HTTP - Overview

The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed,

collaborative, hypermedia information systems. This is the foundation for data
communication for the World Wide Web (i.e. internet) since 1990. HTTP is a generic and
stateless protocol which can be used for other purposes as well using extensions of its request
methods, error codes, and headers.
Basically, HTTP is a TCP/IP based communication protocol, that is used to deliver data
(HTML files, image files, query results, etc.) on the World Wide Web. The default port is
TCP 80, but other ports can be used as well. It provides a standardized way for computers to
communicate with each other. HTTP specification specifies how clients' request data will be
constructed and sent to the server, and how the servers respond to these requests.

Basic Features
There are three basic features that make HTTP a simple but powerful protocol:
 HTTP is connectionless: The HTTP client, i.e., a browser initiates an HTTP
request and after a request is made, the client waits for the response. The server
processes the request and sends a response back after which client disconnect
the connection. So client and server knows about each other during current
request and response only. Further requests are made on new connection like
client and server are new to each other.
 HTTP is media independent: It means, any type of data can be sent by HTTP
as long as both the client and the server know how to handle the data content.
It is required for the client as well as the server to specify the content type
using appropriate MIME-type.
 HTTP is stateless: As mentioned above, HTTP is connectionless and it is a
direct result of HTTP being a stateless protocol. The server and client are
aware of each other only during a current request. Afterwards, both of them
forget about each other. Due to this nature of the protocol, neither the client
nor the browser can retain information between different requests across the
web pages.
HTTP/1.0 uses a new connection for each request/response exchange, where as HTTP/1.1
connection may be used for one or more request/response exchanges.

Basic Architecture
The following diagram shows a very basic architecture of a web application and depicts
where HTTP sits:
The HTTP protocol is a request/response protocol based on the client/server based
architecture where web browsers, robots and search engines, etc. act like HTTP clients, and
the Web server acts as a server.
Client
The HTTP client sends a request to the server in the form of a request method, URI, and
protocol version, followed by a MIME-like message containing request modifiers, client
information, and possible body content over a TCP/IP connection.
Server
The HTTP server responds with a status line, including the message's protocol version and a
success or error code, followed by a MIME-like message containing server information,
entity meta information, and possible entity-body content.

What is UPnP?
UPnP (Universal Plug and Play) is a networking protocol that enables devices to discover
each other and connect without the need for manual configuration or user intervention. The
protocol automates all the steps necessary for recognition and communication between
devices on the same network.

The main goal of UPnP is to provide an automated way for adding and connecting new
hardware to a local network. The protocol enables a device to join the network by:
  Setting up the device's IP address.
 Broadcasting the device's name and capabilities to the rest of the network.
 Informing the new piece of hardware about the capabilities of other connected devices.
 Enabling network devices to communicate and function in tandem.

What Is UPnP Used For?

Some of the most common use cases for UPnP include:

 Connecting a new printer to every PC and tablet in the household.

 Connecting a gaming console to a game server to play and stream online games.
 Streaming content from a computer to a smart TV.
 Linking a wireless speaker set to a mobile phone.
 Connecting to the home surveillance system to keep an eye on the house while you are away.
 Connecting and remotely controlling an IoT system from a mobile device (smart lighting,
internet-controlled thermostats, smart locks, etc.).

What is CoAP protocol , CoAP Architecture,

message format
The CoAP protocol is specified in RFC 7252. It is a web transfer protocol
which is used in constrained nodes or networks such as WSN, IoT, M2M etc.
Hence the name Constrained Application Protocol. The protocol is targetted
for Internet of Things (IoT) devices having less memory and less power
specifications.

As it is designed for web applications it is also known as "The Web of Things

Protocol". It can be used to transport data from few bytes to 1000s of bytes
over web applications. It exists between UDP layer and Application layer.

Following are the features of CoAP Protocol:

• Easy to proxy to/from HTTP.
• It is open IETF standard
• It is Embedded web transfer protocol (coap://)
• It uses asynchronous transaction model.
• UDP is binding with reliability and multicast support.
• GET, POST, PUT and DELETE methods are used.
CoAP Architecture

The figure-1 depicts CoAP Architecture. As shown it extends normal HTTP

clients to clients having resource constraints. These clients are known as
CoAP clients. Proxy device bridges gap between constained environment and
typical internet environment based on HTTP protocols. Same server takes
care of both HTTP and CoAP protocol messages.
CoAP Message Format | CoAP Header
The figure-2 depicts CoAP message format consists of 4 bytes header
followed by token value (from 0 to 8 bytes). The table below mentions header
which consists of 4 bytes i.e. 32 bits.

CoAP message
header Description

It is 2 bit unsigned integer. It mentions CoAP version number. Set to

Ver one.

It is 2 bit unsigned integer. Indicates message type viz. confirmable (0),

T non-confirmable (1), ACK (2) or RESET(3).

TKL It is 4 bit unsigned integer, Indicates length of token (0 to 8 bytes).

It is 8 bit unsigned integer, It is split into two parts viz. 3 bit class
Code (MSBs) and 5 bit detail (LSBs).

16 bit unsigned integer. Used for matching responses. Used to detect

Message ID message duplication.

MQTT (MQ Telemetry Transport)

MQTT (MQ Telemetry Transport) is a lightweight open messaging protocol
that provides resource-constrained network clients with a simple way to
distribute telemetry information in low-bandwidth environments. The
protocol, which employs a publish/subscribe communication pattern, is
used for machine-to-machine.

How does MQTT work?

Aimed at maximizing the available bandwidth, MQTT's publish/subscribe
(pub/sub) communication model is an alternative to traditional client-server
architecture that communicates directly with an endpoint. By contrast, in
the pub/sub model, the client that sends a message (the publisher) is
decoupled from the client or clients that receive the messages (or the
subscribers). Because neither the publishers nor the subscribers contact
each other directly, third parties -- the brokers -- take care of the
connections between them.

MQTT clients include publishers and subscribers, terms that refer to

whether the client is publishing messages or subscribed to receive
messages. These two functions can be implemented in the same MQTT
client. When a device (or client) wants to send data to a server (or broker) it
is called a publish. When the operation is reversed, it is called a subscribe.
Under the pub/sub model, multiple clients can connect to a broker and
subscribe to topics in which they are interested.

If the connection from a subscribing client to a broker is broken, then the

broker will buffer messages and push them out to the subscriber when it is
back online. If the connection from the publishing client to the broker is
disconnected without notice, then the broker can close the connection and
send subscribers a cached message with instructions from the publisher.

Created as a low-overhead protocol to accommodate bandwidth and CPU

limitations, MQTT was designed to run in an embedded environment where
it could provide a reliable, effective path for communication. Suitable for
connecting devices with a small code footprint, MQTT is a good choice for
wireless networks that experience varying levels of latency due to
occasional bandwidth constraints or unreliable connections. The protocol
has applications in industries ranging from automotive to energy to
telecommunications.

XMPP Protocol
XMPP is a short form for Extensible Messaging Presence Protocol. It’s
protocol for streaming XML elements over a network in order to exchange
messages and presence information in close to real time. This protocol is
mostly used by instant messaging applications like WhatsApp.
Let’s dive into each character of word XMPP:
  X : It means eXtensible. XMPP is a open source project which can
be changed or extended according to the need.
 M : XMPP is designed for sending messages in real time. It has
very efficient push mechanism compared to other protocols.
 P : It determines whether you are online/offline/busy. It indicates
the state.
 P : XMPP is a protocol, that is, a set of standards that allow
systems to communicate with each other.
These are the basic requirements of any Instant Messenger which are
fulfilled by XMPP:
1. Send and receive messages with other users.
2. Check and share presence status
3. Manage subscriptions to and from other users.
4. Manage contact list
5. Block communications(receive message, sharing presence status,
etc) to specific users.

Security Issues in IoT

Inadequate Password Protection

Hard-coded and embedded credentials in IoT devices provide an easy target for hackers to
compromise the devices directly. Default passwords may enable hackers to enter the machine
without any obstacles. One of the examples of such an attack refers to the Mirai malware,
which infected IoT devices such as routers, video recorders, and video cameras. The Mirai
malware was successful in logging in by using 61 general hard-coded usernames and
passwords.

Limited Compliance from IoT Manufacturers

Another important factor affecting the security factor in privacy and security in IoT refers
to the lack of compliance from IoT manufacturers. Many fitness trackers with Bluetooth
generally remain visible after pairing. Your refrigerator could give out your Gmail login
credentials.

Device Update Management

The concerns of security and privacy in IoT could also refer to security issues due to
device update management. Insecure firmware or software could generally lead to IoT
security risks. Even if a manufacturer offers a device with the most recent software update,
you will encounter new vulnerabilities.

Privacy Concerns in IoT

Abundance of Data
The data generated by IoT devices is radically staggering for all the right reasons. According
to the Federal Trade Commission, less than 10,000 households could create almost 150
million discrete data points daily. Therefore, you can clearly notice the increased possibilities
for breaches of privacy in IoT. You have more entry points for hackers while leaving
sensitive information and your IoT devices vulnerable.

Eavesdropping
IoT users would also have to find eavesdropping as one of the ominous answers to ‘What
are the privacy concerns in IoT?’ for specific reasons. Imagine a hacker using one of
your smart home appliances to snoop in your personal life. As a matter of fact, hackers and
even manufacturers could use a connected device to basically invading an individual’s home.

Unwanted Public Exposure

The next and probably the most important entry among privacy issues in IoT would refer to
unwanted public exposure. IoT device manufacturers often have long documentation for
terms of service, and there is barely anyone who reads the document thoroughly. According
to the Federal Trade Commission, manufacturers and enterprises could leverage data offered
willingly by consumers for making employment decisions.