7CS081 Advanced Security Protocols

Student name ID Instructor name

Abstract
 The idea behind IoT is to enable commonplace objects to make informed choices with the
help of data they get from one another. In this article, we outline the fundamental building
blocks of the Internet of Things and discuss its overall generic design.
 We also highlight the most important area of application where IoT will be vital. We then
discuss the several IoT technologies and identify the divide that must be closed in order to
put it all into effect.
 We conducted a comprehensive analysis of current IoT security protocols and architectures
to locate a possible gap or vulnerability, then developed an evaluation technique to
evaluate this weakness and provide technological solutions to the issue.
Introduction

 As grow up, we learn to make sense of the world by engaging with the Things we
encounter. We rely on a vast array of appliances and gadgets toasters, refrigerators,
smartphones, water fountains, fans, air conditioners, etc. Connecting these "things"
through virtual or physical connection and allowing them to exchange data and coordinate
their operations is central to the notion of the Internet of Things.
 In the case of a thermostat and air conditioner, for instance, the Internet of Things enables
them to exchange data with one another so that the air conditioner may be adjusted based
on the actual room temperature. The Internet of Things (IoT) refers to the widespread
existence of "things" or "items" that are able to connect with each other and collaborate
with their nearby "smart" components via unique addressing systems, such as RFID tags,
sensors, actuators, mobile phones.
Proposed System

 At present we consider Institutions and Organizations as an application Domain for IoT

and we are proposing an IoT framework for them. Our motive behind incorporating IoT in
this domain is to optimize the utilization of organizational resources like electrical power,
water, and parking space.
 Major challenges associated with IoT for organization is formation of network of large
number of publically accessed devices with low bandwidth, and less power efficient radios.
We are working on dynamic addressing scheme which will reduce the packet size up to
great extent which will address the problem of unscalable and power efficient device
network.
IoT architecture

 One of the hurdles with IoT is that it is such broad concept that there is no standard
uniform reference architecture for it till now. The IoT system consists of the variety of
heterogeneous sensors, network, communication methodologies and processing
technologies, but integrating these different types of technologies, the problem of
interoperability arises. To address the problem of interoperability, there must be
standardized IoT architecture.
Architecture and protocol stack for the
Internet of Things

Figure 1: IoT architecture and protocol Stack

 IoT Architecture Layers
Sensing Layer
The Sensing layer includes sensors, actuators, and other devices. Physical or
environmental characteristics are read by these sensors and actuators,
processed, and output across a network.
Network Layer
Data Acquisition Systems (DAS) and gateways to the Internet or other
networks exist here. DAS is an information aggregation and
transformation system (Collecting data and aggregating data then
converting analogue data of sensors to digital data etc.). In addition to
bridging the gap between sensor networks and the Internet, modern
gateways carry out a number of traditional gateway tasks, such as
screening incoming data for malicious code and making decisions based
on that data, as well as providing data management services, etc.
Data processing Layer
In the Internet of Things ecosystem, this is the brains. Data is evaluated and pre-
processed before being sent to a data Centre, where it is accessible by software
programs, often referred to as business apps that monitor and manage the data and
prepare for future action.
Application Layer
A Trusted Execution Environment (TEE) often employs the Open Trust Protocol (OTrP)
(TEE). A digital certificate and public-key encryption are both topics addressed by the
X. 509 standard, which specifies best practises for public-key infrastructures (PKI).
Protect your communications over the internet and in email by using the TLS protocol.
A limited node's application layer protocol is Constrained Application Protocol (CoAP),
whereas the default for an unrestricted node is Hypertext Transfer Protocol (HTTP).
 IoT Security Challenges
Lack of visibility
Users typically install Internet of Things devices without the knowledge of IT departments, which makes it hard to maintain an exact inventory of what needs to be secured
and monitored.

Limited security integration

Integration of Internet of Things devices with existing security infrastructure may vary from difficult to impossible due to the breadth and depth of available IoT options.

Open-source code vulnerabilities

The firmware that is built for Internet of Things devices often contains open-source software, which is prone to having bugs and security flaws.

Weak passwords
Many Internet of Things devices come pre-configured with default passwords, and the majority of users don't bother to update them. This makes it simple for cybercriminals
to get access. In other instances, people construct passwords that aren't very secure and are easily guessed.

Poor testing
The majority of developers of Internet of Things devices do not place a high priority on cybersecurity, hence they do not do enough vulnerability testing to uncover areas of
IoT system weakness.
 IoT Security Attacks

Attacks on Firmware
There are three basic motivations for hackers to target firmware:
 Protection: It is possible to conceal and make use of firmware for an extended period of time since mechanisms such
as those found in antivirus software do not evaluate it.
 Authorization: By incorporating malicious code into the firmware, the user may get full authority for accessing the
machine.
Denial of Service (DDOS) Attack
 Major Distributed Denial of Service (DDoS) Attacks Against the Internet of Things:
 Numerous websites were rendered inoperable as a result of the overwhelming volume of traffic experienced by DNS
servers.
 One of the primary contributors to this vulnerability is the practise of reusing factory-issued passwords.
IoT Security Solutions
Secure the IoT Network
 Implementing commonplace endpoint security measures like antivirus, anti-malware, firewalls, and
intrusion prevention and detection systems will help keep the network that links IoT devices to back-end
systems online safe and secure.
Authenticate the IoT Devices
 Implement strong authentication techniques like two-factor authentication, digital certificates, and
biometrics, and let users authenticate IoT devices with their own credentials using a variety of user
management capabilities for a single IoT device.
Use IoT Data Encryption
 Encrypting data at rest and in transit between IoT devices and back-end systems using standard
cryptographic algorithms and fully-encrypted key lifecycle management procedures is a great way to
safeguard user privacy and avoid IoT data breaches.
Beware of Latest IoT Security Threats &
Breaches
 Accordingly, in the event of a security attack or data leak, both IoT device makers and IoT
app developers must be prepared with a good escape strategy to safeguard maximum data.
 Developers of IoT hardware and software should be aware of the most recent security
vulnerabilities and breaches in the IoT ecosystem in order to build secure products. The
Internet of Things is still in its infancy, therefore security flaws are inevitable.
 Finally, it is the responsibility of both the manufacturers of IoT devices and the creators of
IoT apps to educate their staff and customers on the most recent IoT security risks,
breaches, and responses.
 Conclusion
 The Internet of Things (IoT) is often regarded as the following logical step in the development
of the Internet. It is able to link and interact with practically all physical items in the world via
the use of the internet, which will facilitate more information exchange. The Internet of Things
has the capability of collecting, analysing, and deploying a massive amount of data, which, in
turn, will be transformed into meaningful information and knowledge that can be used to create
new applications and services that can improve our quality of life. This transformation will take
place thanks to the help of sensors. A review of the IoT system has been given thanks to this
assignment.
 The current state of the art and the layered architecture of the Internet of Things are both topics
of discussion. In addition, the fundamental aspects of the Internet of Things as well as other
communication technologies are discussed here. In conclusion, a discussion of the difficulties
brought about by the Internet of Things, which was then followed by an assessment of the
present state of the art in IoT security protocols and architectures in order to discover a possible
opening or defect. The next step, which followed this, was the establishment of an assessment
technique that evaluated the defects and gave technological solutions to the problems.
References
 Arias, O., Wurm, J., Hoang, K., and Jin, Y. (2015). Privacy and Security in Internet of Things and
Wearable Devices. IEEE Trans. Multi-Scale Computing Systems, 1(2):99–109.
 Denning, T., Kohno, T., and Levy, H. M. (2013). Computer Security and the Modern Home. Commun.
ACM, 56(1):94–103.
 Elkhodr, M., Shahrestani, S. A., and Cheung, H. (2016). The Internet of Things: New Interoperability,
Management and Security Challenges. CoRR, abs/1604.04824.
 Fuller, J. D. and Ramsey, B. W. P. (2015). Rogue Z-Wave Controllers: A Persistent Attack Channel. In
40th IEEE Local Computer Networks Conference Workshops, LCN Workshops 2015, Clearwater Beach,
FL, USA, October 26-29, 2015, pages 734–741.
 Jacobsson, A., Boldt, M., and Carlsson, B. (2016). A Risk Analysis of a Smart Home Automation System.
Future Generation Comp. Syst., 56:719–733.
 Want, R., Schilit, B. N., and Jenson, S. (2015). Enabling the Internet of Things. IEEE Computer,
48(1):28–35.