Abstract
IoT devices are slowly evolving as an inseparable part of our lives. These internet-connected appliances perform one operation and are specialize in doing so. Before communicating with these devices, establishing a secured key is necessary to prevent unauthorized access. The plug-and-play model for electronic devices is familiar to the users. These IoT devices fall into the same realm. The plug-pair-play (P3) model follows the same principle so that the user does not feel the added burden when operating with IoT devices. The P3 model avoids the use of preset credentials or known secrets. The model helps generate a shared key dynamically between each pair of devices and users before communication happens over the public internet. We also demonstrate how the key could help perform the device firmware update. Resource limitations are a concern when implementing cryptographic solutions. In this chapter, we tried to enforce a zero-trust pattern. Every request and response gets authenticated before operating. The framework described in this chapter sets the path to end-to-end secured communication for IoT devices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
T. Adame, A. Bel, B. Bellalta, Increasing LPWAN scalability by means of concurrent multiband iot technologies: an industry 4.0 use case. IEEE Access 7, 46990–47010 (2019)
M.A. Al-Garadi, A. Mohamed, A.K. Al-Ali, X. Du, I. Ali, M. Guizani, A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun. Surv. Tutor. 22(3), 1646–1685 (2020)
H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L.F. Cranor, Y. Agarwal, Your location has been shared 5398 times! a field study on mobile app privacy nudging, in CHI ’15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (ACM, New York, 2015), pp. 787–796 https://doi.org/10.1145/2702123.2702210
K. Ashton, That “internet of things” thing: In the real world things matter more than ideas. RFID J. 22, 97–114 (2009)
N. Asokan, T. Nyman, N. Rattanavipanon, A.-R. Sadeghi, G. Tsudik, Assured: architecture for secure software update of realistic embedded devices. IEEE Trans. Comput. Aided Design Integr. Circuits Syst. 37(11), 2290–2300 (2018)
E. Bertino, N. Islam, Botnets and internet of things security. Computer 50(2), 76–79 (2017) https://doi.org/10.1109/MC.2017.62
S. Bhattacharjya, H. Saiedian, Establishing and validating secured keys for IoT devices: using p3 connection model on a cloud-based architecture. Int. J. Inf. Secur. 21, 1–10 (2021). https://doi.org/10.1007/s10207-021-00562-7
S. Bhattarai, Y. Wang, End-to-end trust and security for internet of things applications. Computer 51(4), 20–27 (2018)
B. Bryant, H. Saiedian, Improving SIEM alert metadata aggregation with a novel kill-chain based classification model. Comput. Secur. 94, 101817 (2020)
B. Bryant, H. Saiedian, An evaluation of videogame network architecture, performance, and security. Comput. Netw. 192, 108128 (2021)
Canonical Ltd. Who should bear the cost of IoT security: consumers or vendors? (2017). https://tinyurl.com/bdbwze24
Congress.gov. H.R.1668 - 116th Congress (2019–2020): IoT Cybersecurity Improvement Act of 2020, December 4, 2020. https://www.congress.gov/bill/116th-congress/house-bill/1668
S. Cotton, W. Scanlon, Characterization and modeling of the indoor radio channel at 868 MHz for a mobile bodyworn wireless personal area network. IEEE Antennas Wirel. Propag. Lett. 6, 51–55 (2007)
B. Cyr, J. Mahmod, U. Guin, Low-cost and secure firmware obfuscation method for protecting electronic systems from cloning. IEEE Int. Things J. 6(2), 3700–3711 (2019)
M. Fomichev, M. Maass, L. Almon, A. Molina, M. Hollick, Perils of zero-interaction security in the internet of things. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 3(1), 1–38 (2019)
M. Gao, Q. Wang, M.T. Arafin, Y. Lyu, G. Qu, Approximate computing for low power and security in the internet of things. IEEE Comput. 50(6), 27–34 (2017)
V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, B. Sikdar, A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access 7, 82721–82743 (2019). https://doi.org/10.1109/ACCESS.2019.2924045
C. Horan, H. Saiedian, Cyber crime investigation: landscape, challenges, and future research directions. J. Cybersecur. Privacy 1(4), 580–596 (2021)
F. Hussain, R. Hussain, S. Hassan, E. Hossain, Machine learning in IoT security: current solutions and future challenges. IEEE Commun. Surv. Tutor. 22(3), 1686–1721 (2020). https://doi.org/10.1109/COMST.2020.2986444
C. Huth, J. Zibuschka, P. Duplys, T. Guneysu, Securing systems on the internet of things via physical properties of devices and communications, in 2015 Annual IEEE Systems Conference (SysCon) Proceedings (2015), pp. 8–13. https://doi.org/10.1109/SYSCON.2015.7116721
W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, Y.A. Bangash, An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE Int. Things J. 7(10), 10250–10276 (2020). https://doi.org/10.1109/JIOT.2020.2997651
N. Karie, N. Sahri, W. Yang, C. Valli, V. Kebande, A review of security standards and frameworks for IoT-based smart environments. IEEE Access 9, 121975–121995 (2021)
K. Karmakar, V. Varadharajan, S. Nepal, U. Tupakula, SDN-enabled secure IoT architecture. IEEE Int. Things J. 8(8), 6549–6564 (2021). https://doi.org/10.1109/JIOT.2020.3043740
D. Kreutz, F. Ramos, P. Verissimo, C.E. Rothenberg, S. Azodolmolky, S. Uhlig, Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015). https://doi.org/10.1109/JPROC.2014.2371999
R. Mahmoud, T. Yousuf, F. Aloul, I. Zualkernan, Internet of things (IoT) security: Current status, challenges and prospective measures, in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST) (2015), pp. 336–341. https://doi.org/10.1109/ICITST.2015.7412116
P. Middleton, A. Velosa, F. Biscotti, Forecast analysis: enterprise IoT platforms, worldwide (2020). gartner.com/en/documents/3983783/forecast-analysis-enterprise-iot-platforms- worldwide
N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, N. Ghani, Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Commun. Surv. Tutor. 21(3), 2702–2733 (2019). https://doi.org/10.1109/COMST.2019.2910750
J. Nieminen, C. Gomez, M. Isomaki, T. Savolainen, B. Patil, Z. Shelby, M. Xi, J. Oller, Networking solutions for connecting Bluetooth low energy enabled machines to the internet of things. IEEE Netw. 28(6), 83–90 (2014)
N. Pazos, M. Muller, M. Aeberli, N. Ouerhani, ConnectOpen - automatic integration of IoT devices, in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT) (2015), pp. 640–644
E. Ronen, A. Shamir, Extended functionality attacks on IoT devices: The case of smart lights, in 2016 IEEE European Symposium on Security and Privacy (EuroS&P) (2016), pp. 3–12
N. Sakimura, M. Jones, J. Bradley, JSON Web Token (JWT) (2015). https://datatracker.ietf.org/doc/html/rfc7519
S.K. Sharma, X. Wang, Toward massive machine type communications in ultra-dense cellular IoT networks: current issues and machine learning-assisted solutions. IEEE Commun. Surv. Tutor. 22(1), 426–471 (2020)
S. Swamy, D. Jadhav, N. Kulkarni, Security threats in the application layer in IoT applications, in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (2017), pp. 477–480. https://doi.org/10.1109/I-SMAC.2017.8058395
K. Zandberg, K. Schleiser, F. Acosta, H. Tschofenig, E. Baccelli, Secure firmware updates for constrained iot devices using open standards: a reality check. IEEE Access 7, 71907–71920 (2019). https://doi.org/10.1109/ACCESS.2019.2919760
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Bhattacharjya, S., Saiedian, H. (2023). End-to-End Security for IoT Communications: A Practical Implementation. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-031-09640-2_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-09639-6
Online ISBN: 978-3-031-09640-2
eBook Packages: Computer ScienceComputer Science (R0)