What is Internet of Things (IOT)?
As name indicates, “things” means physical objects, Collection of physical objects which are connected over the internet. In IOT, we see inter connected devices, embedded sensors or multiple other software’s which can communicate data over Wi-Fi like creating processing the user interaction and other stuff without human intervention.
We see IoT devices all around like the smart speaker in our home which can actually run the whole house just by voice commands.
We now have smart fridges washing machines lights and much more which can actually be considered as the IoT devices
Whole IOT devices are part of four-layer infrastructure.
Layer are define as:
i. Sensor connected to IOT devices:
They can be work standalone sensing devices or can be embedded with big devices. Their work is to sense or record the data you can see the example of a smart watch which actually senses the heartbeat oxygen and keep track of them within an app.
ii. IOT gateway devices:
So all devices from layer one connected to internet by gateway devices. From this layer, sensor devices become part of network and can communicate over the network such as if we want to use smart speaker to turn off the light the data or command can be sent from the speaker to the bulb over the network.
iii. IOT Analytics:
Raw data collected and that data helps the developer to learn how they can improve functionality of an IoT device. This layer uses different data science, machine learning and analytics techniques.
So input from one layer goes to another till the forth layer. Each layer has its own specification to make IOT functioning/resulting more accurate.
Note: We can do modification in or implement each layer as per business needs. For every business IOT layer functionality may be little bit differ.
i. This implementation reduces the operational cost.
ii. Improve efficiencies and reduction in human mistakes.
iii. It provide automation and helps us work under compliance.
iv. It accept the changes more effectively and adjust the interaction between connected things.
v. Collects data from multiple connected devices and provides insights of IOT so helps in taking real time decisions more accurately.
i. It is costly since it is a new technology.
ii. It has lot of security challenge
iii. Peoples are less familiar with IOT devices so to secure them it a little hectic task or sometimes can be overlooked.
How communication happens?
Some standard protocols use in IOT communication:
i. Constrained Application Protocol/COAP: Due to too much traffic on IOT devices, they create many use cases. To reduce these use cases, COAP translate HTTP model in the manner that devices can be used in restricted manner.
ii. Message Queuing Telemetry Transport/MQTT: A lightweight messaging protocol provides low power consumption, good reliability for devices. It is based on subscriber, publisher and broker model where publisher’s task is to collect data and send information to subscribers via broker.
iii. ZigBee: It is based on wireless technology that uses 802.15.4 specification. Due to its specification that it can work in noisy environment, provide low latency and is compatible with most of sensors. As it can work on different frequency such as 868 MHZ, 902–928 MHZ and 2.4 GHZ which makes it more popular. Frequency will be chosen depending on the business needs.
Structure: ZigBee consists of three main component:
a) ZigBee coordinator: It acts as bridge in “ZigBee” structure and every structure have at least have one “ZigBee coordinator”.
b) Router: It acts as an intermediate between both so information can flow from here to “End devices”.
c) End Device: They have limited information about their parent nodes.
“Zigbee coordinator” is not only forward the information to “router” but also store that information and these three can be connected to each other via “star”, ”tree” and “mesh” topology.
a) It is self-configuring, self-healing, short-range radio networks and it is easy to install and maintain.
b) Communication between sensors are easy.
c) It make communication error free and provide authorized reading only.
d) It can easily work on low-cost battery-operated devices.
iv. Bluetooth: It provide wireless connection between various electronic devices.
v. Lightweight M2M/LwM2M: To handle the resource constrained devices in comprehensive manner.
It is little tough to secure IOT networks as companies doesn’t pay too much attention on it there are many weak points in those devices such as sometimes they used some outdated frameworks and so on. So we concerned with the network security and security of the IoT devices as well. We have some common attacks that exists in IOT networks.
Before moving you can check my previous blog about the security of wireless networks which will provide a good interpretation in understanding this blog.
· Network attacks: There is a possibility that IOT devices can be exploited over the network on which they are connected:
i. Sniffing attacks: Sniffing is intercepting and looking at the packets flowing over the networks. These techniques usually used by the network administrator to troubleshoot the network. It can be wireless sniffing, Internal sniffing, External Sniffing.
Attacker analyze the traffic and can steal the identity, passwords or valuable information that is needed to exploit the network. Sniffing can be done passively or actively. Now days active sniffing is more popular. In Active sniffing attacker flood the router /switch with bogus requests. By doing this, they are filling up the CAM table full of entries. As CAM table fills up it will send traffic to all the ports.
ii. Distributed Denial of Service/DDOS Attacks: Attack send a lot of request to the IoT devices in a very less time. The IoT devices couldn’t actually able to handle those request and it cause a jamming on the devices as it will not be able to actually process any further requests.
· Jamming attacks: Sometime hacker created a duplicate Access Point (AP) on the network or he can use interference on WIFI by radio sources so he can “jam” the traffic in a network. When there is a “jam” devices lose their connectivity and not able to communicate with network.
Ex: Alarm security connected over WIFI and WIFI someone is sending a lot of data packets to the router then it will create a jam on the network and user will not able to trigger the alarm manually as the network has been jammed.
i. Configuration of AP for a particular network should be tightly done.
ii. Use of spectrum analyzer time to time so that we can analyze the radio waves in order to understand whether there is someone trying to interfere with the network