IoT Security: Security Solutions for the Internet of Things PDF

Summary

This document covers IoT security solutions for the Internet of Things (IoT). It includes topics such as basic concepts, requirements, specifications, threat modeling, and attack surface analysis for the IoT. Also included are the ENISA reports, the Industrial Internet of Things (IIoT), and the concept of IoT 2.0, along with lightweight security primitives.

Full Transcript

IoT Security:
Security Solutions for the Internet of Things

Dr. Nikolaos Athanasios Anagnostopoulos
Course Organisation

Every Thursday from 16.00 to 18.00 in (ITZ) SR 004, from 18.04.2024 until and including
18.07.2024.
On Thursday 06.06.2024, the course will be held in (IM) SR 030.

20 September 2023 University of Passau 2
Course Organisation

The following topics will be covered:
Basic concepts (definition of the Internet of Things (IoT), examination of the different
segments of the IoT and their diversity, applications of the IoT, the need for (lightweight)
security in the IoT)
Requirements, specifications, threat modelling, attack surface analysis for the IoT
The ENISA reports regarding good practices for security of the IoT
The Industrial Internet of Things (IIoT) and the concept of IoT 2.0

20 September 2023 University of Passau 3
Course Organisation

The following topics will be covered:
Introduction of security in the IoT in the design phase
Lightweight security primitives: Physical Unclonable Functions (PUFs), True Random-
Number Generators (TRNGs), Trusted Platform Modules (TPMs), and other solutions
Lightweight cryptography for the IoT: Standards and proposed solutions
Authentication protocols in the context of the IoT
Attestation of IoT devices in the field
Advanced security solutions for the IoT utilizing the blockchain, machine learning, post-
CMOS technologies and/or advanced artificial intelligence (Security for the IoT 2.0 concept)

20 September 2023 University of Passau 4
Course Organisation

The following topics will be covered:
Secure sensor data aggregation in the context of the IoT: Issues and potential solutions
Sensor measurements with the STM B-L475E-IOT01A board
Security in the framework of the STM B-L475E-IOT01A board
Exploring a comprehensive security solution for the STM B-L475E-IOT01A board in the
framework of a network forming a small segment of the IoT

20 September 2023 University of Passau 5
The Internet of Things (IoT): A Definition

Not a single definition for the IoT

IBM (https://www.ibm.com/topics/internet-of-things): “The Internet of Things (IoT) refers to a network of
physical devices, vehicles, appliances, and other physical objects that are embedded with sensors, software,
and network connectivity, allowing them to collect and share data.”
Wikipedia (https://en.wikipedia.org/wiki/Internet_of_things): “The Internet of things (IoT) describes devices
with sensors, processing ability, software and other technologies that connect and exchange data with other
devices and systems over the Internet or other communications networks.”
Own (https://tuprints.ulb.tu-darmstadt.de/21494/2/Dissertation_Anagnostopoulos_2022_two-sided.pdf): “The
Internet of Things (IoT) refers to a network of devices where data are exchanged, processed, and utilised by
the different sensors, actuators, and other electronic devices connected to this network, potentially also
leading into actions being taken, without direct human intervention, supervision, or control. Within this
framework, devices communicate with each other, and decide on different actions that should be performed
by the network’s actuators, based on the data received from the various sensors of the network, as well as
from other electronics, and according to a set of predefined rules. The IoT has found wide application both in
space and in terrestrial applications, and especially in the implementation of such concepts as smart homes,
smart cities, smart grids, and smart vehicles.”

20 September 2023 University of Passau 6
The Internet of Things (IoT): A Definition

The Internet of Things
– The overall interconnected network of “smart” devices
– The Internet of autonomously operating devices

– Essentially, the overall network of sensors, agents, actuators, and other devices that perform some task
– Allows devices to collect information and data, to process them, and to take actions
– Without human intervention/action

– Based on sensors that gather information and other data as well as on actuators and agents that perform tasks
– Includes processing devices that have the ability to decide on actions to be taken based on the data and sets
of (potentially predefined) rules
– Potentially combined with Artificial Intelligence (AI)

20 September 2023 University of Passau 7
The Internet of Things (IoT): Components and Segments

Components of the Internet of Things
– Sensors and data aggregators: Resource-constrained devices, such as single-board computers and microprocessors
– Actuators and agents: Potentially resource-constrained devices or ones focusing on a single task, which may be
based on commercial off-the-shelf hardware or dedicated hardware with limited functionality
– Processing segment: Most probably high-end devices, e.g., infrastructure servers

Segments of the Internet of Things
– IBM (https://www.ibm.com/topics/internet-of-things): physical devices, vehicles, appliances, and other physical objects
that are embedded with sensors, software, and network connectivity
– Wikipedia (https://en.wikipedia.org/wiki/Internet_of_things): devices with sensors, processing ability, software and
other technologies that connect and exchange data with other devices and systems over the Internet or other
communications networks
– Own (https://tuprints.ulb.tu-darmstadt.de/21494/2/Dissertation_Anagnostopoulos_2022_two-sided.pdf): different
sensors, actuators, and other electronic devices connected to this network / space and terrestrial applications, and
especially smart homes, smart cities, smart grids, and smart vehicles
– World Forum on the Internet of Things (https://wfiot2023.iot.ieee.org/about): Space, Maritime, Agriculture &
Aquaculture, Smart Cities, Energy, Power, and Sustainability, Industry and Manufacturing

Huge diversity of devices, systems, protocols, and networks!

20 September 2023 University of Passau 8
The Internet of Things (IoT): Inherent Diversity

Huge diversity of devices, systems, protocols, and networks!
– Unlike the Internet, where some standardization has been achieved over the years, the IoT is still based upon
a collection of heterogeneous devices and diverse systems that utilize different protocols and networks
– Some examples of connectivity solutions used in the network:
Wi-Fi
LoRaWAN
Bluetooth https://www.eetasia.com/wp-
content/uploads/sites/2/2022/05/iot-
Ethernet devices_cover.jpg?w=600&h=400&c
rop=1
Serial
Analog I/O Pins
CAN
ZigBee
– Problems of incompatibility and lack of standardization…
– Additionally, the relevant devices may range from sensors and evaluation boards to high-end dedicated
servers

20 September 2023 University of Passau 9
The Internet of Things (IoT): Urgent Need for Security

https://imageio.forbes.co
m/specials-
images/imageserve/622c
76350eeba0c86be6e781
/intelligent-vehicle-
Huge diversity of devices, systems, protocols, and cockpit-and-wireless-
communication-network-
networks! concept/960x0.jpg?form
at=jpg&width=1440
– As well as incompatibilities and lack of standardisation

https://rfidhaber.com/wp-
content/uploads/2023/09
Enormous scale: ~30 billions of connected devices by /354.jpg
2030, ~17 billions today! (https://www.statista.com/statistics/1183457/iot-connected-
devices-worldwide/)

https://www.researchgate.net/profile/
At the same time, the IoT’s operation is by-design not Abderrahmen-
Trichili/publication/360233150/figure/
being supervised by humans! fig5/AS:1149675222646785@16511
15341591/IoT-categories-and-uses-
in-maritime-
communications_W640.jpg

20 September 2023 University of Passau 10
The Internet of Things (IoT): Urgent Need for Security

Unconventional scenarios, previously unthought of!
– One’s smart autonomous car automatically opens one’s smart garage’s door for the car to be parked inside
one’s garage.
– So, now, if someone steals one’s smart car, do they also gain access to one’s home?
– Ease of use / improvements to user experience (which may lead to previously unforeseen/unintended
applications)

Connection to critical infrastructures
https://blog.sintef.com/wp-
– Space segment content/uploads/2020/12/IoT-i-
kraftnettet_v1-2-2048x1228.png
– Smart (energy) grids

IoT 2.0
– Connection to 5G/6G, machine learning and AI, edge computing, Industry 4.0, and the blockchain

20 September 2023 University of Passau 11
The Internet of Things (IoT): Urgent Need for Security

Deployment in the open field
– Contrary to normal devices, IoT devices may be deployed in the open field and be totally unsupervised

Very early standardization effort and mostly regarding network protocols
– 5G / 6G as the technology encompassing all others for wireless communication; however LoRa is also getting
more and more popular
– Ethernet for wired communication

Relation/balance between security and cost (especially in unforeseen/unintended applications
of already deployed devices)
– Security and its cost
– Security and the cost associated with damages
– Security and ease of use / improvements to user experience (which may lead to previously
unforeseen/unintended applications)
– Security and risk assessment/management (and also ease of use as well as cost/price calculations)
→ Acceptable level of security

20 September 2023 University of Passau 12
The Internet of Things (IoT): Urgent Need for Security

Essentially, a need to secure systems of systems of increasing complexity as well as vast
networks of networks

https://iot.electronicsforu.com/wp-content/uploads/2020/10/3-696x413.jpg
https://www.mdpi.com/1424-8220/21/23/8117

20 September 2023 University of Passau 13