Professional Documents
Culture Documents
Iot Tech Neo
Iot Tech Neo
Iot Tech Neo
II
Syllabus l
I
loT Design Methodology : Steps, Basics of loT Networking, Networking : Components, dnternet
Structure, Connectivity Technologies, loT Communicati9n ·.~ od.~I~ .~~~;. 1.9~~~,r,p_u~tio,n '. ~Pis,
Sensor Network
Four pillars of loT : M2M, SCADA, WSN, RFID
c~~·e St~di·~r ,H:~m·~ Autdmation using'loT c~;m·unicatidn rnociei~'ind.io'f ·~~rilunicati~h APrf '
. l. -·~
3.1 Introduction ........... ,.::....................._. .................s•• ,.-, ........ ... . ...... . ............... :, ... :;• •••••,i:,::"·"···.'··;·... ::i<':!.,,....,.................,.;...... 3-3
3.2 .loT Design Methodology ..._. ...............................................................................t :".'M~};.;.:t~ft.;:;-.Kf.:;.....................3-3
ua. Explain the various steps ill loT design melh<?9.<:>logy'? . (SPPU- Mar 18, Ma 18, 4 Marks ...... :,: ..........:..... 3-3.
3.2.1 · Purpose ~nd R.equirernents Spllcillcation ..,.,.........._.., ....._. .......,.,....,..:......;,,,......,.1:;.;•.,..;:.,.·...:;,._;..!:·. ;.._. ....... ............ . 3-3
.. \ .
ua. Explain purpose. and fequi.reme11ts specifica\i9n~ step 9f loT~y;;t~rn. d.l!lsign m~Jh.mlogy, l;90sider smart loT :
• based home aujomation·systen;i.as;al).example.
1
(SPPU- Mar 18, Ma 19, 5 Marks)
. . .,;· .. ,,._. . .......... ........ 3.3 .
. •• " : 1 , ,.:•1' '. ~--• : ~ I .-,:,J"1~i.,;: f / }f ~- ., .. -::,: I'•• 'I
3.2.2 Pr?c~ss Specificalion ......_. ......:..............:···:·.. _. ..:::··:···_-........._. ..::·: ...... _._. ......:-., ................................1_._.,.,,... ...,.,;..;:...... 3-4
ua. Explai.n process fO~~I s~ecj~~}~?'-1 ,s}~p.,t;>!_!oT li~S\rl".,d~~!~(i,'!l~tr.od~loJ!Yt. (:(l~S~~r,s~~!~l- ba~.~d home
automation .system as.an example ., .......................................:-rr,:•·i•.... '°.,.. '.........3-4
3.2.3
ua.
. .. " .• I •• ' -
· Domain M~I Specification ·.·::······ .................. :.. :::···:·..:·::··· .. :·:··:··:·:·:· ..·::·:··..::·:··:::::··::.:.: ...;.:1~,vt;..·..:::ii:7
··- ·· . ......... ... ,.; H.
<..
.... . \if ,l.
3-4
Explatn domain f!lOdfll
, . , .. , :
spe_cifi~ti9n step ~f·.loT
. . . :'f,·~~ .. :_'•'.'i.-~--~
liY~tem de.~ig~."l~tCT9dology,
.. . ~.,, -
c.o.nside,<:,~~-r:\.loT•bas~.
,,,: . t .,, l~i, ,• · . · · ,..:. . ? 11 .. J : •'I..,,, , b ~,:,+\ _.;: . ~
home
. ..... ,..,
3.3 Basics of loT Netwooong _ _ _ ·--··--·-· -···-···-·· ·--·······- ·-···-··-··... --.-··--·- ..........- ......... 3-10
............. 3- 16
3.7 .1 Request· Response Communication Model .................................................. ,..................................
.. ............. 3· 17
3.7.2 Publish-Subscribe Communication Model .....................................................................................
ua. With the help of appropriate diagram explain WebSocket-based communication APls
...................... 3·19
tSPPU- Dec. 19. 3 Marks) ................. .................................................................... ................
Sensor Networlc ....................~ ...........................................:................. ......... .................................
......... ....................... 3-20
3.9
....... 3-20
3.9.1 Wireless Sensor Netwonc.. ................................. :................................................... .................................
................................................. 3-21
3.10 Four pillars of JoT .............·--··-···-··· · ...................................... "..................................
ua. Draw and explain the fOUf pillars of loT paradigms : ..... :......... :......................... 3·21
... ·........................... .. 3-21
3.10.1 M2M .................___ ......................................................................................................
__ ................- ... 3·21
ua. Explain M2M (the internet of device) pillar ot loT. (SPPU- Dec. 18, 4 Marks) ... ··......... _.
................................ 3-22
3.10.2 RFID ...................... - ......................................................................................................
......................... 3-24
3.10.3 WSN ............. -····-···· ......................- .....................................................................................
. 3-24
ua. Explain WSN (the internet of transducers) pi~ar of loT (SPPU - Dec. 19, 3 Marks) ..................................
ua. W?iat is SCADA ? What are lhe different ~ocks of $CADA (SPPU - Ma 18, 5 Marks) ............................. 3-25
·......... 3-32
(• ChaJ)l:er Ends. ................... ·-··············~···········.. ···· .. ····--·······--····················································· ··.......
(SPPU-New Syllabus w.d academic year 21-22) (PS-35) ~ Tech-Neo Publications__A SACHIN SHAH Venture
=============------:---:-:----:---:-::--=~~-~-:-- ~
Internet °' T · & Embedded Systems (SPPU-Sem.5-ComJ)) ) ... Pa e no. 3-3
- . .
_!!~~J~.•~-_!1Nn~~O~D~U~CTl!!_£0N!!_::_
·· ;,~ - .:..
· -~_::. ::~.:,_ _;::;_ ..,.;... ------- ---- ~
1
• In chapter 2 we have studied about IoT, PhJ,·si·cal design of IoT, logical design of loT, diffr rent '1
application and deployment oflevels of IoT.
· ·
' ~
• hall
So the Designing loT systems can be a complex and c engmg · task IoT systems involve interactions
·
· . . ~
between vanous components such as loT de,.1ces, · ne twor k resources• web services, analvt1cs•
compooeot.s, application and database servers.
The role of loT designer is to design IoT system to keeping specific products/services in mio d .
• The proposed methodology have reduced design, testing and maintenance time, better interoperability
and reduced complexity ofloT System.
~
1. Purpose and Requirements Specification 2. Process Specification
3. Domain Model Specification 4. Information Model Specification
5. Sen·ice Speci.ficatiollS 6. loT Level Specification
7. Functional \'iew Specification 8. Operational View Specification ~
9. 0Pvice and C.-0mponenl Integration 10.Application Development
To explain e~·ery step of loT design methodology we will consider one example, loT based Weather ~
Monitorin g System.
~
~ · l.2.1 Purpose and Requirements Specifica<ion
.J
I
The first step in loT system design methodology. I~ this step it defines the purpose, behavior and
requirements of the system. This step also defines the
(1) Data collection requirements (2) Data analysis requirement
(3) System management requirements (4) Data privacy and security requirements
(5) User interfaces requirements
Consider our example loT based Weather Monitoring System, the purpose and requirement of
system are:
(1) Purpose : Purpose of this system is to collect data on environmental conditions such as temperature,
pn-.s:.--ure, humidity and light in an mea using multiple end nodes.
(2) Beha,iou r: Weather alert can be sent to the subscribed users with the help of such application .
(3) Data collection requirements : The end nodes send the data to the cloud where the data is
aggregated and analyzed.
Fig. 3.2. l shows th~ process specification for the weather Monitorin~ sys~m. In -this process
specification the sensors are read after fixed intervals and the sensor measurements are stored.
The third step of loT design methodology is domain model specification. In this -$1ep it describes ~~:_
main concepts, entities and objects which are used design the system. It also defines the attribu~s of the
- obje~~-d relationships bet~een th~m:. The Entities, Obfects and C~ncepts .include· th~ following sub
entities like Physical entity~Virt~al entity, Device, Resource, Service.
(1) Physical Entity : Physical Entity is a discrete and identifiable' entity in the physical environment
information o·r actuation. For example, a room, a light, an appliance, a car, etc. _are physical entities.
(2) Virtual Entity: In the digital world Virtual Entity is a representation of the Physical Entity. For each
Phy~ical Entity, there is a Virtual Entity in the domain model.
(31 Device : An interaction between Physical Entities and Virtual Entities is providing with the help of
device. Devices are either attached to Physical Entities or placed near Physical Entities. To gather
information about the physical entities or actuation on physical devices are used.
(4) Resource: Resources are soil.ware components which can be either "on-device" or "network-resources".
(5) Service : An interface for interacting with the Physical Entity is providing by service. Services access
the resources hosted on the device or the network resources to obtain information about the Physical
Entity or perform actuation upon the Physical Entity.
In our example in domain model specification,
• The physical entity is the environment. It monitors the environmental condition .
• So there is a virtual entity for the environment.
• Devices include temperature 11ensor, pressure 11cnsor, humidity seru1or, light sensor and single-board
minicomputer.
(SPPU -New Syllabus w.e.f academic year 21 -22) (PS -35) ~ Tech-Neo Publications..A SACHIN SHAH Venture
Intern'!! o! Things & Embedded Systems (SPPU-Sem.5-Comp) (loT: Design Methodol!?9J.22a:J_~_"?_ (~-S)_
Human. •
User-- • • •
I
i
- 'ASSodafe<t·· · (;l -,.,; ·" .. ·
with ..<· Vu1ual Relates to · .Phyaical ·. Monitors
' " Entity ' : ., .. . ,. E.r>!i!Y_,
Exposes
Environment Environment
Network
Resoi,ce
Drive ·
Resoi.ce
Hosts
___.,.. Aggregation .
Teqj. 1.- Preiiure · Humidity.'·, -{-1.lgtit ,. ··,
- Generalization/Specialization
Sensor .' ~nso, _Sensor . . ··-Sensor :. , •
• In information model specification the structure of all the information -u fthe IoT·system is defined. It
-also defines the attributes and relatio~hip between the~. B~t it does· hht 'd~~cribe that how the
•.
information is represented or stored.
-•~
I
·• - - -• _.,. _ _ - • ___..-
'· ... ,:·• ..... .,, . '
. ;! . • f . I f •
t • In this step the structure is represented with help of class diagram. The following Fig. 3.2.3 is class
t diagram of Wealher Monitoring System.
(SPPU-New Syllabus w.e.f ilcademic year 21 -22) (PS-JS) Ii} Tech-Neo l>ublications...A SACHIN SHAH Venture
lnlemet of Thin & Embedded S ems SPPIJ.Sem 5-Comp
Virtual Enllly
Envitonment
Ent,tyType
Environment
I·,
.\,.
';
I I Attnbute: State Attribute: Stale · Attribute: State Altnbute: State
~I Attribute Na~:
AtlrrbuteName: 'AttributeName: · ·Attr1buteName.
light
I
temperature : pressure humidily
has has
has has
value valu e
value value
Humidity: val light: val
,Temperature: val Pressure: val ·
;,
..I ,t
;,I (1C3}Fig. 3.2.3 : Information Model Specification or Weather Monitoring Sy, tem
j ,! I
:,,! '
'!
B. l.2.5 Service Specifications
i
\· I
I r~f}~~;~-~c~f€af!;~-f~-:-~-~:-:-? ~-.' ~:~:~·,:)~:.:~:_:.·~.;};~~.---:~--~---:~:·--~-~---.~- ~::·~,r~-_::.·~:~{:
,,' ' l L GQ:. Descn'be vari0<1s services in lo'I system. . . · · · ' ,.
I I ·- . • . - . . . ,
i UQPNhat is-the importance• of service specificatioo loTdesign ,n.etnodology.• - -.. (SPPU - May 19, 4 Ma~ s)
!. "•..- •..•":.·"· • -• -- -· •.- ·• - •• •- L--:i"~- - .,..._ ..--t_ .._. >• • •• - ~ ·• •- . _ _.. - - - - •- •• ·• - ¾ - ....~ ... _,. _ ~ . ".,,;" -1 .;,• - - - - - - --- ~_ ,.._ . - • - - -- - • - • - • _ .,,
:,
• In service specification step it define the services in IoT System, service types, service inputs/outputs,
service endpoints, service schedules, service preconditions and service effects.
• In previous steps process speci.licat ion and
information model, identify the states and Service
attributes. So for each state and attribute we define
a service. These services either change the state or Name: Controller
· ·· Type: Native .
attribute values or retrieve the current mode.
• In our example Weather Monitoring System there
t11,, is only one service name is controller service.
.' I
''
: .I
I
• The controller service runs as a native service on ·
the device. It monitors temperature, pressure, ;· Output ----- • t.
.- Schedule ~',
,.,,,.
nodes send the data to the cloud and the data is stored in a cloud database.
• The analysis of data is done in the cloud to· aggregate the data and make predictions .
In functional specification step the functions of loT System grouped into various functional groups.
There arc different function groups which provide func~i?nalities for interacting with the concepts defined in
Domain model specification. The Functional View include the following functional Groups (FG)
1. -Device : The device FG contains devices for monitoring ~d cont~ol.. For Example,· SCB, light sensor,
relay switch.
2. Communication : This group handles the communication for the IciT system. The communication FG
includes the communication protocols and . communication API. Th_e commonication protocol is the
backbone -of IoT systems and enables network connectivity. For Example, 802.ll; IPv~s. TCP and
HTTP, Communication API REST/WebSocket . .
3. Services : The Servire FG includes various services involved iq loT system." For example, Device
monitoring, Device control services, Data publishing services and Services for device'iiiscoveiy.
4. Management : This FG includes all functionalities that are needed to configure and the IoT manage
system. For example application management, database management and device man~ement.
5. Security : This FG defines security mechanisms for the IoT system. For example authentication,
authorization. data security etc.
(SPPU-New Syllabus w.e.f academic year 21-22) (PS-35) ~ Tech-Nee Publications...A SACHIN SHAH Venture
Internet of Things & Embedded SyS1ems (SPPU-Sem 5-Comp)
(loT: Design Methodology}... Page no. (3-81
6. Appli cation : This FC includes an application that provides an interfac
e to the users. It is also used to
control and monitor various aspcctil of the IoT systems .
TI1c r'1 g. 3 2.6 shows the ~lapping deployment level to functional groups
for the weath<' r monitvring
;;y~trm
Loc•I Clou d
,.._____, , I
Observer
Node
I
REST
Communa uoo
~~
Controller
~~ Authenti•
cac on
Communic ation
Database Authort•
Mgmt zation
B Devices
t.AoNtormg
Compubng
NOdes
· Devices
pc,1Fii:. J.2.6 : Mapping deployment le,·el to fonctional groups for the weather
m?nitoring system
In above di agram
• loT device maps lo the Device FG and manage ment FG (Device Mgmt.)
• Database maps to the Database FG (Database Mgmt.) and Security FG.
• Hc~11urcrs maps to the Device FG and Communication FG.
• Conlrnllt•r Scn ·ice and Web service maps to the Service FG.
• Analytics compon ent maps lo the Application FG.
• Oh:-crvl'r node ma ps to the Application FG.
3. Communication Protocol : Link Layer - 802.11, Network Layer· 1Pv4/IPv6, Transport TCP, Application
- HTIP.
4. Native Service : controller service
5. Web Application: Django Web"Application, Application Server - Django App Server, Database Server _
Xively Cloud Storage, Ana!ytics: Hadoop, Observe~- Cloud App, Mobile App.
6. Security: A~thenticatio
.
n: Web App,
. - .. .
patabase,
:. . . Authqi:izatio
. . •. . . APP,
n: We~ .
patabase
'
7. Management : Django App Managepient Database Management - MySQL DB Management, Dev ice
Management - Raspberry Pi device Manage
. . : ~L:. ~ ., . .
'& l.2.9 Device and Compon~nt 1.ntegration
• 7 , i '' . :·~:·.;., .. : . . :. i.. . . ' ,... '
l • . _. . ,. '. f
. ~ . _·• ·..· . _.,. .. ,, ."". .. ' , , --~1
-._ -- • . •
'.·:} ~ :· ~-" ·· . ,
I . . • , I ."' , . :;. '
, r IH !)j ~ 30:>8V
. ..... • J; • •• •.• .
Unit
. . .. .... .. ..ii ....
••••• a:: •••••..
.... .. ... .
......
'
. .
•
I
. .
•
.- I
.....··•. ...
i. ....
.... ... ... ... ...i .....
.
•
...
...
•
I
I
... .. ...
•
,
'
•
I
I
I
I . •
I •
•
I ~
., ;
ii
. -
·
~
.
.. .. ... "'..°.•·.,. ....
!
- -~
• • • • • • • • •.;i ••
:~--~
.
••
.. .
,.....
-~~:- ..1,: .•.-11~~----
......
..
•• •
;,.
",\• ~
•.:,ma::
::;~,
. ~~
.. .
-
. . ..
·'-'
.. .
~
-~
~lW ....
.. '
~~~t;.
t;~
...... .. ........-:
.. :....•.... ·..1~
~··•,':"'•·; . :
....
' '
~~ .. ~ -. ' ..
}t~;.;::.::.:_ .,
..•..•..• ..•-Cl ....••
• • • • It ••
6f)jli...4! .
.... ;~t½:
;~~•~{>_ •
-:: 'J .•
.... .. .....
·:-: 1 ··-~
~ ~. .....: . i ..
..
... . ;_
·.
.
.. .. .
:.=I ~-= =
.. .. .... ..=~••.
::::.
. . . . .... .
........ .... ........ ............... ... ..
.... .. .... ..a....
r llf!>l
... . 3 :>1 w
., ' ~
• The devices and components used in this example are Raspberry Pi .minicomputer, temperature.sensor,
humidity sensor, pressure sensor and LDR sensor.
(SPPU-New Syllabus w.e.f aca~mic year 21-22) (PS-35) ~ Tech-Neo Publications...A SACHIN SHAH Venture
I Internet of ~ngs & Embedded Systems (SPPU-Sem.5-Comp)
This is the last step of loT design methodology. In this we develop the loT system.
• We know that that IoT has evolved a lot. An IoT as a very complex system involving sensors, actuators,
networks, local area, wide area internet and different servers, different algorithms, machine learning
. and so on.
All these executing together to make the system function as one single entity.
• ~ IoT based system consist of physical objects and th~t are fitted with different sensors. These sensors
basically sense different physical event or information ~hat is occurring around them.
• These sensor are fitted things, sensors actuators and different other devices. These are one component
of the loT.
• I
These components become different nodes in the netwo~k
:
or individual nodes in the network.
• These nodes communicate with one another and the in.formation that is sensed by these sensors is sent
to the other sensor nodes or the destination nodes.
• So this information has to flow through the local network and then, if the destination is ou'tside this
local network, then it is sent through the internet. i
• We are talking about an IoT which is basically internet based IoT. So the flow of information is through
the internet or some other wide area network.
i .
• Finally, it is arrive at the intended destination node fotj further processing.
• i
• There can be some analytic engine which is running oriI some ba-ckend• server·to: make
.,
the analytics and
decision can be made for actuation. i
• So there · different protocols that are used for sopiething •different ·puq,~ses i~ . IoT. The IoT
communication -protocol con~ept already explained in p~evious unit also details about these protocols we ·
will see in next unit. . .. j . .
• So, when we talk about IoT network we consider followmg points.
I
1. Network architecture
. is communication
. between IoT
I device. and the outside ,vorld. ·
2. Correct choice of communication technology indi~ates the IoT device ·hardware requirement and
~~ I
!
3. IoT based application single .network paradigm is not sufficient to address all the needs of IoT
device.
4. Complexity of netw~rks in that we have to consideti the issues like
• Growth of networks
.. Interfacing among devices
• Network Management
• Heterogeneity in network
i'
,,
,, J • Protocol standardization with network.
I
i
(SPPU-New Syllabus w.e.f academic year 21-22) (PS-35) ~ Tech-Nee, Publications...A SACHIN SHAH Venture
Internet of Thin s & Embedded S ems SPPV-Som 5-Com
- lot
... ·•,:.~·
.. (. ·t•·~ ·,
. . IE'-----~ .,~. lnttrnet
Networking component. ··'components''.
:'"; .,. . ,,::{•j;~ -:~
• We have different things. Thes:e things can be
.::Bickenc Services-'·
different physical objects which are fitted with , ,t,...., . ......
Internet is interconnection of worldwide computers in the form of a network. The user can access the
knowledge from other computers. The internet is also defined as a network of networks. There art different
(SPPU-New Syllabus w.e.f academic year 21-22) (PS-35) ~ Tech-Neo Publications...A $ACHIN SHAH Venture
r
iI •
ln1ernet ol Thin9s & Embedded Systems (SPPU-Sem.5-Comp)
I. In ternet Addres s
(loT: Design MclhodoiO<JY) ...Pa9':_'!_0. (3_
-12)
r • Ccmpu ters connected to the interne t means that the systems arc
connected to comput ers' worldwide
►
network . It is necessa ry lo that each machine/device has its own
or unique address . Addresses of the
interne t are in the form "xx:x.xxx.xxx.x.xx," where each "xxx" ranges
from 0-256. The structu re of the
interne t add ress is also known as an Interne t Protocol address . Fig.
3.5. l shows the conned.ion between
two comput ers using the interne t
• As the device is connected to the interne t with a uniqu·e ·address . The next thing,
whatis the proi:'edure .
to commu nicate the device with the system at another encl? For
underst anding purp:ise,· we :·are •·
conside ring an exampl e. As we discussed in Fig. 3.5.1 one 0
• If you are using ISP facilities, then the message will be communicated
via phone line of.ISP. In Uiat
cai-e, the first messag e will be encrypt ed in digital form: All the
alphanu meric charact ers will be ··
c~nverted into an electronic signal. The electronic signal will be
delivered to the other ccmp~~ ~-ruid · ·
then again decrypt ed into the origina l form as received on the second
IP system.
(SPPU-New Syllabus w e.f academic ~ar 21 -22) (PS-35) ~ TPCh-Neo Publications...A SACHIN SHAH Venture
Internet of Things & Embedded Systems (SPPU-Sem.5-Comp)
f -· . · . . _. : -·- :-- - .- -:-··- ~...~-: :"" - -~-- :-.--:-.. ~.- -. ~ ~ - - - .~--r-.-;..-:,. - -,:- ,; ~.·-:- ~ - - .,-.- - :.. .... - ... __
· · •
- - - - .. - - - - - - - --- - --- - - - - - - - - --- - -- -·-·- - - - - - - - - ---- :. -: - -- ---- -----.
. .
1 GQ. . What are different COl'!nectivity technologies
-
used for loT system.
,·,, ,.9-;.~Jc~,co.~ ~,i,~~ w.j~~- eac~ ..o~.ter,.in 3;-,I\~~':\'9.~~cl9r. ·:r·L_➔ .,..,..,.-· .,,__ .,,c_~.. -,.,.,._--rc_P_..,..u_o_P-=--,--.,.;....-'..J·
this communication we need some :protocols. There are ;.);,',:fr·:•·;. ·Ne~rk lay~r' ;· i.,.,;, --~\:
various protocols avail3:ble for . lot system. These '
1Pv4, 1Pv6, 6Lo'NPAN . .;. ,_,y. ••
protocols are used to establish comroµnication between a ,, ,
. ,,...)R~~;l:~X.~f•.,Pf.,Otof.?ls .;~r~-R-~ h~Jbg d~~.~ c~,1\_~e,~e~t Qy~i: -th,~..netwqrt~9L~e l~wer layer protocols
using the ,applica,tion m~rface. The protocols HTTP, COAP, Web Socket, XMPP, MQfl',.D0S, ru:i~ AMQP
are us~~ application layer. 1ii'.·this section we will <14~~s~ e~ch protocol. __ -~ :· . . . . . .
. '. . . . ..~ _:;; : ,.: h:"'-{ ;-::.:, ' : !ti ! ~:•;l -,;,: :
. . .: !-~!f)f..fl.! ~;(J'·~:f,· J.
(1) HTTP
(2). COAP
.: ,j .,_ 1· •.
,• . COAP is used.3:5 web transfer"protocolJor IoT and uses request-response model, · ~-'.·, :
• COAP uses client -server architecture
• COAP also provides methods for communication such as GET; POST, PUT·ilnd DELETE.
·•~. ,
(3) Web Socket
(~PPU-New Syllabus w.e.l academic year 21-22) (PS-35) ~ Tech-Neo Publications•.A SACl-l.lN SHAH Venture
rn
./"
Internet of Things & Embedded Systems (SPPU-Sem.5-Comp)
•
•
(loT: Design M e t ~) .. ..Pa']8 no. ( 3•14)
(4) MQTT
.. ·.1
(5) XMPP
' I • .
;,t[' • XMPP stands for Extensible messaging and presence protocol {XMPP)
·I
• XMPP is used for Real time communication and stre.a ming XML data between network entities
111
11 • XMPP used for applications such as Multi-party chat and voice/video calls.
:i·
• Like IITPP and COAP, MQ'IT uses client server architecture .
1,
!
I( (6) DDS
;1
• DDS stands for Data Distributionservice(DDS)
I
• DDS is a data-centric middleware standard :for devic'e-to-device or . machine-to-machine
communication. I
I
i •
(7) AMQP
• AMQP supports both point-to-point and publisherls~bscriber models, routing and que~. Broker
here receives messages from_publishers and route 1them,over connections-to consumers through
'I
messaging queues.
.I q> (b) Transport Layer
i
; i
'.
• I
,· I
I
• Transport layer protocols provide end-to-end message transfer -capability independent of the
underlying network. This layer is also used to control the flow of data ~egments and handle· the
error control
• Transport layer protDcol provides communication either connection oriented or connection less.
(1) TCP
(2) UDP
• UDP is less reliable as comP.ared TCP bec~use it is connection less protocol and does not support
retransmission of data or removal of duplicate packets.
Network layer is responsible for sending datagram's _from source n_etwork to destination network. Host
addreSsin.g schemes is managed by IP ad~s~~- . .1 = -~
(1) 1Pv4
• 1Pv6 uses three types of address-'Uoicastaddresses; Multi~t addresses ao.'d Anycast addresses.
(J) 61.oWPAN
~ ·.
• 6LoWPAN stands for lPv6 Low Power Wireless Personal Area Network.
• Low power devices and low processing capability uses this protocol for network communication.
' .
• It operates 2.4 GHz frequency and data rate is 250 kb/s
G' ( d) Link Layer
(SPPU-New Syllabus w.e.f academic year 21-22) (PS-35) ~ Tech-Neo Publications...A $ACHIN SHAH Venture
Internet of Things & Embedded Systems (SPPU-Sem 5-Comp) (loT Desiqn MethodolorJY) ... Page no. (3-18)
B.. l . 7 .4 Exdusive Pair Communication Hodel '. Request Sends for Connection Setup .. ~--
·•
·
• Exclusive Pair communication model is a bi- Response for A~ptmg Request
directional, fully duplex communication.
• It uRes a persistent connection between the client Message from Client tc Server
and server. It means once the connection is setup Clien t Server
Message from Server J Client
it remains open until the client sends a request to
close the connection.
• Once the connection is setup client and server
ConnecbOn Close Request , ..
can send messages to each other. Connecbon Close Re$p()nse
._.,,. ,. :,
- -..-.
. ~· -
'11~-r_:• """
• Exclusive pair is a stateful communication model
and the server is aware of all the open (1C1l)Fig. 3.7.4: Exclusivt Pair Communication Mod~~ .
connections.
The Fig. 3.7.4 shows the communication between cLent and server· using exclusive -pair communication
model. ' . • ' I•
: GQ. Yfh~t a/~:lo! co~m~nicat½>n.~Pls! · .. . : . : ._:_ :_ ,>~ 1'.·-·\·'.;}·~:~?-~J:~,: ~-;'.?:~\l!-/ :lf~;(i >t:i\{;1,fGJ(!
, UQ. ..COmpaie REST-based.communication a'nd WebSod:et comr,iiinicatiorl'APL:;'.!}~'.-:'.':::--t • ;,
,_ - - - - - - ·- - - - - - - - - - - - .: - · ~ ~ - - - - - .; ·- ·...;-.,:,··:.: ~ ~:. - .;. .::: _·~ :,.:.~ ~ ,;.,·;..- -.;;; -:,;_.3,~;: -- -r~ ~~ ----__.~~ •..,,.. _. ._.,.,
In this soction we will study two communication APis that are mostly used in IoT based application.
Ilr fore that we will see wbat is APT.
' What is an IoT API?
• The application program or programming interface, :ir API, is ties together the conoocted "things" of the
'1 ntemet of Things."'
• IoT APis are provides the interaction between an loT device and the internet and/or -other elements ·
within the network.
Reso.,,cea
HTTP?ackat '.
URI URI •-~
Consist of
HTTP CH Iil HTTP Command HTTPSerwt Rep,esentalion
.' REST Payload
' Resourcn •
Response
Response
shoy.ld not be wcrry about storage of data in server. Similarly, the server should· not be worry about the
, • •, ' ,I , 1,, ·r
I
user interface of the clienl So s~parately client and server to be independently d~~eloped ~d updated.
2. Statele~s· : Each request from ·client side must contain all th'e·irifo~ation necessar/to understand the,·
. request. So as ()fr request server sends response .. ,. ,, UniJ
3. Cache-able : Cache constraint can be labeled as cache-able.·or non-cache-able.. If a response is cache-·
fil1
able, then a client cache is given the right to reuse that res1>9nse .dI ata
• ' '.· .... , • : . •''
for later,
.~ :
equivalent requests. ·To
•• ; • I • •·
DI
eliminate some interactions.
~. • ' • ' • •
4. Layered System ~ Layered system constraint, define the· behavior of components such that each
·component cannot see beyond the immediate layer. it means a client cannot tell whether it is connected ·
directly to the
e£d seryer, or to an intermediary along the way.
5. Uniform . Interface -: The cpmmunii;atjon betwe~n _a cliert ,~d, a server _~µs_t .~~J uniform _this
~~trafut.is ac~~ed by using Uniform Interface c~ns.traint. Resou~~ are ide;_ti_fi~ _;'~the requests by
URis in web bL~ system and which is unifonn.
6. Code on.demu.d : This constraint' provides provide executable code or scripts for clients to execute
in
1
their context. Tiis Constraint is the only one that is optional. ' '· ' ; I
Data Frame
• WebSocket; APLs ~ bi-directional~-·. full duplex
communica
. - servers.
tion iletween clients and . Data frame
• Client to Lhe server com~unication through lhe WcbSocket communication begin, with
a connectio~
setup request.
• The following Fig. 3.8.3 shows the client sen.·er communication using WcbSocket.
• WebSocket communication starts with the connection setup from client to server.
• After the connection setup the client and server can send data or messages to each other
in full-duplex
mode.
• Advantages of using WebSocket APis is it reduce the network traffic and latency
as there is no
overhead for connection setup and terminat ion requests for each message.
• WebSocket APis is suitable for IoT applications that have low latency or high throughp ut
• I
requirements.
• Sensor network is a very importan t technology and one of the most importan t enablers
of loT th.at is
used for building loT.
• Sensors, transduc ers, actuators these are all very importan t things fonmder standing ofloT
systems.
• Sensors connect with one another; we can obtain importan t information continuously,
in real time
'
remotely, from a larger environment. This is the benefit-o f sensor .network.
• In sensor networks we have individual sensors, whi~h are embedded in somethin g known
. ' . . .
as sensor
devices or sensor nodes, or ~metime s 'also known as sensor modes.
• So, these modes or nodes or devices they have one of their .components which is the sensor,
and they
have other components as well.
• So, these components taken together they com.prise that particula r node or the device
which can help
them to communicate.
• One device communicates with another de~ce, that deyice communicates with another device.
the third
device with a fourth, fourth with the first.and so on.
• As we know that we _have different types of.topologies.,We can have all sorts of topologie
s that we have
already heard of in networks
• But in case of sensor networks we can use a·star topology. .
. . ..1 b
fluctuations .
infonnalion which 1s Set1SL'u y sensor.
TI1en next unit is processing unit. It is usNi to process • . .
• th different nodes. So with the help of trn1ts··,
Third is communication to take pl.ace between ese ,,c,ver
•
devices communication take place. ·
• The four pillars of IoT are !d2M (Machine_~o M_achine), RFID (Radio Frequency ldentificati.on), WSN
0
a 3.10.1 H2M
• M2M enables flow of data between machines which monitors data by means of sensors .
• At other end gathered data is extracts the information and processes it.
• M21\f mostly ~es cellular wireless-networks,· sometimes wired or hyb~d, to connect to central server
(software program).
Internet of Thrngs & Embe<lded Systems (SPPU-Sem 5-Comp) (ioT· Design Methodok:>g)....Page no (3-22)
Smart metering, smart grid, Electric line monitoring, gas /oil I water
3. Utilities/ Energy
pipeline monitoring.
-
Highway, bridge, traffic management, homeland security, poli~, fire
7. Publ ic Safety
and emergency services. -
• For example, if your train is cancelled due to poor weather, a smart alarm clock w:mld determine the
extra Lime you'll need to t.ake a different route, and wake you up early enough_so that yo~'re not late for
work.
• Another example M2M is Smart Home, a connected thermostat can automatically switch the heating on
when room temperature falls below a certain point. You might also have a remote-locking system
cnohling you to open the door to a visitor via your smart phone if you're not at home.
• Key feAtures of M2M communication system are given below:
(a) Low Mob1lily (b) Time Controlled
(c) 1'ime Tolerant (d) Packet Switched·
1· a l.10.2 RFID
• Uses radio frequency to re.ad and capture information stored on a tag attached to an object.
• A la~ can be read from up to several feet away and does not need to be within direct line-of-sight of the
reader to be tracked.
• It uses NFC lNext Field Communication protocol), IC (Integrated Circuit) Cards, and Radio Waves.
• RFID mostly used in many industries for tasks such as personal tracking, access ccntrol, supply chain
management and so on.
(SPPU -New Syllabus w.e.1 iK.Jdt'ITIIC ~ilf 21 -22) (PS-35) Ii] Tech-Neo Publications...A SACHIN SHAH Venture
Internet of Things & Embedded Systems (SPPU-Sem.5-Comp) (loT: Destgn Methodology) .... P;i~~.@:2J}
~
• The following Fig. 3. 10.1 shows the architecture of RFlD.
Backend
i - - - ~ Database
.,,.•.-._: i - - - ~ Database·
.
t·~.:~. ·:_.:.:;:~,. . ;,_,:.t:... .... \ :
User lnte_rfc!.<;~.
• A RFID base Attendance System: RFID system is used to marinatin~ -~d .checking database for
• • •, ' •• • •
I
• ..,- I
•
exact geo location of the nodes.
Prevention - After installing the WSN, the network can also acquire the daily values for temperature
)
I I
and relative humidity in order to determine the likelihood of a fire in each zone under surveillance.
• Alarm - Send an alarm indicating the status of the fire or the probability level and the area.
LS. l.10.4 SCADA
:~~~~~~~~q~}~P~~:W~t.~r~.th~.tl~ff~;~~~iocks),JS~DA ·!.'·:~:-::>~'):::~~;\~::'·r,i;y-s~~·;'~:iJ}.~ - - - .- - - - - - . - - - :
• SCADA is Supervisory Control and Data Acquisition.
• SCADA is used to connect, monitor and control equipment's using short range network inside a building
or an industrial plant.
• SCADA is software used to
control the hardware. For 8-8--1
I
I
e.x~mple PLC, drives, s~rvers, :
sensors and also obtain the data :· ·sMaster
cADA _ _.,. >4--·scADA
RTu .· Sensot
which is stored on the personal
computer or Human Machine ••
I
I
Interface (HMI). :
• SCADA . uses BacNet
.,. HMI
I RTU ·J• I:sensoq •
· (communication protocol), CanBus
(tC20)Fig. 3.10.3 : SCADA Architecture
and Wired Field Buses (Industrial
Computer Network Protocols).
{SPPU-N8 Syllabus w.e.f academic year 21-22) {PS-35) ~ Tech-Neo Publications...A $ACHIN SHA~ Venture
I
1
Internet of Things & Embeddt."d Systems (SPPU-Sem .5-Comp)
(loT: Dcstgn Methodo~y) .. . Pa7~ no . .(~61
• The architectu re ofSCADA System is shown below.
As shown in Fig. 3.10.3 SCADA system consist of following key elements
I. Se nsors : There are two types of sensors analog and digital. Different sensors are use like temperatu
re,
hu midity, current, motion, and water applications. For data acquision sensors are attached with RTUs
to take measu rements.
2. RTU- Remote Terminal Unit: RTU connects to sensor in the process as well as SCADA master using
communica tion network. They deliver various parameter s to central station (SCADA master) to
be
managed by them.
3. RMI! Human Machine Interface :· HMI _is interaction on h~an operators and machines. HMI is
tools that presents process data to a human operator and through this the human operator monitors
and controls the process.
4. SCADA Master : SCADA master consist of programm able controls, multiprotocol support and provides
0
human interface. It takes inputs from sensors through RTUs and ~~trols various ~pplications. SCADA
master provides various display formats like graphs, tabular and other ·r o~.' It also provides
email/paging based on certain conditions .
5. Commun ication medium/n etwork : It is work as interfaces to connect SCADA master with SCADA
RTIJs .
~ SCADA Applicatio ns
2. Water and Sewage - Monitor and control water level, water. flow and water pipe pressure.
3. Building - Control heating, ventilation, air conditioning, visualization, lighting and. building access
systems.
4. Mass Transit - regulation of electricity, track and locate buses, trains
5. Railways /Roadway s - Control traffic signal lights
Case Study : Home Automatio n using loT communication models and IoT communication APis
System Managem ent Requirem ent : The system should provide remote monitoring and
control
functions .
Data Analysis Requirement.a: System should perform l~l analyais of data.
. --
(SPPU ·NN Syllabus w.e.f academic year 21-22) (PS-35) [ii Tech-Neo Publications...A SACHIN SHAH Venture
) (loT: Design Melhodology) .... Page no. (3-2?}_
Internet of Things & Embedded Systems (SPPU-Sem.5-Comp
interv ention .
must be available
Secur ity Requ ireme nt: Authenti~ation to Use the ~stem
;
·--:
. .• J
Auto·· -:-
Unit
fill
Ill
State-On State-Off·
Level-Low Level-High 0
,:. ' · .. .
• Step 3 : Doma in Mode l Speci ficati on
described _as foll!'.!ws .
Domain model specification elements for Home autom~tion System • ~ • ' • . • ' • ?
. (SPPU•New Sylla~ w.d academic year 21-22) (PS-35) litl Tech-Neo ~ -SACHIN SHAH Venture
Internet of Things & Embedded Systems (SPPU-Sem 5-Comp) (loT· Design Mcthodology)....Page no. (3-28)
u- lnt~,act w~h
!
1 I
Active Human
.,--•---·-: t________J f
Digital
App
User
Ser,lce
As:OOated
.i·-······1.
E~poses
wit~
Wtuat
Entijy i Relale&lo
·'
Physical
Entity Monil01$
·~ Room ! Room
i
Resource
Virtual .·
Entity • ,.
...i Relates to
, _Physical ~
.., Ent~y
!I ri ~Appliance :· ·· Appliance f
Acton
!
I II
Network·
ResotJree
On Drive'
Resource
Hosts
I "''~ Device : ·~;
Minicomputer
Attached to f Attached to
I I
· se~o/' ~A~lua~;
---
---+ Agg~tion
Generalizaf ion/Specializalion LOR .• .: .
r
,. ,~· .
L.
..
f, Relay.';·
·:..·u ,h.. •;J,•
••',,
relations with the help of class >~I- ;,..~ , • .:
/,R(?Qmld: Room:t:i
~
diagram.
::., • Attribute: .-: ': ''!J-
::r·•,.. Attribute:
. ..'
Home automation System- ": lighHevel ' '. ~ :: State :'
:·Allributl!Namrl.' i!9i'ttributeNam
There are two virtual entities- .. lightlevel :-::
,AllributeType:";. '!f
. . .
lightState i
Typ ''
Light Appliance (light state), ,.. level . .
!i
Room (light level)
(SPPU-New Syllabus w.e.f academic year 21-22) (PS-35) ~ Tech-Neo Pubfications...A SACHIN SHAH Venture
(loT: Oe~t~ Mc thodot~J _Pa 9
lnlemel ol Things & Embedded Systems (SPPU -Sem 5-Comp) -- "== <)~13-29\
~
• Step 5 : Service Specification
There are three types of services used in Horne Automation System.
l. Mode Service: It sets the mode auto or manual or retrieves the current mode.
2. State Service : Sets the light appliance state to on/ofT or retrieves the current light state.
3. ~ontroller Service : In auto mode, the controller service monitors the light level and switches the
light on/off and updates the status in database. In manual mode, the controller service ' rctrie ves the
current state from the database and switches the light on/off
Service specification is shown below with help of process specification and information modt:I
specification.
.
:,State: On':,' ,_.State: Off_
;;' ·state: On,·: · State: Off;:,
- . .:.:
Controller Service
• The r'unctional View (FV) defines the functions of the IoT systems
grouped into various Functional Groups (FGs). The following
Fig. 3.10.9 shows Functional · view specification of Home
Rosouroe
Automation System.
.::~ :,r;,
.a"'pticalion . ,·. · • Database·.
App. .,,_.,... ~ . ...., . •.., . .
REST/V\lebSocket - ·:::. Se_rver _· -.. Server ..
Communication • .,.:.,.. · . . .... · •·f.~-....~;i•
.. .. $e.c.u,rJty:·:;
I ·:~~S~WebSo ~~::::j=~-::::::.jEc~s~~~~~fr~;::::::::==:r .-._: ·
.--+--
·Authenli-:
Database ... cation ,
Device
0
Monibring Node
(SPPU-New Syllabus w.e.f academic year 21-22) (PS-35) ~ Tech-Neo Publications...A SACHIN SHAH Venture
lnte11'1el of Things & Embedded Systems (SPPU-Sem.5-Comp) (loT: Oes~n Met~ J ... P~e no. {~31l
6. Application maps- to the Application FG (web application, applicalion and dalabase servers).
Management FG (App management) and Security FG (app Security)
.
Operational View specificatioil.S for,the hoqie automation example are:
-
• Devices: Computing devi~e (Raspberry Pi), light dependent resistor (s~nsor), relay S\V]tch (actuator).
- ";! . · ·- •• ~ ; ,t.' .
Services
·! ...: ·"
\
~- --~-~ t
(1) Controller Sem~ ;;Host:~d~~n·device: i~pie~ented in Python and run a~ a native service.
• ~- ':/:{~·:· ...... , ' .. '.10:''.· :.. ·• ', :~
,. ~> •.~-~·;·
(2) Mode service - ~ST-ful ~e~ service, hosted on device, implemented witfg~_ango~R~ST Framew,ork.
,, :• . . ' .' ,
(3) State service - REST-ful ~eb ~e~ce, ~osted on device, implemented with Dj.ang~-REST F~a~;~ork. I
~
Application
.. ,
I
- . . \ . i:-.
(1) Web Application
.
- Django
. Weq.....Application,
.
Security
. ;_
Management
(S?PU-New Syllabus w.e1 academic year 21-22) (PS-35} 1§1 Tech-Neo Publica~ SACHIN SHAH Venture
Internet of Things & Embedded Systems (SPPU-Sem.5-Comp) (loT: Desig~ <!9.Y) .. Pago no.J ~-'32)
. . . : f ... .. .. .
... ..... ..··g
ABC OE "' F G H I J
: : : .. .
. . .
• . ..., ...
. ~, ... . ... ...
.. •........,., .... .. .•
·~
• •'1 ••
~
. ........ . ...
• .. • • • I; • ~ •
•. • ..• • J • •
....
~
' ....
.. .. :·i ··0~•=::· · ......
. . ,·
. :P:. ::
-~ ·-:~ --..,,>;·
\ _____________t1r~
·.,_. _': "·1·:;;;.:': -~\ ~ :: ·:::: 1- =:::: .....
': ~-~·: ',t: _
.........
:
.,;.·•· ~····
_;';;,t
..
ti
t,f~j~;.J~:1:~~..\i ~' . . . .. ....· ..::::
:: .::::1 ...
... ... ..
~.:..s; .=i-~?l.!:ot■
. ~-·f., ';·
,. ' .~ ·.:>
::;:. r,~:-•--~-~
;.
.,~=. ::::1
.
. .
. .
. .
.
...... ...... . :::::
...
.... . . . ...
\ .:•ire '¢.
:.:
. ... .. ......
:":
-~·c-;•7j;t
..
. . . ...
,..•-'\" •·
).~ : 'i
~•hJ:, . •
...
.
..
.• .•...• • . • • ·.• 1. ..
· > .?; . ·. .;. . ... ·· Ii 1 · ... ...
.
..
......
Ol'Y«
'.".'ftif!i \
';'oo· ;~f:IOI( .
:~~••(~l"'1: '-----...1-:,I:.I ·.:,J..1-:.• .:• .:• .:• • .•••• ...
1 ·. : .: : :
:1:, ! : : ! .: : : : . .
.,. ···-
•I• ·• • ,.
.. I • , • e•.... . .
♦ ♦ • • •
• • • _ ....i,...-.t- -Qi
:I: . .. . . . ... . .. ..
: : : _•I • •• • •
• 1•
• 1•
.• • • • ..
....
• • .. ...
.• , Jj . . . .
.... .
. - ••••
• 1.. - • • • • • • ••••
ABC OE FGHI J
Chapter Ends...
□□□
UNIT 6
Security in loT
CHAPTER 6
Syllabus
Introduction, Vulnerabilities of loT, Security Requirements,Challenges for Secure loT, Threat Modeling.
Key elements of loT Security: ldentity establishment, Access control, Data and message secur1ty,
Non-repudiation and availability, Security model for loT, Challenges in designing i0T applications,
Lightweight cryptography.
Case Studies : Home Intrusion Detection.
UQ. What are the challeges for securing IOT. (SPPU - May June 184 Marks). 6-6
(SPPU-NewSyllabuS wef academic year 21-22)\(P5-35) GTech-Neo Publications..A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem.5-Comp)
(Security in loT)..Page no. (6-3)
H 6.2 VULNERABILITIES.OF.IOT
Lack of privacy protections : IoT devices often. collect, and store users' personal. information, which
may be compromised if hackers are able.-to. bypass built-in security, features and authentication
protocols. The broader IoT system - including data stores and API interfaces can also be leveraged to
steal sensitive data unless properly secured.
Improper data transfer and storage: Even the most robust IoT equipment-can be exploited ifuaers
fail to encrypt data within their IT ecosystems. Sensitive information can be stolen at the point of
collection, while it's in transit or during processing. This accounts for why access controls are considered
UNIT
a top priority when managing a fleet of interconnected IoT devices.
End S
(SPPU-New Syllabus w.e.facademic year 21-22)(P5-35)
Tech-NeoPublication..A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem.5-Comp) (Security in loT)..Page no.(6-4)
6.3 SECURITY REQUIREMENTS
(SPPU-New Syllabus w.e.f academic year 21-22)(PS-35) Lal Tech-Neo Publications..A SACHIN SHAH Venture
(SPPU-Sem.5-Comp) (Security in loT)... Page no. (6-5)
Internet of Things & Embedded Systems
used to represent the identity of
Unique & Replaceable Certificates : Any cryptographic credential
server or a client credential for authentication)
the device or service (whether as a TLS certificate for a replaceable
private key and certificate must be
must use a unique private key and certificate, and this
business need. Devices and services should allow the
in the event of expiration, compromise, or other
use of an arbitrary CA for signing these certificates.
(Note that this does not apply to certificates never
verification of a firmware update or a verified
presented outside of the device, such as those used for
boot process.)
services for use in loT
Commitment to Security Updates : Vendors providing devices and
a timely fashion. Updates should
deployments must make a commitment to release security updates in
updates should include a deadline of 30 days.
come as soon as practical, but a commitment to security
Any issues discovered by Google must be
Security issues must not be outstanding longer than 90 days.
issue no later than 90 days after it
subject to our disclosure policy which calls for public disclosure of an
lifetime that is reasonable for the expected
is reported to the vendor. This commitment should have a
installation duration of the device.
functioning of the device or
Minimum Service Exposure : Any service not required for the proper
unnecessary exposure of services like
service must not be exposed on anetwork interface. In particular,
services must not have undocumented extra
telnet, ttp, or database servers must be avoided. Exposed
functionality that may pose a security risk.
the use of WPA2. WPA2-PSK must be
WiFi Must Use WPA2 : Any WiFi connections must support
must be compliant with IEEE
supported, and WPA2-EAP should be supported. Implementations
supported cipher suites, passphrase
802.11i. There must not be any device-imposed limitations on the
lengths, or other security features of the implementation.
4.0 or higher. Bluetooth
Bluetooth Security : Devices supporting Bluetooth must support Bluetooth
must provide a scure pairing
interfaces providing a PAN profile or access to configuration interfaces
mechanism.
Time Protocol-(NTP) server.
Sync Clocks with NTP : All device clocks must be synced to a Network
for events occurring.on the
This ensures proper certificate validation for TLS, proper log timestamps
obtained via DHCP options
device, and results in lower administrative overhead. NTP servers must be
be compliant with IETF RFC59)5.
or user-configurable hostname. The NTP implementation should
No External Network Connectivity : Devices and services must not
provide network connectivity
cellular network connectivity,
that would bypass network firewalls. This includes, but is not limited to,
communications.
VPN connections to third-party endpoints, or.other techniques for tunneling
Non-WiFi wireless interfaces
Use of Non-WiFi Wireless Interfaces : Many loT devices make use of
must not
in the 900 MHz or 2.4 GHz ISM bands, including technologies like 802.15.4. Such interfaces
traffic
directly route traffic between the non-WiFi interface and a WiFi or wired ethernet interface. Any
should be proxied through an application-layer proxy to minimize the risk of maliciously crafted packets
on the shared network. These interfaces must take reasonable steps to provide confidentialiy and
integrity of communications. These interfaces must also use the minimum amount of power necessary
for the task ahead to minimize the range of wireless signals, such as making options available to tune
power for the particular installation. Options to disable specific interfaces should be present.
(SPPU-New Syllabus w.e.f academic year 21-22)(P5-35) Tech-Neo Publications..A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem.5-Comp) (Security in loT) Page no. (6-6)
Identification and Delivery of Open Source Components : Any open-source software compon 2nts
must be identified with the name of the project, license, and version being used. Any components wuh a
copyleft license (e.g.,GPL) must have source included at the time of delivery.
Graceful Degradation: In the event of a lack of network connectivity or other communications
failure, the device must degrade into a reasonable state that maintains security. The device must not
tall back to unencrypted or unauthenticated communications, but should function locally in a manner
appropriate for the type of device.
Test Resilience : All devices must be able to handle network traffic conditions that are artifically
generated for testing, such as security tests and authentication retries. This includes arbitrary netv/ork
traffic, including that which leaves hung connections or sends unexpected traffic. Should said traffic
exceed the capacity of the tested device, the device should gracefully degrade its functionalities and
automatically resume normal operation when the traffic is back to normal.
H 6.4 J0T SECURITY CHALLENGES
GQ Explain Seçurity Challenges of IOT
iUQ. What are the challeges for securing QT (SPPU -May /June 18 4 Marks)
Afew years ago,security professionals were focused solely on protecting mobile devices and compuzers.
Today, there is a proliferation of IoT devices. There are over 7 billion devices around, and that number
could increase to 20 billion by 2020. More loT devices mean increased security vulnerabilities acrose the
enterprise, and it is a growing challenge for security professionals.
3 Lack Of Encryption
Although encryption is a great way to prevent hackers from accessing data, it is also one of the leading
IoT security challenges. These devices lack the storage and processing capabilities that would be fc und
on a traditional computer.The result is an increase in attacks where hackers can easily manipulate the
algorithms that weredesigned for protection. Unless an enterprise resolves thisissue, encryption won't
be a security asset.
In addition to the vulnerabilities of the loT devices, the other concern is with interconnected legacy
systems. In an enterprise with a growing number of loT devices, legacy technologies might seem out of
place. Abreach of an loT device could also result in a breach of a legacy system that lacks modern
security standards.
(SPPU-New Syllabus w.efacademic year 21-22)(PS-35) Tech-Neo Publications.A SACHIN SHAH Venture
Inteme! c Things &Embedded Systems (SPPU-Sem.5-Comp) (Security inloT)...Page no (6-7)
5. Weak Default Passwords
Mary IoT devices come with original default passwords that are weak. Although it i_ recommended that
you change the passwords, some IT leaders fail to take this simple step. Aweak, easy-to-guess password
couid leave an IoT device vulnerable to a brute force attack. This is issue so prevalent that California
banned default passwords in 2018.
6. Uneliable Threat Detection Methods
Enterprises have numerous methods of detecting data breaches, which involve-spotting common
indicators, monitoring user activity, and other security protocols. However, due to the growing number
of IbT devices and the complexities of each device normal threat dedication methods could be less
reliable and more of a challenge.
7. SmallScale Attacks In IoT
Although security professionals are focused on preventing large scale attacks, it is actually the _mal
scale attacks th¡t could be among the more serious loT security challenges. Small scale attacks are
more difficult to detect and could easily occur without an enterprise being aware of it. Hackers can
breach common enterprise technologies such as printers and cameras.
8. Phishing Attacks
Phishing is alréady a security concern across all enterprise technologies, and loT devices represent the
latest attack vector. Hackers could send a signal to an IoT device that triggers numerous complications.
Although it is one of the most common forms of security attacks, and it can be stopped, many
organizations fail to properly train their workers about the latest phishing threats.
9. Inability To Predict Threats
Security professionals need to be proactive in order to prevent IoT security breaches before they occur.
However, some enterprises might lack a robust management system that could monitor ractivity and
provide insights into potential threats. Without this type of solution, an enterprise won't have the
cap[bilities to spot potential breaches ahead of time.
Software. updates is one way that IT professionals ensure that computers and mobile devices are as
secure as can be. Some loT devices may lack the amount of software updates that other technologies
may receive. In addition, enterprises struggle to provide critical security updates to IoT devices in the
field.
With some enterprises using loT devices for electronic payments, there is always a risk for à hacker to
breach and steal the money. Some organizations are integrating machine learning or blockchain to stop
finæncial fraud before it happens to an internet-connected device. However, not every organization has
ried this solution yet.
UNIT
VI
End S
(SPP J-NEw Syllabus w.e.f academic year 21-22)(P5-35) Tech-Neo Publications.A SACHIN SHAH Venture
Intemet of Things &Embedded Systems (SPPU-Sem.5-Comp) (Security in loT)..Page no. (6-8)
Threat modeling consists of defining an enterprise's assets, identifying what function each application
serves in the grand scheme, and assembling a security profile for each application. The process
continues with identifying and prioritizing potential threats, then documenting both the harmful events
and what actions to take to resolve them.
Or, to put this in lay terms, threat modeling is the act of taking a step back, assessing your
organization's digital and network assets, identifying weak spots, determining what threats exist, and
coming up with plans toprotect or recover.
It may sound like a no-brainer, but you'd be surprised how little attention security gets in some sectors.
We're talking about a world where some folks use the term PASSWORD as their password or leave
their mobile devices unattended. In that light, it's hardly surprising that many organizations and
businesses haven't even considered the idea of threat modeling.
(SPPJ-New Syllabus wef academic year 21-22)(P5-35) a Tech-Neo Publications...A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem.5-Comp) (Security in loT)...Page no (6-9)
a 6.5.2 Need of Security Threat Modeling
GQ. Why Do We Need Security Threat Modeling?
Just how bad is the cybersecurity situation that we need to create things like threat modeling to help
combat it?
41
Cybercrime has exacted a heavy toll on the online community in recent years, as detailed in this piece
by Security Boulevard, which draws its conclusions from several industry sources. Amongmedia-enabled
other things,
the report says that data breaches exposed 4.1 billion records in 2019 and that social
cybercrimes steal $3.25 billion in' annual global revenue.
According to KnowBe4's 2019 Security Threats and Trends report, 75 percent of businesses consider
insider threats to be a significant concern, 85 percent of organizations surveyed reported being targeted
by phishing and social engineering attacks, and percent of responders cite email phishing scam3 as the
largest security risk.
As a result of these troubling statistics, spending on cybersecurity products and services is expected to
surpass $1 trillion by 2021.
Cybercrime is happening all the time, and no business, organization, or consumer is safe. Security
breaches have increased by 11% since 2018, and awhopping 67 percent since 2014. Smart organizations
and individuals will take advantage of any reliable resources to fight this growing epidemic, arnd sound
threat modeling designing for security purpo_es is essential to accomplish this
a 6.5.3 Ten Threat Modeling Methodologies
There are as many ways to fight cybercrime as ther are types of cyber-attacks. For instance, here are
ten popular threat modeling methodologies used today.
1. STRIDE
A
methodology developed by Microsoft for threat modeling, it offers a mnemonic for identifying security
threats in six categories :
Spoofing:An intruder posing as another user, component, or other system feature that contains
an identity in the modeled system: .
Tampering: The altering of data within a system to achieve a malicious goal.
Repudiation : The ability of an intruder to deny that they performed some malicious activity, due
to the absence of enough proof.
Information Disclosure: Exposing protected data to a user that isn<t authorized to see it.
Denial of Service : An adversary uses illegitimate means to exhaust services needed to provide
service to users.
Elevation of Privilege : Allowing an intruder to execute commands and functions that they aren't
allowed to.
(SPPU-New SyilabuS w.e.f academic year 21-22)(P5-35) Tech-NeoPublications.A SACHIN SHAH Venture
internet of Things &Embedded Systems (SPPU-Sem 5-Comp) (Security in icT)..Page no. (6-10)
2 DREAD
Proposed for threat modeling, but Microsoft dropped it in 2008 due to inconsistent ratings. Openstack
and many other organizations currently use DREAD. It's essentially a way to rank and assess security
risks in five categories:
Damage Potential:Ranks the extent of damage resulting from an exploited weakness.
Reproducibility : Ranks the ease of reproducing an attack
Exploitability : Assigns a numerical rating to the effort needed to launch the attack.
Affected Users A value representing how many users get impacted if an exploit becomes wicely
available.
Discoverability : Measures how easy it is to discover the threat.
3. P.A.S.T.A
This stands for Process for Attack Simulation and Threat Analysis, a seven-step, risk-centric
methodology. It offers a dynamic threat identification, enumeration, and scoring process..Once experts
create a detailed analysis of identified threats, developers can develop an asset-centric mitigation
strategy by analyzing the application through an attacker-centric view.
4. Trike
Trike focuses on using threat models as a risk management tool. Threat models, based on requirement
models, establish the stakeholder-defined "acceptable" level of risk assigned to each asset class.
Requirements model analysis yields a threat model where threats are identified and given risk values.
The completed threat model is then used to build a risk model, factoring in actions, assets, roles, and
calculated risk exposure.
5. VAST
Standing for Visual, Agile, and Simple Threat modeling, it provides actionable outputs for the specific
needs of various stakeholders such as application architects and developers, eybersecurity personael,
etc. VAST offers a unique application and infrastructure visualization plan so that the creation and use
of threat models don't require any specialized expertise in security subject matters.
6. Attack Tree
The tree is a conceptual diagram showing how an asset, or target, could be attacked, consisting of a root
node, with leaves and children nodes added in. Child nodes are conditions that must be met to make the
direct parent node true. Each node is satisfied only by its direct child nodes. It also has "AND" and "OR"
options, which represent alternative steps taken to achieve these goals.
7. Common Vulnerability Scoring System (CVSS)
This method provides a way to capture a vulnerability's principal characteristics and assigning a
numerical score (ranging from 0-10, with 10 being the worst) showing its severity. The score is then
translated into a qualitative representation (e.g., Low, Medium, High, and Critical). This representazion
helps organizations effectively assess and prioritize their unique vulnerability management processes,
(SPPU-New Syliabus wefacademic year 21-22)(PS-35) Tech-Neo Publications.A SACHIN SHAH Verture
Internet of Things & Embeddec Systems (SPPU-Sem.5-Comp) (Socurity in loT)..Paqe no (6-11)
8. T-MAP
T-MAP is an approach commonly used in Commercial Off the Shelf (COTS) systems to calculate attack
path weights. The model incorporates UML class diagrams, including access class, vulnerability, target
assets, and affected value.
9. 0CTAVE
The Operationally Critical Threat, Asset, and Vulnerability, Evaluation (0CTAVE),process is arisk
based strategic assessment and planning method. OCTAVE focuses, on assesing organizational risks
only and does not address technological risks. OCTAVE has three phases:
Building asset-based threat profiles, (Organizational evaluation)
ldentifying infrastructure vulnerabilities. (Information infrastructure evaluation)
Developing and planning a security strategy. (Evaluation of,risks to the company's, critical, assets
and decisioD making.)
lmagine a scenario where a user on your customer service team places a spreadsheet containing
customer Personally ldentifiable Information like Social Security Numbers or other sensitive records onto a
globally accessible shared folder. When it comes to User Centric Model: this woulda't be a problem, everyone
has the proper rights to access that file. So when it comes to IoT it works well if more device are connected
in the network. Data Security Model: this is a huge problem as sensitive information is now available to
every intern, contractor or "coasting through their tenure until they take a new job at your biggest
competitor" employee with network access. This scenario makes plain the big dependency of a Data Security
approach:data classification. More in the IoTs and organizations.
a 6.7.1 INTEGRITY
It is easy to define integrity of data but far less easy to ensure it. Only accurate and up-to-date data has
data integrity. Any person or organization that stores data needs it to have integrity. Methods [2]that
can be used to give the best chance of achieving data integrity is not covered in this paper. In a simple
way, data integrity: a requirement for data to be accurate and up to date. Integrity protection includes
preservation against sabotage and the use of counterfeit units or components. Another critical factor
that influences data integrity is the robustness and fault tolerance capabilities of the IoT System.
Sensor networks, such as RFID solutions, face also other issues that limit their capability to overcome
integrity problems as many of their components spend most of the time without being attended to.
Attackers can either modify the data while it is stored in the node or when it travels through the
network. Read and write protections as well as authentication methods are common solutions tothese
1SSues.
(SPPU-New Syllabus w.e.f academic year 21-22)(P5-35) A Tech-Neo Publications..A SACHIN SHAH Venture
internet of Things & Embedded Systems (SPPU-Sem.5-Comp) (Security in loT)..Page no. (6-13)
Data integrity is also ensured by password-based solutions, which brings into account the shortcomings
the
of password protection, such as vulnerabilities related to password length and randomness. Also,
resources found in common IoT systems do not support typical cryptographic solutions because of the
limited resources available. Integrity for the Internet of Things not only is required to be guarded from
external sources but also for internal processes, such as service integrity.
Operating systems rigid process separation, known as Multi Level Security (MLS), help devices to avoid
unauthorized modifcation from code running with high privileges. Nevertheless, MLS approaches have
not been deployed widely as in some cases can be considered as expensive as well as not compatible
with other loTs software. Other approaches to guarantee integrity use hash values which are stored
externally to avoid compromises. Hardware solutions have also been proposed for integrity purposes, a
challenge-based solution is mentioned in by the use of symmetric or asymmetric keys known as Trusted
Platform Module (TPM). Process integrity is also required by IoT devices, process integrity relies on the
device, communication, and algorithm implementation integrity.
6.7.2 PRIVACY
Data privacy is a requirement for data to be available only to aut.horized users. Data privacy is about
keeping data private rather than allowing it to be available in the public domain. The term 'data
amount
prnvacy' may be applied to a person or an organization. Each individual has an almost limitless
of data associated with their existence. Assuming that an individual is not engaged in criminal or
subversive activities, he or she should be in control of which data about himself or herself is made
public and which data remains private.
An organization can have data that is private to the organization, such as the minutes of management
meetings and financial reports and business plans. For an individual there is little chance of data
privacy if there is not a legal framework in place to penalize offenders who breach this privacy. Such
laws are referred to as data protection laws and that depend on the particular country. The major
aspects of data protection laws relate to personal, therefore private, data that an individual supplies to
an organization. The data is supplied to allow the organization to use it but only for purposes
understood and agreed by the individual.
Data protection laws oblige organizations to ensure the privacy and the integrity of this data.
Unfortunately having laws does not guarantee adherence to them but they do act as a deterrent if
wrong-doers can be subject to legal proceedings. The IoTs are not bound by the protection laws and
privacy because it uses its now environment and it directly connected to the device in the environment
using the internet.
(SPPU-New Syllabus wef academic year 21-22)(P5-35) Tech-Neo Publications.A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem 5-Comp) (Socurity in loT) Page no (6-14)
H 6.8 SECURITY CHALLENGESWITHIN THE IOT
GQ. Explain Security challenges within the loT
As the IoT expands and becomes more interwoven into the fabric of our everyday lives, as well 3s
becoming an increasingly important component of our critical national infrastructure, securing it3
systems becomes vital.
The securing of systems can be based upon a number of principles, from the CIA of information security
(confidentiality, integrity, and availability), tothe five pillars of information assurance (onfdentiality,
integrity, availability, auth.enticity, and non- repudiation) and the Parkerian. Hexad (conf.dentiality,
integrity, availability, authenticity, possession, and utility) (Parker 1998). Research articles ciscussing
security considerations relating to cyber-physical (as opposed to information) and IoT syste ms vary in
which principles they adopt.
The majority of researchers restrict consideration to the CIA. The Parkerian Hexad, whilst originally
the
offered as an improvement to overcome the limitations of the CIA, is often rejected; indeed,
usefulness of the Hexad remains the subject of debate among security professionals (Feruza and Kim
2007). Others go beyond these earlier principles and include robustness, reliability , safety, resilience,
performability,and survivability (see for example Sterbenz et al. 2010). It is certainly worth onsidering
all of these components of security, especially in complex cyber-physical systems such as the LoT.
understanding that the
However, for this piece we use the three broadest categories. of the CIA,
most significant
compromises may be of physical as well as information assets. We discuss some of the
must be
challenges, highlighting which principles are under threat of compromise. However, i:
recognised that this is not an exhaustive list of the security challenges
a 6.8.1 Physical Limitations of Devices andCommunicacions
and
In any application area, IoT devices are usually embedded with low power and low area processors,
even to the smallest
it has been recogmised that 'the Internet Protocol could and should be applied
devices' (Mulligan 2007).
CPU.
Constraints on IoT devices limit the ability to process information at speed - there is a limited
satisfy
memory, and energy budget. This means that challenging forms of security are required wt.ich
consumption.
the competing goals of strong performance and minimal resource
6.8.2 Heterogeneity, Scale, and Ad-hoc nature
It has been recognised that the high level of heterogeneity (Sicari et al. 2015; Misra, Maheswaran, and
Hashmi 2016), compounded by the large scale of IoT systems, will magnify security thr:ats to the
current intemet. Roman, Najera, and Lopez (2011) notes that heterogeneity has 'great inf.1ence over
the protocol and network security services that must be implemented in the IoT"
Security solutions have to cope with entities with varying hardware specifications, and nee to provide
authentication and authorisation of IoT nodes (Malina et al. 2016), as well as key agreement (Suo et al.
2012).
It has been recognised that there is a need to exercise access control over [the Internet of Things] at the
edge of the network in the device or, at least, a local access controller for the device' (Cerf 2015). There
is an important role in establishing whether the user, once identified and validated, has permission to
access the requested resources (Abomhara and Koien 2014):sri;a
Access control requires communication between entities (often restricted to. software. entities rather
than human, since users impact on the system through the software entities that they control) to
request and grant access.
There are various models for access control such as Discretionary Access: Control. (DAC- where an
administrator determines who can access resources); role-based.accèss.control (RBAC -allowing access
based on the role that the requester holds); and attribute-based access control (ABAC - where.rights
are granted through policies which evaluate the attributes of the user,iresource. requested and the
environment from which the request is made).
a 6.8.5 Implementation, Updating, Responsibility, and Accountability
It is vital, though often overlooked in discussion, that the implementation and. updating of security
protection must be both manageable and low cost. loT systems can be geographically remote, and
involve sensors and actuators in extreme and challenging environments. To. protect the cyber. security of
the system it is vital that any vulnerabilities are addressed as soon as they are discovered. As such,
there is a need for remote access to allow these system updates.
The latest software patches could be installed dynamically, and the»process managed'through cloud
assisted frameworks; however, designing a secure mechanism for dynamic installation is a challenging
task (Maglaras et al. 2016). It must also be recognised that updates can change the functionality of
devices, and these changes may not always be aligned with user expectations (Rose, Eldridg, and
Chapin 2015). For this reason, in cases where a user has responsibility or control over 'äpplying a patch,
they may decide against updating if they feel the risk of compromise oútweighà the iegative impact on UNIT
functionality (Cavusoglu, Cavusoglu, and Zhang 2008).
End Se,
(SPPU-New Syllabus w.e.f academic year 21-22)\(P5-35) a Tech-Neo Publications..A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem.5-Comp)
(Securityin loT)...Page no.(6-16)
The Dyn attack in 2016 was illustrative of the significant impact a botnet of the likes of unpatched
printers, IP cameras, residential gateways, and baby monitors can have in conducting a distributed
denial of service attack. This leads to another significant challenge regarding responsibility, liability,
and accountability in the LoT.
& 6.8.6 Security issues in Healch, Well-being, and Recreation
Recently, there have been an increasing number of attacks where the victims have been hospitals.
There have been a myriad of potential and actual attacks on individual connected devices, including
drug delivery systems, electronic health implants, insulin pumps, and pacemakers.
However, recent years have seen attacks being discovered that are unprecedented in their scale and
surface. In particular, the MEDJACK attack (Storm 2015), first discovered by Trend Micro, impacted on
blood gas analysers, computerised tomogram apparatus, magnetic resonance imaging systems, and
X-ray machines. Attacks have been carried out that targeted communications protocols as well as
devices.
6.8.7 Security issues in Connected and autonomous vehicles
The connected and autonomous vehicles (CAV) area is complex and involves many different sensors,
actuators, infrastructure, communications protocols, and services.
Thes services vary from small, simple services running on only a few components, through to global
services involving significant parts of the critical national infrastructure. This work cannot encompass
all of the types of system and potential and implemented attacks.
However, it is possible tohighlight some of the most significant attacks.
6.8.8 Security issues in Industry 4.0
Industry 4.0 has been heralded as a transformational move that brings together data, connectivity, and
autonomy to create the Fourth Industrial Revolution. However, there exist a number of signifcant
threats to these cyber-physical systems. Significant cyber-physical attacks have been reported over a
number of years, and there are likely a significant number of attacks that are not reported, or even
discovered.
Examples include the Maroochy Water Services attack in Australia in 2000, in which the sewerage
system encountered a series of faults where the pumps were not running when they were supposed to
be and alarms were disabled. This was further aggravated by a loss of communication from the central
computer with various pumping stations. Similarly, Stuxnet had a rapid and significant impact on the
Iranian nuclear industry. More recent attacks include the 2014 attack on a German steel mil, and
disruptions to the Ukrainian energy network
a 6.8.9 Securicy issues in Logistics
The loT appears to offer significant efficiency and business opportunity in logistics. There are various
application scenarios, which inevitably creates a large attack surface. One recognised attack is the
manipulation of embedded data, either by malicious substitution of tags or by modification of tag
information (Misra, Maheswaran, and Hashmi 2016). Whilst logistics are often thought of as part of the
road network, it should be recognised that logistics also involve rail, air, and sea.
(SPPU-New Syllabus w.e.f academic year 21-22) (P5-35) la Tech-Neo
ech Publications..A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem 5-Comp)
(Security in loT) Page no (6-17)
A particular valnerability concerns the modification of ship details including position, course care
flagged country, peed, name, and MMSI (Mobile Maritime Service Identity) status (Balduzzi, Pasta Bnd
Wilhoit 2014). T further intensify an attack. the creation of fake vessels with all the same details of ax
existing vessel can be exploited, forexample, having an Iranian vessel with nuclear cargo appear off the
coast of the US. This compromises the confidentiality and integrity of the system
A 6.8.10 Security issues in Smart Grid
Attacks on critical national infrastructure for energy, such as the reported attack by China and Russia
on the United States (see Misra, Maheswaran, and Hashmi 2016), and the attacks on Ukraine have
been discussed extensively in white papers, academic papers (see Liang et al. 2017) for example, and
the wider press.
These attacks are predominantly (though it may be argued not exclusively) attempting to disrupt
availability in these cyber physical systems. However, there are a number of other attacks known
within Smart Grid technologies.
A 6.8.11 Security issues in Homes, Buildings, and Offices
There is a vast range of devices for the smart home promising intelligent resource efficiency through
remote and instant access and control. Whilst such devices and services offer economic and functional
benefits, they do increase security risks. The key risks that such devices represent are to confidentiality
and privacy. Some issues, such as how energy consumption can provide inferences for profiling, have
been discussed previously. So, too, have the use of connected home devices and their contribution to the
Dyn attack.
The types of devices that have been compromised already include cameras, printers, doorbells, weighing
scales, and recently, in the UK in particular, home routers, among many others. Whilst lack of
availability of these devices is inconvenient, when the power of all devices is combined into a botnet, the
global impact can be significant.
6.9 CHALLENGES IN DESIGNING 10TAPPLICATION
loT security has always been a controversial issue. The first challenge to be considered is that security
and privacy of IoT are fundamentally different from the network security that we've known. The
following lists some key points for security design that are considerable :
1. Physical Security :IoT devices are often located in open fields and are unattended and physically
unprotected. You must ensure that they will not be maliciously tampered with by a vicious
organization, breached by hackers, or operated using a flat-head screwdriver. Also, you must
protect data that gets stored on the devices in any form. Although it is costly to embed a security
protection component on every IoT device, it is still important to encrypt data on these devices.
2. Security of Data Exchange : Data protection is also important because data must get
transmitted from the loT sensors and devices to the gateway, and then to the cloud. Therefore, use
of encrypted transfer protocols is a must. In addition to encryption, you must also consider the
authentication and authorization to ensure IoT security.
3. Security of Cloud Storage : Data stored in the cloud is equally fragile as other parts of the loT
ecosystem. Your platform should be able to protect data stored in the cloud. Protection measures
include appropriate encryption, access control, and so on.
4. Update :Security vulnerabilities always exist no matter how much effort youpay to enhance your
product code and hardware. In this case, you must first have a plan to fix errors and quickly release
patches, instead of leaving the errors unfixed for a long period of time. Next, you must provide
customers with a direct and secure method to fix errors. Currently, it is popular to update online
devices over the air, but you must ensure that the above method itself will not become a security
vulnerability.
Regarding privacy, you must know that data collected by IoT devices are easily subject to restrictions on
laws and regulations. For example, a fitne_s tracker can collect a lot of user information, which is
protected by HIPAA in the United States. This means if you store this type of information on the cloud
server, the data must comply with related laws and regulations.
As a rule of thumb, you'd better anonymize customer data to avoidstoring personal identity information
in the cloud. This rule defends you against legal punishments when incidents occur.
A 6.9.3 Flexibility and Compatibility
As the loT pattern is continuously changing. you must ensure that your product can support future
technologies. However, it requires a balance between software and hardware when designing your
product
PPU-New Syllabus wefacademic year 21-22)(P5-35) Tech-Neo Publications..A SACHIN SHAH Venture
internet of "hings &Embedded Systems (SPPU-Sem.5-Comp) (Securityin loT)...Page no (6-19)
Devekoping dedicated hardware for your device helps your device achieve the optimum performance, but
may also restrict product update. On the other hand, selecting appropriate storage and computing
resources and operating systems (such as Linux, Brillo, or Windows loT) tailored for IoT may cause
degradation of performance, but it allows you to expand your device, use new functions, and fix bugs
using patches.
Some vendors may try to provide appropriate APls and SDKs whenever possible to allow the developing
personnel to add functions for their IoT devices. A good example is Amazon Echo. This IoT tool can
implement tke expansion in 1000 different directions using programming.
You must a.so consider compatibility when designing IoT products. Ensure that your loT device can get
seamlessly integrated with users' loT ecosystem, withost.increasingcomplexity or bringing any
setbacks to existing. experience. For. this reason, you need to consider both software and hardware.
An ideel situation is th¡t consumers should not be.fored to inastal a néw application just because they
purchasé a new smart device for their homes: Apple HomeKit and Samsung SmartThings are two
typicel examples, Both allow the developing persónnel to:provide new loT. functions for users in
environments that users are familiar with.
In addition to security and privacy, ýou müst 'also pYoperly plai how to process all collected data. You
must rst evaluate the amount 8f processedand colleted datato control'the size of your cloud storage
and m.eat your platferm requirements.
What iseven more important is how you are going
i
tÑ pYoceas the collecteddata. loT data is as precious
as gold, but it is useless if i t gets storede on your' server without getting properly processed. Therefore,
you ust figure out the skills and tools that can best, utilize ýour data. These tools include recruiting
data experts and adopting appropriate analysis. and machine learning to extract operable insight
information from the collected data.
IoT data car complete multiple practical functions; including 2 %
1. Supplement Existing Data: Most enterprises already håve extensivedata about their customers
before they migrate their services to föT: Integrating the existing data with data collected by loT
yi,nrtunties
devices can bring new business insights and more for generating revenues.
2. Analyze and Further Divide: Users Data collected by loT devices can alsg-tell you a lot of
infcrmalion aboat customers' preferences and characteristics. Analyzing and classifying loT data
can help enterprises better learn their customers' requirements and preferences, and enable them
to resolve related problems in a wiser manner.
3. Find Opportunities to Improve Products :Correct analysis of IoT data helps enterprises find
out functions that should and should not get added to products, and functions that should be
corrected to improve the production eficiency and ease-of-use. In this way, enterprises can add
appropriate functions to future products and update software accordingly.
UNIT
VI
End Sen
(SPPU-New Syllabus w.e.f academic year 21-22)(P5-35) a Tech-Neo Publications., ASACHIN SHAH Venture
(Security in loT)...Page no (6-20)
Internet of Things &Embedded Systems (SPPU-Sem.5-Comp)
>6.1o LIGHTWEIGHT CRYPTOGRAPHY
On the other hand, public key cryptography uses a secret key in decryptioni and a public key different
from the secret key in encryption, and it is quite difficult to guess the secret key from the public key.
The computational complexity of the public key cryptography is typically as high as more than 1,000
times that of the symmetric key cryptography, but this technology is used in sharing the secret key used
in symmetric key cryptography and the digital signature, thanks to the asymmetrical property.
With asystem such as a plant or car- control system, it may be possible to embed the secret keys shared
by the devices in advance. In such a case, secure and efficient data protection can be implemented using
symmetric key cryptography alone. On the other hand, with a system that performs encrypted
communications dynamically with unspecified parties such as an inter-vehicle communication system,
the use of public key cryptography is effective.
(SPPU-New Syllabus w.e.f academic year 21-22)(P5-35) Tech-Neo Publications.A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem 5-Comp) (Secunity in loT).Page no (6-21)
We tocus mainly on the symmetric key cryptography that can be widely applied to devices that are
functions such
Subject to severe resource restrictions. The symmetric kev cryptography consists of core
as block or stream ciphers (cryptographic primitives) and methods to apply the core function to a packet
called the block cipher mode of operation for encryption and/or authentication.
Fig. 6.10.1 shows an example of the block cipher mode of operation used for the authenticatin (called
CBC-MAC: cipher block chaining message authentication code). To render acryptography lightweight,
it is required to improve the efficiency of the block cipher mode of operation as well as the cryptographie
primitives.
1block
Data (Divided into blocks)
Block'n
Plain text Block1 Block 1
|Cipher text Authentication tag is sent together with data. ALthentication Tag|
The receiving party generates a tag similarly
and checkit to the received ta,
Block Cipher An example of message authentication: C8C
PRESENT is a block cipher regarded as being the precursor of lightweight cryptography. it was
published in 2007 and has been registered in ISO/IEC 29192. It has asmall circuit size thát enables
implementation in the RFID tag, which is not possible sing the standard AES encryption. The U.S.
National Security Agency (NSA) published lightweight block cipher SIMON/SPECK that features a
very small ROM size suitable to a constrained microprocessor (2013) and proposed its addition to
ISOEC 29192 with the aim of achieving international standardization.
Ablock cipher mode of operation that can achieve both encryption and message authentication is called
"authenticated encryption." Considering the importance of false data detection in loT, it is expected that
encryption willmean authenticated encryption in the future. Even 'when the same block cipher is used,
the efficiency and the security vary considerably depending on how it is implemenzed as an
authenticated encryption. There exist NIST-recommended authenticated encryptions called the AES.
CCM/GCM, but considering the importance of authenticated encryption and the progress in research,
next-generation authenticated encryptions of lighter weight and higher security are desirable. Under
these circumstances, an international authenticated encryption competition called CAESAR
(Competition for Authenticated Encryption: Security, Applicability, and Robustness) was started with
NIST's support in 2014 and there were 60 submissions. Candidates have been narrowed down every
year in accordance with the algorithm characteristics and functions, and the final selection will be
published by the end of 2017.
PIR
sensor
Email User
Inttuder Arduino Raspperry pi
Alarm
Fig. 6.11.1
In designing a systerm, the first step is to develop the architecture of the system. Firstly, the scenario of
possible intruder entry and how the warning informs need to be considered. The possible intruder
scenario can be seen in the "Arrival of Intruder" section in Fig. 6.11.1: In this research, we assume the
intruder to enter the house from the front door. As the intruders arrive/enter, the PIR Sensor located
near the front door detects the motion of the intruders. The PIR sensor reads every movement that
passes through the detection range of the PIR sensor, i.e., approximately 4-7 m. In the process of motion
detection, the system will read continuously until a movement is found.
Start
If there is a movement, then the system will activate the
camera. The generated images are then stored in the Movement
system directory. After the photo capture and storage detection
process, the system will activate the function for human No
No
detection. In human detection, we use the HOG and SVM Any
movement?
methods. Features of the photo are extracted using HOG Any
and then a classification of features is performed by using Yes people?
SVM. SVM matches the features of the photos with Take picture Yes
features in the dataset. If human presence is detected in
Active
the photo, then the system will activate the buzzer as an buzzer
alarm and send an email notification. If the-re is no People
detection
human presence detected in the picture, then the system
Send email
will re-read the movement or return to the initial process.
The complete systerm workflow is shown in Fig. 6.11.2.
End
SPPU New Syllabus wefacademic year 21-22)(P5-35) aTech-Neo Publications..A SACHIN SHAH Venture
Internet of Things &Embedded Systems (SPPU-Sem.5-Comp) (Security in loT)...Page no. (6-23)
6.11.2 Hardware Design
This section outlines the hardware design. The hardware design includes the selection of electronics
equipment and the integration of all of components. Fig. 6.11.3 shows the hardware design for our
security monitoring system. Meanwhile, the specifñcations of every component are presented in
Table 6.11.1. The number in Fig.6.11.3 corresponds to the order of component in Table 6.11.1.
For processing module, we use Raspberry Pi 3 model B. This board is equipped with wireless LAN
module for communication. Arduino is used to collect the signal from PIR sensor through jumper cable.
Arduino is connected to Raspberry Pi via USB cable. To capture the picture, USB webcam is mounted to
the Raspberry Pi 3 via USB cable.
To release warning, buzzer module is connected to Raspberry Pi 3 through GPIO port. The Raspberry Pi
3 is also connected to the internet so that the system has the ability to send an email notification.
Table 6.11.l : Hardware specification
No Name Description
1 PIR Sensor PIR Sensor for movement detection
3 Camera Using webcam camera USB 2.0 (Logitech c525) for take picture
4 Raspberry Pi Using Raspberry Pi 3 ModelB, ARM Cortex-A53 12 GHZ, 1GB RAM, 802.11n
3 wireless LAN. In this Raspberry Pi 3image processing has been installed
(OpenCV)
5 Buzzer Passive buzzr for alarm
(3-*
2 If pin := HIGH
Detect People detecton
3 If pirState := LOW movement
4 val := 1 User
<<extend>2 i<cextend>>
5 pirState := HIGH
6 Else Send email Acivate the a'arm
7. IF pirState := HIGH
8 val := 0
Fig. 6.11.4 :Use case diagram
9 pirState := LOW
10. End While
(SPPU-New Syllabus wef academic year 21-22)\(P5-35) a Tech-Neo Publications.A SACHIN SHAH Venture
Internet of Things& Embedded Systems (SPPU-Sem.5-Comp) (Security in lo)..Page no (6-25)
Start
Collect Conttast
Personnon normalize over
perdon Unear SVM iHOG's over
dassificaton -deteotion overlapping
.window spatial block
Start
l. PIR Sensor on Arduino : Programming for motion detection, using PIR sensor is performed on
Arduino IDE application. The source code is then embedded into Arduino by connecting the Arduino
with a computer using a USB cable and the programs are downloaded to Arduino.
2. Raspberry Pi 3
(a) Raspbian Stretching. OpenCV and Python : The operating system used for Raspberry Pi 3 is
Raspbian Stretch. This operating system can be downloaded on the official.Raspberry site. This
operating system operates on 32GB MicroSD. The type of MicroSD used is MicroSD Class 10 which
is commonly used on Android. smartphones After Raspbian Strech is installed, the applications
required on Raspberry Pi 3are OpenCV and Python to run HOG and SVM, For the computer vision
library, opencv 3.3.0, opencv_contrib and Python3.0 is used in this research.
(b) Camera : The webcam camera function uses the fswebcam library. Then the..sh file is created with
a program script.The resulting photo is 640 x 480 pixels and the FPS parameter 15. The purpose of
the low-resolution setting is toperform the photo process quickly, ie., less than 1 sec.
(c) Alarm:The Alarm function on the Raspberry Pi 3 already supports the
gpiozero pin interface.
Therefore, the alarm can be used immediately.
(d) E-mail : To send an emnail using SMTP, some configurations are conducted. In this study, two
emails with the Gmaíl domain ís utilized. The first e-mail address is
rpiserverxxx@gmail.com, used
as server initialization photo was obtained. The photo is stored .by the system in the
temporary
folder, namely directory /home/pi/Home Security/images.
Chapter Ends..
O00
UNI
End