Internet of Things: a Survey on the Security of Iot Frameworks Mahmoud Ammar1, Giovanni Russello2, and Bruno Crispo1
Total Page:16
File Type:pdf, Size:1020Kb
1 Internet of Things: A survey on the Security of IoT Frameworks Mahmoud Ammar1, Giovanni Russello2, and Bruno Crispo1 1Department of Computer Science, KU Leuven University, Heverlee, 3001, Belgium E-mail: ffi[email protected] 2Department of Computer Science, University of Auckland, Private Bag 92019, Auckland 1142, New Zealand E-mail: [email protected] Abstract—The Internet of Things (IoT) is heavily affecting our Very recently, several IoT frameworks have been launched daily lives in many domains, ranging from tiny wearable devices by the major shareholders in the IoT domain and by the to large industrial systems. Consequently, a wide variety of IoT research community in order to support and make it easy to applications have been developed and deployed using different IoT frameworks. An IoT framework is a set of guiding rules, develop, deploy and maintain IoT applications. Each player protocols, and standards which simplify the implementation built his approach depending on his vision towards the IoT of IoT applications. The success of these applications mainly world [1]. In this survey, we compare the properties of a depends on the ecosystem characteristics of the IoT framework, subset of IoT frameworks, targeting in particular their security with the emphasis on the security mechanisms employed in it, features. The selected set of IoT platforms1 includes: AWS IoT where issues related to security and privacy are pivotal. In this Amazon ARM Bed ARM Azure paper, we survey the security of the main IoT frameworks, a total from , from and other partners, of 8 frameworks are considered. For each framework, we clarify IoT Suite from Microsoft, Brillo/Weave from Google, Calvin the proposed architecture, the essentials of developing third- from Ericsson, HomeKit from Apple, Kura from Eclipse, and party smart apps, the compatible hardware, and the security SmartThings from Samsung. features. Comparing security architectures shows that the same standards used for securing communications, whereas different We selected the above frameworks based on the following methodologies followed for providing other security properties. criteria: (i) the reputation of the vendors in the software and electronics industries, (ii) the support of rapid application development and the number of applications on the store, (iii) Index Terms—Internet of Things, IoT, framework, platform, security. the coverage and usage of the framework, and it’s popularity in the IoT market. The objectives of this survey are manifold: I. INTRODUCTION • Giving a picture of the current state of the art IoT The Internet of Things (IoT) plays a remarkable role in all platforms and identifying the trends of current designs aspects of our daily lives. It covers many fields including of such platforms. healthcare, automobiles, entertainments, industrial appliances, • Providing a high level comparison between the different sports, homes, etc. The pervasiveness of IoT eases some architectures of the various frameworks. everyday activities, enriches the way people interact with • Focusing on the models designed and approaches devel- the environment and surroundings, and augments our social oped for ensuring security and privacy in these frame- interactions with other people and objects. This holistic vi- works. sion, however, raises also some concerns, like which level of • Illustrating the pros and cons of each framework in terms security the IoT could provide? and how it offers and protects of fulfilling the security requirements and meeting the the privacy of its users? standard guidelines. Developing applications for the IoT could be a challenging • Exploring the design flaws and opening the door for more task due to several reasons; (i) the high complexity of dis- in depth security analysis against potential threats. tributed computing, (ii) the lack of general guidelines or frame- The remainder of this paper is structured as follows: Section II works that handle low level communication and simplify high describes the general concept of the IoT framework. Related level implementation, (iii) multiple programming languages, works are presented in Section III. Section IV is the backbone and (iv) various communication protocols. It involves devel- of this paper which provides a horizontal overview of the opers to manage the infrastructure and handle both software various IoT frameworks and focuses on the related security and hardware layers along with preserving all functional and features. A discussion is provided in Section V. Finally, non-functional software requirements. This complexity has led Section VI concludes this study. to a quick evolution in terms of introducing IoT programming frameworks that handle the aforementioned challenges. 1In this paper, the terms Framework and Platform are used interchangeably. 2 II. BACKGROUND The very rapid growth of Internet-connected devices, ranging from very simple sensors to highly complex cloud servers, shapes the Internet of Things, where Things, in this con- text, refers to a wide variety of objects (e.g. smart bulbs, public Cloud smart locks, IP cameras, thermostats, electronic appliances, alarm clocks, vending machines, and more). The resemblance IoT devices between all IoT objects is the ability to connect to the Internet and exchange data. The network connectivity feature allows controlling objects remotely across the existing network infrastructure, resulting in more integration with the real world and less human intervention. The IoT transforms these objects GSM Tower from being classical to smart by exploiting its underlying technologies such as pervasive computing, communication User capabilities, Internet protocols, and applications. Protocols are Gateway required in order to identify the spoken language of the IoT devices in terms of the format of exchanged messages, and select the correct boundaries that comply with the various functionality of each device. Applications determine levels of granularity and specialty of the IoT device and how big are Fig. 1: A high level system model of IoT the data generated for analytics purposes. They also indicate Telemetry Transport (MQTT) [10], Extensible Messaging and the general scope of the IoT framework covering the context Presence Protocol (XMPP) [11], Advanced Messaging Queu- of the applied domain. ing Protocol (AMQP) [12], and Data Distribution Service (DDS) [13]. The concept of IoT framework entails identifying a structure which coordinates and controls processes being conducted by The system model, presented in Figure 1, helps to gain a the various IoT elements. This structure is a set of rules, better insight into the real meaning of IoT, and understand protocols and regulations that organize the way of processing the importance of having a framework, in which, hiding the data and exchange messages between all involved parties (e.g. complexity and bringing simplicity to application development embedded devices, cloud, end-users). Also, it should support are axial. The IoT framework should handle the life cycle the high level implementation of IoT applications and hide of sensing, computing, delivering, and presenting data. De- the complexity of infrastructure protocols. There are several pending on their capabilities, some IoT devices can reach approaches that can be followed to build an IoT framework de- the outside world (e.g. the cloud) directly and some others pending on the requirements of the target business [2]. must connect to a hub or a gateway in order to connect to the external world. For the IoT frameworks considered in In this survey, we are targeting IoT frameworks based on this survey, the cloud is the backbone, which offers databases the public cloud approach, as they are the most commonly for storing data, services for data analytics, security modules used and widely available in the IoT market. The main for preserving confidentiality and supports privacy, and other building blocks of any cloud-based IoT framework are the services. Customers use their smart phones, tablets, or laptops physical objects and the protocols. Physical objects include: to interact with other IoT devices indirectly through either a (i) smart devices such as sensors, actuators, etc., (ii) servers cloud backend or a gateway. act as a cloud-backend or hubs/gateways for routing, storing, and accessing various pieces of data, and (iii) end-users In spite of targeting the same objective, different approaches represented by the applications they use to access data and have been designed and followed by vendors in order to build interact with IoT devices. Protocols run on different layers their IoT frameworks. In particular, the following questions and provide end-to-end communication. To the best of our arise regarding the design details of such frameworks: knowledge, there is no a standard IoT architecture yet. For simplicity, we are considering the basic one which is a • How each IoT framework handles the communication 3-layer architecture [3] composed of Application, Network, processes between IoT devices and cloud? Between cloud and Perception layers. The Perception layer belongs to the and end-users? What are the protocols and techniques physical devices that identify and sense analog data and then used? digitize it for transportation purposes. Infrastructure protocols • What are the hardware and software dependencies in each such as ZigBee [4], Z-Wave [5], Bluetooth Low Energy framework? (BLE) [6], WiFi, and LTE-A [7] run in the Network layer. • To which