1. My T. Thai mythai@cise.ufl.edu http://www.cise.ufl.edu/~mythai
Internet of things
My T. Thai

2. Outline What is Internet of Things? Overview of IoT architecture
IoT components
Challenges in next generation IoT evolution
Roadmap

3. Internet of Things Network of connected devices – simply put
Different synonyms
Network of things
Smarter planet
Industrial internet
Cyber-physical systems
Only 1% of things are
connected – refrigerator, car, washing machine, heater, a/c, garage door …
Projection is 50 billion devices by 2020
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing
World is becoming even smaller and closer!

4. Some nitty-gritties
The term “Internet of Things” was added in Oxford Dictionary in August 2013 defined as
A proposed development of the internet in which everyday objects have network connectivity, allowing them to send and receive data
National Intelligence Council (NIC) listed IoT in the six technologies with potential impact on US interests in next 10 years
“Shodan”, World’s first search
engine that finds connected
‘things’

5. IoT
IoT enables the embedded devices communicate with other devices through network infrastructure (e.g. internet, wi-fi, Bluetooth)
Innumerous smart sensors and actuators help devices capture data and transfer them to central decision maker
Applications based on this technology will play an ever increasing role and are supposed to change both, industry and social life dramatically in the close future
Fundamental aspects of IoT design comes with:
Functional correctness
Robustness
Safety
Efficiency
Security and privacy
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

6. History of IoT The term IoT was first coined by Kevin Ashton in 1999
The concept of IoT first became
popular in the Auto-ID center,
MIT
Major industrial initiative is
now being undertaken by large
corporations where the
Machine to machine (M2M)
name is more commonly used
Ref: RFiD journal, “That 'internet of things' thing”, kevin Ashton 2009
Ref: Auto-ID labs, MIT
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

7. IoT today
More than 7 billions, exceeding the
earth's population

8. Some Statistics and Forecast
Pew research center: “by 2025 the
internet will become like electricity –
less visible, yet more deeply embedded
in people’s lives”
50 billion connected devices by 2020
More than 6 connected devices per
Person
$1.7 trillion in value added to the global
economy in 2019
By 2020 IoT will be more than double the size of the smartphone, PC, tablet, connected car, and the wearable market combined.
Technologies and services generated global revenues of $4.8 trillion in 2012 and will reach $8.9 trillion by 2020, growing at a compound annual rate (CAGR) of 7.9%.
Ref: Pew research, “How will the internet of things look by 2025”,
Ref: “Gartner Identifies Top 10 Strategic Technologies,”
Connected devices grow up
Convergence of communication technology and information technology with power system engineering, assisted by an array of new approaches,
technologies and applications, allows the existing grid to traverse the complex yet staged trajectory of architecture, protocols, and standards towards the smart grid.

9. IoT architecture Three major components for designing any IoT system
Application devices: Hardware architecture,
smart sensors, cloud computing, energy
efficient devices
Networks: Communication technology,
advanced internet protocol, wireless technology, RFID technology
Security and privacy: Authentication procedure, secure device discovery, secure inter-device communication
In this course, we will mostly focus on the communication aspect as well as security and privacy issues of IoT.
Ref: NTNU IoT lab, “Application development in IoT systems”,
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

10. IoT System Architecture
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

11. IoT components: Network
Network communication encompasses following elements
IPv6 protocol
Wireless Network (Wi-Fi, Bluetooth, Wimax, Cellular, Ad hoc, sensor )
Wired Network
RFID network
We will focus on wireless cellular network and its impact on 5G communication
Sensor Network Coverage and efficiency
Device-2-device communication underlaying cellular network
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

12. Network coverage Contiguous network coverage is of prime importance
Network connectivity is becoming more crucial given the constant stream of data/content generation from connected devices
Sensors placement is thus critical!
How can the sensors be scheduled with power/energy efficiency
Maximize coverage with limited number of sensors
Small number of movements as sensors are battery dependent
Guarantee solution quality
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

13. D2D’s impact on IoT
5G cellular systems will be a strong boost for the IoT deployment.
Device-to-Device (D2D): a key communication paradigm to support heterogeneous objects interconnection and to guarantee important benefits through proximity services.
We will focus on
current standardization
activities for D2D
communications
and their impact on
improving the
heterogeneous network
performance
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

14. D2D’s converged with IoT
Exponential growth of smart devices communicating over wireless medium are increasing, on the other hand the licensed spectrum band is limited
Next generation IoT devices will fight for spectrum which will result in performance constraint if novel communication paradigms are not discovered.
Practical implementation:
Qualcomm developed Flashlinq: a mobile communication system called for 3GPP-LTE
FlashLinq allows cellular devices automatically and continuously discovering thousands of other FlashLinq enabled devices within 1 kilometer and communicating peer-to-peer, at broadband speeds and without the need of intermediary infrastructures.
Wi-Fi direct/D2D are also being a hot research topic recently
Ref: Wu et. al. “FlashLinQ: A Synchronous Distributed Scheduler for Peer-to-Peer Ad Hoc Networks”, IEEE ToN’13
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

15. IoT requirements supported by 5G
Energy efficiency
Achieving high energy efficiency in communications is crucial to IoT devices, typically relying on small batteries
Scalability
Massive machine-type communication in dynamic crowded IoT scenario demands scalable solution
Resiliency
In addition to increased network coverage requirement, IoT devices must operate in unexpected lack of infrastructure
Seamless integration of different types of heterogeneous devices should account for plethora of low-power devices
Group communication
data provided by a single object may not be reliable or useful enough to support specific applications and the desired Quality-of-Service
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

16. IoT requirements (contd)
Cloud-based IoT service environment
Dynamic execution environment support for complex IoT applications requires on-demand processing and storage resources provided by Cloud data centers. Big data analysis is also part of this process for future prediction and cognitive decision making
Support to Multimedia IoT
Smart IoT framework requires support for sustained multimedia services
Integrated monitoring systems of smart homes
Advanced multimedia surveillance of smart cities
Real-time sensor data acquisition
Ref: S. A. Alvi, B. Afzal, G. A. Shah, L. Atzori and W. Mahmood, "Internet of multimedia things: Vision and challenges," Ad Hoc Networks, 2015.
Popularity of OSNs makes many people integrate OSNs into their daily lives
OSNs is a great platform for information sharing and facilitate information sharing

17. D2D features enabling IoT
High data rate/low latency
Low energy consumption
Data aggregation
Coverage extension
Multicast communication
Multi modal communication
Resource management/spectrum
efficiency
Support for radio access
technology (RAT)
High cellular system capacity

18. IoT components: Security and privacy
“The Internet of Things (IoT) is the interconnection of uniquely identifiable embedded computing devices within the existing Internet infrastructure. Typically, IoT is expected to offer advanced connectivity of devices, systems, and services that goes beyond machine-to-machine communications (M2M) and covers a variety of protocols, domains, and applications. Things, in the IoT, can refer to a wide variety of devices such as heart monitoring implants, biochip transponders on farm animals, automobiles with built-in sensors, or field operation devices that assist fire-fighters in search and rescue.” Wikipedia 4
IoT network resilience to cyber attacks
Privacy
Influencing human behavior
We are already nodes of a global network

19. Risks Intrusion on privacy DDoS Attack Hacking7
Intrusion on privacy
DDoS Attack
Hacking
Threat actors adopt even more sophisticated Technique

20. How to exploit a IoT device?
IoT is dramatically enlarging existing attack surface
DDoS attacks
Botnets and malware based attacks
Weakening perimeters (Objects not designed to be internet-connected)
Data Breaches
Inadvertent breaches

21. Individuals as data generators
Wearable devices collect a huge amount of personal data as well as surrounding environment information.
Significant impact on privacy rights of these technologies will require a careful review.
Great concern for Health-related sensitive data (i.e. Medical devices and fitness apps).
Confidential information and easily
disclose it to third parties.
A Threat for enterprise perimeter.

22. Internet of Things: Top 10 risk criteria
1. Insecure Web Interface
2. Insufficient Authentication/Authorization
3. Insecure Network Services
4. Lack of Transport Encryption
5. Privacy Concerns
6. Insecure Cloud Interface
7. Insecure Mobile Interface
8. Insufficient Security Configurability
9. Insecure Software/Firmware
10. Poor Physical Security

23. Botnets are already a major threats …
A ThingBot is a botnet consisting of devices within the Internet of things.
Vulnerable or infected appliances that are connected to the Internet can potentially pose a risk to corporate networks (Kaspersky).
Number of attacks against Routers, SmartTV, network-attached storage devices, gaming consoles and various types of set-top boxes is increasing.
Many set-top boxes runs on embedded linux or apache operating systems of ARM-like microcomputers.

24. Principal abuses of IoT devices
Computational capabilities, increasing capabilities of microcomputers and Internet connection makes IoT devices a privileged attack tool for hackers.
IoT devices could be used to:
Send Spam.
Coordinate an attack against a critical infrastructure.
Serve a malware.
Work as entry point within a corporate network.

25. Under attack A Linux worm designed to target IoT devices
In November 2013 Symantec detected the worm Linux.Darlloz exploiting the PHP vulnerability CVE to propagate itself.
The Linux.Darlloz infected Home internet kits with x86 chips (i.e.routers) and were discovered variant for ARM, PPC, MIPS and MIPSEL architectures.
The worm:
generates random IP addresses and attempts to use commonly used credentials to log into the target machine.
It sends HTTP POST requests specifically crafted, once compromised the target it downloads the worm from a C&C server and starts searching for other targets.
Once the worm has compromised a device, it kills off access to any Telnet services running.
Change default settings, adopt strong password, keep updated the software and firmware.

26. Under attack One of the first cases observed14
One of the first cases observed
Proofpoint discovered more Than 750,000 Phishing and SPAM s Launched From “Thingbots” thing Bots could be used in an attack against a critical infrastructure from anywhere in the globe
Cyber criminals sent in bursts of 100,000, three times per day, targeting Enterprises and individuals worldwide
More than 100,000 Refrigerators, Smart TVs and other smart household appliances have been hacked.
No more than 10 s were initiated from any single IP address.

27. Under attack Spike botnet runs DDoS from IoT devices15
Spike botnet runs DDoS from IoT devices
Akamai spotted a Spike malware which is used to run DDoS attacks through desktops and IoT devices.
Spike toolkit is able to to generate an ARM-based payload
The spike botnet was composed by routers, smart thermostats, smart dryers, freezers, Raspberry Pi and other IoT devices.
Spike botnet composed by 12, ,000 devices (sept 2014).
One of the attack clocked 215 Gbps and 150 million packets per second (Mpps).
SNORT signature analysis suggested to mitigate application-layer GET flood attacks.

28. Under attack Hacking smart watch16
Hacking smart watch
Data sent between the Smart watch and an Android
mobile phone could be intercepted.
An attacker that could be able to decode users' data, including text messages to Google Hangout chats and Facebook conversations.
Bluetooth communication between most Smart watches and Android devices relies on a six digits PIN.
Easy to crack with a brute-force attack.
Mitigate the attack with NFC pairing procedure in pin code exchange or the use of passphrases.
PoC with Samsung Gear Live smart watch and Google Nexus 4
Hacking wearable devices

29. Under attack Hacking Smart meters
Smart meters can be hacked to hit the National power network
In Spain, millions of Smart meters, are susceptible to cyber attack due to lack of proper security controls. (researchers, Javier Vazquez Vidal and Alberto Garcia Illera).
8 million smart meters are deployed in Spain (30 percent of households).
Attackers could cause a blackout or conduct fraudulent activities (i.e. billing frauds).
Poorly protected credentials stored in the smart meters.
Attackers could modify device unique ID to impersonate other customer or use the smart meter for launching attacks against the power network.

30. Under attack The Bashbug (Shellshock) Bug18
The Bashbug (Shellshock) Bug
Bash Bug (CVE ) is a critical flaw in the widely used Unix Bash shell disclosed on 24 September Many IoT devices have Linux embedded and could not be easily patched.
Many Internet-facing services use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands.
Attackers could gain unauthorized access to a computer system and execute
arbitrary code remotely.
The impact is incredibly high because there are a lot of embedded devices that use CGI scripts (i.e. home appliances and wireless access points). It's easy to exploit.
With the number of Internet-facing devices vulnerable to this, it would be very easy for an attacker to turn this into a worm

31. Cyber Threats and Security Challenges
Under attack 19
Securing the IoT world
Demand of connectivity for the Internet of Things (IoT) exploding.
The global network must be able to securely and efficiently handle all these connections.
Lack of standardization in the IoT market.
Every single connection could make networks vulnerable.
Every connected device has a network address. Internet Protocol (IPv6) extends the addressing space
DNS will play an even more central role with the diffusion of M2M connections.
Organizations will need to improve security and prevent DDoS and cache poisoning
attacks.

32. Cyber Threats and Security Challenges20
RFC 7123 – Security Implications of IPv6 on IPv4 Networks
Security exposure in enterprise networks resulting from unplanned use of IPv6 on such networks.
Native IPv6 support and/or IPv6 transition/coexistence technologies could be
leveraged by local or remote attackers for a number of (illegitimate) purposes.
Attack/incident scenarios include:
A Network Intrusion Detection System (NIDS) might be prepared to detect attack patterns for IPv4 traffic, but might be unable to detect the same attack patterns when a transition/coexistence technology is leveraged for that purpose.
An IPv4 firewall might enforce a specific security policy in IPv4, but might be unable to enforce the same policy in IPv6
Some transition/coexistence mechanisms could cause an internal host with otherwise limited IPv4 connectivity to become globally reachable over IPv6, therefore resulting in increased (and possibly unexpected) host exposure
IPv6 support could, either inadvertently or as a result of a deliberate attack, result in Virtual Private Network (VPN) traffic leaks if IPv6-unaware VPN software is employed by dual-stacked hosts.
Source security-implications-of-ipv6-on-ipv4-networks/

33. Cyber Threats and Security Challenges21
IoT and PKI
IoT devices communicate among themselves with little human interaction, mutual authentication is a crucial aspect of the paradigm.
Prevent leakage of personal information and harmful actuating tasks by means of peer authentication and secure data transmission.
Recent attacks like the “smart” light bulb password leaks, hacks of Foscam baby monitors, Belkin home automation systems, and hacks of smart cars systems are just the beginning.
PKI-based solutions could help to secure exchanging information across the Internet and mutual authenticate the actors.
PKI is already being used to address problems similar to the ones the Internet.

34. Privacy Issues Mapping Top 10 Privacy Risks on the IoT paradigm22
Mapping Top 10 Privacy Risks on the IoT paradigm
P1 Web Application Vulnerabilities
P2 Operator-sided Data Leakage
P3 Insufficient Data Breach Response
P4 Insufficient Deletion of personal data
P5 Non-transparent Policies, Terms and Conditions
P6 Collection of data not required for the primary purpose
P7 Sharing of data with third party
P8 Outdated personal data
P9 Missing or Insufficient Session Expiration
P10 Insecure Data Transfer

35. Privacy Issues Mapping Top 10 Privacy Risks on the IoT paradigm23
Mapping Top 10 Privacy Risks on the IoT paradigm
The company managing the App used through the wearable technology will be subject to the privacy law of the country where the device/user is located even in the case of non-European entities and it will not be sufficient to merely ask for a privacy consent.
Countries like Italy that require a written privacy consent for the processing of sensitive data and allow the data processing only within the limits of a so called “general authorization” issued by the Data Protection Authority
Biometric data includes any data obtained from physical or behavioral features of a person. The Italian Data Protection Authority issued in relation to biometric data very stringent requirements as to the modalities of collection, the security measures to be implemented for their storage and the maximum term of storage.

36. Privacy Issues Loss of privacy Amplification of surface of attack.24
Loss of privacy
Amplification of surface of attack.
Unforeseen spill-over effects (i.e. Network congestions, power blackout).
Social changes, such as growing new professionals or amplifying the digital divide.
Loss of ability to maintain understanding and control.
Developing of new capability of Pre-crime forecasting.

37. Evolution Today, Tomorrow25
Today, Tomorrow
The IoT is propelled by an exceptional convergence of trends (mobile phone ubiquity, open hardware, big data, the resurrection of AI, cloud computing, 3D printing and crowd funding). [Techcrunch]
We’re rapidly evolving toward a world where just about everything will be connected.
Privacy and security must be addressed.
Growing Business opportunity for startup and big companies.
Number of cyber attacks will rapidly increase.
IoT devices are a privileged target as highlighted recently by the Europol, the European agency citing a December 2013 report by US security firm IID, warned of the first murder via “hacked internet-connected device” by the end of 2014.”

38. Future direction Major challenges to overcome:
Big data explosion
Countless components
Security and privacy
Advanced internet protocol
Power efficiency
A great deal of industry and academic collaboration
Google’s ongoing IoT projects
Google glass: wearable computer
Waze: Intelligent GPS navigation
Nest: Smart thermostat
Open automotive alliance (OAA): Android OS for automobiles

39. 25