Scribd
Upload
30 views

IoT Security Lecture 2 Notes

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views

IoT Security Lecture 2 Notes

Uploaded by

Shivend Menon
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 15

IoT DEVICES

CHALLENGES

HOW TO CONNECT TO THE INTERNET


WHAT IS IP ADDRESS?
— Internet Protocol address is a numerical label assigned to each device connected to a
computer network that uses the Internet Protocol for communications
— An IP address serves two principal functions: host or network interface identification
and location addressing

WHAT IS MY IP ADDRESS?

IPv4 ADDRESS EXHAUSTION

IPv6 LARGER ADDRESS SPACE


— IPv4 (32 bits) = 4,294,967,296 possible addressable devices
— IPv6 (128 bits) = 4 times the size in bits | 3.4 x 1038 possible addressable devices
IPv6
— An IPv6 address is a numerical label that is used to identify a network interface of a
computer or a network node participating in an IPv6 computer network

HEXADECIMAL NUMBER TO BINARY

IPv6 ADDRESS REPRESENTATION


— 128 bits in length and written as a string of hexadecimal values
— Can be written in either lowercase or uppercase
— A leading zero can be omitted
o 2340:0023:AABA:0A01:0055:5054:9ABC:ABB0
o 2340:23:AABA:A01:55:5054:9ABC:ABB0
— Successive fields of zeros can be represented as two colons (::)
o 2340:0000:0000:0000:0455:0000:AAAB:1121
o 2340::0455:0000:AAAB:1121
IPv6 ADDRESS STRUCTURE

— Site prefix (48 bits): also known as Global Routing Prefix, is the prefix or network
portion of the address assigned by the provider, such as an ISP, to a customer or site
— Subnet ID (16 bits): is used by an organisation to identify subnets within its site
— Interface ID (64 bits): is equivalent to the host of an IPv4 address. It is used because a
single host may have multiple interfaces, each having one or more IPv6 addresses

IPv6 DEVELOPMENT
— Work on specification began in 1990. Currently specified by RFC 2460 through 2466
— Some of the major goals:
1. Support huge number of hosts
2. Reduce the size of routing tables
3. Simplify protocol - > allow for faster packet processing
4. Improve security
5. Allow host roaming without address changing
— In general, IPv6 is not compatible with IPv4, but is compatible with internet control and
transport protocols such as ICMP, OSPF, BGP, TCP, UDP, etc
IPv6 AND IoT
— Which came first: the growth in IPv6 or the IoT
— IoT is driving IPv6 adoption, and IPv6 is enabling growth in the IoT

WHY SHOULD THE IoT CARE ABOUT IPv6?


— Security: IPv6 can run end-to-end encryption. While this technology was retrofitted
into IPv4, it remains an extra option that is not universally used
— Scalability: IPv6 can support up to 3.4x10^38 IP addresses
— Connectability: IPv6 allows IoT products to be uniquely addressable without having to
work around all of the traditional NAT and firewall issues
HOW IPv6 HELP SECURITY FOR IoT
— IPv4 Security Issues:
o DoS attacks
o Man-in-the-middle attacks
o ARP spoofing attacks
o Malware attacks
o Reconnaissance attacks
IPv6 ENHANCEMENT FOR SECURITY
— Unlike IPv4, IPsec security is mandated in the IPv6 protocol specification, allowing
IPv6 packet authentication and/or payload encryption via the Extension Headers
— IPv6 Packet Encryption: IPsec defines cryptography-based security for both IPv4 and
IPv6 in RFC 4301. IPsec support is an optional add-on in IPv4, but is a mandatory part
of IPv6
o Authentication Header: provides connectionless integrity, data-origin
authentication and protection against replay attacks
o Encapsulating Security Payload: provides privacy and confidentiality through
encryption of the payload

CHALLENGES OF IPv6 IN IoT NETWORKS


— Standardisation for IoT
— Limited computing resources on IoT device
— Wireless communication
IoT COMMUNICATIONS
OVERVIEW OF LoWPANs
— LoWPANs (Low-Power Wireless Personal Area Networks) (IEEE 802.15.4)
— A simple low throughput wireless network comprising typically low cost and low
power devices
— Devices in the network typically work together to connect the physical environment to
real world applications, e.g., wireless sensors networks
— Common topologies include: star, mesh, and combinations of star and mesh
— The physical and MAC layers conform to IEEE 802.15.4-2003 standard
LoWPAN TOPOLOGIES

LoWPAN ARCHITECTURE

TYPICAL APPLICATIONS
— Equipment health monitoring
— Environment monitoring
— Security
— Home
— Building automation
6LoWPAN
— IPv6 Low-Power Wireless Personal Area Networks (6LoWPAN)
— The pervasive nature of IP networks allows use of existing infrastructure
— IP-based technologies already exist, are well-known, and proven to be working
— Open and freely available specification vs. closed proprietary solutions
— Tools for diagnostics, management, and commissioning of IP networks already exist
— IP-based devices can be connected readily to other IP-based networks, without the need
for intermediate entities like translation gateways or proxies
6LoWPAN PROBLEMS
— No method exists to make IP run over LoWPAN networks
— Stacking IP and above layers ‘as is’ may not fit within one 802.15.4 frame
— Not all ad-hoc routing protocols may be immediately suitable for LoWPAN
— Current service discovery methods ‘bulky’ for LoWPAN
— Limited configuration and management necessary
6LoWPAN ADAPTION LAYER
FUNCTIONS OF 6LoWPAN ADAPTIVE LAYER
— Three main functions:
o Header compression: compresses the 40-byte IPv6 and 8-byte UDP headers
by assuming the usage of common fields
o Fragmentation and reassembly: in order to enable the transmission of IPv6
frames over IEEE 802.15.4 radio links, the IPv6 frames need to be divided into
several smaller segments
o Auto configuration: auto configuration is the autonomous generation of a
device’s IPv6 address. The process is essentially different between IPv4 and
IPv6. In IPv6 it allows a device to automatically generate its IPv6 address
without any outside interaction with a DHCP server or such
HEADER COMPRESSION

EXERCISE
— How these functions work?
o Fragmentation and reassembly
o Auto configuration

IoT, IPv6, AND 6LoWPAN


SUMMARY
— IPv6
— IPv6 FOR IoT SECURITY
— 6LoWPAN
EXERCISE
— Why IPv6 is important for IoT security?
— How 6LoWPAN adaptive layer work?
— Reading the specified documents

APPENDIX FOR CONTIKI LABS


TCP/IP PROTOCOL STACK
RPL-UDP COMMUNICATIONS

— RPL is an IPv6 routing protocol for low power and lossy networks (e.g., LoWPAN)
— User Datagram Protocol (UDP) is transmission control protocol, and it is one of the
core members of the internet protocol
RPL
— Low power and lossy networks (LLN) have constraints on processing, memory, and
energy, so conventional routing methods such as OSPF, OLSR, RIP, AODV, DSR, etc.,
may not be practical to deploy
— LLN links have high loss rate, low data rates, instability with dynamic topology
USER DATAGRAM PROTOCOL (UDP)
— With UDP, computer applications can send messages, in this case referred to as
datagrams, to other hosts on an Internet Protocol (IP) network
— UDP provides checksums for data integrity, and port numbers for addressing
different functions at the source and destination of the datagram
— UDP is suitable for purposes where error checking and correction are either not
necessary or are performed in the application
— UDP avoids the overhead of such processing in the protocol stack
TCP VS. UDP
— TCP:
o Slower but reliable transfers
o Typical applications:
 Email
 Web browsing
o Unicast (cast to a single destination)
— UDP:
o Fast but non-guaranteed transfers (“best effort”)
o Typical applications:
 VoLP
 Music streaming
o Unicast (cast to a single destination)
o Multicast (cast to many destinations)
o Broadcast (cast to all destinations)

You might also like