INTERNET OF THINGS TECHNOLOGY

Subject Code- 17CS81

Credits – 04

Module – 4

IoT Physical Devices and Endpoints - RaspberryPi: Introduction to RaspberryPi, About the
RaspberryPi Board: Hardware Layout, Operating Systems on RaspberryPi, Configuring
RaspberryPi, Programming RaspberryPi with Python, Wireless Temperature Monitoring
System Using Pi, DS18B20 Temperature Sensor,

Module- 4
Introduction to RaspberryPi
• The RaspberryPi is a series of credit card sized single-board computers developed in the
United Kingdom by the Raspberrypi Foundation to promote the teaching of basic
computer science in schools and developing countries.
• Several generations of RaspberryPi have been released.
• The first generation (RaspberryPi 1 model B) was released in February 2012, followed by
a simple and inexpensive model A.
• In 2014 , the foundation released a board with an improved design in Raspberry 1 model
B+.
• Improved A+ and B+ model were released a year later.
• RaspberryPi Zero with smaller size and limited input/output (I/O)and general purpose
input/ output (GPIO) abilities was released in November 2015 for US $5.
• RaspberryPi 2 which added more RAM was released in February 2015.
• RaspberryPi 3 model B released in February 2016 in bundled with on-board Wi-Fi and
Bluetooth.
• As of 2016 , Raspberrypi 3 model b is the newest mainline RaspberryPi. These boards are
priced between US $ 5-35.

INTERNET OF THINGS TECHNOLOGY Page 1

INTERNET OF THINGS TECHNOLOGY Page 2
5.6 ) Exploring the RaspberryPi Learning Board

Figure 5.8: GPIO Pinout Diagram.

Figure 5.9: Raspberry Pi2 Model B and its GPIO.

INTERNET OF THINGS TECHNOLOGY Page 3

 Processor – The Broadcom BCM2835 SoC( System on Chip) used in the first generation
Raspberrypi is somewhat equivalent to the chip used in first generation smart phones,
Which includes a 700MHz ARM1176JZF-S Processor, Video Core IV graphics
processing unit(GPU) and RAM.
• This has a level 1 (L1) cache of 16 KB and a level 2 (L2) cache of 128 KB.
• The level 2 cache is used primarily by the GPU.
• The Raspberrypi2 uses a Broadcom BCM2836 SoC with a 900 MHz 32-bit quad-core
ARM cortex A7 processor with 256KB shared L2 cache.
• The Raspberrypi2 uses a Broadcom BCM2837 SoC with a 1.2 GHz 64-bit quad-core
ARM cortex A53 processor, with a 512 KB shared L2 cache.
 Power Source:- The recommended and easiest way to power the Raspberrypi is via the
Micro USB port on the side of the unit.
• The recommended input voltage is 5V , and the recommended input current is 2A.
 SD Card (Secure Digital Card): The Raspberry Pi does not have any locally available
storage accessible.
• The working framework is stacked on a SD card which is embedded on the SD card space
on the Raspberry Pi.
 GPIO(General Purpose Input Output): General –purpose input/output (GPIO) is a non
specific pins on a coordinated circuit to know is an input or output pin which can be
controlled by the client at run time.
• GPIO capabilities may include

1. GPIO pins can be designed to be input or output.

2. Input values are meaning (normally high=1, low=0).
3. Yield values are writable/meaningful.
4. Input values can frequently be utilized as IRQs(interrupt request).

 DSI Display x: The Raspberrypi Connector S2 is a display serial interface(DSI) for

connecting a liquid crystal display(LCD) panel using a 15 pin ribbon cable.
 Audio Jack: A standard 3.5 mm TRS connector is accessible on the Rpi for stereo sound
yield.
 Any earphone or 3.5mm sound link can be associated straightforwardly.
 Status LEDS: There are 5 status LEDs on the Rpi that demonstate the status of different
exercise

INTERNET OF THINGS TECHNOLOGY Page 4

1. OK- SDCard Access.
2. POWER- 3.3 v Power
3. FDX- Full Duplex LAN
4. LNK- Link/ Activity(LAN) (Model B)
5. 10M/100-10/100M bit (LAN) (Model B)

 Ethernet Port : is accessible on Model B and B+.

• It can be associated with a system or web utilizing a standard LAN link on the Ethernet
port.
 CSI connector (CSI) – Camera Serial interface is a serial interface outlined (define) by
MIPI (Mobile Industry Processor Interface) organization together went for interfacing
cameras with a portable processor.
 HDMI- High Definition Multimedia Interface to give both video and sound yield.

5.6.1 ) Description of system on chip(SoC)

 SoC is an integrated circuit(IC) that coordinated all parts of a PC or other electronic

framework into a solitary chip.
 SoC comprises of:

1) A microprocessor chip or DSP core.

2) Memory pieces including (ROM,RAM,EEPROM)
3) Timing signal –oscillators
4) Peripherals include counter-clocks, ongoing clocks
5) Outer interfaces example: USB, Ethernet
6) Simple interfaces includes ADCs (Analog and Digital Converter) and DACS( Digital and
Analog Converter)

7) Voltage Controllers and power administration circuits.

Accessories

 Camera: On 14 May 2013 , the establishment and the merchants RS Components and
Premier Farnell/ Element 14 propelled the Raspberry pi camera board with a firmware
redesign to bolster it.
 Gertboard- A Raspberry Pi Foundation authorized gadget intended for instructive
purpose, and grows the Raspberry Pi’s GPIO pins to permit interface with of LEDs ,
switches, sensors and different gadgets.

5.7) Raspberry Pi interfaces.

 Serial :- The serial interface on Raspberry Pi has receive(rx) and transmit(Tx) pins for
communication with serial peripherals.
 SPI:- Serial Peripheral interfaces( SPI) is a synchronous serial data protocol used for
communication with one or more peripheral devices.

• MISO (Master In Slave Out): Master line for sending data to the peripherals.
• MOSI(Master out Slave In): Slave line for sending data to the master.
• SCK( Serial Clock): Clock generated by Master to synchronize data
transmission.
INTERNET OF THINGS TECHNOLOGY Page 5
 • CEO( Chip Enable 0): To enable or disable device
• CEO( Chip Enable 1): To enable or disable device

 I2C:- The I2C interface pins on Raspberry Pi allow you to connect hardware
modules.

5.8 )RaspberryPI Operating System.

 Various operating system can be installed on Raspberrypi through SD cards.

5.8.1) Operating Systems( not Linux based)

5.8.2) Operating Systems( Linux based)

INTERNET OF THINGS TECHNOLOGY Page 6

5.8.3) Media center Operating systems

5.8.4) Audio Operating systems

5.8.5) Recalbox

5.9) Operating System Setup in RaspberryPI

 Preinstalled NOOBS operating system is already available in many authorized as well as

independent seller, there are many other operating system for Raspberrypi in the market
like NOOBS, Raspbian and third party operating systems are also available like
UBUNTU MATE, OSMC,RISC OS etc.
 To setup an operating system we need a SD card with minimum capacity of 8GB.

INTERNET OF THINGS TECHNOLOGY Page 7

5.9.1) Formatting SD card:

5.9.2) OS installation

5.9.3) First Boot

5.10) Login information

 The default login for Raspbian is username ―pi‖ with the password ―raspberry‖.
 To load the graphical user interface, type ―Startx‖ and press Enter.

INTERNET OF THINGS TECHNOLOGY Page 8

5.10) RaspberryPI Commands

5.11) Programming RaspberryPI with python

INTERNET OF THINGS TECHNOLOGY Page 9

INTERNET OF THINGS TECHNOLOGY Page 10
INTERNET OF THINGS TECHNOLOGY Page 11
INTERNET OF THINGS TECHNOLOGY Page 12
INTERNET OF THINGS TECHNOLOGY Page 13
INTERNET OF THINGS TECHNOLOGY Page 14
INTERNET OF THINGS TECHNOLOGY Page 15
INTERNET OF THINGS TECHNOLOGY Page 16
INTERNET OF THINGS TECHNOLOGY Page 17
INTERNET OF THINGS TECHNOLOGY Page 18
INTERNET OF THINGS TECHNOLOGY Page 19
INTERNET OF THINGS TECHNOLOGY Page 20
INTERNET OF THINGS TECHNOLOGY Page 21
INTERNET OF THINGS TECHNOLOGY Page 22
INTERNET OF THINGS TECHNOLOGY Page 23
 Important Questions
1) Compare Raspberry Pi model A+, Model B, Model B+ and Model 3. (CO5)
2) Draw a neat diagram for Raspberry Pi GPIO pins . (CO5)
3) Explain Raspberry Pi learning Board. (CO5)
4) Explain configuring RaspberryPi microcontroller. (CO5)
5) Explain different categories of Raspberry operating system. (CO5)
6) Write a python program to check for Armstrong number. (CO5)
7) Describe DS18B20 Temperature Sensor. (CO5)
8) Give technical specifications of DS18B20 Temperature Sensor along with PIN
Diagram. (CO5)
9) Explain Pi via SSH. (CO5)
10) Write a program to access temperature from DS18B20 sensor. (CO5)
or

INTERNET OF THINGS TECHNOLOGY Page 24

 python code to read temperature value in centigrade (Celsius) and Fahrenheit formfrom
DS18B20 sensor connected to Raspberry pi microcontroller. (CO5)Write a

11) Explain Smart City IoT Architecture with a neat diagram. (CO5)
12) Explain Smart City Security Architecture with a neat diagram. (CO5)

Previous Year Questions

13) Give a brief note on Arduino UNO. (CO5)
14) With a neat diagram , Explain Raspberry Pi board. (CO5)
15)With a neat diagram, explain wireless temperature monitoring system using Raspberry Pi.
(CO5)
16)With a neat diagram, explain wireless temperature monitoring system using Raspberry Pi.
(CO5)
17) With the case study explain smart and connected cities using Raspberry Pi. (CO5)

Securing IoT
Historical perspective of OT security, how it has evolved, and some of the common challenges it faces.
It also details some of the key differences between securing IT and OT environments. Finally, it
explores a number of practical steps for creating a more secure industrial environment, including
best practices in introducing modern IT network security into legacy industrial environments.

4.1 Common Challenges in OT Security

The security challenges faced in IoT are by no means new and are not limited to specific industrial
environments. The following sections discuss some of the common challenges faced in IoT.

Erosion of Network Architecture

There is a wide variety in secured network designs within and across different industries. For
example, power utilities have a strong history of leveraging modern technologies for operational
activities, and in North America there are regulatory requirements in place from regulatory
authorities, such as North American Electric Reliability Corporation’s (NERC’s) Critical
Infrastructure Protection (CIP)

Pervasive Legacy Systems

Due to the static nature and long lifecycles of equipment in industrial environments, many
operational systems may be deemed legacy systems. For example, in a power utility environment, it
is not uncommon to have racks of old mechanical equipment still operating alongside modern
intelligent electronic devices (IEDs). In many cases, legacy components are not restricted to
isolated network segments but have now been consolidated into the IT operational environment.
From a security perspective, this is potentially dangerous as many devices may have historical
vulnerabilities or weaknesses that have not been patched and updated, or it may be that patches are
not even available due to the age of the equipment.
INTERNET OF THINGS TECHNOLOGY Page 25
 Insecure Operational Protocols
The structure and operation of most of these protocols is often publicly available. While they
may have been originated by a private firm, for the sake of interoperability, they are typically
published for others to implement. Thus, it becomes a relatively simple matter to compromise the
protocols themselves and introduce malicious actors that may use them to compromise control
systems for either reconnaissance or attack purposes that could lead to undesirable impacts in
normal system operation.

Device Insecurity
Beyond the communications protocols that are used and the installation base of legacy
systems, control and communication elements themselves have a history of vulnerabilities.
To understand the nature of the device insecurity, it is important to review the history of
what vulnerabilities were discovered and what types of devices were affected. A review of the
time period 2000 to 2010 reveals that the bulk of discoveries were at the higher levels of the
operational network, including control systems trusted to operate plants, transmission systems, oil
pipelines, or whatever critical function is in use.

4.2 How IT and OT Security Practices and Systems Vary

The differences between an enterprise IT environment and an industrial-focused OT

deployment are important to understand because they have a direct impact on the security practice
applied to them.

The Purdue Model for Control Hierarchy

Regardless of where a security threat arises, it must be consistently and unequivocally
treated. IT information is typically used to make business decisions, such as those in process
optimization, whereas OT information is instead characteristically leveraged to make physical
decisions, such as closing a value, increasing pressure, and so on. Thus, the operational domain
must also address physical safety and environmental factors as part of its security strategy —and
this is not normally associated with the IT domain. Organizationally, IT and OT teams and tools
have been historically separate, but this has begun to change, and they have started to converge,
leading to more traditionally ITcentric solutions being introduced to support operational activities.
For example, systems such as firewalls and intrusion prevention systems (IPS) are being used in
IoT networks. This model identifies levels of operations and defines each level. The enterprise and
operational domains are separated into different zones and kept in strict isolation via an industrial
demilitarizedzone (DMZ):

4.2.1 Enterprise zone

 Level 5: Enterprise network: Corporate-level applications such as Enterprise Resource
Planning (ERP), Customer Relationship Management (CRM), document management, and
services such as Internet access and VPN entry from the outside world exist at this level.
 Level 4: Business planning and logistics network: The IT services exist at this level and
may include scheduling systems, material flow applications, optimization and planning
systems, and local IT services such as phone, email, printing, and security monitoring.

INTERNET OF THINGS TECHNOLOGY Page 26

 4.2.2 Industrial demilitarized zone
 DMZ: The DMZ provides a buffer zone where services and data can be shared between
the operational and enterprise zones. It also allows for easy segmentation of organizational
control. By default, no traffic should traverse the DMZ; everything should originate from
or terminate on this area.
4.2.3 Operational zone
 Level 3: Operations and control: This level includes the functions involved in managing
the workflows to produce the desired end products and for monitoring and controlling the
entire operational system. This could include production scheduling, reliability assurance,
system wide control optimization, security management, network management, and
potentially other required IT services, such as DHCP, DNS, and timing
 Level 2: Supervisory control: This level includes zone control rooms, controller status,
control system network/application administration, and other control-related applications,
such as human-machine interface (HMI) and historian.
 Level 1: Basic control: At this level, controllers and IEDs, dedicated HMIs, and other
applications may talk to each other to run part or all of the control function.
 Level 0: Process: This is where devices such as sensors and actuators and machines such
as drives, motors, and robots communicate with controllers or IEDs.
4.2.4 Safety zone
 Safety-critical: This level includes devices, sensors, and other equipment used to manage
the safety functions of the control system.

OT Network Characteristics Impacting Security

While IT and OT networks are beginning to converge, they still maintain many divergent
characteristics in terms of how they operate and the traffic they handle. These differences influence
how they are treated in the context of a security strategy. For example, compare the nature of how
traffic flows across IT and OT networks:
4.2.5 IT networks: In an IT environment, there are many diverse data flows. The communication
data flows that emanate from a typical IT endpoint travel relatively far. They frequently traverse
the network through layers of switches and eventually make their way to a set of local or remote
servers, which they may connect to directly.
4.2.6 OT networks: By comparison, in an OT environment (Levels 0–3), there are typically two types
of operational traffic. The first is local traffic that may be contained within a specific package or
area to provide local monitoring and closed-loop control. This is the traffic that is used for
realtime (or near-real-time) processes and does not need to leave the process control levels.

Security Priorities: Integrity, Availability, and Confidentiality

In the IT business world, there are legal, regulatory, and commercial obligations to protect
data, especially data of individuals who may or may not be employed by the organization. This
emphasis on privacy focuses on the confidentiality, integrity, and availability of the data—not
necessarily on a system or a physical asset. The impact of losing a compute device is considered
minimal compared to the information that it could hold or provide access to. By way of
comparison, in the OT world, losing a device due to a security vulnerability means production stops,
and the company cannot perform its basic operation. Loss of information stored on these devices is a
lower concern, but there are certainly confidential data sets in the operating environment that may
have economicimpacts, such as formulations and processes.
INTERNET OF THINGS TECHNOLOGY Page 27
Security Focus
Security focus is frequently driven by the history of security impacts that an organization has
experienced. In an IT environment, the most painful experiences have typically been intrusion
campaigns in which critical data is extracted or corrupted. The result has been a significant
investment in capital goods and human power to reduce these external threats and minimize
potential internal malevolent actors. In the OT space, the history of loss due to external actors has
not been as long, even though the potential for harm on a human scale is clearly significantly
higher. The result is that the security events that have been experienced have come more from
human error than external attacks. Interest and investment in industrial security have primarily
been in the standard access control layers. Where OT has diverged, to some degree, is to emphasize
the application layer control between the higher-level controller layer and the receiving operating
layer. Later in this chapter you will learn more about the value and risks associated with this
approach.

4.4 Formal Risk Analysis Structures: OCTAVE and FAIR

The key for any industrial environment is that it needs to address security holistically and not just
focus on technology. It must include people and processes, and it should include all the vendor
ecosystem components that make up a control system.

OCTAVE
OCTAVE (Operationally Critical Threat, Asset and Vulnerability Evaluation) has undergone
multiple iterations. The version this section focuses on is OCTAVE Allegro, which is intended to
be a lightweight and less burdensome process to implement. Allegro assumes that a robust security
team is not on standby or immediately at the ready to initiate a comprehensive security review.
This approach and the assumptions it makes are quite appropriate, given that many operational
technology areas are similarly lacking in security-focused human assets. Figure 8-5 illustrates the
OCTAVE Allegro steps and phases.

OCTAVE is a balanced information-focused process. What it offers in terms of discipline and

largely unconstrained breadth, however, is offset by its lack of security specificity. There is an
INTERNET OF THINGS TECHNOLOGY Page 28
assumption that beyond these steps are seemingly means of identifying specific mitigations that
can be mapped to the threats and risks exposed during the analysis process.

FAIR
FAIR (Factor Analysis of Information Risk) is a technical standard for risk definition from The
Open Group. While information security is the focus, much as it is for OCTAVE, FAIR has clear
applications within operational technology. Like OCTAVE, it also allows for non-malicious actors
as a potential cause for harm, but it goes to greater lengths to emphasize the point. For many
operational groups, it is a welcome acknowledgement of existing contingency planning. Unlike
with OCTAVE, there is a significant emphasis on naming, with risk taxonomy definition as a very
specific target.
FAIR places emphasis on both unambiguous definitions and the idea that risk and
associated attributes are measurable. Measurable, quantifiable metrics are a key area of emphasis,
which should lend itself well to an operational world with a richness of operational data. At its
base, FAIR has a definition of risk as the probable frequency and probable magnitude of loss. With
this definition, a clear hierarchy of sub-elements emerges, with one side of the taxonomy focused
on frequency and the other on magnitude.
Loss even frequency is the result of a threat agent acting on an asset with a resulting loss to
the organization. This happens with a given frequency called the threat event frequency (TEF), in
which a specified time window becomes a probability. There are multiple sub-attributes that
define frequency of events, all of which can be understood with some form of measurable metric.
Threat event frequencies are applied to a vulnerability. Vulnerability here is not necessarily some
compute asset weakness, but is more broadly defined as the probability that the targeted asset will
fail as a result of the actions applied. There are further sub-attributes here as well.

4. 5 The Phased Application of Security in an Operational Environment

It is a security practitioner’s goal to safely secure the environment for which he or she is
responsible. For an operational technologist, this process is different because the priorities and
assets to be protected are highly differentiated from the better-known IT environment.

Secured Network Infrastructure and Assets

Given that networks, compute, or operational elements in a typical IoT or industrial system have
likely been in place for many years and given that the physical layout largely defines the
operational process, this phased approach to introducing modern network security begins with very
modest, non-intrusive steps.
As a first step, you need to analyze and secure the basic network design. Most automated
process systems or even hierarchical energy distribution systems have a high degree of correlation
between the network design and the operational design. It is a basic tenet of ISA99 and IEC 62443
that functions should be segmented into zones (cells) and that communication crossing the
boundaries of those zones should be secured and controlled through the concept of conduits. In
response to this, it is suggested that a security professional discover the state of his or her network
and all communication channels.

INTERNET OF THINGS TECHNOLOGY Page 29

 Normal network discovery processes can be highly problematic for older networking equipment.
In fact, the discovery process in pursuit of improved safety, security, and operational state can
result in degradation of all three.

Deploying Dedicated Security Appliances

The next stage is to expand the security footprint with focused security functionality. The goal
is to provide visibility, safety, and security for traffic within the network. Visibility provides an
understanding of application and communication behavior. With visibility, you can set policy
actions that reflect the desired behaviors for inter-zone and conduit security. While network
elements can provide simplified views with connection histories or some kind of flow data, you
get a true understanding when you look within the packets on the network. This level of visibility
is typically achieved with deep packet inspection (DPI) technologies such as intrusion
detection/prevention systems (IDS/IPS). These technologies can be used to detect many kinds of
traffic of interest, from simply identifying what applications are speaking, to whether
communications are being obfuscated, to whether exploits are targeting vulnerabilities, to
passively identifying assets on the network.
With the goal of identifying assets, an IDS/IPS can detect what kind of assets are present
on the network. Passive OS identification programs can capture patterns that expose the base
operating systems and other applications communicating on the network. The organizationally
unique identifier (OUI) in a captured MAC address, which could have come from ARP table
exploration, is yet another means of exposure. Coupled with the physical and historical data
mentioned before, this is a valuable tool to expand on the asset inventory without having to
dangerously or intrusively prod critical systems.

Higher-Order Policy Convergence and Network Monitoring

Another security practice that adds value to a networked industrial space is convergence, which
is the adoption and integration of security across operational boundaries. This means coordinating
security on both the IT and OT sides of the organization. Convergence of the IT and OT spaces is
merging, or at least there is active coordination across formerly distinct IT and OT boundaries.
From a security perspective, the value follows the argument that most new networking and
compute technologies coming to the operations space were previously found and established in the
IT space. It is expected to also be true that the practices and tools associated with those new
INTERNET OF THINGS TECHNOLOGY Page 30
technologies are likely to be more mature in the IT space.

There are advanced enterprise-wide practices related to access control, threat detection,
and many other security mechanisms that could benefit OT security.
As stated earlier, the key is to adjust the approach to fit the target environment. Several areas
are more likely to require some kind of coordination across IT and OT environments. Two such
areas are remote access and threat detection. For remote access, most large industrial organizations
backhaul communication through the IT network. Some communications, such as email and web
browsing, are obvious communication types that are likely to touch shared IT infrastructure. Often
vendors or consultants who require some kind of remote access to OT assets also traverse the IT
side of the network. Given this, it would be of significant value for an OT security practitioner to
coordinate access control policies from the remote initiator across the Internet-facing security
layers, through the core network, and to a handoff point at the industrial demarcation and deeper,
toward the IoT assets.
The use of common access controls and operational conditions eases and protects network
assets to a greater degree than having divergent groups creating ad hoc methods. Using location
information, participant device security stance, user identity, and access target attributes are all
standard functions that modern access policy tools can make use of. Such sophistication is a
relatively new practice in industrial environments, and so, if these functions are available, an OT
security practitioner would benefit from coordination with his or her IT equivalents.

INTERNET OF THINGS TECHNOLOGY Page 31