M A S A R Y K UNIVERSITY

F A C U L T Y O F INFORMATICS

Implementation of Secure
communication for IoT based
on Arduino board

B A C H E L O R ' S THESIS

Hai Yen Le

Brno, Fall 2019

This is where a copy of the official signed thesis assignment and a copy of the
Statement of an Author is located in the printed version of the document.
Declaration

H e r e b y I declare that this p a p e r is m y o r i g i n a l a u t h o r i a l w o r k , w h i c h

I have w o r k e d o u t o n m y o w n . A l l sources, references, a n d literature
u s e d or excerpted d u r i n g e l a b o r a t i o n of this w o r k are p r o p e r l y cited
a n d l i s t e d i n complete reference to the d u e source.

H a i Yen Le

Advisor: B a c e m M b a r e k , P h D

i
Acknowledgements

I w o u l d like to thank m y supervisor for h i s w i l l i n g n e s s , patience, a n d

help w i t h this bachelor thesis. A n d m y f a m i l y for their s u p p o r t d u r i n g
m y study.

ii
Abstract

T h i s bachelor thesis is f o c u s e d o n i m p l e m e n t i n g secure c o m m u n i c a -

tion for IoT based o n the A r d u i n o b o a r d . The thesis describes A r d u i n o ,
Internet of t h i n g s , A t t a c k s o n IoT, C r y p t o g r a p h i c p r i m i t i v e s i n IoT,
B l u e t o o t h , a n d R F I D i n IoT A t the e n d of the thesis is e x p l a i n e d the
i m p l e m e n t a t i o n part, w h i c h is f o c u s e d o n s e c u r i n g B l u e t o o t h a n d
RFID communication.

iii
Keywords

Internet of things, IoT, A r d u i n o , B l u e t o o t h , R F I D

iv
Contents

Introduction 1

1 Arduino 2
1.1 History 2
1.2 The Arduino board 3
1.3 IDE 4

2 Internet Of Things 6
2.1 History 6
2.2 Applications 7
2.2.1 I n d u s t r i a l Internet of T h i n g s 7
2.2.2 C o m m e r c i a l Internet O f T h i n g s 7
2.2.3 C o n s u m e r Internet of T h i n g s 8

3 Attacks on IoT 9
3.1 The pillars of information assurance 9
3.2 Threats, vulnerability and risks 9
3.2.1 Threats 10
3.2.2 Vulnerability 10
3.2.3 Risks 11
3.3 Types of threats on the IoT 11
3.3.1 Botnets 11
3.3.2 D e n i a l of service 13
3.3.3 Man-in-the-Middle 13
3.3.4 Identity a n d data theft 14
3.3.5 Social engineering 15
3.3.6 A d v a n c e d persistent threats 15
3.3.7 Ransomware 16
3.3.8 Remote r e c o r d i n g 16

4 Cryptographic primitives in IoT 17

4.1 Encryption 17
4.1.1 Symmetric encryption 18
4.1.2 Asymmetric encryption 18
4.2 Hashing 19
4.3 Digital signatures 20

v
 4.3.1 S y m m e t r i e d i g i t a l signature 20
4.3.2 A s y m m e t r i e d i g i t a l signature 20
4.4 Random number generation 21

5 Bluetooth and RFID i n IoT 22

5.1 Bluetooth 22
5.2 RFID 23

6 Implementation part 24
6.1 Components 24
6.2 Sensors 25
6.3 Attacker model 25
6.4 Threat modeling 26
6.5 Encryption 26
6.6 Key generation 27
6.7 Key exchange 27
6.8 RFID 28

6.9 Bluetooth 29

7 Conclusion 31

Bibliography 32

A A n appendix 35

vi
Introduction

These days w e are s u r r o u n d e d a l l the time b y technology. Some of us

cannot e v e n i m a g i n e life w i t h o u t a m o b i l e p h o n e , l a p t o p , or smart-
watches. These things are f i l l i n g o u r free time, a n d some of t h e m are
m a k i n g our life more comfortable. O n e of the areas focusing o n s i m p l i -
f y i n g a n d i m p r o v i n g our life is the Internet of Things (IoT). The a l a r m
clock can r i n g a n d w a k i n g us u p d e p e n d i n g o n the traffic situation, the
lights w i l l l i g h t u p , because the sensors detected our movements, the
fridge w i l l automatically order the groceries w e are m i s s i n g a n d w i t h
entering the kitchen the coffee maker already p r e p a r e d y o u r coffee, so
y o u d o not have to waste even a second. These things are not distant
future b u t are a l r e a d y possible n o w a d a y s .
A l l of these advantages are also c r e a t i n g v a r i o u s dangers. T h e
attacker c a n r e m o t e l y c o n t r o l o u r devices or stealing o u r p e r s o n a l
i n f o r m a t i o n or disfigure the access to the device or necessary data a n d
d e m a n d r a n s o m . These dangers are the r e a s o n w h y w e s h o u l d take
care of security a n d not e n a b l i n g free access to o u r devices.
T h i s b a c h e l o r thesis is t r y i n g to secure c o m m u n i c a t i o n t h r o u g h
R F I D a n d Bluetooth o n the A r d u i n o . The first chapter contains basics
about A r d u i n o . T h e s e c o n d is about the Internet of T h i n g s . I n next
chapter are d e s c r i b e d t y p e s of attacks o n IoT i n A t t a c k . T h e f o u r t h
chapter is about C r y p t o g r a p h i c p r i m i t i v e s i n IoT w i t h essential ele-
ments of cryptography. The fifth chapter shortly described B l u e t o o t h
a n d R F I D i n IoT. A n d i n the e n d , it is the i m p l e m e n t a t i o n part.

1
1 Arduino

A r d u i n o is a m i c r o c o n t r o l l e r (tool for c o n t r o l l i n g electronics). M i c r o -

controllers are u s u a l l y not easy to use. It is necessary to read h u n d r e d s
of pages of the user m a n u a l for b e i n g able to c o n t r o l it. T h a t is one
of the reasons w h y it is A r d u i n o so p o p u l a r because it is easy-to-use.
A n y o n e c a n use it as electronic engineers, hobbyists, students, artists,
programmers, a n d m a n y more.
W h e n u p l o a d i n g the code, it is not necessary to have a n a d d i t i o n a l
piece of h a r d w a r e ; e v e r y t h i n g y o u n e e d is U S B cable. A r d u i n o c a n
attached to a n y i n p u t t l i k e f r o m sensors (temperature sensors, light
sensors, t o u c h sensors, flex sensors) a n d react o n t h e m w i t h o u t p u t s
( D C m o t o r s , servo m o t o r s , L C D s , L E D i n d i c a t o r l i g h t s ) . T h i s o p e n -
source p l a t f o r m is based o n A r d u i n o h a r d w a r e a n d A r d u i n o software
( I D E ) . T h e o p e n - s o u r c e , extensible software a n d h a r d w a r e are also
the reasons for its p o p u l a r i t y . A n y o n e c a n m a k e m o d i f i c a t i o n s to the
h a r d w a r e a n d software, so they c a n create a n A r d u i n o , w h i c h w i l l fit
their project needs.
A r d u i n o is also inexpensive a n d available for anyone. People f r o m
a l l a r o u n d the w o r l d are c o n t r i b u t i n g w i t h libraries, w h i c h s i m p l i f i e s
the use of A r d u i n o e v e n m o r e . A l s o there exists a n endless a m o u n t
of tutorials o n A r d u i n o - b a s e d projects, like garage d o o r o p e n e r , 3 D 1

p r i n t e r s or r o b o t s .
2 3

1.1 History
In 2005 w a s created the first A r d u i n o b o a r d i n Interactive D e s i g n
Institute i n Ivrea, Italy. The core members were M a s s i m o B a n z i , D a v i d
Cuartielles, T o m Igoe, G i a n l u c a M a r t i n o , a n d D a v i d M e l l i s . The n a m e
A r d u i n o is f r o m a b a r w h e r e t h e y u s e d to meet, w h i c h has a n a m e
after k i n g A r d u i n . [1]
A r d u i n o w a s created for students w i t h o u t a n electronics back-
g r o u n d for their fast p r o t o t y p i n g . Before that time, students were u s i n g
the B A S I C Stamp microcontroller, w h i c h has not sufficient c o m p u t i n g

1. h t t p s : / / w w w . m e g u n o l i n k . c o m / a r t i c l e s / a r d u i n o - g a r a g e - d o o r - o p e n e r /
2. h t t p s : / / a l l 3 d p . c o m / 1 / d i y - a r d u i n o - 3 d - p r i n t e r /
3. h t t p s : / / c r e a t e . a r d u i n o . c c / p r o j e c t h u b / p r o j e c t s / t a g s / r o b o t

2
 i. ARDUINO

p o w e r a n d was too expensive for some students ($100). A r d u i n o was

m o r e affordable for students because the p r i c e w a s less expensive
($30) t h a n a B A S I C S t a m p . T h e next essential p r o p e r t y of A r d u i n o
4

is that t h e y d e c i d e d to m a k e it o p e n - s o u r c e , so p e o p l e a l l over the

w o r l d c a n c o n t r i b u t e b y s h a r i n g their A r d u i n o projects. M o r e o v e r , 5

the w h o l e A r d u i n o is v e r y easy to use. These days it is still a suitable

choice for e d u c a t i o n a l p u r p o s e s or any beginner w h o w a n t s to t r y it.

1.2 The Arduino board

1. U S B port - Is for p o w e r i n g A r d u i n o , u p l o a d i n g , a n d c o m m u n i -
cating w i t h sketches.
2. Power connector - O n l y p o w e r s A r d u i n o (accepts 7-12V).
3. Reset Button - P u s h i n g this b u t t o n leads to restarting code,
l o a d e d o n the A r d u i n o . Because it is resetting the A T m e g a m i -
crocontroller.
4. ATmega m i c r o c o n t r o l l e r - F r o m a n A V R f a m i l y of m i c r o c o n -
trollers d e v e l o p e d b y A t m e l .
5. Analog In - This part contains p i n s , w h i c h are inputs only. They
can r e a d a s i g n a l f r o m a n a n a l o g sensor.
6. Digital pins - These p i n s c a n be u s e d as b o t h i n p u t or o u t p u t .
7. Pin 13 L E D - T h i s L E D is c o n n e c t e d to the d i g i t a l p i n 13, a n d
w h e n the p i n is H I G H v a l u e , the l e d t u r n s o n .
8. T X and RX L E D s - T X stands for t r a n s m i t a n d R X for receive.
These L E D s are i n d i c a t o r s of r e c e i v i n g data ( R X t u r n s on) or
t r a n s m i t t i n g data ( T X t u r n s o n ) .
9. Power L E D - S h o w i n g us if A r d u i n o is r e c e i v i n g p o w e r o r not.
10. Voltage r e g u l a t o r - For c o n t r o l l i n g the a m o u n t of voltage level.
11. Power pins - T h i s p a r t contains G r o u n d p i n s ( G N D ) , p i n s for
s u p p l y i n g 9 volts ( V I N ) , 5 volts ( 5 V ) , a n d 3.3 volts ( 3 V 3 ) .
12. ICSP pin - Stands for I n - C i r c u i t S e r i a l P r o g r a m m i n g , c a n be
u s e d instead of the bootloader.
13. R E S E T - P i n for resetting the A r d u i n o .
14. A R E F - Stands for A n a l o g Reference, sometimes u s e d for exter-
n a l reference voltage (0 - 5 V ) .

4. h t t p s : / / w w w . p a r a l l a x . c o m / m i c r o c o n t r o l l e r s / b a s i c - s t a m p
5. h t t p s : / / a r d u i n o h i s t o r y . g i t h u b . i o /

3
 i. ARDUINO

fritzing
F i g u r e 1.1: Schematic of A r d u i n o U N O b o a r d a

a. The image is from Fritzing (software for creating schematics)

1.3 IDE

T h e A r d u i n o i n t e g r a t e d d e v e l o p m e n t e n v i r o n m e n t ( I D E ) is cross-
p l a t f o r m a n d w o r k s o n W i n d o w s , L i n u x , a n d m a c O S . M o s t of the
microcontroller systems can be u s e d o n l y o n W i n d o w s . This I D E is for
w r i t i n g a n d u p l o a d i n g codes or p r o g r a m s to the b o a r d . The A r d u i n o
I D E is completely free a n d simple for u s i n g . Processing I D E i n s p i r e d 6

the A r d u i n o I D E , a n d the l a n g u a g e is i n s p i r e d b y W i r i n g , w h i c h is
7

v e r y easy to use, e v e n for p e o p l e that are total beginners i n p r o g r a m -

6. h t t p s : / / p r o c e s s i n g . o r g /
7. h t t p : / / w i r i n g . o r g . c o /

4
 i. ARDUINO

m i n g . E v e r y p r o g r a m w r i t t e n f o r A r d u i n o is c a l l e d a sketch. These
files e n d w i t h extension .ino. E v e r y sketch contains at least these t w o
functions:
• setup () E v e r y reset o r p o w e r - u p of t h e A r d u i n o b o a r d is this
f u n c t i o n called. F o r i n i t i a l i z i n g variables, p i n m o d e s , a n d m a n y
more.
• loop() Is similar as c a l l i n g while(true). For c o n t r o l l i n g the b o a r d ,
a l l t h e t i m e . It is c a l l e d a l l t h e t i m e after of one-time c a l l i n g
setup ().

v o i d s e t u p () {
// p u t y o u r s e t u p code here , to r u n once :

v o i d l o o p () {
// p u t y o u r m a i n code here, to run repeatedly:

T h i s is h o w every sketch l o o k s l i k e i n the b e g i n n i n g .

5
2 Internet Of Things

P r e v i o u s l y were o n the internet data created o n l y b y people for people.

However, n o w are o n the internet more things than people, that is w h y
it is sometimes n a m e d Internet of Things. It is one of the most important
technologies of the 21st century. International D a t a C o r p o r a t i o n ( I D C )
predicts that i n 2025, there w i l l be 41.6 b i l l i o n connected IoT "things,"
w h i c h w i l l generate 79.4ZB of data. [2]
It is a n e w w a y of c o n n e c t i n g t h i n g s . IoT connects devices a n d
systems to existing infrastructure (internet, computer network, m o b i l e
n e t w o r k ) . Enable to control these devices remotely. Things can receive,
s e n d data, or b o t h . T h e m a i n t h i n g i n IoT are not things, b u t the data
they p r o d u c e . IoT collects f r o m sensors a massive a m o u n t of data. A l l
these data are processed, a n a l y z e d , a n d sent back to the user.
IoT helps us to make more intelligent, logical, a n d better solutions.
W e are u s i n g it i n healthcare, logistics, energetics, transport, meteo-
rology, finance, retail, m a n u f a c t u r i n g , i n v e n t o r y management, smart
homes, a n d m a n y other industries. It can manage infrastructure, struc-
t u r a l changes, w h i c h c a n cause a n y danger. F i n d i n g p a r k i n g places
a n d o p t i m i z e e n e r g y usage i n cars. T r a c k i n g o u r d e l i v e r y or t a x i i n
real-time. T h e p u r p o s e of smart houses w a s first to enable better l i v -
i n g for o l d e r p e o p l e , or p e o p l e w i t h disabilities. These days they are
available for anyone. IoT c a n h e l p u s m a k e o u r d a i l y activities m o r e
comfortable a n d s t r a i g h t f o r w a r d .

2.1 History

P r e v i o u s l y were connected to the internet m a i n l y computers then m o -

biles a n d tablets a n d these days they are things. In 1982, they m o d i f i e d
C o c a C o l a v e n d i n g at U n i v e r s i t y Carnegie M e l l o n for detecting if bev-
erages are c o l d e n o u g h or not. [3] That was the first internet-connected
device.
K e v i n A s h t o n most l i k e l y created the t e r m IoT. In 1999 he u s e d this
t e r m i n a presentation n a m e d Internet for things. H e was f r o m Procter
& G a m b l e , later M I T ' s A u t o - I D Center.

6
 2. INTERNET O F T H I N G S

C i s c o I B S G (Internet Business S o l u t i o n G r o u p ) estimates that IoT

started between 2008 a n d 2009 w h e n o n the internet were more things
t h a n p e o p l e . [4]

2.2 Applications
IoT has m a n y applications w h i c h w e can for simplification segment to:
• I n d u s t r i a l Internet of T h i n g s
• C o m m e r c i a l Internet of T h i n g s
• C o n s u m e r Internet of T h i n g s

2.2.1 Industrial Internet of Things

I n d u s t r i a l IoT (IIoT) has most of the investments a n d a p p l i c a t i o n s of

IoT. It e v o l v e d a machine-to-machine ( M 2 M ) c o m m u n i c a t i o n , w h i c h
is c o m m u n i c a t i o n b e t w e e n m a c h i n e s w i t h o u t h u m a n s i n t e r a c t i o n .
Factories often a l r e a d y c o n t a i n a u t o m a t e d i n d u s t r i a l systems, b u t
these systems are f r e q u e n t l y too o l d , a n d it is v e r y c o m p l i c a t e d to
integrate these devices to s u p p o r t IoT. A l s o , v e r y l o n g t e r m s u p p o r t is
necessary for these companies.
IIoT is a n essential part of the d i g i t a l t r a n s f o r m a t i o n I n d u s t r y 4.0,
w h i c h is s o m e t i m e s c a l l e d the f o u r t h i n d u s t r i a l r e v o l u t i o n . [5] T h i s
r e v o l u t i o n is c r e a t i n g s m a r t factories, w h e r e repetitive a n d straight-
f o r w a r d w o r k s w i l l b e d o n e b y m a c h i n e s , n o t p e o p l e a n y m o r e . It is
expected that this change w i l l save time a n d m o n e y a n d increase the
flexibility of the companies.
IIoT is u s e d i n m a n u f a c t u r i n g , smart cities, agriculture, or b u i l d i n g
a u t o m a t i o n . A p p l i c a t i o n s are i n i n v e n t o r y management, smart f a r m -
i n g , energy c o n s u m p t i o n o p t i m i z a t i o n s , a n d m a n y others. IIoT leads
to better efficiency i n m a n u f a c t u r i n g b y m o n i t o r i n g processes a n d
p r o d u c t - q u a l i t y . It c a n save t i m e a n d m o n e y b y i m p r o v i n g e x i s t i n g
systems a n d m a k i n g p r e d i c t i o n s .

2.2.2 Commercial Internet O f Things

T h i s category is b e t w e e n C o n s u m e r a n d I n d u s t r i a l IoT. It often h a s

to u n d e r s t a n d b o t h of these sides. These n e t w o r k s c o n t a i n d o z e n s
or t h o u s a n d s of devices. C o m m e r c i a l IoT is u s e d i n healthcare, hotel

7
 2. INTERNET O F T H I N G S

services or retail. [6] These devices are c o m m o n l y i m p l e m e n t e d at

places that are frequently v i s i t e d , like office b u i l d i n g s , supermarkets,
hotels, or hospitals for creating a better experience for the visitors.

2.2.3 Consumer Internet of Things

C o n s u m e r IoT focuses o n i m p r o v i n g people's w o r k s a n d lives b y mak-

i n g smarter decisions. O f t e n is focused o n i n d i v i d u a l users or fasmilies.
C o n s u m e r IoT devices are m a i n l y for c o m p l e t i n g tasks a n d services
for us. T h e h a r d w a r e is u s u a l l y quite cheap, w i t h m i n i m u m m a i n t e -
nance a n d l i m i t e d lifetime. [6] E x c h a n g i n g t h e m for n e w upgrades are
quite standard. M o s t l y they are u s e d i n smart homes p r o v i d i n g h o m e
security, m o n i t o r i n g systems, smart thermostats, domestic robots, a n d
m a n y others. C o n s u m e r IoT is also u s e d i n healthcare to h e l p us have
a healthier life, wearable technologies, or tracking o u r valuable things,
like dogs or cats.

8
3 Attacks on IoT

There are m a n y w a y s h o w a n attacker can destroy, read, or change o u r

data. F u r t h e r m o r e , that can cause m a n y dangers, like f i n d o u t private
i n f o r m a t i o n s about us or d i s a l l o w usage of o u r devices.

3.1 The pillars of information assurance

F o r better u n d e r s t a n d i n g , it is g o o d to k n o w m a i n concepts of infor-

m a t i o n assurance [7]:
• Confidentiality: a set of r u l e s for p r o t e c t i n g i n f o r m a t i o n a n d
avoiding publishing them
• Integrity: data cannot be m o d i f i e d w i t h o u t a n y detection
• Authentication: assuring that the accepted data are f r o m a k n o w n
individual
• Non-repudiation: a n i n d i v i d u a l cannot d e n y h a v i n g done oper-
ation
• Availability: e n s u r i n g that for a u t h o r i z e d parties are data avail-
able
It is not necessary to a l w a y s use a l l of these points. It d e p e n d s o n the
use case, a n d w e have to d e c i d e w h i c h p o i n t s are necessary for o u r
particular case. There are t w o m o r e concepts, w h i c h are necessary for
c y b e r - p h y s i c a l features to the IoT. A n d these are [7]:
• Resilience: the a b i l i t y to recover q u i c k l y f r o m v i o l e n c e , i n c l u d -
i n g attacks a n d accidents
• Integrity: p r o p e r t y of b e i n g protected against a n y k i n d s of risk,
danger or i n j u r y

3.2 Threats, vulnerability and risks

For a better u n d e r s t a n d i n g of dangers i n IoT, it is necessary to u n d e r -

s t a n d s o m e concepts a n d k n o w i n g the differences b e t w e e n threats,
v u l n e r a b i l i t y , a n d risks.

9
 3. ATTACKS O N I O T

3.2.1 Threats

There is a difference between a threat a n d a threat actor. E v e r y threat

has a source (threat actor). T h e threat actor is t r y i n g to p e r f o r m a
threat. F o r e x a m p l e , a thief is t r y i n g to m a k e a theft.
T h e r e are m a n y types of threats, b u t w e c a n d i v i d e t h e m i n t o
at least t w o categories, n a t u r a l threats, a n d h u m a n threats. [ 7 ] . T h e
n a t u r a l threat is c a u s e d b y n a t u r e , l i k e e a r t h q u a k e s , h u r r i c a n e s , or
f l o o d s . H u m a n threats are, for e x a m p l e , a i m e d at g e t t i n g sensitive
d a t a or r e m o t i n g IoT d e v i c e s , l i k e M a n - i n - t h e - M i d d l e , i d e n t i t y , a n d
data theft or remote r e c o r d i n g .

3.2.2 Vulnerability

Planning

Threat The exploit potential

Threat actor

Vulnerability The weak spot to be exploited

Execution

Attack The targeted exploit performed

Repeat
(as needed)
The compromise, or impact of the
Compromise successful exploitation
Assess

F i g u r e 3 . 1 : R e l a t i o n s h i p s b e t w e e n threats, v u l n e r a b i l i t y , attacks, a n d
compromise. [ 7 ]

Vulnerabilities exist a l l the time, a n d w e are discovering d a i l y n e w

ones. T h e y c a n be a n y w h e r e , like i n the i m p l e m e n t a t i o n of h a r d w a r e ,

10
 3. ATTACKS O N I O T

i n i n c l u d e d libraries, operating systems, or applications. W e can d i v i d e

t h e m into t w o categories h a r d w a r e a n d software. H a r d w a r e v u l n e r a -
bilities are m o r e d i f f i c u l t to f i n d a n d also h a r d e r to repair. S o f t w a r e
v u l n e r a b i l i t i e s are b u g s i n u s e d a l g o r i t h m s , so t h e y are easier to f i x
b y r e w r i t i n g the software. It is a g o o d h a b i t to a l w a y s u s e n e w u p -
dates, because these u p d a t e s are often f i g h t i n g against n e w l y f o u n d
vulnerabilities.

3.2.3 Risks

R i s k s c a n b e e x p r e s s e d as q u a l i t a t i v e o r quantitative, d e p e n d s o n
o u r m e t h o d of m e a s u r i n g . It is different f r o m v u l n e r a b i l i t y because
it measures the p r o b a b i l i t y of danger, loss, o r injury, d e p e n d i n g o n
h o w significant are the consequences. F o r e x a m p l e , the r i s k c a n be
that s o m e o n e h a c k s w e b c a m a n d see w h a t w e are d o i n g , b u t i f the
c o m p u t e r never connects to the internet, t h e n it is n o t a risk.

3.3 Types of threats on the IoT

In this chapter are l i s t e d the m o s t c o m m o n types of threats o n IoT.
A n d they are[8]:
• Botnets
• D e n i a l of Service
• Man-in-the-Middle
• Identity a n d data theft
• Social engineering
• A d v a n c e d persistent threats
• Ransomware
• Remote r e c o r d i n g

3.3.1 Botnets

A botnet is a network of devices connected to the internet. E a c h device

is infected w i t h m a l w a r e b y a n attacker. Devices can be u s e d i n D D o S
( D i s t r i b u t e d D e n i a l of Service), s e n d i n g a massive a m o u n t of spams,
for s p y i n g p e o p l e a n d o r g a n i z a t i o n s . A l t e r n a t i v e l y , u s i n g c o m p u t e r
1

1. https://www.akamai.com/us/en/resources/what-is-a-botnet.j sp

11
 3. ATTACKS O N I O T

h a r d w a r e a n d electricity for c r y p t o m i n i n g to e a r n c r y p t o c u r r e n c i e s
l i k e B i t c o i n , M o n e r o , or m a n y others. 2

Botnets are b u i l d f r o m d e v i c e s i n f e c t e d w i t h m a l w a r e f r o m the

attackers. T h e y c a n t h e n r e m o t e l y c o n t r o l these devices ( u s i n g c o m -
m a n d s ) or c o n t r o l the server. W h e n the attacker takes c o n t r o l over
one d e v i c e i n the n e t w o r k , there is a r i s k that a l l v u l n e r a b l e d e v i c e s
w i l l be infected too.
Types of botnet a t t a c k s : 3

• Denial of Service - A large n u m b e r of d e v i c e s are c o n n e c t i n g

to the same system or internet service. The consequences can be
longer response times or m a k i n g the service u n a v a i l a b l e .
• Adware - The user is seeing ads selected b y the botnet, w i t h o u t
any k n o w l e d g e of the user.
• Spyware - T h e m a l w a r e sends the i n f o r m a t i o n of the user l i k e
passwords, c a r d n u m b e r s , or p e r s o n a l data to the administrator
of the botnet. H e c a n s e l l these i n f o r m a t i o n s o n the b l a c k m a r -
ket. So even m o r e v a l u a b l e are devices i n s i d e the c o m p a n y , the
attacker c a n sell data to the c o m p e t i t i o n company.
• E-mail spam - T h e d e v i c e of the user is s e n d i n g u n s o l i c i t e d
a d v e r t i s i n g offers.
• Click fraud - O w n e r of the websites can use P P C (pay-per-click)
a d v e r t i s i n g . T h e attacker uses a v i c t i m ' s d e v i c e for c l i c k i n g o n
these sites, so the n u m b e r of clicks is increasing, a n d the o w n e r
has to p a y m o r e .
T h e botnet attacks c a n be v e r y destructive. T h e Mirai botnet shut
d o w n i n 2016 a m a s s i v e p a r t of the internet. It i n f e c t e d a r o u n d 2.5
m i l l i o n devices. M a n y major sites l i k e Twitter, N e t f l i x , a n d C N N . A l s o
p r o m i n e n t R u s s i a n b a n k a n d a n entire L i b e r i a . This botnet u s e d unse-
4

c u r e d IoT devices l i k e laptops, desktops, s m a r t p h o n e s , o r u n s e c u r e d

cameras. The m a l w a r e attacked the servers w h i c h route traffic of the
internet. [9]
T h e C S D E ( C o u n c i l to Secure the D i g i t a l E c o n o m y ) released a n
extensive g u i d e for enterprises about d e f e n d i n g against botnets. [10]
These are f o u r m a i n p o i n t s f r o m that g u i d e [11]:

2. https://www.investopedia.com/tech/what-botnet-mining/
3. h t t p s : / / e n . w i k i p e d i a . o r g / w i k i / B o t n e t
4. h t t p s : / / w w w . c l o u d f l a r e . c o m / l e a r n i n g / d d o s / g l o s s a r y / m i r a i - b o t n e t /

12
 3. ATTACKS O N I O T

1. Update keep a l l systems u p d a t e d

2. Lock down access keep accesses as m i n i m a l as possible
3. Don't go it alone f i n d a partner a n d get h e l p
4. Deepen your defense u s i n g a d v a n c e d analytics for s e c u r i n g
n e t w o r k s , data a n d users

3.3.2 Denial of service

A D o S attack is n o t a t y p e of attack w h e r e the attacker is t r y i n g to

get access to the n e t w o r k or the system. H e is t r y i n g to s h u t d o w n a
m a c h i n e or the w h o l e n e t w o r k to m a k e it i m p o s s i b l e for other users
to use it. [7] T h a t m e a n s h e is p a r a l y z i n g p r o v i d e d services b y the
system.
There are t w o methods of creating this type of attack, most often, it
is f l o o d i n g ( f l o o d i n g services), a n d the second one is exhausting some
n e t w o r k sources ( c r a s h i n g s e r v i c e s ) , b y s e n d i n g i n f o r m a t i o n that
triggers a crash. Legitimate users, like employees or members, cannot
connect to the service or resource t h e y w a n t e d to. It is h u r t i n g the
r e p u t a t i o n of the v i c t i m ' s business. F o r e x a m p l e , w h e n the customer
w a n t s to b o o k a n a i r l i n e ticket as s o o n as p o s s i b l e , a n d the site is
not available, the customer decides to b u y the ticket f r o m a different
airline a n d not w a i t i n g for the recovery of websites. This type of attack
does not get a n y essential pieces of i n f o r m a t i o n b u t costs a v i c t i m
m u c h time for d e a l i n g w i t h this p r o b l e m , l o s i n g money, reputation or
customers.
M a n i f e s t a t i o n s of D D o s ( f r o m the U n i t e d States C o m p u t e r E m e r -
gency Readiness Team):[12]
• u n u s u a l l y slower service
• u n a v a i l a b i l i t y of part of sites or the w h o l e sites
• u n a v a i l a b i l i t y for c o n n e c t i n g to sites
• extreme a m o u n t of accepted s p a m
F u l f i l l m e n t of some of these conditions does not m e a n the D o S attack,
it c a n be just outage caused b y h a r d w a r e or software of the server.

3.3.3 Man-in-the-Middle

A m a n - i n - t h e - m i d d l e attack can be m a d e between two or more parties

c o m m u n i c a t i n g . The attacker is i m p e r s o n a t i n g himself into one of the

13
 3. ATTACKS O NI O T

t r u s t w o r t h y sides i n a conversation. T h e c o m m u n i c a t i o n is u n d e r the

attacker's c o n t r o l . H e c a n o n l y listen to the conversation o r also send
legitimate messages. The attack is successful if the attacker is k e e p i n g
the conversation for l o n g e n o u g h time. [13] T h e attacker m u s t be able
to s e n d packets a n d e a v e s d r o p p i n g a n s w e r s , so h e m u s t p l a c e h i s
device o n the p a t h b e t w e e n e n a b l e d user a n d target station ( v i c t i m ) ,
or he changes the p a t h b e t w e e n t h e m to g o i n g t h r o u g h h i s device.
These attacks c a n use IoT devices l i k e s m a r t refrigerators o r a u -
t o n o m o u s vehicles. T h e attacker c a n c o n t r o l c o m m u n i c a t i o n between
m u l t i p l e IoT devices. The attack can be innocent, l i k e o n l y t u r n i n g o n
a n d off the l i g h t . H o w e v e r , it c a n also b e h a z a r d o u s , f o r e x a m p l e , i n
i n d u s t r i a l a n d m e d i c a l devices.

3.3.4 Identity and data theft

T h i s t y p e of attack a c c u m u l a t e s as m u c h d a t a as p o s s i b l e about the

p e r s o n . T h e attacker c a n k n o w a l m o s t e v e r y t h i n g about u s b y u s i n g
general data he can f o u n d o n the internet. [8] F r o m the i n f o r m a t i o n w e
share o n social m e d i a , d a t a f r o m smartwatches, o r smart fridges, h e
can k n o w almost everything. In o u r smartphones can be most private
d a t a l i k e n a m e , a d d r e s s , date of b i r t h , c u r r e n t p o s i t i o n s , or direct
access to o n l i n e b a n k i n g , m a i l , a n d contacts. It is a significant threat
that the attacker c a n k n o w a l l these i n f o r m a t i o n s just b y getting o u r
phone.
I n research f r o m G a r t n e r [14], t h e y f o u n d o u t that o n l y 5 0 % of
smartwatches have even a n ability to secure screen (by p i n or pattern).
W h e n the attacker uses the device to impersonates the v i c t i m ' s i d e n -
tity, it is r i s k y for other connected devices a n d contacts i n the device,
because they c a n be the next v i c t i m .
H e r e are s o m e w a y s h o w to protect devices against i d e n t i t y a n d
data theft:
• share as little as possible i n f o r m a t i o n about u s e v e r y w h e r e
• e n c r y p t data
• use s t r o n g a u t h e n t i c a t i o n o r i m p r o v e it b y u s i n g m u l t i - f a c t o r
authentication
• have a different p a s s w o r d o n a l l devices a n d every time change
the default assigned p a s s w o r d

14
 3. ATTACKS O N I O T

3.3.5 Social engineering

S o m e t i m e s it is m u c h easier to create attacks t h r o u g h p e o p l e . S o c i a l

engineering is m a n i p u l a t i n g people to make t h e m make a mistake a n d
give the attacker sensitive data or access to the s y s t e m or c o m p u t e r .
M o s t of the t i m e , it uses h u m a n feelings l i k e fear or curiosity. T h e
attacker can get the p a s s w o r d , b a n k details, or control over the v i c t i m ' s
c o m p u t e r b y i n s t a l l i n g m a l w a r e . It is h a r d e r to prepare against these
attacks because they are unpredictable, a n d it stands o n h u m a n error.
Some of the basic r e c o m m e n d a t i o n s against social engineering:
• refuse a l l d o u b t f u l requests for h e l p , f i n a n c i a l details or pass-
word
• d o not o p e n emails or attachments f r o m d o u b t f u l sources
• use m u l t i f a c t o r authentication
• keep a n t i v i r u s a l w a y s u p d a t e d
• frequently c h a n g i n g p a s s w o r d s
• educate employees about these attacks

3.3.6 Advanced persistent threats

A n y o r g a n i z a t i o n c o u l d e n c o u n t e r this threat. T h e attackers d o not

choose o n l y c o m p a n i e s w i t h h i g h - v a l u e d a t a b u t also c o m p a n i e s of
smaller sizes. M o t i v a t i o n s are t y p i c a l l y p o l i t i c a l or economic. O n e or
m o r e p r o f e s s i o n a l hackers are p a i d to b r e a k i n t o the c o m p a n y ' s net-
w o r k a n d get valuable or secret i n f o r m a t i o n . These attacks are different
because they d o not attack l i k e classic v i r u s e s or m a l w a r e o n a large
n u m b e r of different c o m p a n i e s , b u t t h e y attack a specific c o m p a n y .
These attacks m u s t be w e l l p l a n n e d a n d k n o w the v u l n e r a b i l i t y of a
chosen c o m p a n y . T h e attacker c a n be i n the c o m p a n y n e t w o r k , e v e n
for m a n y years w i t h o u t any detection.
Preparations against a d v a n c e d persistant threats [15]:
• create a p l a n a n d assign responsibilities w h e n the data are leaked
• i n s t a l l v i r t u a l private n e t w o r k s (harder to penetrate)
• p r o t e c t i n g v a l u a b l e data a n d restrict their access
• w a t c h differences i n n o r m a l data traffic patterns

15
 3. ATTACKS O N I O T

3.3.7 Ransomware

T h e attacker restricts access to the s y s t e m or files. S o m e of the r a n -

s o m w a r e e n c r y p t s files o n the h a r d d i s k , a n d s o m e l o c k the system.
T h e v i c t i m c a n access systems or files o n l y after p a y i n g a r a n s o m .
C r y p t o c u r r e n c i e s significantly h e l p e d ransomware attackers because
it is i m p o s s i b l e to f i n d the receiver of the transaction.
C o m p u t e r s c a n be affected b y o p e n i n g e m a i l attachments or v i s -
i t i n g a n i n f e c t e d site. T h e attacker c a n c o n t r o l the s m a r t thermostat
a n d t u r n u p the temperature u n t i l the v i c t i m pays the r a n s o m . It can
also be u s e d i n IIoT a n d stop the p r o d u c t i o n of the factory b y shut-
t i n g d o w n p r o d u c t i o n lines. O n e of the most dangerous ransomware
are W a n n a C r y , Petya, or Cerber.[16] A g o o d p r e c a u t i o n is u p d a t i n g
versions of a n o p e r a t i n g system, browser, a n d a n t i v i r u s .

3.3.8 Remote recording

T h e r e are zero-day exploits (the existence of the attack is d i s c o v e r e d

w h i l e a t t a c k i n g ) i n IoT devices, m o b i l e phones, a n d computers, w h i c h
5

allows the attacker to record p u b l i c conversations secretly. The attacker

can hack into the smart camera i n the c o m p a n y or o u r h o m e . R e c o r d
all activities w e d o i n a d a y a n d also acquire confidential i n f o r m a t i o n
about the c o m p a n y or us.

5. h t t p s : / / w w w . k a s p e r s k y . c o m / r e s o u r c e - c e n t e r / d e f i n i t i o n s /
zero-day-exploit

16
4 Cryptographic primitives in IoT

For c r e a t i n g secure c o m m u n i c a t i o n i n IoT is necessary to k n o w the

basics of cryptography. This chapter w i l l be about cryptographic p r i m -
itives, w h i c h are c o m m o n l y u s e d i n IoT. [7,13]
• Encryption
- Symmetric encryption
- Asymmetric encryption
• Hashing
• D i g i t a l signature
- S y m m e t r i c d i g i t a l signature
- A s y m m e t r i c d i g i t a l signature
• R a n d o m n u m b e r generation

4.1 Encryption

E n c o d i n g a n d d e c o d i n g m e t h o d s h e l p us to protect o u r d a t a stored
o n o u r c o m p u t e r or s e n d i n g t h e m t h r o u g h the internet or a n y other
n e t w o r k . C r y p t o g r a p h y is a science of e n c r y p t i o n a n d d e c r y p t i o n
i n f o r m a t i o n . The e n c r y p t e d text is c a l l e d ciphertext, a n d u n e n c r y p t e d
text is c a l l e d plaintext.
First of a l l , the sender a n d receiver m u s t decide w h i c h cipher a n d
the k e y w i l l use. T h e n t h e n sender e n c r y p t s the p l a i n t e x t w i t h the
k e y i n t o ciphertext a n d sends it to the receiver, w h o k n o w s the k e y
a n d d e c r y p t s ciphertext i n t o p l a i n t e x t . T h i s m e t h o d guarantees the
confidentiality of stored data or data transmitted over the internet or
another n e t w o r k . E v e n the attacker gets the ciphertext, h e does not
k n o w the key, a n d g u e s s i n g the k e y takes too m u c h time. That is the
reason w h y e n c r y p t i o n is so v a l u a b l e . O n e of these m e t h o d s is brute
force, w h i c h is t r y i n g a l l possible combinations u n t i l f i n d i n g the right
one.
T o d a y m a n y processes use the s y m m e t r i c e n c r y p t i o n to e n c r y p t
t r a n s m i t t e d data a n d the a s y m m e t r i c e n c r y p t i o n for e x c h a n g i n g the
secret key.

17
 4. C R Y P T O G R A P H I C PRIMITIVES I N IoT

Symmetric Encryption

AK#4Z v Q 0
ov2+s= y
O
TOY/Jli ^

Plain Text Encryption Cipher Text Encryption Plain Text

Algorithm Algorithm

Shared Key

F i g u r e 4.1: D e s c r i p t i o n of s y m m e t r i c e n c r y p t i o n a

a. from: https://hackernoon.com/hn-images/l*m

4.1.1 S y m m e t r i c e n c r y p t i o n

S y m m e t r i c c i p h e r s u s e o n l y a single k e y f o r b o t h e n c r y p t i o n a n d
d e c r y p t i o n . T h i s key is sometimes c a l l e d shared secret because it m u s t
be shared w i t h a l l a u t h o r i z e d entities. Symmetric e n c r y p t i o n is u s u a l l y
faster t h a n a s y m m e t r i c e n c r y p t i o n . T h e most w i d e s p r e a d s y m m e t r i c
cipher is A d v a n c e d E n c r y p t i o n S t a n d a r d ( A E S ) .

4.1.2 A s y m m e t r i c e n c r y p t i o n

A s y m m e t r i c ciphers use t w o different, b u t l o g i c a l l y related keys. O n e

of t h e m is public, w h i c h is p u b l i c to anyone for e n c r y p t i n g the data.
The second one is the private key for d e c r y p t i n g the messages, a n d o n l y
receiver k n o w s it a n d have to keep it i n secret. A s y m m e t r i c c i p h e r s
often use p r i m e numbers. The most w i d e l y u s e d p u b l i c - k e y a l g o r i t h m
is R i v e s t - S h a m i r - A d l e m a n ( R S A ) .

18
 4- C R Y P T O G R A P H I C P R I M I T I V E S I N I O T

Asymmetric Encryption

Love
you
granny

Plain Text Encryption Cipher Text Encryption Plain Text

Algorithm Algorithm

Í Í
Public Key Private Key

F i g u r e 4.2: D e s c r i p t i o n of a s y m m e t r i c e n c r y p t i o n a

a. from:https://hackernoonxom/hn-images/lV2JprXzMMWWNUlnbZOHTqg.png

4.2 Hashing

A hash f u n c t i o n is another type of e n c r y p t i o n w h i c h transforms a large

string of characters into a hash {fingerprint) w i t h a s m a l l fixed u n i q u e
size. T h i s h a s h represents the i n p u t s t r i n g . E v e n a s m a l l difference
( c h a n g i n g a single character i n the string) w i l l create a significant
change i n the r e s u l t i n g h a s h . T h e p r o p e r h a s h f u n c t i o n s h o u l d be
c o m p u t a t i o n a l l y efficient, d e t e r m i n i s t i c , p r e i m a g e resistant ( s h o u l d
not disclose any i n f o r m a t i o n about i n p u t string b y k n o w i n g the hash),
a n d collision-resistant ( v e r y u n l i k e l y that t w o strings w i l l have the
same h a s h ) .
T h e h a s h f u n c t i o n is c o m m o n l y u s e d i n c r e a t i n g a n d v e r i f y i n g
electronic signatures, e n s u r i n g the i n t e g r i t y of the d a t a , o r protect-
i n g saved p a s s w o r d s . M o s t p o p u l a r h a s h a l g o r i t h m s are the Secure
H a s h i n g A l g o r i t h m ( S H A - 2 a n d S H A - 3 ) a n d Message A l g o r i t h m 5
(MD5).

19
 4 . C R Y P T O G R A P H I C P R I M I T I V E S I N IoT

4.3 Digital signatures

T h e d i g i t a l signature is a m a t h e m a t i c a l t e c h n i q u e for p r o v i d i n g i n -
tegrity, a u t h e n t i c a t i o n , d a t a o r i g i n , a n d sometimes also r e p u d i a t i o n
p r o t e c t i o n . It h e l p s u s to v a l i d a t e the authenticity, i n t e g r i t y (of the
message, d i g i t a l d o c u m e n t or software) a n d n o n - r e p u d i a t i o n . [13]
I n the b e g i n n i n g , are generated t w o k e y s , private a n d public. F o r
creating the signature, it uses its p r i v a t e k e y to e n c r y p t i n g signature-
r e l a t e d data. T h e s h a r e d p u b l i c k e y is for d e c r y p t i o n of these data.
T h i s m e t h o d is r e p l a c i n g the classic h a n d w r i t t e n signature. Part of it
is the i d e n t i f i c a t i o n of the p e r s o n creating the signature, so it is also
v e r i f y i n g the i d e n t i t y of the sender. If the verification of the signature
is succes, it means that the data are t r u l y signed b y k n o w n or declared
k e y a n d the data has not b e e n c o r r u p t e d .
T h e d i g i t a l signature is these d a y s r e c o g n i z e d as a h a n d w r i t t e n
signature i n m a n y countries. There are t w o types of d i g i t a l signature
symmetric and asymmetric.

4.3.1 Symmetric digital signature

S y m m e t r i c signatures c a n be c a l l e d M A C . It uses the s a m e k e y for

generating a n d also v e r i f y i n g . For generating the authentication code
of the message are u s e d s y m m e t r i c c i p h e r s or a n y h a s h f u n c t i o n s .
Because M A C uses the key, w h i c h is p u b l i c for sender a n d receiver, it
cannot enable n o n - r e p u d i a t i o n , so the entity cannot be authenticated.
O n l y c a n ensure that data are int the o r i g i n a l f o r m . M A C a l g o r i t h m s
are often connected w i t h e n c r y p t i o n ciphers to create authentication
e n c r y p t i o n . That a l l o w s c o n f i d e n t i a l i t y a n d authentication. [7]

4.3.2 Asymmetric digital signature

T h e s i g n is generated u s i n g a p r i v a t e key. T h i s signature enables a u -

thentication of data a n d entity a n d also guarantees integrity a n d n o n -
r e p u d i a t i o n of t h e m . T y p i c a l a s y m m e t r i c d i g i t a l signatures are R S A ,
D i g i t a l Signature A l g o r i t h m ( D S A ) , a n d E l l i p t i c C u r v e D i g i t a l Signa-
ture A l g o r i t h m ( E C D S A ) . A s y m m e t r i c d i g i t a l signature c a n be u s e d
for authentication f r o m one device to another or s i g n i n g software. [7]

20
 4. C R Y P T O G R A P H I C PRIMITIVES I N I O T

4.4 Random number generation

R a n d o m n u m b e r generators ( R N G ) are a n essential p a r t of c r y p t o g -
raphy. R N G s are often u s e d for g e n e r a t i n g c r y p t o g r a p h i c variables
like keys. W h e n the n u m b e r is large e n o u g h , it is u n l i k e l y to guess the
right n u m b e r , a n d u s i n g brute force takes too m u c h time.
R N G c a n be d e t e r m i n i s t i c or n o n d e t e r m i n i s t i c [ 7 ] . D e t e r m i n i s t i c
R N G often uses some software methods for generating numbers. They
w i l l , for the same i n p u t , generates the same o u t p u t . These n u m b e r s
seem r a n d o m at the b e g i n n i n g , b u t lately, t h e y are r e p e a t i n g . T h e
n o n d e t e r m i n i s t i c R N G generates g e n u i n e l y r a n d o m n u m b e r s . These
generators r e q u i r e h i g h l y r a n d o m seeds ( i n p u t ) o n the a s s u m p t i o n
of h a v i n g h i g h entropy sources. G e n e r a t e d n u m b e r s are w i t h o u t any
p a t t e r n or p o s s i b i l i t y to p r e d i c t the n u m b e r s .
It is difficult to recognize the difference between deterministic a n d
nondeterministic R N G s , b u t w e c a n use statistical analysis to analyze
t h e m . H a v i n g t r u l y r a n d o m n u m b e r s is v e r y i m p o r t a n t because the
b a d generator can generate predictable n u m b e r s , a n d that c o u l d be a
back d o o r for the attacker.

21
5 Bluetooth and RFID in IoT

The i m p l e m e n t a t i o n part is f o c u s i n g o n securing Bluetooth a n d R F I D

c o n n e c t i o n . T h i s chapter represents the basics of these technologies
q u i c k l y a n d h o w are they u s e d i n IoT.

5.1 Bluetooth

B l u e t o o t h w a s i n v e n t e d i n 1994 b y electrical engineer Jaap H a a r t s e n ,

w h o w o r k e d for E r i c s s o n [17]. It is a s t a n d a r d for w i r e l e s s c o m m u n i -
cation ( u s i n g r a d i o waves) b e t w e e n t w o o r m o r e devices like tablets,
m o b i l e p h o n e s , l a p t o p s , p r i n t e r s , s m a r t w a t c h e s , headset, or v i d e o
game controllers. B l u e t o o t h is the r i g h t choice for s e n d i n g a s m a l l
a m o u n t of data for m i n i m a l p o w e r c o n s u m p t i o n i n a short-range en-
v i r o n m e n t . P r e v i o u s l y w a s u s e d for c o m m u n i c a t i o n between h u m a n
a n d device, b u t these days m a i n l y for c o m m u n i c a t i o n between things.
B l u e t o o t h h e l p e d the r a p i d g r o w t h of IoT, i n s m a r t h o m e s or i n -
dustry. E v e n B l u e t o o t h has a l o w e r range, it is suitable for i n d u s t r i a l
a n d homes. In i n d u s t r i a l is Bluetooth u s e d for s e n d i n g a short a m o u n t
of data (measured f r o m sensors) t h r o u g h the n o i s y environment, the
W i F i w o u l d have too m a n y p r o b l e m s i n this e n v i r o n m e n t . B l u e t o o t h
is also great for i n d o o r t r a c k i n g because it w o r k s i n d o o r s better t h a n
G P S . G P S cannot get the signals f r o m the satellites i n d o o r s .
The Bluetooth Special Interest G r o u p (SIG) w o r k s o n n e w versions
of B l u e t o o t h , the c o m p a n y w a s established i n 1998 b y E r i c s s o n , I B M ,
Intel Toshiba, a n d N o k i a . [17] In 2016, SIG came w i t h the latest v e r s i o n
of Bluetooth, a n d that is Bluetooth 5. The most significant advantages
of this v e r s i o n are a n a b i l i t y for a s e l f - h e a l i n g m e s h n e t w o r k (other
nodes can communicate even the one runs out of the p o w e r ) , it is two
times faster, has four times larger range, a n d eight times enlargement
of data packages for broadcasting.
Bluetooth topologies : 1

• point to point (One-to-one): m o u s e a n d c o m p u t e r

1. h t t p s : / / w w w . i o t f o r a l l . c o m / b l u e t o o t h - i o t - a p p l i c a t i o n s /

22
 5- B L U E T O O T H A N D R F I D I N I O T

• broadcast (One-to-many): u s i n g one m o b i l e for c o m m u n i c a t i o n

w i t h m o r e devices like printer, h e a d p h o n e s , a n d smartwatches
at the same t i m e
• mesh ( M a n y - t o - m a n y ) : c o n n e c t i n g a l l lights i n a w a r e h o u s e
I n a m e s h t o p o l o g y are a l l n o d e s , the transmitters, receivers, a n d
also relays. The data go t h r o u g h the m e s h omnidirectionally, not o n l y
l i n e a r l y that a l l o w s the a b i l i t y of s e l f - h e a l i n g . T h e B l u e t o o t h uses a
f l o o d i n g technique for transferring i n f o r m a t i o n i n s i d e the m e s h . The
n o d e f l o o d a l l n o d e s i n s i d e its range, a n d the next range d o the same
thing. The n e t w o r k can choose the o p t i m a l T i m e - t o - L i v e ( T T L ) values
for c o n s e r v i n g energy.

5.2 RFID
Radio-frequency identification (RFID) is u s e d for i d e n t i f y i n g , control-
l i n g , or t r a c k i n g objects i n r e a l - t i m e if n e e d e d . R F I D is u s i n g r a d i o
waves too.
T h e R F I D s y s t e m is c o m p o s e d of three parts: tag, reader/writer,
a n d a p p l i c a t i o n system. [18] The R F I D tag is u s e d for i d e n t i f y i n g the
objects. There are two types of R F I D tag active a n d passive. A c t i v e has
a n energy source a n d is p o w e r e d so it c a n start to c o m m u n i c a t e w i t h
other tags. Passive has n o battery or energy source, a n d for c o m m u -
n i c a t i o n , the t a g m u s t get the e n e r g y f r o m the reader. T h e reader is
for starting the c o m m u n i c a t i o n a n d transferring the data between the
a p p l i c a t i o n s y s t e m a n d the tag. T h e a p p l i c a t i o n s y s t e m initiates a l l
the activities that the reader a n d tag d o a n d collects the data.
R F I D systems fit for t r a c i n g , m o n i t o r i n g , a n d m a n a g i n g objects.
M a n a g i n g resources can use these systems. S o o n can be R F I D u s e d i n
h o s p i t a l s , each p a t i e n t w i l l get the bracelet w i t h a n R F I D t a g so the
h o s p i t a l can track the movements of the patient, a n d this process can
r e d u c e the r e g i s t r a t i o n t i m e , too, if the p a t i e n t w a s registered once
before. A i r l i n e s c a n track the l u g g a g e for a better o v e r v i e w of their
locations.
Because of the l o w cost of R F I D a n d its resource limitations, there is
still n o appropriate security a n d privacy. M a n y scientists are w o r k i n g
o n creating a low-cost security s o l u t i o n .

23
6 Implementation part

Security s h o u l d be a n integral part of every device. W e d o not w a n t to

enable the attacker to k n o w o u r p r i v a t e i n f o r m a t i o n s or w h a t are w e
d o i n g at the m o m e n t or a l l o w h i m to c o n t r o l o u r devices. That is the
reason w h y it is so essential to secure c o m m u n i c a t i o n s . This chapter is
focused o n securing o n l y Bluetooth a n d R F I D c o m m u n i c a t i o n s o n the
A r d u i n o , b u t there are almost everywhere things for i m p r o v i n g . First
is secured R F I D p a r t c o m m u n i c a t i o n b e t w e e n A r d u i n o a n d tag. The
second part is about securing connections t h r o u g h Bluetooth between
A r d u i n o a n d the computer.

6.1 Components

fritzing

F i g u r e 6.1: Schematics

These are c o m p o n e n t s u s e d i n this i m p l e m e n t a t i o n part.

1. Arduino U N O
2. Breadboard
3. MFRC522 RFID Reader w h i c h c a n b o t h w r i t e d a t a to the tag
a n d r e a d data f r o m the tag
4. HC05 Module Bluetooth a l l o w s to s e n d a n d receive d a t a be-
tween A r d u i n o a n d computer

24
 6. I M P L E M E N T A T I O N PART

a. source: https://icon-libraxy. a. source: http://www.

net/images/key-icon-white/ resistorguide.com/pictures/
key-icon-white-20.jpg photoresistor.png

F i g u r e 6.3: L D R f l

5. L E D lights
6. L C D Display
7. YWRobot LCM1602
8. D H T 2 2 h u m i d i t y a n d temperature sensor
9. Light dependent resistor

6.2 Sensors
The i m p o r t a n t f u n c t i o n of the Internet of T h i n g s is collecting the data
f r o m the sensors, a n a l y z i n g t h e m , a n d deduce solutions for i m p r o v i n g
the c o n d i t i o n s at smart h o m e s or i n i n d u s t r i a l . In this project, w e are
u s i n g d a t a f r o m three sensors. T h e m e a s u r e d v a l u e s w i l l be f r o m
t e m p e r a t u r e , h u m i d i t y , a n d a l i g h t - d e p e n d e n t resistor ( L D R ) . F o r
m e a s u r i n g temperature ( i n C ) a n d h u m i d i t y ( i n percent) w i l l be used
D H T 2 2 sensor. T h e L D R is connected to the a n a l o g p i n a n d measure
values i n range 0-1023.

6.3 Attacker model

T h e attacker is t r y i n g to authenticate as registered t a g a n d get the
data w e send f r o m the A r d u i n o to the computer. W e assume that the
attacker is n o t p h y s i c a l l y near the A r d u i n o w h i l e e x c h a n g i n g k e y s
so he cannot see the L C D , a n d that h e cannot use a n y t e c h n i q u e for
r e a d i n g the A r d u i n o m e m o r y . W e also are expecting that the attacker
w i l l not get to the reader before o u r tag after c l o n i n g it. A n d that every
time the tag is connected to the reader it is connected l o n g e n o u g h , so
the reader c a n r e a d a n d w r i t e data.

25
 6. I M P L E M E N T A T I O N PART

6.4 Threat modeling

H e r e are listed the possible attacks [19] w e are defensing against.
• relay attacks - O n e attacker is near the o r i g i n a l tag a n d starting
the c o m m u n i c a t i o n w i t h the tag, a n d the s e c o n d attacker is
s e n d i n g the same signals as the tag to the r e a d e r . 1

• cloning the tag - T h e r e are m a n y w r i t a b l e R F I D tags, a n d it is

pretty s i m p l e to c o p y the u n i q u e identifier of the o r i g i n a l tag or
copy the rest of the m e m o r y to the attacker's tag.
• spoofing the tag - The attacker can listen to the c o m m u n i c a t i o n
between R F I D a n d the reader. T h e n he can try to impersonating
the t a g b y r e t r a n s m i t t i n g the c o m m u n i c a t i o n before a n d g a i n
the p r i v i l e g e s of the o r i g i n a l tag.
• impersonation the reader - M o s t of the time, r e a d i n g f r o m the
tag is not a u t h o r i z e d so that any reader c o u l d read a l l the data
w r i t t e n o n the tag.
• e a v e s d r o p p i n g - The attacker can place the antenna between the
reader a n d the t a g or b e t w e e e n the B l u e t o o t h c o m m u n i c a t i o n .
T h a t a l l o w s the attacker to l i s t e n to the c o n v e r s a t i o n b e t w e e n
them.
• u n a u t h o r i z e d tag r e a d i n g - A n y o n e c a n r e a d the data w r i t t e n
o n the tag.
• tag modification - The data w r i t t e n o n the tag c a n be m o d i f i e d
b y the attacker.
• pin cracking - T h e attacker c a n crack the p a i r i n g p i n for B l u e -
tooth.
• man-in-the-middle - T h e attacker c a n eavesdrop a n d m a n i p u -
late the c o m m u n i c a t i o n t h r o u g h the B l u e t o o t h or R F I D .

6.5 Encryption
T h e i m p l e m e n t a t i o n is u s i n g A d v a n c e d E n c r y p t i o n S t a n d a r d ( A E S )
for e n c r y p t i n g f r o m the A r d u i n o C r y p t o g r a p h y Library. A E S is a stan-
d a r d i z e d a l g o r i t h m for e n c r y p t i o n . It is a s y m m e t r i c cipher, so it uses
the s a m e k e y for e n c r y p t i o n a n d d e c r y p t i o n . I n the i m p l e m e n t a t i o n

1. https://www.comparitech.com/blog/information-security/
what-is-relay-attack/

26
 6. I M P L E M E N T A T I O N PART

is s p e c i f i c a l l y u s e d AES128[20], w h i c h is a b l o c k c i p h e r u s i n g 128-
bits l o n g key. T h e reason f o r c h o o s i n g this a l g o r i t h m is that it w o r k s
quickly, a n d it is sufficient for short data l i k e ours.

6.6 Key generation

For generating keys, w e need t r u l y r a n d o m numbers to make the keys

unpredictable. That is the reason w h y the f u n c t i o n for generating keys
is n o t u s i n g A r d u i n o random () because this f u n c t i o n generates o n l y
p s e u d o - r a n d o m numbers. This project uses the E n t r o p y library, w h i c h
uses w a t c h d o g timer's n a t u r a l jitter to create g e n u i n e l y r a n d o m n u m -
bers. T h e benefit of this l i b r a r y is that it does n o t use a n y a d d i t i o n a l
h a r d w a r e a n d still has m o r e r a n d o m n u m b e r s t h a n R N G s , w h i c h use
an u n c o n n e c t e d a n a l o g p i n . T h i s l i b r a r y c a n f u n c t i o n o n l y o n A V R
chips w i t h a w a t c h d o g i n t e r r u p t vector. [21]
T h e getKey() f u n c t i o n generates the k e y of 16 characters. It uses
the R N G , f o r e v e r y p o s i t i o n of k e y is generated a r a n d o m n u m b e r ,
w h i c h is m a p p e d to alphabetic, n u m e r i c signs a n d + o r -.
A t the b e g i n n i n g , every time is called setup () f u n c t i o n , t h e n there
is generated a n e w key, w h i c h is a key for A E S ( A d v a n c e d E n c r y p t i o n
Standard). This key is for e n c r y p t i o n a n d d e c r y p t i o n the c o m m u n i c a -
t i o n b e t w e e n A r d u i n o a n d the c o m p u t e r t h r o u g h the Bluetooth.
E v e r y registered tag is h a v i n g at the m o m e n t t w o keys too. T h e i r
f u n c t i o n w i l l be described below.

6.7 Key exchange

In the b e g i n n i n g i n setup () f u n c t i o n is generated a k e y for A E S to

securing c o m m u n i c a t i o n t h r o u g h the Bluetooth. W e c a n call it for the
s i m p l i f i c a t i o n Bluetooth key. T h e L C D screen w i l l d i s p l a y the key, a n d
the user h a s to r e w r i t e it. If h e fails three times, A r d u i n o generates a
n e w Bluetooth key. This is protections against guessing or brute force. If
the h a s h of this key is the same as the generated one, the key exchange
w a s safe, a n d w e k n o w that the user m u s t b e near the A r d u i n o . T h i s
part is u s i n g S H A 2 5 6 (Secure H a s h A l g o r i t h m 256) as h a s h f u n c t i o n .

27
 6. I M P L E M E N T A T I O N PART

6.8 RFID

F i g u r e 6.4: M F R C 5 2 2 '

a. source: https://raw.githubusercontent.com/playfultechnology/
arduino-rfid-MFRC522/master/documentation/MFRC522.jpg

In the registration part, w e are s a v i n g the tags w e w a n t to register

to t h e s y s t e m . T h e user h a s to insert t h e n a m e of e a c h t a g , w h i c h
m u s t have 1-16 characters a n d cannot b e the same as p r e v i o u s ones.
The A r d u i n o saves its n a m e , U I D , a n d generates t w o keys. O n e is the
current key, a n d the second one is the last key. T h e A E S uses the current
key to e n c r y p t the tag's n a m e a n d last key a n d w r i t e these c i p h e r s to
the tag.
That is a defense against the c l o n i n g a n d the s p o o f i n g of the R F I D
tag. The tag must contain data f r o m the last connection or the A r d u i n o
w i l l deny. W e are expecting that if the attacker clones the tag, w e w i l l
use o u r t a g before h i m , so h i s t a g w i l l b e d e n i e d , because the t a g
does n o t c o n t a i n expected data. E v e n i f the reader w i l l i m p e r s o n a t e
a n d r e a d f r o m t h e t a g , t h e d a t a are c i p h e r e d so t h e y are n o t s a y i n g
anything. M o d i f i c a t i o n of the tag leads to d e n y i n g of the tag next time
it is u s e d .
A f t e r the registration part, the A r d u i n o waits c o n t i n o u s l y for c o n -
n e c t i n g the t a g to the reader. A r d u i n o checks i f the tag is f r o m regis-
tered ones. T h e reader reads U I D a n d ciphertexts w r i t t e n o n the tag.
T h e n t h e ciphertexts are d e c i p h e r e d w i t h t h e current key, a n d i f the
d e c i p h e r e d text is the same as the n a m e a n d last k e y saved w i t h this
U I D , t h e n it is a correct tag.
N o w , after s e n d i n g t h e d a t a f r o m sensors (this process w i l l be
described i n the Bluetooth p a r t ) , A r d u i n o assigns the current key to the
last key a n d generates a n e w current key. This process is the same as i n

28
 6. I M P L E M E N T A T I O N PART

AE5128

name ^ encrypted data

last key

T
<^3
current key

F i g u r e 6.5: D e s c r i p t i o n of u s i n g AES128'•a

a. source of the key i c o n : h t t p s : / / i c o n - l i b r a r y . n e t / i m a g e s / k e y - i c o n - w h i t e /

key-icon-white-20.jpg

registration. A r d u i n o uses A E S 1 2 8 takes the current key for e n c r y p t i n g

the n a m e a n d last key a n d w r i t e these c i p h e r s o n t h e tag. It is v e r y
important to connect the tag l o n g e n o u g h to the reader, so it c a n w r i t e
the n e w data to the tag. If the tag is connected a n d the reader have n o
time for w r i t i n g n e w data, the tag is b e c o m i n g i n v a l i d .

6.9 Bluetooth
In the b e g i n n n i n g the d e v i c e m u s t b e p a i r e d w i t h the A r d u i n o . It is
possible to change the P I N for p a i r i n g . [22] But w i t h 10 000 possibilities
it is still easy to crack the P I N w i t h brute-force.
A f t e r c o n n e c t i n g t h e registered t a g to t h e reader, i f this process
w a s successful, temperature, h u m i d i t y , a n d photoresistor v a l u e s are
m e a s u r e d . These v a l u e s are w r i t t e n i n a single s t r i n g , w h i c h w i l l
have the l e n g t h of 16 characters because A E S w e u s e c a n e n c r y p t
o n l y strings w i t h l e n g t h w i t h m u l t i p l e of 16. T h i s s t r i n g is e n c r y p t e d
u s i n g the Bluetooth key. A n d A r d u i n o sends this e n c r y p t e d s t r i n g to
the computer. P y t h o n script w e use c a n decrypt this cipher because it
already k n o w s the Bluetooth key.

29
 6. I M P L E M E N T A T I O N PART

Nil

F i g u r e 6.6: H C - 0 5 "

a. source: https://5.imimg.com/data5/AK/TP/MY-9380557/
bluetooth-module-hc-05-500x500.jpg

If deciphered data are correct, then they are w r i t t e n to the database

after every successful connection of the registered tag w i l l be w r i t t e n
the time a n d date, n a m e of the tag, temperature, h u m i d i t y , a n d L D R
value to the database.
E n c r y p t i o n of the d a t a is d e f e n s i n g against m a n - i n - t h e - m i d d l e
attack.
This project uses the S Q L i t e database because w e d o not w o r k w i t h
b i g data, a n d this database is e n o u g h for o u r p u r p o s e .

30
7 Conclusion

It is t o u g h a n d e v e n i m p o s s i b l e to protect u s against a l l threats, v u l -

nerabilities, a n d r i s k s . E s p e c i a l l y if n e w f o r m s of danger are created
every day. H o w e v e r , it is still necessary to keep pace w i t h the attackers.
There w i l l always be n e w attackers w i t h n e w ways of e n d a n g e r i n g us
or o u r devices. It c a n be o n l y t u r n i n g o n a n d off the l i g h t , b u t it c a n
also be c o n t r o l l i n g o u r car or m e d i c a l devices, a n d that c a n threaten
our lives.
D u r i n g this thesis, I d i s c o v e r e d w h a t is A r d u i n o capable of a n d
all the possibilities that IoT can b r i n g to o u r lives. I learned about the
dangers that can h a p p e n i n IoT a n d the options of Bluetooth a n d R F I D .
M y task for this thesis w a s the i m p l e m e n t a t i o n of a secure c o m -
m u n i c a t i o n t h r o u g h Bluetooth a n d R F I D i n A r d u i n o . I considered the
possible dangers a n d tried to choose the appropriate solutions for this
p a r t i c u l a r case.
The continuation i n this thesis c o u l d be t r y i n g different ways of p r o -
tecting these communications or protecting different parts of A r d u i n o
or any other Internet of T h i n g s device.

31
Bibliography

1. The Making of Arduino [online]. B r n o : D a v i d K u s h n e r , 2011 [vis-

i t e d o n 2019-10-09]. A v a i l a b l e f r o m : h t t p s : / / s p e c t r u m . i e e e .
org/geek-1if e/hands-on/the-making-of-arduino.
2. The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB
of Data in 2025, According to a New IDC Forecast [ o n l i n e ] . B r n o :
I D C , 2019 [visited o n 2019-11-08]. A v a i l a b l e f r o m : h t t p s : //www.
idc.com/getdoc.j sp?containerId=prUS45213219.
3. G R E E N G A R D , S a m u e l . The Internet of Things. 1st e d . N e w York,
N Y : T h e M I T Press Essential K n o w l e d g e series, 2015. I S B N 978-
0262527736.
4. The Internet of Things How the Next Evolution of the Internet Is Chang-
ing Everything. B r n o : C i s c o , D a v e E v a n s , 2011. A v a i l a b l e also
f r o m : h t t p s : / /www . i d c . c o m / g e t d o c . j s p ? c o n t a i n e r I d =
prUS45213219.

5. V E N E R I , G . ; C A P A S S O , A . Hands-On Industrial Internet of Things:

Create a powerful Industrial IoT infrastructure using Industry 4.0.
Packt P u b l i s h i n g , 2018. I S B N 9781789538304. A v a i l a b l e also f r o m :
https://books.google.cz/books?id=VN18DwAAQBAJ.
6. IoT: Consumer Commercial vs. Industrial - Main overview. B r n o :
M a r i a H e r n a n d e z , 2019. A v a i l a b l e also f r o m : h t t p s : / / u b i d o t s .
com / b l o g / i o t - consumer - v s - c o m m e r c i a l - vs - i n d u s t r i a l -
main-overview/.

7. B R I A N , Russell.; V A N D Ü R E N , D r e w . Practical Internet of Things

Security. 1st e d . Packt P u b l i s h i n g , 2016. I S B N 978-1785889639.
8. 8 types of security threats to IoT [online]. B r n o : N a v e e n Joshi, 2019
[visited o n 2019-11-20]. A v a i l a b l e f r o m : h t t p s : //www. a l l e r i n .
com/blog/8-types-of-security-threats-to-iot.
9. What is the Mirai Botnet? B r n o : C l o u d F l a r e , available also f r o m :
h t t p s : / /www . c l o u d f l a r e . c o m / l e a r n i n g / d d o s / g l o s s a r y /
mirai-botnet/.

32
 BIBLIOGRAPHY

10. Security Tip (ST04-015) Understanding Denial-of-Service Attacks.

B r n o : C o u n c i l to Secure the D i g i t a l E c o n o m y , 2009. A v a i l a b l e
also f r o m : h t t p s : / /www . c l o u d f l a r e . c o m / l e a r n i n g / d d o s /
glossary/mirai-botnet/.
11. International botnet and security guide 2020 [ o n l i n e ] . B r n o : C S D E ,
2012 [ v i s i t e d o n 2019-10-20]. A v a i l a b l e f r o m : h t t p s : / /www .
u s t e l e c o m . o r g / w p - c o n t e n t / u p l o a d s /2019/11 / USTelecom_
CSDE-Botnet-Report_2020.pdf.
12. Security Tip (ST04-015) Understanding Denial-of-Service Attacks.
B r n o : C e r t i f i e d I n f o r m a t i o n S y s t e m s A u d i t o r , 2009. A v a i l a b l e
also f r o m : h t t p s : //www.us-cert . g o v / n c a s / t i p s / S T 0 4 - 0 1 5 .
13. P U Ž M A N O V Á , R i t a . Bezpečnost bezrátové komunikace: Jak zabez­
pečit Wi-Fi, Bluetooth, GPRS či 3G. 1. v y d . B r n o : C P B o o k s , 2005.
I S B N 80-251-0791-4.
14. Internet of Things Security Study: Smartwatches [online]. B r n o : Gart­
ner, 2015 [visited o n 2019-10-20]. A v a i l a b l e f r o m : h t t p s : //www.
ftc.gov/system/files/documents/public_comments/2015/
10/00050-98093.pdf.

15. Advanced Persistent Threats and How Your Organization Can Deter
Them [ o n l i n e ] . B r n o : S u s a n H o f f m a n , 2018 [ v i s i t e d o n 2019-10-
20]. A v a i l a b l e f r o m : h t t p s : / / i n c y b e r d e f ense . c o m / f e a t u r e d /
advanced-persistent-threats-deter/.
16. Ransomware. B r n o : A v a s t , available also f r o m : h t t p s : / / www .
avast.com/cs-cz/c-ransomware.
17. B A R K E R , D . M . ; M C M I C H A E L G I L S T E R , Diane. Bluetooth end to
end. 1st e d . N e w York, N Y : M T B o o k s , 2002. I S B N 0-7645-4887-5.
18. JIA, Xiaolin; F E N G , Q u a n y u a n ; F A N , Taihua; L E I , Quanshui.
R F I D technology a n d its applications i n Internet of Things (IoT).
2022 2nd International Conference on Consumer Electronics, Com­
munications and Networks, CECNet 2012 - Proceedings. 2012. A v a i l ­
able f r o m D O I : 10.1109/CECNet. 2012.6201508.

19. M I T R O K O T S A , Aikaterini; R I E B A C K , Melanie; T A N E N B A U M ,

A n d r e w . C l a s s i f i c a t i o n of R F I D Attacks. In: 2008, p p . 73-86.

33
 BIBLIOGRAPHY

20. Advanced Persistent Threats and How Your Organization Can Deter
Them [ o n l i n e ] . B r n o : S u s a n H o f f m a n [ v i s i t e d o n 2019-09-20].
Available from: h t t p s : //rweather . g i t h u b . i o / a r d u i n o l i b s /
classAES128.html#details.
21. Entropy library [ o n l i n e ] . B r n o : W a l t e r A n d e r s o n , 2012 [ v i s i t e d
o n 2019-09-14]. A v a i l a b l e f r o m : h t t p s : / / s i t e s . g o o g l e . com/
site/astudyofentropy/project-definition/timer-j i t t e r -
entropy-sources/entropy-library.

22. Instructions to set Bluetooth Module HC-05 password using Arduino

[ o n l i n e ] . B r n o : evelta, 2019 [ v i s i t e d o n 2019-11-20]. A v a i l a b l e
from: h t t p s : / / w w w . e v e l t a . c o m / b l o g / i n s t r u c t i o n s - t o - s e t -
bluet ooth-module-hc05-password-using-arduino/.

34
A An appendix

A t t a c h m e n t s contain
• A r d u i n o sketch
• L i b r a r i e s necessary for the sketch
• P y t h o n script for c o m m u n i c a t i n g f r o m the c o m p u t e r