Unit IV IoT

 

UNIT IV

The technology world has used the term “Cloud Computing” more than any other word in the recent past. Cloud has grown more than expected as it is affordable, effective and effi- cient for the data storage.

Cloud services could be any one of the following:

1.       Software-as-a-Service (SaaS): Complete software application as a service is pro- vided to the user. (One can call it application as a service as well, pay monthly, yearly etc. as subscription.)

2.       Platform-as-a-Service (PaaS): Development tools, APIs, libraries, etc. will be pro- vided by the cloud service provider. Users have to build, manage and maintain the applications (provides platform to develop).

3.       Infrastructure-as-a-Service (IaaS): The entire infrastructure shall be provided as sup- port and mostly the service is provided as Virtual Machines (VMs) where the user need not worry about the infrastructure at all. Users manage the machines. They select the OS and underlying applications. PAY as YOU use! (With IaaS approach, one can choose virtual machines over physical machines.)

Some well-known service providers in the market are (but, not limited to)

1.       Amazon Web Services

2.       Azure

3.       Adafruit

The next important fundamental aspect to be learnt is, cloud computing deployment models

Based on the data being worked on, cloud should be categorized as public/private or hybrid cloud.

Three deployment models are generally used (Fig. 5.1):

 

            1.      Private Cloud Deployment: This is one of the best models where the data carries the highest respect and where the data generated is safeguarded without any flaw.

·        Wherever confidentiality matters the most, this particular deployment model can be opted.

·      Wherever and whenever the IP (Intellectual Property) needs to be protected, this model can be chosen.

·        When this model is chosen, the complete control of everything is well within the organization for which the deployment is carried out.

·        In this approach, the cloud servers are typically in the datacenters inside the organization.

·        This model demands that the hardware, software, data center, personnel, infrastructure, etc. be maintained, monitored,  installedd by the organization, which makes this model expensive but also offers the organization complete flexibility in terms of deciding the resources and how manage the same.

·        Also, data security can be ensured in the best possible way through this model as per the organization’s data security guidelines.

Advantages of private cloud deployment:

•       Data security

•       Flexibility

Disadvantages of private cloud deployment:

•       Could prove expensive

•       Maintenance, periodic upgradation, etc. could be difficult

•       Policies and other related things are to be framed carefully to make sure that the data is safe

2.      Public Cloud Deployment: This deployment is meant for general public or a large group.

·    The cloud service provider owns all the resources which include hardware/ infrastructure and software.

·        Cloud service provider (like Amazon, Microsoft) will take care of all the resource management. Installation, maintenance, upgradation, monitoring everything comes under the pursuit of the service provider.

·         If someone wishes to go with this model, what needs to subscribe and use, simple. No other commitments are asked of the user.

·        Access to this cloud service happens via the Internet.

·        when opting for this deployment model, one would get 24 ´ 7 customer support for technical and other related clarifications. However, security and privacy issues are the major challenges.

Advantages of public cloud deployment:

•       Pay and use - this is really easy

•       No investment on the hardware or infrastructure

•       Customer support and on demand

•       Scalable

Disadvantages of public cloud deployment:

•       Data is not with in the walls of the organization (User)

•       Securing the data while ensuring privacy is a certain challenge

3.       Hybrid Cloud Deployment: As the name suggests, this deployment is a mix of both the previously discussed models.

·        In this approach the resources offered and managed are both in-house and third-party based. This is the reason one can call it hybrid cloud.

·       Hence, organization and service providers both have the control and stake.

·        This approach offers flexibility to decide what to be owned by the organization and what can be leased to third party.

Advantages of public cloud deployment:

•       Both organization and third party come together.

•       Definitely not as expensive as private cloud deployment.

•       Flexible and controlled access can be enabled. Disadvantages of public cloud deployment:

•       Data still is not safe and is vulnerable.

A summary is presented as a simple diagrm with crispy points for quick recap (Fig. 5.2).

                      

IoT with cloud challenges

 

There are  7 challenges

1.     Privacy and Security:

·        We are aware that valuable and confidential data goes into the cloud, outside the firewall (into the cloud).

·        The moment the firewall is crossed, the data becomes hackable. Now, the data is stored elsewhere, hence the possibility that the data could be monitored without informing the user.

Solutions :

 

•     Periodic monitoring of the network activities, tracking unusual events in the net- work, opting for private cloud if the data is confidential, using recognized anti- virus solutions, etc. could certainly reduce the risk from being exposed.

 

•     Before signing the contract with cloud service providers, it is essential to read what is being promised and what are the regulations involved in the service being provided.

•     IoT is all about data and data is received from multiple sensor nodes in parallel. It is very important to safeguard the data to make sure the data is not stolen.

2.       Bandwidth Cost: Cloud computing is favoured for storage/processing because of the following reasons:

•     No need to invest on hardware. It is pressure-free with respect to selecting the hardware, investing on it, etc.

•     Also, there is no need to maintain the hardware.

•     The hardware/software upgrade is not the vicinity of the end user and it lies with the service provider.

•     Customer service and technical support is provided 24 ´ 7 with cloud service being opted.

 Bandwidth is a major concern and one has to spend for the same. If data becomes intensive, the investment is really huge It is a challenge that should be overcome.

3.       Migration and Portability: There are two aspects to it. First, assume all the data are to be moved to the cloud. Now, it is very normal for anyone to ask the following questions:

•     How safe it is?

•     How much down time would it demand?

•     How easy it is?

•     Do we have any strategy to migrate to the cloud?

The second aspect is much more interesting and raises the following questions:

•     Will it be easier to opt out of cloud while also taking data out safely back to the infrastructure?

•     How much would it cost?

•     Would that affect the current workflow?

•     Would there be a huge down time?

•     Would there be support offered to migrate smoothly to another cloud service provider? (Don’t think of small data, it is Big Data!)

Now, all these challenges get doubled with IoT as the data comes from the sensory nodes at a very high speed.

4.       Availability, Reliability and Robustness: IoT is all about continuous monitoring and reading the data. So, the data generation and storage have to be spontaneous. This forces the need to have continuous cloud service availability that is 24 ´ 7 availability is expected. Also, if there is a down time, it would/could miss the critical data. Hence, reliability has to be monitored and is a very important factor that decides the effec- tiveness of the service.

Robustness is equally important. It should be robust towards handling the data at different rates

Hence, it is very important challenge to provide reliable and all-time available cloud service.

5.       Costing: One of the advantages of using cloud is that cloud enables us to scale up with rising demand. While it is scalable and flexible, the organization should plan the budget carefully.

6.       Data Ownership: The data stored by the user on the cloud is owned by the user.But, when opting for cloud storage (when opting for public/hybrid deployment model), the data is under the custody of the cloud service provider. Then, it appears that the service provider owns the data. There are still challenges surrounding this debate of data ownership. Hence, ownership related challenges get doubled.

7.       Expertise: To use the cloud with IoT requires a specific skill set. The cloud plat- form gets updated every now and then and so the technocrats have to constantly upgrade themselves. This is a definite challenge.

 

 

Selection of Cloud Service Provider for IoT Applications: An Overview

 

There are many parameters and considerations to select the cloud service provider. We will discuss all these considerations one by one in this section (Fig. 5.3).

 

                                    

      

        Criteria 1: Certification and Standards Compliance

·        CSP (Cloud Service Providers) are expected to comply with standards.

·        This compliance with the industry accepted standard is the first criteria to select the CSP.

·        Some of the famous standards for the cloud are: ISO, OCC (Open Cloud Consortium), IEEE, SNIA (Cloud Storage Initiative). There are many other standards as well.

Criteria 2: Financial Health of the Service Provider

·        This is a very important aspect to be considered.

·        Does the service provider hold sufficient money/funding to operate for a long period? What if the service provider shuts the door at peak time?

·        If the service provider has healthy financial status and history of sustenance, then it is most unlikely that the CSP may shut the business down.

Criteria 3: Business and Technology Strength

·        Having the technical expertise to sustain and to adapt to the client’s requirements quickly is very important and is a key factor in selecting a CSP.

·        Having just the technical skill and strength does not help; it needs business skills as well to sustain.

·        Business skills include growth plan, financial planning, etc. - all that is required to sustain in the market.

·        Hence, Technology + Business Skills = Sustenance.

Criteria 4: Compliance Audit

·        The CSP must validate compliance with the client’s requirement which should be done through proper third-party audit.

·        This will enable transparency and perfect validation.

Criteria 5: Service Level Agreements (SLAs)

·        SLAs provide details and information about the services being provided and the real value that a customer gets out them.

·        This serves as a contract between the two parties defining the terms and conditions as also the legal aspects of the contract and the relationship between the two parties.

Criteria 6: Reporting/Tracking

·        The service provider should be capable of issuing a comprehensive performance report which also highlights the shortfalls.

·        This will help the customer to understand the com plete picture without any deviation.

Criteria 7: Costing and Billing

·        The costing and billing should be transparent and should provide the complete details of the usage.

·        The billing should be straight and for the usage only. This is a major factor in selecting the CSP.

Criteria 8: Maintenance Monitoring and Upgrade

·        It should be easy and less expensive to migrate to the CSP’s environment.

·        Also, when there is an upgrade, it should be done with ease.

·        In short, it should be easier to Install, Manage, Maintain, and Upgrade.

Criteria 9: Support

·        Based on the agreements, the support should be available and based on the complexity of the problem, a dedicated resource may be needed.

·        Also, onsite support may be needed when clarifications cannot be offered over phone.

 

Criteria 10: Security

·        The infrastructure (both hardware and software) should be secured.

·        There should be defined policies about the security which should also be shared with the customer.

·        When there is a failure, how safe is the data? What are the recovery and backup options? These points must be clarified and should be sound.

·        Now comes protecting the physical infrastructure. It has to be safe guarded as well.

·        Security is the prime concern and cannot be ignored.

 

Cloud Computing: Security Aspects

The security of cloud computing depends on software security, infra-structure security, storage security and network security..

Let us discuss these security aspects briefly:

1.       Software Security: Software is the core and plays a vital role in presenting and ensuring a secure environment. If there are defects created/generated during the development phase, it is a software security threat. Care should be taken to write software for IoT without errors/defects.

2.       Infrastructure Security: Making sure that the infrastructure provided by the CSP is safe is a must. Since third party could also contribute to the infra- structure, it is extremely important that it checks the security vulnerabilities with the infrastructure. If data is damaged, everything is damaged and lost.

3.       Storage Security: Answering the below questions is essential at this point.

a.      Who is the owner of the data?

b.      Where is the data stored?

Data leak, snooping, malware attacks, etc. are all threats to the stored data and can be listed under storage security. Appropriate antivirus software, periodic monitoring, etc. shall help to protect the data.

4.       Network Security: Data is stored into the cloud through the Internet, and hence, Internet is inevitable. When it comes to Internet, all network threats become a possibility.

 

Security Basics

Sensors, devices, data processing and feedback, and cloud are the four major components involved in any IoT application. The additional components include privacy and security.

Challenges involved in Security is as follows:

1.       IoT ranges the “internet” with the help of mobile network, customary internet, blue- tooth sensor network, and so on.

2.       All “things” in IoT will be linked to “internet”.

3.       These different “things” will connect and talk with each other.

Due to this communication in the air, the new privacy along with security problems will arise.

CPS mostly aims at the following:

1.       Intelligent-zing interactive applications.

2.       Cross-layer optimization.

3.       Distributed and real-time control.

4.       Hybrid-domain optimization.

This pushes the need for developing some advanced technologies and methodologies in order to meet the new requirements in terms of security — privacy and reliability.

 

IoT System Functionalities

There are 10 basic functionalities identified from IoT security. They are as follows:

1.    The microcontroller unit in the IoT system carries the firmware in it and can be advanced to deliver improved services or for a security patch to overcome the threats.

2.    Access limitations and usage of public network during the pairing stage needs more secure channels. A message channel like WiFi, ZigBee, Bluetooth, and near field communication are usually involved in this stage.

3.    Binding helps to configure the device after pairing. WiFi SSID and password helps connect to the internet. An appropriate protocol is followed while binding the user and the device.

4.    In case of a local or private network, the controller can link to a port. During this process, user authentication is a must before further action.

5.    Only after authentication can the controller direct commands for things control that are present in the system. The five aspects of IoT security and privacy are shown in Fig. B.1.

6.    Sometimes, if the controller is on a publicly available internet and not on a private network, then cloud services are used for authentication.

7.    If the controller is not on the local network, then the control of things also happens through cloud services only.

8.    During this remote authentication process, the cloud has to relay the authentication along with the control messages between different things present in the IoT system and the controller.

9.    Big data analytics on the data collected can be processed in the cloud. They can also further coordinate with other clouds for different enhanced services.

10.    Abnormal behaviors can be notified to the user and this includes too many login attempts.

 

 

 

                 

                             

 

Security Architecture

 

                Perceptual layer (also called recognition layer) is the most basic level, which gathers all                 types of information with the help of physical equipment and identifies the external world. The key component in this layer is the sensors that are used for capturing and representing the physical world.

The second level in the security architecture is the network layer. This layer is responsible for the dependable broadcast of data and information from previous layer. In this layer, the data broadcast is trusted on numerous basic networks, which could be one of mobile com- munication network, wireless network, satellite nets, etc.

The third level in the security architecture is the support layer. This layer will set up a dependable platform for the application layer. Grid and cloud computing are mostly used for all kinds of intelligent computing powers. This layer helps merge the application layer upward and the network layer downward.

The topmost layer is called application layer. This layer delivers the personalized services based on the user’s needs. This layer helps users access IoT through the interface using per- sonal computer, mobile equipment, television, etc.

 

Security Features Need Across Four Layers

 

1.      Perceptual Layer: With simple architecture and less power, perceptual layers are short of storage and computer power.Security threats from the external network like denial-of-service necessitate these security needs. All these reasons necessitate the sensor data to be protected for authenticity, integrity, and confidentiality.

2.      Network Layer: Though the core network has safety protection ability, security vulnerabilities like man-in-the-middle attack or bogus attack still exists. Computer virus and junk mail cannot be ignored as well and huge amounts of data transmission cause data congestion. Hence, security methods in this network layer are very much needed.

3.      Support Layer: Due to the huge amount of data processing, data mining, and feed back, intelligent handling is limited for malevolent information, so it is a challenge to increase the ability to recognize data.

4.      Application Layer: In this topmost level, security needs for various applications are different. One of the properties of this layer is data sharing, which does crate privacy problems, access control issues, and information revelation to unwanted persons.

 

                                            

                        

Security Requirements

Following are the security requirements across different layers:

1.       Perceptual Layer: Authentication is the first level of security measure and is always essential to prevent any illegal admission to the node.

·        The information confidentiality also needs to be taken care during information transmission between the different nodes.

·        Lightweight encryption technology helps resolve this issue and this includes cryptographic protocol and algorithms.

·        At the same time, the authenticity and integrity of the data from the sensor is also becoming a focus of research.

2.       Network Layer: The present day messaging security mechanisms are not so easy to be used.

·        Identity verification is one of the methods to avoid illegal nodes, and it is the basis of security methods.

·        Distributed denial of service (DDoS) attack in the network is serious in the IoT domain.

·        Averting the DDoS attack for the susceptible node is another problem to be solved.

3.       Support Layer: Cloud computing along with secure multi-party computation falls under this layer of security needs.

·        Different encryption algorithms along with the encryption protocol and tougher system security technology are hence essential in this layer.

4.       Application Layer: Two aspects are considered in this layer, which is also the topmost layer.

·        The first one is the verification and key contract across the varied network. The second aspect covers the user’s confidentiality protection.

 

 

 

Challenges in IoT Securities

IoT security related challenges are as follows:

1.       Security approaches heavily relying on encryption is not a good fit for constrained devices as they cannot perform complex encryption and decryption quickly.

2.       Device authorization along with authentication is critical when it comes to securing IoT products and systems. IoT platform with two factor authentication and usage of strong passwords or certificates can help solve this issue.

3.       Device updates needs to be managed effectively as well. Security patches to firm- ware or software will have a number of challenges. Also, over-the-air updates may not be possible with all types of IoT devices.

4.       The communication channel needs to be secure as well. Encrypting messages before transfer is good but it is better to use transport encryption and to adopt standards like TLS. Figure B.7 represents security vulnerabilities.

 

 

 

 

 

5.       The sensor data should also be stored and processed securely. Data integrity, can help to make sure that the original raw data is not modified during transmission. Data that is no longer required should be disposed or deleted .

6.       All applications and services should also be secured as they manage, process, and access IoT devices along with the sensor data.

 

Mirai Botnet and the Algorithm

Mirai Trojan, the malware, was the reason behind the creation of Mirai Botnet, which is a Trojan. After obtaining samples of Mirai Trojan, a research group determined that it had evolved from a previously-created Trojan also known as Gafgyt, Bashlite, Lizkebab, Bashdoor, Bash0day, and Torlus. The team reported that it was created using Executable and Linkable Format (ELF) binaries which is a common file format for UNIX and Linux based systems.

Mirai malware uses a uniform scanning strategy where it randomly scans public IP addresses and selects a pair of username/password from a hardcoded dictionary list for the attack. The Mirai scanning algorithm is presented in Fig. B.8.

 There are over a hundred thousand IoT devices using default settings and making them vulnerable to infection. It is also reported that a successor of Mirai is designed to hijack cryptocurrency mining operations. The source code for Mirai is made open-source and the techniques have been adapted in other malware projects.