoT security record
has not very good.

Originally IoT devices are not built with security, Vulnerabilities in

a multiple devices is biggest issue in IoT systems. In the majority
cases, there are no ways to install security software on the devices. In
addition, they sometimes ship with malware on them, which then
infects the network whre the devices are connected.

3
 Threats and risks in IoT systems
There are so masy risks in security of IoT we have pointed out some
of the Threats realed to security in Iot

1. Use of Weak, predictable or default Passwords

Use of weak, default, and predictable passwords are the easiest way
for hackers to attack the IoT devices and it further launch big-scale
botnets, and other malware. Managing passwords in IoT ecosystem
is very time-consuming and difficult responsibility . Since the IoT
devices are managed over-the-air.
 
 
2. Lack of Security update mechanism.

Installing unauthorized software updates are a major threat route for

launching attacks against the IoT devices. A corrupted update can
interrupt the operations of critical IoT devices and they can have
physical consequences in sectors like the energy or healthcare. To
secure the software updates, we need to secure the access to the
updates and verify the source of the updates.
 

4
3. Use of Outdated / Insecure Components

The security in IoT ecosystem may be cooperated by vulnerabilities

in software legacy systems. The use of insecure or outdated
softwarecomponents, Which also includes open-source components
by developers to build the IoT devices which creates a complex
supply chain that is difficult to manage. These components might
inherit weaknesses known to the attackers creating an expanded
threat landscape waiting to be exploited.
 
4. Insufficient Privacy Protection

Many deployed IoT devices collect personal data that need to be

securely stored and processed to maintain compliance with the
various privacy regulations, such as GDPR or CCPA. This personal
data might be anything from medical information to power
consumption and driving behavior. Lack of appropriate controls will
jeopardize users’ privacy and will have legal consequences.

5. Insecure Data Transfer and Storage

The protection of IoT data—either at rest or in transit—is of great

importance to the reliability and integrity of IoT applications. This
data is used in automated decision-making processes and controls
that can have serious physical repercussions. It is critical that we
effectively protect this data. The use of strong encryption throughout
the IoT data lifecycle and adaptive identity and access control will

5
 help secure IoT data from compromise and breaches.
 
6. Lack of Device Management

One of the most important tasks and one of the most significant
security challenges in the IoT ecosystem is managing all devices
throughout their lifecycle. If unauthorized devices are introduced
in the IoT ecosystem, they will be able to gain access and surveil
corporate networks and intercept traffic and information. The key
concerns of IoT device management are the provisioning,
operation and updating of devices. The discovery and
identification of IoT devices is a necessary first step in the
monitoring and protection of these devices.
 
7. Insecure Default Settings

IoT devices are shipped with default, hardcoded settings that are
easy insecure and easy to be breached by attackers. Once these
settings are compromised, adversaries can either seek for
hardcoded default passwords, hidden backdoors and
vulnerabilities in the device firmware. At the same time, these
settings are difficult for a user to change. Having a deep
understanding of these settings and the security gaps they
introduce is a first step to implementing the appropriate controls
for hardening these devices.
 

How to secure the IoT

6
There are no instant fixes that can cure the security issues and threats
of IoT. By using specific strategies and tools are necessary for
properly securing more specialized systems and aspects of the IoT.
However, users can apply a few best practices to reduce risks and
prevent threats:

 Allocate an administrator of things. Having a person act as

   

an administrator of IoT devices and the network can help

minimize security oversights and exposures. They will be in
charge of warranting IoT device security, even at home. The
role is critical especially during this time of WFH setups, where
IT experts have limited control in securing home networks that
now have a stronger influence on work networks.
   Regularly check for patches and updates. Vulnerabilities are
a major and constant issue in the field of the IoT. This is
because vulnerabilities can come from any layer of IoT devices.
Even older vulnerabilities are still being used by cybercriminals
in order to infect devices, demonstrating just how long
unpatched devices can stay online.
     Use strong and unique passwords for all accounts. Strong
passwords help prevent many cyberattacks. Password managers
can help users create unique and strong passwords that users can
store in the app or software itself.

7
  Prioritize Wi-Fi security.  Some of the ways users can do this
   

include enabling the router firewall, disabling WPS and

enabling the WPA2 security protocol, and using a strong
password for Wi-Fi access. Ensuring secure router settings is
also a big part of this step.
 Monitor baseline network and device behavior. Cyberattacks
can be difficult to detect. Knowing the baseline behavior (speed,
typical bandwidth, etc.) of devices and the network can help
users watch for deviations that hint at malware infections.

 Secure the network and use it to strengthen security. IoT

  

devices can place networks at risk, but networks can also serve
as levelled ground through which users can implement security
measures that cover all connected devices.
   Secure IoT-cloud convergence and apply cloud-based
solutions. The IoT and the cloud are becoming increasingly
integrated. It is important to look at the security implications of
each technology to the other. Cloud-based solutions can also be
considered to deliver added security and processing capabilities
to IoT edge devices.
  Consider security solutions and tools. A large hurdle that
users face in trying to secure their IoT ecosystems is the limited
capacity in which they can implement these steps. Some device
settings might have restricted access and are difficult to
configure. In such cases users can supplement their efforts by
considering security solutions that provide multi-layered
protection and endpoint encryption.

Secure protocols for IOT

So there are mainly 5 secure protocols of IoT which are

1. MQTT
2. COAP
3. DTLS
4. 6LOWPAN
5. ZigBee

8
 MQTT
MQTT is one amongst the foremost common security
protocols utilized in internet of things security. it had been
invented by Dr Andy Stanford-Clark and Arlen Nipper in 1999.
MQTT stands for Message Queuing Telemetry Transport and
could be a client-server communicating messaging transport
protocol. The MQTT runs over TCP/IP or over other
conventions that provide requested, lossless, two-way
associations. 
Features of MQTT
• It’s a straightforward and very lightweight protocol with easy
and fast data transmission.
• MQTT is intended for constrained devices still as low-
bandwidth, unreliable or high-latency networks.
• Minimum use of information packets ensures less network
usage.
• Optimal power consumption saves the battery of the connected
devices, making it perfect for mobile phones and wearables
where battery consumption has to be minimal.
• It’s supported the messaging technique and then, is extremely
fast and reliable.

9
 • It’s ideal for IoT applications.
How does MQTT secure internet of things applications?
Security in MQTT is split into multiple layers: network,
transport, and application levels. Each layer prevents a particular
sort of attack. As MQTT could be a lightweight protocol, it
specifies only some security mechanisms. MQTT
implementations usually use other security standards like
SSL/TLS for transport encryption, VPN at network level for a
physically secure network, and use of username or password. A
client identifier to authenticate devices on the applying level is
passed with data packets.

 CoAP
CoAP (Constraint Application Protocol) could be a web transfer
protocol designed for constrained devices (like microcontrollers)
and therefore the constrained network called low power or lossy
networks. it's also one among the foremost popular protocols to
secure internet of things applications.

 Features of CoAP
• Similar to HTTP, CoAP is predicated on the remainder
model. Clients access the resources made available by servers
under URLs using methods like GET, POST, PUT and
DELETE. 
• CoAP is intended to figure on microcontrollers, which makes
it perfect for the net of things because it requires countless
inexpensive nodes. 

10
 • CoAP uses minimal resources, both on the device and on the
network. rather than a fancy transport stack, it gets by with UDP
on IP.
• CoAP is one amongst the foremost secure protocols as its
default choice of DTLS parameters is such as 3072-bit RSA
keys.

 How does CoAP secure internet of things applications?

CoAP uses UDP (User Datagram Model) to move information
and thus relies on UDP security aspects to safeguard the
knowledge. CoAP uses Datagram TLS over UDP.
CoAP has been designed to possess an easy and user-friendly
interface with HTTP for integration with the net and supports
functions like multicast support and low overhead issues, thus
contributing to security within the internet of things.

 DTLS
The DTLS (Datagram transport layer security) is an online of
things security protocol designed to guard digital
communication between data-gram-based applications. it's
supported TLS (transport layer security) protocol and provides
the identical level of security.

 Objective of DTLS
The main objective of DTLS is to create slight adjustments to
TLS to resolve issues like reordering and data loss. The
semantics of the underlying transport layer remain unchanged
using the DTLS protocol. Therefore, no delays occur thanks to
associated stream protocols; however, the appliance must cater

11
 to loss of datagram, packet reordering, and data larger than the
scale of a datagram network packet.

 Features of DTLS
• DTLS uses a retransmission timer to resolve the problem of
packet loss. If the timer terminates before the client receives the
confirmation message from the server, then the client
retransmits the information.
• The issue of reordering is solved by giving each message a
particular sequence number. This helps in determining if the
following message received is in sequence or not. If it's out of
sequence, it's put during a queue and handled when the sequence
number is reached.
• DTLS is unreliable and doesn't guarantee the delivery of
knowledge, even for payload information.

 Uses of DTLS
DTLS is employed in applications like live video feeds, video
streaming, gaming, VoIP, and instant messaging where loss of
knowledge is relatively reduced than latency.

 6LoWPAN
6LoWPAN (IPv6 over Low Power Wireless Personal Area
Networks) could be a protocol for low-power networks like IoT
systems and wireless sensor networks.

 Features of 6LoWPAN
• 6LoWPAN is employed to hold data packets within the sort of
IPv6 over various networks.

12
 • Provides end-to-end IPv6 and hence provides direct
connectivity to a good kind of networks including direct
connectivity to the web.
• 6LoWPAN is employed for safeguarding the communications
from the end-users to the sensor network.
• 6LoWPAN security for the net of things uses AES-128 link
layer security which is defined in IEEE 802.15.4 for its security.
Link authentication and encryption are accustomed provide
security and extra security is provided to move layer security
mechanisms, which runs over TCP.
Uses of 6LoWPAN 
6LoWPAN plays a key role in domains like industrial
monitoring, smart home automation, general automation, smart
grids, etc. 
5. ZigBee
ZigBee is believed to be a state-of-the-art protocol to supply
security for internet of things devices and applications. It
provides efficient machine-to-machine communication from 10–
100 meters away in low-powered embedded devices like radio
systems. it's a price effective open-source wireless technology.
ZigBee supports two security models:

 The Centralized Security Network

This provides higher security and is additionally more
complicated because it uses a 3rd device called Trust Centers
that are applications that run on the device trusted by other
devices within the ZigBee network. The Trust Centre forms a
centralized network and configures and authenticates each
device to hitch the network by giving it a singular TCLK (TC

13
 Link Key). The TC also determines the network key. to hitch the
network, each device must be configured with the link key
which is employed to encrypt the network when passing it from
the TC to a newly joined entity.

 The Distributed Security Network

In DSN, there's no Central Node or Trust Center; this
makes it simpler but less secure than the CSN. Each router can
start distributed networks on their own. When a node joins to the
network, it only receives the network key. 

 Features/Advantages of IoT with ZigBee

• ZigBee provides standardization in any respect layers, which
enables compatibility between products from different
manufacturers.
• Due to its mesh architecture, devices tend to attach with every
device within the vicinity. This helps in increasing the network
and to making it more flexible. 
• ZigBee uses “Green Power” that facilitates lower energy
consumption and price.
• ZigBee helps within the scalability of networks because it
supports a high number (about 6,550) of devices.

14
 REFERENCES

[1] R Yugha a*, S Chithra b “A Survey on technologies and security protocols:

Reference for Future Generation IoT” 1 Jul 2020 Research Scholar, Department
of Information Technology, SSN College of Engineering, Affiliated with Anna
University, Tamil Nadu 603110,India

[2]Kanwalinderjit Gagneja ,Riley Kiefer “Security Protocol for Internet of Things

(IoT): Blockchain-based Implementation and Analysis
” 23 March 2020 Department of Computer Science, Florida Polytechnic
University, United States

[3]https://www.fortinet.com/

[4]https://www.oracle.com/in/internet-of-things/what-is-iot/
[5]https://www.iiot-world.com/ics-security/cybersecurity/the-importance-of-
security-by-design-for-iot-devices/
[6]https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/iot-
security-101-threats-issues-and-defenses
[7]https://www.eurofins-cybersecurity.com/news/security-problems-iot-devices/

Image credit :- pixabay.com

15