Security of Internet of Things Protocol Stacks

Andersen, Øystein Løvdal

Andersen, Øystein Løvdal

Master thesis

View/Open

15703_FULLTEXT.pdf (1.958Mb)

15703_COVER.pdf (1.556Mb)

URI

http://hdl.handle.net/11250/2404705

Date

2016

Metadata

Show full item record

Collections

Institutt for informasjonssikkerhet og kommunikasjonsteknologi [1949]

Abstract

Internet of Things has become one of the big buzzwords in the IT market in recent years, and it is predicted to continue its rapid growth in the coming years. In order to talk about the Internet of Things, this thesis presents an introduction to Internet of Things, what it is, how it surrounds us, and why it is so important to provide security to Internet of Things devices. A 4-layered protocol stack is proposed to work towards a common development framework for Internet of Things. Due to the limitations in power, bandwidth and processing power of devices, many of the established technologies and solutions we have today is simply not compatible with the requirements

brought along by the Internet of Things. Wearables, smart homes and the Industrial Internet of Things are just some examples of what Internet of Things is being used for, and together with the use of previous research findings, it is shown how the different use-case areas bring different security requirements to developers.

Standards such as ZigBee, Thread, Z-Wave, Bluetooth Low Energy, and WirelessHART are

some examples of established standards trying to win out in the marketplace. Often, these standards serve specific use-case areas, and thus, a new standard is proposed. IP-Smart is based on open and well-known protocols and is intended to cover several use-case areas. Comparison of the different standards shows that the application layer is sometimes left open for developers (Thread, BLE, IP-Smart) to carry out, how weaknesses is found in standards proposing their own cryptographic algorithms (ZigBee, Z-Wave, andWirelessHART), howThread, IP-Smart and (if properly configured) BLE fulfills security off wearables, how standards require proper implementations to fulfill smart home requirements, and WirelessHART being the only standard which fulfills the additional performance requirements found in the Industrial Internet of Things. While many of the standards offer satisfactory security properties, the actual implementation

is sometimes left to the developers to ensure secure products. An investigation into

the two application layer protocols MQTT and CoAP indicates how CoAP with its use of DTLS provides a reasonable option to MQTT if extra reliability in lossy networks is of importance for the developers.

Publisher

NTNU