Professional Documents
Culture Documents
A.Y. 2021-22
Internet Of Things
Blog
Need of secure protocols in IoT
Group no :-04
1
NEED OF SECURE PROTOCOLS IN IOT
What is IOT??
The things or the object that are individually connected in the physical
environment that can collect the real time data and also transfer,
retrieve, and respond to it with an action logically through the Internet
is called Internet of Things or IoT. The arrival of cheap computer
processors and the solution of wireless network has great impact on
Iot, Because of that now it is possible to operate anything from
something small to something very big because of IoT. By using IoT
we can connect all different objects and adding sensors to these
devices adds a level of digital intelligence to devices , By enabling
these devices to communicate real-time data without involving a
human being. The IoT systems are making the world more smarter
and more responsible by merging the digital and physical data
together.
IoT has became one of the most important technologies of the 21st
century so far. Now we can connect everyday objects like kitchen
appliances, cars, thermostats, baby monitors to the internet with the
help of embedded devices, Because of these devices a steady
communication is possible between people, process and things.
2
By the use of IoT the cloud, big data analytics, and mobile technologies,
physical things can share and collect data with least human
intervention. In this connected world, digital systems can record &
monitor, and can adjust each interaction between connected things
and peoples
So in above we have seen the what is iot and its importance now its
time to look at security in IoT.
IoT security is nothing but an act of securing the Internet devices
and the networks from threats and risks by identifying, Protecting and
monitoring the risks .
Security is one the major issues with IoT systems.The sensors used in
IoT systems collects very sensitive data. Keeping the data secure is
very important for consumers trust .But so far the IoT security record
has not very good.
3
Threats and risks in IoT systems
There are so masy risks in security of IoT we have pointed out some
of the Threats realed to security in Iot
Use of weak, default, and predictable passwords are the easiest way
for hackers to attack the IoT devices and it further launch big-scale
botnets, and other malware. Managing passwords in IoT ecosystem
is very time-consuming and difficult responsibility . Since the IoT
devices are managed over-the-air.
2. Lack of Security update mechanism.
4
3. Use of Outdated / Insecure Components
5
help secure IoT data from compromise and breaches.
6. Lack of Device Management
One of the most important tasks and one of the most significant
security challenges in the IoT ecosystem is managing all devices
throughout their lifecycle. If unauthorized devices are introduced
in the IoT ecosystem, they will be able to gain access and surveil
corporate networks and intercept traffic and information. The key
concerns of IoT device management are the provisioning,
operation and updating of devices. The discovery and
identification of IoT devices is a necessary first step in the
monitoring and protection of these devices.
7. Insecure Default Settings
IoT devices are shipped with default, hardcoded settings that are
easy insecure and easy to be breached by attackers. Once these
settings are compromised, adversaries can either seek for
hardcoded default passwords, hidden backdoors and
vulnerabilities in the device firmware. At the same time, these
settings are difficult for a user to change. Having a deep
understanding of these settings and the security gaps they
introduce is a first step to implementing the appropriate controls
for hardening these devices.
6
There are no instant fixes that can cure the security issues and threats
of IoT. By using specific strategies and tools are necessary for
properly securing more specialized systems and aspects of the IoT.
However, users can apply a few best practices to reduce risks and
prevent threats:
7
Prioritize Wi-Fi security. Some of the ways users can do this
devices can place networks at risk, but networks can also serve
as levelled ground through which users can implement security
measures that cover all connected devices.
Secure IoT-cloud convergence and apply cloud-based
solutions. The IoT and the cloud are becoming increasingly
integrated. It is important to look at the security implications of
each technology to the other. Cloud-based solutions can also be
considered to deliver added security and processing capabilities
to IoT edge devices.
Consider security solutions and tools. A large hurdle that
users face in trying to secure their IoT ecosystems is the limited
capacity in which they can implement these steps. Some device
settings might have restricted access and are difficult to
configure. In such cases users can supplement their efforts by
considering security solutions that provide multi-layered
protection and endpoint encryption.
1. MQTT
2. COAP
3. DTLS
4. 6LOWPAN
5. ZigBee
8
MQTT
MQTT is one amongst the foremost common security
protocols utilized in internet of things security. it had been
invented by Dr Andy Stanford-Clark and Arlen Nipper in 1999.
MQTT stands for Message Queuing Telemetry Transport and
could be a client-server communicating messaging transport
protocol. The MQTT runs over TCP/IP or over other
conventions that provide requested, lossless, two-way
associations.
Features of MQTT
• It’s a straightforward and very lightweight protocol with easy
and fast data transmission.
• MQTT is intended for constrained devices still as low-
bandwidth, unreliable or high-latency networks.
• Minimum use of information packets ensures less network
usage.
• Optimal power consumption saves the battery of the connected
devices, making it perfect for mobile phones and wearables
where battery consumption has to be minimal.
• It’s supported the messaging technique and then, is extremely
fast and reliable.
9
• It’s ideal for IoT applications.
How does MQTT secure internet of things applications?
Security in MQTT is split into multiple layers: network,
transport, and application levels. Each layer prevents a particular
sort of attack. As MQTT could be a lightweight protocol, it
specifies only some security mechanisms. MQTT
implementations usually use other security standards like
SSL/TLS for transport encryption, VPN at network level for a
physically secure network, and use of username or password. A
client identifier to authenticate devices on the applying level is
passed with data packets.
CoAP
CoAP (Constraint Application Protocol) could be a web transfer
protocol designed for constrained devices (like microcontrollers)
and therefore the constrained network called low power or lossy
networks. it's also one among the foremost popular protocols to
secure internet of things applications.
Features of CoAP
• Similar to HTTP, CoAP is predicated on the remainder
model. Clients access the resources made available by servers
under URLs using methods like GET, POST, PUT and
DELETE.
• CoAP is intended to figure on microcontrollers, which makes
it perfect for the net of things because it requires countless
inexpensive nodes.
10
• CoAP uses minimal resources, both on the device and on the
network. rather than a fancy transport stack, it gets by with UDP
on IP.
• CoAP is one amongst the foremost secure protocols as its
default choice of DTLS parameters is such as 3072-bit RSA
keys.
DTLS
The DTLS (Datagram transport layer security) is an online of
things security protocol designed to guard digital
communication between data-gram-based applications. it's
supported TLS (transport layer security) protocol and provides
the identical level of security.
Objective of DTLS
The main objective of DTLS is to create slight adjustments to
TLS to resolve issues like reordering and data loss. The
semantics of the underlying transport layer remain unchanged
using the DTLS protocol. Therefore, no delays occur thanks to
associated stream protocols; however, the appliance must cater
11
to loss of datagram, packet reordering, and data larger than the
scale of a datagram network packet.
Features of DTLS
• DTLS uses a retransmission timer to resolve the problem of
packet loss. If the timer terminates before the client receives the
confirmation message from the server, then the client
retransmits the information.
• The issue of reordering is solved by giving each message a
particular sequence number. This helps in determining if the
following message received is in sequence or not. If it's out of
sequence, it's put during a queue and handled when the sequence
number is reached.
• DTLS is unreliable and doesn't guarantee the delivery of
knowledge, even for payload information.
Uses of DTLS
DTLS is employed in applications like live video feeds, video
streaming, gaming, VoIP, and instant messaging where loss of
knowledge is relatively reduced than latency.
6LoWPAN
6LoWPAN (IPv6 over Low Power Wireless Personal Area
Networks) could be a protocol for low-power networks like IoT
systems and wireless sensor networks.
Features of 6LoWPAN
• 6LoWPAN is employed to hold data packets within the sort of
IPv6 over various networks.
12
• Provides end-to-end IPv6 and hence provides direct
connectivity to a good kind of networks including direct
connectivity to the web.
• 6LoWPAN is employed for safeguarding the communications
from the end-users to the sensor network.
• 6LoWPAN security for the net of things uses AES-128 link
layer security which is defined in IEEE 802.15.4 for its security.
Link authentication and encryption are accustomed provide
security and extra security is provided to move layer security
mechanisms, which runs over TCP.
Uses of 6LoWPAN
6LoWPAN plays a key role in domains like industrial
monitoring, smart home automation, general automation, smart
grids, etc.
5. ZigBee
ZigBee is believed to be a state-of-the-art protocol to supply
security for internet of things devices and applications. It
provides efficient machine-to-machine communication from 10–
100 meters away in low-powered embedded devices like radio
systems. it's a price effective open-source wireless technology.
ZigBee supports two security models:
13
Link Key). The TC also determines the network key. to hitch the
network, each device must be configured with the link key
which is employed to encrypt the network when passing it from
the TC to a newly joined entity.
14
REFERENCES
[3]https://www.fortinet.com/
[4]https://www.oracle.com/in/internet-of-things/what-is-iot/
[5]https://www.iiot-world.com/ics-security/cybersecurity/the-importance-of-
security-by-design-for-iot-devices/
[6]https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/iot-
security-101-threats-issues-and-defenses
[7]https://www.eurofins-cybersecurity.com/news/security-problems-iot-devices/
15