Security Analysis of IOT using Mobile
Computing
Stage 1 Report
Submitted in partial fulfillment of the requirements
For the degree of
M.Tech.
(Information Technology)
by
Nikita Mahendra Valte
Supervisor
Dr. Gautam M. Borkar
Department of Information Technology
Ramrao Adik Institute of Technology,
Sector 7, Nerul , Navi Mumbai
(Under the ambit of D. Y. Patil Deemed to be University)
September 2021
i
Ramrao Adik Institute of Technology
(Under the ambit of D. Y. Patil Deemed to be University)
Dr. D. Y. Patil Vidyanagar,Sector 7, Nerul, Navi Mumbai 400 706.
Certificate
This is to certify that, the Stage 1 report titled
“Security Analysis of IOT using Mobile Computing ”
is a bonafide work done by
Nikita Mahendra Valte
(20IF1002)
and is submitted in the partial fulfillment of the requirement for the
degree of
Masters in Technology
(Information Technology)
to the
D. Y. Patil Deemed to be University.
Examiner
Supervisor
M.Tech. Coordinator
Head of Department
i
Co-Supervisor
Principal
Acknowledgement
I declare that this written submission represents my ideas in my own words and where
others ideas or words have been included, I have adequately cited and referenced the
original sources. I declare that I have adhered to all principles of academic honesty and
integrity and have not misrepresented or fabricated or falsified any idea / data / fact
/ source in my submission. I understand that any violation of the above will be cause
for disciplinary action by the Institute and can also evoke penal action from the sources
which have thus not been properly cited or from whom proper permission has not been
taken when needed.
Date: 19 March 2022
ii
Abstract
One of the most cutting-edge technologies is the Internet of Things (IOT).Various features provided by the IOT by connecting smart objects through the internet. IOT is
refers as the connecting various devices to each other by means of internet hence there
is no human interaction. The IOT components like sensor, cloud, Bluetooth, wifi, etc.
are connected through network, it may be wired or wireless to make smart system or
smart devices. This devices are transferring the plenty amount of personal data over the
network. Due to that humans day to day life becomes an easier therefore it is necessary
to make sure that the technology should be secured as much as possible. In the IOT
environment, the data can be malfunction by various attacks and threats. Therefore the
strong security mechanism is required to deal with different types of attacks and security
challenges. Every electronic gadget will become a smart device in the future, and it will
be able to register with handheld equipment. Because the majority of IoT devices are
battery-powered and consume little power, IoT security is a serious concern. The most
critical security and protection challenges in IoT are identification and authentication.
Keywords:
IOT, Privacy, Security, Threats, Sensors, Raspberry Pi.
iii
Contents
Abstract
iii
List of Figures
v
1 Introduction
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 Objective . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
2
2
2 Literature Survey
3
3 Problem Statement
3.1 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3.2 Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5
6
4 Proposed System
7
5 Till Now Approaches Towards Problem Statement
9
6 Distinguish Approach
14
6.1 Present Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6.2 Our New Approach . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Bibliography
16
iv
List of Figures
4.1
Flowchart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.1
5.2
5.3
5.4
5.5
5.6
5.7
rpi.PNG . . . . . . . . . . . .
IP Scanner.jpg . . . . . . . .
IP Address of IOT Device.jpg
VNC Viewer.jpg . . . . . . . .
Raspberry Pi VNC Viewer.jpg
Web Server.jpg . . . . . . . .
aircrack-ng . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
v
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
8
10
10
11
11
12
12
13
Chapter 1
Introduction
The privacy and security of the internet of things has become a very serious concern due
to the different nature of large scale devices and its vulnerabilities.The applications of IoT
are transportation,environmental monitoring, home automation,medical and healthcare
systems, teaching, etc [1]. The IoT devices are increasing rapidly and according to that
the number of devices in 2020 are 8.74 billion and it will rise nearly 11.57 billions by the
end of 2022 [2]. In 2020, the highest number of IoT devies is found in China with 3.17
billion devices. On the other side, the IoT applications are included the various domains
from smart Gird to smart City. But there are various cyber-attacks and security threats
which is big issue for the IoT devices. Lets see history and evolution in IOT Technology.
According to HP analysis, many IoT devices experiences an average of 25 percent
Vulnerabilities in device. From this analysis we come know that it is necessary to provide the serious security solutions. IoT devices faces the problems like computational
processing, limited memory and low power. IoT system is consist of three components
first is sensing unit which has number of sensors, mobile terminals and actuators. This
unit detect the physical environments. Because of its simple structure, IoT is more exposed to security issues with IoT devices. Many more security risks and challenges face
IoT devices. Different authors took different approaches to these security difficulties and
challengesUsing the notions of mobile computing, we give a security analysis of IoT-based
devices. The mobile computing provide both hardware as well as software security. The
many devices can connected with the IoT devices which provide security to them like they
can be authenticated by using smart phone by QR-code authentication and smartphone
also used as controller in home automation system [2]. These paper highlight the threats,
vulnerabilities,attacks and then approaches based on mobile computing.
1.1
Motivation
The Internet of Thing is the phenomenon that will be experiencing the rapid growth in
coming years. Because of the rapid development of IoT devices, security concerns are becoming important challenges that have piqued people’s interest. The Internet of Things
has a wide range of applications in a variety of fields and application domains. There
is a significant impact of use of IoT technologies such as e-learning, internet banking,
blogs, mobile devices, IoT applications, urban technologies, teaching technologies. The
motivation comes from IoT security using mobile computing. This is becoming a future
study trend in which the security of the IoT system is assessed using mobile computing.
1.2
Objective
• To ensure the safety of IoT network topology.
• The study of IoT security challenges in real world.
• To enhance the inter connection between different devices by increasing the speed
of communication process.
• To provide secure access to the UI layer to prevent unauthorized access.
2
Chapter 2
Literature Survey
In the digital world IOT plays an very important role of the information. The IOT networks are used in various cities of smart city network. Therefore the security of the IOT
network is very big issue.E. Shaikh et al [1] perform Internet of Things (IOT): Security
and Privacy Threats which discuss two technologies which are used WSN and RFID which
creates direct communication by using Internet. B. Liao et al [2] perform security analysis
of IOT devices by using Mobile Computing which provides both hardware as well as software based solutions to provide IOT security. Towards secure authenticating of cache in
the reader for RFID-based IOT systems introduced by C.-T. Li et al [3] and a lightweight
RFID mutual authentication protocol which has cache in the reader is introduced with
named LRMAPC which achieve stronger security and privacy requirements. A smartphone based privacy-preserving security framework for IOT devices is performed by M.
Togan et al [4] which discuss about IOT authentication service by using a smart-phone
as security controller, QR codes and attribute based cryptography. Agyeman et al [5]
perform study of the advances in IOT security and focused on IOT architecture and its
different layer.
Internet of Things (IOT):Application systems and security vulnerabilities performed by
J. Ahamed et al [6] focuses on the identification of certain types of IOT applications suitable for UAE also it analyse the which are security threats associated to them and their
impacts on the applications. W. Zhu et al [7] provide a security and privacy model for
mobile rfid systems in the internet of things which discuss the privacy and security model
named AKE protocol used for mobile RFID systems. EdgeIOT: Mobile edge computing
for the Internet of Things perform by X. Sun [8] discuses the approach of mobile edge
computing. It is used in the IOT architecture and edgeIoT is used to handle the data
streams at the mobile edge. Survey on security threats of smartphones in Internet of
Things by M. H. Khan [9] discuss the interconnection of devices that used in many ways
such as improving services depend on location and co-ordinates timely. Security, Privacy
and Trust for Smart Mobile-Internet of Things (M-IoT) discussed by Vishal Sharma et al
[10] focuses upon the solutions for IoT devices which are applicable to privacy, security
and trust in connected M-IoT networks.
Adaptive Security Framework in Internet of Things (IoT) for Providing Mobile Cloud
Computing performed by F. AlShahwan [11] discusses the IOT components, security protocols between the mobile hosts and clients. M. G. Samaila et al [12] provide Challenges
of securing Internet of Things devices: A survey which discusses the security protocols
and schemes proposed for the IoT. Security analysis of mobile crowd sensing applications
discuss by N. P. Owoh et al [13] focuses on Mobile Crowd Sensing and the mobility features of mobile phones.Security risk management in IoT environment is performed by V.
Malik et al [14] which deals with the identification and mitigation of the security vulnerabilities by an intelligent. A. W. Atamli et al [15] provide Threat-based security analysis
for the internet of things which focuses on threat model which is based on use-cases of
IoT and it is used to secure system. Authentication and Authorization for Mobile IoT
Devices Using Biofeatures provide by M. A. Ferrag et al [16] focuses on threat models
and countermeasures. It is used by biometrics-based authentication schemes and used for
mobile IoT devices, data mining methods, artificial intelligence and machine learning for
secure authentication and authorization in IOT.
The survey shows that, IOT devices are not able to deal with a security challenges. These
devices required very good security mechanism which deals with the different threats and
security challenges.These techniques need to be more accurate so that it will decrease the
impacts of malware. The structure of the IOT devices are very simple as they consist
of transceivers, actuators, sensors and small processing chip so they can easily undergo
the attacks. So smart phones is a way can be used as a security for controlling the IOT
devices.
4
Chapter 3
Problem Statement
A device which can connect to any network i.e. private or public.Once this device over the
network, any device from the network can communicate with this device or vice-versa.It
means our IOT device is available for all the device. Problem of exposion, posibilies of
IOT attack, focused attack, attack explanation.
We are planning to provide a possible data security by considering discussed examples. It
may be possible, data may get leaked somewhere, so I am trying to keep data, information
safe and its analysis.
3.1
Applications
• Consumer Applications : It includes smart watches, smart TVs, smart phones and
smart homes, which controls from door locks to air conditioning and many other
devices.
• Business Applications : Nowadays IOT devices are used in many Businesses which
include smart security cameras, trackers for vehicles and goods, ships and various
sensors to capture the data of industrial machines.
• Governmental Applications : Governmental IOT applications include devices used
to monitor traffic congestion, track wildlife in different places and keep alert from
natural disaster and calamities.
3.2
Threats
• AI-based attacks
• Insecure ecosystem interfaces
• Weak passcodes
• Lack of physical hardening
• Data storage and transmission are insecure.
• Device management and visibility are both lacking
• Botnets
6
Chapter 4
Proposed System
Mobile computing is a method of securing multiple IoT devices by utilising infrastructure such as a smart phone. The smart phone might serve as a controller or it can be
utilised for security authentication. These are intelligent devices. They provide adequate
security, although they are occasionally vulnerable to various virus attacks and threats.
So, different detection techniques are used to identify the attacks. The major goal of
these strategies is to detect various malware attacks in the system and to protect it from
external intervention.
Initially our user is selecting a IOT device in the network. The user will provide a credential for successfull authentication.If the credential matches, it will access the node and
if credential does not matches, it will go to user. While authentication it will provide
security to devices and it will detect the malware.
Figure 4.1: Flowchart
8
Chapter 5
Till Now Approaches Towards
Problem Statement
• Establishing Network : Raspberry Pi as a IOT device is used in the Network.
• Identifying all nodes from Network : The advanced IP Scanner application is used
to scan IP addresses of devices in the Network.
• Establishing connection through Host : The VNC Viewer application is used for
authentication.
• Run Appache Server on Host
• Ping on Host IP from Client devices connected on same network.
• Run some packages for identifying unexpected behaviour on network such as aircrackng.
Figure 5.1: rpi.PNG
Figure 5.2: IP Scanner.jpg
10
Figure 5.3: IP Address of IOT Device.jpg
Figure 5.4: VNC Viewer.jpg
11
Figure 5.5: Raspberry Pi VNC Viewer.jpg
Figure 5.6: Web Server.jpg
12
Figure 5.7: aircrack-ng
13
Chapter 6
Distinguish Approach
• Device detection and visibility:
There are several risk factors in IOT.But I have selected device detection and visibility because whenever IOT device come in a picture that time firstly it should
connected a network. Network might be wired or wireless depending upon device
application but when IOT device is connected to network, at that instance one IP
address is provided that device from network itself. Through that IP address anyone
from network or outside network can communicate with that IOT device.There are
two cases:
1) IOT Device is talking with other device
2) Other network node is trying to communicate with IOT device.
6.1
Present Approach
In present approach there is use of SSH/SSP that is Secure Shell Protocol. It is the
method of secure remote access to one device to another device in network. There are so
many different options to provide secure authentication like CBC.Cipher Block Chaining
(CBC) encryption is enabled on the SSH server. An attacker may be able to recover the
plaintext message from the ciphertext as a result of this.
14
6.2
Our New Approach
In our new approach, we are using Token Key Based Method.Token-based authentication
is a technique that allows users to confirm their identity and receive a unique access token
in exchange.Users can then access the website or app for which the token was granted
during the token’s lifetime, rather than having to re-enter credentials each time they visit
the same webpage, app, or other resource protected by the token.Specific authentication
and encryption settings can be used per SSID here, allowing you to specify different levels
of security for different resources. The authentication/encryption method is set to none
by default; we strongly advise you to use one of the supported authentication/encryption
methods.
15
Bibliography
[1] E. Shaikh, I. Mohiuddin and A. Manzoor, ”Internet of Things (IoT): Security and
Privacy Threats,” 2019 2nd International Conference on Computer Applications Information Security (ICCAIS), 2019.
[2] B. Liao, Y. Ali, S. Nazir, L. He and H. U. Khan, ”Security Analysis of IoT Devices
by Using Mobile Computing: A Systematic Literature Review,” in IEEE Access, vol.
8, pp. 120331-120350, 2020.
[3] C.-T. Li, C.-C. Lee, C.-Y. Weng, and C.-M. Chen, ”Towards secure authenticating
of cache in the reader for RFID-based IoT systems,” Peer-to-Peer Networking and
Applications, vol. 11, pp. 198-208, 2018.
[4] M. Togan, B.-C. Chifor, I. Florea, and G. Gugulea, ”A smartphone based privacypreserving security framework for IoT devices,” in 2017 9th International Conference
on Electronics, Computers and Artificial Intelligence (ECAI), 2017, pp. 1-7.
[5] A. Dean and M. O. Agyeman, ”A study of the advances in IoT security,” in Proceedings
of the 2nd International Symposium on Computer Science and Intelligent Control,
2018, p. 15.
[6] J. Ahamed and A. V. Rajan, ”Internet of Things (IoT): Application systems and
security vulnerabilities,” in 2016 5th International Conference on Electronic Devices,
Systems and Applications (ICEDSA), 2016, pp. 1-5.
[7] W. Zhu, J. Yu, and T. Wang, ”A security and privacy model for mobile rfid systems in
the internet of things,” in 2012 IEEE 14th International Conference on Communication
Technology, 2012, pp. 726-732.
16
[8] X. Sun and N. Ansari, ”EdgeIoT: Mobile edge computing for the Internet of Things,”
IEEE Communications Magazine, vol. 54, pp. 22-29, 2016.
[9] M. H. Khan and M. A. Shah, ”Survey on security threats of smartphones in Internet
of Things,” in 2016 22nd International Conference on Automation and Computing
(ICAC), 2016, pp. 560-566.
[10] V. Sharma, I. You, K. Andersson, F. Palmieri, M. H. Rehmani and J. Lim, ”Security,
Privacy and Trust for Smart Mobile- Internet of Things (M-IoT): A Survey,” in IEEE
Access, vol. 8, pp. 167123-167163, 2020.
[11] F. AlShahwan, ”Adaptive Security Framework in Internet of Things (IoT) for Providing Mobile Cloud Computing,” Mobile Computing: Technology and Applications,
p. 99, 2018.
[12] M. G. Samaila, M. Neto, D. A. Fernandes, M. M. Freire, and P. R. Inácio, ”Challenges
of securing Internet of Things devices: A survey,” Security and Privacy, vol. 1, p. e20,
2018.
[13] N. P. Owoh and M. M. Singh, ”Security analysis of mobile crowd sensing applications,” Applied Computing and Informatics, 2018.
[14] V. Malik and S. Singh, ”Security risk management in IoT environment,” Journal of
Discrete Mathematical Sciences and Cryptography, vol. 22, pp. 697-709, 2019.
[15] A. W. Atamli and A. Martin, ”Threat-based security analysis for the internet of
things,” in 2014 International Workshop on Secure Internet of Things, 2014, pp. 3543.
[16] M. A. Ferrag, L. Maglaras, and A. Derhab, ”Authentication and Authorization for
Mobile IoT Devices Using Biofeatures: Recent Advances and Future Trends,” Security
and Communication Networks, vol. 2019, 2019.
[17] E. Bertino, ”Security and Privacy in the IoT,” in International Conference on Information Security and Cryptology, 2017, pp. 3-10.
[18] M. A. El Khaddar and M. Boulmalf, ”Smartphone: the ultimate IoT and IoE device,”
Smartphones from an Applied Research Perspective, p. 137, 2017.
17
[19] B. L. Parne, S. Gupta, and N. S. Chaudhari, “Segb: Security enhanced group based
aka protocol for m2m communication in an iot enabled lte/lte-a network,” IEEE Access, vol. 6, pp. 3668–3684, 2018.
[20] C. Maple, ”Security and privacy in the internet of things,” Journal of Cyber Policy,
vol. 2, pp. 155-184, 2017.
18