Deployment of IoT based smart environment : key issues and challenges

The Internet of Things (IoT) is viewed as a dynamic technological revolution representing future communications and computing in several areas. It introduces physical objects in the sphere of cyber world. IoT is not about a single technology but various complementary technological developments which provides ways to bridge the gap between the real world and the virtual world. A number of wireless sensor technologies are implemented in IoT viz. RFID, ZigBee, actuators, WiFi and wireless sensor networks (WSNs). This paper presents various key technologies involved in IoT and its detailed architecture. IoT architecture explains function of each layer with respect to the technologies and the devices that surround each layer. Each layer has its specific security issues. This paper presents various security threats related to each IoT layer and the specific security requirements. Information security, data protection, and user's privacy are among important key areas in IoT. This paper in the nutshell presents new challenges posed by IoT so that further work can be undertaken in creating a robust, efficient and smart environment for IoT based applications.


Introduction
In the present digital world IoT is considered as a buzzword which is coined from two words, "Internet" and "Things". In early 1980's, a Coke machine at Melon University was the first Internet appliance that was connected to the Internet by the programmers. In 1999, Kevin Auston gave the term "Internet of Things" and IoT concept first time became very popular. Now-a-days the wireless technologies are playing a vital role in our lives. Various tagging technologies including NFC, RFID, and 2D barcode are used to identify physical objects over the internet. These wireless tagging technologies are the key technologies in IoT. 2D barcodes have less complexity and lower development cost due to which 2D barcodes turn out to be a primary tool to create a linkage between different physical objects and their virtual representation. Spreading unwanted and unidentified data over the Internet is known as Spamming. Authors in [1] discussed different ways of spamming the IoT and proposed a possible solution to prevent from spamming. They proposed that IoT spamming can be addressed using digital signatures. Web spammers using 2D barcode technology can flood the physical side of IoT. They can get unsolicited content over the Internet either to change the contents or for misusing the information. Using digital signatures (ECDSA) can help to overcome the spamming of IoT [1]. Moving from static web pages to dynamic social networking web, there is an increase in the on-demand data generated through queries. Paper [2] presents a cloud-centric vision for IoT implementation. Authors in this paper proposed a cloud-centric implementation using interface between public and private Clouds. The proposed implementation used Aneka and concludes that WSN, Internet and distributed computing should be converged. Various technologies are taking part in the IoT to make it successful. Wireless Area Network (WAN) or WLAN made it possible to execute operations for a long duration without any human intervention. With the advancement of this new technology that improves social efficiency have side effects also in the form of information security and privacy [3]. Smart health is an area of IoT which requires continuous finegrained information from sensors attached to patients. In such applications, a human body is providing a rich source of information like location, time, behavior, personal habits, and preferences of individuals. This information is then using cloud services thus making privacy critical aspect of IoT. Along with the data acquisition and data management, easy to use tools should be provided to users for better privacy [4]. Data protection and user's privacy are two important key areas in IOT. Authors in [5], considers IoT security issues to the national level because of wide application areas of IoT including smart government, smart city, intellectual property and other social services. IoT includes everything to communicate over sensor network anywhere. This inclusion of everything increases the storage demand and network load exponentially. Technology development and new applications of business development affect IoT positively. An IoT architecture is proposed by authors in [6] which addresses scalability, reliability and interoperability. Proposed architecture includes five layers, the fifth extra layer is business layer along with the four common layers: Perception layer, Network layer, Support layer and application layer. Unique identification and virtual representation of objects are offered in IoT. Authors in [7] proposed a futuristic architecture by integrating security and privacy. Authors proposed to make use of human inputs without their participation. A similar study in [8] presents a IoT architecture for industrial environments and smart building. Proposed architecture is based on OPC.NET specifications. In this paper, various security issues related to IoT architecture and their effect on different layers are presented.
Rest of the paper is organized as: Section 2 covers various key technologies involved in IoT environment. In section 3, architecture of IoT is presented and various threats to each IoT layer are summarized along with their possible solutions. Section 4 concludes our findings.

IoT key technologies
RFID, Bluetooth, WiFi, ZigBee, Nanotechnology, Tagging technologies like NFC (Near Filed Communication), Actuators and Wireless Sensor Networks (WSN) are among the key technologies of IoT. Among them, RFID is the foundation and networking core of IoT [4]. In this section, the technologies involved in the smart environment are presented. These are:

Radio frequency identification (RFID)
RFID is a reliable, efficient, secure and cost-effective wireless system that uses radio waves so that a serial number as an identity of an object is transmitted. RFID in IoT based applications play an important role. RFID Tags are of two types; first is active RFID Tags that get power from batteries and the second type of RFID Tags do not use the onboard power supply and these are known as passive RFID Tags [9].

Internet protocol (IP)
Internet Protocol (IP) was devolved in the 1970s and is now used as a primary network protocol. It is a numerical label, assigned to the networking devices which uses Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Two versions of IP are available and these are: IPv4 and IPv6. Each of these versions defines different IP addresses.

Electronic product code (EPC)
The EPC is designed as a universal identifier that provides a unique identity for every physical object anywhere in the world, for all time. It is a 64/ 98-bit code that is electronically recorded on RFID tag. It was Auto-ID centre that developed EPC in the year 1999. EPC can store different information like EPC type, unique serial number of the product, manufacturer, and specifications of EPC [4].

Barcode
Barcode uses a varying width of bars and spaces to encode numbers and letters. These Barcodes are attached to items that have item information and are in optical machine-readable form. Numeric, Alpha Numeric and 2 Dimensional barcodes are three different types of Barcodes. Cameras and Laser-scanners are two devices that are used by these barcodes.

Wireless fidelity (Wi-Fi)
Wi-Fi is a wireless technology that allows communication among computers and other devices over a network. Wi-Fi integrates into a number of daily usable devices including handhelds and consumer Electronic devices boost the Wi-Fi adoption to an extent that it is nearly a default in these devices.

Bluetooth
Bluetooth is a short-range, inexpensive radio technology that eliminated the need for connection based connectivity. This wireless technology allows communication among devices within an effective range of 10 to 100 meters.

ZigBee
ZigBee Alliance in 2001 created a ZigBee protocol for enhancing wireless sensor network features. This protocol offers low cost, low power, reliable short transmission range, around 100 meters. It offers a bandwidth of around 250kbps. This protocol is based on the IEEE 802.15.4 standard [10].

Near field communication (NFC)
Near-field communication (NFC) is a set of communication protocols that enable two electronic devices, one of which is usually a portable device such as a smartphone. NFC devices are used in contactless payment systems, similar to those used in credit cards and electronic ticket smartcards and allow mobile payment to replace/supplement these systems. NFC offers a short-range wireless communication at 13.56 MHz, usually within a distance of 4 cm. Its main advantage is that it works even in a dirty environment without requiring line of sight. It makes transactions, connection and digital exchange simpler and easier.

Actuators
An actuator is a component of a machine that is responsible for moving and controlling a mechanism or system, for example by opening a valve. In simple terms, it is a "mover". Actuators convert energy into motion using electric current, hydraulic fluid or some other power source. It can create different motions including linear motion, oscillatory motion or rotary motion. An actuator is the mechanism by which a control system acts upon an environment.

Wireless sensor networks (WSN)
WSN is an important IoT element in which there are a number of independent devices spatially distributed over a network. Sensors are used by the devices in IoT environment that monitors the different conditions like temperature, pressure on the object, the motion of an object, vibrations, etc. These Sensors are inserted on or to IoT objects in order to capture information about that object like sensors attached to chairs monitor pressure and respond accordingly [4]. Objects in IoT use different technologies in a different environment so as to build a smart environment. This results in a complicated dynamic system and requires a platform-independent WSN infrastructure. This large-scale sensor network must be capable of data management, information processing, and data analysis.

IoT architecture
IoT concept relies on a layered architecture. In IoT architecture, there are four layers and these are: Perception layer, Network layer, Session layer and Application layer. Each layer is defining its functionality which is different from other layers. Participating devices, diverse technologies, and services it provides defines each layer. Threats to each layer of IoT architecture are directly affecting the functionality of that layer. Authors in [11] reveal that in vital societal services, regardless of an overall optimistic view on IoT, security risks are neglected. Fig. 1 shows the architecture of IoT and it depicts how the four layers are using the different devices in IoT network for communication.

Perception layer
Perception layer is also known as Sensors layer which receives data from the environment through sensors. Sensors and RFID readers are used in perception layer and these have limited memory, low power, and limited computational ability that make it less secure. Sensors attached to devices capture the information from these participating devices. GPS is also used in this layer for location tracing for spatial applications over a network. In local and short-range communication, IoT node combination is done by the Perception layer. It observes, collects, processes and transmits data to the network layer. Threats in this layer majorly focus on data collection activities through sensors.

Threats to Perception Layer
There are various security risks related to perception layer. RFIDs, sensors and intelligent embedded technologies are vulnerable to several attacks in perception layer. Few security flaws and their possible risk mitigation solutions are mentioned here:

Secrecy and authentication
Outsider attacks like eavesdropping, replay attack, spoofing, and packet modification are some security risks on authentication and secrecy of the sensor network. Protection Good, efficient, robust and reliable cryptographic solutions can minimize these types of attacks.

Network availability
Attacks that effect the availability of the sensor network are generally referred as Denial of Services (DoS) attacks. As the sensor networks are divided into layers, so all the sensor network layers are vulnerable to this kind of DoS attack. A similar study of [12] gives Path-based DoS attack (PDoS) in which system availability is reduced and nodes batteries are exhausted.

Service integrity
In these types of attacks, an attacker makes the network to accept incorrect data values. Protection Cryptographic solutions minimize the attackers affect by not allowing them to decrypt the data.

Jamming
It is a DoS type attack in which the air-interface is affected by paralyzing the communication operations concerning reader and tag. Signal/ Radio jamming is such type of attack in which communication channel between nodes is occupied to obstruct their communication.

Protection
Early detection of jamming devices is a possible solution to avoid such attacks [9].

Eavesdropping
An attacker in this attack just monitors the communication among tag and the reader secretly to obtain the information. It's the wireless characteristics of RFID that an attacker sniffs out secret information like password and other confidential data. The tag data is mostly in plaintext form that makes this type of attack to occur [9]. Protection Encrypting the data or limiting the distance between tag and reader is a possible solution for such attacks [9]. A similar study in [13] proposed an efficient random key agreement method which offers protection against eavesdropping attack in NFC.

Replay attack
Attacker interrupts communication between tag and reader and a duplicated tag is used in order to match the authentication sequences. This type of attack affects RFID tags and air-interface. Protection

GPS Gateway Sensors
Data Encryption and tag authentication can minimize this attack [14]. A VLFSR function for lightweight encryption security which provides resistance against various attacks on RFID is proposed in [15]

Man-in-the-middle (MITM) attack
MITM attacks are also known as Relay attacks which are occurred during data transmission. Kfir and Wool give names to two communicating devices; these names are Leech and Ghost. A device placed close to the target RFID is named as Leech and the device placed closed to target reader is named as Ghost. Communication between these two devices i.e. Leech and Ghost creates an illusion of the connection that exists physically between the RFID device and the target reader.

Protection
Possible risk mitigation for such type of attack is using shielding, or short range tags or through the use of distance bounding protocols [16].

Blocking
When an attacker uses a blocker-tag so as to stimulate the presence of several tags and as a result, it causes Denial of Service (DoS). This happens because the reader is trying to inspect those non-existing tags. Air interface is affected by the blocking.

Protection
Detection of blocking devices early can minimize the effect of blocking [16].

Tag cloning
A duplicate tag is created by the attacker through illegitimate access which is based on the actual tag. It affects air-interface and RFID tags which results in the financial problems in applications.

Protection
To minimize this kind of attack, Tag authentication can be used. According to authors in [17], "Synchronized Secrets Method" by detecting cloning attacks provides a protection method for tag cloning. This method pinpoints the different tags which are having an identical ID.

Spoofing
In this attack, attackers broadcast a fake message to the sensor network by falsifying its originality and appearing as an original source. As a result, an attacker can obtain full access to the system [18].

Device tampering
Device Tempering is also known as Node-Capturing. In this attack, attacker replaces the sensor node by their malicious node as a result attaining total control over captured node [18].

Node outage
This attack blocks the functionality of network components like reading, collection, and initialization operations. It can be applied either logically or physically to the sensor network [19].

Information leakage
This attack is a passive leakage in which due to some accidental behavior a person gets an access to sensitive data to which no authorization is granted. Protection Authors in [17] proposed RFID-Tate, a lightweight protection method for protecting identity and Identity based Encryption (IBE) method for authentication. A similar approach of authors in [20] provides a conditional protection for privacy with less overhead.

Network layer
Data routing and communication among IoT hubs and other internet devices are the major tasks of the network layer. This layer is a central nervous system in IoT which is responsible for initial data processing and information broadcasting. This IoT layer uses modern wireless technologies like WiFi, Bluetooth, Zigbee, 3G, LTE etc. to run routing devices, gateways and switching. It is the network gateways that serve as the mediator between different IoT nodes. This is carried out by combining, filtering and communicating data between sensors in the network.

Threats to Network Layer
This layer deals with such attacks that can harm the availability of the network for communication among IoT devices. Related threats to network layer are listed below:

Selective forwarding
In such attacks, an attacker rather than forwarding all messages, selectively does not forward some messages and drop them. The malicious node forwards the remaining traffic to reveal its wrongdoing. A similar type of attack is given by authors in [21] which is called Neglect and Greed, where the subverted node skips routing some of the messages randomly.

Sybil attack
When an attacker is at more than one place at a time, as a single malicious node then it is called Sybil attack. In it, a malicious device is illegitimately holding several identities in the network. Such type of attacks affects the fault tolerant schemes [22].

Protection
Each node instances and spatial position of nodes can be observed by using Distributed Hash Tables [17].

Sinkhole / blackhole attack
Sinkhole or Blackhole attack is described by strong resource contention among nodes which are neighbors of the malicious node for limited channel access and limited bandwidth. As a result, there is congestion in the network and energy consumption of the nodes is increased. When there is a sinkhole attack in sensor network then the network is also vulnerable to some other DoS attacks [23].

Wormhole
It is a kind of DoS attack in which Data bits in the network are relocated from its original position over a low-latency link [24]. Protection A method to protect the authentication is proposed by the authors in [17], the proposed approach is "Markle tree authentication" method.

Man-in-the-middle (MITM) attack
In this MITM attack, communication between two parties is monitored and controlled by some unauthorized party hideously. This is accomplished by attaining the fake identity of the victim and then communicating to gain further information. It is also termed as a kind of eavesdropping attack [25].

Hello-flood attack
Introducing high traffic in the sensor network by congesting the channel with huge useless messages is known as Hello-Flood attack. In this attack, it is a malicious node that sends the useless message which is replied by the attacker thus, resulting in high traffic [26].

Acknowledgement flooding
Sensor-based systems frequently require routing algorithm to send acknowledgments. These acknowledgments are then used by a malicious node to send false information to destined neighboring nodes. It is a kind of Denial of Service attack [26].

Support layer
This layer is responsible for information collection, intelligent data processing and identifying the physical world. In mass data processing, handling malicious information smartly is very limited.
According to the authors in [11], recognition of malicious information intelligently is not an easy task, it is a challenging job. Support layer is responsible for data storage activities, accessing cloud services for effective utilization of technologies over network and analysis of data to provide precise information.

Threats to Support Layer
Data storage technologies are mainly targeted by attackers in the support layer. Some most common attacks of this IoT application layer are discussed below:

Data tampering
This attack occurs when an inside person tampers the data either for self-benefits or for profit-making for some third-party.

Protection
Insider can easily make changes to the data so providing authentication to data is necessary to prevent from such attacks [27].

Unauthorized access
Attacker creeps into the system and may harm the sensitive data of the system. Attacks like, preventing access to related IoT services is one such type of attack.

Protection
Proper security mechanism should be provided to prevent the system from such attacks [28].

DoS attack
In this layer of IoT architecture, DoS attacks like system shut down that can harm the system or results in the unavailability of the system are possible effects of such attacks [27].

Application layer
This layer is responsible for providing services to all industries including Smart e-health, Smart transport, smart government, smart city etc. In application layer, the security requirement differs from application to application. One important characteristic of this layer is data sharing and this creates a problem for data privacy, authentication, integrity, confidentiality, access control, and information disclosure which are the security requirements of this layer [29]. In this layer of IoT architecture, the creation of a smart environment for applications is executed.

Threats to Application Layer
The application layer includes the tailored services that are as per user's interest and IoT applications. The responsibility of this layer is to provide the user interface to IoT devices [30]. Threats in this layer focus on the services provided by this layer, major threats applicable to this layer are mentioned below:

Sniffer/ logger
Sniffer/ Logger programs are introduced into the system by attackers to steal important information from the network traffic. An attacker may steal passwords, E-mail files, E-mail texts and other important information.

Injection
In this attack, a code is inserted into the application which is running on the server by an attacker. This results in data corruption or loss of data [31].

Session hijacking
Personal identities are revealed through this type of attack. This could be done by exploiting security flaws mainly in session management and authentication [31].

Distributed denial-of-service (DDoS)
DDoS is executed simultaneously by more than one attacker thereby leading to some Denial of Services in the network [25].

Social engineering
In this attack, information is retrieved via chats or by other social means by the attackers.

Protection
To minimize effects of such attacks, access to sensitive data should be provided to only authorized people. Policies for appropriate access management should be clearly defined along with assigning a physical identity.

Threats analysis
In IoT architecture, all the four layers are providing different functionalities and services with respect to the devices working for these layers. Each layer has different security threats particular to that layer requiring specific security solutions to be implemented. Authentication, authorization, integrity, confidentiality, data protection in sensor devices are some widely addressed security requirements in IoT environment. Table 1 presents devices and services related to different IoT layers, various security threats to these layers and their respective security requirements.
If the above mentioned security requirements are not treated wisely in the smart environment, then these may result in security threats to the sensor networks. Authors in [32] presented a security architecture in which user's privacy is considered as a primary issue in the application layer and they considered security of information processing as an important aspect in support layer. Network layer is responsible for information communication in sensor networks, so security to information system is addressed by the network layer. Perception layer takes cares of security issues related to information collection. Table 2 presents the description of various security risks which are also considered as security requirements in smart environment of IoT. Analysis of security requirements in IoT provides a step forward in providing secure IoT environment. To deal with several problems resulting from threats in smart environment of IoT, this section presents direction and scope for future research. Integrity, authentication, confidentiality and digital signatures are major requirements in security. One of the most obvious and promising type of security solution is by providing efficient and good cryptographic algorithms which aims to fulfill major security requirements. This paper is an attempt towards finding good security solutions by understanding various threats and security requirements in IoT enabled smart environment. Further, this paper also inspires researchers to work more on IoT security that might try to take a challenge that small memory and limited arithmetic operations are available in IoT.

Identity Authentication
Validating distinctive devices or users with authentication, authorization, accounting and provisioning ahead of allowing system usage to them is considered as an identity authentication [35].
Security Education AS IoT includes national security, business secrets and individuals private information. So there is an urgent need to promote policies and regulations for IoT security which are neglected in present scenario [29]. Lightweight Cryptography Being constrained with a number of new factors, there a need to develop and implement lightweight ciphers and ultralightweight ciphers for wireless sensor networks in IoT.

Sensor Data Protection
Only information providers should be allowed to infer the customer information [32].

Secure Storage
Sensitive information in the system must be stored with confidentiality and integrity [35].

Identity Authorization
Identifying objects in the sensor networks by associating user rights and restrictions is considered as an identity authorization [35]. Secure Data Communication Confidential communication among peers must be authenticated ensuring data integrity and identity protection of sensor objects [35]. Secure Network Access.
Connection and services would be provided only after the authorization of devices [35]. Secure Cloud Computing Critical IoT applications using cloud services require security and privacy. Providing tags identity and addressing to the objects in IoT provides support for cloud computation in sensor networks [37]. Secure Multiparty Computation Providing privacy-preserving techniques for data mining can be provided by secure multiparty computation [38].

Conclusion
IoT is rapidly finding its path in the modern IT arena. The main aim is to improve the quality of life by providing several smart applications. This paper presents an overview of new enabling technologies contributing to IoT for successful implementation. Further, some issues and challenges pertaining to the deployment of IoT architecture have been presented. In IoT architecture, functionality of each layer is explained with respect to the devices working on it and services it provides. There are security issues related to each layer and these issues should be dealt with by providing some proper security mechanism. Risk classification provides an opportunity to direct the research work in proper direction. Layers most vulnerable to threats can be provided more attention. This paper presents various security threats related to each of the IoT layer and security requirements as imposed by these layers. Feasible ways to provide solutions to these security requirements are also presented in this paper. This paper provides insights into new challenges that a smart environment is facing with the deployment of IoT.