SURVEY ON IOT SECURITY Azam Supervisor : Prof. Raj Jain Outline ■ Introduction ■ Why Cyber Security Matters in IoT ■ Security Goals of IoT Protocols ■ Threats in IoT ■ IoT Protocols (WirelessHART, 6LoWPAN, IPSec, IEEE 802.15.4) ■ Summary Introduction What is IoT? The Internet of Things (IoT) is the network of physical objects or "things" embedded with electronics, software, sensors, and network connectivity, which enables these objects to collect and exchange data. For example, sensors on the roadway electronically alert cars to potential hazards, and the smart grid sends dynamic electricity pricing data to home appliances in order to optimize power consumption. Why Cyber Security matters in IoT? Current Internet security protocols rely on a well-known and widely trusted suite of cryptographic algorithms: • The Advanced Encryption Standard (AES) block cipher for confidentiality • The Rivest-Shamir-Adelman (RSA) asymmetric algorithm for digital signatures and key transport • The Diffie-Hellman (DH) asymmetric key agreement algorithm; and the SHA-1 and SHA-256 secure hash algorithms. But.. ■ Securing an IoT system is a challenge because of many vulnerabilities. ■ The applicability of these cryptographic techniques to the IoT is unclear, and requires further analysis to ensure that algorithms can be successfully implemented given the constrained memory and processor speed expected in the IoT. ■ Until to date, security and interconnectivity issues amongst the IoT devices remain as open discussions. Security Goals of IoT Protocols Types of Threats ■ Skimming: Read w/o knowledge of owner ■ Eavesdropping or sniffing: Man-in-the-middle ■ Data Tampering: Erasing or changing data ■ Spoofing: Mimic another source ■ Cloning: Making a copy of data ■ Malicious Code: Insertion of executable virus code ■ Denial of Service: Overwhelm the receiver’s capacity ■ Killing: Disable ■ Jamming: Interfere with a strong signal ■ Shielding: Mechanically prevent reading IoT Protocols ■ WirelessHART ■ 6LoWPan ■ IPSec ■ IEEE 802.15.4 WirelessHART ■ Currently the only WSN standard. ■ It designed primarily for industrial process automation and control. ■ payload is encrypted and all messages are authenticated. ■ All devices are provisioned with a secret Join key as well as a Network id in order to join the network. ■ Master key, Session key, and Link key. ■ The network key is shared between all devices 6LoWPAN ■ 6LowPAN works on the IPv6 protocol suite based on IEEE 802.15.4 standard. Hence it has the characteristics of low-cost, low-rate and low-power deployment. ■ AES (Advanced Encryption System) ■ IPsec (Internet Protocol Security) ■ Research done by several researchers has shown that exchanging key is another problem that should be considered. 6LoWPAN ■ Cryptography cannot detect attackers with legal keys that behave maliciously. ■ There is a need for implementing IDS to monitor any malicious behavior of the network to prevent security attacks to decrease its effects. Rank Attack IPSec ■ In IoT, security at the network layer is provided by the IP Security (IPsec) protocol suite. ■ It can be used with any transport layer protocol including TCP, UDP, HTTP, and CoAP. ■ However, being mandatory in IPv6, IPsec is one of the most suitable options for E2E security in the IoT. IEEE 802.15.4 ■ The original IEEE 802.15.4 standard was released in 2003. ■ The original version supported two physical layers, one of them working in the 868 and 915 MHz frequency bands and the other working in the 2.4GHz band. ■ Later on, there was another revision released in 2006, which improved the transfer speeds. Additional bands were added in the subsequent revisions. IEEE 802.15.4 ■ MAC Frame Summary In summary, the security challenges for the IoT still are daunting. The link layer, the network layer, as well as the transport layer have distinct security requirements and communication patterns. In particular, security protocols should further take into account the resource-constrained nature of things and heterogeneous communication models. Hopefully, this survey can motivate more future works to cope with security concerns in the deployment of IoT. Thank you for your kind attention !