UNIT-II

Securing the Internet of Things

Security Requirements in IOT Architecture

When designing a system, it is important to

understand the potential threats to that system,
and add appropriate defenses accordingly, as
the system is designed and architected. It is
important to design the product from the start
with security in mind because understanding
how an attacker might be able to compromise a
system helps make sure appropriate mitigations
are in place from the beginning.
In order to optimize security best practices, it is
recommended that a typical IoT architecture is
divided into several component/zones as part of
the threat modeling exercise. These zones are
described fully throughout this section and include:
• Device
• Field Gateway
• Cloud gateways
• Services
 The device zone

The device environment is the immediate physical space around

the device where physical access and/or “local network” peer-
to-peer digital access to the device is feasible. A “local network”
is assumed to be a network that is distinct and insulated from –
but potentially bridged to – the public Internet and includes any
short-range wireless radio technology that permits peer-to-peer
communication of devices. It does not include any network
virtualization technology creating the illusion of such a local
network and it does also not include public operator networks
that require any two devices to communicate across public
network space if they were to enter a peer-to-peer
communication relationship.
 The field gateway zone

Field gateway is a device/appliance or some general-purpose

server computer software that acts as communication
enabler and, potentially, as a device control system and
device data processing hub. The field gateway zone
includes the field gateway itself and all devices that are
attached to it. As the name implies, field gateways act
outside dedicated data processing facilities, are usually
location bound, are potentially subject to physical
intrusion, and has limited operational redundancy. All to
say that a field gateway is commonly a thing one can touch
and sabotage while knowing what its function is.
 Contd.
A field gateway is different from a mere traffic router in that it
has had an active role in managing access and information
flow, meaning it is an application addressed entity and
network connection or session terminal. An NAT(Network
Address Translation) device or firewall, in contrast, does not
qualify as field gateways since they are not explicit connection
or session terminals, but rather a route (or block) connections
or sessions made through them. The field gateway has two
distinct surface areas. One faces the devices that are attached
to it and represents the inside of the zone, and the other faces
all external parties and is the edge of the zone.
 The cloud gateway zone

A cloud gateway is a system that enables remote communication

from and to devices or field gateways from several different
sites across public network space, typically towards a cloud-
based control and data analysis system, a federation of such
systems. In some cases, a cloud gateway may immediately
facilitate access to special-purpose devices from terminals such
as tablets or phones. In the context discussed here, “cloud” is
meant to refer to a dedicated data processing system that is not
bound to the same site as the attached devices or field
gateways. Also in a Cloud Zone, operational measures prevent
targeted physical access and are not necessarily exposed to a
“public cloud” infrastructure.
 Contd.
A cloud gateway may potentially be mapped into a network
virtualization overlay to insulate the cloud gateway and
all of its attached devices or field gateways from any
other network traffic. The cloud gateway itself is not a
device control system or a processing or storage facility
for device data; those facilities interface with the cloud
gateway. The cloud gateway zone includes the cloud
gateway itself along with all field gateways and devices
directly or indirectly attached to it. The edge of the zone
is a distinct surface area where all external parties
communicate through.
 The services zone

A “service” is defined for this context as any software

component or module that is interfacing with
devices through a field- or cloud gateway for data
collection and analysis, as well as for command and
control. Services are mediators. They act under
their identity towards gateways and other
subsystems, store and analyze data, autonomously
issue commands to devices based on data insights
or schedules and expose information and control
capabilities to authorized end users.
SECURITY IN ENABLING TECHNOLOGIES

• Security in Identification and Tracking

Technologies
• Security in Integration of WSN and RFID
• Security in Communications
• Security in Networks
• Security in Service Management
 Security in Identification and Tracking
Technologies
• The concept of IoT was coined based on the RFID-
enabled identification and tracking technologies. A
basic RFID system consists of an RFID reader and
RFID tags.
• Although RFID technology is successfully used in
many areas, it is still evolving in developing active
system, For adoption by the IoT, more identified
problems need to be resolved, such as: collision of
RFID readings, signal interferences, privacy
protection, standardization, integration, etc.
 Contd.
• In the new era of IoT, the scope of identification has expended and
included RFIDs, barcodes, and other intelligent sensing
technologies. In RFID-enabled contactless technologies (ISO 14443
and 15693), security features have been implemented, such as
cryptographic challenge-response authentication, 128-bit AES,
triple-DES, and SHA-2 algorithms. The increasing use of RFID devices
requires the RFID security guarantee from multiple sides.
The security features of RFID include:
• Tags/Readers collision problem
• Data confidentiality
• Tag-to-reader authentication
• High-assurance readers
Security in Integration of WSN and RFID
The security issue in integration of RFID and WSNs involves following
challenges:
• Privacy: it involves the privacy of RFID devices and WSNs devices.
• Identification and authentication: the identification has to be
protected from tracking by unauthorized user in the network.
• Communication security: the communication between RFID devices
and IoT devices poses security threats that need to be addressed
proactively, and appropriate measures must be implemented well.
• Trust and ownership: trust implies the authenticity and integrity of
the communication parts such as sensor nodes and RFID tags
• Integration
• User authentication.
 Security in Communications
• The basic principles of secure communications in IoT
include: authentication, availability, confidentiality,
and integrity.
• The IoT communication systems have to be designed
to provide “secure enough” by finding the right
balance between effort and benefit of protection
measures. The security solution for communications
should be designed high enough so that it will force
the hackers to give up before they succeed.
 Security in Networks
• The IoT is a hybrid network that involves a lot of heterogeneous networks,which
requires multifaceted security solutions against network intrusions and
disruptions. The IoT contains networks that connect with daily-used devices,
such as smartphones, surveillance cameras, home appliances, etc. Support for
heterogeneous networks can help IoT to connect the devices with different
communication specification, QoS requirements, functionalities, and goals. On
the other hand, support for heterogeneity can reduce the cost to implement IoT
by well integrating diversified things. Meanwhile, some of the existing
networking technologies, such as architecture, protocols, network management,
security schemes, can be directly applicable in an IoT context. The networks
involved in IoT are core parts of security working, and each subnetwork is
required to provide confidentiality, secure communication, encryption
certificates, and that sort of things. In IoT no Intrusion Detection System (IDS)
and Intrusion Prevention System (IPS) are specifically designed yet, but many
watchdog-based IDS and IPSs could be used in the context of IoT.
 Security in Service Management
• Service management refers to the implementation and
management of the services that meet the needs of users or
applications. Security solution at service layer is designed
specifically in the context of the services. For services such
as consumer applications, logistical, surveillance, intelligent
healthcare, the security concerns have some similarities:
authentication, access control, privacy, integrity of
information, certificates and PKI certificates, digital signature
and nonrepudiation, etc. For different services, the security
concerns might be specifically designed depending on the
service feature, scenarios, and special requirements.
 Security
Concerns in IOT Applications
For applications in IoT, security and privacy are
two important challenges. To integrate the
devices of sensing layer as intrinsic parts of
the IoT, effective security technology is
essential to ensure security and privacy
protection in various activities such as
personal activities, business processes,
transportations, and information protection.
 Security concerns:
• Authentication and access control: To ensure secure communication,
strong authentication must be implemented to allow access to main
functionalities. On the other hand, authenticating and access control
can well identify and assess the information sources.
• Identification of vulnerabilities: It is important to implement proper
countermeasures and take corrective actions as appropriate. The
software should be regularly updated to tackle the security
vulnerabilities.
• Physical security: Physical security protection must be carefully
evaluated for each component and each component is recommended
to meet recommended standards.
• System recovery and backups: The system should be designed to be
able to rapidly recover from disaster or compromised status.
Security Architecture in the Internet
of Things

Structure of a simple IoT system

 Contd.
• The success of IoT depends on the
standardization of security at various levels,
which provides secured interoperability,
compatibility, reliability, and effectiveness of the
operations on a global scale. The IoT is able to
connect the digital cyberspace and real physical
space, in which the radio-connected intelligent
sensors have invaded the physical space and
these are now embedded in almost everything.
 Contd.
• The success of IoT applications and IoT infrastructure
significantly depends on the guarantee of the
security and vulnerability in the IoT. Most common
types of cyber-attacks can be easily applied to IoT,
but as IoT will be deeply interwoven in everything in
our lives and business, it is becoming necessary to
set up and take cyber defense seriously. The IoT
security becomes necessary, which has consequently
resulted in a need to comprehensively understand
the threats and attacks on IoT infrastructure.
 Security Requirements in IoT
The IoT introduces large quantities of new devices
that will be deployed or embedded throughout an
organization or even within a system. Each
connected device could be a potential doorway into
the IoT infrastructure or personal data. Data
captured from these devices can be analyzed and
acted upon. The analysis of this data will allow
previously unseen linkages to be made which may
cause concern from the privacy of individuals or
organization.
 Contd.
• The data security and privacy concerns are very important
but the potential risks associated with the IoT will reach
new levels as interoperability, and autonomous decision-
making begin to embed complexity, security loopholes, and
potential vulnerability. Privacy risks will arise in the IoT
since the complexity may create more vulnerability that is
related to the service. The IoT should be implemented in a
lawful, ethical, socially, and politically acceptable way,
where legal challenges, systematic approaches, technical
challenges, and business challenges should be considered.
 Contd.
Similar to the general network systems a simple IoT
framework also has the main security requirements as
follows:
• Confidentiality—data secured to authorized;
• Integrity—data is trusted;
• Availability—data are accessible when and where needed;
• Nonrepudiation—service provides a trusted audit trail;
• Authenticity—components can prove their identity;
• Privacy—service does not automatically see customer
data.
 Security Challenges in IoT
• Many IoT systems are poorly designed and implemented,
using diverse protocols and technologies that create complex
configurations.
• Lack of mature IoT technologies and business process.
• Limited guidance for life cycle maintenance and
management of IoT devices.
• A long, complex life cycle in which devices are not rebooted
often, if ever, makes continuous threat prevention imperative,
critical security updates must be delivered while ensuring
uptime.
• IoT security solutions often rely on devices that are mass-
produced in the same configurations, leaving a broad swath
(Strip or Area)of systems that can be left vulnerable without
proper installation and updates.
 Contd.
• Gateways represent a great opportunity to include legacy equipment in
IoT, but because these devices were never intended to be connected,
they do not have even the most basic security protections. The
gateway needs to act as a “helper” to protect the edge.
• IoT is a very big space. When thinking about a solution, we need to
consider security at the device level, the connectivity level, and the
cloud level in order to understand the potential threats to
deployments.
• IoT device could be used in different environments with vastly different
risk profiles. For example, a temperature sensor might be used in a
home or in a nuclear reactor, each with very different device security,
data protection, and encryption needs.
• M2M communication presents a bigger challenge in terms of device
identity. Security solutions have to verify the veracity of device data
and identity while also ensuring data are protected as it travels to the
cloud.
 Authentication in IOT
• At the heart of this framework is the
authentication layer, used to provide and
verify the identify information of an IoT entity.
When IoT devices need access to the IoT
infrastructure, the trust relationship is
initiated based on the identity of the device.
The way to store and present identity
information may be substantially different for
the IoT devices.
 Contd.
• In typical enterprise networks, the endpoints may be
identified by a human credential (e.g., username and
password, token or biometrics). Such identifiers include
RFID, shared secret, X.509 certificates, the MAC address of
the endpoint, or some type of immutable hardware based
root of trust. Establishing identity through X.509
certificates provides a strong authentication system.
However, in the IoT domain, many devices may not have
enough memory to store a certificate or may not even
have the required CPU power to execute the cryptographic
operations of validating the X.509 certificates.
 Contd.
• Existing identity footprints such as 802.1AR and
authentication protocols as defined by IEEE 802.1X
can be leveraged for those devices that can manage
both the CPU load and memory to store strong
credentials. However, the challenges of the new
form factors, as well as new modalities, create the
opportunity for further research in defining smaller
footprint credential types and less compute-
intensive cryptographic constructs and
authentication protocols.
 Authorization in IOT
• The second layer of this framework is authorization that
controls a device’s access throughout the network fabric. This
layer builds upon the core authentication layer by leveraging
the identity information of an entity. With authentication and
authorization components, a trust relationship is established
between IoT devices to exchange appropriate information.
The big challenge will be to build an architecture that can
scale to handle billions of IoT/M2M devices with varying trust
relationships in the fabric. Traffic policies and appropriate
controls will be applied throughout the network to segment
data traffic and establish end to-end communication.
 Contd.
• In the IoT, new devices that connected into an
IoT system should be able to authenticate
itself prior to receiving or transmitting data.
But most of the time devices often do not
have users sitting behind keyboards, waiting to
input the credentials required to access the
network. So it is difficult to ensure that those
devices are identified correctly prior to
authorization.
 Challenges:
• OAuth 2.0 and OpenID Connect 1.0 are two
standardized frameworks for authentication
and authorization Both enable the user to
explicitly participate in the issuance of tokens to
applications and can thereby enable meaningful
privacy control. One challenge is that OAuth
and Connect have only been bound to HTTP.
Security experts believe that HTTP is insufficient
for many of the interactions in the IoT.
 Access Control in IOT
INSECURE ACCESS CONTROL
• Most existing authorization frameworks for computer
networks and online services are role based. First, the identity
of the user is established and then his or her access privileges
are determined from the user’s role within an organization.
• Mandatory or role-based access controls built into the system
limit the privileges of device components and applications so
they access only there sources they need to do their jobs.
• The commonly used role-based access control systems in
computer systems are not suitable for devices in the IoT.
 Access Control List-Based Systems
• The access control list (ACL) is a table that can
tell the IoT system all access rights each
user/application has to particular IoT end
node. Each node or device has a security
attribute that identifies its ACL.
• The ACL-based IoT systems refer to rules that
are applied to device or device addresses that
are available on an IoT system, each with a
permitted list of IoT users/applications.
ACL-based system
 Capability-Based Access
• A capability (known in some systems as a key) is a
communicable, unforgeable (non Transferable) token of
authority. It refers to a value that references an object along
with an associated set of access rights. A user program on
a capability-based system must use a capability to access an
object. Capability-based security refers to the principle of
designing user programs such that they directly share
capabilities with each other according to the principle of least
privilege, and to the operating system infrastructure
necessary to make such transactions efficient and secure. 
Capability-based access-based system
 Challenges in Access Control
• It is reported that 19% of all tested mobile apps that are used to control IoT
devices are not using the SSL connections to the cloud. This can cause attacks
from the connection or man-in-the-middle (MIMT) attack.
• Most of the existing devices are unable to provide mutual authentication
between the client and the server.
• Strong password support is not supported for many IoT devices.
• Some IoT cloud interfaces did not support two-factor authentication (2FA).
• Many IoT services did not have lock-out or delaying measures to protect users’
accounts against brute-force attacks.
• IoT cloud platforms included common web application vulnerabilities.
• Control IoT devices without performing any deep tests, including unauthorized
access to the backend systems.
• Most of the IoT services did not provide signed or encrypted firmware updates,
if updates were provided at all.
THREATS TO ACCESS CONTROL, PRIVACY, AND
AVAILABILITY
• Unauthorized access-Due to physical capture or logic attacked, the
sensitive information at the end-nodes is captured by the attacker
• Selfish threat-Some IoT end-nodes stop working to save resources
or bandwidth to cause the failure of network
• Malicious code-Virus, Trojan, and junk message that can cause
software failure
• Denial of Services(DoS)-An attempt to make an IoT end-node
resource unavailable to its users
• Transmission threats- Threats in transmission, such as interrupting,
blocking, data manipulation, forgery, etc.
• Routing attack - Attacks on a routing path
 The Open Web Application Security Project’s
list of top 10 IoT vulnerabilities
• Insecure web interface
• Insufficient authentication/authorization
• Insecure network services
• Lack of transport encryption
• Privacy concerns
• Insecure cloud interface
• Insecure mobile interface
• Insufficient security configurability
• Insecure software/firmware
• Poor physical security
To secure devices before users are at risk, following
actions should be taken:

• Implement security standards for IoT and ensure

all devices are produced by meeting specific
security standards
• Build trustworthy data sensing system and
review the security of all devices/components;
• Forensically identify and trace the source of
users
• Software or firmware at IoT end-node should be
securely designed.
 ATTACKS SPECIFIC TO IoT
• IoT applications might be subjected to most types of
network attacks, including eavesdropping, data
modification, identity spoofing, password-based attacks,
DOS attack, man-in-the-middle (MITM) attack,
compromised-key attack, sniffer attack, and application
layer attack. Actually, more specific attacks to IoT have
been emerged in recent. Attackers can intercept or change
the behavior of smart home devices in many ways. Some
methods require physical access to the device, making an
attack more difficult to conduct. Other attacks can be
carried out over the Internet from a remote location.
 Vulnerability in IOT
• The IoT is growing quickly and a number of smart
objectives are brought together, which can bring
vulnerabilities in to the IoT systems and may carry
serious risks for IoT devices, users, and for IoT-
based applications. The hardware-based security
solution can secure IoT systems and prevent
damages and economic losses offering new
opportunities. The IoT hardware security
architecture is still in its exploratory stage, so it is
facing many severe challenges than expected.
 Counter measures to attack
• Devices authentication
• Trusted devices
• Leveraging the security controls and
availability of infrastructures in sensing layer
• Cryptoresilience and cryptoalgorithms have a
limited lifetime before IoT devices
• Physical protection
• Tamper detection techniques
 Secure an IoT infrastructure
• IoT hardware manufacturer/integrator
• IoT solution developer
• IoT solution deployer
• IoT solution operator
 IoT hardware manufacturer/integrator

• Scope hardware to minimum requirements

• Make hardware tamper proof
• Build around secure hardware
• Make upgrades secure
 IoT solution developer
• Follow secure software development
methodology
• Choose open-source software with care
• Integrate with care
 IoT solution deployer
• Deploy hardware securely
• Keep authentication keys safe
 IoT solution operator
• Keep the system up-to-date
• Protect against malicious activity
• Audit frequently
• Physically protect the IoT infrastructure
• Protect cloud credentials