Unit – III

IoT Protocols and Security

Issues with IoT Standardization: Unified Data Standards
Protocols, IEEE802.15.4, BACNet Protocol, Modbus, KNX,
Zigbee, Network layer, Security.
 Issues with IoT Standardization

• It should be noted that not everything about standardization is

positive
• Standardization is like a double-edged sword:
• Critical to market development
• But it may threaten innovation and inhibit change when standards are accepted
by the market
• Standardization and innovation are like yin & yang
• They could be contradictory to each other in some cases, even though
this observation is debatable
 Issues with IoT Standardization

• Different consortia, forums and alliances have been doing

standardization in their own limited scope
• For example, 3GPP covers only cellular wireless networks while
EPCglobal’s middleware covers only RFID events
• Even within same segment, there are more than one
consortium or forum doing standardization without enough
communication with each other some are even competing
with each other
 Unified Data Standards

• Many Standardization efforts have been trying to define a unified data

representation and protocol for IoT
• Before The IoT, the internet was actually an Internet of documents or
of multimedia documents.
• HTML/HTTP combination of data format and exchange protocol is the
foundation pillar of WWW
• Described great number of data standards and protocols proposed
for four pillar domains of IoT
• Many issues still impede the development of IoT and especially WoT
vision
Unified Data Standards

Evolution of web
Unified Data Standards
Unified Data Standards
• Do we need a new HTML/HTTP-like standard for
MTC and WoT?
• If there is no need to reinvent the wheel, what
extensions do we need to build on top of
HTML/HTTP or HTML5?
• Browser is intended for humans, so do we need new
browser for machines to make sense of ocean of
machine-generated data?
• If not, what extensions do we need to make to the
existing browsers?
Unified Data Standards
• Today, most new protocols are built on top of XML.
For OS there must be XML-based data format
standards or a metadata standard to represent the
machine-generated data (MGD). Is it possible to
define such a metadata standard that covers
everything?
Unified Data Standards
• There are many different levels of protocols
• But the ones that most directly relate to business
and social issues are the ones closest to the top
so-called application protocols such as
HTML/HTTP for the web
• Web has always been visual medium, but restricted
• Until recently, HTML developers were limited to CSS
& JavaScript in order to produce animations or they
would have to rely on a plug-in like Flash
 Protocols – IEEE 802.15.4

• LR-WPAN - Low-Rate Wireless Personal Area Network

• It is IEEE 802.15.4 standard.
• Generally, It is operated at a 2.4 GHz ISM band. available in Europe and
915 MHz available in US}
• IEEE 802.15.4 is used for low-power wireless connectivity solutions like
ZigBee, 6LOWPAN, and many more.
• It is operated at a low data rate with good performance of battery life.
• It is operated with lower distance communication
• IEEE 802.15.4 defines the characteristics of the physical layer and MAC.
Protocols – IEEE 802.15.4

• Physical Layer (PHY) provides data

transmission service & interface to
physical layer management entity
with operate at 2.4 GHz,256kbps.
• MAC enables transmission of MAC
frames through the use of the
physical channel (CSMA/CD)
 Protocols – IEEE 802.15.4

• Media Access Control (MAC) is done by CSMA/CA Multiple Access

Collision Avoidance).
• MAC defines medium access and flow control mechanisms.
• The physical layer defines operational frequency, transmission power,
and modulation schemes.
• IEEE 802.15.4 utilizes a Direct Sequence Spread Spectrum (DSSS) coding
scheme to transmit information.
• DSSS uses OQPSK at 2.4GHz with 250kbps data rate
 Zigbee Protocols
➢ It is developed by Zigbee alliance & IEEE jointly. ZigBee is competitor of 6LOWPAN
➢ Zigbee Protocol which provides communication for wireless PAN of resource constrained
devices.
➢ It just reside on top of the PHY & MAC Sub layers. ZigBee uses IEEE 802.15.4 at MAC and
Physical Layer.
➢ ZigBee aims to provide the upper layers of the protocol stack (from network to the
application layer).
➢ ZigBee, with its sleepy, battery-powered end devices, is a perfect fit for wireless sensors.
➢ This communication system is less expensive and simpler than other WPANs such Bluetooth
and Wi-Fi.
➢ ZigBee operates at short range around 10m to 20m and using mesh networking range can
be extended up to 500m. ZigBee operate at 2.4GHz unlicenced ISM band. Maximum speed
is 250 kbps.
Zigbee Protocols Stack

➢ Divided into three sections:

▪ IEEE 802.15.4 which consists of MAC and
physical layers.
▪ ZigBee layers, which consitst of the
network layer, the ZigBee device
object(ZDO), the application sublayer,
and security managment
▪ Manufacturer application:
Manufacturers of ZigBee devices can use
the ZigBee Application profile or
develop their own application profile.
 Zigbee Protocols Stack
➢ ZigBee Protocol Layers:
▪ ZigBee network layer provides the functionality of the OSI network layer, adding the missing mesh
routing protocol IEEE 802.15.4 ,which consists of MAC and physical layers.
▪ It also encapsulates the network formation preimitives of the 802.15.4 MAC layer (network forming
and Joining)
▪ The rest of the ZigBee protocol layers do not follow the OSI model.
➢ Application Support Sublayer (APS) Layers:
▪ Multiplexing /Demultiplexing: It forwards the network layer message to the appropriate application
is allocated an endpoint ID)
▪ It also encapsulates the network formation primitives of the 802.15.4 MAC layer (network forming
and Joining)
▪ Binding: Maintains local binding table i.e. records remote nodes & endpoints which have registered
to receive messages from local endpoints.
▪ 64-bit IEEE to 16 –bit ZigBee network node address mapping.
▪ Management of end-to-end acknowledgements , fragmentation, Group addressing, Security.
 Zigbee Protocols Stack
➢ ZigBee Device Object (ZDO) Layer:
▪ Specific application running on endpoint 0
▪ Designed to manage the state of the ZigBee Node
▪ ZDO application implements the interfaces defined by ZigBee device profile (ZDP)
▪ These primitives encapsulate the 802.15.4 network formation primitives of the ZigBee network
layer as well as additional primitives supporting the concept of binding.
➢ ZIgBee Cluster Library (ZCL):
▪ Late addition to ZigBee, Specified in a separate document
▪ Consist in a library of interface specifications that can be used in public and private application
profiles
▪ One important addition of the ZCL is the group cluster, which provides the network interface for
Group formation and management .
 Zigbee Protocols Stack
➢ Application Framework Layer:
▪ Provides The API environment of ZigBee application developers
▪ Specific of each ZigBee stack
▪ Each application is assigned an Endpoint ID
ZigBee Topology
➢ ZigBee supports different
network topologies like:
▪ STAR
▪ Peer to Peer (Mesh)
▪ Cluster Tree
➢ ZigBee can be specified as
three different devices:
▪ ZigBee Coordinator
▪ ZigBee Router ( Full
Function Device )
▪ ZigBee End Device (Reduced
Function Device)
 ZigBee Topology
ZigBee Coordinator
▪ In ZigBee Network, it has one coordinator node, that can store information.
▪ This Node can control a complete network, that can communicate with an external network.
▪ ZCs and ZRs require high power, so it can not be battery-powered.

ZigBee Router (Full Function Device)

▪ In ZigBee Network, it can route the data with interconnected nodes.
▪ It needs less memory than ZCs.
▪ It can also act as a coordinator in the network.

ZigBee End Device (Reduced Function Device)

▪ In ZigBee Network, it is the least expensive node with minimum
▪ It has a minimum power requirement, so it can operate with the
▪ It can only communicate with connected ZR or ZC.
▪ It can communicate periodically for effective battery utilization
 ZigBee Advantages & Disadvantages

Advantages
▪ Easy to install and implement.
▪ It has low cost, low power, and long battery life.
▪ It supports many nodes (around 6500).
▪ It is more reliable and self – healing.

Disadvantages
▪ It has a low data rate. (250kbps MAX)
▪ It is not as secure as Wi-Fi and Bluetooth.
▪ It requires additional devices ZCs and ZRs, which increases
the cost.
▪ It lacks internet protocol support.
▪ ZigBee Networks are incompatible with other networks.
 What is BACnet?

• “Building Automation Control Network”, is a data communication protocol

for building automation and control networks.
• BACnet is both an international (ISO) and ANSI standard for interoperability
between cooperating building automation devices.
BACnet History
• Originally developed in 1987 under the auspices of the American Society
of Heating Refrigerating and Airconditioning Engineers (ASHRAE),
• BACnet has been an ANSI standard since 1995 and an ISO standard since
2003. BACnet is a registered trademark of ASHRAE.
 Why is BACnet Protocol required?

• The BACnet protocol’s importance is to define typical techniques that

manufacturers can execute to build components as well as systems that are
interoperable through other components & systems of BACnet.
• BACnet protocol is used in all types of automated building systems. So,
there are interoperable products available within different categories
• Designed to allow communication of building automation & control
system for application like
• Heating, Ventilating and Air-conditioning Control (HVAC)
• Lighting Control, Access Control
• Fire Detection Systems and their Associated Equipment
 BACnet Protocol Architecture

• The BACnet protocol architecture is predominately restricted to lighting

controls, HVAC & gateways. This protocol highlights lightweight and
efficient communication which is optimized for short messages, small
networks, and inter-networks.
 BACnet Protocol Architecture

BACnet Physical Layer

• The upper layers of BACnet do not depend on the physical layer. So the Physical layer of BACnet
makes it feasible for BACnet to be executed on different networks. The physical layers of BACnet
have been specified with ARCNET, Ethernet, IP tunnels, BACnet/IP, RS-232, RS485, and
Lonworks/LonTalk. RS232 is for point-to-point communication. RS485 supports up to 32 nodes
with a distance of 1200 m at 76Kbps.
BACnet Protocol Link Layer
• BACnet protocol is implemented directly with LonTalk or IEEE802.2 link layers. So it specifies
Point to Point (PTP) data link layer for RS232 connections. It specifies MS/TP data link layer
intended for RS-485 connections. The standard simply specifies BVLL (BACnet Virtual Link Layer)
which states all the services required through the BACnet device at this link layer.
 BACnet Protocol Architecture
BACnet Network Layer
• BACnet network includes a minimum of one or above segments that are connected with
bridges once they utilize similar LAN technologies. If they utilize various LAN protocols, then
they are connected through routers.
Application Layer
• BACnet does not separate presentation as well as application layers. So, it takes care of
reliability & sequencing or segmentation mechanisms generally connected with both the
session & transport layers.
BACnet Security Layer
• BACnet device-A requests a session key from the key server for establishing secure
communication through device-B, then this key is transmitted to both the device-A & device-
B through the key server which is known as ‘SKab’. BACnet protocol uses 56-bit DES
encryption.
 BACnet Advantages

• BACnet protocol is particularly designed for building automation as well as

control networks.
• It doesn’t depend on present LAN or WAN technologies.
• It is an American National Standard & a European pre-standard.
• It is scalable completely from small single building applications to universal
networks of devices.
• The implementers of BACnet can securely include non-standard extensions
as well as enhancements without influencing existing interoperability.
• It is adopted by the most famous fire protection companies in both the USA
& Europe.
 BACnet Disadvantages

• The main drawback of the BACnet protocol was a compliant problem. So

because of this issue, the BTL (BACnet Testing Laboratories) was introduced
in the year 2000.
• BTL is compliance & and independent testing organization. The main
intention of this is to test the products of BACnet to verify compliance with
the standard. Once approved; the product will get the logo of BTL.
• The problems or net-worthy attacks which are widely found in this protocol
are; Lack of spoofing & authentication, DoS attacks, immobilized network
connections, and lack of encryption & write access over devices.
 BACNet Protocol
• ARCNET,
• Ethernet,
• BACnet/IP,
• BACnet/IPv6,
• Point-To-Point over RS-232,
• Master-Slave/Token-Passing over RS-485,
• ZigBee
• LonTalk
 Modbus

• Serial communications protocol originally published by Modicon (now

Schneider Electric) in 1979
• Commonly available for connecting industrial electronic devices
• Reasons for use of Modbus in industrial environment:
• Developed with industrial applications in mind
• Openly published and royalty-free
• Easy to deploy and maintain
• Enables communication among many devices connected to the
same network
Modbus
 Modbus Object Types
Object type Access Size
Coil Read-write 1 bit
Discrete input Read-only 1 bit
Input register Read-only 16 bits
Holding register Read-write 16 bits

• Coil are a type of data in the Modbus protocol that represents binary states, such
as ON/OFF or TRUE/FALSE. They can be read and written to by a Modbus
master.
• Discrete inputs are similar to coils in that they represent binary states.
However, unlike coils, they can only be read, not written to.
• Holding registers: Can be read and written to by a Modbus master.
• Input registers: Can only be read by a master.
Types of Modbus Communication Protocol
Types of Modbus Communication Protocol
Properties of Modbus ASCII and Modbus RTU
 Types of Modbus Communication Protocol

Modbus serial protocol (the original version) is a master/slave protocol, e.g. one master
that controls the Modbus data transactions with multiple slaves that respond to the
master’s requests to read from or write data to the slaves.

Modbus Serial Architecture

 Types of Modbus Communication Protocol

Modbus serial protocol (the original version) is a master/slave protocol, e.g. one master
that controls the Modbus data transactions with multiple slaves that respond to the
master’s requests to read from or write data to the slaves.

Modbus TCP/IP Architecture

 Protocol Versions
• Modbus RTU
• Modbus ASCII
• Modbus TCP/IP or Modbus TCP
• Modbus over TCP/IP or Modbus over TCP or
Modbus RTU/IP
• Modbus over UDP
• Modbus Plus (Modbus+, MB+ or MBP)
• Pemex Modbus
• Enron Modbus
 KNX Protocol
• Standardized (EN 50090, ISO/IEC 14543), OSI-based
network communications protocol for automation
• Defines several physical communication media:
• Twisted pair wiring (inherited from the BatiBUS and EIB
Instabus standards)
• Powerline networking (inherited from EIB and EHS -
similar to that used by X10)
• Radio (KNX-RF)
• Infrared
• Ethernet (also known as EIBnet/IP or KNXnet/IP)

20 March 2018 Unit 4 - IoT Protocols and Security

 KNX System Components
• All the devices for a KNX installation are connected
together by a two wire bus to exchange data
• Sensors
• Actuators
• System devices and components

20 March 2018 Unit 4 - IoT Protocols and Security

KNX TP Telegram
 IOT Security
• Fundamental idea - IoT will connect all objects
around us to provide smooth communication
• Economic of scale in IoT presents new security
challenges for global devices in terms of
– Authentication
– Addressing
– Embedded Security

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 3
(Nashik)
 IOT Security
• Devices like RFID and sensor nodes have no
access control functionality
• Can freely obtain or exchange information
from each other
• So authentication & authorization scheme
must be established between these devices to
achieve the security goals for IoT
• Privacy of things and security of data is one of
the key challenges in the IoT
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 4
(Nashik)
 Vulnerabilities of IoT

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 5
(Nashik)
 Vulnerabilities of IoT
• Unauthorized Access
– One of the main threats is the tampering of
resources by unauthorized access
– Identity-based verification should be done before
granting the access rights
• Information corruption
– Device credential must be protected from tampering
– Secure design of access rights, credential and
exchange is required to avoid corruption
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 6
(Nashik)
 Vulnerabilities of IoT
• Theft of Resources
– Access of shared resources over insecure channel
causes theft of resources
– Results into man-in-the-middle attack
• Information Disclosure
– Data is stored at different places in different forms
– Distributed data must be protected from disclosure
– Context-aware access control must be enforced to
regulate access to system resources

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 7
(Nashik)
 Vulnerabilities of IoT
• DoS Attack
– Denial of Service (DoS)
– Makes an attempt to prevent authentic user from
accessing services which they are eligible for
– For example, unauthorized user sends to many
requests to server
– That flood the network and deny other authentic
users from access to the network

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 8
(Nashik)
 Vulnerabilities of IoT
• DDoS Attack
– Distributed Denial of Service
– Type of DoS attack where multiple compromised
systems are used to target single system causing DoS
– Compromised systems – usually infected with Trojan
– Victims of a DDoS attack consist of both
• End targeted systems
• All systems maliciously used and controlled by the hacker
in the distributed attack

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 9
(Nashik)
 Vulnerabilities of IoT
• CyberBunker Launches “World’s Largest”
DDoS Attack
• Slows down the Entire Internet
• CyberBunker - Dutch web hosting company
• Caused global disruption of the web
• Slowing down internet speeds for millions of
users across the world, according to BBC
report
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 10
(Nashik)
 Vulnerabilities of IoT
• Few real examples of attacks that hit the IoT:
– Carna Botnet – 4,20,000 ‘things,’ such as routers,
modems, printers were compromised
– TRENDnet’s connected cameras were hacked, with
feeds from those cameras published online
– Linux.Darlloz - PoC IoT worm found in the wild by
Symantec, 1,00,000 compromised systems
including connected things such as TVs, routers
and even a fridge

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 11
(Nashik)
 Security Requirements
Access
Flexibilit Control
y& Authenti
Adaptabi cation
lity

Data
Scalabilit
Confiden
y
tiality
Security
Requireme
nts
Tamper
Availabili
Resistan
ce ty

Trust
Secure
Manage
Storage Secure ment
Software
Executio
n
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 12
(Nashik)
 Security Requirements
• Access Control
– Provides authorized access to network resources
– IoT is ad-hoc, and dynamic in nature
– Efficient & robust mechanism of secure access to
resources must be deployed with distributed nature
• Authentication
– Identity establishment b/w communicating devices
– Due to diversity of devices & end users, an attack
resistant and lightweight solution for authentication
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 13
(Nashik)
 Security Requirements
• Data Confidentiality
– Protecting data from unauthorized disclosure
– Secure, lightweight, and efficient key exchange
mechanism is required
• Availability
– Ensuring no denial of authorized access to
network resources

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 14
(Nashik)
 Security Requirements
• Trust Management
– Decision rules needs to be evolved for trust
management in IoT
• Secure Software Execution
– Secure, managed-code, runtime environment
designed to protect against different applications
• Secure Storage
– Involves confidentiality and integrity of sensitive
information stored in the system
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 15
(Nashik)
 Security Requirements
• Tamper Resistance
– Desire to maintain security requirements even
when device falls into hands of malicious parties
– Can be physically or logically probed
• Scalability
– IoT consist of various types of devices with
different capabilities from intelligent sensors and
actuators, to home appliances
– Communication (wire or wireless) & protocols
(Bluetooth, ZigBee, RFID, Wi-Fi, etc.)
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 16
(Nashik)
 Security Requirements
• Flexibility and Adaptability
– IoT will consist of mobile communication devices
– Can roam around freely from one type of
environment to others
– With different type of risks and security threats
– So users are likely to have different privacy profile
depending on environment

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 17
(Nashik)
 Security Architecture for IoT

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 18
(Nashik)
 Threat Modeling
• Presented by first defining misuse case
• Means negative scenario describing the ways
the system should not work
• And then standard use case
• Assets to be protected in IoT will vary with
respect to every scenario case

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 19
(Nashik)
 Threat Analysis
• Assets needs to be identified to drive threat
analysis process
• Smart home is localized in space, provide
services in a household
• Devices in Smart Home are combined with n/w
• Provide means for entertainment, monitoring
of appliances, controlling of house components
and other services
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 20
(Nashik)
 Use Cases and Misuse Cases
• Actor in use case and misuse case in the
scenario of smart home includes:
– Infrastructure owner (smart home)
– IoT entity (smartphone device or software agent)
– Attacker (misuser)
– Intruder (exploiter)

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 21
(Nashik)
 Use Cases and Misuse Cases
• Access rights granted to unauthorized entity
• Corruption of access credentials
• Unauthorized data transmission
• Denial of service (DoS) attack
• Man-in-the-middle attack

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 22
(Nashik)
 IoT Security Tomography
• Classified according to attacks addressing to
different layers
– Transport Layer
– Network Layer
– MAC layer
– RF layer

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 23
(Nashik)
 IoT Security Tomography

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 24
(Nashik)
 Key Elements of Security
• Authentication
• Access Control
• Data and Message Security
• Prevention from denial of taking part in a
transaction

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 25
(Nashik)
 Identity Establishment
• Secure Entity Identification or Authentication
• Authentication is identity establishment
between communicating devices or entities
• Entity can be a single user, a set of users, an
entire organization or some networking device
• Identity establishment is ensuring that origin
of electronic document & message is correctly
identified
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 26
(Nashik)
 Access Control
• Also known as access authorization
• Principles is to determine who should be able
to access what
• Prevents unauthorized use of resources
• To achieve access control, entity which trying
to gain access must be authenticated first
• According to authentication, access rights can
be modified to the individual
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 27
(Nashik)
 Data and Message Security
• Related with source authenticity, modification
detection and confidentiality of data
• Combination of modification & confidentiality
of message is not enough for data integrity
• But origin of authenticity is also important
• Location privacy is equally important risk in IoT
• Should not be any way for attacker to reveal
identity or location information of device
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 28
(Nashik)
 Non-repudiation and Availability
• Non-repudiation is the security services for
point-to-point communications
• Process by which an entity is prevented from
denying a transmitted message
• So when message is sent, receiver can prove
that initiating sender only sent that message
• Sender can prove that receiver got message
• To repudiate means to deny
Parag Achaliya, SNJB's CoE, Chandwad
March 16, 2018 29
(Nashik)
 Non-repudiation and Availability
• Availability is ensured by maintaining all h/w,
repairing immediately whenever require
• Also prevents bottleneck occurrence by
keeping emergence backup power systems
• And guarding against malicious actions like
Denial of Service (DoS) attack

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 30
(Nashik)
 Security Model for IoT

Parag Achaliya, SNJB's CoE, Chandwad

March 16, 2018 31
(Nashik)