Last but not least, to Mr. Kostantinos Dalakouras without his understanding, encouragement, persistence, motivation and kindness it would be difficult for me to reach at this point.
My most sincere appreciation to Dr. Ioannis Karamitsos for his support, comments and initial input during this effort and for his suggestion to develop my research aligned with business needs. Finally, I must express my very profound gratitude to my family, for providing me with unfailing support and continuous encouragement throughout this journey.
Thank you all, once again. Device - to WSN Gateway security Web Server Security Since then, the need of interconnection of all available objects over internet is increasingly demanding. Big consulting companies calculate the number of these connected objects to reach 20bn by , while the market is estimated to reach 3bn USD.
The IoT industry is flourishing since the amount of computations that a computer can execute almost doubles biyearly, while the size and the amount of power needed is almost half for the same period. This means that smaller and more powerful devices are available for interconnection and data exchange offering a wide range of applications. The Internet of Things covers several different domains and technologies, introducing challenges regarding interoperability between different stacks, and implementation of standards on low powered and low energy devices.
All these combined, bring new challenges in security and questions regarding how to ensure confidentiality, integrity and availability. As all innovative developments and IoT as well, ensure the users a superior life right now and in the years to come, but there is a great security concern. Especially today, the privacy is increasingly concerned by the public. The IoT is an immature technology. The key issue that affects the development of IoT is that a mature and complete security models and standards is lacking.
As the IoT environment becomes more and more complex and demanding, the security issues coped, are more and more complex than any other existing network systems. My motivation for conducting the research in IoT, is the lack of sustainable and flexible solutions which to address some of the main security issues. Some early security mechanisms and solutions are now being implemented, but they still need improvement and standardization.
The full potential of IoT goes beyond the enterprise centric systems and moves towards a user inclusive IoT, in which IoT devices and contributed information flows provided by people, are encouraged.
This will allow new user-centric IoT information flows and new cohort of services of high value for the society. Security is one of the main IoT challenges nowadays.
An important consideration is which protocol stack provides best security and privacy services. Security can be provided at different levels so deciding the optimal choice, is not simple process. Since IoT is a relatively new concept, it is still unknown and not explored by many companies and employees in industry. This limited knowledge, may cause them to be afraid of, or totally unaware of the potential security and privacy issues connected to their deployment of IoT.
Therefore, many organizations want to know more about the potential threats, benefits, disadvantages, challenges and solutions regarding security regarding IoT. Additionally, they need to know what competence in information security is necessary to realize cost effective security in conjunction with their deployment of IoT.
In this way, managers can make a balanced risk-benefit analysis of the adoption of IoT for a specific application or family of applications. Thesis Aims and Objectives The overall aim of this thesis is to assess the security mechanisms in the IoT area.
This will include a review and comparison of the current IoT protocol stacks, advantages and disadvantages of different security mechanisms applied in IoT. In this thesis, a distributed security mechanism end-to-end was developed for IoT applications.
Thesis Outline This chapter gives the historical background of IoT, introduces this thesis aims and objectives and provides the outline of the thesis. The rest of the thesis is structured as follows: Chapter 2, Information Security. This chapter provides an overview of Information Security, illustrates the CIA model, discusses on security elements and provides an overview of countermeasures and security policies.
Chapter 3, Internet of Things IoT. This chapter gives an overview of Internet of things IoT , analyses the fundamental and provides the IoT roadmap over the time. This chapter provides an overview of the most important IoT technologies and ends with a comparison table with pros and cons per technology. Chapter 5, Architecture of IoT. This chapter discusses the IoT reference model, The IoT framework and standards and analyzes the six-layered architecture. Chapter 6, Security in IoT.
This chapter concludes the challenges IoT ecosystem is facing will discussing the IoT protocols related to Security. Chapter 7, Proposed Distributed Security Mechanism. This chapter describes the proposed distributed security mechanism to cover end to end, from IoT device to web server. This chapter describes the implementation of the relevant mechanism and provides the results. Chapter 9, Conclusion. This chapter describes the conclusion of this thesis along with implementation action plan, best practices along with a quick implementation reference card.
On Appendix 1, all IoT relevant standards from various international organizations are presented. From the very first years of communication, the value of security mechanisms was very well comprehended. Julius Caesar was one of the first to use these practices by inventing the Caesar cipher at 50 B. From the mid of the 16th century various, governments around the globe, created organizations to secure the information and communication e.
More recently, during 19th century and because of the two World Wars many authorities were created to protect the privacy of information; exchange of war related information between allies of the World War II, brought into the picture the necessity of encrypting 2, the information to become unreadable. Enigma was successfully decrypted by Alan Turing 3. At the end of the 20th century and early years of the 21st, a speedy development in telecommunications, hardware and software occurred while data encryption is happening.
Things are getting smaller and smaller, more powerful and even cheaper, bringing computing closer to everyone, appealing not only to businesses but to individuals as well. The Internet expansion and availability also helped on all these objects to be interconnected and made information publicly available. These three pillars are considered the three most crucial components for security. Sensitive information is prevented from reaching the wrong people, while making sure that the right people can in fact receive it.
Access must be provided to the authorized to view the data. Some examples of practices used to ensure confidentiality is data encryption include bit not limited to, user names and passwords, two-factor authentication, biometrics, security tokens, hardware and soft tokens, etc.
Data must be altered only by authorized people. Measures include file permissions and user access controls, version controlling maybe used to prevent erroneous changes or accidental deletion by authorized users, which is a problem as well, checksums and cryptographic checksums for integrity verification; backups must be available to restore the data at its original state in case of permanent loss. Backup copies should be stored in a different location from the original data storage, firewalls IDS and proxy servers can be used to prevent intruders.
It is critical to comprehend that Data Protection Act prerequisites go beyond the traditional way or transmitted and stored data. In Table 1 : IoT security threats, I am trying to summarize the most important ones.
Privacy Concerns More than the critical to the functionality data are collected Collected sensitive data Data are not anonymized Unencrypted data collection Unprotected personal information Unauthorized access to personal information No retention policies applied Insecure Cloud Interface Account Enumeration No Account Lockout Credentials Exposed in Network Traffic.
In the following sections, the key elements definitions are described. Assets can include hardware, software and information as well. Assets should be always protected under the CIA triad framework 2. A danger is something that could possibly happen, or not. Dangers can prompt assaults on computer systems and that's only the tip of the iceberg. Corrective actions need to be taken even if it decided to simply mitigate the risk 2. Information security technology helps organizations to acquire, process and store data.
Therefore, data protection is essential to achieve CIA principals as described in this chapter. Failure to comply with CIA requirements may lead to financial implications and disciplinary actions. In this section, a historical background of Information Security is provided, an analysis of CIA triad, analyze security of the elements, countermeasures and security policies while on the next session we will refer to Internet of Things.
From a technical point of view, the IoT presents network of uncountable number of global connected objects - devices, sensors or actuators, providing different services over the Internet. Fundamentally, IoT means a shift from reactive to proactive systems; from delayed problem management to automatic sense-and-respond capabilities.
The most vital part of achieving IoT is communication, is communication. No matter how smart or capable the devices are, if they cannot transmit and communicate then they cannot be a part of the IoT ecosystem. How this communication is performed is less important, since the actual physical and link layer communication within IoT can be realized in many ways.
For example, a physical thing might execute multiple applications and thereby have multiple identities in the virtual world. Moreover, the number of devices can change dynamically.
The ratio of communication triggered by devices as compared to communication triggered by humans will noticeably shift towards device-triggered communication. Even more critical will be the management of the data generated and their interpretation for application purposes.
This relates to semantics of data, as well as efficient data handling. Originally used in supply chain industry for tracking purposes, very fast moved to the Vertical market such as security, surveillance, transportation, food safety and others enabled by the network evolution.
The total market is expected to reach 3 trillion USD. In the next section, we will analyze the IoT technologies. RFID and near-field communication brought into the picture into RFID technology uses electromagnetic fields to transfer data, for identifying and tracking tags attached to objects. The most well-known use of that technology is the implantation of RFID microchips in pets allowing identification of animals.
Can be used in a variety of applications from military use up to sensing fires in forests and monitoring metrics onto human bodies 4. In the following sections presented the description of the most used wireless technologies. Vic Hayes has been named as father of WiFi. Today, worldwide there are Wi-Fi devices that delivers the high-speed Wireless Local Area Network WLAN connectivity to millions of offices, homes, and public locations such as hotels, cafes, and airports and so many.
It is a low power wireless network protocol based on the IEEE With range of approx. It is widely used in smart home automation. Is easy and faster for development. Z-wave has full mesh networking capabilities without the need of a coordinator node and is very scalable, enabling control of up to devices. Sigfox uses free ISM band to transmit data over the very narrow spectrum. At the end, a comparison table showing pros and cons for the respected technologies is provided.
On the next chapter, the IoT architecture is provided. Devices are diverse, and there are no rules about size, location, form factor, or origin. Some will be as large as vehicles. The IoT must support the entire range. These types of information may need to be remain within the fog computing 5. Here its decided if data need to be stored to become available to applications, or to be transferred to upper levels.
Event-based data are converted to query-based processing data, in order differences between the real-time networking world and the non-real-time application world bridged. Data at rest from previous level are being processed from applications.
No much work needed here as levels have done the work properly. Data from previous levels are not useful at all, unless actions are triggered based on business logic 4.
Moreover, IoT architecture is not yet standardized and therefore several models are currently available. A reference of available standards from various international organizations is provided on Appendix 1.
In this layer, each object is assigned a unique ID which makes it easy to identify the objects. It consists of data sensors in different forms like RFID tags, IR sensors or other sensor networks which could sense the temperature, humidity, speed and location etc.
This layer gathers the useful information of the objects from the sensor devices linked with them and converts the information into digital signals which is then passed onto the Network Layer for further action.
Using some Intelligent Processing Equipment, the information is processed and a fully automated action is taken based on the processed results of the information. This layer is very helpful in the large-scale development of IoT network.
The IoT related applications could be smart homes, smart transportation, smart planet etc. It generates different business models for effective business strategies. In the next chapter, the security requirements are presented for each level of the IoT architecture with the security technology challenges. There are many challenges need to be analyzed when we are talking about security of an IoT environment. By nature, IoT is based on the development of objects as much as possible and the more objects we have the more potential problems may have.
Tens of years back we had only to protect our PC to access the internet, now we need to care about PCs, Smartphones, smart devices, car, wearables, anything practically that is connected over the net. Firmware updates for devices or OS updates are crucial to maintain the security at a high level.
Regardless of the number of IoT devices the information that is being captured need to be somehow transmitted to the next level for further processing. A set of several studies were considered to stipulate the following summarization for security requirements, challenges, threats and potential solutions Farooq, , Huang, , Nguyen, , Commission.
In the following table, the risks for each IoT layer described. For the security purpose, I have selected the most appropriate important IoT protocols to be analyzed and compared them. All these protocols are assigned to the transport or application layers of IoT protocol stack.
The protocol is based on the TLS protocol to offer similar security. Although it was designed for security. QUIC could give the security protection just like Transport Layer Security or like Security Sockets Layer with the feature of minimizing transport latency and no of connections. QUIC is also designed to estimate the bandwidth in either direction so that congestion problem should be avoided.
CoAP is designed in such way to avail different devices to operate on a constrained network and between devices on different constrained networks all interconnected by internet. Security was also implemented in V3. Encryption is implemented with SSL. Figure 6 : MQTT working model 6. It is a very commonly used for asynchronous communication and is a language-independent. In the next chapter, a distributed security mechanism for IoT is proposed.
IoT security spans over multiple layers, such as applications, networks and perception layers. Nowadays, the research addresses the security mechanisms between the devices and not the complete end-to-end path.
Doukas, provided a good base for securing IoT devices. However, it does not cover the entire path and it leaves a security gap between the device and the WSN gateway.
This mechanism, applied a data object encryption inside a data transmission payload. The security of data objects is provided with symmetric encryption by an extra protection layer for the data communication. In the following sections, a conceptual design and the implementation flow of a distributed security is presented. In this chapter, a distributed end-to-end security mechanism provides a symmetric encryption for data objects combined with the native wireless security to offer a layered security technique between the IoT device, WSN gateway and Web Server.
IoT devices have a vital important role in the IoT ecosystem but due to limited resources there are few protocols and standards they can support. In the next sections, the conceptual design of the proposed DSM mechanism is presented in detail. Data is encrypted using a secret public key and can be decrypted with the same public key. This public key is shared with the destination, and the Web Server.
These standards are described in detail in Appendix 1. By using a PSK-shared key, only authorized devices are connected to the network and can receive traffic. By encrypting data objects at the device level perception layer , only the device and the destination will be able to read the encrypted data. In the following paragraphs, the device-to-gateway security and the gateway-to-Internet security is described.
When connecting to the network, devices are secured with a PSK which is installed on each authorized device, and it is required for initiating communication between WSN gateway and the IoT device. Any unauthorized devices will not be able to decrypt data without the correct PSK. Object layer security exists at the application layer inside the payload of a transmission packet.
Objects in this context refer to a container of information, which has been formatted to be human readable. This level of encryption is used as a primary layer of protection and it can be combined with the offered wireless security for stronger security between the IoT device and the WSN gateway. It works as a second protection level in case of wireless network compromised. The second layer of security, is applied only to the contents of the data object. The data object is encrypted with a symmetric key, which has only been shared with the server, so that no intermediaries will be able to decrypt the data.
WSN Gateway to Internet Security WSN gateways are devices with enough resources to run operating systems and protocols necessary to securely transfer traffic across the Internet. A WSN gateway, may take the form of a microcomputer with a Linux-based operating system. The gateway has sufficient resources to apply heavy security and communication protocols that cannot be supported by IoT devices. Once data received by the gateway, they are processed and prepared for transmission to the remote server.
Gateway can forward secure communication to the server over the Internet using the configured secure socket layer. Figure 8 : WSN Gateway — Internet Connectivity The gateway acts as an intermediate with many resources to support these security measures and secure data before sending it over the Internet. In the proposed security mechanism, the payload of the packets is formatted as a JSON object and encrypted using AES bit symmetric encryption. The JSON object is not readable by the gateway or any other entity other than the intended destination.
Similarly, if the server sends a command back to the device, the data object is encrypted using the pre-shared symmetric key and is forwarded to the device for decryption. Only authorized devices should be in possession of the PSK. The second layer of security is applied only to the contents of the data object.
Addressing and source information remain unencrypted in this layer. Only the server can decrypt messages using its corresponding private key. The private key is located on the server and is not shared with any other device. The detailed flowchart of the proposed security mechanism with the relevant sequential processes that are mapped to the three IoT system components is shown in Figure 9 : Proposed security mechanism.
The encrypted data object can then be decrypted using the symmetric secret key from the originating device. If the key is shared with multiple devices, the devices are authenticated as part of a group. This scenario maintains the confidentiality of IoT data whenever it passes over a public network.
End-to-End Security Mechanism In the previous sections the security mechanism is presented distinctly in all IoT path including all systems and platforms. On the next chapter, we discuss how the implementation was made for the distributed security mechanism. This chapter describes the implementation, hardware specifications and configurations of the three IoT system components. Need an account? Click here to sign up. Download Free PDF. Simar Preet Singh.
A short summary of this paper. Internet Security — Bridge to prevent Cyber Crimes. The main Cyber Crimes for protection from attackers, it is crucial to threats are: have a good understanding of threats of Internet Security. This paper evaluates the importance and need of the a Denail of Service internet security with different kinds of threats related to b TCP Attacks internet security.
Different kinds of internet security measures are studied in order to evaluate the threats of c Packet Sniffing internet security. Further, the various types of internet security are studied to validate the threats. It has been observed that the Cyber Crimes are increasing these days due to lack of awareness of the user, and the lack of knowledge of preventing from those attacks.
The objective of internet security is to establish rules and measure to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud[5]. There are 2 types of Internet Security. These are: 1. Network Security Figure 1: Network Security 2.
We unusable, usually by overloading the server or network. In concluded the introduction regarding the E-mail security and a denial-of-service DoS attack, an attacker attempts to then various threats regarding E-mail security. By targeting your computer and its network 2. NETWORK SECURITY connection, or the computers and network of the sites you Network Security consists of the provisions and policies are trying to use, an attacker may be able to prevent you adopted by the network administrator to prevent and from accessing email, websites, online accounts banking, monitor unauthorized access, misuse, modification or etc.
There is huge need for the Network Security. The The most common and obvious type of DoS attack need of network security is in- occurs when an attacker "floods" a network with a Hacking information. When you type a URL for a particular website b Security Related Crimes into your browser, you are sending a request to that site's c E-mail Bombing computer server to view the page. This is a "denial of service" because you 3.
The client responds with an ACK, and the connection can't access that site. An attacker can use spam email messages to launch a This is called the TCP three-way handshake, and is the foundation for every connection established using the TCP similar attack on your email account. Whether you have an protocol. By sending many, or large, email messages to the account, an attacker can consume your quota, preventing you from receiving legitimate messages. The various steps that one can take are o Install and maintain anti-virus software.
Figure 2: a A normal connection o Follow good security practices for between a user Alice and a server. Applying email filters may help performed. The connections The following symptoms could indicate a DoS are hence half-opened and consuming server resources. It works if a server allocates resources after receiving a SYN, but before it has o Unavailability of a particular website. There are two methods, but both involve the server not o Dramatic increase in the amount of spam receiving the ACK.
A malicious client can skip sending this you last ACK message. This is a type of denial-of-service attack SYN requests to a target's system. When a client attempts that floods a target system via spoofed broadcast to start a TCP connection to a server, the client and server ping messages.
Key features of Smurf attack exchange a series of messages which normally runs like are-.
0コメント