The security of communication protocols used for Internet of Things

The thesis introduces a range of communication protocols used to implementing smart homes currently available on the market. Two protocols are chosen and theoretically analysed in depth. The analysis both describes how the protocols works and describes the measures taken in order to protect it against attacks from third parties. The theoretical evaluation analyses how susceptible the protocols are against the replay and eavesdropping attacks. The theoretical evaluation is followed by a case study where one of the communication protocols are analysed practically. During the case study a smart home using the chosen protocol is set up. The network is then attacked with the attacks described in the theoretical evaluation. The theoretical and practical outcomes are compared to see if they match. During this study the theoretical and practical outcome did not match due to faulty use of the protocol. The faulty use of the protocol prevented the equipment from differentiating authentic and inauthentic parties which made the equipment susceptible. However, the case study only represents a sample of the technology being used and the faulty use is caused by one manufacturer. Thus the protocol can not be deemed unsafe solely based on the outcome of the case study

LI-FI Share (LFS): See What Light Can Do

This project presents an innovative way how the user of internet can manipulate data transfer in a faster and security way. The main idea is to use “LI-FI ” that means type of Optical Wireless Communication (OWC) technology, bi-directional which uses light emitting diodes (LEDs) to transmit data between devices. In technical terms LI-FI transmits data by electromagnetic spectrum, high speeds of data over the visible light, ultraviolet, and infrared, and Wi-fi for example uses radio waves as a transmitter of data. While we were researching about the technology, we found out a new thing that we could use the light of the mobile phone to transmit data between two devices through the light and camera sensors that act as a receiver of data. This innovation about LI-FI was discovery over 20 years ago, perhaps only a few years are being explored even more as we can see the Internet of Things growing exponentially. The purpose of the study was to explore and learn about a new technology that has never been studied deeply by us and to investigate a better way to transfer data, in a world that everything is growing faster around the technology field. We have developed and accomplished a project that will encourage next students’ study and build new things surround the new technologies. The main function of our project “LI-FI share” is to transfer data through the light to the other mobile phone, this functionally after a lot of troubleshooting made by the Alpha Group, we could make that happened only because we worked together. After all analysis, researches and feedbacks from the faculty supervisor we realize that it was essential that we all work together to complete this project and we did it

Establishing a Need for a Protocol for the Interoperability of Heterogeneous IoT Home Devices

The Internet of Things (IoT) refers to the field of connecting devices consumers use every day to the internet. As the world relies on more and more internet-driven technological devices to control functions within the home, issues with compatibility of those devices are surfacing. This research was created to establish the need for standardization of IoT devices within the home

Securing Internet-of-Things Devices

Smart home devices, also known as the Internet of Things (IoT) devices, are utilized more and more each day. As these devices grow in popularity, users connect to personal and private networks with devices that were unheard of ten years ago. The problem examined in this study is the security posture of IoT devices. Attackers are finding it relatively easy to access data on personal IoT devices. As the researcher, I examined the vulnerability of various types of IoT devices. IoT has allowed the public to take devices with them, creating a larger footprint, opening multiple attack vectors to exploit the data we produce daily. Ideally, these devices should be secure out of the box, so that users can trust the devices they have connected. Smart home technologies allow both autonomous and managed connections to a variety of network-connected devices. Using the penetration-testing framework known as the Information Systems Security Assessment Framework, the vulnerabilities present on these devices were examined. Kali Linux provided the best platform when trying to breach the IoT devices. Utilizing Kali Linux, I was able to breach more devices than using ParrotOS or Commando VM. Of the different types of IoT devices examined in this study, Kasa was the most susceptible to a breach. I was able to determine the IP address and hostnames of all 15 devices. On 47% (7 of 15) of the IoT devices, I was able to obtain the location of the rooms these devices were in. On 80% (12 of 15) of the IoT devices, I was able to render them useless with a DoS attack. This study will contribute to the overall body of knowledge specific to the security and vulnerability of IoT devices and provide information for users who are likely to utilize them

Smart object-oriented access control: Distributed access control for the Internet of Things

Ensuring that data and devices are secure is of critical importance to information technology. While access control has held a key role in traditional computer security, its role in the evolving Internet of Things is less clear. In particular, the access control literature has suggested that new challenges, such as multi-user controls, fine-grained controls, and dynamic controls, prompt a foundational re-thinking of access control. We analyse these challenges, finding instead that the main foundational challenge posed by the Internet of Things involves decentralization: accurately describing access control in Internet of Things environments (e.g., the Smart Home) requires a new model of multiple, independent access control systems. To address this challenge, we propose a meta-model (i.e., a model of models): Smart Object-Oriented Access Control (SOOAC). This model is an extension of the XACML framework, built from principles relating to modularity adapted from object-oriented programming and design. SOOAC draws attention to a new class of problem involving the resolution of policy conflicts that emerge from the interaction of smart devices in the home. Contrary to traditional (local) policy conflicts, these global policy conflicts emerge when contradictory policies exist across multiple access control systems. We give a running example of a global policy conflict involving transitive access. To automatically avoid global policy conflicts before they arise, we extend SOOAC with a recursive algorithm through which devices communicate access requests before allowing or denying access themselves. This algorithm ensures that both individual devices and the collective smart home are secure. We implement SOOAC within a prototype smart home and assess its validity in terms of effectiveness and efficiency. Our analysis shows that SOOAC is successful at avoiding policy conflicts before they emerge, in real time. Finally, we explore improvements that can be made to SOOAC and suggest directions for future work

Clouds of Things. Data protection and consumer law at the intersection of cloud computing and the Internet of Things in the United Kingdom

The article critically analyses the Internet of Things (IoT) and its intersection with cloud computing, the so-called Clouds of Things (CoT). ‘Things’ are understood as any physical entity capable of connectivity that has a direct interface to the physical world (i.e. a sensing and/or actuating capability). From another perspective (especially product liability), Things can be seen as an inextricable mixture of hardware, software, and services. Alongside a clarification of the essentials, the six factors of the CoT complexity are described and light is shed on the regulatory options (regulation, co-regulation, self-regulation, holistic approach, fragmentation). Focussing on the British legal systems, the article reports on the state of the art of CoT deployment in the United Kingdom and deals with some of the main technical and legal issues emerging from CoT. Particularly, the core will be data protection, privacy, and consumer law. Indeed, these themes are considered the most relevant by the regulators. By mastering the relevant legal issues and following the example of the United Kingdom, the Republic of Korea will be able to unleash its extraordinary potential as to the IoT, thus retaining its position as the smartest country in the world

Security issues and defences for Internet of Things

The Internet of Things (IoT) aims at linking billions of devices using the internet and other heterogeneous networks to share information. However, the issues of security in IoT environments are more challenging than with ordinary Internet. A vast number of devices are exposed to the attackers, and some of those devices contain sensitive personal and confidential data. For example, the sensitive flows of data such as autonomous vehicles, patient life support devices, traffic data in smart cities are extremely concerned by researchers from the security field. The IoT architecture needs to handle security and privacy requirements such as provision of authentication, access control, privacy and confidentiality. This thesis presents the architecture of IoT and its security issues. Additionally, we introduce the concept of blockchain technology, and the role of blockchain in different security aspects of IoT is discussed through a literature review. In case study of Mirai, we explain how snort and iptables based approach can be used to prevent IoT botnet from finding IoT devices by port scanning