UNIT-4 Data Handling and

Sensor Network
Data Acquiring
• Data Generation:
• Passive Devices Data: Data generated by devices without their own power
source (e.g., RFID, ATM debit cards)
• Active Devices Data: Data generated by powered devices (e.g., active
RFID, wireless sensor nodes)
• Event Data: Generated based on specific conditions (e.g., security breach,
traffic detection)
• Device Real-time Data: Instantaneous data communication (e.g., ATM
transactions)
• Event-driven Device Data: Data generated only upon specific events (e.g.,
device status updates)
• Data Acquisition:
• Data acquisition from IoT/M2M devices
• Interaction with data acquisition systems (Applications)
• Configuration of devices for periodic data collection/data on demand
• Data management at the gateway (transcoding, security, integration,
fusion)
Data Acquiring
• Data Validation
• Ensuring correctness, consistency, and meaningfulness of acquired data
• Validation checks using software logic and rules
• Strategies for handling large-scale data (filtering, frequency control,
enrichment)
• Data Categorization for Storage:
• Three storage categories: Raw data for future processing and auditing
• Data along with processed results for quick analytics
• Streaming/real-time data requiring immediate processing
• Storage as Big Data in databases, warehouses, or Cloud
• Assembly Software for Events
• Sensors generating event data (e.g., temperature threshold, pressure
levels)
• Assigning event IDs and logic states (Logic 1 = event generated, Logic 0
= event acted upon)
• Event assembly using software logic, timestamps, and device IDs
Data Acquiring
• Data Store
• Concept of data repositories (databases, flat files, spreadsheets,
servers)
• Distributed data storage (e.g., Apache Cassandra)
• Structured (relational databases) vs unstructured data storage
• Data Centre Management
• Facilities for secure data storage and protection
• Infrastructure components (servers, high-speed networks, security
systems)
• Role of data centre managers in IT operations, security, and quality
control
• Server Management
• Managing server services, setup, and maintenance
• Key responsibilities: Fast response to system/network failures
• Security, updates, and monitoring
• Confidentiality and integrity of data
• Protection against cyber threats (spam, malware, unauthorized access)
Data Acquiring

• Spatial Storage
• Storage of location-based data for tracking and inventory control
• Spatial data refers to the data which represents object defined in
geometric space
• Spatial databases optimized for geometric data (points, lines, polygons,
3D objects)
• Application areas: RFID tracking, traffic monitoring, digital maps
Summary for Data Acquiring

1. Data Generation
2. Data Acquisition
3. Data Validation
4. Data Categorization for storage
5. Assembly Software for events
6. Data Store
7. Data Center Management
8. Server management
9. Spatial Storage
Data Organizing

• Data organization refers to the systematic arrangement of data

for efficient retrieval and analysis.
• Various methods include files, databases, and object-oriented
databases.
• Proper organization ensures data consistency, integrity, and
ease of access.
• Databases:
• A database is a structured collection of data stored electronically.
• Organized into tables with rows (records) and columns (fields).
• Example: Student records database with Name, Roll Number, and
Grades.
Data Organizing

• Relational Databases (RDBMS)

• Uses structured tables that relate to each other via keys (Primary, Foreign,
Unique).
• Ensures flexibility, consistency, and efficiency.
• Examples: MySQL, PostgreSQL, Oracle DB, Microsoft SQL Server.
• Advantages: Scalability, ACID compliance, data integrity.
• Object-Oriented Databases (OODBMS)
• Stores data as objects rather than tables.
• Used in applications requiring complex data structures.
• Examples: ConceptBase.
• Suitable for multimedia applications and real-time data processing.
Data Organizing

• Database Management Systems (DBMS)

• DBMS is software designed for creating, managing, and interacting with
databases.
• Features include data security, backup, multi-user access.
• Example Systems: MySQL, Oracle, Microsoft Access.
• ACID Properties in Database Transactions
• Atomicity: Ensures complete transactions (all or nothing).
• Consistency: Maintains database integrity before and after
transactions.
• Isolation: Ensures transactions are executed independently.
• Durability: Guarantees data permanence after transactions.
• Example: Banking transactions ensuring debit and credit balance
updates.
Data Organizing
• Distributed Databases: Collection of interconnected databases
across multiple locations.
• CAP Theorem: Trade-off between Consistency, Availability, and
Partition Tolerance.
• Consistency: Latest data available to all nodes.
• Availability: System remains operational even if some nodes fail.
• Partition Tolerance: Operates despite network failures.
• Since network failures are inevitable in distributed systems, a
database must prioritize either consistency or availability:
• CP (Consistency + Partition Tolerance): Strong consistency
but sacrifices availability (e.g., traditional SQL databases,
Google Spanner).
• AP (Availability + Partition Tolerance): Prioritizes uptime but
may show stale or inconsistent data (e.g., NoSQL databases
like Cassandra, DynamoDB).
• CA (Consistency + Availability): Only possible in centralized
databases without partitions, which is not practical for
distributed systems.
Data Organizing

• Query Processing in Databases: Retrieving specific data from

a database using queries.
• Query Processing Steps:
• Parsing & Translation
• Decomposition
• Optimization
• Evaluation Plan
• Result Generation
• Example: ATM transaction history query.
Data Organizing
• Structured Query Language (SQL):
• Standard language for interacting with relational databases.
• SQL Components:
• DDL (Data Definition Language): CREATE, ALTER, DROP tables.
• DML (Data Manipulation Language): SELECT, INSERT, UPDATE,
DELETE data.
• DCL (Data Control Language): GRANT, REVOKE permissions.
• Example Query: SELECT * FROM Students WHERE Grade > 80;
• NOSQL : Non-relational databases designed for scalable and
high-performance applications.
• Types:
• Key-Value Stores (e.g., Amazon DynamoDB)
• Document Stores (e.g., MongoDB)
• Semi structured Stores (e.g., Apache Cassandra)
• Graph Databases (e.g., Neo4j)
• Used in Big Data, IoT, and real-time applications.
Data Organizing
• Extract, Transform, Load (ETL):
• Extract: Retrieve data from different sources.
• Transform: Convert data into the required format.
• Load: Store data into the target system (e.g., Data Warehouse).
• Used for integrating data from multiple applications.
• Relational Time Series Services: Optimized databases for
handling time-stamped data.
• Examples: IBM Informix TimeSeries, OpenTSDB, InfluxDB.
• Applications: IoT, Financial Market Analysis, Weather Forecasting.
• Real-Time & Intelligent Databases:
• Process live data streams with low latency.
• Examples: Massively
• Parallel Processing (MPP): Teradata Aster, Greenplum.
• In-Memory Databases: SAP HANA, QlikView.
• Columnar Databases: HP Vertica, SAP Sybase IQ.
Summary

• Database
• Query Processing
• SQL
• NOSQL
• ETL
• RTSS
• RT&I
Data Processing

• Online Transactions Processing (OLTP): Process as soon as the data/ event

is generated in Real-Time.
• Batch Transactions Processing
• Streaming Transactions Processing
• Interactive Transactions Processing
• Real-time Transactions Processing
• Event Stream Processing
• Complex Event Processing

• Business Processes: Consist of a series of activities which serve as a

particular specific result

• Mostly used when an enterprise has number of interrelated process which

serves a particular result or a goal
Data Processing
• Business Intelligence: It is a process which enables a business service to
extract new facts and knowledge and then take better decisions

Architecture reference model for the business intelligence and business processes at
Automotive Components and Predictive Automotive Maintenance System
Data Processing
• Distributed Business Process

• Why Distribution?
• Reduces complexity, communication costs

• Enables faster response times

• Reduces central processing load

• Real-World Example: Traffic lights control:

• Control process distributed at each gateway

• Reduces system load and improves responsiveness

• DBPS: A software system managing distributed business processes (BPs)

• Collection of logically interrelated BPs across an enterprise network

• Works transparently – users see all process decisions as if from a single BP

• DBPS should posses Location Independence

• Allows seamless data transfer and analytics across locations

Data Analytics
• Organized data after acquiring from the devices can be used for
multiple purposes.
• Applications usually use the data of devices in two ways—for
monitoring, reporting and rule-based actions.
• An enterprise creates sections and unit-wise analytics.
• The analytics enable fact-based decision making in place of
intuition-drive decision making.
• Analytics provides business intelligence.
• Analytics has three phases before deriving new facts and
providing business intelligence:
• Descriptive analytics enables deriving the additional value from
visualizations and reports.
• Predictive analytics is advanced analytics which enables extraction of
new facts and knowledge, and then predicts or forecasts.
• Prescriptive analytics enables derivation of the additional value and
undertake better decisions for new option(s) to maximize the profits.
Data Analytics

• Analytics architecture
consists of the
following layers:
• Data sources layer
• Data storage and
processing layer
• Data access and query
processing layer
• Data services,
reporting and
advanced analytics
layer
Cloud Computing

• Cloud computing is the delivery of computing

services—including servers, storage, databases, networking,
software, analytics, and intelligence—over the Internet (“the
cloud”) to offer faster innovation, flexible resources, and
economies of scale.
• You typically pay only for cloud services you use, helping lower
your operating costs, run your infrastructure more efficiently and
scale as your business needs change.
• Advantage
• Cost
• Global connectivity
• Speed
• Productivity
• Performance
• Reliability
• Security
Cloud Computing Architecture

Cloud Computing architecture comprises of many cloud components,

which are loosely coupled. We can broadly divide the cloud
architecture into two parts:
• Front End
• Back End
Each of the ends is connected through a network, usually Internet.
• Front End
The front end refers to the client part of cloud computing system. It
consists of interfaces and applications that are required to access the
cloud computing platforms, Example - Web Browser.
• Back End
The back End refers to the cloud itself. It consists of all the resources
required to provide cloud computing services. It comprises of
huge data storage, virtual machines, security mechanism, services,
deployment models, servers, etc.
•Cloud infrastructure consists of servers, storage
devices, network, cloud management software,
deployment software, and platform virtualization.
•
• Hypervisor:
Hypervisor is a firmware or low-level program that acts as a
Virtual Machine Manager. It allows to share the single physical
instance of cloud resources between several tenants.
• Management Software:
It helps to maintain and configure the infrastructure.
• Deployment Software:
It helps to deploy and integrate the application on the cloud.
• Network:
It is the key component of cloud infrastructure. It allows to connect
cloud services over the Internet. It is also possible to deliver
network as a utility over the Internet, which means, the customer
can customize the network route and protocol.
• Server:
The server helps to compute the resource sharing and offers other
services such as resource allocation and de-allocation, monitoring
the resources, providing security etc.
• Storage:
Cloud keeps multiple replicas of storage. If one of the storage
resources fails, then it can be extracted from another one, which
makes cloud computing more reliable.
• Infrastructural Constraints:
Fundamental constraints that cloud infrastructure should implement
are shown in the following diagram:
A list of advantages and disadvantages of cloud
computing:
Advantages of Cloud Disadvantages of Cloud
No cost of infrastructure Good internet connection
& bandwidth required
Minimum management Downtime
and cost
No administrative or Limited control of
management hassles infrastructure
Easy accessibility Restricted or limited
flexibility
Pay per use Ongoing costs
Reliability Security
Data control Vendor lock-in
Data backup and recovery Technical Issues
Huge cloud storage NA
Cloud Services

Service Models: The many paradigms of cloud computing can

be broken down into three unique service model classifications:

• Infrastructure as a Service (IaaS)

• Platform as a Service (PaaS)
• Software as a Service (Saas)
• Everything as a Service (XaaS)
Cloud Services

What does 'as a service' mean?

• Consider the difference between valet parking and renting a
parking spot.
• Valet parking is a service, while a parking spot is a product,
even though both provide the same benefit to the customer: a
place to leave their car.
• Traditionally, software vendors sold their software to users as a
product.
Infrastructure as a Service (IaaS)
• Also known as Hardware as a Service (HaaS).
• It is one of the layers of the cloud computing platform.
• It allows customers to outsource their IT infrastructures such as
servers, networking, processing, storage, virtual machines, and
other resources.
• Customers access these resources on the Internet using a
pay-as-per use model.
• Clients can dynamically scale the configuration to meet
changing requirements and are billed only for the services
actually used.
A cloud computing service provider, such as Azure, manages the
infrastructure, while you purchase, install, configure and
manage your own software—operating systems, middleware
and applications.
Infrastructure as a Service (IaaS)

• IaaS provider provides the following services -

• Compute: Computing as a Service includes virtual central
processing units and virtual main memory for the Vms that is
provisioned to the end- users.
• Storage: IaaS provider provides back-end storage for storing
files.
• Network: Network as a Service (NaaS) provides networking
components such as routers, switches, and bridges for the VMs.
• Load balancers: It provides load balancing capability at the
infrastructure layer.
• Common examples: DigitalOcean, Linode, Rackspace,
Amazon Web Services (AWS), Cisco Metapod, Microsoft Azure,
Google Compute Engine (GCE) are some popular examples of
Iaas.
Infrastructure as a Service (IaaS)
Advantages of IaaS cloud computing layer
• Shared infrastructure
IaaS allows multiple users to share the same physical
infrastructure.
• Web access to the resources
Iaas allows IT users to access resources over the internet.
• Pay-as-per-use model
IaaS providers provide services based on the pay-as-per-use
basis. The users are required to pay for what they have used.
• Focus on the core business
IaaS providers focus on the organization's core business rather
than on IT infrastructure.
• On-demand scalability
On-demand scalability is one of the biggest advantages of IaaS.
Using IaaS, users do not worry about to upgrade software and
troubleshoot the issues related to hardware components.
Infrastructure as a Service (IaaS)

Disadvantages of Iaas:
• Security
Security is one of the biggest issues in IaaS. Most of the IaaS
providers are not able to provide 100% security.
• Maintenance & Upgrade
Although IaaS service providers maintain the software, but they
do not upgrade the software for some organizations.
• Interoperability issues
It is difficult to migrate VM from one IaaS provider to the other,
so the customers might face problem related to vendor lock-in.
Hosted Development Operating Servers and Networking Data center
applications tools, systems storage firewalls/ physical plant/
/ database security building
apps management,
business
analytics
Platform as a Service (PaaS)

• PaaS or platform as a service model provides you computing

platforms which typically includes an operating system,
programming language execution environment, database, web
server.
• It is a layer on top of IaaS as the second thing you demand after
Infrastructure is a platform.
Common examples: AWS Elastic Beanstalk, Windows Azure,
Heroku, Force, Google App Engine, Apache Stratos.
Platform as a Service (PaaS)
• Platform as a Service (PaaS) provides a runtime environment.
• It allows programmers to easily create, test, run, and deploy web
applications.
• You can purchase these applications from a cloud service
provider on a pay-as-per use basis and access them using the
Internet connection.
• In PaaS, back end scalability is managed by the cloud service
provider, so end- users do not need to worry about managing the
infrastructure.
• PaaS includes infrastructure (servers, storage, and networking)
and platform (middleware, development tools, database
management systems, business intelligence, and more) to
support the web application life cycle.
Example: Google App Engine, Force, Joyent, Microsoft Azure App
Service.
Platform as a Service (PaaS)
PaaS providers provide the Programming languages, Application
frameworks, Databases, and Other tools:
• Programming languages
PaaS providers provide various programming languages for the
developers to develop the applications. Some popular programming
languages provided by PaaS providers are Java, PHP, Ruby, Perl, and
Go.
• Application frameworks
PaaS providers provide application frameworks to easily understand
the application development. Some popular application frameworks
provided by PaaS providers are Node.js, Drupal, Joomla, WordPress,
Spring, Play, Rack, and Zend.
• Databases
PaaS providers provide various databases such as ClearDB,
PostgreSQL, MongoDB, and Redis to communicate with the
applications.
• Other tools
PaaS providers provide various other tools that are required to
develop, test, and deploy the applications.
• The following diagram shows how PaaS offers an API and
development tools to the developers and how it helps the end user
to access business applications.
Advantages of PaaS
• Simplified Development
PaaS allows developers to focus on development and innovation
without worrying about infrastructure management.
• Lower risk
No need for up-front investment in hardware and software. Developers
only need a PC and an internet connection to start building
applications.
• Prebuilt business functionality
Some PaaS vendors also provide already defined business
functionality so that users can avoid building everything from very
scratch and hence can directly start the projects only.
• Instant community
PaaS vendors frequently provide online communities where the
developer can get the ideas to share experiences and seek advice
from others.
• Scalability
Applications deployed can scale from one to thousands of users
without any changes to the applications.
Disadvantages of PaaS

• Vendor lock-in
• Data Privacy
• Integration with the rest of the systems
applications
Software-as-a-Service (SaaS)

• Provided access to application services installed at a server.

• You don’t have to worry about installation, maintenance or
coding of that software.
• You can access and operate the software with just your
browser.
• You don’t have to download or install any kind of setup or OS,
• Software is just available for you to access and operate.
• The software maintenance or setup or help will be provided by
SaaS provider company and you will only have to pay for your
usage.
Common examples: Google Apps, Microsoft office365, Google
docs, Gmail, WHMCS billing software
Software-as-a-Service (SaaS)

• Software-as-a-Service, or SaaS for short, is a cloud-based

method of providing software to users.
• SaaS users subscribe to an application rather than purchasing it
once and installing it.
• Users can log into and use a SaaS application from any
compatible device over the Internet.
• The actual application runs in cloud servers that may be far
removed from a user's location.
Everything as a Service (XaaS)

• Everything as a Service (XaaS) in IoT refers to a broad, flexible

cloud service model where any IT function, resource, or
capability can be delivered as a service over the internet —
on-demand, pay-as-you-go.
XaaS = SaaS + PaaS + IaaS + more
• In the context of IoT, it extends beyond traditional cloud services
UNIT-5 IoT Security and
Case Studies
Wireless Sensor Network

• WSN is defined as a network in which each sensor node

connects wirelessly and has the capability of computation, for
data compaction, aggregation and analysis.
• Each one also has communication as well as networking
capabilities.
• A WSN consists of spatially distributed autonomous devices
(sensors).
• A WSN acquires data from multiple and remote locations.
Context-Based Node Operations

• In WSNs, context refers to:

• Physical conditions (like time, temperature, battery level)
• System state (like memory usage, network load)
• User activity (what the user/device has done before)
• Network status (like available connections)
• Sensor node behaves differently depending on the context.
• Instead of doing the same thing all the time, the node adapts:
• It can change tasks
• Re-program itself
• Change how it collects or sends data
• This makes the system smarter, more efficient, and better suited
to real-world applications.
Context-Based Node Operations

• Context-Dependent Sensing, Networking, and Computing

• Sensing
• Networking
• Computing
• Node uses its sensors, memory, or communication protocols
differently depending on the situation.
WSN Node Architecture

• It is a Three-layered architecture
• Application
• Network
• Physical cum Data-link
Architecture for Connecting Nodes
• Two architectures for connecting WSN nodes
• Fixed connection: Connecting infrastructure of WSN nodes,
coordinators, relays, gateways and routers
• Adhoc network of WSNs, access points, routers, gateways and
multi-point relays
Architecture for Networking of the
Nodes
• Two basic architectures for networking of the nodes:
• Layered architecture (MINA)
• Multi-cluster architecture.
Architecture for Networking of the
Nodes
• Two basic architectures for networking of the nodes:
• Layered architecture
• Multi-cluster architecture.
Sensor Data Communication Protocol

• UART (Universal Asynchronous Receiver Transmitter)

• I2C
• LIN (Local Interconnect Network) Serial Bus
• CAN (Controlled Area Network) Serial Bus
• MOST (Media oriented System Transport)
• USB
• IEEE 1394 (FireWire)
Local Interconnect Network (LIN)
• Serial bus network protocol for communication between
automobile circuits, sensors and actuator circuits, components
and systems, such as window movements, seat movements
and wipers.
• The protocol is simpler to use compared to CAN in automobiles.
• LIN communication is single master with maximum 15 slaves
with no bus arbitration.
• LIN features:
• Use of single wire using which communication up to 19.2 kbit/s
for 40 m bus length
• Variable length of data frame (2, 4 and 8 byte)
• Configuration flexibility
Controller Area Network (CAN)
• Embedded controllers with sensors and actuators are
networked and are controlled through the CAN bus.
• A CAN device receives or sends a bit at an instance by
operating at the maximum rate of 2 Mbps.
• It employs a twisted pair connection to each node.
• The pair runs up to a maximum length of 40 m.
Media Oriented System Transport
(MOST)
• Communication functionality is provided by a driver software
called MOST network services.
• Services are service programs.
• Software for processing the MOST protocol communication between a
MOST Network Interface Controller (NIC) and devices.
• MOST protocol enables high-speed serial bus for synchronous
data communication.
• It forms a multimedia network optimized for automotive and
other industries.
• MOST bus uses a ring topology.
• Data transfer speeds: MOST25 (25 Mbps), MOST50, and
MOST150 (150 Mbps)
Universal Serial Bus (USB)

• A bus between a host system and a number of interconnected

peripheral devices.
• Maximum 127 devices can connect to a host.
• It provides a fast (up to 12 Mbps) and as well as a low-speed
(up to 1.5 Mbps) serial transmission and reception between the
host and serial devices.
• Both the host and devices can function in a system.
• Three standard protocols for USB are USB 1.1 (a low speed 1.5
Mbps 3 meter channel along with a high speed 12 Mbps 25
meter channel), USB 2.0 (high speed 480 Mbps 25 meter
channel), and wireless USB (high speed 480 Mbps 3 m).
• USB bus uses tree topology.
IEEE 1394 Bus Standard (FireWire)

• Digital video cameras, digital camcorders, Digital Video Disk

(DVD), set-top boxes, high definition audio-video and music
systems multimedia peripherals, latest hard disk drives, and
printers need a high-speed bus standard interface directly to a
personal computer.
• IEEE 1394 is a standard for 800 Mbps serial isosynchronous
data transfer.
• Isosynchronous means that bits in data frame communicate
synchronously, but frames in-between time interval can be
variable.
IoT Privacy, Security, and
Vulnerabilities
• IoT systems collect and share sensitive data (e.g., ATM videos,
health data).
• Trust = Dependability, accuracy, and safety of data usage.
• Users trust that their data won’t be misused (e.g., social media,
smart devices).
• Real-World Example: ATM transactions and security footage —
users trust the bank not to leak or misuse their data.
• Open Trust Alliance (OTA): Formed IoT Trustworthy Group
(ITWG) to ensure privacy and security from design phase.
• 'I Am The Cavalry' Movement:
• Proposed an oath for connected medical devices (similar to the
Hippocratic Oath).
• Devices must preserve patient safety and data trust.
Privacy, Security, and Vulnerabilities

• Concern Impact Example Use Case

• Trust Dependable data use Social media, health records
• Security Prevent data breaches, ATM messages, smart cities
hacking
• Privacy Protect user and Smart home video
device data surveillance
Privacy in IoT
• Definition: Ensuring data from devices is only accessible by
authorized services and users.
• Example: Automobile diagnostic data should reach only the
designated service center.
• Key Points:
• Messages/data must not be intercepted or misused.
• Privacy policy must define what data needs absolute or limited privacy.
• Respect for privacy is a fundamental human need.
• Authorities may need access but must respect individual rights.
• NIST (USA) and I am The Cavalry are working on privacy standards.
Vulnerabilities in IoT

• Definition: Weaknesses in IoT that can be exploited to

compromise devices, data, or communication.
• Common Causes: Multiple hardware/software layers, varied
device types (sensors, wearables, automobiles).
• Types of Vulnerabilities:
• Eavesdropping: Unauthorized listening to data streams.
• Fake device/server commands: Tampering with network trust.
• Key cracking: Brute-force attacks on secret encryption keys.
• Lack of authentication: Especially critical in low-interaction devices.
 Vulnerabilities in IoT

• OWASP Top 10 IoT Vulnerabilities

1. Insecure Web Interface
2. Insufficient Authentication/Authorization
3. Insecure Network Services
4. Lack of Transport Encryption/Integrity Verification
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface
8. Insufficient Security Configurability
9. Insecure Software/Firmware
10. Poor Physical Security
Vulnerabilities in IoT

1. Insecure Web Interface

∙ What it means: The web dashboard or portal used to configure or access IoT
devices is poorly secured.

∙ Risks: Cross-site scripting (XSS), SQL injection, weak login forms.

∙ Example: A smart thermostat's web control panel has no HTTPS or login limit.

2. Insufficient Authentication or Authorization

∙ What it means: Devices or systems allow access without proper credentials or

permission checks.

∙ Risks: Unauthorized access to devices or controls.

∙ Example: Default or hardcoded passwords still active on a smart security

camera.
Vulnerabilities in IoT

3. Insecure Network Services

∙ What it means: The services running on IoT devices (like Telnet, FTP) are
exposed and vulnerable.

∙ Risks: Remote code execution, device hijacking.

Example: An open Telnet port on an IoT bulb allows attackers to access the
system.

4. Lack of Transport Encryption / Integrity Verification

∙ What it means: Data is sent over the network unencrypted, or without

verifying its integrity.

∙ Risks: Man-in-the-middle (MitM) attacks, data tampering.

∙ Example: IoT sensor data sent in plain text over Wi-Fi.

Vulnerabilities in IoT
5. Privacy Concerns

∙ What it means: Devices collect, store, or share personal information without proper control or
consent.

∙ Risks: Identity theft, surveillance, data misuse.

∙ Example: A fitness band shares location data with third parties without user knowledge.

6. Insecure Cloud Interface

∙ What it means: The APIs or cloud dashboards managing the IoT system are not properly secured.

∙ Risks: Data leaks, account hijacking, unauthorized control.

∙ Example: An attacker uses weak API keys to control a smart irrigation system.

7. Insecure Mobile Interface

∙ What it means: Mobile apps used to control IoT devices are vulnerable.

∙ Risks: Data leakage, device manipulation.

∙ Example: A mobile app stores passwords in plain text or lacks encryption.

Vulnerabilities in IoT
8. Insufficient Security Configurability

∙ What it means: The user cannot configure essential security options (e.g., disable unused
ports, change passwords).

∙ Risks: Forced reliance on insecure defaults.

Example: A smart plug cannot disable remote access even if the user wants to.
9. Insecure Software or Firmware

∙ What it means: Devices run outdated or vulnerable firmware/software, often with no secure
update mechanism.

∙ Risks: Exploits through known vulnerabilities.

∙ Example: A security camera doesn’t check update authenticity and accepts rogue firmware.

10. Poor Physical Security

∙ What it means: Physical ports or access to the device hardware is not protected.

∙ Risks: Tampering, reprogramming, data extraction.

∙ Example: USB port on an industrial IoT controller is left accessible, allowing malware injection.
Security in IoT
• IoT reference architecture is a set of three architectural
views—functional, information, and deployment and operational.
• Security is one of the functional groups (FG) of the functional view.
• FG for security consists of security functions between the application
and device.
• Security FG contains five sets of functions which are required for
ensuring security and privacy.
1. Identity management (IdM)
2. Authentications
3. Authorisation
4. Key exchange and management
5. Trust and reputation
Security Functional Group

1. Identity Management (IdM)

• Assigns unique digital identities to users, devices, or services.
• Ensures every entity in the IoT network is identifiable.
• Prevents spoofing and supports secure access control.
• Example: Each smart thermostat or camera has a unique
device ID.
2. Authentication
• Confirms the identity of a user or device before granting
access.
• Uses passwords, certificates, biometrics, or tokens.
• Ensures that entities are who they claim to be.
• Example: Smart lock requires fingerprint or passcode to
authenticate user.
Security Functional Group

3. Authorization
• Defines what authenticated users/devices are allowed to do.
• Controls access to features, services, or data.
• Prevents misuse or overreach by legitimate users.
• Example: A sensor can send data but cannot control an HVAC
system.
4. Key Exchange and Management
• Handles the secure generation, distribution, and renewal of
cryptographic keys.
• Enables encrypted communication between IoT devices.
• Ensures confidentiality and integrity of transmitted data.
• Example: Smart meter and utility server exchange encryption
keys.
Security Functional Group

5. Trust and Reputation Management

• Monitors and evaluates the trustworthiness of devices and
users.
• Helps isolate or exclude suspicious or compromised nodes.
• Dynamic trust scores based on past behavior.
• Example: A sensor with erratic behavior may be blocked from
the network.
Security Function Purpose Example
Assigns unique digital IDs to Each sensor has a unique device
Identity Management
devices/users ID
Verifies identity before access is
Authentication Fingerprint to unlock smart lock
granted
Defines permitted actions for A sensor can send data but not
Authorization
authenticated entities control HVAC
Smart meter securely exchanges
Key Exchange & Management Secures data via encryption keys
encryption keys
Evaluates and tracks Block a sensor if its behavior is
Trust & Reputation
trustworthiness of devices suspicious
Threat Analysis

• Threat analysis means uncovering the security design flaws

after specifying the stride category, data flow diagram (DFD),
elements between interactions occurring during the stride, and
processes that are activated for analysis.
• A threat-analysis tool first generates the threats and analyzes a
system for threat(s).

• A DFD shows how data moves through a system — from source

to destination, through processes, databases, and
communication channels.
• The tool examines each element (e.g., process, data store,
external entity) and their interactions.
 Threat Analysis
• STRIDE is a model used to categorize different types of security
threats.
• Each letter stands for a different threat category
Letter Threat Type Description
Pretending to be someone else (e.g.,
S Spoofing Identity
using fake credentials to access a system)
Unauthorized modification of data (e.g.,
T Tampering with Data
altering messages or files)
Denying responsibility for an action (e.g.,
R Repudiation
denying sending a command)
Unauthorized access to sensitive
I Information Disclosure
information (e.g., leaking passwords)
Disrupting service availability (e.g.,
D Denial of Service (DoS)
flooding system with requests)
Gaining unauthorized access rights (e.g.,
E Elevation of Privilege
a normal user becomes admin)
Use Case in IoT
• It is a UML (Unified Modeling Language) diagram that
describes how a user (actor) interacts with a system to
achieve a specific goal.
• Characteristics:
• Represents functional requirements of a system.
• Shows positive, intended behavior.
• Includes actors (users or external systems) and use cases (actions
or goals).
• Helps analyze requirements before system design begins.
• Example – Use Case in Security FG:
• Goal: Generating and exchanging encryption keys.
• Actors: IoT device, Authentication Server.
• Use Case: The device requests a key.
• Server authenticates the device.
• Server sends a secure encryption key.
• This use case ensures proper key management, part of the
Security Function Group.
 Misuse Case
• It shows how an attacker or unauthorized user might misuse or
attack the system.
• Characteristics:
• Represents negative scenarios (threats, failures).
• An actor can be an attacker or a malicious user.
• Helps in threat modeling and designing security
countermeasures.
• Introduced in secure software engineering to complement use
cases.
• Example – Misuse Case in Security FG:
• Goal: Stealing an encryption key.
• Actor: Hacker or malicious user.
• Misuse Case: Eavesdrop on key exchange.
• Exploit a vulnerability to extract the key.
• Impersonate a valid device.
• The misuse case helps identify the need for:
• Encryption
• Mutual authentication
Introduction to IoT Security
Tomography
• Security tomography is a method inspired by medical imaging
(like CT scans), applied to analyze complex networks.

• In IoT, it means studying network behavior and structure to

find vulnerabilities and weaknesses.

• Useful in systems like Wireless Sensor Networks (WSNs),

RFID systems, and distributed IoT devices.
Security Tomography in IoT

• Applies the tomography principle to network layers and

interactions in IoT systems.

• Allows identification of vulnerable regions or communication

paths.

• Enables efficient attack detection and defense resource

allocation.
Why Not Monitor Every Node?
•Monitoring each node in a large network (e.g., WSN) is:
• Impractical
• Time-consuming
• Inefficient
•Security tomography monitors sections or clusters of
the network instead.
•Focus shifts from individual devices to network
behavior.
•How It Works – An Example
•A WSN has multiple nodes between two access points.
•Instead of checking each node, observe:
• Data delay
• Packet loss
• Traffic anomalies
• Use this behavior to locate compromised or vulnerable
regions.
IoT Security by Layered Architecture

• IoT follows a modified six-layer OSI architecture.

• Each layer can be targeted by specific cyberattacks.
• Security solutions must be layer-specific to be effective.
• CISCO also recommends a layered security framework covering
all six layers.
Layered Attacker Model
Layered Attacker Model Solution

• Following are the suggested solutions for mitigating the attacks

on the layers (OSI modified six layers IoT Architecture).
• Layer 1 (Physical Layer) – Attacks & Solutions
• Attack Surface: Physical tampering, signal jamming,
side-channel attacks.
• Solutions:
• Use link-level encryption:
• BT-LE (Bluetooth Low Energy): AES-CCM-128
authenticated encryption.
• ZigBee: Also uses AES-CCM-128 for confidentiality and
authentication.
• Implement tamper-resistant hardware.
Layered Attacker Model Solution
Layer 2 – Data Link Layer Attacks & Solutions
Common Threats:
• Internal node attacks during use of DHCP or Spanning Tree Protocol
(STP)
• ARP poisoning/spoofing
• VLAN hopping to access unauthorized segments
Mitigation Techniques:
• Program switches to restrict rogue DHCP and STP messages
• Enable ARP inspection to verify legitimate IP-to-MAC mappings
• Disable unused switch ports to reduce attack surface
• Enforce VLAN security:
• Group devices logically instead of physically
• Prevent cross-VLAN attacks (VLAN hopping)
LWM2M (OMA Specification) Provisions:
• MAS (Management and Security) for secure communication
• Root key data store to protect cryptographic credentials
• Device and data authentication for secure Internet gateway
communication
Layered Attacker Model Solution

Layer 3 – Network Layer Attacks & Solutions

Common Threats:
• IP spoofing
• Routing table manipulation
• Man-in-the-Middle (MitM) attacks
Mitigation Techniques:
• Use tamper-resistant routers to prevent unauthorized physical and logical
access
• Implement packet filtering to control incoming/outgoing traffic
• Enforce strict routing protocol authentication to ensure the legitimacy of
route updates
Layered Attacker Model Solution

Layer 4 – Transport Layer Attacks & Solutions

Common Threats:
• Port scanning to discover open and vulnerable ports

• Session hijacking and exploitation of unencrypted sessions

Mitigation Techniques:
• Use port scanning tools internally to identify and close vulnerable ports

• Configure firewalls to only keep essential ports open

• Implement DTLS (Datagram Transport Layer Security):

• Provides integrity, authentication, and confidentiality for UDP-based traffic

• Use SASL (Simple Authentication and Security Layer):

• Adds an extra layer of security when using XMPP protocol (commonly used in IoT
messaging)
Layered Attacker Model Solution

Layers 5 & 6 – Application & Presentation Layer Attacks &

Solutions
Common Threats:
• Application-level attacks due to poor coding practices
• SQL injection, code injection, data exfiltration
Mitigation Techniques:
• Implement input validation and sanitization to prevent SQL and code
injection
• Use HTTPS or S-HTTP (Secure HTTP) for secure web communication
Features of S-HTTP:
• Application-level HTTP security
• Supports digital signatures and encryption
• Allows for server-client security negotiation
• Supports multiple cryptographic algorithms and schemes
• Offers one-way or two-way security direction specification
Layered Attacker Model Solution
Summary
• CISCO suggested layered framework provisions for
following solutions:
•Layers 1–6: Role-based security
•Layers 1–4 Anti-temper and detection-based
security
•Layers 1–6: Data protection and confidentiality
•Layers 1–6: IP protection
Identity Management
• Identity Management (IDM) in IoT ensures that devices,
applications, and services are securely identified and authenticated.
• Importance of identity establishment in IoT for ensuring the
authenticity and trustworthiness of communication.
• IoT involves multiple devices, sensors, and actuators, all of which
require identification.
• MAC Address: Used to identify devices in networks.
• URI (Uniform Resource Identifier): For identifying resources on the
internet.
• Object Identifier (OID): Used for unique identification in IoT.
• Types of identifiers include:
• Types of Things (e.g., streetlight, vehicle)
• Class Identifiers (e.g., vehicle make and model)
• Instance Identifiers (e.g., VIN for vehicles)
Identity Management Functions

• Device IDM: Managing device identities through standards like

IETF transport layer.
• Application and Service IDM: Managing identities of applications
and services within IoT networks.
• Identity Registry: Centralized or decentralized systems that
manage and resolve device identities.
Use Cases of Identity Management

• Example 1: IETF Transport Layer handles device IDM.

• Example 2: Oracle IoT Architecture provisions device IDM at the
manage sublayer.
• Example 3: EPC global Architecture assigns unique identities to
objects.
• Example 4: RFID Identity Manager reads and manages RFID
tags for identity.
Access Control Mechanisms
• Authentication: Verifying the identity of devices or users.
• Hashing Algorithms (e.g., MD5, SHA-256) for ensuring data integrity.
• Steps involved in authentication:
• The sender hashes the message.
• The receiver compares the received hash with stored hash value to
authenticate.
• Pre-image resistance and Collision resistance ensure that the hash cannot
be reversed or altered.
• Authorization: Ensuring that authenticated entities are granted
appropriate access to resources. Some access control models:
• Access Control List (ACL): Simple model where permissions are
assigned to resources.
• Role-Based Access Control (RBAC): Access based on user roles.
• Attribute-Based Access Control (ABAC): Access based on attributes of
users or devices.
Access Control Mechanisms
• Key Exchange and Management: Securely exchanging
encryption keys between devices and services.
• Steps for key exchange:
• Devices generate their own secret keys.
• Keys are exchanged and validated.
• Secure communication proceeds with encryption and
decryption of messages.
Requirement of Security and Privacy
• Message Integrity: Ensuring that messages are not altered during
transmission.
• Integrity Check:
• Use of hash functions to check if a message has been altered.
• Compare hash values at the sender and receiver ends to ensure
message integrity.
• Message Non-Repudiation
• Non-repudiation ensures that the sender cannot deny sending a
message.
• Digital Signatures: Used to verify the origin and integrity of a message.
• Public Key Infrastructure (PKI): Ensures secure and verifiable digital
signatures.
• Message Availability
• Denial of Service (DoS) Attacks: Ensure that services are available by
preventing attacks like:
• ICMP Flooding
• SYN Flooding
• Peer-Peer Attacks Prevention Methods:
• Firewalls
• Secure communication protocols
Security Model

• Security Models are essential for protecting IoT systems.

• Different Security Profiles based on the application or
environment.
• These models help in ensuring:
• Authentication
• Authorization
• Confidentiality
• Integrity
• Availability
Security Profiles in IoT

•SecProf_0: No Security
•Usage: 6LowPAN/CoAP
•Security Model: No temper-resistant provisions.
•SecProf_1: Home Usage
•Usage: Operations between things without central
device.
•Security Model:
•No temper-resistant
•Sharing keys between layers.
Advanced Security Profiles

• SecProf_2: Managed Home Usage

• Usage: Interaction between things and local device-central
device.
• Security Model: No temper-resistant
• Sharing of keys between layers.
• SecProf_3: Industrial Usage
• Usage: Interaction between things, relying on local or back-end
devices.
• Security Model: Temper-resistant
• Key and process separation.
• SecProf_4: Advanced Industrial Usage
• Usage: Ad-hoc operations, central device or collection of control
devices.
• Security Model: Temper-resistant
• Key and process separation with sandboxing.
Security Model

• Key Features of Security Model

• Key Sharing:
• Needed across devices for authenticity and
confidentiality.
• Minimizes overhead and handshake processes in
constrained devices (e.g., sensors).
• Key Separation:
• Advanced applications may require key separation
across different layers.
• Process separation and sandboxing are used to isolate
applications for enhanced security.
• Cisco IoT Security Framework’s Four Functional Components
(FCs):
• Authentication
• Authorization
• Network-enforced Policy
• Secure Analytics (visibility and control)
Security Protocols in IoT

• Open Trust Protocol (OTrP):

• Manages security configuration in a Trusted Execution
Environment (TEE).
• Used for installing, updating, and deleting
applications/services.
• DTLS (Datagram Transport Layer Security):
• Ensures privacy and protection against eavesdropping,
tampering, or message faking.
• Essential for CoAP or LwM2M clients and servers.
• X.509 Protocol:
• Used for issuing digital certificates within a Public Key
Infrastructure (PKI).
• Ensures secure communication through digital
certificates and public-key encryption.