Secure layers based architecture for Internet of Things (PDF ...

43 downloads 18276 Views 927KB Size Report
Official Full-Text Paper (PDF): Secure layers based architecture for Internet of Things. ... and inferences. Finally, we present a conceptual solution and visual aspect for security of IoT application and services. ..... device or even a cloud itself.
Secure Layers Based Architecture for Internet of Things Dhananjay Singh (IEEE, Senior Member) Dept. of Electronics Engineering Hankuk University of Foreign Studies Yongin, South Korea [email protected]

Gaurav Tripathi Division of Central Research Laboratory Bharat Electronics Limited, Ghaziabad, India [email protected]

Abstract—

The Internet of Things (IoT) is an Internet based infrastructure of smart machines/objects/things where each machine has the capability of self-configuration and interact/communicate with physical objects based on standard and interoperable communication protocols. The basic attributes of the physical objects is having identities. They are also having virtual personalities using intelligent interfaces and seamlessly integrated in-to the current evolving information networks. Indeed with this heavy open interaction amongst the objects come issues of reliable and secure object for IoT services. Hence, this paper presents a novel conceptual cross layer based architecture which ensures proper usage of Adaptive Interface Translation Table (AITT) with the new security features for secure IoT services with the help of five layers. Each such layer has a specific responsibility to process their assigned task and forward data to the next layers for further processing and inferences. Finally, we present a conceptual solution and visual aspect for security of IoT application and services.

Antonio Jara (IEEE Member) Institute of Information Systems University of Applied Sciences Western Switzerland (HES-SO) Sierre, Vallais, Switzerland [email protected]

mankind. AS NTT GROUP [4] shows 54% of malware designed to take over a compromised systems went undetected by the anti-virus solutions used and 71% of new malware designed to make money or steal information from these systems were unsuccessful in their pursuit. We still lack a viable solution for IoT Identity Theft Prevention (IITP). In our previous work [5], we have been discusses of Semantic Fusion Model (SFM) for future services shown in fig. 1. Where we are integrating the semantic model of the information across the sensors and gateways in the IoT domain. The semantic model is also considering the challenges of the bandwidth utilization and unique address capability to the millions of sensors that becomes a part of IoT.

Index Terms — Future Internet Services, 6LoWPAN, IoT architecture, WSN, IoT security

I. INTRODUCTION We are fast moving in-to the era of connected objects. The visualization is hard because each known thing as-well-as virtual things can be interconnected through the system. All such connection where information can be exchanged and communication happens seamlessly are part of the world called Internet of Things. IoT which has been referred in various literatures as connected objects. Alternatively it has been referred to as Internet of Objects [1]. The Cisco Internet Business Solutions Group (IBSG) [2] defines that IoT is simply a point in time when the number of “objects/things” connected to the Internet will be greater than the humans connected in to Internet. The IoT is needed because all the unprocessed data needs to be converted in to data and then to meaningful information. From this information there is a knowledge discovery. Sharing of this knowledge across IoT modules gives results to wisdom. The current impact of Internet on the education, military, security, medical science, business is tremendous [3]. This clearly brings out the fact that Internet is clearly becoming the most important event in the history of

978-1-5090-0366-2/15/$31.00 ©2015 IEEE

Figure 1.Future services of IoT.

Internet is going through an evolution and the next big step which is happening is the creation of IoT enabled objects and exchange of communication on IoT models and platforms. The modern solutions of IoT are being talked about on the basis of ZigBee network. According to [3] and [5] the security of sensor networks is being defined by an architecture based on a trust center which is in charge of handling security queries. The IoT is a huge gigantic phenomenon where several 6lowpan (IPv6 over low power wireless personal area networks) and sensor nodes are connected to the information gateways which is very challenging because the current transition is not an easy one. The adoption of IPv6 is still rolling across the globe and power

solutions of millions nodes must be economical otherwise the whole purpose of the IoT gets diluted. Hence, the common set of standards for the communicating protocols across the IoT objects needs to be standardized. There are special challenges in the security domain. The global threat perception is one of the rises as we cross breed the IoT domain with the IPv6 version as well the Future Internet domain. There is an increasing demand that users want to access each and every device of their choices and interest on the internet itself. This vast access of resources and capabilities, thus require new challenges in the IoT security domain. The IoT has the requirement of multi-dimensional security solutions where the secure communication and authentication platform must be needed for secure applications. In this paper, we explore how the Internet of Things has security challenges and how secure application can be integrated in to a secure IoT architecture. We have discussed the challenges and the future plan of our approach. II. OBSERVATION AND CHALLENGES The smart devices are increasing day-by-day with the increase availability of distributed networks. The embedded devices has connected to the IoT spectrum of devices.

Figure 2.Virtual greenery environment.

We are witnessing a wide spectrum from passive RFID tags up to active embedded devices [7]. Fig.2 shows the virtual greenery environment in-to the deserts field which is current infrastructure of “digital things”. Similarly several applications are already connecting with the internet to a certain scale, facilitating communication and access to information, including business as-well-as technologies related challenges to realize business benefits. A. Problem and resolution in Mobility IoT security is a major area of concern especially when talking about mobility compliance of IoT objects. Mobility management can have disguised identity and can fake the real identity of the node. There are several challenges which can be identified in the present form.



Integration of all the heterogeneous platforms for IoT integration to a common platform. Hence, IPv6 is a huge factor in addressing the scalability and mobility issues of the IoT objects.



Privacy and integrity of IoT enabled objects as well the current Internet users.



Mobility: IoT enabled devices must perform all their operations while fulfilling the mobility of the IoT devices. The present world is witnessing a surge in smart phones, tablets which have a ubiquitous nature in management of the devices. The real-world is full of mobile applications and thus it becomes important for IoT enabled devices to have mobility in their implementation background.



Data Management: The amount of data that is expected to generate by billions of IoT devices have to handle by the Big Data.

There are several broker agents who manage the initialization of various basic functionalities such as technologies, applications and cost challenges from the objects to function properly. B. Problem and resolution in Security 6lowpan network has the advantage that it can connect with any number of devices in the IoT applications such as intelligent home automation system, smart city, smart security management, smart energy management, logistics management, etc. But security is the major concern of 6lowpan networks. Thus we need to focus on security solutions for the mobile and static data. • Confidentiality of Messages: End to End security of messages exchanged between the IoT devices is required. Some sort of encryption and decryption algorithm must be provided to have the safe travels of data across the Internet. • Message Data Integrity: Data must never be modified between source and destination. • Message Source Authentication: The different sources must be able to identify themselves via some authentication protocols as in [8]. • Message Availability: Intrusions and malicious behavior must be detected in the system. Various types of Intrusion Detection System could be employed to the security concerns of the system. • Message Replay Protection: The security also needs to be taken care at all the intermediary nodes. There must be strict mechanisms to detect all the duplicate messages aswell-as replaying of the stored messages. Checks such as sequence numbers or time stamping at the network layer can be huge boosts at securing the IoT protections.

C. Problem and resolution in 6LoWPAN node space IPv6 has been compressed in to the 6LoWPAN stack. In fact the present IPv6 networks connected with smart devices form the actual IoT. The world of IoT is extremely heterogeneous in nature. The composition of IoT devices can vary in various domains. It can be a sensor node, a fan, a bulb, a refrigerator, a LED TV, a smart phone or an embedded device or even a cloud itself. Thus going by the trend, the number of devices on an IoT platform can go in the tune of billions of devices. In 6LoWPAN integrates IP-based infrastructures and WSNs. To fulfill this purpose, the 6LoWPAN standard proposes context aware header compression mechanisms [9]. The IPv6 header compression (IPHC) for the IPv6 header and Next Header Compression (NHC) for the IPv6 extension headers and the User Datagram Protocol (UDP) header exists. There is also an introduction of Generic Header Compression (GHC) in [10]. In fact the 6LoWPAN networks are connected to the Internet through the 6LoWPAN Border Router (6BR) or Gateway. III. CROSS LAYER ARCHITECTURE There are multiple technologies working on the IoT platform. These technologies have transformation ranging from stateless to stately, from extremely constrained to unconstrained, from hard real-time to soft-real time systems. The IoT world physical object consists of virtual components that have the potential to produce and consume services across the Internet domain. Thus the number of interconnected objects will rise in billions which will be a challenge to sustain the IoT world and also requires new approaches towards safety and technology of the IoT objects. We are visualizing a future where every living things as-well-as non-living objects will be part of the revolutionary IoT world. Each such object will have location, address and a user friendly description on the Internet. For example a user computer will know about itself. The user computer knows about the physical counterparts consisting and their identity and functioning and can communicate with them and in fact can take its own decision. Thus IoT extends itself from “anywhere, anyhow, anytime” computing to “anything, anyone, any service”. The present Internet is going a sea change with the advent of IoT based objects and solutions emerging across the globe. There is a surge in use of Ipv6 protocols in the process of interconnection of present series of computers as-well-as the smart objects that are being developed in the domain of Wireless Sensor Networks (WSNs). This merging of IoT based systems in to the realm of Internet is going to revolutionize the world as we sense it. Consider the world full of IoT based objects and seamless communication is going through these objects on the Ipv6 platforms. The most important thing that comes after is the security of the objects and security of data that is being communicated. The Internet that we know has devised their own way of securing data and information and thwarting malicious attacks. The world that we are imagining on the current trends is full of Internet merged with smart embedded resource-constrained networks. Thus it becomes imperative

for us to toe the line of security that will become the backbone of the IoT objects communications. The basic pillar of any security-related communications is security, confidentiality, integrity and authentication services. The network also needs to be safe guarded against malicious intrusions and was of disruptions. The data residing at the sensor nodes is of paramount importance. The sensor a node needs to physically safeguard as-well-as the data needs to be stored in an encrypted form. We have thought of security of IoT as a layered architecture in which data can be secured at different layers. The layers can be of be configurable at the application discretion for more security stringent checks. Normally the security at different layers happens at the at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPSec), and at the transport layer with Datagram Transport Layer Security (DTLS) [11]. After all the security measures have been taken at the layered model and encryption utilized at the senor node the data can still be corrupted from inside the WSN networks as-well-as Internet hosts. Hence the need of firewalls as-well-as Intrusion Detection System (IDS) is justified. This paper has major contributions of novel architecture of cross layer based stack development which will provide enough security and degree of freedom to the data packets residing on the data format.

Figure 3. Secured Cross layer Architecture.

In the Fig. 3 has explained a novel cross layer architecture which ensures proper usage of Adaptive Interface Translation Table (AITT) with the new security features. The usual TCP/IP blocks will communicate with the above mentioned stack. The security feature and AITT will help us to compress the security bytes requirements and hence provide more bandwidth for actual applications to communicate. We explain

our architecture with the help of an example of simple Home automation techniques. Possibly we are thinking of home automation where we are trying to gain the rights of all the appliances in any home remotely. At the slightest of doubt or in case of alarms we can act remotely and switch off and on our home appliances. Thus a perfect case of home automation can be achieved by our proposed novel cross layer architecture. Normally, the IoT perspective is that it cannot stem out from a single scheme. Lots of small contributions and standards will help us to evolve the IoT architectures and security perspective. With the crossover of IPv4 to IPv6 and usage of web services for IoT applications. There are number of an advantage that needs to be explored in to the IoT system. It will allow a homogeneous structure for integration of application with the gateways as-well-as Internet hosts and it will also provide common platforms for simplified development of cross platform appliances.

Figure 4. Layer Model for IoT.

IoT is a complex hybrid of homogeneous as-well-as heterogeneous systems on all types of cross layer platforms which is supported by a number of third party applications. With resources limited, there is an important reason to look in to the security solutions and protocols, and make them a standard in the IoT world. In the Fig.4, we have explained layer-wise responsibilities of the proposed stack. Normally any architecture is a framework which can be used for network's physical components and their functional organization and configuration. It also looks in to the matter of operational principles, and procedures, as-well-as format of data and packets used in the communication and exchange of information. IV. SECURITY CONCERN ARCHITECTURE There can be various solutions at the respective layers of stack used in the end to end communication. We have discussed some standard security solutions at respective layers of the IoT stack. A. Link Layer: IEEE 802.15.4 Security As per [12] 6LoWPAN networks use the IEEE 802.15.4 protocol as link layer. 802.15.4 link-layer security [13] is the present security solution for the IoT. In the link layer the node participating in the communication process needs to be trusted.

The communication can use multiple numbers of nodes aswell-as multiple numbers of hops to communicate. A key is defined prior to the communication. This key is used to protect all the respective communication happening in the communication cycle. If this key is compromised, then the security of the whole layer is compromised. The per-hop security arrangement can detect unwanted modification at each of the respective hops. Data integrity must be provided at the per hop security arrangements with the 6LoWPAN networks. Link layer security is limited to secure the communication between two neighboring nodes. This is one of the flexible options which can be used with multiple protocols at the layers above to the link layers. B. IP Security: Network Layer As per [14][15] the security at the network layer is provided by the IP Security (IPSec) protocols. This protocol provides end-to-end security with authentication, integrity, replay protection and confidentiality as discussed above. At the network layer the IPsec protocol can be used with various transport layer protocols such as TCP, UDP, HTTP and CoAP.[15] encourages the IPSec to use the Encapsulated Security Payload (ESP) protocol while with the help of [14] it makes the use of Authentication Header (AH) protocol. IPSec is a network layer solution and thus its security is shared by all the applications running on a particular device. C. CoAP Security for Transport Layer IPSec is a good option for security solution but when it comes to web protocols it generally lacks the robustness of the protocols. At this layer there are generally used protocols are Transport Layer Security (TLS) or its predecessor Secure Sockets Layer (SSL). TLS protocol can only be used over stream-oriented TCP and this might not be a great method for wireless communication. The connection-oriented TLS protocol can only be used over stream-oriented TCP that is not the preferred method of communication for embedded smart objects. There is another protocol known as Datagram TLS [16] which is an adaptation of TLS for UDP. The end to end security of different applications is guaranteed by DTLS. DTLS also provides the protection against Denial of Service (DoS) attacks with the use of cookies in the web protocol domain. DTLS can be used only with the UDP protocols. Thus it becomes imperative to utilize the DTLS support with IoT. D. Network Security Even taking the above precautions the network is susceptible for network attacks which can compromise the security. There can be many Intrusion Detection System (IDS) which detect impostors and malicious activities in the network. Firewalls are necessary to block unauthorized access to networks. The IoT world comprises of billions of devices and we can associate any part which we deem plausible for being the part of the big bang virtual world. 6LoWPAN networks of the IoT are vulnerable to a number of attacks from the Internet and from inside the network. It is easier to compromise the wireless domain resource constraint IoT world than a regular

Internet. We will need to have unique IDS which will create a more holistic security for IoT enabled devices. E. Data Security in the IoT world It can be safely argued that network and communication can be safe guarded by applying various communication and network security mechanisms. The next concerned is to save the data that IoT devices have held. Stored data in the IoT devices can be confidential and sensitive and needs to be protected. IoT world will comprise of tiny nodes which will be resource constrained. It will be a difficult task to guard each of these billion of devices physically or with the use of Trusted Platform Modules (TPM) [16]. Table 1. Security Analysis of IoT

Input

Reason

The vulnerability area of IoT has increased

More increase in the open networks. Increase of cloud based system, internet expansion, and increase in USB devices, Bluetooth, ZigBee devices. Software updates, patches for security where vendor support is dwindling. Thus they become a soft target for malware attacks. Unique identification schemes must be devised for millions of devices.

Dwindling support for legacy systems. Non Identifiable, unauthorized services have increased. Remote access facilities accessed unauthorized. The sensitive data has been exposed in the IoT. There has been increased dependence on the software and embedded systems.

Remote access can open doors for interception and tampering. Smart patient data, critical data can be exposed which can lead to catastrophe. Majority of targets for malware application is the application layer.

In any IoT world the security measures refers to the basic provision of security services including confidentiality, authentication, integrity, authorization, non-repudiation, and availability. The current multitude of control protocols for the IoT systems, the ZigBee standard [18]. The security architecture of IoT is still evolving. It is best described by a reference model and thus a single architecture will be inconvenient to describe the system. There will be too many unknown technologies and applications devised. Thus in this respect a layered model of security architecture is best suited. The layers can be modified according to the evolving tradition of the security as we have described in our architecture [21]. As per [19] the world of IoT is a highly distributed nature and use of embedded technologies in a public area can leave enough weaklings that will be exploited by the malicious

hackers. IoT enabled objects on streets are susceptible for physical harms. Additional threats are the user profiling through these IoT objects to gain access to the personal and private data of the user or a social elements [19]. In general what happens when an IoT based device communicates between the other IoT objects is that a secure end-to-end communication is needed. This channel requires the mutual establishment of a common secret key between the two taking peers. As per [20] this key management will be done on a standard key exchange protocols such as transport Layer Security (TLS) Handshake or Internet Key Exchange (IKE). This requires an expensive cryptographic solutions which leaves an IoT based object reeling for more resources. V. FINAL REMARKS We have presented a secured cross Layer architecture for IoT with an altogether new concept of AITT. The future work will include actual implementation in a home automation system. IoT is a complex system of heterogeneous and homogeneous sensors. Security and privacy are the key issues for IoT applications, and still face some enormous challenges and has discussed about analyzing the security architecture and features. We have discussed the key aspects of layered architecture and security issues. The conceptual vision of our work in the security domain can change the system. Adaptive identifies can create the applications and modify the systems as per their security needs. An attempt has been made to overview the security of the IoT enabled objects. ACKNOWLEDGMENT This works is supported by Hankuk University of Foreign Studies and the support of Institute of Information Systems funding. The authors would like to thank also projects SAFESENS ENIAC Joint Undertaking with the Grant Agreement no: 621272, and the EU Horizon 2020 projects ENTROPY with the Grant Agreement no: 649849, INPUT with the Grant Agreement no: 644672.

REFERENCES [1] The Internet of Things-How the Next Evolution of the Internet Is Changing Everything – Cisco white paper – April 2011, www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FI NAL.pdf Accessed by July 14, 2015. [2] Cisco defines the Internet of Everything in http://www.cisco.com/web/about/ac79/index.html [3] Accessed by July 13, 2015 [4] Alberti A. M., Singh D., “Internet of Things: Perspectives, Challenges and Opportunities”, International Workshop on Telecommunications (IWT2013), June 2013. [5] GLOBAL THREAT INTELLIGENCE REPORT, 2014 NTT Innovation Institute 1 LLC, Accessed by July 14, 2015 [6] https://nttgroupsecurity.com/solutionary?id=solutionary [7] Singh, D., Tripathi, G., and Jara, A. J., “A survey of Internet-ofThings: Future vision, architecture, challenges and services,” in Proc. of the IEEE World Forum on Internet of Things (WF-IoT), pp. 287-292, IEEE, 2014. [8] Singh D. "Developing an Architecture: Scalability, Mobility, Control, and Isolation on Future Internet Services", Second

[9]

[10]

[11]

[12]

[13] [14]

[15]

[16] [17]

[18]

[19]

[20]

[21] [22]

[23]

International Conference on Advances in Computing, Communications and Informatics (ICACCI-2013), Mysore, India, 2013, pp.1873-1877. Cisco disused RFID Tag technology, accessed on Oct. 30,2015, http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Mobi lity/WiFiLBS-DG/wifich6.pdf, Singh D. (2015). SECURE 6LoWPAN NETWORKS FOREHEALTHCARE MONITORING APPLICATIONS. Journal of Theoretical and Applied Information Technology, E-ISSN: 1817-3195 Raza, Shahid, et al. "Securing communication in 6LoWPAN with compressed IPsec." Distributed Computing in Sensor Systems and Workshops (DCOSS), 2011 International Conference on. IEEE, 2011. Soro, A.; Lacan, J.; Chaput, E.; Donny, C.; Baudoin, C., "Evaluation of a Generic Unidirectional Header Compression Protocol," Satellite and Space Communications, 2007. IWSSC '07. International Workshop on , vol., no., pp.126,130, 13-14 Sept. 2007 doi: 10.1109/IWSSC.2007.4409403. Datagram Transport Layer Security: https://tools.ietf.org/html/rfc4347, Accessed by July 22, 2015. Culler, David E., and Jonathan Hui. "6LoWPAN Tutorial: IP on IEEE 802.15. 4 Low Power Wireless Networks." Arch Rock Corporation (2007). Kothmayr, Thomas, et al. "DTLS based security and two-way authentication for the Internet of Things." Ad Hoc Networks 11.8 (2013): 2710-2723. S. Kent. IP Encapsulating Security Payload. RFC 4303, 2005. http://tools.ietf.org/html/rfc4303. E. Rescorla and N. Modadugu. Datagram Transport Layer Security Version 1.2. RFC 6347, January 2012. http://www.ietf.org/rfc/rfc6347.txt. Singh Dhananjay, "Secure 6LoWPAN Computing Stack for Global Healthcare Monitoring Services", Journal of Theoretical and Applied Information Technology, Vol. 76, No.2, pp. 143 ~ 151, 2015. Trusted Platform Module (TPM) Work Group. TCG specification architecture overview (TPM 2007), 2007. http://www.trustedcomputinggroup.org/. Suo, Hui, et al. "Security in the internet of things: a review." Computer Science and Electronics Engineering (ICCSEE), 2012 International Conference on. Vol. 3. IEEE, 2012. ] ZigBee. http://www.zigbee.org/ H. Sundmaeker et al., eds., “Vision and Challenges for Realizing the Internet of Things,” IoT European Research Cluster, Mar. 2010; www.internet-of-things-research.eu. W. Geng, S.Talwar, K. Johnsson, N. Himayat, K.D. Johnson, “M2M: From mobile to embedded internet,” Communications Magazine, IEEE, vol.49, no.4, pp.36-43, April 2011.