Table of Contents
As we all aware of the current market trend toward IoT and its applications swelling day-by day, security is one important parameter to be considered for the IoT applications for assuring privacy of data stored, transmitted or received through an internet to end points protecting from hackers.
As we move towards more sophisticated world, where our machines communicate with another machine to get the job done for us, the key element here are sensors and cloud data. The sensor is the element which collects the data, processes it and sends the information to the cloud for leveraging. This data is sent to the user end points which are taking our life in a much smarter, advanced and automated way. It is to be said that Internet of things does not make any value without sensors and cloud network. But the very big question rising in our minds is, is the data transferred or received is secured and unaltered?
One of the most common and reliable network of IoT in today’s world is through WSN (Wireless sensor networks). WSN is a network of small electronic devices or nodes which consists of different sensors. The prime purpose of Wireless sensor is to collect the data and pass it to base station or edge node securely in its network. This data is then passed to the internet to reach the end user points.
This project aims in exploring the vulnerabilities and threats available to IoT (Internet of things) and thereby analyzing the security mechanism available for the IoT devices used in any specific application. Once getting a clear information about the vulnerabilities, threats and security mechanisms for an IoT, security mechanism over simulation tool will be applied to any one IoT application networks (WAN, WSN,LAN).Preferably choosing WSN as it is the most used application in Industries and corporate. Adding to the simulation part, a real sensor node will be selected and then its sensed data will be fed to the simulator securely. Finally, the communication and performance from real node and virtual node in the simulator will be seen in the analytics.
- A detailed analysis on IoT,WSN along with IOT facts related to its process and security factors has been discussed.
- Study of WSN suitable simulators. (Simulator which supports combination of physical come virtual devices).
- Study of Arduino microcontroller platform which receives the input from sensor nodes and process the output.
- Study of Wi-Fi shield, which helps to connect to the internet wirelessly through Arduino
- Study and selection of sensor nodes (Temperature sensor nodes)
- Formation of nodes in Simulator with base station node
- Interfacing of physical node data to Simulator
- Applying Security to nodes communication to base station.
Theory: A brief details about the analytical work carried on for this project.
High Level Architecture: A detailed diagram about the IoT system and explanation about the overall process.
Requirements: Discussion of software and hardware requirements and way to do it.
Implementation: Implementation of the project phase by phase
Reference: A detailed reference for all the inputs gathered in the report.
IoT is an embedded system which is mixture of physical objects and sensors that is used to transmit or receive information over a cloud based network for the purpose of controlling, processing or collection of data. Some of the examples of IoT devices are smart watch, smart TV, Smart Firewall for the Smart home, smart button controller, Nest cam etc.
All these IoT devices are embedded with sensors, processors and network connectivity which helps them to collect the data and process the data to a base station or gateway. The gateway will make sure the translation of protocols to IP layer protocols to connect to the cloud data and ultimately the data from cloud will be passed to the end users where the data received can either be controlled, processed or seen. Examples of end users include pc, laptop, remote server or mobile devices. The below diagram shows the general process in IoT system. 
Wireless sensor networks by the term denote us that multiple wireless sensor formed in a network. A WSN can further be described as network of nodes that is used to sense the data and control it by bridging the data to the end user or machine for processing, control and operation. The nodes in the WSN are light weight and have very low processing power and memory to store due to which they are mostly used only to collect the data and process it immediately. WSN nodes are very cheap in the market and they are used in many applications due to their characteristic of being user friendly.
Some of the frequent uses of WSN are found in military applications, environmental monitoring, and Power transmission and transformation equipment. Nowadays WSN are in demand and there are lot of applications dependent on WSN. A typical WSN consists of following things as shown in the diagram. 
The electronic nodes which will be placed in different geographic location subject to data sensing senses the data and passes it to the next hop (node) to pass the data to the cluster node. All these nodes will be tiny in size and possess low processing power and memory. These nodes typically consist of a sensor, a power module with a controller and a transreceiver. The power module will supply the needed power for the nodes to be active during data collection and then passes the data to controller which processes it accordingly. The role of transreceiver is to transfer the data to next hop successfully and thereby the data reaches the cluster head as per the configuration. Passing the data to each hop is achieved by WSN routing mechanism. 
WSN, when implemented in a clustered application needs a cluster head to communicate to the gateway as it will be difficult when all nodes communicate to the internet independently. To reduce the work load and for efficient application and performance it is best practice to choose a cluster head in WSN. Cluster head can be opted by various factors considering the distance from base station, number of neighbors and most importantly its own energy. 
A gateway in a WSN is the bridge between WSN and internet. IT actually translates the protocol to IP readable protocols and also performs other important tasks like data filtering, updating and security. Some of the upgraded gateways operates as platforms for application code. In gateway the entire data is gathered and sent to the internet (IOT) to get the data analyzed with the end user configuration. 
WSN considered as one of the most famous and reliable technology in the current world. It is being used for IoT (Internet of things) as the major technology for vast applications. One of the key things to be considered here is security. Securing of collected data transferred from different nodes to the gateway or base station will be challenging. The major reason is that all end nodes possess very low processing and memory power which makes us to think twice when applying the security algorithms. As security algorithms acquire more processing power and space to be activated, security professionals have to consider lot of factors before implementing the solution. Some of the factors which every security professional to consider are as follows.
- Depending on the criticality of the application, security mechanism is applied on the routing layers.
- Depending on the hardware and capability of the IoT device, security algorithms to be chosen.
- Key management, an important factor in security algorithms have to be cleverly chosen depending on the network in which IoT is involved. 
Some of the astonishing facts and information on IoT are as follows.
- At the end of 2020, there will be 20 billion devices connected to the internet .These devices being globally connected and sharing information opens a huge security threat for the data.
- IoT devices don’t have more processing power and space to store huge volumes of data as they are based on light weight protocols and used for specific application purpose which makes them user friendly but at the same time open up lot of security problems. The worst part is we cannot implement all encryption algorithms on IoT as they needs more space and processing capability to be activated. 
- As IoT devices follow a different set of protocols for design, they need a security firewall in their end as well as security protection from network end. 
- Balancing the security level both in network and in IoT is the best practice to achieve best performance and efficiency of the IoT application.
- Device vendors when designing the product did not gave much attention to security approach of the device which paved the way for cyberattacks. Some examples of IoT devices security threat are smart phones being hacked, Door locks hacking and some electronic devices hacking. 
- Each layer of the IoT device should be thoroughly analyzed for security vulnerability and threats and then security measures should be planned in a such a way that combination of layers are applied with security mechanisms for better protection of IoT.
- As there are billions and billions of devices connected each other, presence of data is everywhere with a lack of security. Reports estimate that still as the future progress IoT devices count will scale to its peak. If proper security measures are not taken then there is a huge risk for the loss and alteration of user’s data.
- IoT Applications can be categorized into operation technology, Information technology and consumer technology. All these categories rely upon service providers for the IoT data transfer, control and process to end points or end systems.
- Operation technologies are industry based applications like smart grid, smart buildings , smart vehicles where operations of the machine or instrument can be controlled or processed remotely from end systems connected to internet cloud. 
- Information technology is our day to day IT related tasks which involves data transferring, controlling and processing through remote ends.
- Consumer technology are home based applications where the user details are processed through internet and received at the remote end either for controlling or verification.
Testing of software developed for WSN in a real testbed will retrieve the best results but test beds are more expensive as the number of sensor nodes grows in the network. Hence simulation tools are the best solution for this situation. These tools are faster, cheaper and efficient and they balance the advantages of testbeds and simulation tools. Owing to the application , it is mandatory to study about the list of hybrid simulators available for WSN and thereby to select a simulator based on our need will ease the X factor. 
As there are lot of factors seen before selecting a simulator for application, some of them are scalability, GUI, Source emulation and Synchronization. In this project the major preference is given to synchronization, GUI and source emulation. Based on this Omnet++, a hybrid simulator is selected. Some of the other results for simulators are as follows. 
Owing to the two main issues in designing hardware platforms for WSN, design of hardware platform for WSN is difficult. As the two factors are cost and size, the former is an important factor to be considered as wireless sensor networks comprise of thousands of nodes in real time applications, cost has an direct impact. In the project, we have selected Arduino as the hardware platform where we can connect sensors and feed the data to the simulator. Arduino UNO , Wifi shield along with sensors form the wireless sensor networks platform.
The simulator we are using in this project is based on C++ code and hence we decided a hardware platform which supports C++ embedded code just to make things easier. Among the availabilities, we have selected Arduino as the microcontroller platform.
As there is a need to combine a software and hardware in the project, there has to be a perfect platform for ease of use and Arduino being an open- source electronics platform and owing to its multiple uses, Arduino UNO R3 is selected. These boards can receive or read an input from sensors, button, LED and process the same to its respective output by publishing in online. 
Arduino is a microcontroller board based on ATmega328P. It has 14 digital Input /Output pins, 6 analog inputs, a 16 MHZ crystal oscillator, a USB connection, a power jack, an ICSP header and a reset button. To give instructions to Arduino controller, we need Arduino software (IDE) to be run in our desktop/laptop. Arduino software supports cross platform and runs on windows, Linux operating systems and others as well. Programming is made easy in Arduino as it is preprogrammed with bootloader that allows us to upload the new code without the use of external programmer. The highlighted difference when compared to other boards is it does not use USB to serial driver chip, instead it features the ATmega programmed as a serial to USB converter. 
Summarization of the technical details of Arduino Uno R3
|Digital I/O pins||14 (of which 6 provide PWM output)|
|PWM Digital I/O pins||6|
|Analog Input pin||6|
|DC Current per I/O pin||20 mA|
|Flash Memory||32 KB|
|Clock speed||16 MHZ|
The Arduino WiFi shield allows an Arduino board to connect to the internet using WiFi library available in the Arduino IDE. We will be connecting a temperature sensors to it and form a wireless sensor networks, thereby sending the data to the simulator (Omnet++) securely to view the analytics.
To use the Shield, connect the shield on top of UNO board and then connect to the laptop through the UNO cable to Arduino board. Once writing the instruction code in the IDE, we have to upload the code to shield and then we can disconnect from the computer and power it with external supply. 
Operation of WI-FI shield:
The Arduino shield allows an Arduino board to connect to internet using 802.11 specifications. The kernel of this operation is HDG204. The Shield is connected to the Arduino UNO through long wire headers. There is a micro -SD card slot is used for storage of files for serving over the networks. The SD card feature is accessible through library .
|Pin 10 on both boards||HDG204|
|Pin 4||SD card|
|Pin 7||Handshake between shield and Arduino ( not used generally)|
|Encryption availability||WEP and WPA2 Personal|
|Mini -USB||Used for updating shield firmware|
|Operating voltage||5v supplied from Arduino board|
In the hardware side of the project, we are trying to print the readings from the precision integrated circuit temperature device LM35 on the simulator securely. By using UNO R3 and Wi-Fi shield, we are trying to achieve this by sending the sensed data securely to a simulator.
The below image shows the Wi-Fi shield:
The below image shows both Arduino UNO and WI-FI shield connected.
As IoT is comprised of multiple components like protocols, hardware and software, security is a major challenge in it and due to this there are lot of vulnerabilities found in IoT components are discussed in detail in the below document.
To start with IoT layers to know what each layer is responsible and role of each layer, we shall look at the below diagram for our understanding.
Layer description and vulnerabilities found in each layer of IoT
The role of physical layer in any device is to transmit and receive the raw data over a physical medium. The medium can be electrical, mechanical or functional interfaces. Ultimately it carries the signal to the upper layers. For IoT applications physical layers should have considered with the following functionalities. They are modulation, data rate, transmission mode and channel encoding, frequency generation and signal detection
The most famous attacks in physical layer especially in WSN environment is jamming and tampering. Jamming is one such DOS attacks which will affect the network by sending high broadcast signal. Tampering is more related to physical attacks where the user can extract the key security information from the node, alter it and replace it. 
The data link layer is responsible for error-free data and this is the layer which has a hardware address for the sensor. The actual topology for the hardware connections are defined in this layer. This layer supports both connection and connectionless services. The common protocols implemented in physical and data link layers in IoT are Ethernet,3g,4g, GSM, WiFi etc. 
The threats in this layer are continuous channel access where a malicious node disturbs the MAC by continuously sending signals over the channel which will make other nodes to starve. The other attack in this layer is collision attack where two nodes transmits the information at same frequency which will ultimately cause checksum mismatch error. 
This is the layer where the routing protocols for the local network are configured. The unique IP of each device is defined in this layer and way for communication to other networks is configured here. Some of the WSN routing protocols are GEAR, LEACH, TEEN (APTEEN) and SPIN. These routing protocols helps the individual node to process the data to next nearby node and to find the best route to reach the destination.
The network layer is more susceptible to many attacks such as spoofed routing information, sinkhole, hello flood and acknowledgement spoofing etc. Among this spoofed routing information is the most common attack as the target attack is on the routing information exchanged between the sensor nodes. Through this attack, hackers can cause network traffic, generate fake messages and cause delay in latency. 
An important consideration in IoT is security layer. This is the layer where security mechanism is designed over the routing protocols and acts as a savior for the data collected and transferred to the gateway. Implementation of security algorithms have be thoroughly analyzed before execution as most of the IoT devices have low processing power and memory storage due to which all security algorithms cannot be implemented as they require large storage and processing power which nodes cannot provide. Security administrators should know the type of application and dependency of security on it to implement the best available security mechanism. The key here is to compromise some features of security algorithms and node features to get the better performance and efficiency. Security algorithms depend upon technologies being used. Some of the security mechanisms based on different technologies are as follows.
|Communication Protocols||Security mechanism|
|WIFI||WEP, AES,TKIP, 802.1x,WPA and WPA2|
|Zigbee||Link Layer Encryption using AES 128, TLS, EAP|
|6LowPAN||Access Control List , 802.15.4 link layer encryption|
The most vulnerable layer in WSN is transport layer as it is prone to enormous number of attacks like flooding, de-synchronization, energy drain attacks, black hole attacks, node replication attacks and homing. Among them flooding and de-synchronization are most common attack. Flooding is where the attacker gives request repeatedly where at one point the connection are exhausted or would have reached its maximum limit. Ultimately this will drain the Cpu resource which will result in low performance of the sensor node.
This is the most important layer in IoT where various applications can use IoT for service enhancement. Applications can be categorized based on various parameters like type of network, business model, and size and network coverage. The scalability differs based on the type of application it is involved. For example for home based applications the available number of users will be less so the scalability here is either medium or small, whereas scalability in enterprise is large as lot of applications rely on IoT in enterprise level. 
Some of the possible attacks on sensor networks in wireless mode are, a hacker can eavesdrop on the communication sent from one node to another or to gateway. Apart from this traffic analysis can be done, replay attacks, false injection of messages can be done, denial of service attacks which is jamming off the channel with multiple packets creates congestion in the networks. Ultimately all these attacks drain sensor battery which will result in performance drop. 
Some other attacks performed on IoT device especially on sensors are gaining access to the internal state of the node through injecting some software bugs on the sensor nodes or in the base station. Physical attacks are the next dangerous risk in IoT devices. They can be in any form ranging from medium to very large. Some of them are as follows
- Replacement of sensors and chipsets
- Simulating Electrically Erasable Programmable read only memory
- Changing the programed interface at the controller level.
- Brute force password guessing
- Other Invasive attacks 
Overall in all IoT layers vulnerabilities are found in perception layer (sensor and gateways) Communication layer (networks and messaging) and finally application layer (application and service unit).
Sensors, gateways , RFID, M2M terminals are the major components of this layer .These components involved here have low processing power and memory so minimum level of security configurations are applied here with respect to performance of the nodes. They possess multiple security vulnerabilities such as Integrity, confidentiality, authentication, denial of service attack, forwarding attack, sybil attack, eaves dropping attack, sniffing attack, wormhole attack and acknowledgement spoofing attack. 
This layer is the key layer which utilizes wireless, network infrastructure and data transport mechanism. IoT network and wireless infrastructures are prone to passive and active attacks. Active attacks are DoS (Denial -of-Service), IP spoofing, man in the middle attack Wireless signal jamming, frame injection, flooding and collision attack and de-synchronized attacks. Passive attacks include packet sniffing using sniffer tools. 
This layer translates the protocol used in sensor networks to Ip family protocols which is suited to internet applications. This is achieved with the help of messaging protocols like HTTP, CoAP, MQTT, AMQP etc. Again these protocols are vulnerable to Ip spoofing, port scanning, denial of service, Ip fragmentation and connection high jacking. 
The above diagram shows the conceptual view of the IoT/WSN hybrid model set up where there is an interfacing of real sensor node and virtual nodes in the simulator through HIL interface. A physical sensor is selected which can sense any data like temperature, pressure, humidity etc. The sensor is battery powered or can be supported by an external power supply as shown in the diagram.
The sensed data is passed to the simulator through a microcontroller, which process the data as programmed and this hardware platform is selected to be as Arduino which is an electronic open source platform. The hardware platform can receive the input from sensor and process it to suitable output as expected for the application. The processed output is sent to the simulator through an HIL interface.
The HIL is the technique used to test and run the testbeds output in the simulator which will ultimately save the cost and deployment efforts. As the simulator (Omnet++) is having capability of accepting a combination of physical sensor nodes and virtual nodes through INET framework, we are forming a set of virtual nodes in the simulator environment. Once the set of virtual nodes is formed, security mechanism is implemented over the routing protocol used for the communication among the nodes and between the nodes to base station.
Similarly, security is configured for the physical sensor data as well which is communicating to the simulator. Overall the performance of physical sensor and virtual sensor nodes is seen in some analytics which will be helpful to determine the efficiency of hybrid implementation. Security in both real node and virtual node communication will be achieved at the end of complete setup.