Security of Internet of Things Protocol Stacks
MetadataVis full innførsel
Internet of Things has become one of the big buzzwords in the IT market in recent years, and it is predicted to continue its rapid growth in the coming years. In order to talk about the Internet of Things, this thesis presents an introduction to Internet of Things, what it is, how it surrounds us, and why it is so important to provide security to Internet of Things devices. A 4-layered protocol stack is proposed to work towards a common development framework for Internet of Things. Due to the limitations in power, bandwidth and processing power of devices, many of the established technologies and solutions we have today is simply not compatible with the requirementsbrought along by the Internet of Things. Wearables, smart homes and the Industrial Internet of Things are just some examples of what Internet of Things is being used for, and together with the use of previous research findings, it is shown how the different use-case areas bring different security requirements to developers.Standards such as ZigBee, Thread, Z-Wave, Bluetooth Low Energy, and WirelessHART aresome examples of established standards trying to win out in the marketplace. Often, these standards serve specific use-case areas, and thus, a new standard is proposed. IP-Smart is based on open and well-known protocols and is intended to cover several use-case areas. Comparison of the different standards shows that the application layer is sometimes left open for developers (Thread, BLE, IP-Smart) to carry out, how weaknesses is found in standards proposing their own cryptographic algorithms (ZigBee, Z-Wave, andWirelessHART), howThread, IP-Smart and (if properly configured) BLE fulfills security off wearables, how standards require proper implementations to fulfill smart home requirements, and WirelessHART being the only standard which fulfills the additional performance requirements found in the Industrial Internet of Things. While many of the standards offer satisfactory security properties, the actual implementationis sometimes left to the developers to ensure secure products. An investigation intothe two application layer protocols MQTT and CoAP indicates how CoAP with its use of DTLS provides a reasonable option to MQTT if extra reliability in lossy networks is of importance for the developers.