Category Archives: IoT Gateway

IoT – Implementation of various security techniques to address real threats

Real ThreatsSecurity Techniques
Messages can be read by anyone on the internet.Various symmetric encryption techniques to make sure only sender and receivers can understand the message.

Examples:
– Advanced Encryption Standard(AES)
– Data Encryption Standard(DES)
Unencrypted or encrypted messages can be altered by anyone on the internet.Various Integrity protection techniques like Hash based solutions to detect alteration in messages.

Examples:
– SHA256 MAC
Stealing encryption key on the internet and calculating fixed keyPublic private key infrastructure based techniques make sure that keys used for encrypting the message are not fixed and random for each session. Along with it, it also makes sure that message encryption key cannot be steal by anyone by using asymmetric public and private key concepts.

Examples:
– Rivest, Shamir and Adleman (RSA)
– Elliptic Curve Cryptography (ECC)
Unauthorized access and illegal control of network and system resourcesAuthentication and Authorization techniques to make sure only authenticated users with valid credentials are allowed to enter into networks. Along with it, an adequate permission mechanism to set various authorization levels like admin, super admin, user level access, group level access, role based access control (RBAC) and attributes based access control (ABAC).

Example:
– oAuth (Open Authorization)
Physical attacks of devices computing, memory and storage devicesIn build security techniques to make sure you have a secure run time execution environment, secure RAM or ROM and Secure storage for any physical attacks.
Table 1.0

IoT – Common security in wireless communication Technologies

TechnologiesSecurityDrawbacks
ZigBeeThree types of security: Control and managing who or what can view or use resources. Encryption Integrity
It provides security by assigning a mandatory network key to each device for proper authorization.		Network key assigned to different devices are fixed and cannot be changed later.
BluetoothIt provides encryption of data between sender & receiver.It has some common threats like blue jacking & bluesnarfing.

Blue Jacking: Sending unsolicited message in the form of business card, messages, or pictures. It does not steal any information from recipient device.

Bluesnarfing: It is the unauthorized access of information from a wireless device through a Bluetooth connection, often between phones, desktops, laptops, and PDAs. This allows access to calendars, contact lists, emails and text messages, and on some phones, users can copy pictures and private videos.
Radio Frequency Identification (RFID)It provides encryption of data supporting AES & DES symmetric algorithm.– It does not provide security to read information from tags because tags give information without verifying the authentication of reader. The attacker can make his own reader to collect
information.

– Even attacker can change the cipher text that leads to data integrity issue.
Wireless Sensor Network(WSN)It provides encryption of data.There are several attacks in WSN, such as
– Denial of Service (DOS)
– Distributed DOS (DDOS)
Wireless Fidelity (Wi-Fi)Authentication and Authorization mechanism– There is no proper encryption mechanism that may cause to change the message by attacker.

– Eavesdropping & monitoring data
Table 1.0

IoT Layered Architecture – Security Threats

1. Perception Layer:

  • Eavesdropping: Stealing the information transmitted between sender & Receiver.
  • Node Capture: Getting full control of node like gateway node. That way all types of data including key used to build secure connection along with data in memory.
  • Fake Node & Malicious node: Adding not a valid or real node to occupy network bandwidth and hardware resources of real node. That causes destruction of whole network.
  • Replay attack: By eavesdropping between sender & receiver, an intruder capture the very basic identity of sender and start behaving like he is a real sender such that receiver gets impression that data is coming from real sender. That way intruder can send his or her desired command to receiver.
  • Timing attack: Intruder tries to observe the time consume between request and response that way tries to understand what types of queries are sent, what type of algorithms are used.

2. Network Layer:

  • Denial of Service (DoS) attack: Consume whole network bandwidth such that authentic user are not allowed to consume services.
  • Main-in-The-Middle (MiTM) attack: An attacker intercepts between sender & receiver and change the data of communication such that both sender & receiver believe that they are getting data from each other only.
  • Storage attack: Altering the information stored in storage devices or on cloud specially when multiple types of people are involved into replication of stored data.
  • Exploit attack: Taking advantages of security vulnerability, weak algorithm, poor hardware or bad programming helps attacker to retrieve precious information.

3. Application Layer:

  • Cross site scripting attack: Adding client side malicious script like java-script to change the actual code and execute the code what attacker wants to execute.
  • Malicious Code attack: A code inside the software itself causes damage of overall system. Such type of code is very hard to detect with even anti virus code.

4. Support Layer:

  • Denial of Service (DoS) attack: As describe above.
  • Malicious inside attack: Attack happens with the help of someone inside the network with valid authorization.

5. Processing Layer:

  • Exhaustion attack : To exhaust the system resources like battery & memory consumption.
  • Malwares attack : In the form of viruses, spyware, adware, Trojans horses and worms.

6. Business Layer:

  • Business Logic attack: Due to flaw in programming like poor coding, password recovery mechanism, poor validation & bad encryption techniques.
  • Zero-Day attack: Security issues in application and vendor is not aware about it.

IoT Platform – MainFlux

Description

  • It is on premise and cloud (or hybrid) based IoT Platform that provides:
  1. Device management
  2. Data aggregation and data management
  3. Connectivity and message routing
  4. Event management
  5. User Interface
  6. Core analytics
  • It is developed by considering following three main entities:
  1. Users : These are real users who can access and manage resources (CRUD).
  2. Things : These are devices & applications part of the IoT solution.
  3. Channels : These are communication channels to exchange messages.
  • It uses *NATS as a main messaging system.
  • It can be run on gateway as well as on cloud at the same time. It provides below services to deploy on gateway for having communication with MainFlux on cloud.
  1. Agents: It is a service to manage a gateway that is connected to MainFlux on cloud. It allows you to send commands to the gateway and receive responses.
  2. Export: It is a service that allows sending messages from one MainFlux cloud to another. It also allows sending messages from the gateway to MainFlux cloud.
  • MainFlux provides following major functionalities:
  1. Provisioning: It is a configuration of IoT Platform for creating & setting-up different entities (users, channels & things).
  2. Messaging: Publishing messages from things to channels using protocols (HTTP/MQTT/CoAP/WebSocket)
  3. Storage: Supporting multiple databases (CassandraDB/MongoDB/InfluxDB/PostgreSQL) to store messages.
  4. Security: Establishes secure connections when users or things are communicating with other entities proper certificates are required to set.
  5. Authentication: Using keys or TLS mutual authentication.
  6. Authorization: Setting policies to control permissions for users, things and channels. Mainflux uses *Ory Keto server.
  7. Group based authentication: Allows group based authentication for users & things.
  8. Bootstrap: Supports self restarting process based on conditions set. Devices can trigger bootstrapping if conditions are matched.
  9. Tracing: Supports for generating profiling and monitoring applications as well as helps in debugging. Mainflux uses the *Jaeger tracing framework. It also uses Grafana, Prometheus and OpenTracing for instrumentation purposes.
  10. Twin Services: Supports digital twins functionality.
  11. Benchmarking: To generate large traffic & measure performance third party tool MZBench is used.
  12. Container-based deployment using Docker and Kubernetes.

MainFlux architecture contains following services mentioned in table 1.0

ServiceDescription
usersThis service provides APIs to Manages users by allowing following major activities: New Account Registration Obtaining access tokens and verify them
thingsThis service provides APIs to manage resources (things & channels) by allowing following activities: Provision new things Create new channels Connect things and channels
http-adapterThis service provides APIs to send messages.
mqtt-adapterThis service provides MQTT APIs to send messages.
coap-adapterThis service provides CoAP APIs to send messages.
opcua-adapterThis service provides OPCUA APIs to exchange data. This sits between Mainflux IoT System & OPC-US server.
lora-adapterThis service provides Lora APIs to exchange data. This sits between Mainflux IoT System & OPC-US server. It uses MQTT protocols.
mainflux-cliThis service provides APIs for command line interface. Cli makes it easy to manage users, things, channels and messages.
Table 1.0

*NATS : It is an open source messaging system. It provides servers and also has client libraries (multiple languages) for interacting with servers. It is scalable and high in performance. It is also used in cloud based solutions.

*OPCUA(OPC Unified Architecture) is an open standard to exchange data from sensors to cloud applications. It is cross platform.

*Ory Keto is a permission and authorization server.

*Jaeger tracing system is an open-source tracing system for microservices

Is it open source?

Yes

https://github.com/mainflux/mainflux

Supported Messaging & Security protocols

  • HTTP/HTTPS
  • MQTT
  • WebSocket
  • CoAP
  • TLS

Supported Networks

  • BLE
  • Ethernet (eth0)
  • LoRaWAN

Supported technologies & tools

  • Docker
  • Kubernetes
  • Swagger

Supported Languages

  • Go
  • *Protobuf (Protocol Buffers)

*Protobuf : It is a mechanism that allows us to serialize and de-serialize data. It is language & platform neutral so that different programs written in different languages on different platforms can send & receive data without writing additional code. It has its own compiler and specification.

Supported Databases

  • CassandraDB
  • MongoDB
  • InfluxDB
  • PostgreSQL

Supported OS

Supports all major OS

Domains where it is used and can be used

Applicable in all domains where IoT solution can be implemented.

IoT Platform – OpenRemote

Description

  • OpenRemote IoT platforms enables connecting various network connected assets/entities/things to mobile and Web application.
  • OpenRemote platform architecture is split among following 6 major categories of IoT Solutions:
  1. Frontend
  2. Services (Manager)
  3. Agents
  4. Security
  5. Edge Gateway
  6. Console

Below table describes solutions provided by OpenRemote for above mentioned categories:

IoT Solution CategoriesFeatures/Tools provided by OpenRemote
FrontendFrontend simplifies creation and development of user interfaces that includes:
– Web Components & Templates for developing
browser based application & administration tool.
– Smartphone Apps for both Android & iOS

It also has some dedicated/pre-built frontend applications like:
– Multi tenancy based monitoring dashboard
– Home automation/Smart City based control panel
– Mapping all assets on map using asset model.
Services (Manager)Manager provides APIs of services or *headless applications to monitor & administrate the system. It provides following services:
– Asset management service
– State & Historical Data service
– Rules Engine
– Event Processing Engine
– Messaging Service
– Streaming Service

It provides APIs for following technologies:
– REST based HTTP APIs
– Websocket event based APIs
– MQTT event or protocol based APIs

Rules engines allows to write and understand the rules written using:
– Groovy
– JavaScript
– JSON
AgentsIt links the external devices or services with OpenRemote system. Agents supports proprietary and open standard protocols. It contains following two major components:
– Device Management
– Protocols Adapter
SecurityIt provides pre-integrated Keycloak based Identity & access management security that includes:
– Authentication (multi tenants authentication),
Single sign-on etc and also supports OAuth
authentication.
– Authorization
– Identity Management
Edge Gateway– It is a OpenRemote manager that connects to central
OpeRemote manager using Websocket API with proper
authentication mechanism.
– It also supports Keycloak identity management
solution.
– Edge Gateway has very limited hardware.
ConsoleIt is native mobile applications those are used by OpenRemote Web Component.
Table 1.0

* Headless Application functions without frontend or it exposes APIs.

Is it open source?

Yes

https://github.com/openremote/openremote

Supported Messaging & Security protocols

  • HTTP
  • *KNX (Konnex)
  • MQTT
  • *Simulator
  • *SNMP (Simple Network Management Protocol)
  • Serial
  • TCP
  • UDP
  • SSL
  • TLS

Note:

*KNX is OSI-based network communications protocol that is primarily designed and developed for building & home automation. And it is managed by the KNX Association.

*Simulator: It simulates a connection to an external services so that development can be done without the availability of actual

*SNMP manages & monitors of devices connected in network.

Supported Networks

  • Bluetooth Mesh
  • Z-Wave
  • LoRa etc.

Supported technologies

  • Websocket
  • Velbus( A home automation system)
  • Docker
  • NodeJS
  • REST

Supported Languages

  • Java
  • TypeScript
  • Groovy
  • CSS
  • Swift
  • Kotlin

Supported Databases

  • PostgreSQL with GIS and JSON extension

Supported OS

  • Supports all major operating systems

Domains where it is used and can be used

  • Energy Management
  • Asset Management
  • Smart City & Mobility

IoT Platform – Kaa

Description

  • It is an IoT Platform which is available in following forms:
  1. In-premise solution (Anyone can use it for their specialized or customized solution)
  2. Cloud based solution (Kaa provides Platform as a service solution – PaaS for their customization solution)
  • Below are the two major characteristics of Kaa architecture:
  1. Modular Architecture
  2. *Microservice Architecture

This type of architecture offers below benefits:

  1. Scalability
  2. Extensibility
  • This platform offers below features:
FeatureDescription
Device management– Digital twining and records of such devices
– Filtering & Grouping of devices
– Accessing credentials and metadata of devices
CommunicationEstablishing communication between Device & Gateway to address below requirements:
– Authentication & Authorization
– Data exchange
– Multiplexing
Data collectionCollection & Storage of below types of data and automatic remote transmission (telemetry)
– Time Series
– Device Logs
– Alerts
Configuration managementDevice and overall system configuration data in small & large scale deployment
Command invocationSending on demand or time based commands remotely.
Data analyticsQuerying mechanism to analyze & visualize the data.
Software updatesContinuous software up-gradation
VisualizationWeb interfaces for below requirements:
– Data Visualization
– Device Management
– Platform Administration
Also provides customizable dashboard
*Multi-tenancySupport for accessing solution by multiple tenants
InfrastructureManaging and monitoring clustering operations
Table 1.0

*Microservice architecture enables split a large solution into separate small multiple services where each service is responsible for specific functionality.

*Multi-tenancy is an architecture where a single instance of software is used by multiple tenants (group of users). Multi-tenancy architecture is different from multi-instances architecture.

Is it open source?

Yes, but cloud solution is subscription based.

https://github.com/kaaproject/kaa

Supported Messaging & Security protocols

  • MQTT
  • HTTPS
  • TLS

Supported Networks

  • Sigfox, LoRa, NB-IoT, …),Near Field (WiFi, BLE, Z-Wave, …) Cellular (2G/3G/4G/…)
  • Wired (Ethernet)

Supported technologies

  • NodeJS, REST API, WebSockets
  • Business tools like SAP, Salesforce, etc

Supported Languages

  • Java, Go, and TypeScript (NodeJS),
  • Platform users implement their compatible and integrated microservices also in Python, Rust, Scala, etc.

Supported Databases

  • Databases like Cassandra, MongoDB, InfluxDB, and others.

Supported OS

  • All major OS are supported.

Industries where it is used and can be used

  • Automotive
  • Agriculture
  • Healthcare
  • Logistics
  • Telecom
  • Wearables
  • Consumer Electronics
  • Renewable Energy etcs.

IoT Platform – Zetta

Description

  • It is an Internet of Things platform that provides IoT servers. This server can be run on:
  1. Distributed computers
  2. Cloud
  3. *IoT Hub using computer platforms that are specially designed for IoT applications i.e Raspberry Pi, Intel Edison & BeagleBone.
  • This IoT server is Node.js based that is cross platform.
  • Zetta Platform/Server consists below modules:
  1. Scouts – It is a device discovery module that performs below functionalities:
    • Search for devices on particular protocols
    • Reporting of found devices to Zetta server
    • Identifying the previously connected/communicated devices using unique id like MAC address
    • Maintaining devices specific relevant data like security credentials.
  2. Drivers – It enables to interact with device on physical level and is also responsible for modelling devices that help to generate APIs (Java-script) to use in Zetta platform.
  3. Server Extensions – It works on pluggable models to extend functionalities like defining new APIs & adding security in APIs etc.
  4. Registry/Database – It is a persistence storage that acts like a small database to keep information about devices.
  • It supports almost all device protocols.
  • It uses siren specification for APIs (*Hypermedia) that supports below functionalities:
  1. Querying for devices on a particular server
  2. Setting up links between servers
  3. Interacting with devices
  4. Streaming sensor data with web-sockets
  5. Registering hub-less devices
  • It supports reactive programming by exposing web-socket for streaming of real time data like events/notifications.
  • It also has peer to peer communication between zetta servers.
  • It has SQL like syntax to query the devices.

*IoT Hub acts as a central message hub for communication between an IoT application and its attached devices. You can connect millions of devices and their backend solutions reliably and securely. Almost any device can be connected to an IoT Hub.

*Hypermedia, an extension of the term hypertext, is a nonlinear medium of information that includes graphics, audio, video, plain text and hyperlinks. This designation contrasts with the broader term multimedia, which may include non-interactive linear presentations as well as hypermedia. [From wiki]

Is it open source?

Yes

https://github.com/zettajs/

Supported technologies

  • Node.js/Rest API
  • Websockets
  • HTTP

Supported Languages

  • Javascript & other web based programming languages

Supported OS

  • All operating systems that support Node.js

Hardware Requirements

  • It can run on 500MB, 500 Mhz with minimum 500MB storage space.

Security

Secure tunneling helps establish bidirectional communication to remote devices over a secure connection.

Industries where it is used and can be used

  • Automotive infotainment system
  • Home security system

other IoT based solutions where this technologies meets all requirements.

IoT- Basics of Nano-network

  1. What is nano-machine?

If device size is measured in a few nano-meters or a few micrometers is called nano-machine.

2. What is nano-network?

A set of interconnected nano-machines is called nano-network.

3. What are the basic tasks performed by nano-network?

It Performs below tasks:

  • Sensing
  • Actuation
  • Computing
  • Storing

4. What are the areas where nono-network is used?

  • Military
  • Biomedical
  • Industry
  • Environmental Research etc

5. What types of communication technologies are used in nano-networks?

  • Molecules based data transmission & reception
  • Electromagnetic radiation based data transmission & reception

6. What types of frequencies are used in nano-network?

It works in tera-hertz frequencies. The frequency range is from 0.1 THz to 100 Thz.

IoT – Message Protocols

Common Message Protocols Used in IoT

  1. MQTT(Message Queuing Telemetry Transport)
  2. HTTP/HTTPS
  3. AMQP(Advanced Message Queuing Protocol)
  4. CoAP(Constrained Application Protocol )
  5. STOMP (Simple (or Streaming) Text Oriented Message Protocol)
  6. DDS (Data Distribution Service)
  7. XMPP (Extensible Messaging and Presence Protocol)
  8. SSE (Server-Sent Events)
  9. LwM2M or Lightweight M2M

Details about some most commonly used protocols


MQTTHTTP/HTTPSCoAP
Latest version5.02.0RFC 7252
IP SuiteTCP/IPTCP/IPUDP (no Handshake or delivery acknowledgement)
SecuritySSL/TLS but weak authentication. Additional security can be added.TLS/SSLDTLS(Data gram TLS) & IPSec
Commercial/Open SourceOpenOpenOpen
ScalabilityYesYesYes
Throughput (msg/sec)FastFastFast (better than MQTT, HTTP & AMQP)
LatencyLow but more than AMQP & CoAP & HTTPLow but more than AMQP & CoAPVery Low
Power ConsumptionLowHigh (more than MQTT)Low
Memory ConsumptionLowHigh (more than MQTT)Low
Table 1.0


AMQPDDSXMPP
Latest version5.0.92.3RFC 6120,RFC 6121 and RFC 7622
IP SuiteTCP/IPTCP/IP, UDP, Shared MemoryTCP/IP
SecurityTLS extensions, including SNI, and SASL (better than MQTT)TLS, DTLSTLS, SASL (secure authentication)
Commercial/Open SourceOpenBoth Open & CommercialOpen Source
ScalabilityYesYesYes
Throughput (msg/sec)Fast (better than MQTT & HTTP)Very Fast as it is used for real time data transfer.Fast (used for instant messaging, chat & video chat)
LatencyVery LowVery LowLow
Power ConsumptionLow (More than MQTT)Not very high, it is used in IoT devicesNeed more power as compared to other protocols
Memory ConsumptionLow(More than MQTT)Not very high, it is used in IoT devicesNeed more power as compared to
Table 2.0

Layered architectures of IoT

Introduction

Based on the business and technologies needs, the architecture of the IoT solution is designed. It is very critical for any enterprise or government organization to define the IoT architecture to fulfill their requirements. Therefore, Industry experts, researchers and architects have invented layer based architecture for IoT solutions. They highly recommend choosing and defining the architecture very intelligently.

Layer based architecture has following advantages:

  1. Segregation of requirements into various categories
  2. Identifying the technologies
  3. Defining the overall work flow of solution
  4. Planning & managing different activities
  5. Defining hardware & software requirements
  6. Estimating the approximate cost of overall infrastructure
  7. Minimize complexity and increase confidence level of stakeholders

What are the available IoT Layered architectures?

  1. 3 Layered Architecture
  2. 4 Layered Architecture
  3. 5 Layered Architecture
  4. 6 Layered Architecture

There is also 7 Layered architecture exits based on business requirement by adding a separate Edge Layer. All these architectures are evolved based on research and actual business requirements.

In most of the cases, 5 Layered architecture is used.

What are the different layers in IoT layered architectures and their hierarchies?

3 Layers Architecture4 Layers Architecture5 Layers Architecture6 Layers Architecture
Application LayerApplication LayerBusiness LayerBusiness Layer
Network LayerNetwork LayerApplication LayerApplication Layer
Perception LayerSupport LayerProcessing/Middle-ware LayerSecurity Layer
Perception LayerNetwork LayerProcessing/Middle-ware Layer
Perception LayerNetwork Layer
Perception Layer
Table 1.0 Layered Architectures

Here, data flows in both directions from top to bottom and from bottom to top.

Description about different Layers

Perception Layer

IoT Devices (Sensors & Actuators) reside in this layer. These devices capture data and pass to the next layer.

Network Layer

This layer provides support for different wired & wireless network connectivity like ethernet, wifi, Bluetooth, BLE, Zigbee, sigfox, RFID, LoRAWAN, NB-IoT , 2G, 3G, LTE & 5G etc. This also includes different messaging transfer protocols i.e MQTT, CoAP, AMQP and DDS.

Processing Layer

This layer performs all types of activities that are required to generate structured data that can be shown to the user or administrator. These activities are data accumulation, parsing of different formats, filtering of data, data aggregation, storage of data and conversion of data in recipient format.

Support/Security Layer

This layer provides devices & user authentication along with authorization. It is also responsible for data protection (encryption & decryption) to support all types of cryptography based solutions to enhance security in complete solution. Nowadays, software and hardware based security is very much needed at IoT devices, Gateway, communication networks, message protocols as well as user interface level.

Application Layer

This layer provides an interface for end users to interact with IoT solutions. This interface enables the generation of information based on end user requirements. Here, the end user can be a customer who uses IoT enabled services or an administrator who manages and controls IoT components and overall operations.

Business Layer

This layer defines a set of rules, organization policies, defines security parameters, defines specification of data based on business or customer needs and use cases.