You are on page 1of 5

International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)

(I-SMAC 2017)

Internet of Things (IoT)

A Vision, Architectural Elements, and Security Issues

Shivangi Vashi Jyotsnamayee Ram Janit Modi

Department of IT Department of IT Department of IT
Mumbai, India Mumbai, India Mumbai, India

Saurav Verma Dr. Chetana Prakash

Department of Information Technology Department of Computer Engineering
Mumbai, India Karnataka, India

Abstract - The Internet of Things is an emerging technology devices as well as with related services, is expected to happen
across the world, which helps to connect sensors, vehicles, anytime, anywhere, it is frequently done in a wireless,
hospitals, industries and consumers through internet autonomic and ad-hoc manner. In addition the services
connectivity. This type of architecture leads to Smart Cities, become much more fluid, decentralised and complex.
Smart home, Smart agriculture and Smart World. Architecture
Consequently, the security barriers in the Internet of Things
of IoT is very complex because of the large number of devices,
link layer technology and services that are involved in this become much thinner. The IoT architecture, like the Internet,
system. However, security in IoT is the most important will grow in an evolutionary fashion from a variety of separate
parameter. In this paper, we give an overview of the architecture contributions, rather than from a grand plan. Security is a
of IoT with the help of Smart World. In the second phase of this major concern while dealing with the Internet of Things. A
paper, we discuss the security challenges in IoT followed by the majority of IoT enabled devices are not very secure and can be
security measures in IoT. Finally, these challenges, which are accessed by a third party easily. Thus there is a severe need to
discussed in the paper, could be research direction for future standardise it to ensure that the privacy of the user is not
work in security for IoT. invaded [1]. Research into the IoT field is still in its early
stage, and a standard definition of IoT is not yet available. IoT
Keywords- Internet of Things (IoT), information security,
can be viewed from three perspectives.
identification, authenticity, RFID

1) Internet oriented
I. INTRODUCTION 2) Things oriented
3) Semantic oriented.
Internet of things as the name suggests, is the connectivity of
everyday devices with each other. With the advancement in The first definition of Internet of Things was from a “Things
technology, numerous devices are using sensors, actuators,
oriented” perspective, where RFID tags were considered as
embedded computing and cloud computing. This has enabled
things. It was defined as “The worldwide network of
communication between devices. To put it simply, the Internet
interconnected objects uniquely addressable based on standard
of Things enables devices (things) to interact and co-ordinate
communication protocols”. These definitions do not highlight
with each other thereby reducing human intervention in basic the industrial view of IoT. Companies across the world are
everyday tasks. To get a better understanding of IoT consider
investing billions in the IoT to solve industrial problems
the scenario of a smart home. As soon as the alarm rings it
(IIoT). The IIoT refers to industrial objects instrumented with
sends a signal to the coffee maker and the toaster, which
sensors, automatically communicating over a network, without
automatically start doing their jobs without any human
any human-to-human or human-to-computer interaction, to
intervention. Thus, saving time and making our everyday tasks
exchange information and take intelligent decisions with the
easy, this type of device communication is the Internet of support of advanced analytics.
Things. The IoT enables physical objects to see, hear, think
The definition of things (as shown in fig.1) in IoT is very wide
and perform jobs by having them “speak” together, to share
and includes a variety of physical elements. This network of a
information and to co-ordinate decisions. A network of
variety of objects can bring ample amount of challenges in
heterogeneous devices/applications has its own set of
developing applications and make existing challenges more
challenges. Moreover, as the communication among these
difficult to tackle.

978-1-5090-3243-3/17/$31.00 ©2017 IEEE 492

International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
(I-SMAC 2017)

Fig.1. Definition of IoT [3]

A middleware can offer common services for applications and Fig.2 Basic Architecture of IoT
ease application development by integrating heterogeneous
computing and communications devices, and supporting inter- Perception Layer: The perception layer is similar to physical
operability within the diverse applications and services layer in Open Systems Interconnection (OSI) model which
running on these devices. A number of operating systems have consists of the different types of sensor (i.e. RFID, Zigbee, QR
been developed to support the development of IoT middleware code, Infrared, etc.) devices [10] and environmental elements.
solutions. They reside in physical devices, and provide the This layer generally copes with the overall device
necessary functionalities to enable service deployment. The management like identification and collection of specific
internet of things is not a single technology, it’s a concept in information by each type of sensor devices. The gathered
which most new things are connected and enabled such as information can be location, wind speed, vibration, pH level,
street lights being networked and things like embedded humidity, amount of dust in the air, etc. This gathered
sensors, image recognition functionality, augmented reality, information transmits through the Network layer for its secure
near field communication are integrated into situational communication toward central information processing system.
decision support, asset management and new services. These
bring many business opportunities and add to the complexity Network Layer: The Network layer plays an important role
of IoT [2]. in securely transferring and keeping the sensitive information
confidential from sensor devices to the central information
processing system through 3G, 4G, UMTS, Wi-Fi, WiMAX,
RFID, Infrared, Satellite, etc. depending upon the type of
The Internet of Things involves a growing number of smart sensors devices. Hence, this layer is mainly responsible for
interconnected devices and sensors that are often non- transferring the information from Perception layer to upper
intrusive, transparent and invisible. The communication layer.
among these devices as well as with related services is
expected to happen anytime, anywhere and it is frequently Middleware Layer: The devices in the IoT system may
done in a wireless and autonomic manner. In addition the generate various type of services when they are connected and
services become much more decentralized and complex. Thus, communicated with others. Middleware layer has two
to manage the complexity, IOT architecture is required. essential functions i.e service management and store the lower
Architecture in this context is defined as a structure for the layer information into the database. Moreover, this layer has
specification of a network's physical components and their capability to retrieve, process, compute information, and then
functional organization and configuration, its operational automatically decide based on the computational results.
principles and procedures, as well as data formats used in its
operation (see fig.2). Application Layer: Application layer is responsible for
inclusive applications management based on the processed
information in the Middleware layer. The IoT applications can
be smart postal, smart health, smart car, smart glasses, smart
home, smart independent living, smart transportation etc.

978-1-5090-3243-3/17/$31.00 ©2017 IEEE 493

International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
(I-SMAC 2017)

Middleware layer: All climatic conditions are stored in a

database in this layer. The data is then retrieved and

Application layer: Suppose, from the information processed in

the middleware layer it is found that drought has hit an area.
Actions like sending relief fund, food, clothes, materials for
building shelter take place in this layer.

Business layer: Graphs, business models, flow charts etc. are

made with the received information from middleware layer.
This results in making better strategies, such as for the drought
affected area how can food, relief fund etc. reach the area
fastest and by what way should they send it are calculated
Fig.3 Layer of the Internet of Things (IoT) here.

The typical IoT architecture can be divided into five layers as IV. SECURITY CHALLENGES IN THE INTERNET OF
described below as shown in fig.3. THINGS

Business Layer: This layer’s functions cover the entirety of The vastness of the Internet of Things (IoT) exposes it to not
IoT applications and services management. It can create only a number of vulnerabilities but also different types of
practical graphs, business models, flow chart, executive report, vulnerabilities/security problems. Since the internet is the
etc. based on the amount of accurate data received from the underlying foundation of IoT, the security issues of the
lower layer and effective data analysis process. Based on the internet also appear in IoT. IoT has three main layers - the
good analysis results, it will help the functional managers or perception layer, transportation layer and the application layer.
executives to make more accurate decisions about the business Each layer has its own security problems.
strategies and roadmaps.
A) Security challenges in the main layers of IoT:
a) Perception Layer:
We have smart devices [4] for humans that can be attached to
the body to observe or maintain human health and fitness; The main operation of the perception layer is perceiving and
these wearable smart objects are sometimes used to manage gathering information. This is done by devices like
the human diseases as well. It is not limited just to human temperature sensors, pressure sensors, RFIDs, barcodes and so
bodies and homes- IoT devices are applicable in restaurants, on. The wireless nature of the signals makes this layer
banks, hospitals, factories even vehicles. We can even make susceptible to attackers who may intercept the sensor node in
smart cities now. Controlling their urban environment like the IoT devices. The nodes usually operate in an external
traffic controlling, smart meters and resource management, et environment and this culminates in physical attacks on IoT
al. All of things together make up the process of designing sensors and devices in which an attacker can tamper with the
“THE SMART WORLD” where man power gets reduced and hardware components of the device [5]. Gathering information
we have devices similar to robots that have artificial or the perception of things is done by a large number of
intelligence. All these situations can be controlled without terminals. These terminals are used for real-time data
wasting time and too many resources. collection to be presented to the user. The main problems
existing in perception terminals include leakage of
In a smart world scenario one country is connected to another confidential information, tampering, terminal virus, copying
with the help of IoT. The IoT architecture in smart world can and other issues.
be explained using the five layers.
Another security issue is the inherent nature of network
Perception layer: In a smart world scenario, the collection of topology which is dynamic as the IoT nodes are often moved
information like climatic conditions, economic conditions, around different places. The IoT perception layer mostly
migrations etc. from different countries, which is collected consists of sensors and RFIDs [6], due to which their storage
using various types of sensors like RFID, infrared etc., comes capacity, power consumption, and computation capability are
under the perception layer. very limited making them susceptible to many kinds of threats
and attacks [5]. By adding another node to the system, an
Network layer: For example, climatic conditions of all attacker can send Malicious Data and threaten the integrity of
countries are collected in the perception layer, so, for the data. This can cause DoS attacks, by consuming the energy
processing the data the information collected is sent to the of the nodes in the system and depriving them from the sleep
middleware layer using this network layer. mode that the nodes use to save up energy [5].

978-1-5090-3243-3/17/$31.00 ©2017 IEEE 494

International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
(I-SMAC 2017)

These security issues can be dealt with using encryption; 5. Malicious code injection: This is a serious kind of attack in
authentication, confidentiality and access control.They are which an attacker compromises a node to inject malicious
given in detail in Security Measures Section below. code into the system which could even result in a complete
shutdown of the network or in the worst case, the attacker can
b) Transportation Layer: get a full control of the network.
6. Man-in-the-Middle Attack. This is a form of Eavesdropping
It is also called the network layer. The function of this layer is in which the target of the attack is the communication channel
to relay the information collected by the perception layer to due to which the unauthorized party can monitor or control all
any to any particular information processing system through the private communications between the two parties
existing communication networks like the Internet, a mobile hideously. The unauthorized party can even fake the identity
network[15] or any other kind of reliable network. Since the of the victim and communicate normally to gain more
information used to be transmitted to the internet with the help information.
of computers, wireless/wired network and other components, c) Application Layer
this layer is largely comprised of computers, wireless or wired The main function of the application layer is to analyse the
network. Due to this, it faces security issues such as network information acquired from the transportation layer and process
content security, hacker intrusion and illegal authorization. it intelligently. The application layer is the main purpose of
The openness characteristic of IoT makes it face many identity developing IoT and the smart environment is achieved at this
authentication problems[7]. layer. This layer guarantees the authenticity, integrity, and
confidentiality of the data [5]. At this layer we can get some
The transportation layer is an essential part in the whole IoT important real-time information.
system. One of the inherent characteristics of IoT is the huge
amount of data flowing through the layers. When the sensor The related security issues of this layer are described
nodes from the perception layer perceive and are gathering below:
data, they inevitably produce a large amount of redundant 1. Malicious Code Injection: An attacker can leverage the
data. This will cause network congestion in the process of attack on the system from end-user with some hacking
transmission, which likely to generate denial of service techniques that allows the attacker to inject any kind of
attacks. For this, we must add the filtration devices between malicious code into the system to steal some kind of data from
the transmission layer and the application layer to ensure the the user [11].
network is unblocked [8]. 2 Denial-of-Service (DoS) Attack : DoS attacks nowadays
have become sophisticated, it offers a smoke screen to carry
The related security issues are discussed below: out attacks to breach the defensive system and hence data
privacy of the user, while deceiving the victim into believing
1. Sybil Attack: Sybil is a kind of attack in which the attacker that the actual attack is happening somewhere else[11]. This
manipulates the node to present multiple identities for a single put the non-encrypted personal details of the user at the hands
node due to which a considerable part of the system can be of the hacker.
compromised resulting in false information about the 3. Spear-Phishing Attack: It is an email spoofing attack in
redundancy. which victim, a high ranking person, is lured into opening the
2. Sinkhole Attack: It is a kind of attack in which the adversary email through which the adversary gains access to the
makes the compromised node look attractive to the nearby credentials of that victim and then by pretense retrieves more
nodes, due to which all the data that flow from any particular sensitive information[11].
node is diverted towards the compromised node. These results 4. Sniffing Attack: An attacker can force an attack on the
in packets drop i.e. all the traffic is silenced while the system system by introducing a sniffer application into the system,
is fooled to believe that the data has been received on the other which could gain network information resulting in corruption
side. Moreover this attack results in more energy consumption of the system [11].
which can cause DoS attack.
3. Sleep Deprivation Attack: The sensor nodes in the Wireless V. IOT SECURITY MEASURES
Sensor Network are powered with batteries with a not so good
lifetime so the nodes are bound to follow the sleep routines to 1. Encryption: Encryption is used to prevent the data from
extend their lifetime. Sleep Deprivation is the kind of attack being tampered with and to maintain confidentiality as well as
which keeps the nodes awake, resulting in more battery data integrity. Encryption can be achieved in two ways: either
consumption and as a result, battery lifetime is minimized node to node, i.e. hop to hop encryption or end to end
which causes the nodes to shut down. encryption. Node to node encryption processed in the network
4. Denial of Service (DoS) Attack: The kind of attack in which layer. It provides cipher text conversion on each node to make
the network is flooded with a useless lot of traffic by an it more secure for network layer. On the other hand, end to
attacker, resulting in a resource exhaustion of the targeted end encryption is executed on the application layer.
system due to which the network becomes unavailable to the Encryption-decryption is performed at sender-receiver end
users. only. What the sender encrypts is decrypted at the receiving

978-1-5090-3243-3/17/$31.00 ©2017 IEEE 495

International conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud)
(I-SMAC 2017)

end only. Data encryption is a vital means of securing data. VI. CONCLUSION AND FUTURE DIRECTIONS
The role of encryption is to prevent information from being
deciphered when it is intercepted by attackers. The Internet of things is the future for the coming decades
which helps in developing the Smart World where everything
2. Confidentiality: It is very important that the data is secure is connected to one network. As security is always a big
and accessible only to authorized users. The user may be problem across every system but in IoT it is the most
human, other IoT devices or external devices (i.e. devices that important area in which we need to work to secure data or
are not part of the network). It is important to ensure that the information which is on one connected network. One of the
sensors in a particular node don’t allow the collected data to fundamental elements in securing an IoT infrastructure is
be accessed by neighboring nodes. Sensitive information around device identity and mechanisms to authenticate. So to
should not be leaked to any unauthorized reader using an overcome on these securities of IoT devices strong encryption
RFID electronic tag. and authentication schemes are based on cryptographic need
to design and new security protocols are required. In this
3. Authentication: Received information by a reader should paper, we explained the security issues in each layer and its
be noticeable whether is sent from authenticated electronic tag measures which help us to understand and to improve security
or not. Authentication is important at each IoT layer. At the in IoT architecture. Smarter security systems that include
perception layer, the sensor nodes must authenticate managed threat detection, anomaly detection, and predictive
themselves initially to prevent DoS attacks. Similarly analysis need to evolve. All the above discussed issues will be
authentication is required at each layer as a crucial security research opportunities in IoT security.
measure. Authentication methods of Wi-Fi to access the
Internet can guarantee the security of user access to the data
[5].OpenID is a standardised framework for authentication VII. REFERENCES
purposes. It provides a way for a site to redirect a user
somewhere else and come back with a verifiable assertion. [1] Ala Al-Fuqaha , Mohsen Guizani , Mehdi Mohammadi “Internet of things:
a survey and enabling technologies, protocols and application” IEEE
4. Authorisation: Authorisation controls a device's access Communication Surveys & Tutorials, Vol. 17, No. 4, Fourth Quarter 2015.
throughout the network. Using authentication and [2] Mohammad AbdurRazzaque, MarijaMilojevic-Jevric, Andrei Palade, and
authorisation the relationship between IoT devices is Siobhán Clarke , “Middleware for Internet of things: a survey”, IEEE Internet
established to exchange appropriate information.OAuth is a Of Things Journal, Vol. 3, No. 1, February 2016
standardized framework for authorisation purposes. The most
[3] P. F. HaraldSundmaeker, P. Guillemin, and S. Woelfflé, “Vision and
important feature of OAuth is the access token which provides Challenges for Realising the Internet of Things” Pub. Office, EU, 2010.
a long lasting method of making additional requests. Unlike
OpenID, OAuth does not end with authentication but provides [4] H. Schaffers, N. Komninos, M. Pallot, B. Trousse, M. Nilsson, and A.
an access token to gain access to additional resources provided Oliveira, “Smart cities and the future internet: Towards cooperation
frameworks for open innovation,” The Future Internet, Lect. Notes Comput.
by the same third-party service. Sci., vol. 6656, pp. 431–446, 2011
One challenge faced by OAuth and Connect is that they have [5] Rwan Mahmoud, Tasneem Yousuf, Fadi Aloul and Imran Zualkernan
only been bound to HTTP thus far. Security experts believe “Internet of Things (IoT) Security: Current Status, Challenges and
that HTTP is insufficient for many of the interactions in the Prospective Measures”, in 10th International Conference for Internet
Technology and Secured Transactions, 2015.
IoT, particularly those between IoT devices. A new class of
protocols has emerged that promise to be better suited than [6] Xu Xiaohui, “Study on Security Problems and Key Technologies of The
HTTP to such interactions, including MQ Telemetry Transport Internet of Things”, International Conference on Computational and
and Constrained Application Protocol. Information Sciences, 2013.

5. Certification and Access Control: Certification is a [7] Mayuri A. Bhabad and Sudhir T. Bagade , “Internet of Things:
Architecture, Security Issues and Counter measures”, International Journal of
method of confirming the true identity of both entities that are Computer Applications,2015.
communicating with each other. By using Public Key
Infrastructure (PKI), strong authentication is achieved by two [8] Xue Yang, Zhihua Li, Zhenmin Geng and Haitao Zhang ,“Internet of
way public key certification for preventing authenticity and Things” International Workshop, IOT 2012, Changsha, China, August , 2012.
confidentiality of the IoT system [3].Access control provides [9] Qi Jing, Athanasios V. Vasilakos, Jiafu Wan, Jingwei Lu and Dechao Qiu,
security by effectively blocking access for machines, objects “Security of the Internet of Things: perspectives and challenges”, Wireless
or people which are illegal to access the resources [3]. For Netw ,2014.
effective access control correct entity identification must be [10] L. Atzori, A. Iera, and G. Morabito, “The Internet of Things: A
ensured using certification technology. survey,”Comput. Netw., vol. 54, no. 15, pp. 2787–2805, Oct. 2010.

[11] M.U. Farooq,Muhammad Waseem ,Anjum Khairi,Sadia Mazhar"A

Critical Analysis on the Security Concerns ofInternet of Things
(IoT)",International Journal of Computer Applications (0975 8887,Volume
111 - No. 7, February 2015.

978-1-5090-3243-3/17/$31.00 ©2017 IEEE 496