SlideShare a Scribd company logo

About IoT Protocols and Security Techniques

B
BalasundaramSr

The document discusses various standardization efforts in IoT protocols, emphasizing the fragmented current state and the need for a unified architecture to enhance interoperability across different sectors. It highlights the roles of various organizations, such as ITU-T and IEEE, in developing standards for IoT, M2M, WSNs, SCADA, and RFID systems while addressing the challenges posed by multiple consortia and decentralized efforts in standardization. Proposed solutions include establishing architectural foundations, utilizing existing technologies, and fostering collaboration among stakeholders to promote the adoption of IoT on a broader scale.

Education
1 of 112
Download to read offline
1
2
Most read
3
Most read
4
Most read
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
IoT Protocols And Security Mrs. K.M. Sanghavi
IoT Standardization Efforts • The IoT- A (Internet of Things architecture) is targeting a holistic(universal) architecture for all IoT sectors. • 17 European organizations from nine countries are a part of IoT- A. • They summarize the current status of IoT standardization as :
Current IoT Standardization acc to IoT-A Fragmented architectures No universal approach to implement IoT has yet been proposed Many island solutions do exist (RFID, sensor nets, etc.) Little cross-sector reuse of technology and exchange of knowledge
Current IoT Standardization is a problem , SO What could be Done to Solve this???
Proposed Solution By IoT-A for Standardization Create Architectural foundation for IoT, that will be operable with future Internet Use Existing technologies instead of creating new ones. Demonstrating the applicability of IoT in a set of use cases Establish a strong stakeholder group to remove the barriers and accept IoT on wide scale Combine various IoT technologies into a single entity.
Groups doing IoT Standardization Work Package Framework (WPF) International Telecommunication Union Telecommunication Standardization Sector(ITU-T) Internet Protocol for Smart Objects (IPSO) • Aim to form an open group of companies to market and educate about how to use IP for IoT smart objects based on an all- IP holistic approach
Work Package Framework • The WPF divides the implementation standards of IoT into hierarchical groups of tasks as shown in the below
International Telecommunication Union Telecommunication Standardization Sector • The ITU-T mission is to ensure the efficient and timely production of standards covering all fields of telecommunications on a worldwide basis, as well as defining tariff and accounting principles for international telecommunication services • The technical work, the development of Recommendations, of ITU-T is managed by Study Groups (SGs). • There are currently 11 SGs.
International Telecommunication Union Telecommunication Standardization Sector
Internet Protocol for Smart Objects • The IPSO Alliance is an open, informal and thought-leading association of like-minded organizations and individuals that promote the value of using the Internet Protocol for the networking of Smart Objects. • IP Stack can easily run on tiny, battery operated embedded devices as it is long-lived and stable technology. • The role of the alliance is to ensure how IPv4, IPv6, and 6LoWPAN are used, deployed and provided to all potential users.
Internet Protocol for Smart Objects • Mobile IP is an approach by IETF (Internet Engineering Task Force) which manages the movement of mobile devices over IPV4 and IPV6
M2M Standardization Efforts M2M Standardization Task Force (MSTF) coordinate the efforts of individual standards development organizations (SDO)for M2M Applications These define a conceptual framework for M2M applications and specify a service layer that will enable application developers to create applications that operate transparently across different vertical domains
M2M Standardization Efforts M2M standards activities include the following • Use JSON as Data Transport Format • Resolve IP addressing issues for devices IPV6 • Use Open REST- based API for M2M applications • Remote management of devices behind a gateway or firewall be done • Fix the charging standars
WSN Standardization Efforts There are number of standardization bodies in the field of WSNs The IEEE focuses on the physical and MAC layers IETF works on layers 3 and above.
WSN Standardization Efforts IEEE 1451 is a set of smart transducer interface standards developed by the IEEE Instrumentation and Measurement Society’s Sensor Technology Technical Committee that describe a set of open, common, network- independent communication interfaces for connecting sensors or actuators) to microprocessors, instrumentation systems, and control/field networks The goal of the IEEE 1451 family of standards is to allow the access of transducer data through a common set of interfaces whether the transducers are connected to systems or networks via a wired or wireless means
WSN Standardization Efforts …IEEE 1451 Activities 1451.0-2007 Common Functions, Communication Protocols 1451.1-1999 Network Capable Application Processor Information Model 1451.2-1997 Transducer to Microprocessor Communication Protocols 1451.3-2003 Digital Communication Formats for Distributed Multi- drop Systems
WSN Standardization Efforts …IEEE 1451 Activities 1451.4-2004 Mixed- mode Communication Protocols 1451.5-2007 Wireless Communication Protocols 1451.7-2010 Transducers to Radio Frequency Identification (RFID) Systems Communication Protocols
SCADA Standardization Efforts IEEE created a standard specification, called Std C37.1™, for SCADA and automation systems The processing is now distributed, and functions that used to be done at the control center can now be done by the intelligent electronic devices (IED) that is, M2M between devices
SCADA Standardization Efforts The ISA100 was developed by the standards committee of the Industrial Society for Automation formed to define procedures for implementing wireless systems in the automation and control environment with a focus on the field level
SCADA Standardization Efforts OPC, which stands for Object Linking and Embedding (OLE) for Process Control standard specification developed by an industrial automation industry task force (IAITF) The standard specifies the communication of real- time plant data between control devices from different manufacturers OPC was designed to provide a common bridge for Windows- based software applications and process control hardware
RFID Standardization Efforts The RFID protocols and data formats are relatively well defined, mostly by EPCglobal (Electronic Product Code) The standard for contactless smart card communications is ISO/ IEC 14443 allows for communications at distances up to 10 cm. ISO/ IEC 15693, which allows communications at distances up to 50 cm International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
Summary • WPF, ITU-T,IPSO IoT-A • MSTF M2M • IEEE which developed IEEE1451 , IETF WSN • IEEE developed C37.1 , ISA , IAITF developed OPC SCADA • EPCGlobal developed ISO/IEC 14443 and ISO/IEC 15693 RFID
Issues of IoT Standardization Standardization is like a double- edged sword: critical to market development, but it may threaten innovation and inhibit change when standards are accepted by the market.
Issues of IoT Standardization • Different consortia, forums, and alliances have been doing standardization • Even within the same segment, there are more than one consortium or forum doing standardization • ICT standardization is a highly decentralized activity.
Unified Data Standards in IoT for data Exchange • Use XML representation for data exchange/transfer • Resource Description framework (RDF) can be used for modeling the information that is deployed as web resource • Use REST API • ebXML can be used for e-commerce solutions • IEEE 1451
IoT Protocols IEEE 802.15.4 BacNet ModBus KNX Zigbee
Wireless Wireless communication standards: • IEEE 802.11 a/b/g • Bluetooth • GSM What makes them unattractive for WSN: • Power hungry (need big batteries) • Complexity (need lots of clock cycles and memory) New protocol for WSN: • 802.15.4 • Zigbee
802.15.4
802.15.4 • IEEE 802.15.4 task group began to develop a standard for LR-WPAN. • The goal of this group was to provide a standard with ultra-low complexity, cost, and power for low-data-rate wireless connectivity among inexpensive fixed,portable, and moving devices.
802.15.4
Approaches for Low Power In order to achieve the low power and low cost goals established by IEEE 802.15.4 the following approaches are taken • Reduce the amount of data transmitted • Reduce the transceiver duty cycle and frequency of data transmissions • Reduce the frame overhead • Reduce complexity • Reduce range • Implement strict power management mechanisms (power-down and sleep
IEEE 802.15.4 • IEEE 802.15.4 deals with only PHY layer and portion of Data link layer. • The higher-layer protocols are left to industry and the individual applications. • The Zigbee Alliance is an association of companies involved with building higher-layer standards based on IEEE 802.15.4. This includes network, security, and application protocols.
IEEE 802.15.4 IEEE 802.15.4 draft standard supports multiple network topologies including star and peer to peer topology.
IEEE 802.15.4
IEEE 802.15.4 • IEEE 802 splits DLL into MAC and LLC sublayers. • LLC is standardized and is common in 802.3,802.11,802.15.1. • Features of the IEEE 802.15.4 MAC are – Association and disassociation – acknowledged frame delivery – Channel access mechanism – Frame validation – Guaranteed time slot management – Beacon management.
IEEE 802.15.4 …MAC • MAC provides data and management services to upper layers • 802.15.4 MAC is of very low complexity, making it very suitable for its intended low- end applications, albeit at the cost of a smaller feature set than 802.15.1 (e.g., 802.15.4 does not support synchronous voice links).
IEEE 802.15.4 …MAC
IEEE 802.15.4 …MAC • Frame control field indicates the type of MAC frame being transmitted, specifies the format of the address field, and controls the acknowledgment. • Multiple address types : 64 bit physical address and short 8 bit network assigned address are provided. • Address field size may vary from 0 to 20 bytes. • Payload field is variable with condition size of mac frame <= 127 bytes. • FCS is used for integrity check using 16 bit CRC.
IEEE 802.15.4 …PHY • This standard provides 2 PHY options with frequency band as fundamental difference. • 2.4 GHz band has worldwide availability and provides a transmission rate of 250 kb/s. • The 868/915 MHz PHY specifies operation in the 868 MHz band in Europe and 915 MHz ISM band in the United States and offer data rates 20 kb/s and 40 kb/s respectively. • Different transmission rates can be exploited to achieve a variety of different goals.
IEEE 802.15.4 …Channel Structure
IEEE 802.15.4 …Modulation
ModBus • Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) • Used to establish master-slave/client-server communication between intelligent devices • Openly published and royalty-free • Modbus enables communication between many (approximately 247) devices connected to the same network
ModBus • MODBUS devices communicate using a master- slave technique in which only one device (the master) can initiate transactions (called queries). • The other devices (slaves) respond by supplying the requested data to the master • A slave is any peripheral device (I/O transducer, valve, network or other measuring device), which processes information and sends its output to the master . • Masters can address individual slaves, or can initiate a broadcast message to all slaves.
ModBus
ModBus
ModBus • MODBUS Frames : – ADU …Application Data Unit – PDU …. Protocol Data Unit
ModBus • MODBUS Frames : – ADU …Application Data Unit – PDU …. Protocol Data Unit • The PDU frames : function Code+ data. • The ADU frames : Add+FC+data+Error check . • The FC -> action to perform and the data -> information to be used for this action.
ModBus Data TYpes • Modbus transactions always perform a set of actions by reading or writing to a set of four data ,used by the Modbus application layer.
ModBus Accessing Data • 16-bit Unsigned Registers And Single-bit Coils – Input Registers And Holding Registers – Input Coils And Status Coils • 64 kb of space is allocated for registers and coils
ModBus Transmisssion modes • ASCII …Uses Longitude Redundancy Check • Remote Terminal Unit …Uses Cyclic Redundancy Check – In Modbus RTU, bytes are sent consecutively with a 3- 1/2 character space between messages for a delimiter. This allows the software to know when a new message is starting. • Any delay between bytes will cause Modbus RTU to interpret it as the start of a new message. – Modbus ASCII marks the start of each message with a colon character " : " (hex 3A). • The end of each message is terminated with the carriage return and line feed characters (hex 0D and 0A)
ModBus Transmisssion modes
ModBus Transmisssion modes
BACNet Protocol
BACNet • Building Automation and Control Networks developed by American Society of heating, Refrigerating and Air- Conditioning Engineers( ASHRAE) • It is a data communication protocol designed for communication between building automated system components • This is an Object Oriented protocol • Objects : Physical device, temperature input( analog input) , A relay control(binary output), schedules • Services : Used to perform read, write and I/O
BACNet • BacNet Objects are evaluated and controlled by their properties • Property Name, Value Object Name “Lighting Area” Object Type BINARY_OUTPUT Present Value Active Status_Flags Normal, In-Service Out_Of_Service False Inactive_Text “Off” Active_Text “On”
BACNet Services • BacNet Services are formal requests that one BACNet device sends to another to ask it to do something • Categories : – Object Access (Read, Write, Create, Delete) – Alarm and Event (Alarms and Changes of State) – File Access (Trend data, Data transfer) – Remote Device Management (Discover, Time Synchronization, Backup and Restore Database, Initialization) – Virtual Terminal (HMI via menus) – Who Is, I Am , Who-Has, I-Have • These follow a Client-Server model
BACNet Protocol Stack
BACNet Network Types i.e Physical and Data Link Layer BACNet IP • Used with existing ethernet, WAN BACNet MS/TP • Uses Twisted Pair EIA -485 upto 4000 feet BACNet ISO 8802-3 • Limited to Single Infrastructure without IP routers BACNet P2P • Used only for dial-up telephone networks
KNx Protocol
KNX • Abbreviation for KONNEX evolved from EHS (European Home Systems Protocol), EIB (European Installation Bus), BatiBUS • Used for Building Automation • Operates on more than one physical layer e.g twisted pair wiring, Ethernet, infrared • Every Unit hooked up to the KNX system is smart enough and does not rely on other parts to function • KNX devices are sensors, actuators, system devices.
KNX • KNX Devices have 3 modes : – A-mode(automatic)….Configure themselves – E-mode (easy)…Require training to install – S-mode(system mode)….must be programmed by specialists. • KNX network can be formed with tree, line and star topologies • This can Link upto 57,375 devices
KNX • For Routing of messages KNX uses telegrams Control 8 Bits Source Address 16 Bits Dest Address 17 bits Routing Counter 3 Bits Length 3 Bit Data Upto 16 bytes Parity 8 Bits
KNX Telegram • High, Low, Alarm, System • ACK,NAK, BUSY Control – Decides Priority or For Acknowledgment • 4 bits- Area ID, 4 Bits- Line ID, 4 Bits- Device ID Source Address • Can be Physical or Logical – 17th Bit indicates PHY - 0 or LOG-1 Dest Addr • Defines Hop Count …Limited to 6 Hops Routing Counter • Used to Secure the Telegram Parity
KNX • Used for control of building management – Lighting – Blinds/Shutters – HVAC – Metering – Remote Control – Refrigerators, Washers, Dryers – Security Systems
KNX • Advantages – Platform Independent – Low energy consumption – Open Standard
ZigBee Protocol
ZigBee Technology • Built on IEEE 802.15.4 standard for Wide Personal Area Network(WPAN) • This defines PHY and MAC layers to handle many devices at low-data rates. • These operate at 868 MHz(Europe with 20Kbps), 902-928 MHz(US with 40 Kbps) and 2.4 GHz(Entire world with 250 Kbps) • Low-cost and low-powered mesh network, which covers range of 10-100m. • These can be extended with the help of routers
ZigBee Architecture • This consists of Three Devices in the n/w layer – Zigbee coordinator – Router – End Device • Zigbee coordinator - Every Network in Zigbee must have a coordinator(root) that handles and stores the information and also transmit and receive data operations. • Router – These are intermediary devices that permit data to pass to and fro through them to other devices. • End Devices – Have limited functionality to communicate with parent nodes
ZigBee Architecture
ZigBee Architecture • This consists of various layers out of which PHY and MAC Layer are defined by 802.15.4 • Zigbee has own Network Layer and Application Layer. – Physical Layer – Does modulation, demodulation – MAC Layer – responsible for reliable transmission of data with CSMA/CA – Network – Routing, Network configurations, connections and disconnection management – Application support sub-layer : Interfaces with data managing services – Application framework : Provides two types of messaging service General messaging(GMS), Key-value pair(K_V pair).
ZigBee OPERATING Modes • Non- Beacon – The coordinators and routers continuously monitor active state of incoming data hence more power is consumed. • Beacon – When there is no data communication from end devices, the routers and coordinators eneter into sleep state. – The coordinator wakes up periodically and transmits the beacons to routers
ZigBee Topologies • Star…Here there is one coordinator responsible for initiating and managing devices. • Mesh…. Several routers are connected • Cluster- Tree
ZigBee N/W Frame Format Octets : 2 2 2 1 1 Variable Frame Contro l Dest Addr Sourc e Addr Radiu s Seq No Frame Payload Routing Fields Network Header Network Payload
ZigBee N/W Frame • Frame Control – Define various parameters like : – Communication type – Unicast/MutiCast/Broadcast – Security – Enabled/Disabled – Route discovery – Enabled/Disabled – Source / Destination Addr Specified or not • Addr : 64-bit / 16-bit • Radius – defines maximum number of hops allowed for packet • Seq. No – Packet Counter
ZigBee APS Frame Format Octets : 1 0/1 0/1 0/2 0/1 Variable Frame Contro l Dest EndP oint Clust er Identi fier Profil e Identi fier Sourc e endp oint Frame Payload Addressing Fields APS Header Network Payload
ZigBee APS Frame • Frame Control – Define various parameters like : – Frame type- Data/Command/ACK – Security – Enabled/Disabled – Delivery mode – Unicast/Broadcast/Multicast – Source / Destination Addr Specified or not • Addr : 8-bit source / dest addr • Cluster Identifier – Used to identify the cluster that is used in binding operation of zigbee coordinator. This is present for data frames but not for command frames. • Profile Identifier – Specifies the profile for which frame is intended. Used only for Data and ACK frame.
ZigBee Applications • Home Automation • Smart Metering • Smart Grid Monitoring • Industrial Automation
IoT Device Life Cycle Boot Up • Device is loading the firmware and starts to work as defined Initialization • Establish connection, Sync Data, Read configuration Operation • Device performs its designed task continuously Update • New Firmware arrives, device reboots, and loads new frimware
IoT Device Life Cycle ….BootUp • Firmware integrity check: To ensure that firmware has not been modifed or tampered by others, the best method is to implement an integrity check by embedded checksum or secure password. • Secure boot: Encrypt firmware with PKI or public/private certification to secure the whole boot-up process.
IoT Device Life Cycle ….Initialization • AAA protection • Use proper encryption to avoid user/device hijack. • Default account credentials appear in many IoT devices. It’s best to have an activation process which requires end-user to change default password. • Key/Certification protection: • Use a KMS (Key Management System) or CMS (Certification Management System) to protect encryption/decryption keys, or store those keys in a TPM (Trusted Platform Module).
IoT Device Life Cycle ….Initialization • Communication protection: The communication between device and device, device and the Internet, or device and user interface (through mobile apps or web apps) should be encrypted (HTTPs, AES 128, 256, and others). • Identity protection: To prevent a fake identity within the communication group, it is necessary to make sure the communicated object is certified. A KMS or CMS can also play an important role here.
IoT Device Life Cycle ….Operation • AAA protection • Remove all backdoor debug user accounts. From several studies, we have found out that many IoT devices keep those accounts for debugging purposes in the system and that increases the chances of penetration. • During the operation stage, the IoT device may still associate with new devices, users, and clouds, for example; add new monitor sensors for a connected home, or creating additional user account for home member, so account protection is still needed in this stage.
IoT Device Life Cycle ….Operation •Monitoring: • The device should implement knowledge to detect abnormal operations and, if such operations occur, provide a warning to the backend or end user. • Integrity check: Run-time integrity checks can prevent the device from being compromised during operation. Leveraging cloud technology to have two-way integrity checks will be the most effective way.
IoT Device Life Cycle ….Operation • Risk management: Use a method like virtual patching or a host IPS to reduce risk before Firmware Over-the-Air (FOTA) triggers
IoT Device Life Cycle ….Updation •Secure FOTA (Firmware Over-the-Air): Before the FOTA trigger, the new firmware needs to be encrypted and checked to make sure the next lifecycle will be performing a secure boot up again.
Attacks Active Attacker tries to manipulate data Passive Attacker just monitors data flow
About IoT Protocols and Security Techniques
Problems of IoT Security • Initial design was for private communication network then moved to IP network and later on the Internet • Firmware updates are hard or nearly impossible after installations • Started with basic security then found the security flaws and attached more complex security requirements later • Low security devices from early design are still out there and used in compatible fall-back mode
Problems of IoT Security • Fake Control Server • Attack on Device Ports • Attack on Server Ports • Steal Credential • Inject Bad Configuration • Sniff Data on Private Network
About IoT Protocols and Security Techniques
About IoT Protocols and Security Techniques
About IoT Protocols and Security Techniques
About IoT Protocols and Security Techniques
About IoT Protocols and Security Techniques
About IoT Protocols and Security Techniques
IoT Vulnerabilities • I1 Insecure Web Interface • I2 Insufficient Authentication/Authorization • I3 Insecure Network Services • I4 Lack of Transport Encryption/Integrity Verification • I5 Privacy Concerns • I6 Insecure Cloud Interface • I7 Insecure Mobile Interface • I8 Insufficient Security Configurability • I9 Insecure Software/Firmware • I10 Poor Physical Security WANT PC MS
IoT Vulnerabilities
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
IoT Vulnerabilities in IoT
Security Challenges in IoT • Wireless communication • Physical insecurity • Constrained devices Potentially sensitive data • Lack of standards • Heterogeneity: weakest link problem • A systems, not software problem • Classic web / internet threats • Identity management & dynamism • Inconvenience and cost
Attacks in Different Layers of IoT Transport Send Wrong Data Incorrect Control Packets Network Routing Loop WormHole Attack Network Partitioning Denial of Service MAC Spoofing Man In the Middle Eaves Dropping
How to Secure IoT Devices Download …https:/www.youtube.com/watch?v=2Z c2PDXtjsI 1. Secure Boot 2. Authentication 3. Protected Ports ..Physical Security 4. Secure Storage 5. Secure Connections
Key Elements in IoT Security Identity Establishment • Use Public Key Cryptography Access Control • Define boundary of data access for devices…Data Access is done by Authentication Data and Message Security • Use Data Encryption Standards Non-Repudiation and Availability • Rejecting the fact that one entity has sent or received the message, and make all resources available and updated Security Model • Represent Security Features to be followed by an IoT Application
Security Model for IoT Security ..Authentication, Confidentiality, Integrity, Availability Trust …Repudiation Privacy..Users Privacy, Laws, Ethics of communication

More Related Content

PPTX
Unit 4
Mayura shelke
 
PDF
unit 2.pdf
SupratimNandi3
 
PDF
internet-of-things-2.....................pdf
rajeswaria21
 
PPT
Introduction to IooT protocols in IoT.ppt
sushantraj495
 
PPTX
IOT_PPT.pptx
anilkumar5114
 
PDF
IoT PROTOCOLS IoT Access Technologies Physical and MAC layers, topology and S...
girishgandhi4
 
PPTX
WPAN technologies and its wipe spread usage
hodcse768718
 
PPTX
Rpl2018
Pascal Thubert
 
Unit 4
Mayura shelke
 
unit 2.pdf
SupratimNandi3
 
internet-of-things-2.....................pdf
rajeswaria21
 
Introduction to IooT protocols in IoT.ppt
sushantraj495
 
IOT_PPT.pptx
anilkumar5114
 
IoT PROTOCOLS IoT Access Technologies Physical and MAC layers, topology and S...
girishgandhi4
 
WPAN technologies and its wipe spread usage
hodcse768718
 
Rpl2018
Pascal Thubert
 

Similar to About IoT Protocols and Security Techniques (20)

PPTX
IPv6 ND 2020
Pascal Thubert
 
PPTX
UNIT III- 1.RPL.pptx
Sangeetha Prakash
 
PPTX
Final_IoT_Protocol Stack.pptx
jainam bhavsar
 
PPTX
Io t standard_bis_arpanpal
Arpan Pal
 
PDF
Trend of the ICT Standardization
Shoichi Sakane
 
PPTX
IOT Protocols
Nagesh Rao
 
PDF
7CS4_IOT_Unit-1.pdf
Gaurav Sharma
 
PPTX
IOT - Unit 3.pptx
PallaviPatil580306
 
PPTX
communication_technologies_Internet of things topic
DurgaDeviP2
 
PPTX
Smart Object Architecture
Hannes Tschofenig
 
PDF
IOT_MODULE_3.pdf simple example notes for use
shreyarrce
 
PPTX
Lecture 5,6 [Autosavedaot IOT ]slides.pptx
sarfarazkhanwattoo
 
PPT
IoT _protocols.ppt
rohitbansal761378
 
PDF
Mphasis Digital POV - Emerging Open Standard Protocol stack for IoT
Aniruddha Chakrabarti
 
PDF
Introduction of IEEE 802.15.4 Technology
govindsingh258478
 
PDF
IoT Connectivity
Hitesh Mohapatra
 
PPTX
1.pptx
VenkatesanSatheeswar
 
PPTX
IOT technology-standards
sadiqFakheraldian
 
PPT
Zigbee technology
VELAMMAL INSTITUTE OF TECHNOLOGY
 
PPTX
IoT2_Module2_partofCVMUFacultykasashah.pptx
khushali32
 
IPv6 ND 2020
Pascal Thubert
 
UNIT III- 1.RPL.pptx
Sangeetha Prakash
 
Final_IoT_Protocol Stack.pptx
jainam bhavsar
 
Io t standard_bis_arpanpal
Arpan Pal
 
Trend of the ICT Standardization
Shoichi Sakane
 
IOT Protocols
Nagesh Rao
 
7CS4_IOT_Unit-1.pdf
Gaurav Sharma
 
IOT - Unit 3.pptx
PallaviPatil580306
 
communication_technologies_Internet of things topic
DurgaDeviP2
 
Smart Object Architecture
Hannes Tschofenig
 
IOT_MODULE_3.pdf simple example notes for use
shreyarrce
 
Lecture 5,6 [Autosavedaot IOT ]slides.pptx
sarfarazkhanwattoo
 
IoT _protocols.ppt
rohitbansal761378
 
Mphasis Digital POV - Emerging Open Standard Protocol stack for IoT
Aniruddha Chakrabarti
 
Introduction of IEEE 802.15.4 Technology
govindsingh258478
 
IoT Connectivity
Hitesh Mohapatra
 
1.pptx
VenkatesanSatheeswar
 
IOT technology-standards
sadiqFakheraldian
 
Zigbee technology
VELAMMAL INSTITUTE OF TECHNOLOGY
 
IoT2_Module2_partofCVMUFacultykasashah.pptx
khushali32
 
Ad

More from BalasundaramSr (20)

PPTX
An overview IoT Platform 2024 07082024.pptx
BalasundaramSr
 
PDF
IoT Overview IP6 Diagrams IPv^ Given with Details
BalasundaramSr
 
PDF
socialnetworkanalysis-100225055227-phpapp02.pdf
BalasundaramSr
 
PDF
WEB 3 IS THE FILE UPLOADED IN THIS APPROACH
BalasundaramSr
 
PDF
Semantic Search to Web 3.0 Complete Tutorial
BalasundaramSr
 
PPTX
Objects and Classes BRIEF.pptx
BalasundaramSr
 
PDF
SocialCom09-tutorial.pdf
BalasundaramSr
 
PPT
13047926.ppt
BalasundaramSr
 
PDF
Xpath.pdf
BalasundaramSr
 
PPTX
OSNs.pptx
BalasundaramSr
 
PPTX
HadoopIntroduction.pptx
BalasundaramSr
 
PPTX
HadoopIntroduction.pptx
BalasundaramSr
 
PPTX
Data Mart Lake Ware.pptx
BalasundaramSr
 
PDF
Simple SNA.pdf
BalasundaramSr
 
PPTX
XPATH_XSLT-1.pptx
BalasundaramSr
 
PPT
Cognitive Science.ppt
BalasundaramSr
 
PPT
Web Page Design.ppt
BalasundaramSr
 
PPT
wipo_res_dev_ge_09_www_130165.ppt
BalasundaramSr
 
PDF
OOA Analysis(1).pdf
BalasundaramSr
 
PPT
OODIAGRAMS.ppt
BalasundaramSr
 
An overview IoT Platform 2024 07082024.pptx
BalasundaramSr
 
IoT Overview IP6 Diagrams IPv^ Given with Details
BalasundaramSr
 
socialnetworkanalysis-100225055227-phpapp02.pdf
BalasundaramSr
 
WEB 3 IS THE FILE UPLOADED IN THIS APPROACH
BalasundaramSr
 
Semantic Search to Web 3.0 Complete Tutorial
BalasundaramSr
 
Objects and Classes BRIEF.pptx
BalasundaramSr
 
SocialCom09-tutorial.pdf
BalasundaramSr
 
13047926.ppt
BalasundaramSr
 
Xpath.pdf
BalasundaramSr
 
OSNs.pptx
BalasundaramSr
 
HadoopIntroduction.pptx
BalasundaramSr
 
HadoopIntroduction.pptx
BalasundaramSr
 
Data Mart Lake Ware.pptx
BalasundaramSr
 
Simple SNA.pdf
BalasundaramSr
 
XPATH_XSLT-1.pptx
BalasundaramSr
 
Cognitive Science.ppt
BalasundaramSr
 
Web Page Design.ppt
BalasundaramSr
 
wipo_res_dev_ge_09_www_130165.ppt
BalasundaramSr
 
OOA Analysis(1).pdf
BalasundaramSr
 
OODIAGRAMS.ppt
BalasundaramSr
 
Ad

Recently uploaded (20)

PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
Lesson notes of climatology university.
sgladness67
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
Pre independence Education in Inndia.pdf
goofy5603
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Sports Quiz easy sports quiz sports quiz
nikunj2757
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Institutional Correction lecture only . . .
limvtheghins
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 

About IoT Protocols and Security Techniques

  • 1. IoT Protocols And Security Mrs. K.M. Sanghavi
  • 2. IoT Standardization Efforts • The IoT- A (Internet of Things architecture) is targeting a holistic(universal) architecture for all IoT sectors. • 17 European organizations from nine countries are a part of IoT- A. • They summarize the current status of IoT standardization as :
  • 3. Current IoT Standardization acc to IoT-A Fragmented architectures No universal approach to implement IoT has yet been proposed Many island solutions do exist (RFID, sensor nets, etc.) Little cross-sector reuse of technology and exchange of knowledge
  • 4. Current IoT Standardization is a problem , SO What could be Done to Solve this???
  • 5. Proposed Solution By IoT-A for Standardization Create Architectural foundation for IoT, that will be operable with future Internet Use Existing technologies instead of creating new ones. Demonstrating the applicability of IoT in a set of use cases Establish a strong stakeholder group to remove the barriers and accept IoT on wide scale Combine various IoT technologies into a single entity.
  • 6. Groups doing IoT Standardization Work Package Framework (WPF) International Telecommunication Union Telecommunication Standardization Sector(ITU-T) Internet Protocol for Smart Objects (IPSO) • Aim to form an open group of companies to market and educate about how to use IP for IoT smart objects based on an all- IP holistic approach
  • 7. Work Package Framework • The WPF divides the implementation standards of IoT into hierarchical groups of tasks as shown in the below
  • 8. International Telecommunication Union Telecommunication Standardization Sector • The ITU-T mission is to ensure the efficient and timely production of standards covering all fields of telecommunications on a worldwide basis, as well as defining tariff and accounting principles for international telecommunication services • The technical work, the development of Recommendations, of ITU-T is managed by Study Groups (SGs). • There are currently 11 SGs.
  • 10. Internet Protocol for Smart Objects • The IPSO Alliance is an open, informal and thought-leading association of like-minded organizations and individuals that promote the value of using the Internet Protocol for the networking of Smart Objects. • IP Stack can easily run on tiny, battery operated embedded devices as it is long-lived and stable technology. • The role of the alliance is to ensure how IPv4, IPv6, and 6LoWPAN are used, deployed and provided to all potential users.
  • 11. Internet Protocol for Smart Objects • Mobile IP is an approach by IETF (Internet Engineering Task Force) which manages the movement of mobile devices over IPV4 and IPV6
  • 12. M2M Standardization Efforts M2M Standardization Task Force (MSTF) coordinate the efforts of individual standards development organizations (SDO)for M2M Applications These define a conceptual framework for M2M applications and specify a service layer that will enable application developers to create applications that operate transparently across different vertical domains
  • 13. M2M Standardization Efforts M2M standards activities include the following • Use JSON as Data Transport Format • Resolve IP addressing issues for devices IPV6 • Use Open REST- based API for M2M applications • Remote management of devices behind a gateway or firewall be done • Fix the charging standars
  • 14. WSN Standardization Efforts There are number of standardization bodies in the field of WSNs The IEEE focuses on the physical and MAC layers IETF works on layers 3 and above.
  • 15. WSN Standardization Efforts IEEE 1451 is a set of smart transducer interface standards developed by the IEEE Instrumentation and Measurement Society’s Sensor Technology Technical Committee that describe a set of open, common, network- independent communication interfaces for connecting sensors or actuators) to microprocessors, instrumentation systems, and control/field networks The goal of the IEEE 1451 family of standards is to allow the access of transducer data through a common set of interfaces whether the transducers are connected to systems or networks via a wired or wireless means
  • 16. WSN Standardization Efforts …IEEE 1451 Activities 1451.0-2007 Common Functions, Communication Protocols 1451.1-1999 Network Capable Application Processor Information Model 1451.2-1997 Transducer to Microprocessor Communication Protocols 1451.3-2003 Digital Communication Formats for Distributed Multi- drop Systems
  • 17. WSN Standardization Efforts …IEEE 1451 Activities 1451.4-2004 Mixed- mode Communication Protocols 1451.5-2007 Wireless Communication Protocols 1451.7-2010 Transducers to Radio Frequency Identification (RFID) Systems Communication Protocols
  • 18. SCADA Standardization Efforts IEEE created a standard specification, called Std C37.1™, for SCADA and automation systems The processing is now distributed, and functions that used to be done at the control center can now be done by the intelligent electronic devices (IED) that is, M2M between devices
  • 19. SCADA Standardization Efforts The ISA100 was developed by the standards committee of the Industrial Society for Automation formed to define procedures for implementing wireless systems in the automation and control environment with a focus on the field level
  • 20. SCADA Standardization Efforts OPC, which stands for Object Linking and Embedding (OLE) for Process Control standard specification developed by an industrial automation industry task force (IAITF) The standard specifies the communication of real- time plant data between control devices from different manufacturers OPC was designed to provide a common bridge for Windows- based software applications and process control hardware
  • 21. RFID Standardization Efforts The RFID protocols and data formats are relatively well defined, mostly by EPCglobal (Electronic Product Code) The standard for contactless smart card communications is ISO/ IEC 14443 allows for communications at distances up to 10 cm. ISO/ IEC 15693, which allows communications at distances up to 50 cm International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
  • 22. Summary • WPF, ITU-T,IPSO IoT-A • MSTF M2M • IEEE which developed IEEE1451 , IETF WSN • IEEE developed C37.1 , ISA , IAITF developed OPC SCADA • EPCGlobal developed ISO/IEC 14443 and ISO/IEC 15693 RFID
  • 23. Issues of IoT Standardization Standardization is like a double- edged sword: critical to market development, but it may threaten innovation and inhibit change when standards are accepted by the market.
  • 24. Issues of IoT Standardization • Different consortia, forums, and alliances have been doing standardization • Even within the same segment, there are more than one consortium or forum doing standardization • ICT standardization is a highly decentralized activity.
  • 25. Unified Data Standards in IoT for data Exchange • Use XML representation for data exchange/transfer • Resource Description framework (RDF) can be used for modeling the information that is deployed as web resource • Use REST API • ebXML can be used for e-commerce solutions • IEEE 1451
  • 27. Wireless Wireless communication standards: • IEEE 802.11 a/b/g • Bluetooth • GSM What makes them unattractive for WSN: • Power hungry (need big batteries) • Complexity (need lots of clock cycles and memory) New protocol for WSN: • 802.15.4 • Zigbee
  • 29. 802.15.4 • IEEE 802.15.4 task group began to develop a standard for LR-WPAN. • The goal of this group was to provide a standard with ultra-low complexity, cost, and power for low-data-rate wireless connectivity among inexpensive fixed,portable, and moving devices.
  • 31. Approaches for Low Power In order to achieve the low power and low cost goals established by IEEE 802.15.4 the following approaches are taken • Reduce the amount of data transmitted • Reduce the transceiver duty cycle and frequency of data transmissions • Reduce the frame overhead • Reduce complexity • Reduce range • Implement strict power management mechanisms (power-down and sleep
  • 32. IEEE 802.15.4 • IEEE 802.15.4 deals with only PHY layer and portion of Data link layer. • The higher-layer protocols are left to industry and the individual applications. • The Zigbee Alliance is an association of companies involved with building higher-layer standards based on IEEE 802.15.4. This includes network, security, and application protocols.
  • 33. IEEE 802.15.4 IEEE 802.15.4 draft standard supports multiple network topologies including star and peer to peer topology.
  • 35. IEEE 802.15.4 • IEEE 802 splits DLL into MAC and LLC sublayers. • LLC is standardized and is common in 802.3,802.11,802.15.1. • Features of the IEEE 802.15.4 MAC are – Association and disassociation – acknowledged frame delivery – Channel access mechanism – Frame validation – Guaranteed time slot management – Beacon management.
  • 36. IEEE 802.15.4 …MAC • MAC provides data and management services to upper layers • 802.15.4 MAC is of very low complexity, making it very suitable for its intended low- end applications, albeit at the cost of a smaller feature set than 802.15.1 (e.g., 802.15.4 does not support synchronous voice links).
  • 38. IEEE 802.15.4 …MAC • Frame control field indicates the type of MAC frame being transmitted, specifies the format of the address field, and controls the acknowledgment. • Multiple address types : 64 bit physical address and short 8 bit network assigned address are provided. • Address field size may vary from 0 to 20 bytes. • Payload field is variable with condition size of mac frame <= 127 bytes. • FCS is used for integrity check using 16 bit CRC.
  • 39. IEEE 802.15.4 …PHY • This standard provides 2 PHY options with frequency band as fundamental difference. • 2.4 GHz band has worldwide availability and provides a transmission rate of 250 kb/s. • The 868/915 MHz PHY specifies operation in the 868 MHz band in Europe and 915 MHz ISM band in the United States and offer data rates 20 kb/s and 40 kb/s respectively. • Different transmission rates can be exploited to achieve a variety of different goals.
  • 42. ModBus • Modbus is a serial communications protocol originally published by Modicon (now Schneider Electric) • Used to establish master-slave/client-server communication between intelligent devices • Openly published and royalty-free • Modbus enables communication between many (approximately 247) devices connected to the same network
  • 43. ModBus • MODBUS devices communicate using a master- slave technique in which only one device (the master) can initiate transactions (called queries). • The other devices (slaves) respond by supplying the requested data to the master • A slave is any peripheral device (I/O transducer, valve, network or other measuring device), which processes information and sends its output to the master . • Masters can address individual slaves, or can initiate a broadcast message to all slaves.
  • 46. ModBus • MODBUS Frames : – ADU …Application Data Unit – PDU …. Protocol Data Unit
  • 47. ModBus • MODBUS Frames : – ADU …Application Data Unit – PDU …. Protocol Data Unit • The PDU frames : function Code+ data. • The ADU frames : Add+FC+data+Error check . • The FC -> action to perform and the data -> information to be used for this action.
  • 48. ModBus Data TYpes • Modbus transactions always perform a set of actions by reading or writing to a set of four data ,used by the Modbus application layer.
  • 49. ModBus Accessing Data • 16-bit Unsigned Registers And Single-bit Coils – Input Registers And Holding Registers – Input Coils And Status Coils • 64 kb of space is allocated for registers and coils
  • 50. ModBus Transmisssion modes • ASCII …Uses Longitude Redundancy Check • Remote Terminal Unit …Uses Cyclic Redundancy Check – In Modbus RTU, bytes are sent consecutively with a 3- 1/2 character space between messages for a delimiter. This allows the software to know when a new message is starting. • Any delay between bytes will cause Modbus RTU to interpret it as the start of a new message. – Modbus ASCII marks the start of each message with a colon character " : " (hex 3A). • The end of each message is terminated with the carriage return and line feed characters (hex 0D and 0A)
  • 54. BACNet • Building Automation and Control Networks developed by American Society of heating, Refrigerating and Air- Conditioning Engineers( ASHRAE) • It is a data communication protocol designed for communication between building automated system components • This is an Object Oriented protocol • Objects : Physical device, temperature input( analog input) , A relay control(binary output), schedules • Services : Used to perform read, write and I/O
  • 55. BACNet • BacNet Objects are evaluated and controlled by their properties • Property Name, Value Object Name “Lighting Area” Object Type BINARY_OUTPUT Present Value Active Status_Flags Normal, In-Service Out_Of_Service False Inactive_Text “Off” Active_Text “On”
  • 56. BACNet Services • BacNet Services are formal requests that one BACNet device sends to another to ask it to do something • Categories : – Object Access (Read, Write, Create, Delete) – Alarm and Event (Alarms and Changes of State) – File Access (Trend data, Data transfer) – Remote Device Management (Discover, Time Synchronization, Backup and Restore Database, Initialization) – Virtual Terminal (HMI via menus) – Who Is, I Am , Who-Has, I-Have • These follow a Client-Server model
  • 58. BACNet Network Types i.e Physical and Data Link Layer BACNet IP • Used with existing ethernet, WAN BACNet MS/TP • Uses Twisted Pair EIA -485 upto 4000 feet BACNet ISO 8802-3 • Limited to Single Infrastructure without IP routers BACNet P2P • Used only for dial-up telephone networks
  • 60. KNX • Abbreviation for KONNEX evolved from EHS (European Home Systems Protocol), EIB (European Installation Bus), BatiBUS • Used for Building Automation • Operates on more than one physical layer e.g twisted pair wiring, Ethernet, infrared • Every Unit hooked up to the KNX system is smart enough and does not rely on other parts to function • KNX devices are sensors, actuators, system devices.
  • 61. KNX • KNX Devices have 3 modes : – A-mode(automatic)….Configure themselves – E-mode (easy)…Require training to install – S-mode(system mode)….must be programmed by specialists. • KNX network can be formed with tree, line and star topologies • This can Link upto 57,375 devices
  • 62. KNX • For Routing of messages KNX uses telegrams Control 8 Bits Source Address 16 Bits Dest Address 17 bits Routing Counter 3 Bits Length 3 Bit Data Upto 16 bytes Parity 8 Bits
  • 63. KNX Telegram • High, Low, Alarm, System • ACK,NAK, BUSY Control – Decides Priority or For Acknowledgment • 4 bits- Area ID, 4 Bits- Line ID, 4 Bits- Device ID Source Address • Can be Physical or Logical – 17th Bit indicates PHY - 0 or LOG-1 Dest Addr • Defines Hop Count …Limited to 6 Hops Routing Counter • Used to Secure the Telegram Parity
  • 64. KNX • Used for control of building management – Lighting – Blinds/Shutters – HVAC – Metering – Remote Control – Refrigerators, Washers, Dryers – Security Systems
  • 65. KNX • Advantages – Platform Independent – Low energy consumption – Open Standard
  • 67. ZigBee Technology • Built on IEEE 802.15.4 standard for Wide Personal Area Network(WPAN) • This defines PHY and MAC layers to handle many devices at low-data rates. • These operate at 868 MHz(Europe with 20Kbps), 902-928 MHz(US with 40 Kbps) and 2.4 GHz(Entire world with 250 Kbps) • Low-cost and low-powered mesh network, which covers range of 10-100m. • These can be extended with the help of routers
  • 68. ZigBee Architecture • This consists of Three Devices in the n/w layer – Zigbee coordinator – Router – End Device • Zigbee coordinator - Every Network in Zigbee must have a coordinator(root) that handles and stores the information and also transmit and receive data operations. • Router – These are intermediary devices that permit data to pass to and fro through them to other devices. • End Devices – Have limited functionality to communicate with parent nodes
  • 70. ZigBee Architecture • This consists of various layers out of which PHY and MAC Layer are defined by 802.15.4 • Zigbee has own Network Layer and Application Layer. – Physical Layer – Does modulation, demodulation – MAC Layer – responsible for reliable transmission of data with CSMA/CA – Network – Routing, Network configurations, connections and disconnection management – Application support sub-layer : Interfaces with data managing services – Application framework : Provides two types of messaging service General messaging(GMS), Key-value pair(K_V pair).
  • 71. ZigBee OPERATING Modes • Non- Beacon – The coordinators and routers continuously monitor active state of incoming data hence more power is consumed. • Beacon – When there is no data communication from end devices, the routers and coordinators eneter into sleep state. – The coordinator wakes up periodically and transmits the beacons to routers
  • 72. ZigBee Topologies • Star…Here there is one coordinator responsible for initiating and managing devices. • Mesh…. Several routers are connected • Cluster- Tree
  • 73. ZigBee N/W Frame Format Octets : 2 2 2 1 1 Variable Frame Contro l Dest Addr Sourc e Addr Radiu s Seq No Frame Payload Routing Fields Network Header Network Payload
  • 74. ZigBee N/W Frame • Frame Control – Define various parameters like : – Communication type – Unicast/MutiCast/Broadcast – Security – Enabled/Disabled – Route discovery – Enabled/Disabled – Source / Destination Addr Specified or not • Addr : 64-bit / 16-bit • Radius – defines maximum number of hops allowed for packet • Seq. No – Packet Counter
  • 75. ZigBee APS Frame Format Octets : 1 0/1 0/1 0/2 0/1 Variable Frame Contro l Dest EndP oint Clust er Identi fier Profil e Identi fier Sourc e endp oint Frame Payload Addressing Fields APS Header Network Payload
  • 76. ZigBee APS Frame • Frame Control – Define various parameters like : – Frame type- Data/Command/ACK – Security – Enabled/Disabled – Delivery mode – Unicast/Broadcast/Multicast – Source / Destination Addr Specified or not • Addr : 8-bit source / dest addr • Cluster Identifier – Used to identify the cluster that is used in binding operation of zigbee coordinator. This is present for data frames but not for command frames. • Profile Identifier – Specifies the profile for which frame is intended. Used only for Data and ACK frame.
  • 77. ZigBee Applications • Home Automation • Smart Metering • Smart Grid Monitoring • Industrial Automation
  • 78. IoT Device Life Cycle Boot Up • Device is loading the firmware and starts to work as defined Initialization • Establish connection, Sync Data, Read configuration Operation • Device performs its designed task continuously Update • New Firmware arrives, device reboots, and loads new frimware
  • 79. IoT Device Life Cycle ….BootUp • Firmware integrity check: To ensure that firmware has not been modifed or tampered by others, the best method is to implement an integrity check by embedded checksum or secure password. • Secure boot: Encrypt firmware with PKI or public/private certification to secure the whole boot-up process.
  • 80. IoT Device Life Cycle ….Initialization • AAA protection • Use proper encryption to avoid user/device hijack. • Default account credentials appear in many IoT devices. It’s best to have an activation process which requires end-user to change default password. • Key/Certification protection: • Use a KMS (Key Management System) or CMS (Certification Management System) to protect encryption/decryption keys, or store those keys in a TPM (Trusted Platform Module).
  • 81. IoT Device Life Cycle ….Initialization • Communication protection: The communication between device and device, device and the Internet, or device and user interface (through mobile apps or web apps) should be encrypted (HTTPs, AES 128, 256, and others). • Identity protection: To prevent a fake identity within the communication group, it is necessary to make sure the communicated object is certified. A KMS or CMS can also play an important role here.
  • 82. IoT Device Life Cycle ….Operation • AAA protection • Remove all backdoor debug user accounts. From several studies, we have found out that many IoT devices keep those accounts for debugging purposes in the system and that increases the chances of penetration. • During the operation stage, the IoT device may still associate with new devices, users, and clouds, for example; add new monitor sensors for a connected home, or creating additional user account for home member, so account protection is still needed in this stage.
  • 83. IoT Device Life Cycle ….Operation •Monitoring: • The device should implement knowledge to detect abnormal operations and, if such operations occur, provide a warning to the backend or end user. • Integrity check: Run-time integrity checks can prevent the device from being compromised during operation. Leveraging cloud technology to have two-way integrity checks will be the most effective way.
  • 84. IoT Device Life Cycle ….Operation • Risk management: Use a method like virtual patching or a host IPS to reduce risk before Firmware Over-the-Air (FOTA) triggers
  • 85. IoT Device Life Cycle ….Updation •Secure FOTA (Firmware Over-the-Air): Before the FOTA trigger, the new firmware needs to be encrypted and checked to make sure the next lifecycle will be performing a secure boot up again.
  • 88. Problems of IoT Security • Initial design was for private communication network then moved to IP network and later on the Internet • Firmware updates are hard or nearly impossible after installations • Started with basic security then found the security flaws and attached more complex security requirements later • Low security devices from early design are still out there and used in compatible fall-back mode
  • 89. Problems of IoT Security • Fake Control Server • Attack on Device Ports • Attack on Server Ports • Steal Credential • Inject Bad Configuration • Sniff Data on Private Network
  • 96. IoT Vulnerabilities • I1 Insecure Web Interface • I2 Insufficient Authentication/Authorization • I3 Insecure Network Services • I4 Lack of Transport Encryption/Integrity Verification • I5 Privacy Concerns • I6 Insecure Cloud Interface • I7 Insecure Mobile Interface • I8 Insufficient Security Configurability • I9 Insecure Software/Firmware • I10 Poor Physical Security WANT PC MS
  • 108. Security Challenges in IoT • Wireless communication • Physical insecurity • Constrained devices Potentially sensitive data • Lack of standards • Heterogeneity: weakest link problem • A systems, not software problem • Classic web / internet threats • Identity management & dynamism • Inconvenience and cost
  • 109. Attacks in Different Layers of IoT Transport Send Wrong Data Incorrect Control Packets Network Routing Loop WormHole Attack Network Partitioning Denial of Service MAC Spoofing Man In the Middle Eaves Dropping
  • 110. How to Secure IoT Devices Download …https:/www.youtube.com/watch?v=2Z c2PDXtjsI 1. Secure Boot 2. Authentication 3. Protected Ports ..Physical Security 4. Secure Storage 5. Secure Connections
  • 111. Key Elements in IoT Security Identity Establishment • Use Public Key Cryptography Access Control • Define boundary of data access for devices…Data Access is done by Authentication Data and Message Security • Use Data Encryption Standards Non-Repudiation and Availability • Rejecting the fact that one entity has sent or received the message, and make all resources available and updated Security Model • Represent Security Features to be followed by an IoT Application
  • 112. Security Model for IoT Security ..Authentication, Confidentiality, Integrity, Availability Trust …Repudiation Privacy..Users Privacy, Laws, Ethics of communication