Tag Archives: IoT Security

IoT Domain Sub model– Functional Model

Definition

  • It defines the main functionality and their interactions.
  • It is based on following three principles or concepts:
    • Abstract:
      • It is not tied to any technology, application domain or implementation.
      • It does not explain different functional components that make up different functional groups.
    • Define Functional Groups and their interactions.
    • Functional View:
      • It defines runtime functional components of the system, that covers following aspects:
        • Responsibilities of functional components.
        • Default functions of functional components.
        • Main interfaces of functional components.
        • Primary interactions of functional components.

Functional Model defines two types of functional groups:

1. Longitudinal Functionality Group:

Functionalities are limited to that specific group only and are not required by any other functional groups. These functional groups are spread lengthwise in overall model and their interaction is also manly two way longitudinal.

Below are the 7 longitudinal Functional Groups:

  1. Application
  2. Service Organization
  3. IoT Process Management
  4. Virtual Entity
  5. IoT Service
  6. Communication
  7. Device

2. Transversal Functionality Group:

Functionalities are required to be implemented almost in all functional groups, therefore these are spread across all functional groups. Example: Security and Management

Below are the 2 transversal Functional Groups:

  1. Security
  2. Management

Brief explanation of above mentioned functional groups:

1. IoT Process Management Functional Groups:

  • It provides necessary functional aspects to integrate the specific concept of IoT system with business process. This helps enterprises to make sure IoT Sub-System adhering the common & new industry standards and best practices like BPMN 2.0 (Business Process Model and Notation). So that an isolated and proprietary “IoT” solution is not required to establish.
  • As the reliability and accountability of sensor data providing information of virtual entity along with processing capabilities of devices are major aspects of business process, IoT process management helps to hide the IoT specific implementation at lower level to enable smooth integration.
  • While practical realization is done then bu sines process policies covering permissions, prohibitions and obligation aspects; are required to address in IoT Process management.
  • IoT Process Management FG are dependent on Service Organization FG for the execution of business process by finding, binding and invoking specific services.

2. Service Organization Functional Groups:

  • It acts as communication hub among other Functional groups because its primary responsibility to composing (combining multiple basic services to get response of a request) and orchestrating services at various abstraction level so that requests coming from IoT Process Management FG or external application can link to right services as well also link with associated entities by utilizing Virtual Entity FG & IoT Service FG.
  • It also acts as brokerage of services so that Services can subscribe to other services available in system.

3. Virtual Entity Functional Groups:

It contains following functionalities :

1. It has functions for interacting with IoT System having multiple Virtual entities.

2. It also has functionalities for discovering and looking up services that provide information about Virtual Entities.

3. It also has functionalities to managing the static association & dynamic association of moving and non moving Physical entities(virtual entities).

4. IoT Service Functional Groups:

  • It contains functionalities to discover, look-up and name resolution of IoT Services.

5. Communication Functional Groups:

  • It contains various communication schemes based on technologies and also provides interfaces to interact with IoT Services FG.
  • These functional groups consider following aspects related to communication:
  • Data Representation
  • End to End path information
  • Addressing issues
  • Network Management
  • Device Specific features
  • Protocol Translation
  • Context Passing functionalities

6. Management Functional Groups:

  • It contains all functionalities that are required to govern any IoT System. It covers below four high level goals:

1. Cost Reduction: It should covers maximum use cases or users to avoid creation of different solutions for different use cases. It also covers the capturing of data to know the current cost.

2. Attending unexpected usage issues: It covers the knowledge of system state and strategies to address along with mitigation of unforeseen situations like: link failure, queue overload, devices are not working, introduction of error into system and emergency situation like stopping a train or moving complete system into energy saving mode.

3. Fault handling:

It covers to address the unpredictability of future failures that includes below goals:

  • Prediction of failures
  • Detection of existing failures
  • Reduction of effects of failures
  • Repair

4. Flexibility:

  • It covers to address the changes in requirements so no new system is required to prepare when user requirements change.
  • It also includes management of membership, ownership, their administration, defining rules & rights and accompanying information of the given entity to the IoT system.

7. Security:

It covers security and privacy of IoT system that includes:

  • Initial registration of client into system securely to make sure only legitimate clients are allowed to login into system.
  • Keeping user information protected and anonymous while accessing resources or services.
  • Legitimate interaction occurs between peers that are statically authorized or trusted to interact with each other.
  • Secure and data integrity protections.

IoT Layered Architecture – Security Threats

1. Perception Layer:

  • Eavesdropping: Stealing the information transmitted between sender & Receiver.
  • Node Capture: Getting full control of node like gateway node. That way all types of data including key used to build secure connection along with data in memory.
  • Fake Node & Malicious node: Adding not a valid or real node to occupy network bandwidth and hardware resources of real node. That causes destruction of whole network.
  • Replay attack: By eavesdropping between sender & receiver, an intruder capture the very basic identity of sender and start behaving like he is a real sender such that receiver gets impression that data is coming from real sender. That way intruder can send his or her desired command to receiver.
  • Timing attack: Intruder tries to observe the time consume between request and response that way tries to understand what types of queries are sent, what type of algorithms are used.

2. Network Layer:

  • Denial of Service (DoS) attack: Consume whole network bandwidth such that authentic user are not allowed to consume services.
  • Main-in-The-Middle (MiTM) attack: An attacker intercepts between sender & receiver and change the data of communication such that both sender & receiver believe that they are getting data from each other only.
  • Storage attack: Altering the information stored in storage devices or on cloud specially when multiple types of people are involved into replication of stored data.
  • Exploit attack: Taking advantages of security vulnerability, weak algorithm, poor hardware or bad programming helps attacker to retrieve precious information.

3. Application Layer:

  • Cross site scripting attack: Adding client side malicious script like java-script to change the actual code and execute the code what attacker wants to execute.
  • Malicious Code attack: A code inside the software itself causes damage of overall system. Such type of code is very hard to detect with even anti virus code.

4. Support Layer:

  • Denial of Service (DoS) attack: As describe above.
  • Malicious inside attack: Attack happens with the help of someone inside the network with valid authorization.

5. Processing Layer:

  • Exhaustion attack : To exhaust the system resources like battery & memory consumption.
  • Malwares attack : In the form of viruses, spyware, adware, Trojans horses and worms.

6. Business Layer:

  • Business Logic attack: Due to flaw in programming like poor coding, password recovery mechanism, poor validation & bad encryption techniques.
  • Zero-Day attack: Security issues in application and vendor is not aware about it.

Layered architectures of IoT

Introduction

Based on the business and technologies needs, the architecture of the IoT solution is designed. It is very critical for any enterprise or government organization to define the IoT architecture to fulfill their requirements. Therefore, Industry experts, researchers and architects have invented layer based architecture for IoT solutions. They highly recommend choosing and defining the architecture very intelligently.

Layer based architecture has following advantages:

  1. Segregation of requirements into various categories
  2. Identifying the technologies
  3. Defining the overall work flow of solution
  4. Planning & managing different activities
  5. Defining hardware & software requirements
  6. Estimating the approximate cost of overall infrastructure
  7. Minimize complexity and increase confidence level of stakeholders

What are the available IoT Layered architectures?

  1. 3 Layered Architecture
  2. 4 Layered Architecture
  3. 5 Layered Architecture
  4. 6 Layered Architecture

There is also 7 Layered architecture exits based on business requirement by adding a separate Edge Layer. All these architectures are evolved based on research and actual business requirements.

In most of the cases, 5 Layered architecture is used.

What are the different layers in IoT layered architectures and their hierarchies?

3 Layers Architecture4 Layers Architecture5 Layers Architecture6 Layers Architecture
Application LayerApplication LayerBusiness LayerBusiness Layer
Network LayerNetwork LayerApplication LayerApplication Layer
Perception LayerSupport LayerProcessing/Middle-ware LayerSecurity Layer
Perception LayerNetwork LayerProcessing/Middle-ware Layer
Perception LayerNetwork Layer
Perception Layer
Table 1.0 Layered Architectures

Here, data flows in both directions from top to bottom and from bottom to top.

Description about different Layers

Perception Layer

IoT Devices (Sensors & Actuators) reside in this layer. These devices capture data and pass to the next layer.

Network Layer

This layer provides support for different wired & wireless network connectivity like ethernet, wifi, Bluetooth, BLE, Zigbee, sigfox, RFID, LoRAWAN, NB-IoT , 2G, 3G, LTE & 5G etc. This also includes different messaging transfer protocols i.e MQTT, CoAP, AMQP and DDS.

Processing Layer

This layer performs all types of activities that are required to generate structured data that can be shown to the user or administrator. These activities are data accumulation, parsing of different formats, filtering of data, data aggregation, storage of data and conversion of data in recipient format.

Support/Security Layer

This layer provides devices & user authentication along with authorization. It is also responsible for data protection (encryption & decryption) to support all types of cryptography based solutions to enhance security in complete solution. Nowadays, software and hardware based security is very much needed at IoT devices, Gateway, communication networks, message protocols as well as user interface level.

Application Layer

This layer provides an interface for end users to interact with IoT solutions. This interface enables the generation of information based on end user requirements. Here, the end user can be a customer who uses IoT enabled services or an administrator who manages and controls IoT components and overall operations.

Business Layer

This layer defines a set of rules, organization policies, defines security parameters, defines specification of data based on business or customer needs and use cases.