This PPT will provide an basic idea about Application Protocols used in IoT and its vulnerabilities in terms of security and mitigation techniques.

1. IoT Specific Application Protocols
Jigar Makhija

2. About me
My name is Jigar Makhija and I was a Associate Software Engineer for LNT Infotech. I am an accomplished coder and programmer,
and I enjoy using my skills to contribute to the exciting technological advances that happen every day. I graduated from the Kachchh
University in 2013 with a Bachelor's Degree in Computer Applications and I post-graduated from the Indus University in 2016 with a
Master’s Degree in Information Technology (MSC.IT).
After that I got an opportunity as an entry-level position at LNT Infotech directly after my post-graduation and i resigned in January of
2019. After spending more and more time in programming I found that i am a quick learner with all tech-related things.
I joined Amrita Vishwa Vidyapeetham as a Research Student in the Computer Science Department from January with complete
different domain in the field of Internet of Things, gradually working with embedded devices i made my hands dirty with cyber security
domain combining my IoT skills and still studying and finding vulnerabilities in different aspects to provide better solutions.

3. The Internet of Things is a convergence of embedded systems, wireless sensor networks,
control systems and automation that makes connected factories, intelligent retail, smart
homes and cities and wearable devices possible.
IoT technologies empower you to transform your business with data-driven insights,
improved operational processes, new lines of business and more efficient use of materials.
By - Microsoft

4. Agenda
Intro
Basic Idea
about
Protocols
Security
Aspects
Mitigat
ion

5. An overview about IoT Protocols
When talking about the Internet of Things, we always think about communication.
Interaction between sensors, devices, gateways, servers, and user applications is the essential characteristic
that makes the Internet of Things what it is.
But what enables all this smart stuff to talk and interact are the IoT protocols which can be seen as languages
that the IoT gear uses in order to communicate.
Why should you care about IoT protocols?

6. Answer to your Question: Why should you care about IoT protocols?
What differentiates a smart device from ordinary devices is that it stays mute in case of a breakdown, the
smart device is able to talk to other devices.
if it encounters any problems and, if need be, to communicate the failure to the user or automatically call for
help.
But every such instance of interaction is possible when there is a medium of communication, a common
‘language’ that all the devices in a given IoT ecosystem would share and be able to use.
Within the Internet of Things, the medium is provided by the IoT protocols: communication can be either
through Internet protocols already in use, or the IoT protocols developed for these connected device.

7. Different Aspects of IoT communication
Each with its own type of protocols to suit its purposes
IoT protocols can be divided in terms of the role they
play within the network.
There are protocols used in connectivity infrastructure
(e.g. 6LowPAN),
communications (Wi-Fi, Bluetooth),
data transmission (MQTT, CoAP, XMPP),
security (DTLS),
device management as well as telemetry (LwM2M).
This is one of the reasons why the Internet of
Things needs standardized IoT protocols.

8. Application Layer Protocols for the Internet of
Things

9. Introduction
The critical goal of Internet of things (IoT) is to
ensure effective communication between objects and
build a sustained bond among them using different
types of applications.
The application layer is responsible for providing
services and determines a set of protocols for
message passing at the application level.
with this interconnection, these devices need
different protocols (Bluetooth, Wifi) to avoid the
problem of interoperability.

10. Some Protocols

11. CONSTRAINED
APPLICATION PROTOCOL
(COAP)
Constrained Application
Protocol (CoAP) is
request/response protocol.
This protocol is only
sufficient in constrained
environment such as:
constrained node with low
capability in RAM or CPU,
and constrained network,
such as lower power using
wireless personal area
network (WPAN).

12. CoAP supports publisher/subscriber architecture, this architecture provides multicast communications, and the
publisher sends the message so on the other hand multi-subscribers can catch the message and takes the
actions.
This multicast is done in an Asynchronous way. Publish/subscribe architecture is used to support a large
number of users and provide better performance than the traditional way.
The most important features in CoAP are simplicity and reliability; since it supports unicast and multicast
request by
taking advantage of UDP, and provide the ability to Asynchronous message exchanges.
CoAP is a single protocol with two layers, the first layer is the messaging layer and the second one is the
request/response layer; messaging layer aims to achieve reliability based on UDP, while request/response layer
aims to act the interactions and communication.
CoAP uses different types of massages: Conformable Message, Non-conformable Message, Acknowledgement
Message, Reset Message, Piggybacked Response, Separate Response, and Empty Message.

13. Message queue telemetry transport (MQTT) is a publisher/subscriber protocol.
It’s similar to the client-server Model.
its simplicity, and open source code make
this protocol suited only for constrained
environments, such as low power, limited
computation capability and memory, and
limited bandwidth.
It’s suitable for IoT applications and
machine to machine communications. MQTT
protocol can run over TCP/IP
MESSAGE QUEUE TELEMETRY TRANSPORT (MQTT)

14. MQTT
MQTT provides a set of features that includes:
the support of multi-cast communication (one to many message), and the capability to
establish communications between remote devices.
But the most important feature of this protocol is the minimization of network traffic by
reducing transport overhead and protocol exchanges.
In addition, it provides a notification mechanism when an abnormal situation occurs.
MQTT protocol provides three options to achieve messaging Quality of Service (QoS)

15. MQTT Vs CoAP
MQTT protocol outperforms CoAP protocol in the
case of high traffic network;
MQTT provides higher throughput and lower
latency than CoAP.
The importance of MQTT protocol is due to its
simplicity and the no need of high CPU and
memory usage (lightweight protocol).
MQTT supports a wide range of different devices
and mobile platforms.
On the other hand, MQTT is high sampling rate
and high latency, and dedicated to simple data
type only, can’t be used in real time applications.

16. EXTENSIBLE MESSAGING AND PRESENCE PROTOCOL (XMPP)
XMPP nowadays is one of the most common
communication and messaging protocol in IoT.
XMPP protocol supports both request/response and
publish/subscribe models.
request/response which allows bi-directional
communications and publisher/subscriber model which
allows multi-directional communication (push and pull
the data).
High scalability in XMPP is provided by decentralized
architecture.

17. REPRESENTATIONAL STATE TRANSFER (RESTFUL SERVICES )
It provides web services which
allow communication and data
exchange between different devices
using HTTP in IoT environment.
Different representations are used
in this RESET such as JASON, XML,
and text.
Reset architecture uses the same
methods used in HTTP, such as GET,
PUT, DELETE, POST, and OPTION, to
the request or response of resource
usage.

18. RESTFUL web services support
request/response messaging
model, by using HTTP
commands.
When using HTTPs it provides
security since it uses
TLS/SSL.
REST with CoAP

19. Major attacks affecting the application layer protocols.

20. Vulnerabilities classified in Application Protocols
MQTT CoAP XMPP
Authentication Message
parsing
Unauthorized
entry to a server
Authorization Proxying and
caching
Authentication
Message
delivery
Bootstrapping Message
validation
Message
validation
Key generation Certificate
verification
Message
encryption
IP address
spoofing

21. Mitigating these
Issues
There are still lot of
research ongoing proposing
mitigation measures for the
AMQP, DDS and XMPP
protocols yet to arrive on
solid proofs .

22. Thank you
Post/Ask your queries?