Unit-2

 Data Collection, Storage and Computing using a Cloud Platform:-

Introduction:- A few conventional methods for data collection and storage are as
follows:
● Saving devices’ data at a local server for the device nodes
● Communicating and saving the devices’ data in the files locally on removable media,
such as micro SD cards and computer hard disks
● Communicating and saving the data and results of computations in a dedicated data
store or coordinating node locally
● Communicating and saving data at a local node, which is a part of a distributed DBMS
● Communicating and saving at a remote node in the distributed DBMS
● Communicating on the Internet and saving at a data store in a web or enterprise
server
● Communicating on the Internet and saving at data centre for an enterprise

 CLOUD COMPUTING PARADIGM FOR DATA COLLECTION,

STORAGE AND COMPUTING:-
Different methods of data collection, storage and computing are given below:
I. Devices or sensor networks data collection at the device web server,
II. Local files,
III. Dedicated data store at coordinating node,
IV. Local node in a distributed DBMS,
V. Internet-connected data centre,
VI. Internet-connected server,
VII. Internet-connected distributed DBMS nodes, and
VIII. Cloud infrastructure and services.

Cloud computing paradigm is a great evolution in Information and

Communications Technology (ICT). The new paradigm uses XAAS at the Internet
connected clouds for collection, storage and computing. Following are the key
terms and their meanings, which need to be understood before learning about
the cloud computing platform.
Resource refers to one that can be read (used), written (created of changed) or
executed (processed) A resource may have multiple instances or just a single
instance. The data point, pointer, data, object, data store or method can also be a
resource.

Devices or sensors network data collection at a device local-server, local files,

dedicated data store, at a coordinating node, a local node of a distributed DBMS,
Internet-connected server of data centre, server or distributed database nodes or
a cloud infrastructure
 System resource refers to an operating system (OS), memory, network,
server, software or application. Environment refers to an environment for
programming, program execution or both.
 Platform denotes the basic hardware, operating system and network, and
is used for software applications or services over which programs can be
run or developed.
  Edge computing is a type of computing that pushes the frontier of
computing applications, data and services away from centralised nodes to
IoT data generating nodes, that means at logical extremes of the network.
 Distributed computing refers to computing and usage of resources which
are distributed at multiple computing environments over the Internet.
 Service is a software which provides the capabilities and logically grouped
and encapsulated functionalities.
 Web Service, according to the W3C definition, is an application identified
by a URI, described and discovered using the XML based Web-Service
Description Language (WSDL).
Cloud Computing Paradigm
Cloud computing means a collection of services available over the Internet.
Cloud delivers the computational functionality. Cloud computing deploys
infrastructure of a cloud-service provider. The infrastructure deploys on a utility
or grid computing or webservices environment that includes network, system,
grid of computers or servers or data centres.
Cloud Platform Services
Cloud platform offers the following:
● Infrastructure for large data storage of devices, RFIDs, industrial plant
machines, automobiles and device networks
● Computing capabilities, such as analytics, IDE (Integrated Development
Environment)
● Collaborative computing and data store sharing
Cloud Platform Usages
Cloud platform usages are for connecting devices, data, APIs, applications and
services, persons, enterprises, businesses and XAAS.
 CLOUD SERVICE MODELS
Cloud connects the devices, data, applications, services, persons and
business. Cloud services can be considered as distribution service—a
service for linking the resources (computing functions, data store,
processing functions, networks, servers and applications) and for provision
of coordinating between the resources.
Cloud computing can be considered by a simple equation:
Cloud Computing = SaaS + Paas + IaaS + DaaS
 SaaS means Software as a Service. The software is made available
to an application or service on demand. SaaS is a service model
where the applications or services deploy and host at the cloud, and
are made available through the Internet on demand by the service
user. The software control, maintenance, updation to new version
 and infrastructure, platform and resource requirements are the
responsibilities of the cloud service provider.
 PaaS means Platform as a Service. The platform is made available to
a developer of an application on demand. PaaS is a service model
where the applications and services develop and execute using the
platform (for computing, data store and distribution services) which
is made available through the Internet on demand for the
developer of the applications. The platform, network, resources,
maintenance, updation and security as per the developers’
requirements are the responsibilities of the cloud service provider.
 IaaS means Infrastructure as a Service. The infrastructure (data
stores, servers, data centres and network) is made available to a
user or developer of application on demand.

DaaS means Data as a Service. Data at a data centre is made available to a user or
developer of application on demand. DaaS is a service model where the data store or
data warehouse is made available through the Internet on demand on rent (pay as per
use in multi tenancy model) to an enterprise. The data centre management, 24×7
power, control, network, maintenance, scale up, data replicating and mirror nodes and
systems as well as physical security are the responsibilities of the data centre service
provider.
Give examples of SaaS, PaaS, IaaS, DaaS service models for cloud computing. Solution
● SaaS Applications of Google Docs for online office, MS Windows Live for online office
applications, MS Exchange Labs, TCS iON (Integrated IT-as-a-Service), Salesforce.com for
extensible Customer Relations Management (CRM) system.
● PaaS SuiteFlex for business process development NetSuite tools, MS Azure for
Windows applications programming and execution environment, server platforms of
EC2 and GoGrid, application platforms of Force Com, Google App engine for scalable
execution environment for web applications, and TCS platform BPO solutions, Xively,
Nimbits, AWS IoT, IBM IoT Foundation, Cisco IoT, IOx and Fog, TCS CUP.
● IaaS infrastructure services—Amazon Virtual Servers, GoGrid virtual servers, Elastic
Computing Cloud (EC2), Cloud.com open source IaaS, TCS Transformation Solutions,
Cisco IaaS, and IBM BlueCloud shared infrastructure service that automate fluctuating
demands for the IT resources.
● DaaS Data storage platforms of Tata Communications 10 X, Apple and Cisco for the
DaaS.

IoT Cloud-based Data Collection, Storage and Computing Services

Using Nimbits
Nimbits enables IoT on an open source distributed cloud. Nimbits cloud PaaS deploys an
instance of Nimbits Server at the device nodes. Nimbits functions as an M2M system
data store, data collector and logger with access to historical data. Nimbits architecture
is a cloud-based Google App Engine. Nimbits server is a class hierarchy
com.nimbits.server. system.ServerInfo of java.lang.Object.
Nimbits PaaS services offer the following features:
● It supports multiple programming languages, including Arduino, new Arduino library,
push functions from Arduino cloud, JavaScript, HTML or the Nimbits.io Java library.
● Nimbits server functions as a backend platform. Nimbits data point can relay data
between the software systems, or hardware devices such as Arduino, using the cloud as
a backend.
● An open source Java library called nimbits.io enables easy development of JAVA, web
and Android solutions (Nimbits data, alerts, messages on mobile).
● It provides a rule engine for connecting sensors, persons and software to the cloud
and one another. Rules can be for calculations, statistics, email alerts, xmpp messages,
push notifications and more
● It provides a data logging service and access, and stores the historical data points and
data objects.
● Storage in any format that can be serialized into a string, such as JSON or XML.
● It filters the noise and important changes sent to another larger central instance.
● It processes a specific type of data and can store it.
● Time- or geo-stamping of the data.
● Nimbits clients provide over Internet, data collection in real time, charts, chart and
graphical plots of collected data and data entry.
● Data visualisation for data of connected sensors to IoT devices.
● Supports the alerts subscription, generation and sending in real time over the
Internet.
● It creates streams of data objects and stores them in a data point series.
● Data accessibility and monitoring from anywhere, and is used to shape the behaviour
of connected devices and software.
● It supports the mBedTM, Arduino, Raspberry Pi based and other hardware platform
based IoT devices.
● Web service APIs are easy to implement on device hardware acting as clients to
Nimbits web services, and connect to the web service and send data.
● It deploys software on Google App Engine, any J2EE server on Amazon EC2 or on a
Raspberry Pi.

Data Points :-A data point means a collected value of a sensor in a group of sensors.
Data points organise the data in a number of ways. For example, points can have child
points (child points mean subpoints; for example, if light level is a data point then light
on or off is a child point and light level above or below the threshold can be another
child point.) Points can be in the folders. The folders can go as deep as like in a tree
(Tree means a folder having several subfolders, a subfolder having several subfolders,
till the leaf subfolder.) Any type of document can upload and organise them with the
points. Files can be shared publicly or with the connections. A subscription data feed is a
special point for each user that logs system messages, events, alerts from other points
which are subscribed by a service and more.
Data Channels :-A user can create a data feed channel which shows the system events
and messages that also shows data alerts which are subscribed to show up in the feed.
The user can subscribe to the data point of other users also, and configure the
subscription(s) to send messages to the feed. The user can observe the idle, high or low
alerts here in real time. The user data feed is just another Nimbits data point.

Prototyping and Designing Software for IOT Application:-

A system needs electronic circuits for computation and communication. The circuits use
sensors and actuator devices, which embed the computing hardware and software.
Prototyping and designing require the embedded device platforms for data generation.
This also requires connectivity to the Internet through computations, adaptation and
networking. The software at application and application-support layer monitor and
control the embedded devices, systems and machines using the actuators at the
devices.
  Prototyping is the process of creating a primilary version or model of product or
system to test and validate and design concept
 Prototyping involve:-
o Test functionality
o Gather feedback
o Visualize design
o Identify challenges
o Save time &resources
 Designing Software For IOT Application:-

Designing software for an IoT (Internet of Things) application involves several key
considerations to ensure the efficient operation and seamless integration of devices,
data, and services. Here's a structured approach to designing software for IoT
applications:

1. Identify Requirements:
 Understand the specific use case and objectives of the IoT application.
 Identify the types of devices involved, communication protocols, data formats,
and expected interactions.
 Determine performance, scalability, security, and reliability requirements.
2. Select Suitable Platforms and Technologies:
 Choose appropriate hardware platforms for sensors, actuators, gateways, and
other devices.
 Select communication protocols such as MQTT, CoAP, or HTTP based on factors
like bandwidth, latency, and reliability.
 Decide on cloud platforms, edge computing solutions, or hybrid approaches
based on data processing and storage requirements.
3. Design Data Architecture:
 Plan data collection, storage, processing, and analytics pipelines.
 Define data models and schema for efficient storage and retrieval.
 Consider data encryption, compression, and optimization techniques to minimize
bandwidth and storage requirements.
4. Develop Device Firmware:
 Write firmware for IoT devices to collect sensor data, control actuators, and
communicate with other devices and servers.
 Implement error handling, power management, and firmware update
mechanisms.
 Ensure compatibility with selected communication protocols and security
standards.
5. Implement Communication Layer:
 Develop APIs and protocols for device-to-cloud, device-to-device, and cloud-to-
cloud communication.
 Handle network connectivity issues, retries, and synchronization.
 Incorporate security measures such as authentication, authorization, and
encryption.
6. Build Backend Infrastructure:
 Set up servers, databases, and middleware components for data ingestion,
processing, and storage.
 Develop microservices or serverless functions for specific tasks like data
transformation, analytics, or notifications.
 Implement mechanisms for device management, monitoring, and
troubleshooting.
7. Design User Interfaces and Applications:
 Develop web or mobile applications for users to interact with IoT devices and
access data and insights.
 Design intuitive interfaces for device configuration, monitoring, and control.
 Ensure cross-platform compatibility and responsiveness for various devices and
screen sizes.
8. Ensure Security and Privacy:
 Employ encryption, authentication, and access control mechanisms to protect
data and devices from unauthorized access and tampering.
 Follow best practices for secure coding, infrastructure hardening, and
vulnerability management.
 Address privacy concerns related to data collection, processing, and sharing.
9. Test and Validate:
 Conduct thorough testing of the entire system, including device functionality,
communication protocols, backend services, and user interfaces.
 Perform integration testing, stress testing, and security audits to identify and
address potential issues.
 Collect feedback from stakeholders and end-users to iterate and improve the
software.
10. Deploy and Maintain:
 Deploy the software to production environments, considering scalability,
redundancy, and disaster recovery.
 Establish monitoring and alerting systems to detect and respond to performance
issues, security threats, and anomalies.
 Provide regular updates, patches, and enhancements to keep the software up-to-
date and secure over time.
 EMBEDDED PLATFORMS FOR PROTOTYPING
Designing a product needs a prototype development first. A standard source board
enables prototyping, an easy task for number of IoT and M2M devices. This is because
of the open source availabilities of IDE, middleware and software components from
number of sources and forums for the board. Several standard popular boards, modules
and supporting circuits (shields) are available from a number of sources. Following
subsections describe the features and usages of Arduino, Intel® Galileo and Edison,
Raspberry Pi, BeagleBone and mBed boards. A board uses MCU as embedding platform
for creating the IoT, M2M and wearable devices.

Prototyping embedded device software involves creating a functional prototype of the

software that will run on the embedded device. Here's a general guide on how to
approach prototyping embedded device software:

1. Define Requirements: Clearly define the requirements for your embedded device
software. Understand what the device needs to do, its constraints (memory, processing
power, energy consumption, etc.), and any external interfaces it needs to support.
2. Select Development Tools: Choose the appropriate development tools for your
project. This might include an Integrated Development Environment (IDE) tailored for
embedded systems, compilers, debuggers, and simulation tools.
3. Choose a Development Platform: Select a development platform that matches your
target embedded hardware. This might be an evaluation board provided by the
hardware manufacturer or a development kit specifically designed for prototyping
embedded software.
4. Design the Software Architecture: Create a high-level design of your software
architecture. Identify the main components, their interactions, and the overall flow of the
system. Consider factors such as modularity, scalability, and maintainability.
5. Start with Basic Functionality: Begin by implementing the basic functionality of your
embedded device software. Focus on core features and functionalities that are essential
for the device to operate.
6. Use Simulation and Emulation: If possible, use simulation or emulation tools to test
your software before running it on the actual hardware. This can help identify and fix
issues early in the development process.
7. Iterate and Refine: Iterate on your design, implementing additional features and
refining existing ones based on feedback and testing results. Make sure to regularly test
your software on the target hardware to ensure compatibility and performance.
8. Optimize for Resource Constraints: Keep in mind the resource constraints of
embedded devices, such as limited memory and processing power. Optimize your code
to minimize resource usage while still meeting the required functionality.
9. Implement Error Handling and Edge Cases: Implement robust error handling
mechanisms and consider edge cases that might arise during operation. Ensure that
your software can gracefully handle unexpected situations and recover from errors.
10. Document Your Work: Document your software design, implementation details, and
any important decisions made throughout the development process. This
documentation will be valuable for future reference and maintenance.
11. Test Thoroughly: Thoroughly test your embedded device software to ensure its
reliability, performance, and security. This includes functional testing, integration testing,
and possibly even stress testing depending on the requirements of your application.
12. Gather Feedback: Gather feedback from stakeholders and end users to identify any
areas for improvement or additional features that may be needed.

Programming Embedded Device Arduino Platform using IDE:-

Arduino board can be programmed using avr-gcc tools.6 The Arduino board has a pre-
installed bootloader embedded into the firmware.
Arduino programmer develops the codes using a graphical cross-platform IDE. Arduino
provides simplicity. IDE of Arduino board also has simplicity, is based on processing
language and makes the programming easy. The board connects to a computer which
runs the IDE. The bootloader program hand overs the control and enables running of
the loader, which loads the required OS functions and software into the system
hardware and networking capabilities into the board.
The Arduino bootloader provisions for multitasking by the usage of interrupt (analogous
to eventing) handing functions for each task. Multitasking is done by assigning multiple
values of a number n for the tasks (n > 0). When an instruction for interrupt; for
example, INT n executes, then interrupt-handing function n is called for execution. Each
task or thread can have the number n associated with it. Interrupt-handing function,
similar to a callback(n) executes on event n or similar to catch function on exception n.

Programming embedded devices using the Arduino platform is a popular choice due to
its simplicity and ease of use. Here's a step-by-step guide on how to program an
embedded device using the Arduino IDE:

1. Install the Arduino IDE: Download and install the Arduino IDE from the official website
(https://www.arduino.cc/en/software). The IDE is available for Windows, macOS, and
Linux.
2. Connect Your Arduino Board: Connect your Arduino board to your computer using a
USB cable. Ensure that the necessary drivers are installed if you're using Windows.
3. Launch the Arduino IDE: Open the Arduino IDE once it's installed on your computer.
4. Select Your Board: Go to the "Tools" menu, then select "Board" and choose the
appropriate board from the list. If you're unsure, select the board model you're using
(e.g., Arduino Uno, Arduino Nano, etc.).
5. Select the Port: Still in the "Tools" menu, navigate to "Port" and select the port to which
your Arduino board is connected. On Windows, it will usually be something like COM3,
COM4, etc. On macOS, it will typically appear as "/dev/cu.usbmodemXXXX".
6. Create a New Sketch: In the Arduino IDE, a sketch is a program. Click on "File" > "New"
to create a new sketch.
7. Write Your Code: Write your Arduino code in the sketch window. The code consists of
two main functions: setup() and loop(). The setup() function runs once when the
board starts, while the loop() function runs continuously.
8. Verify/Compile Your Sketch: Click on the checkmark icon (or go to "Sketch" >
"Verify/Compile") to verify your code. This step checks for any syntax errors in your
code.
9. Upload Your Sketch: Once your code compiles successfully, click on the right arrow
icon (or go to "Sketch" > "Upload") to upload your sketch to the Arduino board. The
Arduino IDE will compile your code again and then upload it to the board.
10. Monitor Serial Output (Optional): If your sketch includes Serial communication, you
can monitor the output using the Serial Monitor. Go to "Tools" > "Serial Monitor" to
open the Serial Monitor window.
11. Test Your Program: Once uploaded, your program will start running on the Arduino
board. Test it to ensure it behaves as expected.
12. Iterate and Refine: Make any necessary changes to your code based on testing results
or additional requirements. Repeat the process of verifying, uploading, and testing until
you're satisfied with the functionality of your program.

Reading from the Sensors and Device:-

Using ADC Analog Input
Assume a temperature sensor is used for measuring between 0 degree and 100 degree
Celsius. A sensor sends analog output at an analog input of a 10 bit ADC (Section 7.2.1).
An ADC output converts to serial by a parallel input to serial-output (PISO) converter.
The serial output connects to the serial SPI input pin at Arduino Uno board. An RH%
sensor can also be used in a similar manner where measured value is in RH% in place of
degree Celsius.
The ADC output for a sensor at 100 degrees is decimal 1023 (=binary 1111111111) and
decimal 0 (=0000000000) for 0 degree. Example 9.3 explains the usage of analog read
functions for the Arduino
 To read data from a sensor and device in an Arduino project, you'll typically follow these steps:

1. Identify the Sensor/Device: Determine the type of sensor or device you're working with
and its specifications. This will help you understand how to interface with it.

2. Prepare Hardware: Connect the sensor and device to your Arduino board according to
their specifications, ensuring proper power and data connections.
3. Install Libraries (if needed): If the sensor or device requires a specific library for
Arduino, install it using the Arduino Library Manager to simplify interfacing.
4. Include Libraries: At the start of your Arduino sketch, include the necessary libraries
using #include directives to access their functions and constants.
5. Initialize Serial Communication: Set up serial communication via Serial.begin() in
the setup() function for debugging and data transmission to the serial monitor.
6. Initialize Sensor/Device: In the setup() function, initialize the sensor or device by
configuring settings, calibration, or any required setup procedures.
7. Read Data: In the loop() function, use appropriate functions from the sensor/device
library to request and read data. This may involve sending commands or requests over
the communication protocol.
8. Check Data Availability: Verify data availability using methods provided by the
sensor/device library. Ensure data buffers are filled before attempting to read.
9. Read and Process Data: Read data from the sensor/device buffers and process it as
necessary for your application. This could include data conversion, scaling, or filtering.
10. Display or Transmit Data: Utilize the processed data as required by your project.
Display it on an LCD screen, transmit it wirelessly over Bluetooth or WiFi, or store it in
memory for later retrieval.
11. Error Handling: Implement error handling mechanisms to handle communication errors
or sensor failures gracefully. This may include timeout mechanisms, retry strategies, or
error codes.
12. Iterate and Test: Test your code thoroughly, iterating as needed to refine functionality
and ensure reliability. Check for edge cases and unexpected scenarios to make your
system robust.

DEVICES, GATEWAYS, INTERNET AND WEB/CLOUD SERVICES

SOFTWAREDEVELOPMENT
Connected devices in IoT/M2M use the CoAP and LWM2M web-communication
protocols and messaging-protocols, such as message-cache, Message Queue Telemetry
Transport (MQTT), and Extensible Messaging and Presence (XMPP). MQTT is a
publish/subscribe (Pub/Sub) protocol. The devices connect, network and communicate
over the web. They use the communication gateway, SOAP, REST, RESTful HTTP and
WebSockets. In the figure showed the connected devices, protocols and usages of the
Internet in IoT/M2M applications and services.
Five levels for software development for applications and services in the IoT or M2M.
The software needs are for the devices, local network, gateway, cloud/ web connectivity
and web/cloud APIs.

Software, such as Eclipse IoT, enable the development of software for the first, second
and third levels. The software enables the device gateways connectivity to the Internet
and cloud server. Eclipse IoT enables open source implementations of IoT protocols. The
implementable protocols include MQTT CoAP, OMA-DM and OMA LWM2M and
Internet connectivity protocols.

Use of Software Stack for an Intended Complete Solution

Now consider the software for higher levels. Each level has characteristic complexity and
fragments. The connected devices use a variety of protocols, such as LWM2M, CoAP,
MQTT, and methods for connecting to the web. Web communication uses the Gateway,
SOAP, REST, RESTful HTTP and WebSockets functions.
A stack is a full set, consisting of frameworks, applications and services that are
minimum needs for intended complete solution. Following sections describe Eclipse IoT
(www.iot.eclipse.org) stack for end-to-end IoT/M2M solutions.

End-to-End IoT Solutions with Java using Eclipse IoT Stack

 Open Services Gateway Initiative (OSGi) (now OSGi Alliance) provides and maintains
open standard specifications. OSGi describes the specification of management of Java
packages/classes in a modular system, which enables the implementation of a complete
and dynamic component model. A component means software which can reuse a core
set of frameworks and services for provisioning the solutions. The components and
applications deploy in the form of bundles and can be remotely installed, started,
stopped, updated, and uninstalled without requiring system reboot.

IOT Security and Privacy:-

 IOT privacy and security are critical consideration due to the interconnected
nature of IOT devices.
 Privacy concern arrive from the vast amount of data collected by these devices
often without user knowledge.
 Security issues such as weak authentication , lack of encryption & susceptibility to
hacking suspect.
 Ensuring privacy and security measure involve implementing strong encryption
protocol, regular software updates, authentication mechanism & user awareness
to educate individual about the risk to protect themselves.

IOT Security:-

Securing IoT (Internet of Things) devices and ecosystems is essential to protect

against potential vulnerabilities and threats. Here are key aspects to consider
for IoT security:

1. Device Authentication: Implement strong authentication mechanisms to

ensure that only authorized devices can access the IoT network. This can
include methods like device certificates, unique identifiers, or secure tokens.
2. Secure Communication: Use encrypted communication protocols (such as
TLS/SSL) to protect data transmitted between devices, gateways, and cloud
services. Encryption ensures confidentiality and integrity of data, preventing
unauthorized access and tampering.
3. Firmware Security: Regularly update device firmware to patch security
vulnerabilities and bugs. Establish a secure firmware update mechanism to
ensure that devices can receive and apply updates securely over-the-air (OTA).
4. Access Control: Enforce access control policies to restrict the actions that
devices and users can perform within the IoT ecosystem. Implement role-
 based access control (RBAC) to manage permissions based on user roles and
responsibilities.
5. Secure Configuration: Configure devices securely by changing default
passwords, disabling unnecessary services, and enabling security features like
firewalls and intrusion detection systems. Follow industry best practices and
security guidelines for device configuration.
6. Data Encryption: Encrypt sensitive data both in transit and at rest to prevent
unauthorized access. Use strong encryption algorithms (e.g., AES) to protect
data integrity and confidentiality, particularly for sensitive information like
personally identifiable information (PII).
7. Physical Security: Protect IoT devices from physical tampering and theft by
deploying them in secure environments and implementing physical security
measures such as locks, alarms, and tamper-resistant enclosures.
8. IoT Gateway Security: Secure IoT gateways that connect devices to the
network by implementing strong authentication, encryption, and access
controls. Gateways act as a bridge between devices and external networks,
making them potential targets for attacks.
9. Security Monitoring and Logging: Monitor IoT devices and network traffic
for suspicious activity and security incidents. Use logging and monitoring tools
to detect anomalies, intrusions, and unauthorized access, and respond
promptly to mitigate risks.
10.Vendor Security Practices: Evaluate the security practices of IoT device
vendors and choose reputable vendors that prioritize security in their
products. Ensure that vendors provide regular security updates and support
throughout the lifecycle of the devices.
11.Privacy Protection: Protect user privacy by minimizing the collection and
storage of personally identifiable information (PII) and implementing privacy-
enhancing technologies like data anonymization and pseudonymization.
12.Regulatory Compliance: Ensure compliance with relevant privacy and security
regulations (e.g., GDPR, CCPA) and industry standards to mitigate legal and
regulatory risks associated with IoT deployments.

By addressing these security considerations, organizations can enhance the

resilience and security of their IoT deployments, protecting against potential
threats and vulnerabilities. It's essential to adopt a proactive approach to IoT
 security, integrating security measures throughout the entire lifecycle of IoT
devices and ecosystems.

IOT Privacy:-
Ensuring privacy in IoT (Internet of Things) environments is crucial to safeguarding
sensitive data and maintaining user trust. Here are key aspects to consider for IoT
privacy:

1. Data Minimization: Collect and retain only the minimum amount of data necessary for
the intended purpose. Limit data collection to what is required for device functionality
and avoid collecting unnecessary or sensitive information.
2. Anonymization and Pseudonymization: Anonymize or pseudonymize data where
possible to protect user privacy. Replace personally identifiable information (PII) with
anonymized identifiers or pseudonyms to prevent the identification of individuals.
3. User Consent and Control: Obtain informed consent from users before collecting,
processing, or sharing their data. Provide users with clear and transparent information
about data collection practices and allow them to exercise control over their data
through consent mechanisms.
4. Data Encryption: Encrypt sensitive data both in transit and at rest to prevent
unauthorized access. Use strong encryption algorithms and secure communication
protocols to protect data confidentiality and integrity.
5. Privacy by Design: Incorporate privacy considerations into the design and development
of IoT systems from the outset. Follow principles of Privacy by Design (PbD) to
proactively address privacy risks and embed privacy-enhancing features into IoT
architectures.
6. Secure Data Storage and Processing: Implement secure data storage and processing
practices to protect data from unauthorized access or disclosure. Store data in
encrypted formats and employ secure access controls to restrict access to authorized
users only.
7. Data Lifecycle Management: Establish clear policies and procedures for managing the
lifecycle of IoT data, including data collection, retention, and deletion. Regularly review
and purge unnecessary data to minimize privacy risks and compliance with data
protection regulations.
8. Transparency and Accountability: Be transparent about data processing practices and
accountable for how data is used within the IoT ecosystem. Provide users with visibility
into data collection activities and mechanisms for exercising their privacy rights.
9. Third-party Data Sharing: Exercise caution when sharing IoT data with third parties and
ensure that appropriate safeguards are in place to protect user privacy. Implement data
sharing agreements and conduct privacy assessments of third-party partners to mitigate
privacy risks.
10. IoT Device Privacy Settings: Provide users with privacy settings and controls to
customize their preferences for data collection and sharing. Allow users to opt-out of
certain data collection activities or adjust privacy settings according to their preferences.
11. Security and Privacy Training: Educate stakeholders, including device manufacturers,
developers, and end-users, about the importance of privacy in IoT environments.
Provide training on privacy best practices, security measures, and compliance
requirements to raise awareness and promote privacy-conscious behavior.
12. Regulatory Compliance: Ensure compliance with relevant privacy regulations and
standards, such as the General Data Protection Regulation (GDPR) or the California
Consumer Privacy Act (CCPA). Understand the legal requirements for data protection
and privacy in IoT deployments and take steps to comply with applicable laws and
regulations.

Vulnerabilities:-
The Internet of Things (IoT) introduces a wide range of vulnerabilities due to the
interconnected nature of devices, the diversity of communication protocols, and the
often limited resources of IoT devices. Here are some common vulnerabilities in IoT:

1. Insecure Communication: IoT devices may transmit data over unencrypted channels or
use weak encryption methods, making them susceptible to eavesdropping, data
interception, and man-in-the-middle attacks.
2. Weak Authentication: Many IoT devices use default or easily guessable credentials,
making them vulnerable to brute force attacks and unauthorized access. Weak
authentication mechanisms can allow attackers to gain control of devices and
compromise the entire IoT network.
3. Lack of Secure Updates: IoT devices often lack mechanisms for secure firmware
updates, leaving them vulnerable to known vulnerabilities that remain unpatched.
Without the ability to update firmware securely, devices may remain vulnerable to
exploits for extended periods.
4. Insecure Web Interfaces: Web interfaces used for device management and
configuration may have security weaknesses such as cross-site scripting (XSS), cross-site
request forgery (CSRF), or injection vulnerabilities. Attackers can exploit these
vulnerabilities to gain unauthorized access to devices or manipulate their settings.
5. Insufficient Encryption: IoT devices may store sensitive data locally or transmit it over
the network without adequate encryption. Weak encryption or the lack of encryption
can expose sensitive information to unauthorized access or tampering.
6. Physical Tampering: Physical access to IoT devices can pose a significant security risk.
Attackers may physically tamper with devices to extract sensitive information, modify
device behavior, or compromise their integrity.
7. Denial of Service (DoS) Attacks: IoT devices may be susceptible to DoS attacks, where
attackers overwhelm them with excessive traffic or requests, causing them to become
unresponsive or malfunction. DoS attacks can disrupt IoT services and affect the
availability of devices.
8. Privacy Concerns: Many IoT devices collect and transmit personal or sensitive data,
raising privacy concerns. Inadequate data protection measures can expose this data to
unauthorized access, leading to privacy breaches and violations of user privacy rights.
9. Supply Chain Vulnerabilities: IoT devices often rely on components and software from
third-party vendors, introducing supply chain vulnerabilities. Compromised or
counterfeit components can introduce backdoors, malware, or other security
vulnerabilities into IoT devices.
10. Network Vulnerabilities: IoT devices may be connected to insecure or poorly
configured networks, increasing the risk of network-based attacks. Vulnerabilities in
network infrastructure, such as insecure Wi-Fi routers or unpatched servers, can also
expose IoT devices to additional risks.
11. Resource Constraints: IoT devices typically have limited computational resources,
making it challenging to implement robust security measures. Constraints such as
limited memory, processing power, and energy consumption may lead to security
vulnerabilities and design trade-offs.
12. Lack of Security Awareness: Users and manufacturers may lack awareness of IoT
security best practices and the importance of securing IoT devices. Without proper
education and training, users may inadvertently expose devices to security risks or fail to
implement necessary security measures.

Addressing these vulnerabilities requires a holistic approach that involves secure design
practices, regular security assessments, timely software updates, and ongoing
monitoring and mitigation efforts. It's essential for IoT stakeholders, including
manufacturers, developers, and end-users, to collaborate and prioritize security
throughout the entire IoT ecosystem.

Security Requirement Threat Analysis:-

Security requirements and threat analysis are critical components of ensuring the
security of IoT (Internet of Things) systems. Here's a framework for conducting security
requirement threat analysis in IoT:

1. Identify Assets: Identify the assets within the IoT ecosystem, including devices,
networks, data, and services. Understand the value and criticality of each asset to
prioritize security efforts.
2. Define Security Requirements: Define security requirements based on the identified
assets, potential threats, and regulatory compliance requirements. Security requirements
 should address confidentiality, integrity, availability, authentication, authorization, and
non-repudiation.
3. Threat Modeling: Conduct a threat modeling exercise to identify potential threats and
vulnerabilities that could impact the security of the IoT system. Consider threats such as
unauthorized access, data breaches, denial of service (DoS) attacks, physical tampering,
and insider threats.
4. Risk Assessment: Assess the likelihood and potential impact of each identified threat
on the IoT system. Use risk assessment methodologies such as risk matrices or
qualitative/quantitative risk analysis to prioritize threats based on their severity and
likelihood.
5. Security Controls: Identify and implement security controls to mitigate identified
threats and vulnerabilities. Security controls may include encryption, access control
mechanisms, secure authentication, network segmentation, intrusion detection systems,
and security monitoring.
6. Secure Design Principles: Apply secure design principles throughout the development
lifecycle of IoT systems. Consider principles such as least privilege, defense-in-depth,
fail-safe defaults, secure by default, and separation of concerns to build resilience
against security threats.
7. Secure Development Practices: Adopt secure development practices to minimize the
introduction of vulnerabilities during the development of IoT devices and applications.
Conduct secure code reviews, static and dynamic code analysis, and vulnerability
assessments to identify and remediate security issues.
8. Secure Configuration Management: Implement secure configuration management
practices to ensure that IoT devices and systems are configured securely. This includes
changing default passwords, disabling unnecessary services, and applying security
patches and updates regularly.
9. Continuous Monitoring: Establish continuous monitoring mechanisms to detect and
respond to security incidents in real-time. Monitor IoT devices, networks, and
applications for suspicious activity, anomalies, and security events, and implement
incident response procedures to mitigate risks.
10. Security Awareness Training: Provide security awareness training to IoT stakeholders,
including developers, administrators, and end-users. Educate stakeholders about
security best practices, common threats, and their roles and responsibilities in
maintaining the security of IoT systems.
11. Compliance and Auditing: Ensure compliance with relevant security standards,
regulations, and industry guidelines applicable to IoT deployments. Conduct periodic
security audits and assessments to verify compliance with security requirements and
identify areas for improvement.
12. Security Governance: Establish a security governance framework to oversee and
manage security activities within the IoT ecosystem. Define roles, responsibilities,
policies, and procedures for managing security risks effectively and ensuring
accountability across the organization.

By following this framework for security requirement threat analysis in IoT, organizations
can identify and mitigate security risks effectively, thereby enhancing the security
posture of IoT systems and protecting against potential threats and vulnerabilities.

IOT SECURITY TOMOGRAPHY AND LAYERED ATTACKER

MODEL
Security Tomography:-

Computational tomography means a computing method of producing a three-dimensional

picture of the internal structures of an object, by observation and recording of the
differences in effects on passage of energy waves impinging on those structures.

Computational security in complex set of networks utilises the network tomography

procedures of identifying the network vulnerabilities. This enables design of efficient
attack strategies.

A complex set of networks may be distributed or collaborative. Network tomography

refers to the study of vulnerabilities and security aspects for network monitoring in a
 complex system, such as WSNs, RFIDs or IoT networks and allocating resources and
ensuring network reliability and security.

"IoT security tomography" isn't a widely recognized term in the field of IoT security.
However, if we interpret it as a metaphorical concept, it could refer to gaining a
comprehensive understanding of the security posture of an IoT ecosystem through
thorough analysis and examination, similar to the way medical tomography (such as CT
scans) provides detailed images of the human body.

In the context of IoT security, achieving a holistic view of the security landscape involves
various aspects, including:

1. Device Security: Assessing the security of individual IoT devices, including their
hardware, firmware, and software. This includes evaluating authentication mechanisms,
encryption protocols, update mechanisms, and physical security features.
2. Network Security: Analyzing the security of the network infrastructure supporting IoT
devices, including wireless protocols, routers, gateways, and cloud services. This
involves assessing network segmentation, access control policies, encryption methods,
and intrusion detection systems.
3. Data Security: Ensuring the confidentiality, integrity, and availability of data generated
and transmitted by IoT devices. This includes implementing encryption, access control,
data anonymization, and data lifecycle management practices to protect sensitive
information.
4. Application Security: Evaluating the security of IoT applications and platforms used to
manage and interact with IoT devices. This involves assessing authentication
mechanisms, API security, session management, and input validation to prevent common
web application vulnerabilities.
5. Physical Security: Addressing physical security concerns related to IoT devices, such as
tamper resistance, anti-tampering mechanisms, and protection against theft or
unauthorized access to devices.
6. Regulatory Compliance: Ensuring compliance with relevant privacy regulations,
industry standards, and best practices governing IoT security. This includes adhering to
standards like ISO/IEC 27001, NIST Cybersecurity Framework, GDPR, CCPA, and
others applicable to IoT deployments.
7. Threat Intelligence: Leveraging threat intelligence sources to identify and mitigate
emerging threats targeting IoT devices and networks. This involves monitoring threat
actors, vulnerabilities, and attack vectors relevant to IoT ecosystems and proactively
implementing countermeasures.
8. Incident Response Preparedness: Developing incident response plans and procedures to
effectively detect, respond to, and recover from security incidents in IoT environments.
 This includes establishing incident detection mechanisms, escalation procedures,
and communication protocols.
9. Security Awareness and Training: Educating stakeholders, including device
manufacturers, developers, administrators, and end-users, about IoT security risks and
best practices. This involves providing security awareness training, conducting security
drills, and fostering a culture of security awareness within organizations.
10. Continuous Improvement: Implementing a continuous improvement process to
regularly review and enhance the security posture of IoT systems. This includes
conducting security audits, penetration testing, vulnerability assessments, and applying
lessons learned from security incidents.

IOT Security Layered Attacker Model:-

Following are the suggested solutions for mitigating the attacks on the layers (OSI
modified six layers IoT Architecture).

Layer 1 Attacks Solution

 Solution depends on the devices used. For example, link-level provisioning of security
uses—BT LE link level AES-CCM 128 authenticated encryption algorithm for
confidentiality and authentication, and ZigBee at link-level security using AES-CCM-128

Layer 2 Attacks Solution

Programming the network switches to prevent internal node attacks during use of
DHCP or Spanning Tree Protocol (STP). Additional controls may include ARP inspection,
disabling unused ports and enforcing effective security on VLAN’s (Virtual LAN) to
prevent VLAN hopping. VLAN refers to a group of end stations with a common set of
requirements, independent of a physical location.14 VLANs have the same attributes as
a physical LAN but allow you to group end stations even if they are not located
physically on the same LAN segment.

LWM2M OMA specification for device gateway to the Internet has provisions for MAS
for security, root key data store, and devices and data authentication.

Layer 3 Attacks Solution

Use of temper resistant router, use of packet filtering and controlling routing messages
and packets data between layers 3 and 4 through a firewall reduces the risks.

Layer 4 Attacks Solution

Port scanning method is a solution which identifies the vulnerable port. A solution is the
opening of network ports and configuring effectively the firewall, and locking down
ports only to those required. A solution is DTLS between layers 5 and 4. The DTLS has
provisions for three types of security services, viz. integrity, authentication and
confidentiality. A solution is include SASL (Simple Authentication and Security Layer) for
security when using the XMPP protocol.

Layers 5 and 6 Attacks Solution

Above layer 4, we are looking primarily at application-level attacks which are results of
poor coding practices. Assume an attacker injects the SQL input to extract data from the
database (e.g. SELECT * from USERS). When the application fails to validate the
injection, the query extracts the data.

Web applications/services can use HTTPS communication link. The features of S-HTTP
(Secure HTTP) are as follows:
● Application-level security (HTTP specific)

● Content privacy domain header

● Allows use of digital signatures and encryption, various encryption options

● Server-client negotiations

● Cryptographic scheme is a property assigned for the link

● Specific algorithm is the value assigned

● Direction specification is done, one-way or two-way security

CISCO suggested layered framework provisions for following solutions:
● Layers 1–6: Role-based security
● Layers 1–4 Anti-temper and detection-based security
● Layers 1–6: Data protection and confidentiality
● Layers 1–6: IP protection