MODULE 2 – TECHNOLOGIES BEHIND IoT

CONTENTS

2.1 CHALLENGES AND ISSUES, SECURITY CONTROL UNITS

2.2 COMPONENTS IN IOT -SENSORS

2.3 COMMUNICATION MODULES, POWER SOURCES

2.4 COMMUNICATION TECHNOLOGIES, RFID, BLUETOOTH, ZIGBEE

2.5 WI-FI, RF LINKS, MOBILE INTERNET, WIRELESS COMMUNICATION

2.6 ARDUINO BOARDS, RASPBERRY PI

 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

CHALLENGES AND ISSUES in TECHNOLOGIES BEHIND IoT?

 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

CHALLENGES AND ISSUES in TECHNOLOGIES BEHIND IoT?

 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

CHALLENGES AND ISSUES in TECHNOLOGIES BEHIND IoT?

 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

CHALLENGES AND ISSUES in TECHNOLOGIES BEHIND IoT?

For the IoT industry to thrive there are three categories of challenges to
overcome and this is true for any new trend in technology not only IoT:
 Technology
 Business
 Society
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

TECHNOLOGY
• Cloud Security Alliance (CSA)  listed some of the root causes of such
technological challenges:
• Many IoT Systems are poorly designed and implemented, using diverse
protocols and technologies that create complex configurations.
• Lack of mature IoT technologies and business processes.
• Limited guidance for life cycle maintenance and management of IoT
devices.
• Limited best practices available for IoT developers.
• There is a lack of standards for authentication and authorization of IoT
edge devices.
• There are no best practices for IoT-based incident response activities.
• Audit and Logging standards are not defined for IoT components.
• Restricted interfaces available IoT devices to interact with security devices
and applications.
• No focus yet on identifying methods for achieving situational awareness of
the security posture of an organization’s IoT assets.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

SECURITY
• IoT has already turned into a serious security concern that has drawn the
attention of prominent tech firms and government agencies across the
world. 
• The hacking of baby monitors, smart fridges, thermostats, drug infusion
pumps, cameras and even assault rifles are signifying a security nightmare
being caused by the future of IoT. 
• So many new nodes being added to networks and the internet will provide
malicious actors with innumerable attack vectors and possibilities to carry
out their evil deeds, especially since a considerable number of them suffer
from security holes.
• There are many reasons behind the state of insecurity in IoT. Some of it
has to do with the industry being in its “gold rush” state, where every
vendor is hastily seeking to dish out the next innovative connected gadget
before competitors do. Under such circumstances, functionality becomes
the main focus and security takes a back seat.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

SECURITY CHALLENGES
• IoT is already posing a serious threat to tech giants and
government agencies all around the world.
• Smart fridges, cameras, and assault rifles are being hacked,
casting an aura of fear with regards to the security and future of
IoT.
• This problem is bound to escalate as IoT gets engrained more and
more into our lives.
• Critical city infrastructure can be hacked, as in the case of
the Ukraine power grid hack.
• In the rush to launch their product before their competitors,
companies focus more on providing features than on the security.
• Moreover, most IoT developers have an embedded programming
background, due to which they are ignorant about IoT
programming and the threats related to it.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

CONNECTIVITY: 
 Connecting so many devices will be one of the biggest challenges of the
future of IoT, and it will defy the very structure of current communication
models and the underlying technologies.
 At present we rely on the centralized, server/client paradigm to
authenticate, authorize and connect different nodes in a network.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

CONNECTIVITY CHALLENGES

• One of the biggest challenges for IoT in the future is to connect

large number of devices.
• Presently, we rely upon centralized, server/client model to
authorize, authenticate, and connect several nodes present on the
network.
• This model is sufficient for the number of IoT devices that are
currently a part of the ecosystem.
• However, in the near future, when hundreds of billions of devices
will join the network, it will turn into a bottleneck.
• Moreover, the capability of current cloud servers is so less that it
can breakdown if it has to handle large amounts of information.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

 This model is sufficient for current IoT ecosystems, where tens,

hundreds or even thousands of devices are involved.
 But when networks grow to join billions and hundreds of billions of
devices, centralized systems will turn into a bottleneck.
 Such systems will require huge investments and spending in
maintaining cloud servers that can handle such large amounts of
information exchange, and entire systems can go down if the
server becomes unavailable.
 The future of IoT will very much have to depend on decentralizing
IoT networks.
 Part of it can become possible by moving some of the tasks to the
edge, such as using fog computing models where smart devices
such as IoT hubs take charge of mission-critical operations and
cloud servers take on data gathering and analytical responsibilities.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

 Other solutions involve the use of peer-to-peer communications,

where devices identify and authenticate each other directly and
exchange information without the involvement of a broker.
 Networks will be created in meshes with no single point of failure.
 This model will have its own set of challenges, especially from a
security perspective, but these challenges can be met with some of
the emerging IoT technologies such as Blockchain.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

 Presenting the 5 challenges of IoT connectivity:

 Signaling.
With connected IoT devices, reliable bidirectional signaling is
essential for collecting and routing data between devices.
 Security
Security is a huge umbrella, but it's paramount in Internet of
Things connectivity.
 Presence Detection.
 Power consumption.
 Bandwidth.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

SECURITY CONTROL UNITS

 IoT security methods vary depending on your specific IoT
application and your place in the IoT ecosystem.

For example,
 IoT manufacturers from product makers to semiconductor
companies should concentrate on building security in from the
start, making hardware tamper-proof, building secure hardware,
ensuring secure upgrades, providing firmware updates/patches
and performing dynamic testing.
 A solution developer's focus should be on secure software
development and secure integration.
 Operators, keeping systems up to date, mitigating malware,
auditing, protecting infrastructure and safeguarding credentials are
key.
Google Data Center Security: 6 Layers Deep
https://youtu.be/kd33UVZhnAA
2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

1. Incorporating security at the design phase. 

 Enabling security by default is critical, as well as providing the most
recent operating systems and using secure hardware.
 Hardcoded credentials should never be part of the design process.
 Using a strong password or multifactor
authentication or biometrics where possible.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

2. PKI and digital certificates. 

 Public key infrastructure (PKI) and 509 digital certificates play
critical roles in the development of secure IoT devices, providing
the trust and control needed to distribute and identify public
encryption keys, secure data exchanges over networks and verify
identity.

3. API security.
 Application performance indicator (API) security is essential to
protect the integrity of data being sent from IoT devices to back-
end systems and ensure only authorized devices, developers and
apps communicate with APIs.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

4. Identity management. 
 Providing each device with a unique identifier is critical to
understanding what the device is, how it behaves, the other
devices it interacts with and the proper security measures that
should be taken for that device
5. Hardware security. 
 Endpoint hardening includes making devices tamper-proof or
tamper-evident.
 This is especially important when devices will be used in harsh
environments or where they will not be monitored physically.
 Strong encryption is critical to securing communication between
devices.
 Data at rest and in transit should be secured using cryptographic
algorithms.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

6. Network security. 
 Protecting an IoT network includes ensuring port security, disabling
port forwarding and never opening ports when not needed.
 Using antimalware, firewalls and intrusion detection
system/intrusion prevention system; blocking unauthorized IP
addresses; and ensuring systems are patched and up to date.
7. Network access control. 
 NAC can help identify and inventory IoT devices connecting to a
network. This will provide a baseline for tracking and monitoring
devices.
 IoT devices that need to connect directly to the internet should be
segmented into their own networks and have access to enterprise
network restricted.
 Network segments should be monitoring for anomalous activity,
where action can be taken, should an issue be detected.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

8. Security gateways.
 Acting as an intermediary between IoT devices and the network,
security gateways have more processing power, memory and
capabilities than the IoT devices themselves, which provides them the
ability to implement features such as firewalls to ensure hackers cannot
access the IoT devices they connect.
9. Patch management/continuous software updates. 
 Providing means of updating devices and software either over network
connections or through automation is critical. Having a coordinated
disclosure of vulnerabilities is also important to updating devices as
soon as possible. Consider end-of-life strategies as well.
 IoT and operational system security are new to many existing security
teams. It is critical to keep security staff up to date with new or unknown
systems, learn new architectures and programming languages and be
ready for new security challenges.
 C-level and cybersecurity teams should receive regular training to keep
up with modern threats and security measures.
 2.1 - CHALLENGES AND ISSUES, SECURITY
CONTROL UNITS

10. Integrating teams. 

 Along with training, integrating disparate and regularly siloed teams
can be useful.
 For example,
having programing developers work with security specialists
can help ensure the proper controls are added to devices during the
development phase.
11. Consumer education. 
 Consumers must be made aware of the dangers of IoT systems
and provided steps they can take to stay secure, such as updating
default credentials and applying software updates.
 Consumers can also play a role in requiring device manufacturers
to create secure devices, and refusing to use those that don't meet
high security standards.
Webinar - IoT Security: the Key Ingredients for Success
https://youtu.be/bcVztl4lJN8