Security & Privacy Threats in Different Layers of IoT Architecture

Get Complete Project Material File(s) Now! »

What is Internet of Things (IoT)

In 1999, Kevin Ashton of Procter & Gamble tabled the term “Internet of Things for the very first time. In simple words, the Internet of Things (IoT) is a network of objects that are embedded with sensors, software, and other related technologies mainly for connecting, exchanging, and transferring data with other devices and systems via the internet. These devices may range from simple household objects to complex business and industrial tools and technologies.
We can say that it is an ecosystem where humans, objects/devices, and the internet interact with each other, intersect with each other and gives birth to IoT as seen in figure 1 below.
According to Stojkoska and Trivodaliev (2017), Smart objects that are capable of communication and computation with each other are present everywhere around us. For instance, ranging from simple sensors, home appliances, sophisticated smartphones to industrial devices. These heterogeneous networks of such objects/devices come under the umbrella of a phenomenon known as the Internet of Things. Vermesan and Friess (2013) explain the Internet of Things (IoT) is a network that allows heterogeneous objects to connect at any time and any place over the internet.
During the past 5-6 years, the Internet of Things (IoT) has received considerable attention from academic researchers and the business world. It is now considered one of the most vital elements of Industry 4.0 (Perera, et al., 2014).
There were more than 50 billion IoT devices until 2020 and it is expected that these devices will generate 4.4 zettabytes of data in 2021. Financial returns or revenue generated in the IoT market is similarly astonishing, it has been forecasted that the IoT market will range from $1.6 trillion to $14.4 trillion in 2025, influencing nearly every sector of the economy and human life e.g. transportation, medical care, agriculture, homes, vehicles, schools, markets and industries (Al-Fuqaha, et al., 2015).
Thanks to the Internet of Things (IoT), billions of devices, objects, and gadgets are now connected via the internet around the globe. Collecting and sharing data and exchanging valuable information. Gubbi, et al. (2013) endorsed this capability of IoT by stating, it is an interconnection of sensing and actuating devices, enabling their capability to share information across platforms through a unified framework and developing a common operating picture for enabling innovative applications.
The Internet of Thing’s (IoT) vision is to transform the Internet by creating networks of billions of wirelessly recognizable objects / devices that can communicate not only with each other at anytime and anywhere, but with anything and everyone. One method of achieving this is by increasing RFID processing capacities, more wireless sensor networks (WSNs), and storage capacity at lower costs, which will result in the development of a highly decentralized common pool of resources linked by a dynamic system of networks (Borgohain, et al., 2015).
In reality, communications in the IoT can occur not only between devices but also between people and their surroundings. In IoT systems, people, cars, computers, books, TVs, cell phones, clothing, food, medicine, passports, luggage, and other everyday items require a unique identifier allowing them to communicate with one another (Soullie, 2014).
The Internet of Things will have a significant positive impact on citizens, businesses, and government. Ranging from assisting governments in reducing healthcare costs and improving quality of life to reducing carbon footprints, increasing access to education in remote underserved communities, and improving transportation.

How Internet of Things (IoT) works

Internet has changed the world and how we work & communicate with each other, and this will continue to evolve with the induction of technologies like 5G and new internet protocols like Li-Fi. Internet of things (IoT) has taken this connectivity to a whole new level by connecting multiple devices simultaneously through the internet, thus not only facilitating man to machine but also machine to machine interactions (Stojkoska and Trivodaliev,2017). This capability opened doors to unimaginable opportunities to exploit for both personal and business levels.
The functioning and application of Internet of things (IoT) is not as complicated as it sounds, but it largely depends on how tech-savvy is the audience. Youngsters and young families are expected to utilize it more than old-age people (Vermesan and Friess, 2013).
In a simple IoT system, devices with built-in sensors are connected to an IoT platforms that collect, exchange, and integrate data from the different devices and then apply smart analytics to exchange vital information with associated applications built to cater to specific needs (Suciu et al., 2013). These capable and powerful IoT platforms have the ability to point out, what information is required and can be useful and what can be ignored. Collected information can be used for various purposes from detecting patterns, make recommendations, detecting possible problems to smart decision making (Al-Fuqaha et al., 2015).
For instance, if I own a sports clothing and accessories business and I am interested in knowing which optional sports accessories (fishing tools, skating accessories, skiing accessories) are most popular among customers. This can be achieved by applying an Internet of Things solution. I can use sensors to see and detect which areas in the shop are the most popular and where customers spend the most time. Based on this information I can re-align my business strategy, to check which items are selling fast and to make sure hot selling items don’t run out of stock while saving time and money at the same time.
IoT Ecosystems are not limited to a particular sector of the economy. IoT business applications are versatile and influence nearly all fields e.g. home automation, vehicle automation, production automation, medical, retail, healthcare, defense, financial sector, and many more (Alcaide et al., 2013).
IoT systems can also use artificial intelligence (AI) and machine learning to make data collection easier and more dynamic.

Internet of Things (IoT) and its Enabling Technologies

There are number of technologies that facilitate and enable the internet of things for its smooth functioning namely: Internet protocol 6 (IPv6), radio frequency identification (RFID), wireless sensor network (WSN), intelligent sensing devices, near field communication (NFC), cloud computing (CC), global positioning systems (GPS), service-oriented architectures (SOA), geographic information systems (GIS) and cellular devices (3G/4G/5G). Among these mentioned technologies, three are considered the core technologies for optimal working of the internet of things i.e. IPv6, RFID, and WSN. Figure 6, below highlights various technologies used in an IoT system of different scales and sizes (

Internet Protocol version 6 (IPv6)

The internet protocol version 6 (IPv6) is the most advanced and cutting edge protocol for the Internet’s network layer. IPv6 is designed by developers to address various issues of the current version of the internet protocol suite (IPv4) e.g. depletion, safety/security, auto-configuration, extensibility, and scalability. IPv6 has expanded the abilities of the Internet to enable new kinds of technologies such as the Internet of things.

Radio Frequency Identification (RFID)

Radio frequency identification is one of the main enabling technologies of the Internet of Things. Although, its use in the commercial and private sectors is quite new. RFID uses electromagnetic fields to automatically identify and track tags attached to objects/devices. It consists of two components: RFID tags and RFID readers (Glover and Bhatt, 2006).
RFID tag is a device that is attached to the object we want to track or wish to collect data for. and an RFID reader is a device that can feel/recognize the presence of an RFID tag and is able to read the data stored on it (Glover and Bhatt, 2006). RFID technology retrieves data from tagged objects wirelessly with the use of radio waves (Whitmore, Agarwal, and Da Xu, 2014).
RFID tags are of three types: passive, semi-active, and active tags. Passive RFID tags are devices that don’t have their own power supply. They obtain their power by modifying the electromagnetic radio wave that the RFID reader sends when querying it for data (Glover and Bhatt, 2006). A semi-active tag has a small power supply but gets power from other sources to complement its limited power supply (Glover and Bhatt, 2006).
Whereas, active RFID tags have their own built-in power supply to power their microchip and sensors (Glover and Bhatt, 2006). IoT devices usually operate for extended periods of time, therefore Passive RFID devices are more suitable for the internet of things because they fulfil their power consumption requirements from other sources.

Wireless Sensor Networks (WSN)

Wireless sensor networks (WSN) are sensor devices geographically distributed in a predefined indoor or outdoor environments and settings. They are used for monitoring and recording the physical conditions of the environment and organizing the collected data at a central point (sinks), where it is being forwarded to a data repository for processing (Benabdessalem, Hamdi, and Kim, 2014). These central points (sinks) for data collections are very powerful as they handle all incoming data, process it, and then send it back to the back-end system.

Protocols for Internet of Things (IoT)

Since the Internet is the key enabler for IoT systems to function. So a TCP/IP protocol stack similar to the one used for the Internet is also suitable for IoT systems. Therefore, in this section, I will outline some of the standard protocols defined for IoT ecosystems. There are also a number of communication protocols used in the internet of Things (IoT). Some of the main IoT Communication Protocols are Bluetooth, Wi-Fi, Radio Protocols, LTE-A, and Wi-Fi-Direct. These protocols are used in various capacities to fulfil the specific functional requirement of an IoT system and its working. Following are the main protocols used in IoT devices.


IoT and its Impact on People, Society, Businesses & Industries

There are four interconnected components of the IoT ecosystem (people, objects, software, and hardware) that communicate over public and private networks. These networks can be secured and unsecured. The untrusted and unsecured networks give rise to the issues of security, privacy, and trust (Borgohain, et al. 2015).
Personal data is shared or is shareable without the consumer’s knowledge in the current age of smart devices. This is due to the fact that data collection has now become passive – performed behind the scenes by the sensors and other data-collection mechanisms built into these smart devices. This trend indicates that consumer information collection has shifted from being actively provided by the consumer to being passively accessed without the consumer’s knowledge (Gubbi, et al., 2013).
Analytics commoditization is an emerging concept fed by big data, analytics, and smart algorithms created by social media, consumer goods, FMCG, home appliances companies to gather consumer data. Personal data required for purchasing products and services has become economically viable; personal data can now be traded or monetized. Data commoditization driven by analytics and artificial intelligence has changed the meaning and value of consumer data, thus raising privacy concerns for consumers (
Over the years, several security and privacy concerns have risen as a result of the rapid growth in the usage of IoT devices and applications. When virtually everything is connected to everything else, this problem will only get worse and continuous exposure will simply expose more security bugs and vulnerabilities. Hackers can now take advantage of such limitations in IoT technology. Exposed vulnerabilities and weaknesses in an environment of billions of devices is an open invitation for exploitation. There is a risk that loopholes and malfunctions in the IoT systems can overshadow all of its potential benefits if sufficient protection is not put in place (Gubbi, et al., 2013).
Consumer data is normally stored in outsourced third party cloud storage locations by organizations. These vendors can easily get hold of the majority of consumer sensitive data. As a result, cloud service providers now have unrestricted access to consumers’ data without the need for any privacy contract. Organizations are the primary customers of cloud service providers not the consumers. The greater the distance between the data keepers (cloud services provider) and the real owner of the data (consumer), the more likely unethical behavior will occur and the risks of data breach will increase (Priya, Pathak and Tripathi, 2018).
Organizations and their supply chain partners can now collaborate within and across the supply chains thanks to B2B integration. Personal data accumulated by various organizations has now been integrated into these cross-organizational supply chains, resulting in a unified digital profile of billions of consumers and giving rise to privacy concerns (Mattord and Whitman, 2018).
For instance, technology giants like Google, Facebook, Microsoft, EBay, and Amazon have compromised user trust on so many occasions by tracking or sharing data they were not authorized to, either on purpose or through system hacks. But still, they are a vital part of our daily and digital lives. The amount of data modern-day smart devices collect is enormous, but what exactly these gadgets and devices are collecting varies from device to device and is based on terms of service agreements, and local regulatory frameworks.
Let’s take the example of intelligent virtual assistants (IVA) like Google Assistant, Cortana, Alexa, and Siri. They know about us more than we know about ourselves, e.g. our location, what we buy, where, and when we buy groceries, clothes, and other things of our interest, our travel plans, our health status, our taste in music and movies, and our likes and dislikes. They know when we are at home or coming home, what our voice sounds like as compared to family members and friends. and whether we’ve paired them with other smart devices in home or not, and what some of those devices are sensing or can sense. Apparently, this data is used to make one’s smart device experience better, personalized, and joyful, but what if all this information goes into the wrong hands.?
Borgohain, et al. (2015) explained security issues affecting the IoT technology and integration of such technologies. He particularly highlighted distributed denial of service (DDoS) attacks. In Oct 2016, a large section of the internet was shut down temporarily and so many websites and social media applications were un-accessible, e.g. Twitter, the Guardian, Netflix, CNN, and Reddit. The sole reason was the largest DDoS attack ever faced by the internet community, particularly inflicted on the service provider Dyn through an Internet of Things botnet. This IoT botnet was created via malware named Mirai. This malware-infected computers and Internet of Things devices by penetrating into their passwords without the owner’s authorization (Ahmad, 2018). Such attacks are increasing alarmingly, e.g. by 30% from 2017 to 2018 with an increase in average attack size of 543% because of the lack of authentication, authorization, privacy, safety and security of IoT devices (Abrams, 2018).
The majority of devices ask for personal information from users, e.g. name, age, gender, email address, home address, current location, phone number, and access to social media profiles, when we want to connect with them. This information can be very handy for hackers (Fowler, 2017). Devices that are not secured are always at risk of being attacked. These attacks can be like the above-explained Mirai malware or personal identity or personal information theft (Ahmad, 2018). Lots of IoT devices come with embedded cameras, microphones, and speakers in them. Parents who purchase baby monitors with Wi-Fi connectivity may face a security threat since these baby monitors can be easily hacked from virtually anywhere in the world (Flannigan, 2016). In 2017, Germany’s Federal Network Agency declared the smart doll named « My Friend Cayla » an illegal espionage apparatus. Officials state the doll has a hidden microphone that can record and collect the personal conversations of children without any consent for collection, use, or disclosure of this data (Joseph, 2019).
People who have installed different IoT devices such as smart lock systems and indoor fire alarms connected with Bluetooth and/or Wi-Fi may not be as safe as they think, because University of Michigan researchers hacked into these devices without much effort ( They managed to successfully open electronic locks, changed preset device settings of different objects, and remotely triggered a false fire alarm. Smart TVs also track nearly everything people do with their remotes. This information is then sold to third parties for monetary purposes.
The rapid speed of innovation has resulted in requirements for millions of devices, the majority of which are network (mainly wireless) connected in some way. Unfortunately, at the software and infrastructure levels, most of these devices have little to no protection. (Medaglia and Serbanati, 2010).
Security has been characterized by researchers as a structured framework consisting of concepts, values, principles, policies, procedures, techniques, and measures necessary to protect individual system assets and the system as a whole from any intentional or unintentional attacks. Both of these interactions must be protected, to ensure the data and service provisioning to all parties and to limit the number of incidents that can affect the IoT ecosystem (Miller and Rowe, 2012).

Table of contents :

1. Introduction
1.1 Background
1.2 Previous Research Around the Problem
1.3 Purpose of the Research
1.4 Research Question(s)
1.5 Importance and Significance of the Research
1.6 Proposed Model for Thesis Report
2. Literature Review
2.1 Online Search Criteria
2.2 What is Internet of Things (IoT)
2.3 What are Internet of Things (IoT) Devices
2.4 How Internet of Things (IoT) works?
2.5 Components of Internet of Things (IoT) Eco System
2.6 Internet of Things (IoT) and its Enabling Technologies
2.7 Protocols for Internet of Things (IoT)
2.8 Architecture of Internet of Things (IoT)
2.8.1 Three Layer and Five Layer Models of IoT
2.8.2 Security & Privacy Threats in Different Layers of IoT Architecture
2.9 IoT and its Impact on People, Society, Businesses & Industries
2.9.1 Authentication
2.9.2 Authorization
2.9.3 Privacy
2.9.4 Confidentiality
2.9.5 Integrity
2.9.6 Self Configuration
2.9.7 Availability
2.9.8 Trust Management
2.9.9 Key Management
2.9.10 Software Authenticity
2.9.11 Physical Security of Devices
3. Methodology
3.1 Research Paradigm & Methodology
3.2 Research Strategy
3.3 Research Approach
3.4 Data Collection & Data Collection Methods
3.4.1 Semi-structured Interviews How Data was Collected during Interviews
3.4.2 Focus Groups Components of a Focus Group How Focus Group Session was Conducted
3.5 Data Analysis
3.5.1 Grounded Theory How Grounded Theory is Applied on Collected Data
3.6 Research Standards
3.7 Limitations of the Study
3.8 Expected Contributions
3.9 Ethical Considerations
4. Empirical Findings
4.1 Data Collection from Interviews
4.2 Data Collection from Focus group Session gs
5. Discussion
5.1 Familiarity with Smart Homes and Internet of Things
5.2 Use of technology and smart devices
5.3 IoT devices as an improvement in quality of life
5.4 Ordinary security resilience
5.5 3rd party involvement
5.6 Lack of true security and privacy understanding
5.7 Willing to buy smart home devices again
6. Conclusion
6.1 Contribution
6.2 Future Research
7. References.


Related Posts