International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)

(I-SMAC 2017)

Internet of Things (IoT)

A Vision, Architectural Elements, and Security Issues

Shivangi Vashi Jyotsnamayee Ram Janit Modi

Department of IT Department of IT Department of IT
NMIMS MPSTME NMIMS MPSTME NMIMS MPSTME
Mumbai, India Mumbai, India Mumbai, India
svashi1997@gmail.com jyotsna1330.jr@gmail.com janitmodi567@gmail.com

Saurav Verma Dr. Chetana Prakash

Department of Information Technology Department of Computer Engineering
NMIMS MPSTME BIET, Davangere
Mumbai, India Karnataka, India
sauravtheleo@gmail.com chetana.p.m@gmail.com

Abstract - The Internet of Things is an emerging technology
across the world, which helps to connect sensors, vehicles,
hospitals, industries and consumers through internet
connectivity. This type of architecture leads to Smart Cities,
Smart home, Smart agriculture and Smart World. Architecture
of IoT is very complex because of the large number of devices,
link layer technology and services that are involved in this
system. However, security in IoT is the most important
parameter. In this paper, we give an overview of the architecture
of IoT with the help of Smart World. In the second phase of this
paper, we discuss the security challenges in IoT followed by the
security measures in IoT. Finally, these challenges, which are
discussed in the paper, could be research direction for future
work in security for IoT.
Keywords- Internet of Things (IoT), information security,
identification, authenticity, RFID
devices as well as with related services, is expected to happen
anytime, anywhere, it is frequently done in a wireless,
autonomic and ad-hoc manner. In addition the services
become much more fluid, decentralised and complex.
Consequently, the security barriers in the Internet of Things
become much thinner. The IoT architecture, like the Internet,
will grow in an evolutionary fashion from a variety of separate
contributions, rather than from a grand plan. Security is a
major concern while dealing with the Internet of Things. A
majority of IoT enabled devices are not very secure and can be
accessed by a third party easily. Thus there is a severe need to
standardise it to ensure that the privacy of the user is not
invaded [1]. Research into the IoT field is still in its early
stage, and a standard definition of IoT is not yet available. IoT
can be viewed from three perspectives.

1) Internet oriented
I. INTRODUCTION 2) Things oriented
3) Semantic oriented.
Internet of things as the name suggests, is the connectivity of
everyday devices with each other. With the advancement in The first definition of Internet of Things was from a “Things
technology, numerous devices are using sensors, actuators,
oriented” perspective, where RFID tags were considered as
embedded computing and cloud computing. This has enabled
things. It was defined as “The worldwide network of
communication between devices. To put it simply, the Internet
interconnected objects uniquely addressable based on standard
of Things enables devices (things) to interact and co-ordinate
communication protocols”. These definitions do not highlight
with each other thereby reducing human intervention in basic the industrial view of IoT. Companies across the world are
everyday tasks. To get a better understanding of IoT consider
investing billions in the IoT to solve industrial problems
the scenario of a smart home. As soon as the alarm rings it
(IIoT). The IIoT refers to industrial objects instrumented with
sends a signal to the coffee maker and the toaster, which
sensors, automatically communicating over a network, without
automatically start doing their jobs without any human
any human-to-human or human-to-computer interaction, to
intervention. Thus, saving time and making our everyday tasks
exchange information and take intelligent decisions with the
easy, this type of device communication is the Internet of support of advanced analytics.
Things. The IoT enables physical objects to see, hear, think
The definition of things (as shown in fig.1) in IoT is very wide
and perform jobs by having them “speak” together, to share
and includes a variety of physical elements. This network of a
information and to co-ordinate decisions. A network of
variety of objects can bring ample amount of challenges in
heterogeneous devices/applications has its own set of
developing applications and make existing challenges more
challenges. Moreover, as the communication among these
difficult to tackle.

978-1-5090-3243-3/17/$31.00 ©2017 IEEE 492

 International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
Fig.1. Definition of IoT [3]
A middleware can offer common services for applications and
ease application development by integrating heterogeneous
computing and communications devices, and supporting inter-
operability within the diverse applications and services
running on these devices. A number of operating systems have
been developed to support the development of IoT middleware
solutions. They reside in physical devices, and provide the
necessary functionalities to enable service deployment. The
internet of things is not a single technology, it’s a concept in
which most new things are connected and enabled such as
street lights being networked and things like embedded
sensors, image recognition functionality, augmented reality,
near field communication are integrated into situational
decision support, asset management and new services. These
bring many business opportunities and add to the complexity
of IoT [2].
II. IOT ARCHITECTURE
The Internet of Things involves a growing number of smart
interconnected devices and sensors that are often non-
intrusive, transparent and invisible. The communication
among these devices as well as with related services is
expected to happen anytime, anywhere and it is frequently
done in a wireless and autonomic manner. In addition the
services become much more decentralized and complex. Thus,
to manage the complexity, IOT architecture is required.
Architecture in this context is defined as a structure for the
specification of a network's physical components and their
functional organization and configuration, its operational
principles and procedures, as well as data formats used in its
operation (see fig.2).
978-1-5090-3243-3/17/$31.00 ©2017 IEEE
(I-SMAC 2017)
Fig.2 Basic Architecture of IoT
Perception Layer: The perception layer is similar to physical
layer in Open Systems Interconnection (OSI) model which
consists of the different types of sensor (i.e. RFID, Zigbee, QR
code, Infrared, etc.) devices [10] and environmental elements.
This layer generally copes with the overall device
management like identification and collection of specific
information by each type of sensor devices. The gathered
information can be location, wind speed, vibration, pH level,
humidity, amount of dust in the air, etc. This gathered
information transmits through the Network layer for its secure
communication toward central information processing system.
Network Layer: The Network layer plays an important role
in securely transferring and keeping the sensitive information
confidential from sensor devices to the central information
processing system through 3G, 4G, UMTS, Wi-Fi, WiMAX,
RFID, Infrared, Satellite, etc. depending upon the type of
sensors devices. Hence, this layer is mainly responsible for
transferring the information from Perception layer to upper
layer.
Middleware Layer: The devices in the IoT system may
generate various type of services when they are connected and
communicated with others. Middleware layer has two
essential functions i.e service management and store the lower
layer information into the database. Moreover, this layer has
capability to retrieve, process, compute information, and then
automatically decide based on the computational results.
Application Layer: Application layer is responsible for
inclusive applications management based on the processed
information in the Middleware layer. The IoT applications can
be smart postal, smart health, smart car, smart glasses, smart
home, smart independent living, smart transportation etc.
493
 International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
Fig.3 Layer of the Internet of Things (IoT)
The typical IoT architecture can be divided into five layers as
described below as shown in fig.3.
Business Layer: This layer’s functions cover the entirety of
IoT applications and services management. It can create
practical graphs, business models, flow chart, executive report,
etc. based on the amount of accurate data received from the
lower layer and effective data analysis process. Based on the
good analysis results, it will help the functional managers or
executives to make more accurate decisions about the business
strategies and roadmaps.
III. IOT ARCHITECTURE IN SMART WORLD
We have smart devices [4] for humans that can be attached to
the body to observe or maintain human health and fitness;
these wearable smart objects are sometimes used to manage
the human diseases as well. It is not limited just to human
bodies and homes- IoT devices are applicable in restaurants,
banks, hospitals, factories even vehicles. We can even make
smart cities now. Controlling their urban environment like
traffic controlling, smart meters and resource management, et
al. All of things together make up the process of designing
“THE SMART WORLD” where man power gets reduced and
we have devices similar to robots that have artificial
intelligence. All these situations can be controlled without
wasting time and too many resources.
In a smart world scenario one country is connected to another
with the help of IoT. The IoT architecture in smart world can
be explained using the five layers.
Perception layer: In a smart world scenario, the collection of
information like climatic conditions, economic conditions,
migrations etc. from different countries, which is collected
using various types of sensors like RFID, infrared etc., comes
under the perception layer.
Network layer: For example, climatic conditions of all
countries are collected in the perception layer, so, for
processing the data the information collected is sent to the
middleware layer using this network layer.
978-1-5090-3243-3/17/$31.00 ©2017 IEEE
(I-SMAC 2017)
Middleware layer: All climatic conditions are stored in a
database in this layer. The data is then retrieved and
processed.
Application layer: Suppose, from the information processed in
the middleware layer it is found that drought has hit an area.
Actions like sending relief fund, food, clothes, materials for
building shelter take place in this layer.
Business layer: Graphs, business models, flow charts etc. are
made with the received information from middleware layer.
This results in making better strategies, such as for the drought
affected area how can food, relief fund etc. reach the area
fastest and by what way should they send it are calculated
here.
IV. SECURITY CHALLENGES IN THE INTERNET OF
THINGS
The vastness of the Internet of Things (IoT) exposes it to not
only a number of vulnerabilities but also different types of
vulnerabilities/security problems. Since the internet is the
underlying foundation of IoT, the security issues of the
internet also appear in IoT. IoT has three main layers - the
perception layer, transportation layer and the application layer.
Each layer has its own security problems.
A) Security challenges in the main layers of IoT:
a) Perception Layer:
The main operation of the perception layer is perceiving and
gathering information. This is done by devices like
temperature sensors, pressure sensors, RFIDs, barcodes and so
on. The wireless nature of the signals makes this layer
susceptible to attackers who may intercept the sensor node in
the IoT devices. The nodes usually operate in an external
environment and this culminates in physical attacks on IoT
sensors and devices in which an attacker can tamper with the
hardware components of the device [5]. Gathering information
or the perception of things is done by a large number of
terminals. These terminals are used for real-time data
collection to be presented to the user. The main problems
existing in perception terminals include leakage of
confidential information, tampering, terminal virus, copying
and other issues.
Another security issue is the inherent nature of network
topology which is dynamic as the IoT nodes are often moved
around different places. The IoT perception layer mostly
consists of sensors and RFIDs [6], due to which their storage
capacity, power consumption, and computation capability are
very limited making them susceptible to many kinds of threats
and attacks [5]. By adding another node to the system, an
attacker can send Malicious Data and threaten the integrity of
the data. This can cause DoS attacks, by consuming the energy
of the nodes in the system and depriving them from the sleep
mode that the nodes use to save up energy [5].
494
 International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
These security issues can be dealt with using encryption;
authentication, confidentiality and access control.They are
given in detail in Security Measures Section below.
b) Transportation Layer:
It is also called the network layer. The function of this layer is
to relay the information collected by the perception layer to
any to any particular information processing system through
existing communication networks like the Internet, a mobile
network[15] or any other kind of reliable network. Since the
information used to be transmitted to the internet with the help
of computers, wireless/wired network and other components,
this layer is largely comprised of computers, wireless or wired
network. Due to this, it faces security issues such as network
content security, hacker intrusion and illegal authorization.
The openness characteristic of IoT makes it face many identity
authentication problems[7].
The transportation layer is an essential part in the whole IoT
system. One of the inherent characteristics of IoT is the huge
amount of data flowing through the layers. When the sensor
nodes from the perception layer perceive and are gathering
data, they inevitably produce a large amount of redundant
data. This will cause network congestion in the process of
transmission, which likely to generate denial of service
attacks. For this, we must add the filtration devices between
the transmission layer and the application layer to ensure the
network is unblocked [8].
The related security issues are discussed below:
1. Sybil Attack: Sybil is a kind of attack in which the attacker
manipulates the node to present multiple identities for a single
node due to which a considerable part of the system can be
compromised resulting in false information about the
redundancy.
2. Sinkhole Attack: It is a kind of attack in which the adversary
makes the compromised node look attractive to the nearby
nodes, due to which all the data that flow from any particular
node is diverted towards the compromised node. These results
in packets drop i.e. all the traffic is silenced while the system
is fooled to believe that the data has been received on the other
side. Moreover this attack results in more energy consumption
which can cause DoS attack.
3. Sleep Deprivation Attack: The sensor nodes in the Wireless
Sensor Network are powered with batteries with a not so good
lifetime so the nodes are bound to follow the sleep routines to
extend their lifetime. Sleep Deprivation is the kind of attack
which keeps the nodes awake, resulting in more battery
consumption and as a result, battery lifetime is minimized
which causes the nodes to shut down.
4. Denial of Service (DoS) Attack: The kind of attack in which
the network is flooded with a useless lot of traffic by an
attacker, resulting in a resource exhaustion of the targeted
system due to which the network becomes unavailable to the
users.
978-1-5090-3243-3/17/$31.00 ©2017 IEEE
(I-SMAC 2017)
5. Malicious code injection: This is a serious kind of attack in
which an attacker compromises a node to inject malicious
code into the system which could even result in a complete
shutdown of the network or in the worst case, the attacker can
get a full control of the network.
6. Man-in-the-Middle Attack. This is a form of Eavesdropping
in which the target of the attack is the communication channel
due to which the unauthorized party can monitor or control all
the private communications between the two parties
hideously. The unauthorized party can even fake the identity
of the victim and communicate normally to gain more
information.
c) Application Layer
The main function of the application layer is to analyse the
information acquired from the transportation layer and process
it intelligently. The application layer is the main purpose of
developing IoT and the smart environment is achieved at this
layer. This layer guarantees the authenticity, integrity, and
confidentiality of the data [5]. At this layer we can get some
important real-time information.
The related security issues of this layer are described
below:
1. Malicious Code Injection: An attacker can leverage the
attack on the system from end-user with some hacking
techniques that allows the attacker to inject any kind of
malicious code into the system to steal some kind of data from
the user [11].
2 Denial-of-Service (DoS) Attack : DoS attacks nowadays
have become sophisticated, it offers a smoke screen to carry
out attacks to breach the defensive system and hence data
privacy of the user, while deceiving the victim into believing
that the actual attack is happening somewhere else[11]. This
put the non-encrypted personal details of the user at the hands
of the hacker.
3. Spear-Phishing Attack: It is an email spoofing attack in
which victim, a high ranking person, is lured into opening the
email through which the adversary gains access to the
credentials of that victim and then by pretense retrieves more
sensitive information[11].
4. Sniffing Attack: An attacker can force an attack on the
system by introducing a sniffer application into the system,
which could gain network information resulting in corruption
of the system [11].
V. IOT SECURITY MEASURES
1. Encryption: Encryption is used to prevent the data from
being tampered with and to maintain confidentiality as well as
data integrity. Encryption can be achieved in two ways: either
node to node, i.e. hop to hop encryption or end to end
encryption. Node to node encryption processed in the network
layer. It provides cipher text conversion on each node to make
it more secure for network layer. On the other hand, end to
end encryption is executed on the application layer.
Encryption-decryption is performed at sender-receiver end
only. What the sender encrypts is decrypted at the receiving
495
 International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
end only. Data encryption is a vital means of securing data.
The role of encryption is to prevent information from being
deciphered when it is intercepted by attackers.
2. Confidentiality: It is very important that the data is secure
and accessible only to authorized users. The user may be
human, other IoT devices or external devices (i.e. devices that
are not part of the network). It is important to ensure that the
sensors in a particular node don’t allow the collected data to
be accessed by neighboring nodes. Sensitive information
should not be leaked to any unauthorized reader using an
RFID electronic tag.
3. Authentication: Received information by a reader should
be noticeable whether is sent from authenticated electronic tag
or not. Authentication is important at each IoT layer. At the
perception layer, the sensor nodes must authenticate
themselves initially to prevent DoS attacks. Similarly
authentication is required at each layer as a crucial security
measure. Authentication methods of Wi-Fi to access the
Internet can guarantee the security of user access to the data
[5].OpenID is a standardised framework for authentication
purposes. It provides a way for a site to redirect a user
somewhere else and come back with a verifiable assertion.
4. Authorisation: Authorisation controls a device's access
throughout the network. Using authentication and
authorisation the relationship between IoT devices is
established to exchange appropriate information.OAuth is a
standardized framework for authorisation purposes. The most
important feature of OAuth is the access token which provides
a long lasting method of making additional requests. Unlike
OpenID, OAuth does not end with authentication but provides
an access token to gain access to additional resources provided
by the same third-party service.
One challenge faced by OAuth and Connect is that they have
only been bound to HTTP thus far. Security experts believe
that HTTP is insufficient for many of the interactions in the
IoT, particularly those between IoT devices. A new class of
protocols has emerged that promise to be better suited than
HTTP to such interactions, including MQ Telemetry Transport
and Constrained Application Protocol.
5. Certification and Access Control: Certification is a
method of confirming the true identity of both entities that are
communicating with each other. By using Public Key
Infrastructure (PKI), strong authentication is achieved by two
way public key certification for preventing authenticity and
confidentiality of the IoT system [3].Access control provides
security by effectively blocking access for machines, objects
or people which are illegal to access the resources [3]. For
effective access control correct entity identification must be
ensured using certification technology.
978-1-5090-3243-3/17/$31.00 ©2017 IEEE
(I-SMAC 2017)
VI. CONCLUSION AND FUTURE DIRECTIONS
The Internet of things is the future for the coming decades
which helps in developing the Smart World where everything
is connected to one network. As security is always a big
problem across every system but in IoT it is the most
important area in which we need to work to secure data or
information which is on one connected network. One of the
fundamental elements in securing an IoT infrastructure is
around device identity and mechanisms to authenticate. So to
overcome on these securities of IoT devices strong encryption
and authentication schemes are based on cryptographic need
to design and new security protocols are required. In this
paper, we explained the security issues in each layer and its
measures which help us to understand and to improve security
in IoT architecture. Smarter security systems that include
managed threat detection, anomaly detection, and predictive
analysis need to evolve. All the above discussed issues will be
research opportunities in IoT security.
VII. REFERENCES
[1] Ala Al-Fuqaha , Mohsen Guizani , Mehdi Mohammadi “Internet of things:
a survey and enabling technologies, protocols and application” IEEE
Communication Surveys & Tutorials, Vol. 17, No. 4, Fourth Quarter 2015.
[2] Mohammad AbdurRazzaque, MarijaMilojevic-Jevric, Andrei Palade, and
Siobhán Clarke , “Middleware for Internet of things: a survey”, IEEE Internet
Of Things Journal, Vol. 3, No. 1, February 2016
[3] P. F. HaraldSundmaeker, P. Guillemin, and S. Woelfflé, “Vision and
Challenges for Realising the Internet of Things” Pub. Office, EU, 2010.
[4] H. Schaffers, N. Komninos, M. Pallot, B. Trousse, M. Nilsson, and A.
Oliveira, “Smart cities and the future internet: Towards cooperation
frameworks for open innovation,” The Future Internet, Lect. Notes Comput.
Sci., vol. 6656, pp. 431–446, 2011
[5] Rwan Mahmoud, Tasneem Yousuf, Fadi Aloul and Imran Zualkernan
“Internet of Things (IoT) Security: Current Status, Challenges and
Prospective Measures”, in 10th International Conference for Internet
Technology and Secured Transactions, 2015.
[6] Xu Xiaohui, “Study on Security Problems and Key Technologies of The
Internet of Things”, International Conference on Computational and
Information Sciences, 2013.
[7] Mayuri A. Bhabad and Sudhir T. Bagade , “Internet of Things:
Architecture, Security Issues and Counter measures”, International Journal of
Computer Applications,2015.
[8] Xue Yang, Zhihua Li, Zhenmin Geng and Haitao Zhang ,“Internet of
Things” International Workshop, IOT 2012, Changsha, China, August , 2012.
[9] Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu and Dechao Qiu,
“Security of the Internet of Things: perspectives and challenges”, Wireless
Netw ,2014.
[10] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A
survey,”Comput. Netw., vol. 54, no. 15, pp. 2787–2805, Oct. 2010.
[11] M.U. Farooq,Muhammad Waseem ,Anjum Khairi,Sadia Mazhar"A
Critical Analysis on the Security Concerns ofInternet of Things
(IoT)",International Journal of Computer Applications (0975 8887,Volume
111 - No. 7, February 2015.
496