Académique Documents
Professionnel Documents
Culture Documents
Several organizations have predicted the potential impact of IoT on the economy and the
Internet. For example, Cisco believes that by 2019 the count of interconnected devices could
reach up to 24 billion. On the other hand, Morgan Stanley believes that by 2020 the count of IoT
objects would reach 75 billion. Additionally, Huawei raises the bar with a prediction of 100
billion by the end of 2025. McKinsey Global Institute analyzed IoT’s impact on world economy
and identified a worth of $3.4 to $11.1 trillion by 2025 (Rose, Eldridge and Chapin, 2015). With
varied projection, on the whole, they all point towards global growth.
IoT also has some protestors who believe that it would violate privacy and security or
the living being through extensive surveillance. However, the primary focus of the Internet
Society is only to grow interactions between people and institutions in their social, personal,
and economic lives. The explosion of IoT would change the way users engage and exchange
data. It would have a different effect in the various countries and regions, resulting in a global
pool of challenges and opportunities (Rose, Eldridge and Chapin, 2015).
Through making connection between several devices to a network and enabling data
gathering and analysis, Internet of things is expected contributing to create customer value.
Thus, a critical infrastructure affects lives of people and economic activities become an area
where IoT is utilized. In this perspective, security measures for IoT system are very important to
be considered. Therefore, a shortage of security operations is faced by administrators while
using Internet of Things. Present research focuses on identifying gateway based security
measures that would be helpful to mitigate security issues in Internet of Things.
Chapter 2: Research context and question
To critically analyze the role of gateway based security measures covering up the
communication gap between IoT devices.
These research objectives will observe and cover the IoT security vulnerabilities, their
causes and effects. The research objectives will also help in better understanding of the
research problem. These objectives will also contribute to uncovering the essential and trending
aspects of the IoT including the Massive Scaling, IoT Architecture, and Dependencies, Creating
Knowledge and Big Data, the robustness of the IoT service, its Openness, Security, Privacy, the
involvement of humans in the loop, and much more (Stankovic, 2014).
Based on these research objectives, it becomes convenient to discover the common
security challenges that occur on IoT gateways. This research will, therefore, help organizations
to take special measure to safeguard and protect their IoT services, the IoT gateways, and
devices connected to them. The research objectives will also help the organizations understand
the involvement, control, and effects of the human interaction with such a system. These
behaviors are observed under different conditions where (i) humans are in direct control of the
system, (ii) human are passively involved - the system observes it and take appropriate actions
(iii) applications which passively monitors human beings for their physiological parameters, and
a combination of (i), (ii), and (iii) (Stankovic, 2014).
Research objectives are also aimed to help evolve the “Internet of Mobile things.” As the
intelligent things that work on the network, known as the “Internet of Things” are on the way to
be controlled over by mobile devices, organizations today are developing mobile applications
for everything they want to do with these devices. These mobile applications are quite easy and
quick to develop and are capable enough to carry out basic operations and control the devices
that connect to the IoT gateways. Such mobile applications, their flexibility, and widespread use
will open new opportunities and a wide space for the attackers to cause harm to the network
and the service.
The research objectives will help the organizations and developers of the IoT services
observe the key areas to monitor, manage and optimize the flow of data and information that
might be critical for the service. Developers and designers will also better understand the
optimal data capture, processing, and transmission for the Internet of Things. With a huge
amount of data traveling over the network, the research objectives will help the organizations
also uncover the better opportunities of the cloud storage and its active involvement in the
operations of the Internet of things.
In the end, the research objective will help find the optimal gateway based measures
that will add security and enhance the efficiency, productivity, competency, and reliability of the
Internet of Things. These will also lead to generation or identification of one or more policy
guidelines that will help to develop a better and efficient IoT service. Lastly, the research
objectives will propose some recommendations for the implementation of the IoT service.
2.3
R1. What are the security issues and vulnerabilities found in the applications of IoT
in digital marketing?
R2. What are the barriers of adopting security in IoT projects used for digital
marketing?
Amid the previous 15 years, the Internet upheaval has reclassified business-to-customer
(B2C) ventures, for example, media, retail and budgetary administrations. In the following 10
years, the Internet of Things unrest will significantly modify fabricating, vitality, farming,
transportation and other modern areas of the economy which, together, represent about 66%
of the worldwide total national output.
It will likewise on a very basic level change how individuals will function through new
cooperation amongst people and machines. Named the Industrial Internet (of Things), this most
recent flood of mechanical change will bring uncommon open doors, alongside new dangers, to
business and society. It will join the worldwide reach of the Internet with another capacity to
straightforwardly control the physical world, including the machines, production lines and
foundation that characterize the cutting edge scene. Be that as it may, similar to the Internet
was in the late 1990s, the Industrial Internet is presently in its beginning times. Numerous
essential inquiries remain, including how it will affect existing enterprises, esteem chains, plans
of action and workforces, and what activities business and government pioneers need to take
now to guarantee long haul achievement. In order to address these and different inquiries
confronting business and government pioneers, the World Economic Forum's IT Governors
propelled the Industrial Internet activity at the Annual Meeting 2014 in Davos, Switzerland.
Amid the most recent eight months, the task group has built up a directing structure and led a
progression of research exercises, incorporating into individual workshops, virtual working
gathering sessions, meetings of key idea pioneers, and an overview of trailblazers and early
adopters around the globe.
As the Industrial Internet increases more extensive reception, organizations will move
from items to result based administrations, where organizations contend on their capacity to
convey quantifiable outcomes to clients. Such results may go from ensured machine uptimes on
industrial facility floors, to genuine measures of vitality funds in business structures, to ensured
edit yields from a particular package of farmland. Conveying such results will require new levels
of joint effort over a biological community of business accomplices, uniting players that
consolidate their items and administrations to address client issues. Programming stages will
develop that will better encourage information catch, collection and trade over the biological
system. They will help make, disseminate and adapt new items and administrations at
extraordinary speed and scale. The enormous victors will be stage proprietors and accomplices
who can bridle the system impact characteristic in these new advanced plans of action to make
new sorts of significant worth. For example, Qualcomm Life's 2net stage underpins an extensive
variety of associated gadgets that would all be able to contribute tolerant wellbeing information
to enhance doctor's facility to-home wellbeing and monetary results.
The research additionally demonstrates that the Industrial Internet will drive
development in efficiency by displaying new open doors for individuals to update aptitudes and
go up against new sorts of occupations that will be made. A larger part of officials we
overviewed trust that the developing utilization of "advanced work" as shrewd sensors, savvy
collaborators and robots will change the abilities blend and center of tomorrow's workforce.
While bring down talented employments, regardless of whether physical or intellectual, will be
progressively supplanted by machines after some time, the Industrial Internet will likewise make
new, high gifted occupations that did not exist some time recently, for example, therapeutic
robot planners and lattice enhancement engineers. Organizations will likewise utilize Industrial
Internet innovations to enlarge specialists, making their employments more secure and more
profitable, adaptable and locks in. As these patterns grab hold, and new abilities are required,
individuals will progressively depend upon savvy machines for work preparing and aptitudes
improvement.
Internet of Things (IoT) was the most built up innovation in 2014. Much of this buildup
focuses on customer applications, for example, savvy homes, associated autos and shopper
wearables like wristband action trackers. Nonetheless, it is the IoT's mechanical applications, or
the Industrial Internet", which may at last diminutive person the purchaser side in potential
business and financial effects. The Industrial Internet will change numerous enterprises,
including assembling, oil and gas, horticulture, mining, transportation and medicinal services. By
and large, these record for almost 66% of the world economy.3 As society develops towards a
coordinated advanced human workforce, the Industrial Internet will reclassify the new sorts of
new occupations to be made, and will reshape the very idea of work. Given the more
noteworthy noteworthiness, this report concentrates only on the Industrial Internet. The
Industrial Internet is still at a beginning period, like where the Internet was in the late 1990s.
Our overview comes about underscore this point: most by far (88%) of respondents say that
despite everything they don't completely comprehend its basic plans of action and long haul
suggestions to their ventures. While the advancement of the shopper Internet in the course of
recent decades gives some essential lessons, it is indistinct the amount of this learning is
material to the Industrial Internet given its special extension and prerequisites. For instance,
constant reactions are regularly basic in assembling, vitality, transportation and social insurance.
Continuous for the present Internet as a rule implies a couple of moments, while ongoing for
modern machines is regularly sub-millisecond. The designing general guideline directs that a
10x change in execution requires a totally new approach, also the 100x change that the
Industrial Internet will probably require. Another imperative thought is dependability. The
present Internet typifies a "best exertion" approach, which gives satisfactory execution to web
based business or human associations. Surprising server glitches at Google or Amazon cause
delays in email or spilled video. Be that as it may, the disappointment of the power network, the
airport regulation framework or a mechanized production line for a similar time allotment
would have considerably more genuine outcomes. This solid inclination towards constant and
unwavering quality, which has added to a traditionalist culture among mechanical organizations
in grasping change and new advances, together with the high cost and long life expectancy of
regular modern items, are largely basic factors in forming how the Industrial Internet will
develop.
Internet of things technology has not only come with some benefits, opportunities, and
ease, it has also raised a major security concern, especially for the businesses. Major sectors
that are much concerned about the security include banking, financial services, business
organizations, government security agencies, and more. The quick and insecure use of the IoT
can cause different types of security risks such as theft of sensitive or private data, malicious act
on data, disruption of business operations, slowing down of the business functionalities, data
interruption, change or destruction of the essential IoT infrastructure, and so on (Pal and
Purushothaman, 2016).
Why is it an issue?
The technology has made a significant place not only in the industrial context but also,
in the homes, workplaces, and educational institutions. The last two decades have experienced
a surge in the use of electronic devices such as electric kettles, microwave ovens, washing
machines, toasters, refrigerators, and automobiles such as cars and bikes. These now operate
on a network that connects dozens of microprocessors together at a single place in a network
(Lin and Bergmann, 2016). As one of their essential features, the IoT devices are capable of
collecting a huge amount of data, in a small interval of time and process, transmit, and share it.
A significant amount of this data can be private and personal, related to finances or some
company policies. Thus adequate protection of such information is necessary. This task also
needs special measures as now data travels over the network in unprecedented amounts and it
becomes more challenging to identify threats to the flowing data (Pal and Purushothaman,
2016). When it comes to communication, not always, it takes place after undergoing some level
cryptographic confidentiality, authentication algorithms, and integrity measures as part of the
protocol on which the devices are working. Almost all of the IoT applications comes loaded with
some basic levels of security features. Also, in some cases, they offer some flexibility to
configure for specific application requirements (Pal and Purushothaman, 2016).
Along with all the other security considerations such as debugging the interfaces and
generating secure storage of confidential data in hardware, the IoT hardware designers are
worried about the side channel attack. In this attack, the critical information gets collected from
the physical aspects of the system. This information is then leveraged to break security controls
and cause potential harms such as stealing the passwords and encryption keys. These attacks
mainly focus on data presentation rather than the information. These attacks are usually made
to capture information that is required to get an unauthorized entry into the IoT system, finally
leading to damage and data loss (Dhanjani, 2015).
Thus, it becomes important to find out the issues that are responsible for security
concerns in Internet of Things.
The immediate future is undoubtedly going to bring about 26 to 30 billion devices into
the everyday life with a market worth of about $9 trillion. This growing number of devices will
generate a huge amount of data, need for larger storage capabilities, faster networks, and more
bandwidth to support the growing internet traffic. Apart from the mentioned above
functionalities, these devices also need strong data protection methods (Pal and
Purushothaman, 2016).
Internet of Things is also greatly susceptible to the Denial of Service (DoS) attack. As a
large number of data travels over the network, the IoT devices are highly vulnerable to become
hostage of DDOS attacks. This denial of service attack works best for the Internet of things as
their model involves an enormous amount of data requests from the server (Park, Chen and
Choo, 2017).
The recent spread of Internet of Things along with number of interconnected devices is
increasingly dramatically. In addition, the connected devices are not limited to the information
devices. The devices comprise increasingly distinguish among the list of items that includes life-
related to the items like vehicles and medical equipment along with the items that have
potentially large impact on the society like power stations and nuclear facilities. Internet of
Things includes several network-connected devices (Brindha and Shaji 2015). If the device is
infiltrated by malware, it becomes the starting point for spreading infiltration to different
devices, which could ultimately threaten the critical infrastructure. Previously security incidents
have demonstrated vulnerabilities in communication software of the devices connected to the
critical infrastructure like surveillance cameras targeted for enabling unauthorized access from
the outside. The devices are used as starting points in order to make critical infrastructure work
abnormally. Thus, it becomes a great issue of concern for security while using IoT.
How the research sheds light on?
Rapid development of Internet of Things allows using in several areas. The IoT services
of smart homes or offices get leveraged connecting the IoT devices with gateways. In such
cases, the attacker manipulates the gateway targeting every device in the network. In this
attack, even though the gateway does not manipulate, a connected malicious device can initiate
the DoS attack hamper the communication.
Apart from homes and workplaces, even Logistics and Transports are already using RFID
tags to track their pallets, shipments, and even individual items through the IoT. These are the
smart tags that are capable enough to log and report the state of the transport conditions, for
example, tilt, temperature, shock, pressure, humidity, etc. The key driver is cost and orderly
communication to hundreds and thousands of tags at the same time (Lin and Bergmann, 2016).
Internet of things deeply influences other industries such as dining, entertainment,
hospitality, healthcare, sports and fitness, science, manufacturing, telecommunication, banking,
environmental science, education, retail, and more. Thus the security of information is the
utmost priority for these sectors (Lin and Bergmann, 2016, p.3).
Such widespread use if the Internet of Things has laid a greater amount of pressure on
the manufacturers. Although building an end-to-end security into the IoT design is a lofty work
for the designers and developers. They must aim to ensure that the device meets an acceptable
level of trust in their products. The major challenge for the manufacturers in developing a
strong security subsystem is the integration and aggregation of some technologies. This open
exposure to some technical fronts makes the threat map, and the attack surfaces larger for the
malicious users (Gilchrist, 2017).
When people use computers, laptops, or smartphones, they have some built-in basic
versions of firewalls to protect the data breach. Sometimes they use a 3 rd party software that is
readily available to allow or deny some specific types of activities on the network. These options
may provide some protection to the data and information that flows in and out of the device. In
the case of the Internet of things, having a security subsystem is necessary, the system should
be highly competent, difficult to cut through, highly economical, and easy to install. However,
the maintenance and consistent updates is still a big challenge for most of the IoT developing
companies. Several companies today, therefore, fail to meet the maximum levels of security.
The probable reason for this low level of security is the profit margin these manufacturers aim
to achieve (Gilchrist, 2017).
To grab the maximum attention in the market and to meet the demands of the people,
several organizations miss and skip the security features in these devices. Also, after a device
becomes too popular into the market, it creates pressure on the manufacturers to produce the
product in large quantities, within budget, with limited resources, and in less time. This pressure
then lays less focus on implementing better security measures for such devices. The
manufacturers start taking shortcuts to manufacture products that are of low quality and with
minimal or no security features. Security the primary thing is then compromised when it comes
to mass production of IoT. This compromise is because the buyers do not lay much emphasis
and fail to notice the minimal security features (Gilchrist, 2017).
Security is also sometimes compromised by the manufacturers of the IoT devices due to
the use of mobile applications. Today, there is a mobile application for all the technological
needs of people. Almost every service or product available in the market is being some way or
the other operated by a mobile application. This rapid involvement of the mobile platform left
many breaches in the security of these internet-powered devices. These mobile apps designed
for IoT consists of insufficient security provisions for authentication and authorization. They
even lack data transport encryption, a secure mobile interface, and a secure cloud interface
making them more vulnerable (Gilchrist, 2017).
Chapter 3: Literature review
3.1 Preface
In the development of IoT applications, security and testing frameworks acts a vital role.
This chapter of the research deals with the communication model used in IoT. In addition, the
issues and need for IoT gateway are discussed in order to mitigate security issues. The types of
implementing IoT gateway, their architectures and layers of the IoT gateway are discussed in
this chapter of the research. The chapter also explains security measures, IoT network security
and importance of software-defined networking. The use of cryptosystems, access control,
proxy service, firewalls and LAN gateway and secure on boarding, firmware updates and limiting
interfaces associated with the use of IoT are explained in the chapter of research. It is important
to identify the barriers to secure information security in IoT system such as organizational
barriers.
Legal and regulation rights. The concept of IoT has raised many legal and regulatory
questions which have an extensive scope. For example, issues such as cross-border data flows,
data misuse, civil rights and law enforcing surveillance conflicts, retention of data, security
breaches, legal liabilities of unintended uses, or lapse of privacy (Rose, Eldridge and Chapin,
2015). However, to enable the user’s rights through the laws and regulations of IoT, several
architectures and principles have started evolving (Rose, Eldridge and Chapin, 2015).
In this model, the devices adhere to a particular protocol for communication and
information exchange. It mostly finds implementation in applications where devices require low
data rate and communicate through small data packages. For example, the devices in a home
automation system such as bulbs, thermostats, door locks, and light switches make use of small
amount of information to communicate (Rose, Eldridge and Chapin, 2015).
The device-to-device model has a lot of interoperability challenges. According to
an article of IETF journal “these devices often have a direct relationship, they usually have built-
in security and trust [mechanisms], but they also use device-specific data models that require
redundant development efforts [by device manufacturers].” In such cases, manufacturers of
various devices will have to implement data formats that are specific to the device, resulting in a
lot of investment in development efforts (Rose, Eldridge and Chapin, 2015).
From an end-user perspective, this model would require the users to selects
devices which are compatible with other devices. For example, the devices using ZigBee might
not be compatible with Z-wave devices. Such restrictions result in the limited choice of device
selection for the users (Rose, Eldridge and Chapin, 2015).
This model has taken several forms in the consumer devices. However, in most of
the cases, an application running on a smartphone communicates with the device and acts as a
local gateway. Fitness trackers and other consumer items employ this kind of model. These
devices rely on smartphones as they are incapable of connecting to the cloud service directly.
Here, the role of smartphones is to act as an intermediate gateway. This model is helping to
address the interoperability issues faced in the above two models (Rose, Eldridge and Chapin,
2015).
An article in IETF Journal provides more detail about the model from a technical
perspective: “This [communication model] gets implemented in situations where the smart
objects require interoperability with non-IP [Internet protocol] devices. Sometimes this
approach is taken for integrating IPv6-only devices, which means a gateway is necessary for
legacy IPv4-only devices and services” (Rose, Eldridge and Chapin, 2015).
In figure 6, the end node makes use of WAN to connect to the Internet directly.
The WAN connection could be through Ethernet or Wi-Fi. In this case, the gateway works as a
router. On the other hand, when the nodes autonomously manage themselves through their
own IoT agent, then the gateway can simply be a router (Folkens, 2014).
Figure 6: Nodes directly connect to the Internet
There is only one exception that the nodes in this architecture make use of a PAN
connection to connect to the internet. The PAN connection could include 6LoWPAN, Bluetooth,
ZigBee or any other PAN technology. Here, the gateway acts as a point of translation between
the WAN and the PAN.
Figure 7: Nodes indirectly connect to the Internet using PAN through 6LoWPAN
There are many other types of architectures and nodes to build the IoT systems.
However, the above three architecture show the general implementation of IoT in the
residential and industrial application. The performance and the sophistications might vary
depending upon the use of the end points, but the above architecture focuses on low cost and
high volume applications. The next section describes the various practical IoT gateway
architectures.
The advancement in the IoT technology has paved the way for the further developed IoT
gateway architecture, implementing semantic gateway as a service as shown in figure 7. The
semantic IoT architecture comprises of three entities, the sink nodes, the gateway nodes and
the IoT services. The sink nodes represent the sensors, actuators and other appliances which
collect the IoT data from the surroundings. The gateway nodes are the intermediary nodes
which collects data from the sensors and other devices and forwards them to the IoT services
for further processing. The IoT services then process the received information and perform
functions and provide desired services to the user. The main component of the semantic IoT
architecture is the semantic gateway as a service. This service connects the sink nodes to the
internet cloud using various transmission protocols such as CoAP. MQTT, XMPP, and others
(Desai, Sheth and Anantharam, n.d.).
Figure 8: Semantic Gateway as a Service
The semantic gateway as a service consists of three components which include, multi-
protocol proxy, semantic annotation service, and the gateway service interface. Multi-protocol
proxy is the element of the gateway which fetches the information from the physical world, that
is, it collects data from the sensors. The language difference at the sensor and the IoT services
end requires a muti-protocol proxy to convert the sensor information into a form which is easily
understood by the services. It consists of two additional components to manage the sensor
data. First component being topic and which stores the sensor resources and information; the
second component is the topic router which contains information of the publisher (sender) and
subscriber (receiver) of the message. It ensures safe transmission of sensor information. The
sensor data collected does not contain annotations which limit their usability in designing of
applications and services. It is the reason the data before being sent to the services is given
proper annotations at the semantic annotation service component of the gateway. These
annotations help in the clear understanding of the data and give the opportunity to the service
provider to build an effective service around the received data. Once the annotations assign to
the data, it gets forwarded to the IoT gateway service interface. This interface is responsible for
transmitting the sensor data to the services interface. This component of the gateway connects
to the service interface using REST and publish-subscribe methodology. The sensor data and the
service gateways remain independent of each other, and the gateways unite the two
independent components by acting as a bridge which connects the data to services (Desai,
Sheth and Anantharam, n.d.) The difference in format of data of the sensor and the service gets
managed by the gateway. The data after manipulation transmits to the service interface where
it is processed by the various application to draw necessary inference about the surrounding
environment.
The semantic gateway as a service is a technique which provides a platform for initiating
communication between the real world devices and the technological services. This gateway
ensures interoperability and facilitates cross-platform communication using the various network
protocols. Furthermore, this architecture encourages the secure transmission of data as the
gateway act as a barrier which analyzes the transmitted data and ensures only the authentic
information gets forwarded and restricts all the other malicious data. Thus, the gateway
architecture supports IoT and enables safe implementation of services.
Intel also offers an IoT gateway to promote an interoperable environment in IoT. The
gateway incorporates various network technologies and protocols, embedded system
controllers, and security mechanism to effectively transmit the real world information to the
applications and services which process it and generate a relevant outcome. It is responsible for
sending the physical world data to the cloud platform as shown in figure 8. The Intel IoT
gateway collects the information from the sensors and controllers embedded in the system and
then filter out the most significant data from the bulk. It then decides on the selecting the best
mechanism for connecting to the cloud. The gateway implements various security solutions
such as data encryption to ensure secure data transmission. It is built on an open architecture to
support interoperability and enable easy and effective application development. Its integrated
components ensure quick and flexible application development and deployment (Intel IoT
Gateway, n.d.). The main components of the Intel IoT gateway architecture are as follows.
The designing of effective gateway-based security measures must align to three primary
IoT layers. The first layer involves the perception layer, which is the core IoT layer indicating the
origin of the information. As a result, the perception layer senses and gathers information from
the physical settings using the wireless and technology sensors. The second layer involves the
network layer, which is known as the transport layer. This layer encompasses the core and
access networks facilitating data transmission. Some of the core aspects characterizing the
network layer include the radio access network and the mobile network. The last layer involves
the service layer, which is also known as the application layer. This layer enhances data
processing and management. Therefore, the gateway security measures needed to address the
security issues emerging in the IoT ecosystems must be based on the three key IoT layers to
ensure their efficiency in protecting data (C.P, 2016).
IoT gateways are necessary for providing end-to-end connections for transferring the
application specific data from the low power sensors to the cloud solutions for processing. The
gateways are responsible for the transfer of bulk information comprising of crucial data which
requires established security measures to safeguard the information. However, the vast expense
of the network and its connectivity with a million of the devices worldwide makes it vulnerable
to cyber-attacks. The increased case of network breach and data theft has made it crucial for
the IoT developers to develop a secure system which ensures safe transmission of information.
This secure system requires implementing some preventive measures to assure data safety. The
primary demand for such a system is authorization and authentication. The devices must allow
only the authentic and genuine users to access the information restricting the illegal access
(Yousuf et al., 2015, pp.610-613). Apart from authorization there exist several security concerns
which require immediate attention to ensure safe transmission within the IoT network. Securing
the IoT gateways is one of those important safety concerns. The IoT network needs to take
effective preventive measure to deal with its security issues. The below listed are the general
IoT network security actions and the specific steps of gateway safety for avoiding security
breach in the IoT network.
3.8.2 Cryptosystems
IoT network comprises of several interconnected components such as sensors,
actuators, RFID (Radio Frequency Identification Devices), GPS (Global Positioning Systems) and
the internet. The extensive network of different devices and the information flow over the web
necessitates the requirement of standard security measures to ensure data security. Moreover,
considering the IoT gateways which connect the devices the cloud mandates the
implementation of high-level security for data confidentiality. It is because the millions of
devices connected to the cloud exploiting its computational services. This interconnection of
devices at one point demonstrates the power of IoT while on the other hand poses a threat to
the information security. It is because when millions of devices connect to the same networks,
there increase the chances of intrusions and malicious attacks within the network. This
potential security risk demands the implementation of appropriate prevention mechanisms to
avoid security breaches. It needs updating of the internet protocols and implementing TLS
(Transport Layer Security) and TCP/IP protocol to ensure safe transmission. Use of suitable
cryptographic solution also helps in secure data transmission (Kim, 2015, pp.201-203).
3.8.4 Firewalls
The Internet has revolutionized the information system and has made data access simple
and quick. Furthermore, it supports IoT, allowing millions of devices to connect to a single
network and share information. However, this extensive network has its limitations. The
Internet is open to all providing an equal opportunity to the anti-social elements to manipulate
the legitimate information of the network. This unethical activity demands proper security
solution to ensure safety and confidentiality of the crucial data. One way to ascertain this
security is through the use of established security solutions such as intrusion protection and
others, for every device of the network. However, the implementation of such security solutions
is not cost effective. Therefore, there is a need for some affordable safety measures (Al-Fuqaha
et al., 2015). Firewall is one such solution which stands between the IoT network and the
internet to protect the former from malicious attacks and intrusions. It provides a single
checkpoint that restricts all the destructing data and ascertains smooth functioning of the IoT
network.
The key feature of the firewall is to protect the network from the external influence. It
manages this security by restricting the traffic both from inside to outside and vice versa. The
firewall allows only authorized users to enter the network thereby protecting the system from
fatal attacks. Additionally, the system which gets implemented as firewalls will be immune to
attacks creating a secure environment for information transmission.
Service control. Firewalls allow the access of only the authentic service to the internal
network restricting all other services. It performs data filtering by IP address, protocols, and
port number. It also provides proxy software which validates the service before passing it on to
the destination. This service control mechanism ensures that no destructive services enter the
network and harm its integrity (Aleshunas, 2010, pp.2-12).
Direction control. It is responsible for making a decision about information flow
direction in the network. It decides on selecting the requests, initiation, and flow direction. It
verifies the requests and directs it to the desired system so that it may not disturb the normal
workflow of the other network components (Aleshunas, 2010, pp.2-12).
User control. It specifically occurs within the internal environment of the organization.
This access control of the firewall monitors the way the internal network users are using a
particular service. It manages the services and permits access to the user based on their
requirement. This service checks the internal network components and tries to resolve the
internal errors so that risk of information security can be reduced (Aleshunas, 2010, pp.2-12).
The firewall filters the network information through packet filtering. It either works as a
positive filter allowing access to only authorized information, or, as a negative filter, which
restricts all malicious data. Different type of firewalls has differing capabilities of examining the
data packets and protocols headers which help to identify the data content. Discussed below
are some of these firewall types.
Packet filter firewall. This firewall implements rule-based approach to verify the
incoming and outgoing messages and then makes the forwarding decision based on it. The
configuration of the firewall is such that manages both inbound and outbound messages
(Aleshunas, 2010, pp.2-12). The following information of the network governs the rules of data
flow.
1. Source IP address is the IP address of the system from where the message originated.
2. The destination address is the IP address of the system where the message needs to get
delivered.
3. Source and destination, transport level port number helps to identify the applications
used.
4. IP protocol field of the network packet contributes to determining the transport
protocol.
5. Interface information helps to know the interface or the port where the packet initiated
and where it needs to reach in the case of firewalls with more than two ports.
The firewall examines the network mentioned above packet information and matches it
with the set rules. If the information matches the rule, the corresponding action gets
performed. However, in the case of unmatched rules, the default action occurs which involves
either packet forwarding or packet discard. The packet discard policy gets implemented in the
business and government organization to help protect the network from external attacks
because they transmit mission critical data. IoT must also implement discard policy in the case
of the unmatched rule to safeguard crucial system information (Aleshunas, 2010, pp.2-12).
Stateful inspection firewalls. The packet filter firewall is unable to tighten up security on
the TCP-based traffic. Specifically, in TCP session, the client whose TCP port number lies
between 1024 and 65535 establishes a connection with the host TCP application having a port
number less than 1024. The port number less than 1024 is the “well known” and are application
specific. However, the port numbers greater than 1024 are dynamic and gets allocated
temporarily for a particular session. The simple packet filter permits inbound traffic on these
higher port numbers which increased the security vulnerabilities of the network which when
exploited by unauthorized users can cause some severe damage to the information security of
the network. The use of stateful inspection firewall can restrict such security vulnerability as it
stiffens the rules for TCP traffic. It creates a directory for outbound TCP connections and
maintains a record for each connection. The firewall then allows connection to only those
clients whose information it has stored in the directory. The advantage of this firewall over the
packet filter firewall is that it not only filters the network packet but also secures the TCP
connections making the communication safer by avoiding attacks such as session hijack. It
enhances the security of the network and safeguards information (Aleshunas, 2010, pp.2-12).
In order to address highly diverse IoT environment as well as related security challenges,
it is required for a flexible security framework. Below, it illustrates the security environment