It will cover basics of IoT, its architecture , security issues ,and its possible solutions with examples. Hope you will find it helpful.

1. SECURITY IN IoT
(Internet of Things)
PRESENTED BY:-
RAMNEEK KAUR
ME(CSE),Regular
152417 1

2. CONTENTS
• Internet of Things(IoT)
• IoT Devices
• IoT Technology
• OWASP Top 10 Security issues in IoT
• Security concerns
• Wireless Sensor Network(WSN)
• Attacks on WSN
• Devices under Attack
• Countermeasures
• Future Scope
• References 2

3. IoT diffusion-Forecast
• Welcome to the era of the Internet of Things (IoT), where digitally
connected devices are encroaching on every aspect of our lives, including
our homes, offices, cars and even our bodies.
• With the advent of IPv6 and Wi-Fi networks, IoT is growing at a dangerously
fast pace, and researchers estimate that by 2020, the number of active
wireless connected devices will exceed 50 billion.
3

4. IoT(Internet of Things)-
Definition
 IoT refers to the network of physical, Identifiable, objects connected
via the internet, which can sense and communicate.
 It is Ubiquitous-means anywhere, anytime, anyway, anything and
anyhow (5 A’s).
 IoT includes concepts such as Wireless Sensor Networks(WSN) ,
Machine-to-machine(M2M) communication and Low power Wireless
Personal Area Networks (LoWPAN) ,or technologies such as Radio-
Frequency Identification(RFID).
4

5. IoT devices
• Thermostat
• smoke detector
• Lockitron
• Smart baby monitor
• Philips Hue light bulb
• Air Quality egg
• Smart Body Analyzer
• In Home Health Care
5

6. IoT Technology
• Now that we all understand the IoT concept, it would be worthwhile
to deep dive in order to get familiar with the building blocks of IoT:
6

7. CONTINUE…
1) Sensors & Sensor technology – They will sniff a wide variety of
information ranging from Location, Weather/Environment conditions,
data to Health essentials of a patient.
2) IoT Gateways – IoT Gateways , as the name rightly suggests, are the
gateways to internet for all the things/devices that we want to interact
with. Gateways help to bridge the internal network of sensor nodes
with the external Internet or World Wide Web.
3) Cloud/server infrastructure & Big Data – The data transmitted
through gateway is stored & processed securely within the cloud
infrastructure using Big Data analytics engine. This processed data is
then used to perform intelligent actions that make all our devices
‘Smart Devices’!
7

8. CONTINUE…
4) End-user Mobile apps – The mobile apps will help end users to
control & monitor their devices from remote locations.
5) IPv6 – IP addresses are the backbone to the entire IoT ecosystem.
Internet.
• With IPv4 we were running out of IP addresses, but with IPv6
(launched in 2012) we now have 3.4*10^38 IP addresses!
8

9. Key Challenges of IoT
• Availability
• Architecture
• Reliability
• Mobility
• Performance
• Management
• Scalability
• Security & Privacy
-Security and Privacy is a significant challenge due to lack
of common standards and architecture for IoT security.
9

10. OWASP Top 10
1. Insecure Web Interface
2. Insufficient Authentication/Authorization
3. Insecure Network Services
4. Lack of Transport Encryption
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface
8. Insufficient Security Configurability
9. Insecure Software/Firmware
10. Poor Physical Security
10

11. IoT security concerns
1. Privacy Concerns: 90 percent of devices collected at least one
piece of personal information via the device, the cloud or the
device’s mobile application.
• information like name, address, date of birth or even health
and credit card information.
2. Insufficient Authentication/Authorization: 80 percent users
and devices rely on weak and simple passwords and
authorizations.
3. Transport Encryption: 70 percent of devices used
unencrypted network services. Transport encryption will be
crucial as most of the devices are transmitting data that most
people would consider crucial.
11

12. IoT security concerns
4. Web Interface: 60 percent raised security concerns with their
user interfaces. These issues included:
• persistent cross-site scripting, poor session management and
weak default credentials.
• From this, hackers were able to identify valid user accounts
and take them over using things like password reset features.
5. Insecure Software: 60 percent did not use encryption when
downloading software updates.
12

13. Wireless Sensor
Network(WSN)-
• Wireless sensor networks (WSN), sometimes called wireless
sensor and actuator networks (WSAN)
• The topology of the WSNs can vary from a simple star
network to an advanced multi-hop wireless mesh network.
• The propagation technique between the hops of the network
can be routing or flooding.
• Wireless Sensor Networks (WSNs) are playing more and more
a key role in several application scenarios such as healthcare,
agriculture, environment monitoring, and smart metering. 13

14. WSN- Architecture
14

15. WSNs are Vulnerable to
various types of Attacks
15

16. Attack Models
• Eavesdropping: an attacker intercepts packets transmitted over the
air for further cryptanalysis or traffic analysis.
• Traffic analysis: allows an attacker to determine that there is
activity in the network, the location of the BSs, and the type of
protocols being used.
• Message injection: an adversary injects bogus control information
into the data stream.
• Message modification: a previously captured message is modified
before being retransmitted
• Node capture: An embedded device is considered being
compromised when an attacker, through various means, gains
control to the node itself.
• Denial-of-Service (DoS) attacks: can be grouped into two categories
 Service degradation (e.g., collision attack), and
 Service disablement through power exhaustion (e.g. jamming)
16

17. Layer-based attack
categorization
17

18. Attacks in Wireless Sensor
Networks
• Selective forwarding
• Acknowledgement spoofing
• Wormhole Attack
• Sinkhole Attack
• Helloflood Attack
• Sybil Attack
18

19. • Selective forwarding: A malicious node refuses to forward all
or a subset of the packets it receives and simply drops them. If
a malicious node drops all the packets, the attack is then
called black hole.
• Acknowledgement spoofing: Spoof link layer
acknowledgements(ACKs) to trick other nodes to believe that
a link or node is either dead or alive.
Attacks in Wireless Sensor
Networks
19

20. Wormhole and Sinkhole
Attacks
• In Wormhole the attacker tunnels
the packets received at one
location of the network and
replays them in another
location.
• In Sinkhole node tries to attract
network traffic by advertise its
fake routing update.
• launch other attacks like :
selective forwarding attack
acknowledge spoofing attack
Wormhole Link
20

21. HELLO Flood Attack
• Every new node broadcasts “Hello messages” to find its
neighbors. Also, it broadcasts its route to the BS.
• Attacker with a high radio transmission range and processing
power sends HELLO packets to number of sensor nodes.
• Sensors are thus persuaded that
the attacker is their neighbor.
• Victim nodes try to go through
the attacker.
21

22. Sybil Attack
• “a malicious node illegitimately claims multiple identities”
• The Sybil attack can disrupt geographic and multi-path routing
protocols.
Adversary A at actual location (3,2) forges location advertisements for non-existent nodes A1, A2, and A3 as
well as advertising her own location. After hearing these advertisements, if B wants to send a
message to C: (0,2), it will attempt to do so through A3. This transmission can be overheard and
handled by the adversaryA.
22

23. Devices under Attack
• Smart Watch: Data sent between the Smart watch and an
Android mobile phone could be intercepted.
• Bluetooth communication between most Smart watches and
Android devices relies on a six digits PIN.
• Easy to crack with a brute-force attack.
• Smart Homes
• Smart Cars
• and many more…. 23

24. Overview of Countermeasures
• Confidentiality is provided through the use of encryption
technologies. Cryptographic algorithms such as the DES,
RSA are used to protect the secrecy of a message.
• MAC (Message Authentication Code) or Digital Signature
Algorithms(DSA) can be used to assure the recipient’s
integrity of the data and authenticity of the message
• Digital Signatures can be used to ensure non-repudiation.
• Availability can be achieved by adding redundant nodes. Multi
path and probabilistic routing can also be used to minimize
the impact of unavailability.
• Data freshness is ensured by adding a counter value in each
message. 24

25. Future Scope
• Identify vulnerabilities (e.g. replay attacks) in the proposed
authentication method and find solutions to them before
implementation.
• Further research and implementation of key exchanges
together with security protocols for IP-communication in
constrained networks.
• Lot of work can be done in this field as no efficient security
architecture for IoT is given yet.
25

26. References
• G. Padmavathi, D. Shanmugapriya,“A Survey of Attacks, Security
Mechanisms and Challenges in Wireless Sensor Networks”,
International Journal of Computer Science and Information Security,
IJCSIS, Vol. 4, No. 1 & 2, August 2009, USA
• https://en.wikipedia.org/wiki/Internet_of_Things
• https://www.owasp.org/index.php/OWASP_Internet_of_Things_Pro
ject
• http://www.cisco.com/c/en/us/about/security-center/secure-
iot-proposed-framework.html
26

27. 27