Internet of Things security

The Internet of Things (IoT) integrates billions of smart devices that can communicate with one another with minimal human intervention. IoT is one of the fastest developing fields in the history of computing, with an estimated 50 billion devices by the end of 2020. However, the crosscutting nature of IoT systems and the multidisciplinary components involved in the deployment of such systems have introduced new security challenges. Implementing security measures, such as encryption, authentication, access control, network and application security for IoT devices and their inherent vulnerabilities is ineffective. Therefore, existing security methods should be enhanced to effectively secure the IoT ecosystem. Machine learning and deep learning (ML/DL) have advanced considerably over the last few years, and machine intelligence has transitioned from laboratory novelty to practical machinery in several important applications. Consequently, ML/DL methods are important in transforming the security of IoT systems from merely facilitating secure communication between devices to security-based intelligence systems. The goal of this work is to provide a comprehensive survey of ML methods and recent advances in DL methods that can be used to develop enhanced security methods for IoT systems. IoT security threats that are related to inherent or newly introduced threats are presented, and various potential IoT system attack surfaces and the possible threats related to each surface are discussed. We then thoroughly review ML/DL methods for IoT security and present the opportunities, advantages and shortcomings of each method. We discuss the opportunities and challenges involved in applying ML/DL to IoT security. These opportunities and challenges can serve as potential future research directions.

A Survey of Machine and Deep Learning Methods for Internet of Things (IoT) Security

The standard and real-time communication technology is an unalloyed inevitability for the development of Internet of Things (IoT) applications. However, the selection of a standard and effective messaging protocol is a challenging and daunting task for any organisation because it depends on the nature of the IoT system and its messaging requirements. Copious messaging protocols have been developed and employed by various organisations based on their requirements in the last two decades. Though, none of them is able to support all messaging requirements of all types of IoT systems. Messaging protocol is an ongoing dilemma for the IoT industry; consequently, it is important to understand the pros and cons of the widely accepted and emerging messaging protocols for IoT systems to determine their best-fit scenarios. Therefore, this paper presents an evaluation of the four established messaging protocols MQTT, CoAP, AMQP and HTTP for IoT systems. Firstly, it presents the broad comparison among these messaging protocols to introduce their characteristics comparatively. Afterwards, it performs a further in-depth and relative analysis based on some interrelated criteria to gain insight into their strengths and limitations. Thus, based on this detailed evaluation, the user can decide their appropriate usage in various IoT systems according to their requirements and suitability.

/pdf/choice-of-effective-messaging-protocols-for-iot-systems-mqtt-2ntzg9m31y.pdf

Choice of effective messaging protocols for IoT systems: MQTT, CoAP, AMQP and HTTP

Wireless sensor networks (WSNs) typically consist of sensor nodes and gateways that operate on devices with limited resources. As a result, WSNs require bandwidth-efficient and energy-efficient application protocols for data transmission. Message Queue Telemetry Transport (MQTT) and Constrained Application Protocol (CoAP) are two such protocols proposed for resource-constrained devices. In this paper, we design and implement a common middleware that supports MQTT and CoAP and provides a common programming interface. We design the middleware to be extensible to support future protocols. Using the common middleware, we conducted experiments to study the performance of MQTT and CoAP in terms of end-to-end delay and bandwidth consumption. Experimental results reveal that MQTT messages have lower delay than CoAP messages at lower packet loss rates and higher delay than CoAP messages at higher loss rates. Moreover, when the message size is small and the loss rate is equal to or less than 25%, CoAP generates lower additional traffic than MQTT to ensure message reliability.

/pdf/performance-evaluation-of-mqtt-and-coap-via-a-common-1oc3lhsisx.pdf

Performance evaluation of MQTT and CoAP via a common middleware

The Internet of Things (IoT) is set to occupy a substantial component of future Internet. The IoT connects sensors and devices that record physical observations to applications and services of the Internet[1]. As a successor to technologies such as RFID and Wireless Sensor Networks (WSN), the IoT has stumbled into vertical silos of proprietary systems, providing little or no interoperability with similar systems. As the IoT represents future state of the Internet, an intelligent and scalable architecture is required to provide connectivity between these silos, enabling discovery of physical sensors and interpretation of messages between the things. This paper proposes a gateway and Semantic Web enabled IoT architecture to provide interoperability between systems, which utilizes established communication and data standards. The Semantic Gateway as Service (SGS) allows translation between messaging protocols such as XMPP, CoAP and MQTT via a multi-protocol proxy architecture. Utilization of broadly accepted specifications such as W3Cs Semantic Sensor Network (SSN) ontology for semantic annotations of sensor data provide semantic interoperability between messages and support semantic reasoning to obtain higher-level actionable knowledge from low-level sensor data.

/pdf/semantic-gateway-as-a-service-architecture-for-iot-40gfgfgaoa.pdf

Semantic Gateway as a Service Architecture for IoT Interoperability

Lightweight Internet protocols are increasingly being used in ubiquitous environment in order to optimize the resource usage of a constrained device like a smart mobile gateway. This paper presents a study on the various such protocols to optimize the usage of energy, and network resources, computation cost of a constrained gateway device. Comprehensive analysis and feature wise categorization of existing dominant protocols, namely MQTT (message queue telemetry transport), CoAP (constrained application protocol) are provided here to achieve improved understanding of the existing issues and gaps in this domain. The present work further identifies the best suited application areas for each protocol based on the results corresponding to typical resource requirements and performance attributes. Finally our vision on the research scope is presented here mainly for optimization of energy usage.

Lightweight Internet protocols for web enablement of sensors using constrained gateway devices

Purpose



– The purpose of this paper is to study lightweight security scheme for Internet of Things (IoT) applications using Constrained Application Protocol (CoAP). Resource-constrained characteristics of IoT systems have ushered in compelling requirements for lightweight application protocol and security suites. CoAP has already been established as the candidate protocol for IoT systems. However, low overhead security scheme for CoAP is still an open problem. Existing security solutions like Datagram Transport Layer Security (DTLS) is not suitable, particularly due to its expensive handshaking, public key infrastructure (PKI)-based authentication and lengthy ciphersuite agreement process. 




Design/methodology/approach



– This paper proposes a lightweight security scheme in CoAP using Advanced Encryption Standard (AES) 128 symmetric key algorithm. The paper presents an object security (payload embedded)-based robust authentication mechanism with integrated key management. The paper introduces few unique modifications to CoAP header to optimize security operation and minimize communication cost. 




Findings



– It is resilient to number of security attacks like replay attack, meet-in-the-middle attack and secure under chosen plaintext attack. This scheme is generic in nature, applicable for gamut of IoT applications. The paper proves efficacy of our proposed scheme for vehicle tracking application in emulated laboratory setup. Specifically, it compares with DTLS-enabled CoAP to establish the lightweight feature of our proposed solution. 




Research limitations/implications



– This paper mainly focuses on implementing in-vehicle tracking systems as an IoT application and used CoAP as the application protocol. 




Practical implications



– Such a lightweight security scheme would provide immense benefit in IoT systems so that resource constraint-sensing devices and nodes can be made secure. This would impact IoT eco systems to a large extent. 




Originality/value



– Such kind of security suite that provides both robustness and lightweight feature is hitherto not known to the authors, particularly in CoAP for IoT applications.

Lightweight security scheme for IoT applications using CoAP

Secure yet lightweight protocol for communication over the Internet is a pertinent problem for constrained environments in the context of Internet of Things (IoT) / Machine to Machine (M2M) applications. This paper extends the initial approaches published in [1], [2] and presents a novel cross-layer lightweight implementation to establish a secure channel. It distributes the responsibility of communication over secure channel in between the application and transport layers. Secure session establishment is performed using a payload embedded challenge response scheme over the Constrained Application Protocol (CoAP) [3]. Record encryption mechanism of Datagram Transport Layer Security (DTLS) [4] with Pre-Shared Key (PSK) [5] is used for encrypted exchange of application layer data. The secure session credentials derived from the application layer is used for encrypted exchange over the transport layer. The solution is designed in such a way that it can easily be integrated with an existing system deploying CoAP over DTLS-PSK. The proposed method is robust under different security attacks like replay attack, DoS and chosen cipher text. The improved performance of the proposed solution is established with comparative results and analysis.

LESS: Lightweight Establishment of Secure Session: A Cross-Layer Approach Using CoAP and DTLS-PSK Channel Encryption

In this paper we present a lightweight security scheme for authentication and key management to establish a secure channel for Intelligent Transportation System (ITS) for an IoT (Internet of Things) application. We choose Constrained Application Protocol (CoAP) as lightweight application layer protocol. Low overhead security is still an open challenge for CoAP. We propose a payload embedded low cost symmetric-key based robust authentication and key management mechanism on CoAP. This minimizes the security overhead by eliminating expensive handshaking and ciphersuite agreement of standard TLS and DTLS. We propose some unique modification in the CoAP header to invoke its secure mode in an optimized manner. Further, we propose a secure channel with adaptive reliability which reduces the overall communication cost. Such a low overhead security scheme for CoAP is hitherto unexplored. The efficacy of our proposed scheme is demonstrated through laboratory experiments in an emulated environment.

Lightweight security scheme for vehicle tracking system using CoAP

IoT (Internet of Things) systems are resource-constrained and primarily depend on sensors for contextual, physiological and behavioral information. Sensitive nature of sensor data incurs high probability of privacy breaching risk due to intended or malicious disclosure. Uncertainty about privacy cost while sharing sensitive sensor data through Internet would mostly result in overprovisioning of security mechanisms and it is detrimental for IoT scalability. In this paper, we propose a novel method of optimizing the need for IoT security enablement, which is based on the estimated privacy risk of shareable sensor data. Particularly, our scheme serves two objectives, viz. privacy risk assessment and optimizing the secure transmission based on that assessment. The challenges are, firstly, to determine the degree of privacy, and evaluate a privacy score from the fine-grained sensor data and, secondly, to preserve the privacy content through secure transfer of the data, adapted based on the measured privacy score. We further meet this objective by introducing and adapting a lightweight scheme for secure channel establishment between the sensing device and the data collection unit/ backend application embedded within CoAP (Constrained Application Protocol), a candidate IoT application protocol and using UDP as a transport. We consider smart energy management, a killer IoT application, as the use-case where smart energy meter data contains private information about the residents. Our results with real household smart meter data demonstrate the efficacy of our scheme.

Abhijan Bhattacharyya

Papers

Lightweight Internet protocols for web enablement of sensors using constrained gateway devices

Lightweight security scheme for IoT applications using CoAP

LESS: Lightweight Establishment of Secure Session: A Cross-Layer Approach Using CoAP and DTLS-PSK Channel Encryption

Lightweight security scheme for vehicle tracking system using CoAP

Why not keep your personal data secure yet private in IoT?: Our lightweight approach