A project report submitted in partial fulfilment of the

Degree of MSc [Masters Project]

Abstract

The Internet of Things is the future of technology; and so, it has grabbed the attention of everyone related to the technological field. This topic is getting the attention, not just because of advantages it possesses but also because of the level of difficulty in implementing it. One of the most crucial implementations in IoT turns out to be its security. Hence, this thesis focuses on the security issues of IoT. Moreover, it suggests gateway as a technology to eradicate or overcome this security. The thesis begins with a clear introduction of IoT’s communication model and its issues. Further, the research context explains the objectives of the study along with the research questions. In order to identify the solution for these question the adopted methodology is a literature review and quantitative analysis. Through the literature review, the study briefs the necessity for IoT gateways, its implementation types, its architecture, and its layers. Further, the literature review focuses on the security measures to overcome these security issues. As the research question also focuses on the organizational barriers to securely maintain the information in IoT systems, the literature review also briefs on the organizational barriers and their solutions. On the whole, the study also suggests the policies that can help an organization to maintain the IoT network securely. These policies further describe the need for network, operational, and security management. The suggested policies further gain supported with standard policies such as ISO. The ISO policies related to the IoT security issues clearly describe the ways to eliminate the issues.

Acknowledgement

I have gathered a great knowledge and experience by conducting this research. Conduction of the research has helped me to improve my knowledge regarding IoT security issues and gateway based security measures for mitigating the issues. I have gained great help from my supervisors while conducting this research and therefore, I would like to thank my supervisor for guiding me throughout the research. I would also like to thank the participants of data collection process as without their participation I might not be able to complete this research with best outcome.

Table of Contents

List of tabl

Figure 1. Device-to-device communication model 20

Figure 2: Device-to-cloud communication model 21

Figure 3: Device-to-gateway communication model 22

Figure 4: Back-end data-sharing communication model 23

Figure 5: Using PAN technology to connect to IoT via a gateway 25

Figure 6: Nodes directly connect to the Internet 26

Figure 7: Nodes indirectly connect to the Internet using PAN through 6LoWPAN 27

Figure 8: Semantic Gateway as a Service 27

Figure 9: Intel IoT Gateway Architecture 29

Figure 12: Time period involved with internet of things 48

Figure 13: Opinion about risk related to IoT 49

Figure 14: Addressing security issues in IoT 50

Figure 15: Security measures for IoT 51

Figure 16: Gateway based security measures for IoT 51

Figure 17: Impact of IoT gateway security policies 52

Figure 18: Security policies for IoT 53

Figure 20: Best technique for securing IoT 54

Figure 21: Cryptosystem in IoT 55

Figure 22: Access control for IoT 56

Chapter 1: Introduction

1.1 Background of the study

One of the most important topics in the policy, technology and engineering fields is the Internet of Things (IoT). It has taken over the headlines in popular media and press. It encompasses a broad spectrum of network systems, sensors, and products. These elements productively offer new potential through the extensive use of the advancements of electronic miniaturizations, computing power, and network interconnections that were not possible previously. There are various reports, news articles, journals, and conferences that keenly discuss on the revolution that IoT could bring to the society and life of humans. It would provide new opportunities in the market and business models that focus on privacy, device interoperability. (Rose, Eldridge and Chapin, 2015).

Many aspects of our life could improve if IoT devices get implemented on a large scale. The consumers could experience higher security and energy efficiency with the emergence of Internet-enabled appliances such as components and devices for energy management and home automation. Moreover, other devices such as health monitoring devices, wearable fitness, and medical devices enabled through networking will help to transform the way of delivering healthcare services. Apart from health applications, the implementation of IoT would help in fulfilling the vision of “smart cities” with vehicles interconnected, intelligent systems to control traffic, and roads and bridges installed with sensors. However, implementation of IoT is not as simple as it looks. There are several issues and challenges that impede the task and needs to be addressed to realize the potential benefits of IoT (Rose, Eldridge and Chapin, 2015).

Several organizations have predicted the potential impact of IoT on the economy and the Internet. For example, Cisco believes that by 2019 the count of interconnected devices could reach up to 24 billion. On the other hand, Morgan Stanley believes that by 2020 the count of IoT objects would reach 75 billion. Additionally, Huawei raises the bar with a prediction of 100 billion by the end of 2025. McKinsey Global Institute analyzed IoT’s impact on world economy and identified a worth of $3.4 to $11.1 trillion by 2025 (Rose, Eldridge and Chapin, 2015). With varied projection, on the whole, they all point towards global growth.

IoT also has some protestors who believe that it would violate privacy and security or the living being through extensive surveillance. However, the primary focus of the Internet Society is only to grow interactions between people and institutions in their social, personal, and economic lives. The explosion of IoT would change the way users engage and exchange data. It would have a different effect in the various countries and regions, resulting in a global pool of challenges and opportunities (Rose, Eldridge and Chapin, 2015).

Through making connection between several devices to a network and enabling data gathering and analysis, Internet of things is expected contributing to create customer value. Thus, a critical infrastructure affects lives of people and economic activities become an area where IoT is utilized. In this perspective, security measures for IoT system are very important to be considered. Therefore, a shortage of security operations is faced by administrators while using Internet of Things. Present research focuses on identifying gateway based security measures that would be helpful to mitigate security issues in Internet of Things.

 

 

 

 

 

 

 

 

 

 

 

Chapter 2: Research context and question

2.1 Aims of the study

The research aims to finding security issues while using Internet of Things in daily life. In addition, the research is conducted on gateway-base security measures that would be helpful to cover up the communication gap between IoT devices such as sensors, equipment, systems and cloud.

2.2 Objectives of the study

• To find out the security issues faced while using Internet of Things in daily life.
• To identify the gateway-based security measures useful for mitigating security issues in IoT.
• To critically analyze the role of gateway based security measures covering up the communication gap between IoT devices.
• To scrutinize the challenges faced while implementing gateway based security measures in Internet of Things.
• To identify the barriers manufacturing organizations and end users in integrating culture of information security in IoT system.
• To recommend solutions for overcoming the challenges.

Description of research objectives

These research objectives will observe and cover the IoT security vulnerabilities, their causes and effects. The research objectives will also help in better understanding of the research problem. These objectives will also contribute to uncovering the essential and trending aspects of the IoT including the Massive Scaling, IoT Architecture, and Dependencies, Creating Knowledge and Big Data, the robustness of the IoT service, its Openness, Security, Privacy, the involvement of humans in the loop, and much more (Stankovic, 2014).

Based on these research objectives, it becomes convenient to discover the common security challenges that occur on IoT gateways. This research will, therefore, help organizations to take special measure to safeguard and protect their IoT services, the IoT gateways, and devices connected to them. The research objectives will also help the organizations understand the involvement, control, and effects of the human interaction with such a system. These behaviors are observed under different conditions where (i) humans are in direct control of the system, (ii) human are passively involved – the system observes it and take appropriate actions (iii) applications which passively monitors human beings for their physiological parameters, and a combination of (i), (ii), and (iii) (Stankovic, 2014).

Research objectives are also aimed to help evolve the “Internet of Mobile things.” As the intelligent things that work on the network, known as the “Internet of Things” are on the way to be controlled over by mobile devices, organizations today are developing mobile applications for everything they want to do with these devices. These mobile applications are quite easy and quick to develop and are capable enough to carry out basic operations and control the devices that connect to the IoT gateways. Such mobile applications, their flexibility, and widespread use will open new opportunities and a wide space for the attackers to cause harm to the network and the service.

The research objectives will help the organizations and developers of the IoT services observe the key areas to monitor, manage and optimize the flow of data and information that might be critical for the service. Developers and designers will also better understand the optimal data capture, processing, and transmission for the Internet of Things. With a huge amount of data traveling over the network, the research objectives will help the organizations also uncover the better opportunities of the cloud storage and its active involvement in the operations of the Internet of things.

In the end, the research objective will help find the optimal gateway based measures that will add security and enhance the efficiency, productivity, competency, and reliability of the Internet of Things. These will also lead to generation or identification of one or more policy guidelines that will help to develop a better and efficient IoT service. Lastly, the research objectives will propose some recommendations for the implementation of the IoT service.

2.3 Research Questions

R1. What are the security issues and vulnerabilities found in the applications of IoT in digital marketing?

R2. What are the barriers of adopting security in IoT projects used for digital marketing?

Description of research questions

Amid the previous 15 years, the Internet upheaval has reclassified business-to-customer (B2C) ventures, for example, media, retail and budgetary administrations. In the following 10 years, the Internet of Things unrest will significantly modify fabricating, vitality, farming, transportation and other modern areas of the economy which, together, represent about 66% of the worldwide total national output.

It will likewise on a very basic level change how individuals will function through new cooperation amongst people and machines. Named the Industrial Internet (of Things), this most recent flood of mechanical change will bring uncommon open doors, alongside new dangers, to business and society. It will join the worldwide reach of the Internet with another capacity to straightforwardly control the physical world, including the machines, production lines and foundation that characterize the cutting edge scene. Be that as it may, similar to the Internet was in the late 1990s, the Industrial Internet is presently in its beginning times. Numerous essential inquiries remain, including how it will affect existing enterprises, esteem chains, plans of action and workforces, and what activities business and government pioneers need to take now to guarantee long haul achievement. In order to address these and different inquiries confronting business and government pioneers, the World Economic Forum’s IT Governors propelled the Industrial Internet activity at the Annual Meeting 2014 in Davos, Switzerland. Amid the most recent eight months, the task group has built up a directing structure and led a progression of research exercises, incorporating into individual workshops, virtual working gathering sessions, meetings of key idea pioneers, and an overview of trailblazers and early adopters around the globe.

As the Industrial Internet increases more extensive reception, organizations will move from items to result based administrations, where organizations contend on their capacity to convey quantifiable outcomes to clients. Such results may go from ensured machine uptimes on industrial facility floors, to genuine measures of vitality funds in business structures, to ensured edit yields from a particular package of farmland. Conveying such results will require new levels of joint effort over a biological community of business accomplices, uniting players that consolidate their items and administrations to address client issues. Programming stages will develop that will better encourage information catch, collection and trade over the biological system. They will help make, disseminate and adapt new items and administrations at extraordinary speed and scale. The enormous victors will be stage proprietors and accomplices who can bridle the system impact characteristic in these new advanced plans of action to make new sorts of significant worth. For example, Qualcomm Life’s 2net stage underpins an extensive variety of associated gadgets that would all be able to contribute tolerant wellbeing information to enhance doctor’s facility to-home wellbeing and monetary results.

The research additionally demonstrates that the Industrial Internet will drive development in efficiency by displaying new open doors for individuals to update aptitudes and go up against new sorts of occupations that will be made. A larger part of officials we overviewed trust that the developing utilization of “advanced work” as shrewd sensors, savvy collaborators and robots will change the abilities blend and center of tomorrow’s workforce. While bring down talented employments, regardless of whether physical or intellectual, will be progressively supplanted by machines after some time, the Industrial Internet will likewise make new, high gifted occupations that did not exist some time recently, for example, therapeutic robot planners and lattice enhancement engineers. Organizations will likewise utilize Industrial Internet innovations to enlarge specialists, making their employments more secure and more profitable, adaptable and locks in. As these patterns grab hold, and new abilities are required, individuals will progressively depend upon savvy machines for work preparing and aptitudes improvement.

Internet of Things (IoT) was the most built up innovation in 2014. Much of this buildup focuses on customer applications, for example, savvy homes, associated autos and shopper wearables like wristband action trackers. Nonetheless, it is the IoT’s mechanical applications, or the Industrial Internet”, which may at last diminutive person the purchaser side in potential business and financial effects. The Industrial Internet will change numerous enterprises, including assembling, oil and gas, horticulture, mining, transportation and medicinal services. By and large, these record for almost 66% of the world economy.3 As society develops towards a coordinated advanced human workforce, the Industrial Internet will reclassify the new sorts of new occupations to be made, and will reshape the very idea of work. Given the more noteworthy noteworthiness, this report concentrates only on the Industrial Internet. The Industrial Internet is still at a beginning period, like where the Internet was in the late 1990s. Our overview comes about underscore this point: most by far (88%) of respondents say that despite everything they don’t completely comprehend its basic plans of action and long haul suggestions to their ventures. While the advancement of the shopper Internet in the course of recent decades gives some essential lessons, it is indistinct the amount of this learning is material to the Industrial Internet given its special extension and prerequisites. For instance, constant reactions are regularly basic in assembling, vitality, transportation and social insurance. Continuous for the present Internet as a rule implies a couple of moments, while ongoing for modern machines is regularly sub-millisecond. The designing general guideline directs that a 10x change in execution requires a totally new approach, also the 100x change that the Industrial Internet will probably require. Another imperative thought is dependability. The present Internet typifies a “best exertion” approach, which gives satisfactory execution to web based business or human associations. Surprising server glitches at Google or Amazon cause delays in email or spilled video. Be that as it may, the disappointment of the power network, the airport regulation framework or a mechanized production line for a similar time allotment would have considerably more genuine outcomes. This solid inclination towards constant and unwavering quality, which has added to a traditionalist culture among mechanical organizations in grasping change and new advances, together with the high cost and long life expectancy of regular modern items, are largely basic factors in forming how the Industrial Internet will develop.

2.4 Problem Statement

Internet of Things has undoubtedly captured almost every digital device that we are using today. The term at present refers to anything that has an IP address, can send and receive data and is connected to the internet. In other words, it seamlessly combines deep analytical insights, ubiquitous connectivity, and embedded intelligence to accomplish complete tasks in no time (Blanter and Holman, n.d.).

Unlike the computers from the past, with the rapid advancement of science and technology, every device today is capable enough to share information over the network. This technology and its concept came into existence when the fields of wireless technology and microelectronics converged together. Now, this technology is significantly helping the scientists and other research professionals to carry out tasks that were never imagined before (Rose, Eldridge and Chapin, 2015).

The Internet of Things is the term that refers to scenarios where the computing capabilities and network connectivity is through objects, sensors, IP addresses and computers. Technology has made such devices capable of generating, exchanging and consuming data with minimal human intervention. However, there is no single definition of the Internet of Things. With its growing prevalence and adoption in the almost every industry and every aspect of the everyday life, it has raised concerns about the security of data that travels to and fro from these devices. Since these devices can rapidly share data and information that can be highly critical, the security is grabbing maximum attention. (Rose, Eldridge and Chapin, 2015, p.1).

2.5 Rationale of the study

What is the issue?

Internet of things technology has not only come with some benefits, opportunities, and ease, it has also raised a major security concern, especially for the businesses. Major sectors that are much concerned about the security include banking, financial services, business organizations, government security agencies, and more. The quick and insecure use of the IoT can cause different types of security risks such as theft of sensitive or private data, malicious act on data, disruption of business operations, slowing down of the business functionalities, data interruption, change or destruction of the essential IoT infrastructure, and so on (Pal and Purushothaman, 2016).

Why is it an issue?

The technology has made a significant place not only in the industrial context but also, in the homes, workplaces, and educational institutions. The last two decades have experienced a surge in the use of electronic devices such as electric kettles, microwave ovens, washing machines, toasters, refrigerators, and automobiles such as cars and bikes. These now operate on a network that connects dozens of microprocessors together at a single place in a network (Lin and Bergmann, 2016). As one of their essential features, the IoT devices are capable of collecting a huge amount of data, in a small interval of time and process, transmit, and share it. A significant amount of this data can be private and personal, related to finances or some company policies. Thus adequate protection of such information is necessary. This task also needs special measures as now data travels over the network in unprecedented amounts and it becomes more challenging to identify threats to the flowing data (Pal and Purushothaman, 2016). When it comes to communication, not always, it takes place after undergoing some level cryptographic confidentiality, authentication algorithms, and integrity measures as part of the protocol on which the devices are working. Almost all of the IoT applications comes loaded with some basic levels of security features. Also, in some cases, they offer some flexibility to configure for specific application requirements (Pal and Purushothaman, 2016).

Along with all the other security considerations such as debugging the interfaces and generating secure storage of confidential data in hardware, the IoT hardware designers are worried about the side channel attack. In this attack, the critical information gets collected from the physical aspects of the system. This information is then leveraged to break security controls and cause potential harms such as stealing the passwords and encryption keys. These attacks mainly focus on data presentation rather than the information. These attacks are usually made to capture information that is required to get an unauthorized entry into the IoT system, finally leading to damage and data loss (Dhanjani, 2015).

Thus, it becomes important to find out the issues that are responsible for security concerns in Internet of Things.

Why is it an issue now?

The immediate future is undoubtedly going to bring about 26 to 30 billion devices into the everyday life with a market worth of about $9 trillion. This growing number of devices will generate a huge amount of data, need for larger storage capabilities, faster networks, and more bandwidth to support the growing internet traffic. Apart from the mentioned above functionalities, these devices also need strong data protection methods (Pal and Purushothaman, 2016).

Internet of Things is also greatly susceptible to the Denial of Service (DoS) attack. As a large number of data travels over the network, the IoT devices are highly vulnerable to become hostage of DDOS attacks. This denial of service attack works best for the Internet of things as their model involves an enormous amount of data requests from the server (Park, Chen and Choo, 2017).

The recent spread of Internet of Things along with number of interconnected devices is increasingly dramatically. In addition, the connected devices are not limited to the information devices. The devices comprise increasingly distinguish among the list of items that includes life-related to the items like vehicles and medical equipment along with the items that have potentially large impact on the society like power stations and nuclear facilities. Internet of Things includes several network-connected devices (Brindha and Shaji 2015). If the device is infiltrated by malware, it becomes the starting point for spreading infiltration to different devices, which could ultimately threaten the critical infrastructure. Previously security incidents have demonstrated vulnerabilities in communication software of the devices connected to the critical infrastructure like surveillance cameras targeted for enabling unauthorized access from the outside. The devices are used as starting points in order to make critical infrastructure work abnormally. Thus, it becomes a great issue of concern for security while using IoT.

How the research sheds light on?

Rapid development of Internet of Things allows using in several areas. The IoT services of smart homes or offices get leveraged connecting the IoT devices with gateways. In such cases, the attacker manipulates the gateway targeting every device in the network. In this attack, even though the gateway does not manipulate, a connected malicious device can initiate the DoS attack hamper the communication.

Apart from homes and workplaces, even Logistics and Transports are already using RFID tags to track their pallets, shipments, and even individual items through the IoT. These are the smart tags that are capable enough to log and report the state of the transport conditions, for example, tilt, temperature, shock, pressure, humidity, etc. The key driver is cost and orderly communication to hundreds and thousands of tags at the same time (Lin and Bergmann, 2016).

Internet of things deeply influences other industries such as dining, entertainment, hospitality, healthcare, sports and fitness, science, manufacturing, telecommunication, banking, environmental science, education, retail, and more. Thus the security of information is the utmost priority for these sectors (Lin and Bergmann, 2016, p.3).

Such widespread use if the Internet of Things has laid a greater amount of pressure on the manufacturers. Although building an end-to-end security into the IoT design is a lofty work for the designers and developers. They must aim to ensure that the device meets an acceptable level of trust in their products. The major challenge for the manufacturers in developing a strong security subsystem is the integration and aggregation of some technologies. This open exposure to some technical fronts makes the threat map, and the attack surfaces larger for the malicious users (Gilchrist, 2017).

When people use computers, laptops, or smartphones, they have some built-in basic versions of firewalls to protect the data breach. Sometimes they use a 3^rd party software that is readily available to allow or deny some specific types of activities on the network. These options may provide some protection to the data and information that flows in and out of the device. In the case of the Internet of things, having a security subsystem is necessary, the system should be highly competent, difficult to cut through, highly economical, and easy to install. However, the maintenance and consistent updates is still a big challenge for most of the IoT developing companies. Several companies today, therefore, fail to meet the maximum levels of security. The probable reason for this low level of security is the profit margin these manufacturers aim to achieve (Gilchrist, 2017).

To grab the maximum attention in the market and to meet the demands of the people, several organizations miss and skip the security features in these devices. Also, after a device becomes too popular into the market, it creates pressure on the manufacturers to produce the product in large quantities, within budget, with limited resources, and in less time. This pressure then lays less focus on implementing better security measures for such devices. The manufacturers start taking shortcuts to manufacture products that are of low quality and with minimal or no security features. Security the primary thing is then compromised when it comes to mass production of IoT. This compromise is because the buyers do not lay much emphasis and fail to notice the minimal security features (Gilchrist, 2017).

Security is also sometimes compromised by the manufacturers of the IoT devices due to the use of mobile applications. Today, there is a mobile application for all the technological needs of people. Almost every service or product available in the market is being some way or the other operated by a mobile application. This rapid involvement of the mobile platform left many breaches in the security of these internet-powered devices. These mobile apps designed for IoT consists of insufficient security provisions for authentication and authorization. They even lack data transport encryption, a secure mobile interface, and a secure cloud interface making them more vulnerable (Gilchrist, 2017).

 

 

 

Chapter 3: Literature review

3.1 Preface

In the development of IoT applications, security and testing frameworks acts a vital role. This chapter of the research deals with the communication model used in IoT. In addition, the issues and need for IoT gateway are discussed in order to mitigate security issues. The types of implementing IoT gateway, their architectures and layers of the IoT gateway are discussed in this chapter of the research. The chapter also explains security measures, IoT network security and importance of software-defined networking. The use of cryptosystems, access control, proxy service, firewalls and LAN gateway and secure on boarding, firmware updates and limiting interfaces associated with the use of IoT are explained in the chapter of research. It is important to identify the barriers to secure information security in IoT system such as organizational barriers.

3.2 Overview of IoT security issues

Privacy. The IoT will show its full potential only when the privacy choices of the individuals are respected. The nature of IoT gives it a tremendous opportunity to access a large amount of user data. However, the adoption of IoT might get affected due to the privacy concerns, which means it becomes significant to ensure the safety of the privacy rights of the users. The implementation of IoT could change the process of data collection, analysis, usage, and protection. Privacy issues such as increased surveillance, unable to avoid certain data collection and much more bring a concern in the implementation of IoT. Hence, strategists would require the come up with new choices to realize the opportunities lying within and beyond the scope IoT (Rose, Eldridge and Chapin, 2015).

Interoperability. Interoperability between products and services might have always been the point of concern when it came to IoT implementation. It is always not feasible or necessary to achieve full interoperability. However, the IoT devices which face vendor lock-in, a high rate of ownership complexity, and inflexible in integrating with other devices would affect the consumer acceptance (Rose, Eldridge and Chapin, 2015). Apart from poor design, the IoT devices might have negative impacts due to the connected Internet and network resources. Appropriate, generic, open and widely available best practices and standards will provide significant benefits, innovation, and economic opportunity (Rose, Eldridge and Chapin, 2015).

Emerging economies. The emerging and developing economies have an opportunity to exploit IoT to experience social and economic benefits in areas such as managing environment, sustained agriculture, industrialization, and healthcare. However, the developing economies would require addressing various IoT challenges such as infrastructure readiness, technical skill requirements and much more (Rose, Eldridge and Chapin, 2015).

Legal and regulation rights. The concept of IoT has raised many legal and regulatory questions which have an extensive scope. For example, issues such as cross-border data flows, data misuse, civil rights and law enforcing surveillance conflicts, retention of data, security breaches, legal liabilities of unintended uses, or lapse of privacy (Rose, Eldridge and Chapin, 2015). However, to enable the user’s rights through the laws and regulations of IoT, several architectures and principles have started evolving (Rose, Eldridge and Chapin, 2015).

3.3 Communication models in Internet of Things

Regarding technical communication, it is beneficial to learn about the connection and communication between IoT devices. The IAB in 2015 released an architectural model to guide the networking of smart objects. It outlines four common communication frameworks: device-to-device, device-to-cloud, device-to-gateway, and back-end data-sharing model (Rose, Eldridge and Chapin, 2015).

3.3.1 Device-to-device communication:

In this communication model, the connection and communication of multiple devices take place over IP and many other types of networks. However, the connection among devices in this model often makes use of protocols such as ZigBee, Bluetooth, or Z-wave (Rose, Eldridge and Chapin, 2015).

 

 

 

 

Figure 1. Device-to-device communication model

(Rose, Eldridge and Chapin, 2015).

In this model, the devices adhere to a particular protocol for communication and information exchange. It mostly finds implementation in applications where devices require low data rate and communicate through small data packages. For example, the devices in a home automation system such as bulbs, thermostats, door locks, and light switches make use of small amount of information to communicate (Rose, Eldridge and Chapin, 2015).

The device-to-device model has a lot of interoperability challenges. According to an article of IETF journal “these devices often have a direct relationship, they usually have built-in security and trust [mechanisms], but they also use device-specific data models that require redundant development efforts [by device manufacturers].” In such cases, manufacturers of various devices will have to implement data formats that are specific to the device, resulting in a lot of investment in development efforts (Rose, Eldridge and Chapin, 2015).

From an end-user perspective, this model would require the users to selects devices which are compatible with other devices. For example, the devices using ZigBee might not be compatible with Z-wave devices. Such restrictions result in the limited choice of device selection for the users (Rose, Eldridge and Chapin, 2015).

3.3.2 Device-to-cloud communication:

In this model, the device in the IoT network connects to the Internet cloud. Here, the devices exchange data and control message traffic just like an application service provider. The existence of communications mechanisms such as Wi-Fi connections or wired Ethernets provides a lot of advantage to this model to connect the devices and IP network (Rose, Eldridge and Chapin, 2015).

Figure 2: Device-to-cloud communication model

(Rose, Eldridge and Chapin, 2015).

Some of the sought-after consumer IoT devices such as Samsung SmartTV and Nest Labs Learning thermostat make use of the device-to-cloud model. In Samsung’s SmartTV, the user information gets transmitted to the company through the internet which is later used for analysis and enabling the TV’s voice recognition feature. Similarly, in the thermostat, the data is transmitted to cloud database where the home energy consumption data gets analyzed (Rose, Eldridge and Chapin, 2015).

Similar to device-to-device communication model, even this model faces interoperability challenges. Here, the issue arises when the integrating devices from different manufacturers. In most of the cases, the vendor of the cloud service and the device are same, which gives no option for the consumers to switch to alternate service providers. Such case is commonly known as “vendor lock-in” (Rose, Eldridge and Chapin, 2015).

3.3.3 Device-to-gateway communication:

This communication model is also known as device-to-application-layer gateway (AGL) model. The devices in this model connect to the cloud service through the AGL service i.e. the application software that operates on a local gateway device performs the task of a mediator between the cloud service and the device. Moreover, it provides various additional functionality such as security, protocol translation and much more (Rose, Eldridge and Chapin, 2015).

Figure 3: Device-to-gateway communication model

(Rose, Eldridge and Chapin, 2015).

This model has taken several forms in the consumer devices. However, in most of the cases, an application running on a smartphone communicates with the device and acts as a local gateway. Fitness trackers and other consumer items employ this kind of model. These devices rely on smartphones as they are incapable of connecting to the cloud service directly. Here, the role of smartphones is to act as an intermediate gateway. This model is helping to address the interoperability issues faced in the above two models (Rose, Eldridge and Chapin, 2015).

An article in IETF Journal provides more detail about the model from a technical perspective: “This [communication model] gets implemented in situations where the smart objects require interoperability with non-IP [Internet protocol] devices. Sometimes this approach is taken for integrating IPv6-only devices, which means a gateway is necessary for legacy IPv4-only devices and services” (Rose, Eldridge and Chapin, 2015).

Similarly, IAB in one of its documents suggests an outlook for device-to-gateway communication model: “It is expected that in the future, more generic gateways will be deployed to lower cost and infrastructure complexity for end consumers, enterprises, and industrial environments. Such generic gateways are more likely to exist if IoT device designs make use of generic Internet protocols and not require application-layer gateways that translate one application-layer protocol to another one. The use of application-layer gateways will, in general, lead to a more fragile deployment, as has been observed in the past…”(Rose, Eldridge and Chapin, 2015).

3.3.4 Back-end data-sharing communication:

This model is a communication architecture where users have the ability to export and analyze the data of the smart device. The exported data could either be from the cloud or any other source. Acting as an extension to single device-to-cloud model, allowing the users to upload data to various third parties rather than just the vendor service. This model attempts to achieve interoperability among back-end systems (Rose, Eldridge and Chapin, 2015).

 

Figure 4: Back-end data-sharing communication model

(Rose, Eldridge and Chapin, 2015).

3.4 Requirement for IOT Gateway

IoT is experiencing a lot of innovations day-by-day, especially in the industrial application due to centralized management, automation, and system reliability of end equipment. However, most of these innovations are also applicable to various types of embedded systems which include security devices, wearables, commercial and residential HVAC, medical monitors and many other rapidly evolving consumer applications (Folkens, 2014).

The engineers are facing the challenge of “connectivity” in the process of Internet of Things (IoT) design. They do not have enough experience, and it falls out of the range to implement a secure and robust access to the Wide Area Network (WAN) or the Internet. Moreover, the process of designing Internet of Things (IoT) becomes more tedious for the engineers when the scope of multiple device access adds up to the list. Such kind of implementation is beyond the processing capabilities of the engineers (Folkens, 2014). Hence, engineers need to consider all these implementations in such a way that the efficiency of the cost and power of the entire system remains unaffected.

A gateway to connect all the end points makes the solution feasible. It is necessary for connecting the end devices such as a pressure sensor to the Internet. It can increase the complexity and cost implementation, especially when the devices do not have their processors. Additionally, different end equipment has different interfaces which increase further complexity in IoT designing (Folkens, 2014). Hence, the collection and aggregation of data from several end devices require the engineers to bridge the gap between the varying interfaces and capabilities of devices reliably and consistently.

Gateways act as one of the perfect solutions available till date to simplify the complexity that the Internet of Things poses. They support various ways through which the nodes can connect, which is the reason they play a significant role in solving IoT designing issues. They have the ability to connect any devices irrespective of the amount of voltage, types of the encoder, the frequency of updates or any other variations. They act as a common portal which consolidates the data, connects them to the network and alleviates the issue of device diversity or variation (Folkens, 2014). As a result, the individual nodes become free of high-speed internet cost or complexity.

3.6 IoT Gateway Architectures

There are several architectures to set up IoT gateways. The figure 5, 6 and 7, below show the different methods. In figure 5, the IoT nodes will connect with the help of a gateway. The nodes cannot directly connect to the Internet or the WAN as they are not IP-based. To overcome the connectivity issue, they connect to gateways with the help of wireless or wired PAN technology, which is less complex and inexpensive. An IoT agent is maintained for each node to manage the data of every node which gives an option to locate application intelligence within the gateway (Folkens, 2014).

Figure 5: Using PAN technology to connect to IoT via a gateway

In figure 6, the end node makes use of WAN to connect to the Internet directly. The WAN connection could be through Ethernet or Wi-Fi. In this case, the gateway works as a router. On the other hand, when the nodes autonomously manage themselves through their own IoT agent, then the gateway can simply be a router (Folkens, 2014).

Figure 6: Nodes directly connect to the Internet

There is only one exception that the nodes in this architecture make use of a PAN connection to connect to the internet. The PAN connection could include 6LoWPAN, Bluetooth, ZigBee or any other PAN technology. Here, the gateway acts as a point of translation between the WAN and the PAN.

Figure 7: Nodes indirectly connect to the Internet using PAN through 6LoWPAN

There are many other types of architectures and nodes to build the IoT systems. However, the above three architecture show the general implementation of IoT in the residential and industrial application. The performance and the sophistications might vary depending upon the use of the end points, but the above architecture focuses on low cost and high volume applications. The next section describes the various practical IoT gateway architectures.

The advancement in the IoT technology has paved the way for the further developed IoT gateway architecture, implementing semantic gateway as a service as shown in figure 7. The semantic IoT architecture comprises of three entities, the sink nodes, the gateway nodes and the IoT services. The sink nodes represent the sensors, actuators and other appliances which collect the IoT data from the surroundings. The gateway nodes are the intermediary nodes which collects data from the sensors and other devices and forwards them to the IoT services for further processing. The IoT services then process the received information and perform functions and provide desired services to the user. The main component of the semantic IoT architecture is the semantic gateway as a service. This service connects the sink nodes to the internet cloud using various transmission protocols such as CoAP. MQTT, XMPP, and others (Desai, Sheth and Anantharam, n.d.).

Figure 8: Semantic Gateway as a Service

The semantic gateway as a service consists of three components which include, multi-protocol proxy, semantic annotation service, and the gateway service interface. Multi-protocol proxy is the element of the gateway which fetches the information from the physical world, that is, it collects data from the sensors. The language difference at the sensor and the IoT services end requires a muti-protocol proxy to convert the sensor information into a form which is easily understood by the services. It consists of two additional components to manage the sensor data. First component being topic and which stores the sensor resources and information; the second component is the topic router which contains information of the publisher (sender) and subscriber (receiver) of the message. It ensures safe transmission of sensor information. The sensor data collected does not contain annotations which limit their usability in designing of applications and services. It is the reason the data before being sent to the services is given proper annotations at the semantic annotation service component of the gateway. These annotations help in the clear understanding of the data and give the opportunity to the service provider to build an effective service around the received data. Once the annotations assign to the data, it gets forwarded to the IoT gateway service interface. This interface is responsible for transmitting the sensor data to the services interface. This component of the gateway connects to the service interface using REST and publish-subscribe methodology. The sensor data and the service gateways remain independent of each other, and the gateways unite the two independent components by acting as a bridge which connects the data to services (Desai, Sheth and Anantharam, n.d.) The difference in format of data of the sensor and the service gets managed by the gateway. The data after manipulation transmits to the service interface where it is processed by the various application to draw necessary inference about the surrounding environment.

The semantic gateway as a service is a technique which provides a platform for initiating communication between the real world devices and the technological services. This gateway ensures interoperability and facilitates cross-platform communication using the various network protocols. Furthermore, this architecture encourages the secure transmission of data as the gateway act as a barrier which analyzes the transmitted data and ensures only the authentic information gets forwarded and restricts all the other malicious data. Thus, the gateway architecture supports IoT and enables safe implementation of services.

Intel also offers an IoT gateway to promote an interoperable environment in IoT. The gateway incorporates various network technologies and protocols, embedded system controllers, and security mechanism to effectively transmit the real world information to the applications and services which process it and generate a relevant outcome. It is responsible for sending the physical world data to the cloud platform as shown in figure 8. The Intel IoT gateway collects the information from the sensors and controllers embedded in the system and then filter out the most significant data from the bulk. It then decides on the selecting the best mechanism for connecting to the cloud. The gateway implements various security solutions such as data encryption to ensure secure data transmission. It is built on an open architecture to support interoperability and enable easy and effective application development. Its integrated components ensure quick and flexible application development and deployment (Intel IoT Gateway, n.d.). The main components of the Intel IoT gateway architecture are as follows.

Figure 9: Intel IoT Gateway Architecture

• Intelligent device platform XT is a software package which comes equipped with pre-validated software, drivers, and hardware components to support security, connectivity and manageability of the IoT applications. It allows the development of wide range of intelligent systems. The platform is responsible for the maintenance, management, and deployment of remote devices. Furthermore, it enables communication over a wide range of communication techniques including wired and wireless networks allowing the devices to transmit the information to the cloud platform easily. The security offered by this platform involves device and data protection through secure booting using a wide range of arrays and protocols. The platform supports application written in Lua, JAVA, and OSGi, making the system scalable and reusable for varied application development (Intel IoT Gateway, n.d.). The intelligent device platform XT is the most suitable software stack which encourages the development of intelligent systems which matches the industry standard.

• McAfee embedded control is security standard integrated with the Intel IoT gateway which is responsible for system integrity and allows the execution and manipulation of authorized code only. The program creates an automatic whitelist of the codes that could run on the platform and is used as a checklist to authorize the execution of only selective programs on the platform. McAfee provides kernel level security to the applications which help to protect files and disks and prevents malware infections. The system continually monitors the critical files, directories, and registries to check for unauthorized changes, and report the officials about the compliance issues thereby ensuring information security (Intel IoT Gateway, n.d.). The embedded McAfee system in the Intel architecture enables the developers to design a secure, intelligent system which meets the industry requirements.

The Intel IoT gateway architecture designed to connect constraint devices to the cloud find its implementation in various industry applications which include building automation, industrial automation, smart city infrastructure, office automation, and much more. The integrated architecture of the gateway makes room for innovations and better designing. It provides basic software, hardware, and drivers which lay the foundation for quick development and deployment. The McAfee security system embedded in the architecture creates a trustworthy IoT environment by enabling secure data transmission. It encourages the development of secure and scalable solutions which collects data from various sensor nodes and transmits them to the cloud for further processing and service activation (Intel IoT Gateway, n.d.). This gateway architecture allows businesses to innovate because of its efficient manageability, communication, and security.

3.7 IoT Gateway Layers

The designing of effective gateway-based security measures must align to three primary IoT layers. The first layer involves the perception layer, which is the core IoT layer indicating the origin of the information. As a result, the perception layer senses and gathers information from the physical settings using the wireless and technology sensors. The second layer involves the network layer, which is known as the transport layer. This layer encompasses the core and access networks facilitating data transmission. Some of the core aspects characterizing the network layer include the radio access network and the mobile network. The last layer involves the service layer, which is also known as the application layer. This layer enhances data processing and management. Therefore, the gateway security measures needed to address the security issues emerging in the IoT ecosystems must be based on the three key IoT layers to ensure their efficiency in protecting data (C.P, 2016).

3.8 Security Measures

IoT gateways are necessary for providing end-to-end connections for transferring the application specific data from the low power sensors to the cloud solutions for processing. The gateways are responsible for the transfer of bulk information comprising of crucial data which requires established security measures to safeguard the information. However, the vast expense of the network and its connectivity with a million of the devices worldwide makes it vulnerable to cyber-attacks. The increased case of network breach and data theft has made it crucial for the IoT developers to develop a secure system which ensures safe transmission of information. This secure system requires implementing some preventive measures to assure data safety. The primary demand for such a system is authorization and authentication. The devices must allow only the authentic and genuine users to access the information restricting the illegal access (Yousuf et al., 2015, pp.610-613). Apart from authorization there exist several security concerns which require immediate attention to ensure safe transmission within the IoT network. Securing the IoT gateways is one of those important safety concerns. The IoT network needs to take effective preventive measure to deal with its security issues. The below listed are the general IoT network security actions and the specific steps of gateway safety for avoiding security breach in the IoT network.

3.8.1 IoT network security

The IoT network security aims at secure communication between the various IoT devices and the software solutions. It ensures that data transmitted over the network remains unaffected by the external elements. The IoT system must consider the below-stated security issues and implement the appropriate measures to deal with the same.

Confidentiality. The sensor data must remain confidential to the particular IoT network. Any leakage of the data may cause the complete IoT system to fail. Therefore, it is the primary need to secure the sensor and other device’s data. One of the methods to protect the data is through encryption. Encrypting the data before transmission will ensure that only the transmitter and receiver understand the information restricting any third-party person to intrude the network (Yousuf et al., 2015, pp.610-613). It will reduce the chances of information theft and will assure safe data traversal.

Integrity. The nature of IoT involves the exchange of data among various devices, and hence, it is critical to ensure the accuracy of the data. The integrity of data gets maintained when the information transferred remains authentic. The transmitted data or information must remain genuine without any tampering issues. The integrity of the data can be maintained through the implementation of end-to-end security. Moreover, the traffic of data can be maintained using necessary firewalls and protocol settings. However, IoT uses small devices with low computational capabilities, which limit the application of end-to-end security in the form of firewalls. Hence, IoT devices can make use of “creation key” and “token” to identify its right owner. Whenever a new thing is created, the entitled system assigns it with a “creation key”. The manufacturers need to apply this key on the newly created thing. On the other hand, the creators of the “token” are the current owners or the manufacturers. This token is combined with the RFID of the device. Any change in the information requires owner permission, which is provided using the token and the keys. These parameters restrict any unauthorized access to the information and ensure integrity (Yousuf et al., 2015, pp.610-613).

Availability. The main component of the IoT system is the IoT devices because they transmit crucial information. It is, therefore, necessary that the devices are always available for supplying information. It requires that the devices must always connect to the network. Additionally, the timely transmission of information is necessary which mandates that the delay time of devices remain low (Yousuf et al., 2015, pp.610-613). Thus, data availability requires an efficient IoT device design along with its proper placement to ensure continuous and timely transmission of information.

Authentication. In an IoT network, every object must have the ability to uniquely identify and authenticate other objects. Hence, the data access must be authorized to transfer authentic information. Implementing authentication in IoT becomes difficult due to the presence of several entities such as service providers, devices, processing units, and people. Moreover, in many cases an object might have the need to interact with completely new objects, which is also a matter of concern. Hence, these issues present a need for a scheme for the objects to mutually authenticate with one another. One such scheme involves the usage of hashing and feature extraction. This scheme provides a healthy solution for authentication and helps to screen out collision attacks. It focusses on authentication when a data is sent to a terminal node from a platform. Another way to implement authentication at sensor is to make use of one time one-cipher method. This method encrypts the data using the cipher generated in the pre-shared matrix method. In particular, the direct sharing of decryption key does not occur in this case. Rather, the coordinate information gets distributed to all the nodes from which the decryption key gets derived, and the data gets decrypted (Yousuf et al., 2015, pp.610-613). This method ensures that only the concern node has access to the information. It will safeguard the information from theft and allow only the authorized user to access the data which will help in maintaining the integrity.

Heterogeneity. The IoT network comprises of several devices having varied

Configurations and different vendors. These numerous devices require a suitable connecting protocol which can efficiently connect all the network devices. Furthermore, there is a requirement of security protocols and adequate cryptography solutions to ensure information security at every node. Additionally, it is necessary to develop a scalable and adaptable IoT system to effectually cope with the ever-changing technology needs (Yousuf et al., 2015, pp.610-613). Thus, a proper check of all the devices and the network connection is necessary before actual information transfer in the IoT network, to assure security in the system.

Security policies. Every system needs policies to create a standard for quality assurance. The IoT system must also implement security policies to verify the safety standards. Since the IoT system is a network of various devices, standard policies will help ascertain that all the components of the network abide by the security framework. This compliance to security policies will affirm protection against data theft, intrusions, and other security vulnerabilities. IoT implementation involves various services, and it is necessary to identify the service level agreements for every service to ensure it is compliant with the existing system. Furthermore, IoT systems do not implement the usual security policy standards, because it uses low power computational devices. These devices demand a separate framework for action. Therefore, it is necessary for the organizations and the IoT system development team to develop an independent policy framework for IoT system components (Yousuf et al., 2015, pp.610-613). These policies will assure integrity and confidentiality of data.

Encryption key management. The establishment of secure communication between the various IoT system components requires encryption. This encryption gets facilitated by using a particular key which is responsible for encrypting and decrypting the data. The transmission of this key is very confidential because if the key gets lost the data can be easily decoded by any external entity. It is, for this reason, there is a need for secure key transmission mechanism in the IoT system. It requires a lightweight system which could confidentially distribute the IoT keys among the IoT devices without consuming much of their computational power (Yousuf et al., 2015, pp.610-613).

Security awareness. It is another security measure which promotes the growth of the IoT network. It requires that the people using the IoT system are aware of the security vulnerabilities and take appropriate safety measure at their ends to protect information in the network. It requires that the users of various IoT devices must implement the underlying security such as setting up strong passwords and avoid using the default product passwords. Weak passwords give an opportunity to hackers to enter the network and manipulate the confidential data, harming the integrity of the system (Yousuf et al., 2015, pp.610-613). Thus, it is required to spread proper awareness about h use of various IoT device usage and its security issues to the people to prevent the security breaches.

3.8.2 Cryptosystems

IoT network comprises of several interconnected components such as sensors, actuators, RFID (Radio Frequency Identification Devices), GPS (Global Positioning Systems) and the internet. The extensive network of different devices and the information flow over the web necessitates the requirement of standard security measures to ensure data security. Moreover, considering the IoT gateways which connect the devices the cloud mandates the implementation of high-level security for data confidentiality. It is because the millions of devices connected to the cloud exploiting its computational services. This interconnection of devices at one point demonstrates the power of IoT while on the other hand poses a threat to the information security. It is because when millions of devices connect to the same networks, there increase the chances of intrusions and malicious attacks within the network. This potential security risk demands the implementation of appropriate prevention mechanisms to avoid security breaches. It needs updating of the internet protocols and implementing TLS (Transport Layer Security) and TCP/IP protocol to ensure safe transmission. Use of suitable cryptographic solution also helps in secure data transmission (Kim, 2015, pp.201-203).

The lightweight cryptosystems are particularly useful in the constrained environment where the resources are limited, and the security is the primary concern. Specifically, it is beneficial in the IoT networks which use low-power devices such as sensors, RFID tags, and others. Below describes are some of the lightweight block cipher algorithms specially designed for use in the constrained environment.

3.8.3 Access control

With the evolution of the technology and increased power of the network, Internet of Things are about to rule the world. The coming future will bring all the electronic devices to be connected to a single network to send and receive messages. The door lock will open itself as a visitor comes to your door. The light system will automatically work, and the room temperature will adjust itself as you enter the home at the end of the day. Not only the homes, but also this Internet of Things will make their strong presence in a wide variety of domains such as industries, defense, education, agriculture, and so on.

As the service is growing at an exponential rate, the network has to open up access to a huge number of devices. This technology revolution will not only make things easier; it will introduce new threat for the network. As an increased number of access points became available on the network, they also open a wide area of risk factors and opportunities for malicious use of information.

To meet such diverse and rising security issues, the access control system is integrated as an important contributing component to the safety of the IoT. One of the primary element that can protect data from theft or alterations is having a proper access control. As this approach base on granting permissions to the entities that directly or indirectly interact with the Internet of Things (Janak, Nam and Schulzrinne, 2012).

3.8.4 Firewalls

The Internet has revolutionized the information system and has made data access simple and quick. Furthermore, it supports IoT, allowing millions of devices to connect to a single network and share information. However, this extensive network has its limitations. The Internet is open to all providing an equal opportunity to the anti-social elements to manipulate the legitimate information of the network. This unethical activity demands proper security solution to ensure safety and confidentiality of the crucial data. One way to ascertain this security is through the use of established security solutions such as intrusion protection and others, for every device of the network. However, the implementation of such security solutions is not cost effective. Therefore, there is a need for some affordable safety measures (Al-Fuqaha et al., 2015). Firewall is one such solution which stands between the IoT network and the internet to protect the former from malicious attacks and intrusions. It provides a single checkpoint that restricts all the destructing data and ascertains smooth functioning of the IoT network.

The key feature of the firewall is to protect the network from the external influence. It manages this security by restricting the traffic both from inside to outside and vice versa. The firewall allows only authorized users to enter the network thereby protecting the system from fatal attacks. Additionally, the system which gets implemented as firewalls will be immune to attacks creating a secure environment for information transmission.

Service control. Firewalls allow the access of only the authentic service to the internal network restricting all other services. It performs data filtering by IP address, protocols, and port number. It also provides proxy software which validates the service before passing it on to the destination. This service control mechanism ensures that no destructive services enter the network and harm its integrity (Aleshunas, 2010, pp.2-12).

Direction control. It is responsible for making a decision about information flow direction in the network. It decides on selecting the requests, initiation, and flow direction. It verifies the requests and directs it to the desired system so that it may not disturb the normal workflow of the other network components (Aleshunas, 2010, pp.2-12).

User control. It specifically occurs within the internal environment of the organization. This access control of the firewall monitors the way the internal network users are using a particular service. It manages the services and permits access to the user based on their requirement. This service checks the internal network components and tries to resolve the internal errors so that risk of information security can be reduced (Aleshunas, 2010, pp.2-12).

The firewall filters the network information through packet filtering. It either works as a positive filter allowing access to only authorized information, or, as a negative filter, which restricts all malicious data. Different type of firewalls has differing capabilities of examining the data packets and protocols headers which help to identify the data content. Discussed below are some of these firewall types.

Packet filter firewall. This firewall implements rule-based approach to verify the incoming and outgoing messages and then makes the forwarding decision based on it. The configuration of the firewall is such that manages both inbound and outbound messages (Aleshunas, 2010, pp.2-12). The following information of the network governs the rules of data flow.

1. Source IP address is the IP address of the system from where the message originated.

2. The destination address is the IP address of the system where the message needs to get delivered.

3. Source and destination, transport level port number helps to identify the applications used.

4. IP protocol field of the network packet contributes to determining the transport protocol.

5. Interface information helps to know the interface or the port where the packet initiated and where it needs to reach in the case of firewalls with more than two ports.

The firewall examines the network mentioned above packet information and matches it with the set rules. If the information matches the rule, the corresponding action gets performed. However, in the case of unmatched rules, the default action occurs which involves either packet forwarding or packet discard. The packet discard policy gets implemented in the business and government organization to help protect the network from external attacks because they transmit mission critical data. IoT must also implement discard policy in the case of the unmatched rule to safeguard crucial system information (Aleshunas, 2010, pp.2-12).

Stateful inspection firewalls. The packet filter firewall is unable to tighten up security on the TCP-based traffic. Specifically, in TCP session, the client whose TCP port number lies between 1024 and 65535 establishes a connection with the host TCP application having a port number less than 1024. The port number less than 1024 is the “well known” and are application specific. However, the port numbers greater than 1024 are dynamic and gets allocated temporarily for a particular session. The simple packet filter permits inbound traffic on these higher port numbers which increased the security vulnerabilities of the network which when exploited by unauthorized users can cause some severe damage to the information security of the network. The use of stateful inspection firewall can restrict such security vulnerability as it stiffens the rules for TCP traffic. It creates a directory for outbound TCP connections and maintains a record for each connection. The firewall then allows connection to only those clients whose information it has stored in the directory. The advantage of this firewall over the packet filter firewall is that it not only filters the network packet but also secures the TCP connections making the communication safer by avoiding attacks such as session hijack. It enhances the security of the network and safeguards information (Aleshunas, 2010, pp.2-12).

3.8.5 Secure onboarding

The IoT devices when first gets configured; it necessitates the requirement of maintaining equipment safety which is known as secure onboarding. This process involves the exchange of secure encryption keys that facilitate secret information transmission and checks the middle-man attacks as well as information leaks. Implementing this technique require a security model for transmission of the key. The “resurrecting duckling security model” is one such framework which ensures key management. This model proposed by Frank Stajano find its basis in the metaphor of a duckling emerging from its egg, which imprints on the first thing its sees moving and follows its instruction for the rest of the life. The same principle must apply to the new IoT devices while configuring them for the first time. When the IoT devices get installed in the network, it connects to the cloud using the gateways (Fife, 2015). The IoT gateways are the intermediary in this process which is responsible for secure transmission of the cryptographic key from the cloud to the device. This key received at the time of device installation has lifetime use for encrypting and decrypting of the vital network data. The IoT gateway efficiently manages the secure key and protects it from middle-man attacks and eavesdropping. It necessitates the requirement of secure gateway system with tamper resistance to protect information. Additionally, there is a need to devise a strong cryptanalytic algorithm which cannot easily be decrypted and the malicious attacks can be restricted (Fife, 2015). Thus, gateway security along with strong encryption helps protect the IoT information.

3.8.6 Firmware updates

Firmware is the permanent software installed on any system which helps it to perform dedicated applications. IoT devices and the IoT gateways also have the firmware installed which helps them to perform their desired operation. The ever-changing technology trends and security vulnerabilities necessitate the requirement of timely firmware updates in the IoT devices and gateways. The device manufacturers regularly upgrade the existing system to make it compatible with the market need and to remove the shortcomings of the previous versions. The firmware updates ensure that the latest version of the software is free from the vulnerabilities of the previous version and is more secure. The safe update requires the system to have an earlier version, and the new version of the firmware and the new version undergoes validity check to ascertain it is authentic and then is gets installed on the IoT gateways and devices. This update will affirm that the updated version is more secure and has lesser security vulnerabilities which reduce the threat of hacker and attacks exploiting the system loopholes (Fife, 2015).

3.8.7 Limiting interfaces

The IoT gateway manufacturer must be cautious about the additional interfaces. The design of the gateways should be simple and to the point. Any external interface and services other than the intended ones need not be incorporated. It is because these additional interfaces become the backdoors which facilitate the security breaches and hacker attacks. Furthermore, the minimization of the debugging algorithm must follow restricting the authentic users from executing arbitrary code on gateways for the sake of security. The proper gateway design and imposing of restrictions on the user access will help to protect the information flowing in the IoT network (Fife, 2015).

The security measures mentioned above intends to safeguard the IoT gateways which in turn are responsible for the secure information transmission within the IoT network.

3.9 Barriers to information security in IoT systems

Secure information gets characterized by its aavailability, confidentiality, and integrity. On the other hand, people, process, and technology explain the way these elements require security. The above three factors play a significant role in information security in an IoT network, but, often get neglected due to technical controls such as firewalls.

Firewalls and other security control can provide excellent protection to the IoT networks; however, they can turn out to be useless if the user exploits it either intentionally or unintentionally. For instance, if a user gets tricked into deliberately revealing the user id and password to unauthorized personnel, it could lead to a security breach. Such situations can cause a substantial loss not only to the user but also to the security architecture of a system. There exist many ways which make users a threat to the IoT security gateway. Moreover, as the count of authorized user increase, the overall potential for risk also increases. As a result, the human interference in the IoT environment is the primary factor responsible for its success or failure. Therefore, the organizations must devise a security awareness program to prevent the human errors (Russell, 2002).

The primary objective of the security awareness program of an organization is to make the employees aware of their responsibilities. The program helps to safeguard the availability, integrity, and confidentiality of the data shared in an open network. The security of information and its asset is not only the responsibility of IT department but also the users. Users must understand the criticality of data protection (Russell, 2002).

People are often the weakest link in IoT security chain because they are not trained and are unaware of the various security vulnerabilities. Employees must understand how their actions affect the overall security of IoT network. (Russell, 2002). A comprehensive awareness program with the aim to reinforce the IoT security policy and other information security practices should be conducted within the organization aligning with its other policies to ascertain the careful use of IoT gateways for information security.

Apart from employee awareness, another factor which obstructs Iot implementation are the faulty network components. There is need to protect the network as a whole using reliable IoT devices and layered protection. The section below describes the various security barriers and measures in implementing an IoT network.

3.9.1 Organizational barriers.

One of the major barriers in an organization is to implement a successful security awareness program for the usage of IoT gateways. Even the most secure systems can face obstacles due to the human errors. It is therefore important to understand some of the security barriers of IoT gateways, which can be a threat to the organization’s safety. Some of the common organizational barriers of the IoT gateway systems are as follows.

 

 

3.9.2 Personal barriers.

Lacking personal efforts. Many people who work in organizations believe the Information Technology Department should maintain the IoT gateway security through the right framework implementation. They show non-cooperative behaviors when new security measures get adopted. They also overlook the safety implication of IoT gateways and devices and tend to restrict their roles to the lowest level, focussing on their primary job responsibilities. Such ignorance is one of the reasons for the failure of security in IoT gateways. It is therefore important for all the employees to understand the need for their participation in making the security compliance more powerful (Russell, 2002).

Unwillingness to accept IoT as a new technology. IoT is a new concept and technology. IoT gateways, though have attracted people, is still new for people to completely know and understand it. Whenever a new technology gets introduced, it brings a slight change in the behavior of individuals that are going to use it. It is hard for some users to get into the habit of using IoT devices through gateways. It also takes a learning curve a certain amount of time to get acquainted. Additionally, IoT is a constantly changing technology. New features, policies, and frameworks keep emerging as it is not completely stabilized. Hence, the awareness sessions or programs sometimes do not match the pace at which this technology changes. The awareness team often misses informing the users about the updates in the technology, which averts them from using that particular technology. It is probably the reason behind the accurate and timely implementation of a security awareness programs. These programs should constantly keep track of new changes in IoT gateways and informs them to the users (Russell, 2002).

Data confidentiality. Every organization must understand the criticality of data confidentiality. The companies do not give high priority to data confidentiality, and therefore, it is not integrated right from the beginning. These beliefs give the users a chance to develop habits that can cause threats to the security of critical data and information sent through IoT gateways. It’s hard to change these habits, and hence, the security implementation in IoT and IoT gateways becomes even more complicated. In such a case, people not only need to learn the new IoT gateway security practices,l but also to forgo their old practices. Sometimes, such employees also consider the new security mechanism as an extra effort and an unnecessary change or work overhead (Russell, 2002).

Communication barriers.

Improper messaging. In IoT gateway, security awareness programs are necessary to understand the safety issues in IoT as well as IoT gateways. If both these issues are not clearly conveyed, the security awareness program can fail. This inappropriate messaging can lead to a significant gap in the security concern even in the case of robust security systems. Sending similar messages for all sorts of security breach issues in IoT gateways can be harmful, as this will not grab the immediate attention of the reader when it is crucially required. Thus, going for a message with “one-size-fits-all” is not a wise thing to do, especially when dealing with the security of the information system. Messages like this can be quickly ignored or put into spam which is undesirable. This strategy can be easy to implement but is ineffective when it comes to security (Russell, 2002).

Unorganized strategies. Several gateway awareness programs fail to keep the users engaged through their random processes. As mentioned earlier, IoT gateway security is a huge topic, and it requires a well-designed strategy to deliver proper, organized, and meaningful messages, without which the awareness regarding gateway security system remains ineffective. The messaging always needs to have an appropriate theme, style, and an organized way to reach the audience. This way, the users remain connected to the system and know what to expect. A proper messaging system will increase engagement and connection (Russell, 2002).

Lack of a consistent communication. Many gateway security systems launch with a greater wave of enthusiasm but fail to follow up with the weak system later in the cycle. This lack of communication acts as a barrier to the successful implementation of the security system. When the audiences receive regular reminders about handling IoT devices, it works as a feedback loop, eventually improving the overall performance of the gateway security (Russell, 2002).

Breaking communication chain. Sometimes there is a need to send some specific messages to a group of individuals working under a domain; the issue arises when the messages do not reach to all the designated people. Moreover, in the case of IoT implementation, proper communication is necessary to transfer the right message to every individual associated with IoT project. For instance, if a message needs to get delivered to all the programmers of an organization; it may be possible that some of them work together in a team while the others may reside at distributed locations, at different company sites. In such a case, the message curated for all the programmers do not reach the ones working remotely. Thus, implementing IoT gateway security does not function properly and as efficiently as needed. Hence, a proper security mechanism to maintain the integrity and proper delivery of the messages is necessary to keep everyone on the same page (Russell, 2002).

3.9.3 Management barriers.

Unsupportive management. Another important factor that makes a security system weak is the timid support of the management. It is one of the most challenging situations. An IoT system implementation requires complete support from employees, to management and the users. The gateway security implementation system will always work best if it gets the support from top to bottom. Although many managers show personal desires in supporting new initiatives; however, practically implementing it is an entirely different scenario. Such lack of interest probably occurs due to the pressure of jobs and responsibilities of the managers, and they find it difficult to find room for the new security practices. The new security practices in such cases get disregarded which affects the gateway security (Russell, 2002).

Lack of resources. Resources reduce due to the absence of support from the management team or lack of knowledge of the new technology. When the management is unsupportive, it gets difficult to use the available resources efficiently. Even the organization is unable to pull in new external resources as the new resources do not have enough knowledge about IoT gateways or its technology. Also, when a team is unable to employ adequate security resources, it obstructs them to achieve the highest level of security enforcements (Russell, 2002).

Social barriers.

Lack of awareness. The best way to initiate an IoT gateway security awareness programs is to educate their users about the importance of information safety. The security enforcement teams sometimes cover all aspects of the gateway security but fail to motivate the users about its significance. People who very well understand the importance of safety will cooperate to change their behavior or the way the things are done to ensure security. For instance, if the gateway security mechanism requires the users to enable advanced password policy that has complex rules, this arrangement will appear to them as an overhead. But, if the team discusses and explains to the employees about the vulnerabilities of the current gateway security, the latter will show an active drive towards the new gateway security system. This approach will inspire them to take responsibility and ownership towards safety (Russell, 2002).

Weak social engineering. This barrier does not impact the implementation of gateway security mechanism. But, in turn, can affect its success. Its management is critical because this is the “people link” and is incredibly easy to attack. Social engineering is all about hunting on the natural human tendencies, to pull out information that is otherwise hard to obtain. The employees think that no one will purposely manipulate or trick them, but instead, social engineering is one of the popularly used types of attacks carried out. It is the most commonly used type of attack as it is convenient to implement and can occur in a short duration of time. The most common ways to pull out information from the people is by giving excessive and insincere praise for interest, impersonation, third party authorization and a sense of urgency. Although it ‘s hard to design and reinforce an educational plan that primarily targets social engineering, however, it requires special attention. The most unfortunate thing about this type of attack is that even the most intellectual user can be tricked into conversations to get critical information out (Russell, 2002).

 

 

 

 

 

Chapter 4: Research Methodology

The literature survey is the methodology used to explore the area of security issues that prevail in the Internet of Things space. It is a method that examines the literature in the chosen area of study. It is an in-depth search and evaluation method of literature in the preferred study area. This method integrates the information from the literature into an abstract giving a comprehensive overview of the conducted research.

The literature review also precariously observes the collected information by finding gaps in the present knowledge. It gets initiated by identifying the shortcomings of theories and viewpoints. It also helps to identify areas of weakness which require further research. This approach shows that author has an in-depth knowledge of the subject- in this case, the Internet of Things. It also lets the readers understand exactly where research project fits into the area of the study and how the new study adds to the existing body of the agreed knowledge.

Under this method, a thorough demonstration of the familiarity with the present body of knowledge is done also establishing the credibility of our study, in this case, the IoT security issues. The Literature review summarizes the prior research and describes how the present study links with it. The literature review conducts a critical study about the need for securing the IoT security systems. The IoT systems security is studied in depth covering the application areas of the Internet of things, its growth opportunities in the future, possibilities of expansion, need of the security gateways and how they connect the different devices on the internet, and much more. The literature review is the primary stage of any research project. This step is all about synthesizing, surveying, critically analyzing, and presenting the study in a more detailed summary (“The Royal Literary Fund,” 2017).

Furthermore, qualitative methodology is used to obtain the findings that are needed to address the research area. This approach is used to conduct the study because of its appropriateness in providing in-depth information that concerns the research phenomenon. Qualitative research is one of the most rewarding activities in the research process as it engages the researchers with things that are important and in how they are important. This approach helped us explore a wide array of dimensions of the social world including, how our research subject is affecting the everyday lives of people? This method also helped to obtain a better understanding, experience, perspective, and imagination of our research participants. Additionally, qualitative research aptly describes how our social process, institutions, institutions, and organizations work around with the growing technology and the interference of the Internet of Things in the day to day lives. This approach also lays emphasis on the significance of the deductions that they generate during the research process. This methodology is conducted using methods that focus on the depth, richness, context, the multi-dimensionality, and complexity of the research study to generate methods to mitigate issues (Mason, 2002).

For instance, in this proposed project, the qualitative research is used to gather evidence and findings of the security issues that the organizations face dealing with the Internet of things. Qualitative research also helped to derive conclusions and inferences that might apply to the different organizations that are actively using IoT.

Additionally, our qualitative research also included in-depth interviews to cover all necessary elements that address the research issue. In this process, managers from the organizations that are using the Internet of Things are interviewed to collect information based on their experience while using the technology. These qualitative research elements are structured to cover all the practical steps that the organizations have taken to foster the security measures for their Internet of Things and the network on which it operates. Also, it helps to resurface the appropriate security measures that can safeguard the network for such organizations (Barnaghi et al., n.d.).

Proposed IoT/M2M Security Framework

In order to address highly diverse IoT environment as well as related security challenges, it is required for a flexible security framework. Below, it illustrates the security environment from IoT perspective.

Internet of Things (IoT) is considered as current trend, which extends boundary of Internet in order to include wide range of computing devices. In addition, connecting several stand-alone IoT systems by Internet gives introduction to several challenges with security front-and-center since collected information will be exposed to wide as well as often unknown audience.

 

 

 

 

 

 

 

 

 

Chapter 5: Findings and analysis

In this chapter of research, the researcher tries to concentrate on the accumulation of information keeping in mind the end goal to break down the effect of implementing gateway based security measures in order to mitigate security issues in Internet of Things. Consequently, keeping in mind the end goal to perform such research concentrating on quantitative information investigation where 15 respondents are selected. Subsequently, after the determination of respondents, the researcher creates survey questionnaire that is circulated among them with a specific end goal to develop important information.

With appropriate choice of respondents and the development of information through quantitative approach consequently helps the researcher in producing quality result, which later in this researcher helps in prescribing different activities that organizations and end users need to take for mitigating security issues in using internet of things. Additionally, this information research segment certainly gives the credibility of research result.

 

5.1 Quantitative analysis (close end questions)

1. How long you are using and involved with the applications of internet of things?

 

Options	Frequency (%)	Total respondents
Less than 6 months	26.67%	15
6 months – 12 months	20%	15
1-2 year	13.33%	15
3-4 years	20%	15
More than 4 years	13.33%	15

 

Table 2: Time period involved with internet of things

Figure 12: Time period involved with internet of things

 

2. How far do you believe use of internet of things is risky as security concerns involved with it?

 

Options	Frequency (%)	Total respondents
Strongly Agree	40%	15
Agree	33.33%	15
Neutral	2.67%	15
Disagree	13.33%	15
Strongly Disagree	10.67%	15

 

Table 3: Opinion about risk related to IoT

Figure 13: Opinion about risk related to IoT

3. How far do you believe that is important to address the security issues involved with internet of things?

 

Options	Frequency (%)	Total respondents
Strongly Agree	46.67%	15
Agree	26.67%	15
Neutral	6.67%	15
Disagree	13.33%	15
Strongly Disagree	6.67%	15

 

Table 4: Addressing security issues in IoT

 

Figure 14: Addressing security issues in IoT

4. What are the security measures you have taken for securing the use of internet of things?

 

Options	Frequency (%)	Total respondents
Heterogeneity	20%	15
Security policies	33.33%	15
Encryption key management.	13.33%	15
Security awareness	20%	15
Authentication	13.33%	15

 

Table 5: Security measures for IoT

Figure 15: Security measures for IoT

. What vulnerabilities/threats they foresee for setting up IoT projects in your company?

Options	Frequency (%)	Total Frequency	Total respondents
Denial of service attacks	20%	15	75
Security issues in operating system	26.67%	20	75
Lack of security in communication protocol	26.67%	20	75
Exposure	13.33%	10	75
Eavesdropping	13.33%	10	75

 

Table 4: Vulnerabilities/threats for setting up IoT projects

Figure 5: Vulnerabilities/threats for setting up IoT projects

 

 

6. How far you agree that gateway based security measures can be helpful to mitigate your issues for using internet of things?

 

Options	Frequency (%)	Total respondents
Strongly Agree	42.67%	15
Agree	24%	15
Neutral	6.67%	15
Disagree	13.33%	15
Strongly Disagree	13.33%	15

 

Table 6: Gateway based security measures for IoT

Figure 16: Gateway based security measures for IoT

7. How far do you believe that IoT gateway security policies can be helpful to mitigate security issues in IoT systems?

 

Options	Frequency (%)	Total respondents
Strongly Agree	33.33%	15
Agree	33.33%	15
Neutral	2.67%	15
Disagree	20%	15
Strongly Disagree	10.67%	15

 

Table 7: Impact of IoT gateway security policies

Figure 17: Impact of IoT gateway security policies

8. Which security policy you think more useful for mitigating security issues in IoT?

 

Options	Frequency (%)	Total respondents
Network Management Policies	33.33%	15
Operational Management Policy	40%	15
Security Management Policies	26.67%	15

 

Table 8: Security policies for IoT

Figure 18: Security policies for IoT

 

 

9. Being an IT professional, what is your opinion regarding the best technique of securing internet of things from an end user?

 

Options	Frequency (%)	Total respondents
proxy service	22.67%	15
Enabling firewalls	14.67%	15
LAN gateway	13.33%	15
secure on boarding	25.33%	15
firmware updates	24%	15

 

Table 10: Best technique for securing IoT

Figure 20: Best technique for securing IoT

 

10. How far do you agree that cryptosystem has an important role in securing the applications of internet of things?

 

Options	Frequency (%)	Total respondents
Strongly Agree	26.67%	15
Agree	24%	15
Neutral	14.67%	15
Disagree	16%	15
Strongly Disagree	18.67%	15

 

Table 11: Cryptosystem in IoT

Figure 21: Cryptosystem in IoT

 

12. How far do you believe that effective access control can mitigate issues in internet of things?

 

Options	Frequency (%)	Total respondents
Strongly Agree	24%	15
Agree	16%	15
Neutral	13.33%	15
Disagree	20%	15
Strongly Disagree	26.67%	15

 

Table 12: Access control for IoT

Figure 22: Access control for IoT

 

Chapter 6: Results and discussion

 

6.1 Addressing research question 1

Based on the above research and addressing the first research question. i.e. What gateway-based mitigation measures should be used to address IoT related security and privacy issues, following security policies are proposed for organizations that have deployed gateway-based mitigation measure in order to secure IoT infrastructures. Security is an ongoing endeavor, organizations are still developing their strategies, additionally, there isn’t a winning security measure or winning standard that has been finalized that fits all verticals. Hence, well planned policies serve best since, IoT is still it’s early stages. Policies can be continuously revised due to endless change in threat levels and security landscape.

IoT Gateway Security Policies

Technology has led to the invention of a variety of IoT devices and gateways. These devices require the implementation of strict policies to ensure a secure IoT network. This heterogeneity of gateway nodes leads to the broad classification of the security policies which are as follows.

6.1.1 Network Management Policies

The Internet is available for all. Both the hackers and legitimate users have access to the information circulating over the internet. Thus, there always exists a security vulnerability of information theft and data manipulation at communication channel. It is, therefore, necessary to use secure communication channels for information transfer over the internet.

Securing link layer with IEEE 802.15.4 protocol: The link layer is a protocol layer which helps transfer the data between the adjacent nodes of a WAN. It divides the outgoing data into frames and manages acknowledgments from the receiver.

IP security at the network layer: Implementation of IP security protocol suite will help secure the network. Enforcing end-to end security with authentication and ensuring confidentiality and integration are the main highlights of the IPsec protocol.

Enable CoAP security for the transport layer: The web protocols such as HTTP and CoAP requires a more focused security protocol to maintain web security. Implementation of Transport Layer Security (TSL) and Secure Socket Layer (SSL) is necessary to ensure safe information transfer over the internet. Since TCP (Transfer control protocol) is not suitable for the constrained IoT environment, UDP is used which implements the Datagram TLS to secure the information transfer (Lushey and Munro 2015). The protocol uses cookies to protect the network from Denial-of-service attacks. CoAP protocol uses DTLS for securing the IoT network. The protocol ensures the security of the communication channel and reduces the threat of security breaches.

The quality of service (QoS): The extensive number of IoT devices connected to the internet for information transfer increases the security vulnerabilities of the network and requires quality measures to ensure the security of data (Sriram et al 2013). It is responsible for measuring the error rates, bandwidth, throughput, transmission delays, availability and most importantly data security. The IEEE 802.15.4 standard used for the link layer security enables the data rates of 20-250 kbit/second. Additionally, it supports carrier sense multiple access (CSMA) and acknowledgments for reliability (Lushey and Munro 2015). The security of the data gets strengthened with the 128-bit AES encryption which makes the data inaccessible to unauthorized users thereby ensure secure data flow within the IoT network.

Encryption key management helps for establishment of secure communication between the various IoT system components requires encryption. This encryption gets facilitated by using a particular key which is responsible for encrypting and decrypting the data. The transmission of this key is very confidential because if the key gets lost the data can be easily decoded by any external entity. It is, for this reason, there is a need for secure key transmission mechanism in the IoT system. It requires a lightweight system which could confidentially distribute the IoT keys among the IoT devices without consuming much of their computational power. Security awareness is another security measure which promotes the growth of the IoT network. It requires that the people using the IoT system are aware of the security vulnerabilities and take appropriate safety measure at their ends to protect information in the network. It requires that the users of various IoT devices must implement the underlying security such as setting up strong passwords and avoid using the default product passwords. Weak passwords give an opportunity to hackers to enter the network and manipulate the confidential data, harming the integrity of the system. Thus, it is required to spread proper awareness about h use of various IoT device usage and its security issues to the people to prevent the security breaches.

6.1.2 Operational Management Policy

Load balancing thresholds: The load balancing policy will enable the service load management to ensure the there is no breach of any threshold. The threshold will include networking, computing balance, and the storage resources.

Device and service instance configurations: This policy dictates the services and pre-configuration devices and services. It defines a uniform template and helps to create an interoperable environment.

Service attachment: The administrators define this policy, which gets deployed in the gateway node and gateway instance. This policy can recognize and attach valid services to the requests of the users.

6.1.3 Security Management Policies

The security multi-tenant isolation concept will host unrelated tenants in the same infrastructure. This security policy will identify and learn about the incoming request, the tenants will get identified, and then the request will get rerouted to a selected application. During this process, the confidential data from both the requestor and application will remain disclosed. The security policy will get defined within the application (Lushey and Munro 2015). This definition will ensure the verification and validation of the user’s credentials before he/she accesses or uses the application (Sriram et al 2013). Moreover, the policy will ensure that the applications do not access the resources to which they do not have prior authorization.

As this technology connects numerous of devices over a network, it has given birth to several security issues over the recent past years. These issues revolve around security of things such as transmission security for reliable data transfer, perceiving security for information collection, and application security for secure information handling. Such issues probably occur because these networks and their structure are becoming all the more complex with time and gets linked with the heterogeneity of the network structure. Thus, addressing the issues would be helpful to solve the security issues in internet of things.

Integrity is one of the major factors that are critical for identification of the smart devices over the network. There is almost no universal method to identify the different identities on the internet. Thus, sharing data that is highly critical for the organization or an individual is full of risks. Additionally, many organizations employ perimeter protection defined by the device. The extrinsic security measures are resource intensive and do not provide strong security measures as required. The user of such devices also has absolutely no way to determine the collected data and how it is used or reused. Additionally, the security issues in the Internet of things are said to be prevalent because of its booming demand, an abundance of availability and applications with a traditional use of the security measures. Although the IoT companies for the different devices uses different network protocols for transferring data, each protocol follows a different set of access mechanism and security measure. Still, the Internet of things lacks one specified security mechanism to protect the data that flows over the network. Due to its growing network and increased usage, the classical authorization and authentication methods may fail. Also, a constraint in resources in Internet of Things restricts the use of complex security mechanisms.

Intrusion detection: The messages among IoT devices remain protected through various protocols; however, the networks over which the messages get transmitted are still prone to various attacks that can disrupt the entire network. The firewalls and Intrusion Detection Systems (IDS) help in averting such vulnerabilities (Bovet and Hennebert 2013). The characteristics of IoT are similar to that of WSN; hence, the IDS that are suitable for WSN can undoubtedly fit in the IoT network. In IoT, the IP address helps to identify the nodes globally (Lushey and Munro 2015). For example, in 6LoWPAN, the 6BR (6LoWPAN Border Router) is always reachable to connect to its network through the Internet. Therefore, such cases require end-to-end message security. Hence, after exploiting the characteristics of IoT, designing IDS for IoT becomes worthy. However, it is difficult to develop an IDS for IoT as it has resources that are constrained, global accessibility, links that are lossy in nature, and the usage of varied IoT protocols.

Data security: Typically, the data stored in any storage model lies in the encrypted state with its cryptographic hash. This encrypted data is decrypted, verified for its integrity, re-encrypted and its integrity is re-protected before transmitting it to the host, who requested the stored data. In this way, the operations of cryptography occur twice. Recently, flash memories have developed, which has empowered the data storage in constrained devices. Therefore, these memories can help to achieve the goals of energy minimization in IoT gateways. It also helps to eliminate the double operations of cryptography.

When it comes to the internet of things, the IoT gateways are used to connect these smart devices bridging the gap between the IT structure and the operations within a business. It initiates by optimizing the system performance through the operational data. This data is then gathered and processed in real time at the network edge or in the field. The IoT gateways can perform various tasks. Promotion of high scalability is helpful. They can collect the intelligent data from the data center or the cloud and push it to the network edge. The gateways, themselves have the high processing power, storage, and memory. Thus, the end point devices do not need them.

Quick Production can be gained with this. Time to market is reduced significantly with an accelerated and more advanced production line. Reduced Telecommunication Cost is one of the major benefits of IoT security policies. The basis of gateways is the reduced Machine to Machine communication. Thus, this infrastructure needs a smaller network and reduced WAN traffic. The gateways are capable enough to isolate devices and sensors that are suspicious, or not performing well. It is done to prevent the production lines from bigger problems in the future. Apart from their high performance, the gateways have their set of challenges when it comes to security. Here are some of the gateway based security issues the internet of things faces. These challenges vary as the application areas of the devices changes. Thus, organizations need to consider all the policies and its advantages while considering the policies for mitigating security issues.

Security and privacy: These policies focus on the data that gets deliveredto the IoT network through gateways nodes or instances (Bovet and Hennebert 2013). The policies cover the activities of people, the flow of processes, and the use of technology. These components are the means of unwanted activities (Dumay and Cai 2015). Hence, these policies focus on preventing such actions as they might bring huge destruction to the data transmitted over the IoT network.

The security policies applicable at different layers of the communication channel for safe information transfer. Use of IEEE 802.15.4 protocol at this layer helps secure the data transfer in an IoT network. It protects the communication per-hop basis where every node of the communication path is authenticated using a pre-shared key. Network load balancing builds clusters which balance loads of the incoming client’s requests. It is one of the most efficient methods to achieve scalability and availability of the network. It reduces the response time and reduces the risk of intrusions and breach. Securing the network is very crucial in IoT. The information transmitting over the internet is prone to many threats of unauthorized access. Use of efficient policies, protocols, and algorithms helps in securing the network. It helps in protecting the IoT gateways by shielding them from malicious web data securing them from hazards.

The operational policy will govern the functioning of the devices, systems, and their communication. The functionalities of the system will contain the service types that the user can access according to his/her security credentials. Moreover, the functionalities can also limit the information that gets shared among the users and different nodes and instances of gateways. The security management policy will enforce criteria for security that will enforce secure interoperability and collaboration among the gateway instances and nodes that get distributed throughout the IoT network. The primary goal of the security policy is to prevent any unauthorized network within the IoT network through the gateways. The security policy covers multi-tenant isolation, intrusion detection, and data security.

6.1.4 Security Policy Implementation Plan

The network, operational, and security policies help to protect the IoT gateways and devices from spy attacks and intrusions. The policies illustrate the respective security components and the means by which it protects the IoT environment. The security policy management should primarily focus on policy authoring and defining and policy assignment and delivery.

6.1.5 Policy Authoring and Defining

The security policy will get assigned to a group of end points. It is composite with baseline policies. These policies get customized to the individual endpoints (Bovet and Hennebert 2013). Thus, the security policy will eliminate the need to rebuild the entire policy every time for every endpoint. The security policies formulated must clearly state its behavior according to the network or organizational policy and translate into the policy settings of the machine. There are minimum two places, which require simplification of the security policy for a better understanding of human workforce: policy definition and event analysis (Dumay and Cai 2015). The policy definition is the process of defining the behaviors in the IoT environment. The definitions are later translated into security settings and stored in endpoint machine policy. On the other hand, the beginning of event analysis occurs during the analysis of the security events in a secure location after sending them from the endpoints. Moreover, a security policy should remain updated on the basis of the security event analysis.

6.1.6 Policy Assignment and Delivery

In the process of policy management, there occurs a need for security policy definition for each endpoint (Bovet and Hennebert 2013). Therefore, in order to define the policy across all the endpoints, a need arises for a coarse-grained mechanism. The reuse of policy elements across various policies is possible only when a policy has a proper structure with sub-elements. A policy library can be used to hold various sub-elements of different policies to avoid the need for redefining policy for minimal changes (Bovet and Hennebert 2013). With a collection of default sub-elements, the policy definition process becomes easy and does not require redefining the entire policy. The defined endpoint security policy should be assigned to single or a group of the endpoint(s). This approach allows proper management of endpoint management at the atomic level, without the need for an individual policy definition. Apart from reuse, an automated mechanism is also recommended to deliver endpoint machine policy (Lushey and Munro 2015). The automated mechanism helps in tracking the policy along with its sub-elements for each endpoint. This mechanism also provides additional oversight of the entire security process management. Additionally, this mechanism experiences a gradual reduction in human errors and scaling in automation.

6.1.7 Filtering Application

It is a known fact that enormous information floats over the internet out of which some data is legitimate and authentic, while other is destructive. Therefore, it becomes necessary to distinguish between the authentic and the fake information and applications (Bovet and Hennebert 2013). Thus, a list of authentic application is made which gets matched to the web application which requests for access. If the application matches the list it is granted access to the IoT network otherwise it is restricted. This approach of information and application filtering protects the IoT gateways from spyware and malware attacks.

6.1.8 Policy Administration

An administration is necessary for proper enforcement of the policy framework. It is the responsibility of the policyadministration to upload and alter the security policies and applications which are important for IoT protection (Kim et al. 2015). It is back-end interface designed for admin access. The policy repository is timely updated by the administration, so that latest security policies get stored in the database, and the old ones get replaced (Lushey and Munro 2015). The policy mapping module matches the policies from the repository, and it is the reason for keeping the repositoryupdated, so that latest policyis enforced for filtering the applications. It improves the security of the network.

6.1.9 Policy Enactment

A gateway is used which implements all the security policies implemented in the IoT network. It is the responsibility of this gateway to grant or restrict the access to the application and information (Kim et al. 2015). The gateway accepts the decisions of policy mapping and accordingly responds to the client’s request. It is a barrier which obstructs the path of the irrelevant application and does not grant them access to the secure IoT network. It secures the IoT gateways and devices by making appropriate access control decisions

6.1.10 Policy Resolver

The security policy management must implement a methodology of attribute oriented security resolution to identify the components that indulge in interactions. The resolver helps to identify and authenticate the users trying to connect to the IoT network through the gateway node or instance (Kim et al. 2015). The identity gets validated based on the user’s set of attributes presented. The resolver consists of several sub-components, which validate the attributes of the users.

Attribute finder. The attribute finder analyses the set of attributes of users. The attributes get queried from the database, which is used to identify the user attributes.

Attribute resolver. After determining the identity of the user, the attribute resolver receives a verification request to ensure the validity of the identity. Once the identity is validated, it gets sent to the policy resolver.

Attribute database. The attribute database is a repository that holds the attributes of users, which is used to identify the access privileges for the requested resources.

After the process of attribute resolution is complete, the policy resolver grips the user identity for a temporary period (Kamboj and Rana 2013). The module sends this information to the decision engine whenever required. The decision engine can perform any task on the information such as aggregation or validation of the information.

6.1.11 Policy Repository

The security policy repository holds the rules and policies, which the policy decision engine refers to the decision process. The most critical part of the security policy management is the decision-making engine (Wiek and Lang 2016). This engine handles all the tasks such as validation, authorization, authentication, and accessibility. This engine links to all the subsequent parts of the policy implementation process.

6.2 Addressing research question 2

Manufacturers of IoT are facing big challenges and barriers due its early stage and no standardization. As it has been examined in the above research in great detail the risk associated with IoT products, following approaches are recommended for IoT product manufactures for implementing these technologies in the life cycle.

1. Gain certifications

Manufacturers are advised to gain ISO 27001 and other security related certification for their newly innovative devices and for the production of IoT devices.

2. Security by design:

Why?

• Changes are much easier to make early in the product life cycle

• Privacy and security is not something that can be added at later stage

How?

• Manufacturer should think like hacker

• Assess magnitude of a compromise

• Evaluate technology components

Some of the core information security concepts for building IoT products includes 1) Authentication 2) Encryption 3) Data Integrity.

It is proposed that manufactures use the best proven solution for device identity. i.e. PKI (public key infrastructure). Its application is embedded in variety of protocols standard including TLS. It allows to enable range of security principles including authentication, encryption and data integrity.

Manufacturers can overcome barriers of producing insecure devices by using TPMs (cypto-procoessors) which can perfectly pair with software based PKI to maintain a strong and secure IoT environment.

Results of implementing hardware based PKI along with software based PKI is security authentication and private communication, trusted interface for administration and security firmware updates.

Following benefits can be considered highly possible once hardware and software based PKI is employed in manufacturing IoT devices for device identity.

• Diversity of devices and processing power

• Size and scale of eco system

• Trust models between device to device or device to gateway implementations

Discussion

The primary focus of this research report is to highlight the need for security policies in the securing the IoT gateways to prevent information theft. The interconnection of millions of devices defines the Internet of things; however, this extensive network connection is prone to numerous vulnerabilities and intrusion threats. The IoT network transmits crucial information across the web and hence it is necessary to secure the network. IoT gateways act as the barrier between the organizational network and the internet, and therefore there is a need to secure the gateway to block the entry of unwanted elements into the private network. The security policies defined in this research project mainly focus on network protection, operational management, and information security.

Integrity and privacy of the Internet of things are major concerns. With the prominent use of the Internet of things in homes and workplaces, a lot of data and critical information travels over the network. The most common and widely used devices that are dominating this field are the smart phones. Employing a large number of smart phones as a gateway rises hundreds of privacy issues on the network. It is conceivable that an owner with a peripheral device can localize a gateway owner by receiving data through that particular gateway from peripherals at locations that are known. On the other hand, a peripheral device moving through a collection of gateways that are colliding can be localized. Both these above cases are the examples of privacy violations

For the wireless network, however, the situation is opposite. This network has numerous open ends for the attacker. And until and unless a proper security subsystem is installed and maintained over the wireless links, it becomes quite easy for the attackers to make space for themselves into the network. The attacks are also dependent on the wireless link layer protocol properties.

The DNS spoofing with this attack alters the DNS server so that it redirects the users to the attacker’s server. This attack can occur in more than one ways to directly hit the network. Here, the DNS server changes the Internet Domain Names to IP addresses relieving the users from the task of remembering a long series of numbers. The DNS spoofing here can alter the cache to translate the intended IP address to a different one. Thus, all aspects need to be considered while using internet of things.

These IoT policies focus on implementing protection at the various network layers to ensure total safety. Moreover, the study identifies the various security measures that could be put in place to protect the gateways. It suggests the implementation of firewalls and cryptosystems so that unauthorized access to the organizational network can get prevented. The reason behind implementing this security measures and safety policies lies in the fact that organizations face many security barriers such as personal barriers, communication barriers, management barriers and much more which increase the network vulnerability. Additionally, there exist various gateway problems like denial of service attacks, spyware, and malware attack which need to get prevented for secure information transmission. Thus, to prevent all such network attacks and security barriers the enforcement of the network policy is mandatory.

The operational policy derived from the research explains the working of the IoT devices, systems, and its various programs. It highlights that operation security ensures the safety of all the operational components including the utility programs, operating systems, and other systems. It implements security measures such as secure on boarding, firmware updates and limiting interfaces to ascertain that firm’s hardware and software remains updated so that its vulnerability gets reduced. Moreover, it increases the life of the organizational network. It ensures that all the backdoors for hacker’s intrusion get closed so that the information transfer within the organization becomes safe. It overcomes the gateway problems and barriers. These policies guide the proper operations of the information system.

The security policy demonstrates the information security need for any IoT network. It explains that data is always vulnerable in a network. There always exist threats of data theft and data manipulation. Hence, it is necessary to implement policies to attain data integrity and confidentiality. The policy guideline devised in this research lays stress on multi-tenant isolation, intrusion detection, data security and data privacy. These policy measures sync with the standard ISO security policy which talks about implementing physical and cryptographic security on the data to secure it from unauthorized attack. The enforcement of security measures such as the cryptosystems and access control helps control unwanted access to the information thereby protecting crucial organization data. The main aim of these policies is to ensure data safety and safe communication within the IoT network. It provides that the IoT devices transfer authentic and correct information and saves data from being stolen.

The policies suggested in the document resolves the research question of information security and privacy issues. Furthermore, it suggests guidelines for addressing the barriers to information security. It explains that information is the primary asset in an organization and its safety can never get compromised. Therefore, in the case of IoT networks which works entirely on information transmission policies are necessary for securing the data. The gateway security policies ensure that IoT gateways transmit safe information in and out of the network thereby assuring data integrity.

 

 

 

 

 

 

 

 

 

Chapter 7: Conclusion

 

5.1 Conclusion

Internet of things is a hot topic in the field of technology, policy, and engineering. It is expected to enhance the ways people live. The experts expect it to change not only people’s lifestyle but all organization’s way of working. It has both supporters as well as predictors. This thesis clearly introduces the communication models. It focusses on device-to-device communication, device-to-cloud communication, device-to-gateway communication, and back-end data –sharing communication. Moreover, the thesis also introduces the issues related to the Internet of Things. The issues related to privacy, interoperability, emerging economies, legal and regulation rights, and security. The privacy issues such as data collection, surveillance and many more issues are focused. The thesis sheds light on the interoperability of the service and products. It highlights the issue of vendor lock-in and ownership complexity. Moreover, the emerging economies will need to address IoT issues to exploit its benefits. Additionally, the legal section also has an effect on the IoT. The implementation of IoT will have to consider the legal and regulation rights related to data, civil, security, personal and many other aspects. One of the major issues is the security, upon which the paper focusses. The paper discusses several security challenges for implementing IoT. The communication in such technologies requires cryptographic confidentiality, authentication, and integrity. However, despite such secure communication, they are still prone to security issues such as interface debugging, side channel attack, and DoS attack. With the help of side channel attack, the users can gain access to the physical aspects of the system and directly collect the data from them. Moreover, as IoT work completely over the network the risk of DoS attack is enormous. These issues are a very important point of consideration, as many applications associate with IoT. Some of such application include smart homes and offices, logistics and transports, and industries such as entertainment, banking, environmental sciences, healthcare, dining, sports and fitness, retail, telecommunication, hospitality, science, manufacturing, education, and more. Such wide scope of IoT raises the responsibilities of manufacturers and developers to secure the network and data associated with it. Manufacturers compromise the security in most of the case just to make it cheap or to meet other requirements. Sometimes due to the use of mobile applications used as a gateway for the IoT devices might also have insufficient IoT implementation. Therefore, the paper discusses the wide scope of IoT, its threats, vulnerabilities, and privacy issues. Moreover, it suggests the measures to mitigate security vulnerabilities through IoT gateways. The paper fulfills its objectives of identifying the gateway-based security measures and recommendation of best practices to enhance the security features of IoT.

Lastly and most importantly, Security is never a single person’s responsibility, no one person will understand full scope of the environment. It’s a team game. Security is not a product rather it is a process, attackers continue to find vulnerabilities to attack and industry endlessly prevents attackers by securing their infrastructure.

It’s going to be very hard for manufactures to secure their products 100%. Burden of security comes to security experts in order to security the environment where IOT is being installed and used.

 

5.2 Limitation and future scope

With a specific target to investigate the effect of gateway based security based measures for moderating security issues, the researcher has dissected extensive variety of literary works and in addition broke down crude information in type of suppositions of IT experts. Along these lines, future researcher may have the capacity to utilize this examination as a wellspring of additional information to investigate on a similar point. As the researcher has contrived methods for enhancing representative maintenance, this research may be useful for management of various organizations to enhance pick up learning with respect to use of internet of things and mitigating issues with the help of gateway based security measures.

Despite the fact that the research gives wide future conceivable outcomes, the researcher has confronted challenges while directing the research. Because of the absence of sufficient money and time, the researcher has relied upon the restricted materials for literature review while couple of members was taken for raw information accumulation. Additionally, it is likewise critical that because of close-ended questionnaires, the IT professionals have provided erratic answers, which bothers the unexpected stream of the research and in this manner controlled the exploration result to some degree.

 

 

 

References

Aleshunas, J. (2010). Firewalls. [ebook] Webster University, pp.2-12. Available at: http://mercury.webster.edu/aleshunas/COSC%205130/Chapter-22.pdf [Accessed 28 Jun. 2017].

Al-Fuqaha, A., Guizani, M., Mohammadi, M., Aledhari, M. and Ayyash, M. (2015). Internet of Things: A Survey on Enabling Technologies, Protocols, and Applications. IEEE Communications Surveys & Tutorials, 17(4), pp.2347-2376.

Ballano Barcena, M. and Wueest, C. (2015). Insecurity in the internet of things. [ebook] Mountain View: Symantec. Available at: https://www.symantec.com/content/en/us/enterprise/fact_sheets/b-insecurity-in-the-internet-of-things-ds.pdf.

Banafa, A. (2016). IoT standardization and implementation challenges. [online] Iot.ieee.org. Available at [Accessed 7 Jun. 2017].

Barnaghi, P., Wang, W., Henson, C. and Taylor, K. (n.d.). Semantics for the internet of things: early progress and back to the future. [ebook] Guildford: Centre for communication systems research, university of surrey. Available at: http://ai2-s2-pdfs.s3.amazonaws.com/fa11/0ddb525702ebd6b501216d7f3dbce365d529.pdf.

Blanter, A. and Holman, M. (n.d.). Internet of things 2020: A glimpse into the future. (n.d.). ATKearny. Available at: https://www.atkearney.com/documents/4634214/6398631/A.T.+Kearney_Internet+of+Things+2020+Presentation_Online.pdf/af7e6a55-cde2-4490-8066-a95664efd35a [Accessed 7 Jun. 2017].

Bouij-Pasquier, I., El Kalam, A., Ouahman, A. and De Montfort, M. (2015). A Security Framework for Internet of Things. Cryptology and Network Security, pp.19-31.

Bowers, D. (n.d.). Physical access control. [ebook] Randallstown. Available at: http://www.ittoday.info/AIMS/DSM/8305101.pdf [Accessed 24 Jun. 2017].

Braun, W. and Menth, M. (2014). Software-Defined Networking Using OpenFlow: Protocols, Applications and Architectural Design Choices. Future Internet, 6(2), pp.302-336.

Bull, P., Austin, R., Popov, E., Sharma, M. and Watson, R. (2016). Flow based security for IoT devices using an SDN gateway. 2016 IEEE 4th international conference on future internet of things and cloud (FiCloud).

C.P, V. (2016). Security improvement in IoT based on software defined networking (SDN). International journal of science, engineering and technology research, [online] 5(1). Available at: http://ijsetr.org/wp-content/uploads/2016/01/IJSETR-VOL-5-ISSUE-1-291-295.pdf.

Desai, N. (2016). What is an IoT gateway and how do i keep it secure?. [online] Globalsign.com. Available at: https://www.globalsign.com/en/blog/what-is-an-iot-gateway-device/.

Desai, P., Sheth, A. and Anantharam, P. (n.d.). Semantic gateway as a service architecture for IoT interoperability. [ebook] Available at: https://ai2-s2-pdfs.s3.amazonaws.com/36c3/477502ac9df418f2c6c6304e820ad344ce56.pdf [Accessed 14 Jun. 2017].

Dhanjani, N. (2015). Abusing the internet of things. 1st ed. “O’Reilly Media, Inc.”, p.216.

Dinh, T. and Kim, Y. (2016). An efficient interactive model for on-demand sensing-as-a-servicesof sensor-cloud. Sensors, 16(7), p.992.

Fife, C. (2015). Resurrecting Duckling – A model for securing IoT devices. [online] Citrix Blogs. Available at: https://www.citrix.com/blogs/2015/04/20/resurrecting-duckling-a-model-for-securing-iot-devices/ [Accessed 29 Jun. 2017].

Fife, C. (2015). Securing the IoT gateway. [online] Citrix Blogs. Available at: https://www.citrix.com/blogs/2015/07/24/securing-the-iot-gateway/ [Accessed 29 Jun. 2017].

Folkens, J. (2014). Building a gateway to the Internet of Things. [ebook] Dallas: Texas Instruments, pp.2-5. Available at: http://www.ti.com/lit/wp/spmy013/spmy013.pdf [Accessed 14 Jun. 2017].

Gilchrist, A. (2017). IoT security issues. 1st ed. Walter de Gruyter GmbH & Co KG, 2017.

Hossain, M., Fotouhi, M. and Hasan, R. (2015). Towards an Analysis of Security Issues, Challenges, and Open Problems in the Internet of Things. 2015 IEEE World Congress on Services.

Information technology logical access control guideline. (2007). [ebook] Virginia information technologies agency. Available at: https://www.vita.virginia.gov/uploadedfiles/vita_main_public/library/logicalaccesscontrolguideline04_18_2007.pdf [Accessed 24 Jun. 2017].

Information technology — Security techniques — Information security management systems — Requirements. (2005). 1st ed. [ebook] Switzerland, pp.13-29. Available at: http://webcache.googleusercontent.com/search?q=cache:http://minf.vub.ac.be/marc/EHI-614/iso27001.pdf&gws_rd=cr&ei=dTyUWYj0FcXSvwSbiqWgBw [Accessed 16 Aug. 2017].

ISO/IEC 27001:2005(E) A.10.6 Network security management 16(7), p.26.

 

Intel IoT Gateway. (n.d.). [ebook] Intel. Available at: https://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/gateway-solutions-iot-brief.pdf [Accessed 14 Jun. 2017].

Janak, J., Nam, H. and Schulzrinne, H. (2012). On access control in the internet of things. [ebook] Columbia university. Available at: http://www.cs.columbia.edu/~hn2203/papers/1_1_ietf_2012.pdf [Accessed 24 Jun. 2017].

Jones, B. (1992). Improving security in the FDDI Protocol. [ebook] Naval Postgraduate School, pp.16-21. Available at: http://www.dtic.mil/dtic/tr/fulltext/u2/a257546.pdf [Accessed 29 Jun. 2017].

Jungo, C. (2015). Integrity and trust in the internet of things. [ebook] Swisscom Ltd. Available at: https://www.swisscom.ch/content/dam/swisscom/en/about/responsibility/digital-switzerland/security/documents/integrity-and-trust-in-the-internet-of-things.pdf.res/integrity-and-trust-in-the-internet-of-things.pdf.

Kim, J. (2015). Requirement of security for IoT application based on gateway system. International Journal of Security and Its Applications, [online] 9(10), pp.201-208. Available at: http://www.sersc.org/journals/IJSIA/vol9_no10_2015/18.pdf.

Lin, H. and Bergmann, N. (2016). IoT Privacy and Security Challenges for Smart Home Environments. Information, [online] 7(3), p.44. Available at: http://www.mdpi.com/2078-2489/7/3/44/pdf [Accessed 7 Jun. 2017].

Man In the middle attack. (n.d.). [ebook] p.1. Available at: http://site.iugaza.edu.ps/nour/files/lab4-MITM1.pdf.

Mason, J. (2002). Qualitative researching. 2nd ed. London: SAGE publications ltd.

Pal, A. and Purushothaman, B. (2016). IOT technical challenges and solutions. 1st ed. Artech House, p.83.

Panasenko, S. and Smagin, S. (2011). Lightweight cryptography: Underlying principles and approaches. International Journal of Computer Theory and Engineering, [online] 3(4), pp.516-518. Available at: http://www.ijcte.org/papers/360-JG527.pdf.

Park, J., Chen, S. and Choo, K. (2017). Advanced multimedia and ubiquitous engineering. 1st ed. Springer, p.253.

Park, N. and Kang, N. (2015). Mutual authentication scheme in secure internet of things technology for comfortable lifestyle. Sensors, 16(1), p.20.

Proxy Server. (n.d.). [ebook] Tutorialspoint. Available at: https://www.tutorialspoint.com/internet_technologies/pdf/proxy_servers.pdf [Accessed 24 Jun. 2017].

Reddy, A. (2017). Safeguarding the Internet of Things. [ebook] pp.10-11. Available at: https://www.cognizant.com/whitepapers/safeguarding-the-internet-of-things-codex2465.pdf [Accessed 24 Jul. 2017].

Research skills. (2010). [ebook] University of leicester. Available at: https://www2.le.ac.uk/projects/oer/oers/ssds/oers/research-skills/Research%20skillscg.pdf.

Rose, K., Eldridge, S. and Chapin, L. (2015). The internet of things: An overview. Internet Society, pp.1-18. Available at: https://www.internetsociety.org/sites/default/files/ISOC-IoT-Overview-20151014_0.pdf [Accessed 7 Jun. 2017].

Russell, C. (2002). Security awareness – implementing an effective strategy. [ebook] SANS institute. Available at: https://www.sans.org/reading-room/whitepapers/awareness/security-awareness-implementing-effective-strategy-418 [Accessed 29 Jun. 2017].

SDN architecture overview. (2014). [ebook] Palo Alto: Open networking foundation, p.6. Available at: https://www.opennetworking.org/images/stories/downloads/sdn-resources/technical-reports/TR_SDN-ARCH-Overview-1.1-11112014.02.pdf [Accessed 24 Jun. 2017].

Shu, Z., Wan, J., Li, D., Lin, J., Vasilakos, A. and Imran, M. (2016). Security in Software-Defined Networking: Threats and Countermeasures. Mobile Networks and Applications, 21(5), pp.764-776.

Stankovic, J. (2014). Research Directions for the Internet of Things. IEEE Internet of Things Journal, 1(1), pp.3-9.

The Royal Literary Fund. (2017). Literature reviews. [online] Available at: https://www.rlf.org.uk/resources/why-write-a-literature-review/.

Treadway, J. (2016). Using an IoT gateway to connect the “Things” to the cloud. [online] IoT Agenda. Available at: http://internetofthingsagenda.techtarget.com/feature/Using-an-IoT-gateway-to-connect-the-Things-to-the-cloud [Accessed 7 Jun. 2017].

Yousuf, T., Mahmoud, R., Aloul, F. and Zualkernan, I. (2015). Internet of Things (IoT) security: Current status, challenges and countermeasures. International Journal for Information Security Research, [online] 5(4), pp.608-616. Available at: http://www.aloul.net/Papers/faloul_ijisr15.pdf.

Zachariah, T., Klugman, N., Campbell, B., Adkins, J., Jackson, N. and Dutta, P. (2015). The internet of things has a gateway problem. Proceedings of the 16th international workshop on mobile computing systems and applications.

 

 

 

 

 

Appendix

 

Survey questionnaire:

1. How long you are using and involved with the applications of internet of things?

Options

Less than 6 months

6 months – 12 months

1-2 year

3-4 years

More than 4 years

2. How far do you believe use of internet of things is risky as security concerns involved with it?

Options

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

3. How far do you believe that is important to address the security issues involved with internet of things?

Options

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

4. What are the security measures you have taken for securing the use of internet of things?

Options

Heterogeneity

Security policies

Encryption key management.

Security awareness

Authentication

5. How far you agree that gateway based security measures can be helpful to mitigate your issues for using internet of things?

Options

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

6. How far do you believe that IoT gateway security policies can be helpful to mitigate security issues in IoT systems?

Options

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

7. Which security policy you think more useful for mitigating security issues in IoT?

Options

Network Management Policies

Operational Management Policy

Security Management Policies

8. How far do you believe that software-defined networking has an important role in this aspect?

Options

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

9. Being an IT professional, what is your opinion regarding the best technique of securing internet of things from an end user?

Options

proxy service

Enabling firewalls

LAN gateway

secure on boarding

firmware updates

10. How far do you agree that cryptosystem has an important role in securing the applications of internet of things?

Options

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

11. How far do you believe that effective access control can mitigate issues in internet of things?

Options

Strongly Agree

Agree

Neutral

Disagree

Strongly Disagree

 

You Need a Professional Writer To Work On Your Paper?

---

 

---