UNIT V

SECURITY AND IMPACT OF THE INTERNET OF

THINGS (IOT)

Topics: Security and Impact of the Internet of Things (IoT) on Mobile Networks-
Networking Function Security-IoT Networking Protocols, Secure IoT Lower
Layers, Secure IoT Higher Layers, Secure Communication Links in IoT.

5.1: Security and Impact of the Internet of Things (IoT) on Mobile

Networks:

5.1.1 IoT Security Impacts against Mobile Networks:

Aside from the security and privacy of IoT-connected devices, the deployment of M2M
systems on wireless mobile networks also has important security implications for the network
itself. Resource allocation to millions of embedded devices is a big challenge for the heavily
used mobile infrastructures of cellular network providers. Beyond the challenge of network
operation under such a load of IoT traffic, M2M traffic is considered to be one of the main
factors within the overall LTE network security framework. Industry and standardization
forums defining the main security threats and requirements for mobile network security are
indeed highlighting the IoT and its potential impact.

The traffic characteristics of many IoT applications, substantially different from user
traffic generated by smartphones and tablets, are known to be a potential source for network
resource utilization inefficiencies. As a result, there is concern regarding the impact that M2M
systems could have on the regular operation of LTE networks, which, if not architected
properly, may be overwhelmed by the surge in both traffic and signaling load. Given the
number of threat vectors against embedded devices, there is also great interest in the potential
impact of botnets of compromised devices and malicious signaling storms.

As mobile networks evolve and transition toward 5G, the capacity and throughput of
the wireless interface is scaled up to tackle the goals of massive device connectivity and 1000
times more capacity. To do so, researchers are already prototyping advanced systems at high
millimiter-wave frequencies and implementing massive multiple-input and multiple-output
(MIMO) systems.

However, a common topic of discussion at a major 5G industry forum was how it is not
all about speed, but also about scalability. The scalability of billions of embedded devices
joining existing LTE and future 5G networks is one of the major availability challenges within
the field of IoT security.

5.1.2: LTE network operation:

LTE mobile networks were designed to provide IP connectivity between mobile devices
and the Internet based on the architecture depicted in Figure 20.1. LTE mobile networks are
divided into two separate sections: the RAN and the core network, referred to as the EPC.

Figure 20.1: LTE network architecture.

A number of user equipment (UE) devices, or mobile terminals, and the eNodeBs, or
LTE base stations, compose the RAN. This wireless access portion of an LTE network is in
control of assigning radio resources to mobile terminals, managing their radio resource
utilization, performing access control, and, in the case of the implementation of the X2 interface
between eNodeBs, even managing mobility and handoffs independently of the EPC.
 The EPC is the core in charge of establishing and managing the point-to-point IP
connectivity between UEs and the Internet. Moreover, certain MAC (medium access control)
operations at the RAN are triggered or controlled by the core network. The EPC is composed
of the following network nodes. The serving gateway (SGW) and the PDN gateway (PGW)
are the routing points that anchor a point-to-point connection, known as a bearer, between a
UE and the Internet.

The mobility management entity (MME) manages the control plane bearer logistics,
mobility, and other network functions. To authenticate end users, the MME communicates with
the home subscriber server (HSS), which stores the authentication parameters and secret keys
of all the UEs.

To operate the network and provide connectivity, LTE networks execute a series of
signaling processes, known as non-access stratum (NAS) functions. Such functions are
coordinated and triggered by means of nonuser data messages among the LTE network nodes,
known as the control plane signaling traffic.

After the device is switched on, a series of steps and algorithms are executed to reach the
connected state. At this stage, an IP default bearer is set up between the UE and the PGW, and
an IP address is assigned to the UE. The device executes the Cell Search procedure to acquire
both time and frequency synchronization, and, by means of the random-access procedure, radio
resources are assigned to the UE, setting up a radio resource control (RRC) connection between
the device and the eNodeB. The NAS identity and authentication procedures are then executed
between the UE and the MME, which in turn communicates with the HSS. At this point, the
data traffic bearers through the SGW and PGW are set up, and the UE’s RRC connection is
reconfigured according to the type of IP service and quality of service (QoS) requested by the
UE.

This entire NAS attach procedure is illustrated in Figure 20.2, which gives a clear visual
intuition of the large number of messages exchanged among EPC elements to connect a mobile
device. Note that the random-access procedure, the RRC connection establishment, and the
NAS authentication and identity procedures involve a substantial number of messages not
shown in the figure for simplicity.
 Figure 20.2: NAS attach signaling procedure.

5.2 Networking Function Security:

In today’s world, connection is a crucial component. The blending of physical and

digital elements is significantly made feasible by the Internet of Things (IoT). The Internet of
Things (IoT) refers to a variety of networked devices, sensors, and systems that connect and
exchange data online. However, as these networks grow, it is increasingly important to
prioritize robust security measures. These measures are crucial for safeguarding the privacy of
sensitive data transmitted through these networks.

5.2.1 Types of IoT Networks:

When designing an IoT application, the choice of network is crucial and depends on the
specific use case. Several factors impact the choice of a specific IoT network. These factors
include coverage area, cost, device environment, density of IoT devices, power consumption,
machine-to-machine communication requirements, network bandwidth, and security. IoT
networks can be classified into four main categories: cellular networks, LAN/PAN, LPWAN,
and mesh protocols. This classification helps in narrowing down the options for a particular
application.

• Cellular networks like 3G, 4G, and 5G offer broad coverage and high bandwidth, but
their cost and power consumption limit their use for battery-powered IoT devices.
• LAN/PAN networks such as Bluetooth and Wi-Fi provide high bandwidth but have
limited coverage and scalability issues.
• LPWANs like NB-IoT and LoRaWAN are suitable for remote and low-power
applications.
• Mesh protocols like Zigbee, Z-Wave, and RFID are designed for distributed networks
with specific uses in industrial, home automation, and asset tracking sectors.

As far as the growth of IoT networks is concerned, according to a study, it is estimated that
by 2030, the number of IoT devices will skyrocket by a staggering 300%, surpassing 25 billion
devices worldwide. In 2020, China led the race with over 3 billion IoT devices already in
operation.

These remarkable IoT devices have infiltrated virtually every industry and market, but one
sector stands out: retail. In fact, the retail market accounted for a whopping 60% of all IoT
devices in 2020. What’s even more intriguing is that experts predict this dominance to persist
unchanged over the next decade.

5.3 IoT Networking Protocols:

The Internet of Things (IoT) involves real-time connectivity of sensor devices to the
web. IoT devices communicate with each other using IoT Network Protocols that govern data
exchange. Different protocols have been designed to accommodate the wide variety of IoT
devices available. The IoT architecture typically consists of four layers: Sensing, Network,
Data processing, and Application:

1. The Sensing layer collects data through hardware components such as sensors and
actuators.

2. The Network layer facilitates device communication using cellular, Wi-Fi___33,

Bluetooth, Zigbee, etc.
3. Data processing occurs in the next layer, utilizing data analytics and machine learning
technologies.

4. The Application layer presents processed data through web portals, apps, or interfaces for
user interaction and visualization.

Designing IoT network protocols is challenging due to limited power availability in IoT
devices. It should meet specific requirements, including simultaneous device communication,
communication security for critical applications, efficient data transport, and scalability to
accommodate device additions or removals. Also, protocols must support wireless operations,
including topological structures and address assignments.

The underlying systems and components that enable the functioning of the Internet of Things.
Here are some critical aspects of IoT networks and Infrastructure:

• Connectivity: IoT networks rely on various communication technologies to connect

devices and enable data transfer. These include cellular networks (4G or 5G), Wi-
Fi___33, Bluetooth, Zigbee, NFC (Near Field Communication), and more. The choice
of connectivity depends on factors like range, data rates, power consumption, and cost.
• Gateways: IoT gateways are intermediaries between IoT devices and the broader
network infrastructure. They often perform protocol translation, data filtering, and
security functions. Gateways help aggregate and manage data from multiple devices
before transmitting it to the cloud or other destinations.
• Cloud Computing: These platforms are utilized in IoT infrastructure for storing,
processing, and analyzing the enormous data generated by IoT devices. These platforms
offer scalability, flexibility, and advanced analytics capabilities.
• Edge Computing: In edge computing, data processing and analysis occur closer to the
devices, optimizing bandwidth usage and enhancing real-time decision-making. This
approach reduces latency and is particularly useful when immediate actions or
responses are necessary.
• Security: Securing the integrity and privacy of sent and stored data is a primary
responsibility in IoT networks. Unauthorized access, data breaches, and cyberattacks
are all prevented by implementing robust security mechanisms like encryption,
authentication, access controls, and secure protocols.
 • Management and Monitoring: Tools and systems are included in IoT infrastructure
to manage and monitor the connected devices. This involves functionalities like device
provisioning, firmware updates, performance monitoring, and troubleshooting to
ensure optimal operation and minimize downtime.
• Scalability and Interoperability: The exponential growth of IoT devices necessitates
scalability in IoT infrastructure. It is crucial to design infrastructure accommodating the
rising number of devices and the accompanying data traffic. Interoperability standards
and protocols enable different devices, platforms, and applications to communicate and
work together seamlessly.

5.4. Secure IoT Lower Layers and Secure IoT Higher Layers:

5.4.1. 5 Layer Architecture of Internet of Things:

IoT includes large number of smart devices connected to a broad internet network with
the help of various networking technologies. Mostly these technologies are wireless in manner.
This makes the structure more complex and difficult to manage. Therefore, architecture is
required.

An architecture is structure for specification of network’s physical components and

their functional organization and configuration, its operational principles and procedures, as
well as data formats used in its operation.

The development of IoT depends on the technologies used, application areas, and
business aspects. There are various IoT architectures are available for IoT devices. However,
the “5 Layer Architecture is considered as the best-proposed architecture of IoT.”

When project work is done with various cutting-edge technologies and broad
application area, 5-layer architecture is considered as best. 5 Layer model can be considered as
an extension to the basic architecture of IoT because it has two additional layers to the basic
model. A 5-layer architecture is shown in figure 5.4.
 Figure 5.4: 5 Layer Architecture of Internet of Things

• Perception Layer:

This is the first layer of IoT architecture. In the perception layer, number of sensors and
actuators are used to gather useful information like temperature, moisture content,
intruder detection, sounds, etc. The main function of this layer is to get information
from surroundings and to pass data to another layer so that some actions can be done
based on that information.

• Network Layer:

As the name suggests, it is the connecting layer between perception and middleware
layer. It gets data from perception layer and passes data to middleware layer using
networking technologies like 3G, 4G, UTMS, WiFI, infrared, etc. This is also called
communication layer because it is responsible for communication between perception
and middleware layer. All the transfer of data done securely keeping the obtained data
confidential.
 • Middleware Layer:

Middleware Layer has some advanced features like storage, computation, processing,
action taking capabilities. It stores all data-set and based on the device address and
name it gives appropriate data to that device. It can also take decisions based on
calculations done on data-set obtained from sensors.

• Application Layer:

The application layer manages all application process based on information obtained
from middleware layer. This application involves sending emails, activating alarm,
security system, turn on or off a device, smartwatch, smart agriculture, etc.

• Business Layer:

The success of any device does not depend only on technologies used in it but also how
it is being delivered to its consumers. Business layer does these tasks for the device. It
involves making flowcharts, graphs, analysis of results, and how device can be
improved, etc.

5.5. Secure Communication Links in IoT:

5.5.1 Understanding the Security Risks of IoT Devices:

 IoT devices leverage a local network to exchange data with each other and perform
specific tasks without human effort. However, while beneficial to individuals and businesses,
these devices come with particular security risks. Learn about the potential threats if you aim
to provide secure IoT communication.

• Outdated software and no timely updates

Many IoT devices aren’t designed with security in mind. So they may not receive
regular updates to fix software vulnerabilities or bugs. As a result, such devices are vulnerable
to hackers’ attacks as they can exploit those weaknesses. That’s why you should take care of
your IoT ecosystem security.

• Poor passwords

IoT devices often have default or weak passwords that are easy to crack. It leaves space
for brute-force attacks or password-guessing bots. They can gain unauthorized access to the
device to control it remotely or steal sensitive data. Thus, changing passwords is essential for
IoT device security.

• User unawareness

It took several years for users to learn about phishing and other scams. Still, many are
unaware of the security risks associated with IoT devices, including data breaches and
unauthorized access. Thus, people often use IoT systems carelessly and neglect regular security
updates.

• Botnet attacks

A botnet is a group of malware-infected devices hackers control remotely.

Cybercriminals use them to launch large-scale attacks like Distributed Denial-of-Service
(DDoS), taking down websites or entire networks. Therefore, they can target your IoT device
or entire ecosystem to steal confidential data or affect device performance.

• Unreliable deployment locations

Securing IoT devices is especially challenging when they are connected to Wi-Fi
networks or located in remote areas with limited physical security. It makes them particularly
vulnerable to hacker attacks and data theft risks.
• Poor data protection

Many IoT devices transmit data over the Internet or store it locally, making them
sensitive to data breaches. If this information lacks proper encryption and data protection
measures, cybercriminals can intercept it and use it maliciously.

5.5.2. Additional Tips for Securing Communication with IoT Devices:

➢ Use two-factor authentication (2FA): It will add an extra security layer to access
control. 2FA requires users to provide two forms of identification, such as a password
and a one-time code sent to a smartphone.
➢ Disable unnecessary features: Some unnecessary functions can create additional entry
points for attackers. Thus, it’s better to turn off all redundant elements of your device’s
system.
➢ Consider using a virtual private network (VPN): This tool establishes a secure and
encrypted connection between the IoT device and the network. This way, it prevents
unauthorized data interception risks.
➢ Use secure and standard communication protocols: Most frameworks support
MQTT and HTTPS. Luckily, setting up encrypted communication with their help is
pretty straightforward.
➢ Be careful with device discovery mechanics: It’s better to prevent access of
unregistered devices to the system’s API. You can implement additional mechanisms
for discovering devices and approving them according to particular criteria.
➢ Allocate a separate network for local stand-alone systems: Attackers have a minimal
chance of hacking your IoT device if the entire system works only within a local
network.
➢ Use factory reset protection: Suppose your device is in a public place, and an attacker
can access it. Then, it’s better to add precautions from resetting the device to factory
settings.
➢ Leverage secure boot: This way, you will ensure that only authorized software enters
the device. It prevents unauthorized access to the IoT system and doesn’t let in
malicious software.
➢ Use code signing: This process verifies if the code executed on a device is authorized.
Thus, you will prevent hackers from installing malicious programs into your IoT
system.
➢ Implement hardware-based security features: Functions like secure boot, the
hardware-based root of trust, and secure enclave help to ensure communication security
in IoT. They protect the devices from tampering and unauthorized access.
➢ Secure IoT device interfaces: Make sure to protect USB ports, debug ports, and JTAG
ports from potential attacks.