ESTABLISHING SECURE IoT DEVICES CONNECTION

WITH WIREGUARD

A PROJECT REPORT

Submitted by

AHAMED SAMEER A (962220205006)

JERFIN A (962220205028)
RIJO PRAKASH M (962220205036)

in partial fulfillment for the award of the degree

of
BACHELOR OF TECHNOLOGY
IN
INFORMATION TECHNOLOGY

ST. XAVIER’S CATHOLIC COLLEGE OF ENGINEERING

(An Autonomous Institution)
Chunkankadai, Nagercoil – 629 003.

MAY 2024

ⅰ
St.XAVIER’S CATHOLIC COLLEGE OF ENGINEERING
(An Autonomous Institution)
Chunkankadai, Nagercoil – 629 003.

BONAFIDE CERTIFICATE
Certified that this project report “ESTABLISHING SECURE IoT DEVICES
CONNECTION WITH WIREGUARD” is the bonafide work of “AHAMED
SAMEER A (962220205006), JERFIN A (962220205028), RIJO PRAKASH M
(962220205036)” who carried out the project work under my supervision.

SIGNATURE SIGNATURE
Dr. G. Sahaya Stalin Jose, M.E, Dr. G. Sahaya Stalin Jose, M.E,
Ph.D Ph.D
HEAD OF THE DEPARTMENT SUPERVISOR
Assistant Professor Assistant Professor
Department of Information Department of Information
Technology Technology
St .Xavier’s Catholic College Of St .Xavier’s Catholic College Of
Engineering, Chunkankadai, Engineering, Chunkankadai,
Nagercoil-629003 Nagercoil-629003.

Submitted for Bachelor of Technology degree Project Work (IT8811) Viva-Voice held
at St.Xavier’s Catholic College Of Engineering on 06-05-2024

INTERNAL EXAMINER EXTERNAL EXAMINER

 ACKNOWLEDGEMENT

First of all, we praise the almighty God for this presence and abundant grace in
giving us knowledge, wisdom, and strength to take up this project and complete it on
time. We express our gratitude to our parents, who have been major contributors of
inspiration and encouragement to us throughout our careers.

Rev. Fr. Dr. M. Maria William, our Correspondent, deserves our heartfelt
gratitude for providing facilities that contributed to the successful completion of our
work. We also express sincere thanks to Dr. J. Maheswaran, M.E., Ph.D., our
Principal, for wholeheartedly encouraging us and providing spontaneous support
throughout the project, leading to its successful completion.

Dr. G. Sahaya Stalin Jose, M.E., Ph.D., our Head of the Department, we are
especially indebted to you for your keen support in enabling the successful completion
of our project work. Your guidance and assistance have been instrumental in our
achievements, and we express our heartfelt appreciation for your invaluable
contribution.

Dr. G. Sahaya Stalin Jose, M.E., Ph.D., our supervisor, we extend our gratitude
and thanks to you for providing us with innovative ideas and wholehearted
encouragement throughout the completion of our project. Your guidance and support
have been invaluable, and we appreciate your contributions to our success.

Dr. Suja A. Alex, M.E., Ph.D., Assistant Professor, and our project coordinator,
we convey our gratitude to you for your motivation and guidance. Additionally, we
would like to express our appreciation to all the other staff members of our department
for their timely suggestions, which were instrumental in completing our thesis.

Last but not least, we would like to thank our team members for their valuable
contributions to this project. We shall gratefully acknowledge all suggestions received
for further improvement in the project.
 ABSTRACT

The rapid growth of Internet of Things devices has brought unprecedented

convenience and efficiency to various domains, but it has also introduced significant
security challenges. Securing IoT device connections is essential to protecting
sensitive data and mitigate potential cyber threats. This Project explores the potential
of Wireguard, an emerging VPN protocol, that can provide efficient security tailored
for resource-constrained IoT systems. The comparison between Wireguard’s
performance against standard protocols such as OpenVPN and IPsec in a simulated
IoT environment. Compared to conventional VPN protocols, WireGuard has a number
of benefits, such as robust encryption, a lightweight architecture, and simple
deployment. This project shows how WireGuard is used in practice through a case
study on IoT device security. Sensitive data in ongoing projects may be transmitted
without encryption due to a lack of security considerations, making it susceptible to
interception and illegal access. WireGuard assists in preventing unwanted access by
creating secure tunnels between servers and IoT devices. With more testing,
Wireguard's ease of use and cheap overhead might make VPN adoption widely
available to protect IoT devices from assaults.
 TABLE OF CONTENTS

CHAPTER TITLE PAGE NO

ABSTRACT iii
LIST OF FIGURES
LIST OF TABLES
LIST OF ABBREVIATIONS

1 INTRODUCTION 00

1.1 Introduction
1.2 Cybersecurity
1.3 Problem Statement

2 LITERATURE REVIEW

2.1 Introduction
2.2 Literature Survey
2.2.1 “ A Security-Enabled Safety Assurance
Framework for IoT-Based Smart Homes”
2.2.2 “ A Survey on Cyber Security Threats in IoT
Enabled Maritime Industry”
2.2.3 “ ACKE: Asymmetric Computing Key Exchange
Protocol for IoT Environments”
2.2.4 “ Advances in IoT Security: Vulnerabilities,
Enabled Criminal Services, Attacks, and
Countermeasures”
2.2.5 “ Implementations of Integration Functions in IoT
Application Server Platform”
2.2.6 “ Design of Elixir-Based Edge Server for
Responsive IoT Applications”
 2.2.7 “ Wireguard: An Efficient Solution for Securing
IoT Device”
2.2.8 “ Detecting Vulnerability on IoT Device Firmware
A Survey”
2.2.9 “ Secure, Efficient, and Weighted Access Control
for Cloud-Assisted Industrial IoT”
2.2.10 “ Everything Under Control: Secure Data Sharing
Mechanism for Cloud-Edge Computing”
2.2.11 “ ChaCha, a variant of Salsa20”
2.2.12 “A Mechanised Cryptographic Proof of the
WireGuard Virtual Private Network Protocol”
2.2.13 “WireGuard: Next Generation Kernel Network
Tunnel”
2.2.14 “Formal Verification of the WireGuard Protocol”
2.2.15 “Fast, Small, and Area-Time Efficient
Architectures for Key-Exchange on Curve25519”
2.3 Conclusion

3 PROPOSED SYSTEM

3.1 Introduction 00
3.2 Existing System
3.2.1 Drawbacks of Existing System
3.3 Proposed System
3.4 Block Diagram
3.5 Proposed Method
3.5.1 Cloud Server
3.5.2 IoT Devices
3.5.3 Wireguard VPN Connections
3.5.4 VPN Tunnel
3.5.5 VPN Client
3.5.6 API for IoT Devices
3.5.7 Authentication Token
 3.6 Workflow
3.7 Benefits
3.8 Security Protocol
3.8.1 Noise Protocol Framework
3.8.2 Chacha20
3.8.3 Poly1305
3.8.4 Curve25519

4 COMPONENTS DESCRIPTION 00

4.1 Introduction
4.2 System Specification
4.2.1 Hardware Requirements
4.2.2 Software Requirements
4.2.3 Raspberry Pi
4.2.4 Application Programming Interface
4.2.5 Wireguard VPN Application

5 SYSTEM TESTING 00

5.1 Introduction
5.2 Testing Configuration
5.3 API Testing
5.4 Integration Testing
5.5 Security Testing

6 RESULT AND DISCUSSION 00

6.1 Result
6.2 Comparative Study
6.2.1 Virtual Private Networks (VPN) vs. SSL/TLS
7 CONCLUSION AND FUTURE WORK

7.1 Conclusion
7.2 Future Work

APPENEDICE 1
REFERENCES
 LIST OF FIGURES

FIGURE NO FIGURE NAME PAGE NO

3.1 Block Diagram 00

3.2 Flexible Authenticated and Confidential Channel 00

Establishment (fACCE): Analyzing the Noise
Protocol Framework

4.1 Raspberry Pi 00
5.1 Testing-To check user login 00
5.2 Testing-Generate access token
5.3 Testing-Add peer
6.1 Adding the public Key
 LIST OF TABLES

TABLE NO TABLE NAME PAGE NO

6.1 Comparison of TLS and VPN
 LIST OF ABBREVIATIONS

IoT Internet Of Things

VPN Virtual Private Network
SSL Secure Sockets Layer
TLS Transport Layer Security

HIPAA Health Insurance Portability and

Accountability Act
GDPR General Data Protection Regulation
IPsec Internet Protocol Security
ACKE Asymmetric Computing Key Exchange
Protocol
DDoS Distributed Denial-of-Service

L2TP Layer 2 Tunneling Protocol

TUN Network Tunneling

TAP Network TAP

AEAD Authenticated Encryption with

Associated Data
HKDK (HMAC)-based Key Derivation Functio

API Application Programming Interface

 CHAPTER 1

INTRODUCTION

1.1 INTRODUCTION

The proliferation of Internet of Things (IoT) devices has revolutionized various

industries, from smart homes to industrial automation. However, with this rapid
expansion comes significant security challenges. IoT devices often lack robust
security measures, making them vulnerable to cyber attacks. To address these
concerns, there is a growing need for secure communication protocols that can protect
sensitive data transmitted between IoT devices and servers. In the domain of
cybersecurity for IoT servers, the focus is on safeguarding the infrastructure and data
of interconnected devices from various threats and vulnerabilities. IoT servers play a
crucial role as central points for managing and coordinating communication between
IoT devices, making them prime targets for cyber attacks. To address this, robust
security measures are implemented to ensure the integrity, and confidentiality of data.
Encryption protocols such as SSL/TLS are commonly utilized to secure data
transmission between IoT devices and servers, preventing unauthorized access and
data interception. Access control mechanisms are also essential to restrict access to
sensitive resources and prevent unauthorized modifications. As IoT servers often
handle sensitive information, compliance with industry regulations and standards such
as GDPR, and HIPAA is crucial to ensure data protection and privacy. Furthermore,
secure firmware updates and patch management processes are employed to address
vulnerabilities and ensure the resilience of IoT server infrastructure against evolving
threats. Overall, cybersecurity in the domain of IoT servers is a multifaceted endeavor,
requiring a comprehensive approach that encompasses encryption, access control, and

ⅰ
compliance to safeguard IoT devices and the data they generate. One promising
solution is WireGuard, a modern and efficient VPN protocol designed for simplicity
and security. WireGuard offers several advantages over traditional VPN protocols,
including a lightweight codebase, strong encryption, and streamlined key exchange
mechanisms. This project explores the potential of WireGuard in enhance the security
of IoT device connections by establishing secure tunnels over the internet.
Wireguard is a new VPN protocol launched in 2017 by Jason A. Donenfeld.
Donenfeld’s goal was to improve on OpenVPN and IPsec. This VPN has been
welcomed for numerous reasons, listed as follows:
Wireguard, residing in the kernel, offers significant advantages for IoT security.
Its kernel-level implementation enhances performance by bypassing
resource-intensive processes in the userspace layer, making it power-efficient—a
crucial feature for battery-powered IoT devices. Moreover, Wireguard's small
codebase of just 3,800 lines ensures easy auditability, reducing the likelihood of
security flaws and minimizing the attack surface for hackers. The simplicity of
Wireguard is another key benefit; it's much easier to configure compared to other VPN
protocols like OpenVPN and IPsec. With predetermined encryption (ChaCha20),
authentication (Poly1305), and hashing (BLAKE2s), Wireguard streamlines setup
processes akin to SSH.
Beyond simplicity, Wireguard boasts better performance, a critical aspect of IoT
security. Its modern, lightweight design, coupled with its ease of auditing, promises
substantially improved performance over other VPN solutions. This is particularly
valuable for IoT deployments where efficiency is paramount. Additionally,
Wireguard's compatibility with mesh networks eliminates the need for a central server
device, reducing communication latency between nodes. In IoT environments where
devices often need to communicate quickly and independently, this capability is
invaluable, as it can halve the time required for node-to-node communication.
 In essence, Wireguard's presence in the kernel, coupled with its small codebase,
simplicity, and performance benefits, makes it a compelling choice for securing IoT
environments. Its efficient resource usage, combined with its ease of auditability and
configuration, addresses many of the challenges associated with securing
interconnected devices. Furthermore, its compatibility with mesh networks enhances
communication efficiency, crucial for IoT ecosystems where devices need to make
decisions autonomously. Overall, Wireguard represents a significant advancement in
VPN technology, offering a streamlined, efficient, and secure solution tailored to the
unique needs of IoT deployments.
One of the key features of WireGuard is its use of cryptography, including the
Noise protocol framework for key exchange and authenticated encryption.By using
the "least astonishment" approach, WireGuard attempts to offer the safest and most
secure default configuration settings without requiring the users to make difficult
configuration decisions.
Testing the most popular secure tunneling solutions available that can be
potentially used for securing IoT devices on the Internet. These include:
1. SSL/TLS protocols are cryptographic methods that ensure secure
communication over networks. They operate at the application layer, providing
encryption, authentication, and integrity verification for data exchange between
clients and servers. Widely used for securing web traffic, SSL/TLS protocols
offer simplicity and effectiveness, particularly in securing specific applications
such as web browsing.
2. Virtual Private Networks (VPNs) establish secure, encrypted connections
between client devices and remote servers. Operating at the network or
transport layer, they encrypt all transmitted data. Commonly employed for
remote access to private networks and safeguarding online privacy, VPNs offer
versatility and comprehensive protection for all network traffic beyond web
 browsing, making them an effective solution for securing IoT devices on the
Internet.

1.2 CYBER SECURITY

Cybersecurity in IoT security involves safeguarding interconnected devices

within diverse ecosystems and resource-constrained environments. Cybersecurity in a
growing technology landscape, particularly in an IoT server platform, is paramount
for ensuring the integrity, confidentiality, and availability of data and resources. As
IoT continues to expand, securing interconnected devices becomes increasingly
challenging due to the diverse range of devices, varying security levels, and potential
attack vectors. In an IoT server platform, where central coordination and data
management occur, robust cybersecurity measures are essential to prevent
unauthorized access, data breaches, and other malicious activities. Encryption
protocols such as SSL/TLS are commonly employed to secure data transmission,
while access control mechanisms restrict unauthorized access to sensitive resources.
Continuous monitoring and threat detection are vital to identifying and responding to
security incidents in real time, mitigating potential risks to the IoT ecosystem.
Compliance with industry regulations such as GDPR, HIPAA, is crucial to ensure
data protection and privacy, especially considering the sensitive information often
handled by IoT devices. Moreover, secure firmware updates and patch management
processes are essential to address vulnerabilities and ensure the resilience of IoT
server infrastructure against evolving threats. Embracing technologies like Wireguard,
with its kernel-level implementation and lightweight design, can greatly enhance
security while maintaining efficiency, making it an attractive option for IoT
deployments. Ultimately, effective cybersecurity in an IoT server platform requires a
comprehensive approach that encompasses encryption, access control, monitoring,
compliance, and proactive threat management to safeguard IoT devices and the data
they generate in a rapidly evolving technological landscape.

1.3 PROBLEM STATEMENT

The Internet of Things (IoT) is expanding, so it's extremely difficult to secure

billions of connected devices with different security configurations. Many of the IoT
ecosystem's expanding gadgets lack proper security measures, making them open to
online attacks. The risk increases with greater connection because a single
compromised device can put the network as a whole at risk. This vulnerability
highlights the importance of strong cybersecurity measures needed to protect against
unauthorized access and other malicious actions that can compromise the integrity and
functionality of the Internet of Things infrastructure. The dependability and security of
IoT ecosystems are seriously threatened by the possibility of exploitation with a single
erroneous network connection if proper security measures are not in place. This calls
for immediate attention and proactive steps to reduce risks.
 CHAPTER 2

LITERATURE REVIEW

2.1 INTRODUCTION

Enabling secure communication between devices connected to the internet is

becoming more and more important as the Internet of Things (IoT) grows. The
purpose of this literature review is to investigate how modern VPN protocols like
WireGuard can be used to create secure connections in Internet of Things applications.
Potential benefits for IoT security include WireGuard's minimal codebase, simplicity,
and kernel-level implementation. To assess WireGuard's efficiency, security features,
and suitability for safeguarding Internet of Things devices from cyber attacks, this
survey will look at previous studies and applications of the technology in IoT
environments. This study aims to provide insights about using WireGuard for secure
IoT device connectivity by synthesizing current knowledge.

2.2 LITERATURE SURVEY

2.2.1 “A Security-Enabled Safety Assurance Framework for IoT-Based

Smart Homes”

The article presents a comprehensive framework designed to ensure the safety

and security of Internet of Things (IoT)-based smart homes, addressing the unique
challenges posed by interconnected devices within residential settings. By focusing on
the specific difficulties inherent in managing linked gadgets in homes, the framework
aims to mitigate potential risks effectively. Key components of this framework include
robust authentication procedures, encryption standards, and real-time monitoring
systems. Strong authentication mechanisms help prevent unauthorized access to smart
home devices, while encryption ensures the privacy and integrity of data exchanged
between these devices. Real-time monitoring systems play a crucial role in detecting
and responding promptly to cyber threats, thereby safeguarding the physical safety of
occupants. By integrating these elements, the framework provides a comprehensive
approach to mitigate the risks associated with cyberattacks and ensure the overall
security of IoT-based smart homes. This proactive approach not only protects against
potential security breaches but also enhances the confidence of occupants in the
reliability and safety of their smart home systems. It provides comprehensive
coverage, integrating both aspects crucial for ensuring the reliability of smart home
systems amidst the proliferation of IoT devices. Challenges include potential
complexity in implementation and the necessity for rigorous real-world testing to
validate its efficacy and scalability. Nonetheless, its relevance and comprehensive
approach mark a significant contribution to the field.

2.2.2 “A Survey on Cyber Security Threats in IoT-Enabled Maritime

Industry”

With a focus on the marine industry, the survey explores the unique
cybersecurity issues brought on by the use of Internet of Things (IoT) technology. It
highlights the vulnerabilities in marine IoT systems and looks into possible entry
points of attack, such as hacking into ship systems or data breaches, which might
seriously compromise maritime operations. Maintaining safety and operational
integrity at sea in the marine environment necessitates a sophisticated comprehension
of the particular challenges associated with safeguarding maritime IoT devices. In
order to reduce these risks, the report highlights the significance of putting strong
defenses in place. Examples of these defenses include network segmentation, secure
communication protocols, and intrusion detection systems. While secure
communication protocols guarantee the security and integrity of data transferred
between IoT devices aboard ships, intrusion detection systems assist in identifying and
responding to malicious activity or unauthorized access attempts. Network
segmentation separates important systems from less secure components, reducing the
impact of security breaches. The marine industry can improve the resilience of its IoT
infrastructure and protect against potential attacks by addressing these cybersecurity
risks and putting in place the necessary defenses. This will eventually ensure the
safety and dependability of maritime operations.Its advantages lie in its
comprehensive examination of various threats faced by IoT-enabled maritime systems,
providing valuable insights for industry stakeholders. However, potential limitations
may include a lack of specific mitigation strategies tailored to the maritime context
and the need for further empirical validation of identified threats. Nevertheless, its
contribution in raising awareness and laying the groundwork for future research
makes it a significant resource in addressing cybersecurity concerns in maritime IoT
applications.

2.2.3 “ACKE: Asymmetric Computing Key Exchange Protocol for IoT

Environments”

This study addresses the limitations of devices with limited resources by

introducing a novel key exchange protocol tailored for Internet of Things (IoT)
contexts. Named ACKE, this protocol leverages lightweight cryptographic techniques
to establish secure communication channels between IoT devices and other network
entities. By utilizing lightweight cryptography, ACKE overcomes the resource
constraints typically associated with IoT devices, ensuring efficient and secure key
exchange processes. This protocol significantly enhances the overall security posture
of IoT ecosystems by providing a reliable and safe method for exchanging keys.
ACKE's ability to create secure channels of communication mitigates the risks of
unauthorized access, data interception, and tampering within IoT networks. Its
introduction marks a significant advancement in IoT security, offering a practical
solution to address the unique challenges posed by devices with limited resources.
Through the implementation of ACKE, IoT deployments can achieve improved
security without compromising performance, thereby enhancing the trustworthiness
and resilience of IoT systems in various application domains.Its advantages lie in the
innovative approach of leveraging asymmetric computing for secure key exchange,
promising enhanced resilience against common attacks such as key leakage or
brute-force attacks. However, potential drawbacks may include the complexity of
implementing asymmetric computing mechanisms in resource-constrained IoT
devices and the need for rigorous testing to validate the protocol's effectiveness and
scalability. Despite these challenges, ACKE represents a promising step towards
bolstering security in IoT environments, potentially paving the way for more robust
cryptographic solutions tailored to IoT constraints.

2.2.4 “Advances in IoT Security: Vulnerabilities, Enabled Criminal

Services, Attacks, and Countermeasures”

The paper offers a comprehensive summary of the latest developments in IoT

security, addressing the evolving cybersecurity risks posed to IoT networks and
devices. It discusses how the landscape of cyber threats is changing, making criminal
activities increasingly feasible due to vulnerabilities inherent in IoT systems. The
paper delves into various attack strategies employed by threat actors, ranging from
malware infections to distributed denial-of-service (DDoS) attacks, and emphasizes
the need for proactive security measures to counter these threats effectively.
Additionally, it highlights best practices and responses aimed at strengthening IoT
security defenses. These may include implementing secure authentication
mechanisms, regularly updating firmware and software patches, and adopting network
segmentation strategies to isolate critical assets from potential threats. By offering
insights into the dynamic nature of IoT security risks and providing practical guidance
on mitigation strategies, the paper contributes to enhancing the resilience and integrity
of IoT deployments in today's interconnected world.ts advantages include thorough
coverage of emerging threats and detailed discussion of countermeasures, serving as a
valuable resource for researchers, industry professionals, and policymakers. However,
potential limitations may stem from the rapidly evolving nature of IoT security,
necessitating frequent updates to keep pace with new vulnerabilities and attack
vectors. Despite this, the paper's contribution in raising awareness and providing
actionable insights makes it a valuable asset in fortifying IoT systems against
malicious actors.

2.2.5 “Implementations of Integration Functions in IoT Application Server

Platform”

This article delves into various strategies aimed at facilitating integration

functionalities crucial for seamless operation within IoT ecosystems, particularly
focusing on IoT application server platforms. It explores methods for efficient data
processing, device management, and interoperability to enable diverse IoT
applications and devices to coordinate and communicate effectively. By addressing
these integration challenges, the article seeks to enhance the overall efficiency and
functionality of IoT systems. Effective data processing techniques enable IoT
platforms to handle large volumes of data generated by interconnected devices,
ensuring timely and accurate insights for decision-making processes. Device
management strategies discussed in the article facilitate the efficient monitoring,
control, and maintenance of IoT devices, optimizing their performance and reliability.
Moreover, the emphasis on interoperability promotes seamless communication and
collaboration among different IoT applications and devices, enabling them to work
together harmoniously. The insights provided in this article are instrumental in guiding
the development and deployment of IoT solutions, fostering innovation and driving
the advancement of interconnected technologies across various industries.Advantages
include its potential to streamline the integration process, facilitating interoperability
among diverse IoT devices and services. Furthermore, the paper's focus on real-world
implementations provides concrete examples for developers and system architects to
reference. However, potential disadvantages may include a lack of exhaustive
coverage of integration challenges or specific use cases, limiting its applicability in
certain contexts. Nonetheless, its contribution in bridging the gap between theoretical
concepts and practical deployment enhances the understanding and implementation of
integration functions in IoT environments.

2.2.6 “Design of Elixir-Based Edge Server for Responsive IoT Applications”

This article explores the multiple strategies aimed at facilitating integration

functionalities crucial for seamless operation within IoT ecosystems, particularly
focusing on IoT application server platforms. It discusses methods for effective data
processing, device management, and interoperability to enable various IoT
applications and devices to coordinate and communicate with each other efficiently.
By addressing these integration challenges, the article aims to enhance the overall
functionality and efficiency of IoT systems. Effective data processing techniques
enable IoT platforms to handle the substantial volumes of data generated by
interconnected devices, ensuring timely and accurate insights for decision-making
processes. Device management strategies outlined in the article facilitate the efficient
monitoring, control, and maintenance of IoT devices, optimizing their performance
and reliability. Additionally, the focus on interoperability promotes seamless
communication and collaboration among different IoT applications and devices,
allowing them to work together seamlessly. The insights provided in this article are
instrumental in guiding the development and deployment of IoT solutions, fostering
innovation, and driving the advancement of interconnected technologies across
various industries. Advantages include the potential for high concurrency and fault
tolerance offered by Elixir's Erlang VM, enhancing scalability and reliability in edge
computing environments. Additionally, leveraging Elixir's functional programming
paradigm may simplify development and maintenance tasks. However, potential
drawbacks may include a learning curve for developers unfamiliar with Elixir or
limitations in ecosystem support compared to more established languages.
Nonetheless, the paper's contribution in exploring new avenues for edge server design
in IoT applications is noteworthy, offering potential benefits in performance and
responsiveness.

2.2.7 “Wireguard: An Efficient Solution for Securing IoT Device”

This article introduces a lightweight VPN protocol named Wireguard, aiming

to secure the communication of IoT devices effectively. It discusses how Wireguard
provides a reliable and efficient method to establish secure channels of
communication between IoT devices and backend systems, addressing key issues such
as authentication, encryption, and key management within IoT contexts. By focusing
on lightweight design principles, Wireguard offers a practical solution to the resource
constraints typically associated with IoT devices, ensuring efficient and secure
communication without compromising performance. The protocol's streamlined
approach to authentication and key exchange enhances the overall security posture of
IoT ecosystems, mitigating the risks of unauthorized access and data breaches.
Additionally, Wireguard's robust encryption mechanisms safeguard sensitive data
transmitted between IoT devices and backend systems, ensuring confidentiality and
integrity throughout the communication process. The insights provided by this article
are invaluable for IoT practitioners and developers seeking to implement secure
communication solutions in their deployments, ultimately contributing to the
advancement of IoT security standards and practices.Advantages include its
minimalistic design, which reduces code complexity and potential attack surface
compared to traditional VPN solutions, making it well-suited for resource-constrained
IoT environments. Additionally, WireGuard's efficient cryptographic algorithms
contribute to lower latency and overhead, crucial for maintaining responsiveness in
IoT applications. Moreover, its ease of configuration and integration could simplify
deployment across diverse IoT ecosystems. However, potential disadvantages may
arise from compatibility issues with legacy systems or devices lacking native support
for WireGuard. Additionally, while WireGuard offers strong security features,
thorough testing and validation are necessary to ensure its effectiveness in diverse IoT
use cases and resilience against emerging threats. Nonetheless, the paper's advocacy
for WireGuard as an IoT security solution underscores its potential to address pressing
cybersecurity concerns in IoT deployments.

2.2.8 “Detecting Vulnerability on IoT Device Firmware: A Survey”

This paper explores techniques aimed at ensuring the security of deployed IoT
devices by investigating methods for identifying vulnerabilities in their firmware. It
delves into various methodologies, including fuzzing, dynamic analysis, and static
analysis, to uncover security holes in firmware images effectively. By employing these
techniques, researchers and security professionals can comprehensively evaluate IoT
device firmware for potential weaknesses and vulnerabilities. The survey emphasizes
that understanding and addressing firmware issues are crucial for reducing potential
security risks for IoT device manufacturers and operators. Fuzzing, dynamic analysis,
and static analysis enable thorough examination of firmware code, helping to identify
vulnerabilities such as buffer overflows, injection flaws, and authentication bypasses.
By addressing these vulnerabilities proactively, manufacturers can enhance the
security posture of their IoT devices and mitigate the risk of exploitation by malicious
actors. Additionally, the survey underscores the importance of ongoing security
assessments and updates to firmware throughout the lifecycle of IoT devices to
maintain robust security measures. The insights provided by this survey offer valuable
guidance for stakeholders involved in IoT device development and deployment,
facilitating the adoption of best practices for firmware security and ultimately
contributing to the overall resilience of IoT ecosystems.Advantages include its
systematic review of various detection techniques, providing valuable insights for
researchers and practitioners involved in IoT security. Additionally, the survey's scope
encompasses a wide range of approaches, from static analysis to dynamic testing,
offering a holistic understanding of the landscape. However, potential limitations may
arise from the rapidly evolving nature of IoT technology, necessitating frequent
updates to reflect the latest advancements in firmware analysis. Nonetheless, the paper
serves as a valuable resource for enhancing the security posture of IoT devices
through proactive vulnerability detection measures.

2.2.9 “Secure, Efficient, and Weighted Access Control for Cloud-Assisted

Industrial IoT”

This work introduces an access control mechanism designed to uphold efficiency

and security in cloud-assisted environments, specifically targeting industrial Internet
of Things (IIoT) installations. It discusses methods for weighted and granular access
authorization management to address the diverse needs of IIoT applications. By
focusing on weighted access control, the mechanism ensures that different users or
devices have varying levels of access based on their roles and permissions within the
IIoT ecosystem. Granular access authorization further refines this control by allowing
administrators to specify precisely which resources or functionalities users or devices
can access. This approach enhances security by minimizing the risk of unauthorized
access to critical systems or data, while also optimizing efficiency by allowing
authorized users to access the necessary resources without unnecessary restrictions.
Additionally, the mechanism's suitability for cloud-assisted environments ensures
seamless integration with cloud services, facilitating the management of IoT
applications and data. The insights provided by this work offer valuable guidance for
implementing access control mechanisms in IIoT environments, enabling
organizations to maintain the balance between security and operational efficiency
essential for industrial applications.Advantages include its focus on security,
efficiency, and adaptability through weighted access control mechanisms, catering to
the specific needs of industrial IoT deployments. Additionally, the proposed solution
offers a balance between security and performance, crucial for maintaining operational
efficiency in industrial settings. However, potential disadvantages may include the
complexity of implementing weighted access control systems and the need for careful
tuning to optimize performance without compromising security. Nonetheless, the
paper's contribution in addressing access control challenges in industrial IoT
underscores its potential to enhance security and operational resilience in industrial
environments.

2.2.10 “Everything Under Control: Secure Data Sharing Mechanism for

Cloud-Edge Computing”
This study centers on secure data sharing protocols within cloud-edge
computing systems to facilitate seamless communication and cooperation between
cloud and edge devices. It emphasizes the importance of ensuring the integrity and
confidentiality of data transferred between these components. To achieve this, the
study introduces encryption and authentication methods tailored for cloud-edge
environments. These methods play a crucial role in safeguarding data during
transmission, mitigating the risks of unauthorized access, interception, and tampering.
By employing encryption techniques, sensitive data exchanged between cloud and
edge devices is rendered unreadable to unauthorized entities, ensuring confidentiality.
Authentication mechanisms, on the other hand, verify the identities of communicating
entities, preventing unauthorized access and ensuring the integrity of the
communication channel. The integration of these security measures not only protects
data but also establishes a trusted environment for collaboration between cloud and
edge devices. This facilitates efficient data sharing and processing, enabling seamless
integration of edge computing capabilities into cloud environments while maintaining
robust security standards. The insights provided by this study offer valuable guidance
for organizations seeking to deploy secure and efficient cloud-edge computing
solutions, contributing to the advancement of IoT and edge computing
technologies.Advantages include its holistic approach to addressing data sharing
challenges, ensuring security and privacy while optimizing resource utilization across
cloud and edge nodes. Additionally, the proposed mechanism offers a fine-grained
control over data access, enhancing data governance and compliance. However,
potential disadvantages may include the complexity of implementing and managing
the secure data sharing mechanism across heterogeneous cloud-edge environments,
requiring careful orchestration and integration efforts. Nonetheless, the paper's
contribution in enabling secure and efficient data sharing in cloud-edge computing
environments signifies its importance in advancing the capabilities of distributed
computing architectures.

2.2.11 “ChaCha, a variant of Salsa20”

This work introduces the cryptographic algorithm ChaCha, which is a variation
of the Salsa20 stream cipher, designed specifically for efficient encryption and
decryption, making it suitable for use with limited resources such as IoT devices. The
article covers the structure and functionality of the ChaCha algorithm, highlighting its
advantages over other options for IoT communication security. It explores how
ChaCha's efficient design allows it to perform well even on devices with constrained
processing and memory capabilities. Additionally, the article delves into ChaCha's
performance features, cryptographic attributes, and its potential uses in Internet of
Things security. By focusing on ChaCha's lightweight design and efficient
cryptographic operations, the article demonstrates how it addresses the unique
challenges of securing IoT communications while minimizing resource overhead.
ChaCha's suitability for IoT environments is underscored by its ability to provide
robust security without compromising the performance of connected devices. The
insights provided in this work offer valuable guidance for implementing secure
communication protocols in IoT deployments, enhancing the overall security posture
of IoT ecosystems.Advantages include its simplicity and versatility, making it easy to
implement across various platforms and applications. Additionally, ChaCha offers
excellent resistance against known cryptographic attacks, providing robust protection
for sensitive data. Its design also allows for efficient hardware implementations,
making it suitable for resource-constrained environments like IoT devices. However,
potential disadvantages may include the need for thorough analysis and validation to
ensure its security properties hold against emerging cryptographic attacks.
Nonetheless, ChaCha's balance of security and efficiency positions it as a valuable
tool for secure communication and data protection.

2.2.12 “A Mechanised Cryptographic Proof of the WireGuard Virtual

Private Network Protocol”
This study presents a mechanized cryptographic verification of the WireGuard
VPN protocol due to its effectiveness and security. The paper details the approach for
the cryptographic proof, highlighting its significance in building confidence in the
security of WireGuard-based VPN systems. By conducting a mechanized
cryptographic verification, the study aims to provide automated evidence that
reassures the accuracy and security of WireGuard. This reassurance is particularly
critical for WireGuard's application in delicate settings such as the Internet of Things
(IoT), where the security of communication channels is paramount. The automated
verification process ensures that WireGuard meets specified security properties,
verifying its resistance to various cryptographic attacks and ensuring the integrity of
data transmission. This verification process enhances trust in WireGuard's security
mechanisms, making it a reliable choice for protecting sensitive IoT data. The insights
provided in this study offer valuable assurance to stakeholders, including IoT
developers and users, regarding the robustness and effectiveness of WireGuard in
securing communications in IoT deployments.Advantages include its contribution to
establishing the protocol's security guarantees through rigorous mathematical
verification, enhancing confidence in its resilience against potential attacks. Moreover,
the mechanized proof offers insights into the protocol's design and implementation,
aiding in further refinement and optimization. However, potential drawbacks may
include the complexity of the formal verification process and the resources required
for its execution, which could limit its accessibility to researchers and developers
without specialized expertise or computational resources. Nonetheless, the paper's
contribution in bolstering the security assurance of WireGuard marks a significant step
forward in the field of VPN protocols.

2.2.13 "WireGuard: Next Generation Kernel Network Tunnel"

This paper explores the works across several key domains. Firstly, examining
existing VPN protocols like OpenVPN, IPSec, and L2TP/IPSec provides insights into
established design principles, performance metrics, and security features. In the realm
of kernel networking, studies on mechanisms such as netfilter/iptables and TUN/TAP
devices shed light on foundational components of network tunneling within the Linux
kernel. Concurrently, research on network security, cryptography, and secure
communication protocols offers a deeper understanding of the cryptographic
principles and security mechanisms underlying VPN solutions. Additionally,
investigations into performance optimization techniques, user experience
considerations, security analyses, and privacy-enhancing technologies provide
valuable context for assessing WireGuard's innovations and contributions within the
broader landscape of VPN technologies and network security solutions.Its streamlined
design enables easy deployment in resource-constrained environments, while kernel
integration ensures high performance with low latency. Modern cryptographic
algorithms and a principled design approach enhance security, reducing the attack
surface and bolstering resilience. However, challenges such as limited ecosystem
support, concerns around maturity and stability, and regulatory compliance
considerations may hinder widespread adoption. Nonetheless, WireGuard's notable
advantages position it as a compelling alternative for secure and efficient network
tunneling, offering potential solutions to contemporary VPN challenges.

2.2.14 "Formal Verification of the WireGuard Protocol"

This paper entails a comprehensive exploration of formal verification techniques
within the context of network protocols, VPNs, and specifically, the WireGuard
protocol. It begins by delving into the existing body of research surrounding formal
verification in network protocols, elucidating fundamental concepts and highlighting
seminal works in the field. This initial exploration provides a foundational
understanding of the challenges and opportunities inherent in applying formal
verification to complex network systems. Building upon this groundwork, the survey
progresses to examine prior research efforts focused on formal verification techniques
as applied to VPN protocols. It scrutinizes various methodologies and approaches
employed in these endeavors, emphasizing their relevance and efficacy in ensuring the
security and robustness of VPN implementations. Additionally, the survey
meticulously evaluates existing security analyses of WireGuard, scrutinizing findings
from audits and assessments to identify any potential vulnerabilities or areas of
concern. By synthesizing insights from these diverse sources, the survey facilitates a
nuanced understanding of the landscape surrounding formal verification within the
domain of VPNs, with particular emphasis on WireGuard. Furthermore, the survey
endeavors to contextualize formal verification efforts within the broader trajectory of
network security research, pinpointing gaps in existing knowledge and proposing
avenues for future investigation. In conclusion, the literature survey serves as a vital
framework for the subsequent formal verification endeavors undertaken in the paper,
offering valuable insights and setting the stage for rigorous analysis and validation of
the WireGuard protocol's security properties.

2.2.15 "Fast, Small, and Area-Time Efficient Architectures for

Key-Exchange on Curve25519”
This Paper entails a thorough exploration of existing research on
cryptographic key-exchange protocols, particularly focusing on implementations and
optimizations for Curve25519. It begins by examining foundational literature on
elliptic curve cryptography (ECC) and the Curve25519 curve, elucidating the
principles and properties that underpin its security and efficiency. Subsequently, the
survey delves into prior works that have proposed architectures and optimizations for
key-exchange protocols on Curve25519, analyzing their respective strengths and
limitations. It scrutinizes a range of methodologies, including hardware-based,
software-based, and hybrid approaches, highlighting advancements in terms of speed,
size, and resource efficiency. Additionally, the survey investigates recent
developments in the field, such as novel techniques for reducing area-time complexity
and improving performance in constrained environments. By synthesizing insights
from diverse sources, the literature survey aims to provide a comprehensive overview
of state-of-the-art techniques for implementing key-exchange on Curve25519, setting
the stage for the contributions and innovations presented in the paper.The paper offers
novel, efficient architectures for Curve25519-based key-exchange, enhancing
cryptographic performance and security. It addresses the demand for lightweight
designs in resource-constrained environments like IoT.The drawback of this paper
include Validation and practical implementation complexities may pose challenges.
Considerations regarding compatibility and overhead warrant careful assessment for
real-world deployment.

2.3 CONCLUSION

Conclusively, the review of the literature about cybersecurity risks in the

Internet of Things and associated protocols offers significant perspectives on the
difficulties and progress in creating safe connections for IoT devices, especially when
employing the WireGuard protocol. The assessed research identify different
cyberthreats that IoT-enabled devices must contend with and offer creative ways to
mitigate them. In a variety of fields, including the maritime sector, computing key
exchange protocols, firmware vulnerability detection, and cloud-assisted industrial
IoT, the report highlights the need of protecting IoT devices. It also looks at how well
WireGuard works to connect IoT devices in an efficient and secure manner.
Research like those conducted by Imran Ashraf et al. (2023) and Haseebullah
Jumakhan et al. (2024) highlights how critical it is to have safe protocols like
WireGuard in place in Internet of Things settings in order to reduce cyber dangers.
Additionally, studies conducted by Jason A. Donenfeld (2017) and Benjamin Lipp et
al. (2019) highlight the resilience and dependability of the WireGuard protocol, as
well as its effectiveness and formal verification.
The literature review as a whole highlights the vital role that secure protocols
like WireGuard play in defending IoT devices from cyberattacks and opening the door
for the future creation of more robust and secure IoT ecosystems.
 CHAPTER 3
PROPOSED SYSTEM

3.1 INTRODUCTION

Safeguarding the security and integrity of these interconnected devices is

crucial in an environment that is always changing and where IoT technology is
ingrained in numerous areas of daily life. Our technology provides a holistic approach
for safeguarding IoT platforms in various domains such as wearables, smart cities,
smart homes, and industrial machines. By utilizing sophisticated encryption,
authentication, and intrusion detection methods, our system offers a strong defense
against online threats, illegal access, and data losses. Our objective is to enable
individuals and organizations to fully utilize IoT technology while reducing the
dangers related to automation and connectivity through proactive security measures.

3.2 EXISTING SYSTEM

IoT devices commonly connect to a centralized server or cloud platform as

part of the current system's connecting procedure for IoT servers. The Internet of
Things device first connects to the server via a local network or via the internet.
Frequently, this link is built using protocols like MQTT or HTTP. When the device is
linked, it sends data—which might consist of sensor readings, status updates, or other
information—to the server. After processing this data, the server could give the device
instructions or notifications. However, this link is susceptible to a number of dangers,
including illegal access, data breaches, and manipulation of device performance, if
strong cybersecurity safeguards are not in place.
3.2.1 DRAWBACKS OF EXISTING SYSTEM

1. Lack of Security Measures: One of the major drawbacks is the absence of

robust cybersecurity measures, making IoT devices vulnerable to various attacks such
as unauthorized access, data breaches, and manipulation of device functionality.

2. Limited Scalability: The system may struggle to accommodate a large number of

IoT devices, leading to scalability issues as the number of connected devices
increases.

3. Potential for Downtime:Without proper redundancy and failover mechanisms,

the system may experience downtime, disrupting communication between IoT devices
and the server.

4. Data Privacy Concerns:The lack of encryption and authentication mechanisms

raises concerns about data privacy, as sensitive information transmitted between IoT
devices and the server may be intercepted or compromised.

5. Dependence on Internet Connectivity: The system's reliance on internet

connectivity introduces a single point of failure, as disruptions in internet service can
disrupt communication between IoT devices and the server.

6. Complexity and Maintenance: Managing and maintaining the system,

including updating firmware and ensuring compatibility with new security protocols,
can be complex and time-consuming.
3.3 PROPOSED SYSTEM

This project seeks to solve the security issues raised by the increasing
development of Internet of Things (IoT) devices by investigating the potential of
WireGuard, a developing VPN protocol. IoT system connection security is essential
for protecting sensitive data and avoiding potential cyberattacks. This study assesses
the efficacy and performance of WireGuard in a simulated Internet of Things
environment by comparing it with industry standards such as IPsec and OpenVPN.
Because WireGuard has strong encryption, a lightweight design, and an easy
deployment process compared to traditional VPN protocols, it is particularly suitable
for Internet of Things devices with a limited amount of resources.This project seeks to
solve the safety concerns created by the increasing development of Internet of Things
(IoT) devices by exploring the potential of WireGuard, a developing VPN protocol.
IoT system connection security is crucial for protecting sensitive data and avoiding
potential cyberattacks. This study assesses the efficacy and performance of WireGuard
in a simulated Internet of Things environment by comparing it with industry standards
such as IPsec and OpenVPN. Because WireGuard has strong encryption, a lightweight
design, and an easy deployment process compared to traditional VPN protocols, it is
particularly suitable for Internet of Things devices with a limited number of resources.
This project explores the potential of WireGuard, an emerging VPN protocol, to
address the security challenges faced by the rapid growth of Internet of Things (IoT)
devices. Specifically, WireGuard's security protocols, including chacha, Poly, etc., are
utilized to secure connections in IoT systems, ensuring the protection of sensitive data
and mitigation of cyber threats. By obtaining a public IP from the IoT devices,
WireGuard facilitates secure connections with verified user access. Through a
comparative analysis with standard protocols like OpenVPN and IPsec in a simulated
IoT environment, the project evaluates WireGuard's performance and effectiveness.
WireGuard stands out with its robust encryption, lightweight architecture, and simple
deployment, making it ideal for resource-constrained IoT systems. WireGuard's
scalability and compatibility with diverse IoT device architectures, including its
integration with various IoT platforms, operating systems, and communication
protocols commonly used in IoT environments. Additionally, the project aims to
provide insights into the potential cost savings and efficiency gains associated with
adopting WireGuard for IoT security. By leveraging its lightweight architecture and
streamlined configuration, WireGuard offers a cost-effective solution that minimizes
overhead while maximizing security.
In general, it contributes to the existing collection of research on IoT ecosystem
security and promotes the use of strong but effective security methods to safeguard
private information and guarantee the integrity of IoT systems throughout a range of
industries.

3.3.1 WEB APPLICATION

User authentication, user administration, and device management are just a few
of the crucial features included in the web application that was created for this project.
Through the registration procedure, users may establish an account, and then safely
log in using their login information. Users may add and remove peers from their IoT
device network among other features once they are signed in. In addition to
configuring connections and keeping an eye on the condition of their devices, they
may examine and manage their list of peers. To guarantee that each user may only
access and manage their own devices and connections, the program also offers user
access control. All things considered, the program provides a thorough framework for
safely controlling IoT devices and their interactions with WireGuard
Fig:3.1: Web page to connect device

Fig:3.1: login page

3.4 BLOCK DIAGRAM

The Fig.3.1 shows the block diagram for Establishing Secure IoT Devices
Connection with WireGuard and web application, illustrating the interconnection and
flow of data among the different components of the system.

Fig 3.1

3.5 PROPOSED METHOD

3.5.1 Cloud Server

A cloud-based server devoted to overseeing safe communication with Internet
of Things devices is a characteristic of the suggested solution. The center hub is this
server, which hosts the VPN program WireGuard, which makes VPN connections
easier with IoT devices. The server, which is specifically made to handle large
amounts of incoming connections, protects data transfer security between IoT devices
and the cloud. The system creates encrypted tunnels using WireGuard VPN
technology to protect critical data from attacks and unwanted access. This sturdy
architecture offers flexibility and efficiency to meet the various demands of IoT
deployments, supplying a dependable framework for controlling and safeguarding
communication in IoT environments.

3.5.2 IoT Devices

IoT devices are identified in the proposed system as the network's endpoints,
and each one is outfitted with WireGuard VPN software to create secure connections
with the cloud server. These gadgets consist of a range of parts, including sensors,
actuators, and controllers, placed in various settings. For encrypted data transfer and
safe command reception, every Internet of Things device establishes a secure
connection with the cloud server. Reliable data exchange and remote control features
are made possible by this configuration, which facilitates smooth connectivity
between the cloud server and IoT devices. These Internet of Things (IoT) devices,
whether placed in commercial, industrial, or domestic environments, uphold secure
connections to the central server, guaranteeing the security and integrity of data
transferred.

3.5.3 WireGuard VPN Connections

IoT devices are identified in the proposed system as the network's endpoints,
and each one is outfitted with WireGuard VPN software to create secure connections
with the cloud server. These gadgets consist of a range of parts, including sensors,
actuators, and controllers, placed in various settings. For encrypted data transfer and
safe command reception, every Internet of Things device establishes a secure
connection with the cloud server. Reliable data exchange and remote control features
are made possible by this configuration, which facilitates smooth connectivity
between the cloud server and IoT devices. These Internet of Things (IoT) devices,
whether placed in commercial, industrial, or domestic environments, uphold secure
connections to the central server, guaranteeing the security and integrity of data
transferred.

3.5.4 VPN Tunnel

The foundation of the suggested solution is the VPN tunnel, which stands for
the carefully crafted encrypted communication connection between the cloud server
and IoT devices. By acting as a virtual conduit, this tunnel encloses all data sent
between the devices and the server in many levels of strong encryption. By use of this
technique, the tunnel ensures that sensitive information is kept away from prying eyes
and malevolent actors while also protecting the confidentiality and integrity of the sent
data. The VPN tunnel successfully protects the exchanged data from potential dangers
or vulnerabilities present in the network environment by creating a secure conduit for
data transmission. To put it simply, the VPN tunnel acts as a safe passageway for data
traveling between the cloud server and Internet of Things devices.

3.5.5 VPN Client

In the proposed approach, the cloud server becomes the VPN client and is
responsible for encrypting outgoing data before sending it to IoT devices. This crucial
position entails overseeing encryption keys and planning the creation and upkeep of
VPN tunnels with the devices. The cloud server strengthens security measures by
controlling encryption keys, which guarantee that only authorized parties have the
credentials needed to decrypt the transferred data. Furthermore, the VPN client
actively manages the creation and upkeep of VPN tunnels, guaranteeing that
connections are always dependable and safe. By taking preventative measures, the
danger of illegal access or data breaches during transmission is reduced. Overall, the
VPN client on the cloud server plays a crucial role in guaranteeing the security and
integrity of data sent from the server to IoT devices, maintaining a high level of
encryption and protection throughout the transmission process.

3.5.6 API for IoT Devices

As a central interface for interacting with IoT devices, the proposed system
includes a specific API hosted on the cloud server. With the help of this API, users can
safely transmit instructions, get data, and administer and monitor IoT devices with
ease. Thanks to its standardized interface, users may easily connect IoT devices to a
variety of applications and services by gaining access to the API. Through the use of
well-known programming paradigms, this standardized solution simplifies the
integration process and allows developers to communicate with IoT devices. In
addition, the API guarantees safe connectivity with IoT devices by ensuring tampering
or unwanted access to device data. All things considered, the addition of this specific
API improves the system's adaptability, scalability, and interoperability and makes it
easier to integrate and manage IoT devices in a variety of settings and applications.

3.5.7 Authentication Token

The proposed system relies heavily on authentication tokens, which are used to
authenticate users and provide access to the API for managing Internet of Things
devices. Through a secure login process, users get tokens, which subsequently permit
particular operations like adding, uninstalling, or changing device specifications. Only
authorized users will be able to access and control the IoT devices within the system
thanks to this token-based authentication mechanism. Users are granted access to the
API through the presentation of distinct and cryptographically secure tokens, which
serves to enforce access control restrictions and reduce the likelihood of unwanted
access or data breaches. All things considered, the authentication token system
strengthens the integrity and confidentiality of the system's operations by adding a
further layer of protection.

3.6 WORKFLOW

1. Setup WireGuard VPN on the Cloud Server and IoT Devices:

To provide a secure communication foundation, the first step in the setup process is to
configure the cloud server to host the WireGuard VPN software. Subsequently, each
IoT device has WireGuard VPN software installed and configured on it, allowing it to
connect to the cloud server securely. By using this configuration, a secure VPN
connection is made between the cloud server and Internet of Things devices, creating
a network architecture that is secured. Because every communication between the
server and devices is encrypted, these connections guarantee the secrecy and integrity
of data transmission. The solution protects sensitive data from potential threats by
configuring, installing, and establishing these secure connections. This paves the way
for dependable and secure communication between the cloud server and IoT devices.

2. Hiding Private IPs and Establishing VPN Connections:

By creating VPN connections, the cloud server and IoT devices both hide their real
IP addresses and guarantee safe communication. By encrypting all data sent between
the devices and the server, these VPN connections improve security and privacy. The
system guards against potential hazards like eavesdropping and unwanted access by
encrypting data and masking private IP addresses. This maintains the confidentiality
and security of sensitive data while it is being transmitted, strengthening the
protection against cyberattacks and preserving the integrity of IoT connectivity.
3. Creating a VPN Tunnel:
By establishing a secure tunnel, the VPN connections between the cloud server and
IoT devices guarantee that all data transferred between them travels via an encrypted
channel. The data is protected by this tunnel against potential threats, tampering,
interception, and illegal access. The technology provides a strong defense against
cyber risks in Internet of Things communication by encapsulating data within the
secure tunnel and guaranteeing the confidentiality and integrity of the sent
information.

4. Data Encryption by VPN Client:

To ensure that all data transferred from the server is securely secured during the
transmission process, the VPN client installed on the cloud server encrypts outgoing
data before transmission. The VPN client ensures the security and integrity of the
transferred data by encrypting it, shielding it from illegal access or interception.
Sensitive data is protected throughout network transmission thanks to this encryption
process, which also adds an extra degree of security to interactions between cloud
servers and Internet of Things devices.

5. Using a Dedicated API on the Cloud Server:

To enable communication with IoT devices, a specialized API is installed on the
cloud server. This API acts as a central interface for controlling device connections
and retrieving data. Users are able to retrieve generated IP addresses and manage
connections to several devices at once thanks to this API, which facilitates smooth
communication between the cloud server and IoT devices. Through the usage of the
API, users may securely transmit commands, access sensor data, and monitor device
status, all of which streamline device management activities and improve system
performance.

6. Getting Authentication Token for Device Management:

In order to get authentication tokens, which allow them to add numerous devices
simultaneously through the API, users must authenticate themselves to the cloud
server. By acting as digital credentials, these tokens guarantee safe device
management and system access control. Users can safely send commands, obtain data,
check the status of IoT devices, and manage them effectively by authenticating with
the cloud server. By strictly limiting access to device management features and
preventing unauthorized users from changing device configurations or gaining access
to critical data, the usage of authentication tokens enhances security.

7. Connecting IoT Devices and Managing Them:

the application of APIs and authentication tokens to simplify device management
duties and secure Internet of Things devices. To securely link Internet of Things (IoT)
devices to cloud servers and guarantee that only authorized users may access and
interact with the devices, authentication tokens are essential. By blocking potential
cyber threats and unauthorized access, this improves the system's overall security.
Furthermore, the API offers an easy-to-use interface for controlling Internet of Things
devices, making it possible to do operations like securely transmitting commands,
receiving data, and monitoring device status. enables users to quickly add, remove, or
change device configurations as needed, improving the scalability and flexibility of
the system. All things considered, the combination of APIs and authentication tokens
marks a substantial improvement in Internet of Things security and administration,
enabling safe communication between devices and cloud servers.
By following this workflow, the setup ensures secure communication between the
cloud server and IoT devices while allowing efficient management and integration of
multiple devices through a centralized API interface.

3.7 BENEFITS

1. Enhanced Security and Integrity:

The system ensures the security and integrity of IoT communication by
encrypting data and establishing secure VPN connections. This protects sensitive data
from unauthorized access or interception, mitigating the risk of data breaches and
ensuring the confidentiality of information exchanged between devices and the cloud
server.

2. Scalability and Efficiency:

The system provides a scalable and efficient solution for managing IoT
devices in various environments. With WireGuard VPN technology and a centralized
cloud server, the system can accommodate a large number of devices and handle high
volumes of data traffic without sacrificing performance. This scalability ensures that
the system can grow to meet the needs of expanding IoT deployments.

3. Simplified Integration:
The system simplifies the integration of IoT devices into applications and
services through a standardized API interface. This allows developers to easily access
and interact with IoT devices using familiar programming paradigms, reducing
development time and effort. The standardized API interface also promotes
interoperability and compatibility across different devices and platforms.
4. Efficient Device Management:
Users can securely authenticate and manage multiple IoT devices
simultaneously through the system's authentication token mechanism and API
interface. This enables efficient device management, allowing users to monitor device
status, retrieve data, and send commands securely from a centralized location. By
streamlining device management tasks, the system improves operational efficiency
and enhances overall productivity.

3.8 SECURITY PROTOCOL

The intriguing Diffie-Hellman authenticated key exchange protocol used by the

secure network tunnel WireGuard is based on NoiseIK and was specially designed to
meet its particular operating needs. The security features of this key exchange are
listed in this project, after which the formal verification of these features is
investigated. An officially validated, secure network tunnel protocol is the ultimate
product.
Using cutting-edge protocols like the Noise protocol framework, Curve25519,
ChaCha20, Poly1305, BLAKE2, SipHash24, HKDF, and safely trusted constructs,
WireGuard makes use of cutting-edge encryption. Strong encryption, authentication,
and data consistency are all guaranteed by these cryptographic approaches when data
is being transmitted across VPN tunnels. Cryptographers have carefully examined and
scrutinized WireGuard, confirming its security and dependability through prudent and
sensible design decisions. These cryptographic building blocks, together with
stringent review procedures, position WireGuard as a reliable and extremely safe VPN
protocol that can be used to protect sensitive data in a variety of contexts, including
Internet of Things communication.
3.8.1 NOISE PROTOCOL FRAMEWORK

The Noise Protocol Framework (hereafter referred to as “Noise”) is a

specification that describes a framework with which two party channel establishment
protocols can easily be instantiated for multiple purposes. The core of the framework
is represented by the definition of 15 base protocol patterns. Each of these patterns
employs only four underlying cryptographic primitives: a Diffie-Hellman group, a
hash function, a key derivation function, and an AEAD cipher. Depending on how
these cryptographic primitives are combined, the channel establishment protocols
achieve different cryptographic properties. The main properties are: 1.Authentication
and integrity, 2.Key compromise impersonation resistance, 3.Forward-secrecy, and
4.Resistance against replay attacks. Another interesting security property that is
achieved by the protocols, but not explicitly claimed, is 5.Resistance against reveals of
executions’ random coins
The 15 patterns mainly differ in the setup in which they can be deployed. There
are patterns that do not require the initial distribution of users’ long-term public keys
and patterns that are based on the previous distribution of users’ public keys. The
out-of-band mechanism for public-key distribution is outside the scope of the
specification, but one can imagine scenarios in which these keys are manually
configured, can be acquired from a trusted third party, or are shipped with the
respective application that uses Noise.
While historic protocols strictly separated key establishment and channel, recent
specifications also allow these phases to be interleaved. This allows the early
transmission of payload data but results in reduced and perhaps staged levels of
security for this data. The Noise specification provides a detailed description of
security properties for the data transmission in each roundtrip of the handshake and
for the channel of each pattern.Implementation Assumptions. The Noise specification
provides suggestions for some implementation details (but does not mandatorily
require them).Furthermore, we do not consider the associated data input on sending
and receiving payload after the handshake. As our syntax intentionally makes no
difference between handshake and channel, we cannot consider this additional feature
of the Noise channel, as it is not provided during the handshake. Finally, we assume
the protocols to output information on the current level of security .

Fig 3.2

3.8.2 ChaCha20
The ChaCha20 cipher. This is a high-speed cipher first described in [ChaCha].
It is considerably faster than AES in software-only implementations, making it around
three times as fast on platforms that lack specialized AES hardware. See Appendix B
for some hard numbers. ChaCha20 is also not sensitive to timing attacks .
ChaCha20 is a stream cipher designed by D. J. Bernstein. It is a refinement of the
Salsa20 algorithm, and it uses a 256-bit key. ChaCha20 successively calls the
ChaCha20 block function, with the same key and nonce, and with successively
increasing block counter parameters. ChaCha20 then serializes the resulting state by
writing the numbers in little-endian order, creating a keystream block. Concatenating
the keystream blocks from the successive blocks forms a keystream. The ChaCha20
function then performs an XOR of this keystream with the plaintext. Alternatively,
each keystream block can be XORed with a plaintext block before proceeding to
create the next block, saving some memory. There is no requirement for the plaintext
to be an integral multiple of 512 bits. If there is an extra keystream from the last
block, it is discarded. Specific protocols may require that the plaintext and ciphertext
have a certain length. Such protocols need to specify how the plaintext is padded and
how much padding it receives. The inputs to ChaCha20 are:
● A 256-bit key
● A 32-bit initial counter. This can be set to any number, but will usually be zero
or one. It makes sense to use one if we use the zero block for something else,
such as generating a one-time authenticator key as part of an AEAD algorithm.
● A 96-bit nonce. In some protocols, this is known as the Initialization Vector.
● An arbitrary-length plaintext The output is an encrypted message, or
"ciphertext", of the same length.

3.8.3 POLY1305

The Poly1305 authenticator. This is a high-speed message authentication code.

Implementation is also straightforward and easy to get right.
Poly1305 is a one-time authenticator designed by D. J. Bernstein. Poly1305
takes a 32-byte one-time key and a message and produces a 16-byte tag. This tag is
used to authenticate the message. The original article ([Poly1305]) is titled "The
Poly1305-AES message-authentication code", and the MAC function there requires a
128-bit AES key, a 128-bit "additional key", and a 128-bit (non- secret) nonce. AES is
used there for encrypting the nonce, so as to get a unique (and secret) 128-bit string,
but as the paper states, "There is nothing special about AES here. One can replace
AES with an arbitrary keyed function from an arbitrary set of nonces to 16-byte
strings." Regardless of how the key is generated, the key is partitioned into two parts,
called "r" and "s". The pair (r,s) should be unique, and MUST be unpredictable for
each invocation (that is why it was originally obtained by encrypting a nonce), while
"r" MAY be constant, but needs to be modified as follows before being used: ("r" is
treated as a 16-octet little-endian number): o r[3], r[7], r[11], and r[15] are required to
have their top four bits clear (be smaller than 16) o r[4], r[8], and r[12] are required to
have their bottom two bits clear (be divisible by 4)
Poly1305 Example and Test Vector:
For our example, we will dispense with generating the one-time key
using AES, and assume that we got the following keying material:
● Key Material: 85:d6:be:78:57:55:6d:33:7f:44:52:fe:42:d5:06:a8:01:0
3:80:8a:fb:0d:b2:fd:4a:bf:f6:af:41:49:f5:1b
● s as an octet string:01:03:80:8a:fb:0d:b2:fd:4a:bf:f6:af:41:49:f5:1b
● s as a 128-bit number: 1bf54941aff6bf4afdb20dfb8a800301
● r before clamping: 85:d6:be:78:57:55:6d:33:7f:44:52:fe:42:d5:06:a8
● Clamped r as a number: 806d5400e52447c036d555408bed685
For our message, we’ll use a short text:
Message to be Authenticated:
000 43 72 79 70 74 6f 67 72 61 70 68 69 63 20 46 6f Cryptographic Fo
016 72 75 6d 20 52 65 73 65 61 72 63 68 20 47 72 6f rum Research Gro
032 75 70 up
Since Poly1305 works in 16-byte chunks, the 34-byte message divides
into three blocks. In the following calculation, "Acc" denotes the
accumulator and "Block" the current block:

Block #1
Acc = 00
Block = 6f4620636968706172676f7470797243
Block with 0x01 byte = 016f4620636968706172676f7470797243
Acc + block = 016f4620636968706172676f7470797243
(Acc+Block) * r =
b83fe991ca66800489155dcd69e8426ba2779453994ac90ed284034da565ecf
Acc = ((Acc+Block)*r) % P = 2c88c77849d64ae9147ddeb88e69c83fc

Block #2
Acc = 2c88c77849d64ae9147ddeb88e69c83fc
Block = 6f7247206863726165736552206d7572
Block with 0x01 byte = 016f7247206863726165736552206d7572
Acc + block = 437febea505c820f2ad5150db0709f96e
(Acc+Block) * r =
21dcc992d0c659ba4036f65bb7f88562ae59b32c2b3b8f7efc8b00f78e548a26
Acc = ((Acc+Block)*r) % P = 2d8adaf23b0337fa7cccfb4ea344b30de
Last Block
Acc = 2d8adaf23b0337fa7cccfb4ea344b30de
Block = 7075
Block with 0x01 byte = 017075
Acc + block = 2d8adaf23b0337fa7cccfb4ea344ca153
(Acc + Block) * r =
16d8e08a0f3fe1de4fe4a15486aca7a270a29f1e6c849221e4a6798b8e45321f
((Acc + Block) * r) % P = 28d31b7caff946c77c8844335369d03a7
Adding s, we get this number, and serialize if to get the tag:
Acc + s = 2a927010caf8b2bc2c6365130c11d06a8
Tag: a8:06:1d:c1:30:51:36:c6:c2:2b:8b:af:0c:01:27:a9
3.8.4 CURVE25519

Curve25519, a widely used elliptic curve cryptography algorithm, employs the

Diffie-Hellman key exchange protocol for secure key establishment. In this protocol,
two parties, Alice and Bob, exchange public keys over an insecure channel to
establish a shared secret key without exposing it to eavesdroppers.
First, Alice generates her secret key, which is a random value \( a \), and
computes her public key as \( A = a \times G \), where \( G \) is a base point on the
elliptic curve. Similarly, Bob generates his secret key \( b \) and computes his public
key \( B = b \times G \).
Once both parties have their respective public keys, they exchange them over
the insecure channel. Alice receives Bob's public key \( B \), and Bob receives Alice's
public key \( A \).
Then, Alice computes the shared secret key as \( S = a \times B \), and Bob
computes the shared secret key as \( S = b \times A \). Since scalar multiplication in
elliptic curve cryptography is commutative, both parties will arrive at the same shared
secret key \( S \).
The shared secret key \( S \) can then be used as the encryption key for
symmetric encryption algorithms or as a session key for secure communication
between Alice and Bob. Importantly, even if an eavesdropper intercepts the public
keys exchanged between Alice and Bob, they cannot compute the shared secret key
without knowing one of the private keys \( a \) or \( b \), as solving the discrete
logarithm problem on Curve25519 is computationally infeasible.
The use of Curve25519 in the Diffie-Hellman key exchange protocol provides a
secure and efficient means of establishing a shared secret key between two parties,
making it a fundamental component of many cryptographic protocols and
applications.
 CHAPTER 4
COMPONENTS DESCRIPTION

4.1 INTRODUCTION

Components Description of Establishing Secure IoT Device Connections with

WireGuard. The advancement of technology has paved the way for innovative
solutions in various fields, including public transportation. One such solution is the
development of IoT devices, which utilize the web application and the WireGuard
VPN application to monitor and manage the server in real-time.

4.2 SYSTEM SPECIFICATION

System requirements serve as the foundation for any software or hardware
deployment, outlining the necessary specifications and capabilities needed to
effectively run a particular system. These requirements encompass various aspects,
such as hardware specifications, software dependencies, and network infrastructure, to
ensure optimal performance and compatibility. By defining clear and comprehensive
system requirements, stakeholders can effectively plan, design, and implement
solutions that meet the needs and expectations of users while minimizing risks and
potential issues. In this context, system requirements provide a roadmap for
development, deployment, and maintenance, guiding the entire lifecycle of a system
from conception to operation.
4.2.1 HARDWARE REQUIREMENTS

CPU Type : Intel i5

RAM Size : 4GB or 8GB
Minimum Space Required : 8GB
Cable : HDMI to Micro HDMI Cable

4.2.2 SOFTWARE REQUIREMENTS

Operating System : Linux OS

Front End : ReactJS

Back end : NodeJS

Data base : MongoDB

Application : WireGuard VPN

Testing : Postman Application

4.2.3 RASPBERRY PI
The Raspberry Pi comes with several key specifications, including a Broadcom
BCM2711 quad-core Cortex-A72 (ARM v8) 64-bit System-on-Chip (SoC) running at
1.8GHz. It is equipped with 4GB of LPDDR4-3200 SDRAM and features Bluetooth
5.0, BLE, and Gigabit Ethernet for connectivity. The device also includes 2 USB 3.0
ports and 2 USB 2.0 ports for peripheral connectivity, along with 2 micro-HDMI ports
for display output. Additionally, it features a 2-lane MIPI DSI display port, a 2-lane
MIPI CSI camera port, and a 4-pole stereo audio and composite video port. The
Raspberry Pi also includes a micro-SD card slot for storage expansion and can be
powered via a 5V DC supply through either the USB-C connector or the GPIO header,
with a minimum requirement of 3A. Furthermore, it supports Power over Ethernet
(PoE) for convenient power delivery. These specifications make the Raspberry Pi a
versatile and powerful platform for various projects and applications.

Fig 4.1
4.2.4 APPLICATION PROGRAMING INTERFACE
Web applications require APIs because they make it possible for various
software systems and services to interface and communicate with one another
seamlessly. Web applications do not need to comprehend the internal workings of
external sources, such as databases, third-party services, or other apps, in order to
access and utilize their capabilities and data thanks to APIs. This saves time and
resources by allowing developers to incorporate different features and services into
their applications fast and effectively. APIs offer a common interface that makes it
simple for systems to communicate with one another, irrespective of the underlying
architectures or technologies. Furthermore, by abstracting the complexity of
underlying systems, APIs enable developers to create scalable and reliable online
applications more easily.

4.2.5 WIREGUARD VPN APPLICATION

WireGuard is a modern and highly efficient virtual private network (VPN)
application designed to establish secure connections over the internet. Unlike
traditional VPN protocols such as OpenVPN or IPSec, WireGuard is characterized by
its simplicity, speed, and minimalistic design. It operates at the kernel level, making it
lightweight and efficient, with reduced overhead compared to older protocols.
WireGuard utilizes state-of-the-art cryptography techniques, including the Noise
protocol framework, to ensure robust security and privacy for transmitted data. Its
cryptographic design aims to provide strong encryption, authentication, and key
exchange while maintaining a streamlined and easy-to-audit codebase. The protocol
employs a concept called "cryptokey routing," where each peer in the network is
identified by a public key, simplifying the process of establishing secure connections.
WireGuard's simplicity extends to its configuration, with a straightforward and
intuitive setup process, making it accessible to both experienced users and those new
to VPN technologies. Its small codebase and focus on simplicity contribute to its ease
of auditing and maintenance, enhancing security and reliability. Moreover, WireGuard
offers excellent performance, with low latency and high throughput, making it suitable
for a wide range of use cases, from individual users seeking privacy and security to
enterprises requiring secure communication between remote sites or cloud
environments. Additionally, its ability to seamlessly traverse network address
translation and firewalls simplifies deployment in various network environments.
Overall, WireGuard represents a significant advancement in VPN technology,
providing a modern and efficient solution for establishing secure, private, and
high-performance connections over the internet.
 CHAPTER 5
SYSTEM TESTING

5.1 INTRODUCTION
Software development requires testing as a basic component to guarantee a
project's operation, quality, and dependability. It entails methodically checking and
confirming the program to find flaws, mistakes, or errors and to make sure it satisfies
the user's expectations and requirements. To find and fix any problems before the
software is put into production, testing entails a number of tasks, such as planning,
creating test cases, running tests, and evaluating the outcomes. Good testing
procedures not only aid in the early detection and correction of flaws in the software
development process, but they also enhance the program's overall performance,
stability, and user experience. Thorough testing is necessary in today's fast-paced,
dynamic software development environment to produce high-quality software that
satisfies the criteria.

5.2 TESTING CONFIGURATION

● Intel Core i7-3820QM and Intel Core i7-5200U
● Intel 82579LM and Intel I218LM gigabit ethernet cards
● Linux 4.6.1
● WireGuard configuration: 256-bit ChaCha20 with Poly1305 for MAC
● IPsec configuration 1: 256-bit ChaCha20 with Poly1305 for MAC
● IPsec configuration 2: AES-256-GCM-128 (with AES-NI)
 ● OpenVPN configuration: equivalently secure cipher suite of 256-bit AES with
HMAC-SHA2-256, UDP mode
● iperf3 was used and the results were averaged over 30 minutes.

5.3 API TESTING

The testing process for the developed API involves several key steps to ensure
its functionality and security. First, the API is tested using the Postman application, a
widely-used tool for API testing and development. The Postman application allows
developers to send requests to the API endpoints and examine the responses, ensuring
that the API functions as expected. To access the API, an IP address is obtained from
the WireGuard VPN, which provides a secure connection to the server hosting the
API. This ensures that the testing environment is secure and isolated from external
threats. Once the API is accessed through Postman, various requests are sent to the
API endpoints to check their functionality, including retrieving data, sending
commands, and managing device configurations. Additionally, the connectivity is
tested to ensure that the API can successfully communicate with the IoT devices and
other components of the system. Through thorough testing using Postman and
verification of connectivity, any potential issues or bugs in the API are identified and
addressed, ensuring that it meets the required standards of performance, security, and
reliability.
The Postman application is used to test the procedure of retrieving user login
credentials over the API. Sending calls to API endpoints, confirming functionality,
and guaranteeing safe credential transmission are all made possible with Postman.
Through this testing, the system's user authentication's dependability and security are
guaranteed.
 Fig.5.1 To check user login

An access token is produced by the API following the collection of user login
credentials. To add peers, you need to have been allowed access with this token. Users
can safely authenticate themselves and obtain the required rights to use the system's
features, such as adding peers, by going through this process.

Fig.5.2 Generate access token

 Using the token key obtained, users can add peers securely. This key grants
authorized access to the system's functionalities, enabling users to add peers without
compromising security. Through this mechanism, the system ensures that only
authenticated users can perform actions such as adding peers.

Fig.5.3 Add peer

5.4 INTEGRATION TESTING

Testing the interactions between different components or modules to ensure
they work together as expected. Integration tests verify that the integrated components
communicate and function correctly when combined.
The approach to integration testing for the WireGuard application is to install it
on various devices and assess how well it establishes secure VPN connections. This
testing stage evaluates the Raspberry Pi's capabilities to see if it can be integrated with
a VPN. Integration testing also includes integrating databases accommodated on
different cloud servers to make sure they run smoothly and work with the application.
Through the use of integration tests, we confirm that the WireGuard application can
efficiently synchronize and communicate data between various devices, utilizing the
hardware capabilities of the Raspberry Pi for VPN operations and integrating with
cloud-based databases for data storage and retrieval. By using a thorough testing
process, customers can be sure that the application works flawlessly in a variety of
systems and circumstances, offering a dependable and secure VPN service.

5.5 SECURITY TESTING

To assess the system's resistance to potential security threats, a variety of

devices, including PCs and laptops, were connected to it during security testing.
Ensuring that the hidden private IP prevented unwanted users from accessing the
system was a critical component of the security testing process. The need for an
access token to establish a connection further limited access to the system. An
additional degree of security was added by this token-based authentication technique,
which made sure that only authorized users could access the system. Through security
testing, we were able to confirm that the system successfully guarded private
information and stopped unwanted access, strengthening its overall security posture
and guaranteeing the privacy and integrity of the system's operations.
 CHAPTER 6
RESULT AND DISCUSSION

6.1 RESULT
Large-scale cyberattacks are a result of the spread of weak Internet-of-things
(IoT) devices. This research examines whether WireGuard, an emerging VPN
protocol, can offer effective security optimized for resource-constrained IoT devices.
While current solutions like Hestia and HomeSnitch have failed to handle IoT security
fully, this research highlights the potential benefits of WireGuard. Evaluation of
WireGuard's performance in a simulated Internet of Things environment using
common protocols OpenVPN and IPsec, assessing parameters including speed,
latency, and jitter during file transfers. According to preliminary findings, WireGuard
has the potential to be a reliable and lightweight IoT security solution, even though
there were several issues with our testing configuration. Although further testing is
required, WireGuard seems to have potential for general adoption due to its ease of
use, low overhead, and advantages in setup time, speed, and compatibility—especially
when integrating with subpar IoT processors and networks.
The project's results show how well WireGuard works to create secure
connections between databases and Internet of Things devices. A private IP address is
produced during the WireGuard connection process, greatly improving connectivity
security. This private IP guarantees data transport encryption and security, preventing
unwanted access or interception. After extensive testing, it was discovered that
WireGuard effectively addressed any possible security issues with the connection,
offering a solid and trustworthy means of securing data exchange between IoT devices
and databases. All things considered, the results highlight how well WireGuard works
to improve the security of IoT device database access.
Fig.6.1 Adding the public key

Fig :6.2 Listing the devices

6.2 COMPARATIVE STUDY
The proliferation of Internet of Things (IoT) devices has become pervasive in
today's networked world, enabling automation and connection across several
industries. These gadgets' interconnection, however, also makes them vulnerable to
security risks including illegal access and data breaches. Maintaining the integrity and
confidentiality of data sent between devices and servers depends critically on the
security of IoT device connections.

An innovative VPN protocol called WireGuard offers a viable way to deal with the
security issues that come with Internet of Things devices. In contrast to conventional
VPN protocols like IPsec and OpenVPN, WireGuard has a more efficient codebase
that lowers vulnerability risk. Because of its lightweight construction, it works
especially well in Internet of Things contexts with limited resources, where cutting
down on overhead is crucial.

In a simulated Internet of Things environment, WireGuard and traditional VPN

protocols are compared to offer important insights into how well they work and
whether or not they are appropriate for safeguarding connections between IoT devices.
WireGuard is shown to perform better in terms of speed, dependability, and
deployment simplicity via extensive testing. Because of its effective encryption
techniques, data confidentiality is guaranteed with little latency, which is essential for
real-time applications that are frequently used in IoT installations. Additionally,
WireGuard's ease of use simplifies the creation and administration of VPN
connections for developers and administrators. Because of its simplicity of use, IoT
device makers and service providers may use it more widely, which would improve
IoT ecosystems' overall security posture
.
This project emphasizes the usefulness of WireGuard and emphasizes the need
of giving security top priority in IoT deployments by presenting its practical use in a
case study on IoT device security. Solutions like as WireGuard are essential in
protecting the privacy and integrity of IoT data as the IoT landscape grows,
guaranteeing a more secure and robust IoT ecosystem for both enterprises and
consumers.

6.2.1 Virtual Private Networks (VPN) vs. SSL/TLS

A Virtual Private Network (VPN) extends a network securely to a remote

location, allowing authenticated users to access the entire remote network. Unlike
other methods of remote connection, VPNs enable users to connect to a complete
remote network, not just individual devices. Initially popular among businesses, VPNs
gained traction among privacy-conscious individuals due to their encryption and
privacy features. SSL/TLS, in contrast, secures individual connections between two
hosts without extending a network or firewall. Choosing a VPN over SSL/TLS offers
several advantages, as summarized in Table I. VPNs provide an encrypted tunnel that
extends an entire network to a remote location, allowing centralized control of IoT
devices through a single tunnel, thereby reducing vulnerability points. Additionally,
VPNs enable anonymous remote access, limiting visibility to ISPs and potential
threats. While popular VPN protocols include OpenVPN and IPsec, limitations exist
in applying them effectively to IoT contexts.
 TLS VPN

Uses TCP only has the option to use UDP,

implying potential speed
advantage
Layer 4 (Transport Layer) and Layer 3 (Network Layer). Part of
above the Kernel, so runs faster because
of close proximity to the processor
architecture
ISP knows both parties. Reducing Anonymous IP address. ISP knows
Privacy when controlling devices only one party (less
remotely monitoring,tracking and
reconnaissance hacking)

Table 6.1 Comparison of TLS and VPN

It is possible to gain insight into how well IPsec (ChaPoly), IPsec (AES-GCM),
OpenVPN, and WireGuard perform in protecting IoT device connections by
comparing their throughput and ping metrics. Because of its effective encryption
techniques, WireGuard is anticipated to exhibit excellent throughput and low latency
despite its lightweight architecture. IPsec with AES-GCM strikes a compromise
between security and performance, whereas IPsec with ChaPoly combines robust
security with competitive throughput. Despite being extensively used, OpenVPN's
more intricate architecture may result in somewhat poorer performance and increased
latency. By doing comprehensive testing in a simulated Internet of Things (IoT)
environment, which includes file transfer rate measurements and ICMP echo queries,
the best protocol may be identified based on how well it maintains security while
having the least negative influence on network performance.
Fig. 6.3 Comparing Low Latency

Fig. 6.4 Comparing Ping

 CHAPTER 7
CONCLUSION AND FUTURE WORK

7.1 CONCLUSION
In this project, we assessed WireGuard's suitability as a VPN solution optimized for
resource-limited IoT devices. Our findings highlight WireGuard's simplicity, rapid
connection speed, and stability, outperforming both OpenVPN and IPsec. Although
experimental constraints hindered a comprehensive simulation of an IoT environment,
WireGuard exhibited promising traits such as minimal overhead and jitter. Further
testing under optimal conditions may reveal WireGuard as a lightweight yet resilient
security solution for the IoT. Its efficiency could promote widespread adoption of
VPNs, bolstering the defense of susceptible IoT devices against potential attacks.

7.2 FUTURE WORK

A complete control system for Internet of Things devices will be created in the
future, improving usability and functionality. Through an intuitive interface,
customers will be able to remotely control and keep an eye on their devices, including
settings, data collection, and automated activities. Furthermore, the online application
will get additional capabilities, including dashboards for real-time monitoring and
sophisticated data visualization tools. The implementation of automated discovery and
pairing procedures would simplify device connectivity and provide a smooth user
experience for users adding new devices to their network. The ultimate objective is to
provide an ecosystem that is easy to use and offers cutting-edge functionality and a
simplified user interface, enabling consumers to efficiently manage their Internet of
Things devices. WireGuard's potential remains uncompromised. Despite the discussed
limitations, WireGuard demonstrated its ability to compete with other mainstream
VPN protocols reliably and even outperformed them in certain aspects, including
simplicity, ping, jitter, and connection setup time. However, it is essential to note that
WireGuard may not necessarily be superior in all aspects when used with weak IoT
devices,

For future work, the following steps could be taken:

● Repeat the data collection using an open internet infrastructure that does not
require an additional tunnel layer to provide connectivity to the tested protocols.
● Conduct tests on non-Intel devices like Raspberry Pi, which lack AES-NI
instructions.
● Gather CPU usage data during tests to potentially demonstrate WireGuard's
advantage in minimizing processing overhead.
● Explore further advantages of WireGuard by efficiently securing blockchain
networks, showcasing its compatibility with diverse systems.
 APPENEDICE 1

API
#login page
<?php

${basename(__FILE__, '.php')} = function(){

if($this->isAuthenticated()){
$data = [
"error" => "Already logged in"
];
$data = $this->json($data);
$this->response($data, 400);
}
if($this->get_request_method() == "POST" and
isset($this->_request['username']) and isset($this->_request['password'])){
$username = $this->_request['username'];
$password = $this->_request['password'];
try {
$auth = new Auth($username, $password);
$data = [
"message" => "Login success",
"tokens" => $auth->getAuthTokens()
];
$data = $this->json($data);
 $this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 406);
}
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};

#for Signup
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and
isset($this->_request['username']) and isset($this->_request['email']) and
isset($this->_request['password'])){
$username = $this->_request['username'];
$email = $this->_request['email'];
$password = $this->_request['password'];
 if(false) {
$data = [
"error" => "Forbidden"
];
$data = $this->json($data);
$this->response($data, 403);
}

try{
$s = new Signup($username, $password, $email);
$data = [
"message" => "Signup success",
"userid" => $s->getInsertID()
];
$this->response($this->json($data), 200);
} catch(Exception $e) {
$data = [
"errorr" => $e->getMessage()
];
$this->response($this->json($data), 409);
}

} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
 $this->response($data, 400);
}
};

#geeting data
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$data = [
"username" => $this->getUsername(),
];
$data = $this->json($data);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}

} else {
$data = [
"error" => "Bad request"
];
 $data = $this->json($data);
$this->response($data, 400);
}
};
#refresh token
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and
isset($this->_request['refresh_token'])){
$refresh_token = $this->_request['refresh_token'];
try {
$auth = new OAuth($refresh_token);
$user = $auth->collection->findOne(['refresh_token' => $refresh_token]);
$auth->setUsername($user->username);
$data = [
"message" => "Refresh Success",
"tokens" => $auth->refreshAccess()
];
$data = $this->json($data);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 406);
 }
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#adding peers
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and $this->isAuthenticated() and
!empty($this->_request['public_key']) and !empty($this->_request['email'])){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = [
"result" => $wg->addPeer($this->_request['public_key'],
$this->_request['email'], isset($this->_request['reserved']) ?
boolval($this->_request['reserved']):false, isset($this->_request['ip']) ?
$this->_request['ip'] : null),
];
 $data = $this->json($data);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}

} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};

#get peer
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
 $device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = [
"data" => $wg->getPeer($this->_request['peer']),
];
$data = $this->json($data);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}

} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};

#get peers
<?php
${basename(__FILE__, '.php')} = function(){
if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = $this->json($wg->getPeers());
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}

} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
#remove peers
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = [
"result" => $wg->removePeer($this->_request['peer'],
isset($this->_request['reserved']) ? boolval($this->_request['reserved']) : false),
];
$data = $this->json($data);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}

} else {
 $data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};

API
all.php
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$ip = new IPNetwork($wg->getCIDR(), $wg->device);
$data = $this->json(['nodes'=>$ip->getAll()]);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
 $data = $this->json($data);
$this->response($data, 403);
}

} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};

#next.php
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and $this->isAuthenticated()){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$ip = new IPNetwork($wg->getCIDR(), $wg->device);
$data = $this->json(['result'=>$ip->getNextIP()]);
$this->response($data, 200);
 } catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}

} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};

API
#reserve.php
<?php

${basename(__FILE__, '.php')} = function(){

if($this->get_request_method() == "POST" and $this->isAuthenticated() and
!empty($this->_request['ip']) and !empty($this->_request['email'])){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
 $device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = $wg->reserve($this->_request['ip'], $this->_request['email']);
$data = $this->json(['result'=>$data]);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}

} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};

API
#un reserve.php
<?php
${basename(__FILE__, '.php')} = function(){
if($this->get_request_method() == "POST" and $this->isAuthenticated() and
!empty($this->_request['ip']) and !empty($this->_request['email'])){
try{
$device = 'wg0';
if(isset($this->_request['device'])){
$device = $this->_request['device'];
}
$wg = new Wireguard($device);
$data = $wg->unreserve($this->_request['ip'], $this->_request['email']);
$data = $this->json(['result'=>$data]);
$this->response($data, 200);
} catch(Exception $e){
$data = [
"error" => $e->getMessage()
];
$data = $this->json($data);
$this->response($data, 403);
}
} else {
$data = [
"error" => "Bad request"
];
$data = $this->json($data);
$this->response($data, 400);
}
};
 REFERENCES

1. Abir, Prosanta Gope and Saraju P. Mohanty. (2023) ‘A Security-Enabled Safety

Assurance Framework for IoT-Based Smart Homes’,IEEE TRANSACTIONS
ON INDUSTRY APPLICATIONS, VOL. 59, NO. 1, JANUARY/FEBRUARY

2. Imran Ashraf, Yongwan Park, Soojung Hur, Sung Won Kim, Roobaea
Alroobaea, Yousaf Bin Zikria and Summera Nosheen. (2023) ‘A Survey on
Cyber Security Threats in IoT-Enabled Maritime Industry’ IEEE
TRANSACTIONS ON INTELLIGENT TRANSPORTATION SYSTEMS,
VOL. 24, NO. 2, FEBRUARY

3. Houzhen Wang, Jiaming Wen, Jinhui Liu, and Huanguo Zhang. (2023) ‘ACKE:
Asymmetric Computing Key Exchange Protocol for IoT Environments’, IEEE
INTERNET OF THINGS JOURNAL, VOL. 10, NO. 20, 15 OCTOBER

4. Yuba Raj Siwakoti , Manish Bhurtel , Danda B. Rawat, Adam Oest, and R. C.
Johnson. (2023) ‘Advances in IoT Security: Vulnerabilities, Enabled Criminal
Services, Attacks, and Countermeasures’ , IEEE INTERNET OF THINGS
JOURNAL, VOL. 10, NO. 13, 1 JULY

5. Yohanes Yohanie Fridelin Panduman, Nobuo Funabiki, Pradini Puspitaningayu,

Masaki Sakagami, Sritrusta Sukaridhoto. (2022) ‘Implementations of
Integration Functions in IoT Application Server Platform’,2022 Fifth
International Conference on Vocational Education and Electrical Engineering
(ICVEE)

6. Yushan Li, Satoshi Fujita. (2022) ‘Design of Elixir-Based Edge Server for
Responsive IoT Applications’ ,2022 Tenth International Symposium on
Computing and Networking Workshops (CANDARW)

7. Haseebullah Jumakhan ,Amir Mirzaeinia. (2024) ‘Wireguard: An Efficient

Solution for Securing IoT Device’, arXiv:2402.02093,3 Feb

8. Xiaotao Feng, Xiaogang Zhu, Qing-Long Han, Wei Zhou, Sheng Wen and Yang
Xiang. (2023) ‘Detecting Vulnerability on IoT Device Firmware: A Survey’.
 IEEE/CAA JOURNAL OF AUTOMATICA SINICA, VOL. 10, NO. 1,
JANUARY

9. Qi Li, Qianqian Zhang, Haiping Huang, Wei Zhang, Wei Chen and Huaqun
Wang. (2022) ‘Secure, Efficient, and Weighted Access Control for
Cloud-Assisted Industrial IoT’ ,IEEE INTERNET OF THINGS JOURNAL,
VOL. 9, NO. 18, 15 SEPTEMBER

10.Zishuai Song, Hui Ma, Rui Zhang, Wenhan Xu and Jianhao Li. (2023)
‘Everything Under Control: Secure Data Sharing Mechanism for
Cloud-Edge Computing’, IEEE TRANSACTIONS ON INFORMATION
FORENSICS AND SECURITY, VOL. 18

11.D.Bernstein. (2008) ‘ChaCha, a variant of Salsa20’ Workshop record of SASC.

12.Benjamin Lipp, Bruno Blanchet,Karthikeyan Bhargavan,”A Mechanised

Cryptographic Proof of the WireGuard Virtual Private Network Protocol”2019
IEEE European Symposium on Security and Privacy

13.Jason A. Donenfeld. (2017) ‘WireGuard: Next Generation Kernel Network

Tunnel’ NDSS Symposium 2017

14.Kevin Milner, Jason A. Donenfeld. (2017) ‘Formal Verification of the

WireGuard Protocol’ Wireguard Papers wireguard.com

15.Mojtaba Bisheh Niasar, Rami El Khatib, Reza Azarderakhsh, Boca Raton,

Mehran Mozaffari-Kermani (2020) ‘Fast, Small, and Area-Time Efficient
Architectures for Key-Exchange on Curve25519’ 2020 IEEE 27th Symposium
on Computer Arithmetic (ARITH).