With the exponential increase in the use of the internet of things (IoT), it is estimated that by 2025, the universe of IoT will have 75.44 billion connected devices.
IoT has certainly opened up many possibilities, but it comes with risks pertaining to security and privacy. It allows hackers to take control of poorly secured devices easily and attack the whole network. This is especially true of the healthcare domain where insulin pumps and heart rate monitors are connected to IoT and breaches can lead to fatalities.
It is crucial to get a better understanding of the security of the internet of things.
What are the Top 5 IoT Security Protocols?
MQTT is one of the most common security protocols used in internet of things security. It was invented by Dr Andy Stanford-Clark and Arlen Nipper in 1999. MQTT stands for Message Queuing Telemetry Transport and is a client-server communicating messaging transport protocol. The MQTT runs over TCP/IP or over other conventions that provide requested, lossless, two-way associations.
Features of MQTT
- It’s a simple and extremely lightweight protocol with easy and fast data transmission.
- MQTT is designed for constrained devices as well as low-bandwidth, unreliable or high-latency networks.
- Minimum use of data packets ensures less network usage.
- Optimal power consumption saves the battery of the connected devices, making it perfect for mobile phones and wearables where battery consumption needs to be minimal.
- It’s based on the messaging technique and so, is extremely fast and reliable.
- It’s ideal for IoT applications.
How does MQTT secure internet of things applications?
Security in MQTT is divided into multiple layers: network, transport, and application levels. Each layer prevents a specific type of attack. As MQTT is a lightweight protocol, it specifies only a few security mechanisms. MQTT implementations commonly use other security standards like SSL/TLS for transport encryption, VPN at network level for a physically secure network, and use of username/password. A client identifier to authenticate devices on the application level is passed with data packets.
CoAP (Constraint Application Protocol) is a web transfer protocol designed for constrained devices (like microcontrollers) and the constrained network called low power or lossy networks. It is also one of the most popular protocols to secure internet of things applications.
Features of CoAP
- Similar to HTTP, CoAP is based on the REST model. Clients access the resources made available by servers under URLs using methods like GET, PUT, POST, and DELETE.
- CoAP is designed to work on microcontrollers, which makes it perfect for the internet of things as it requires millions of inexpensive nodes.
- CoAP uses minimal resources, both on the device and on the network. Instead of a complex transport stack, it gets by with UDP on IP.
- CoAP is one of the most secure protocols as its default choice of DTLS parameters is equivalent to 3072-bit RSA keys.
How does CoAP secure internet of things applications?
CoAP uses UDP (User Datagram Model) to transport information and therefore relies on UDP security aspects to protect the information. CoAP uses Datagram TLS over UDP.
CoAP has been designed to have a simple and user-friendly interface with HTTP for integration with the Web and supports functions such as multicast support and low overhead issues, thus contributing to security in the internet of things.
The DTLS (Datagram transport layer security) is an internet of things security protocol designed to protect data communication between data-gram-based applications. It is based on TLS (transport layer security) protocol and provides the same level of security.
Objective of DTLS
The main objective of DTLS is to make slight adjustments to TLS to solve issues like reordering and data loss. The semantics of the underlying transport layer remain unchanged using the DTLS protocol. Therefore, no delays occur due to associated stream protocols; however, the application needs to deal with loss of datagram, packet reordering, and data larger than the size of a datagram network packet.
Features of DTLS
- DTLS uses a retransmission timer to solve the issue of packet loss. If the timer terminates before the client receives the confirmation message from the server, then the client retransmits the data.
- The issue of reordering is solved by giving each message a specific sequence number. This helps in determining if the next message received is in sequence or not. If it is out of sequence, it is put in a queue and handled when the sequence number is reached.
- DTLS is unreliable and does not guarantee the delivery of data, even for payload information.
Uses of DTLS
DTLS is used in applications such as live video feeds, video streaming, gaming, VoIP, and instant messaging where loss of data is comparatively less important than latency.
6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks) is a protocol for low-power networks like IoT systems and wireless sensor networks.
Features of 6LoWPAN
- 6LoWPAN is used to carry data packets in the form of IPv6 over various networks.
- Provides end-to-end IPv6 and hence provides direct connectivity to a wide variety of networks including direct connectivity to the Internet.
- 6LoWPAN is used for protecting the communications from the end-users to the sensor network.
- 6LoWPAN security for the internet of things uses AES-128 link layer security which is defined in IEEE 802.15.4 for its security. Link authentication and encryption are used to provide security and additional security is provided to transport layer security mechanisms, which runs over TCP.
Uses of 6LoWPAN
6LoWPAN plays a key role in domains like smart home automation, industrial monitoring, smart grids, general automation, etc.
ZigBee is believed to be a state-of-the-art protocol to provide security for internet of things devices and applications. It provides efficient machine-to-machine communication from 10–100 meters away in low-powered embedded devices like radio systems. It is a cost effective open-source wireless technology.
ZigBee supports two security models:
The Centralized Security Network
This provides higher security and is also more complicated as it uses a third device called Trust Centers that are applications that run on the device trusted by other devices within the ZigBee network. The Trust Centre forms a centralized network and configures and authenticates each device to join the network by giving it a unique TCLK (TC Link Key). The TC also determines the network key. To join the network, each device must be configured with the link key which is used to encrypt the network when passing it from the TC to a newly joined entity.
The Distributed Security Network
In DSN, there is no Central Node or Trust Center; this makes it simpler but less secure than the CSN. Every router can start distributed networks on their own. When a node joins to the network, it only receives the network key.
Features/Advantages of IoT with ZigBee
- ZigBee provides standardization at all layers, which enables compatibility between products from different manufacturers.
- Due to its mesh architecture, devices tend to connect with every device in the vicinity. This helps in expanding the network and making it more flexible.
- ZigBee uses “Green Power” that facilitates lower energy consumption and cost.
- ZigBee helps in the scalability of networks as it supports a high number (about 6,550) of devices.
Make sure you identify the correct security protocol for your application and apply it, keeping all attendant best practices in mind, to ensure smooth and secure functioning.