UNIT-IV

Device discovery :

The Internet of Things (IoT) ecosystem has given consumers access to a world of possibilities, but it
also comes with certain security risks. With IoT devices constantly monitoring and collecting data
concerning the user and device behavior, the probability of malicious or ransomware attacks by
hackers and other ill-intended entities has increased

Device discovery tools and IoT security solutions help address the said security challenges for
consumer-level and industrial applications.

IoT security systems are indeed needed to protect end-users from cyber threats. The former allows the
latter to leverage the power of IoT devices and networks while having complete control over their
sensitive personal data. IT and security professionals need systems that help them discover devices
and effectively mitigate potential threats.

The Role of IoT Device Discovery:

With the increased use of connected gadgets, it has become more obvious that most of them still have
little or no security features in place. They are vulnerable and can easily be compromised by hackers,
giving them remote access to our sensitive personal details.

Dynamic IoT device discovery and profiling automate identifying processes that allow specific
devices on the network. These IoT security solutions offer much-needed protection to your network,
while IoT device discovery forms the critical foundation in establishing security. Both can be
included as modules within routers, gateways, UTMs, and other similar devices that allow inbound
and outbound network traffic because these tools are backed by a knowledge base, which helps detect
new devices even without any foreknowledge of them.

Registering a Device:

The device discovery on the network can become simple if an IoT device initially registers with some
Cloud platform or Network. So that all the traffic generated by it can be monitored by routers, gateways,
UTMs and other similar devices.

Example: Developing a home automation application using AWS requires IoT devices to be registered
with AWS cloud for monitoring and controlling the behavior of the devices. This can be done by adding a
new device to template/dashboard/application.
Deregistering a Device:

Inorder to stop vulnerabilities in network based application, the devices that no longer needed and thought
to be hacked can be deregistered from the cloud.

Every cloud platform has a provision to deregister a device when it is no longer need for an application to
ensure security.

Introduction to Cloud Storage Models & Communication APIs:

In today’s digital age it is important to understand how data is stored and communicated over the
Internet. This is where cloud storage models and communication APIs come into play.

In truth, cloud computing and IoT are tightly coupled. The growth of IoT and the rapid development of
associated technologies create a widespread connection of things. This has lead to the production of
large amounts of data, which needs to be stored, processed and accessed. Cloud computing as a
paradigm for big data storage and analytics. While IoT is exciting on its own, the real innovation will
come from combining it with cloud computing. The combination of cloud computing and IoT will
enable new monitoring services and powerful processing of sensory data streams. For example,
sensory data can be uploaded and stored with cloud computing, later to be used intelligently for smart
monitoring and actuation with other smart devices. Ultimately, the goal is to be able to transform data
to insight and drive productive, cost-effective action from those insights. The cloud effectively serves
as the brain to improved decision-making and optimized internet-based interactions. However, when
IoT meets cloud, new challenges arise. There is an urgent need for novel network architectures that
seamlessly integrate them. The critical concerns during integration are quality of service (QoS) and
quality of experience (QoE), as well as data security, privacy and reliability. The virtual infrastructure
for practical mobile computing and interfacing includes integrating applications, storage devices,
monitoring devices, visualization platforms, analytics tools and client delivery.
Cloud computing offers a practical utility-based model that will enable businesses and users to access
applications on demand anytime and from anywhere.

Cloud storage models refer to different ways of storing data on remote servers that can be accessed
over the Internet. Communication APIs allow different applications to communicate with each other
over Internet. By using these technologies, businesses can store and access their data from anywhere
in the world and integrate different applications seamlessly.
Deployment models:

Deployment in cloud computing comprises four deployment models: private cloud, public cloud,
community cloud and hybrid cloud.

A cloud storage API is an application program interface that connects a locally-based application to a
cloud-based storage system, so that a user can send data to it and access and work with data stored in it.
To the application, the cloud storage system is just another target device, like tape or disk-based
storage. An application program interface (API) is code that allows two software programs to
communicate with each other. The API defines the correct way for a developer to write a program that
requests services from an operating system (OS) or other application. APIs are implemented by
function calls composed of verbs and nouns. The required syntax is described in the documentation of
the application being called.
Three basic types of APIs

APIs take three basic forms: local, web-like and program-like.

1. Local APIs are the original form, from which the name came. They offer OS or middleware services to
application programs. Microsoft's .NET APIs, the TAPI (Telephony API) for voice applications, and
database access APIs are examples of the local API form.

2. Web APIs are designed to represent widely used resources like HTML pages and are accessed using
a simple HTTP protocol. Any web URL activates a web API. Web APIs are often called REST
(representational state transfer) or RESTful because the publisher of REST interfaces doesn't save any
data internally between requests. As such, requests from many users can be intermingled as they would
be on the internet.

3. Program APIs are based on remote procedure call (RPC) technology that makes a remote
program component appear to be local to the rest of the software. Service oriented architecture
(SOA) APIs, such as Microsoft's WS-series of APIs, are program APIs.

1. WAMP - AutoBahn for IoT

Web Application Messaging Protocol (WAMP) is a sub-protocol of Websocket which provides
publish-subscribe and remote procedure call (RPC) messaging patterns.

WAMP-AutoBahn is a communication protocol that enables real-time and bidirectional communication

between IoT devices and cloud services. It uses Websocket technology and provides a range of features
such as authentication, encryption and message routing. One of the main advantage of WAMP-AutoBahn
is its scalability. Another advantage is its interoperability, as it can work with different programming
languages and platforms. WAMP-AutoBahn has many applications in IoT such as in smart homes,
industrial automation and healthcare. For example it can be used to monitor and control home appliances,
track inventories in factories, and transmit vital signs in medical devices.

WAMP session between Client and Router

• Transport: Transport is channel that connects two peers.

• Session: Session is a conversation between two peers that runs over a transport.
• Client: Clients are peers that can have one or more roles.

In publish-subscribe model client can havefollowing roles:

Publisher: Publisher publishes events (including payload) to the topic maintained by the Broker.
Subscriber: Subscriber subscribes to the topics and receives the events including the payload. In
RPC model client can have following roles:
Caller: Caller issues calls to the remote procedures along with call arguments.
Callee: Callee executes the procedures to which the calls are issued by the caller and returns the
results back to the caller.
• Router: Routers are peers that perform generic call and event routing.
In publish-subscribe model Router has the role of a Broker:
Broker: Broker acts as a router and routes messages published to a topic to all subscribers subscribed to
the topic.
In RPC model Router has the role of a Dealer:

Dealer: Dealer acts a router and routes RPC calls from the Caller to the Callee and routes results from
Callee to Caller.
• Application Code: Application code runs on the Clients (Publisher, Subscriber, Callee or Caller).

2. Xively Cloud for IoT

Xively Cloud is a powerful platform for IoT that enables easy device management, secure data
storage, and analytics capabilities. It provides a scalable and reliable infrastructure for IoT
applications, allowing developers to focus on building innovative solutions without worrying about
managing the underlying infrastructure.

One of the key advantages of Xively Cloud is its ability to handle large volumes of data from
connected devices in real-time. This allows businesses to gain valuable insights into their operations
and make informed decisions based on data-driven analytics. Xively Cloud also offers advanced
security features, including end-to-end encryption, access controls, and threat detection, ensuring that
sensitive data is protected at all times.
• The services includes data collection, data points, messages and calculation objects.
• The service also provisions for the generation and communication of alerts, triggers and feeds
to the user.

• A user is an application or service.

• The user obtains responses or feeds from the cloud service.

Pachube platform: for data capture in real-time over the Internet . Cosm: a changed domain name,
where using a concept of console, one can monitor the feeds . Xively is the latest domainname.
Xively is a commercial PaaS for the IoT/M2M. A data aggregator and data mining website often
integrated into the Web of Things . An IoT PaaS for services and business services.

Xively PaaS services:

• Data visualization for data of connected sensors to IoT devices.
• Graphical plots of collected data.
• Generates alerts.
• Access to historical data
• Generates feeds which can be real-world objects of own or others
Xively HTTP based APIs
• Easy to implement on device hardware acting as clients to Xively web services
• APIs connect to the web service and send data.

• APIs provides services for logging, sharing and displaying sensor data of all
Xively Support
•The platform supports the REST, WebSockets and MQTT protocols and connects the devices to
Xively Cloud Services
• Native SDKs for Android, Arduino, ARM mbed, Java, PHP, Ruby, and Python languages
• Developers can use the workflow of prototyping, deployment and management through the
tools provided at Xively
Xively APIs
• Enable interface with Python, HTML5, HTML5 server, tornado
• Interface with WebSocket Server and WebSockets
• Interface with an RPC (Remote Procedure Call).
Xively PaaS services
• Enables services
• Business services platform which connects the products, including collaboration products
• Rescue, Boldchat, join.me, and operations to Internet
• Data collection in real-time over Internet
Xively Methods for IoT Devices Data
•Concept of users, feeds, data streams, data points and triggers
• Data feed typically a single location (e.g. a device or devices network),
• Data streams are of individual sensors associated with that location (for example, ambient
lights, temperatures, power consumption).
• Pull or Push (Automatic or Manual Feed)
Xively Data formats and Structures
• Number of data formats and structures enable the interaction, data collection and services
• Support exists for JSON , XML and CSV
• Structures: Tabular, spreadsheet, Excel, Data numbers and Text with a comma-separated values
in file
Xively Uses in IoT/M2M
• Private and Public Data Access
• Data streams, Data points and Triggers
• Creating and Managing Feeds
• Visualizing Data

3. Django
Django is an open source web application framework for developing web applications in Python.
• A web application framework in general is a collection of solutions, packages and best practices
that allows development of web applications and dynamic websites.
• Django is based on the Model-Template-View architecture and provides a separation of the data
model from the business rules and the user interface.
• Django provides a unified API to a database backend.
• Thus web applications built with Django can work with different databases without requiring any
code changes.
• With this flexibility in web application design combined with the powerful capabilities of the
Python language and the Python ecosystem, Django is best suited for cloud applications.
• One of the key features of Django is its ability to handle large amounts of data and traffic,
making it ideal for IoT applications. Additionally django provides built-in security features such
as protection against SQL injection and cross-site scripting attacks.
• Another advantage of using Django is its modularity. Developers can easily add new
functionality to their applications by using pre-built modules or creating their own. This allows
for rapid development of IoT applications. Finally, Django is highly customizable, allowing
developers to tailor their applications to meet specific business needs.
• Django consists of an object-relational mapper, a web templating system and a regular-expression
based URL dispatcher. Django is Model-Template-View (MTV) framework.

Model
• The model acts as a definition of some stored data and handles the interactions with the database. In
a web application, the data can be stored in a relational database, non-relational database, an XML file,
etc. A Django model is a Python class that outlines the variables and methods for a particular type of
data.
Template
• In a typical Django web application, the template is simply an HTML page with a few extra
placeholders. Django’s template language can be used to create various forms of text files (XML,
email, CSS, Javascript, CSV, etc.)
View
• The view ties the model to the template. The view is where you write the code that actually
generates the web pages.
View determines what data is to be displayed, retrieves the data from the database and passes the data
to the template.
4. Designing a RESTful Web API

Consider developing a RESTful Web API using Django REST framework. The REST API allows
you to create, view, update and delete a collection of resources where each resource represents a
sensor data reading from a weather monitoring station. The station model contains four fields-station
name, timestamp, temperature, latitude and longitude. ViewSets are used for the views that allow you
to combine the logic for a set of related views in a single class.

Serializers allow complex data ( such as querysets and model instances) to be converted to native
Python datatypes that can then be easily rendered into JSON,XML or other content types. Serializers
also provide de-serialization, allowing parsed data to be converted back into complex types, after first
validating the incoming data.

Since ViewSets are used instead of views, we can automatically generate the URL conf for our API,
by simply registering the viewsets with a router class. Routers automatically determining how the
URLs for an application should be mapped to the logic that deals with handling incoming requests.

5. Amazon Web Services for IoT

Amazon Web Services is (AWS) is a cloud platform that provides a wide range of services. It offers
scalable computing resources, data storage and management tools and real-tile data processing
capabilities. With AWS you can easily build, deploy and manage IoT applications at scale.
One of the key advantages for using AWS for IoT is its flexibility. You can choose from a variety of
services depending on your specific needs and only pay for what you use.
Additionally, AWS provides a highly secure and reliable infrastructure which is essential for IoT
applications that dealt with sensitive data. Some examples of AWS applications in IoT include smart
homes, industrial automation and healthcare monitoring systems.

Amazon Web Services for IoT

i) Amazon EC2
Amazon Elastic Compute Cloud (EC2) is a scalable cloud computing service that allows users to rent
virtual computers on which they can run their own applications. EC2 provides a flexible, cost-effective
way to host web-scale applications and services in the cloud.
One of the key advantages of using EC2 for IoT is its scalability. EC2 enables users to quickly and easily
scale up or down their computing resources as needed, allowing them to handle large amounts of data and
traffic from IoT devices. Additionally, EC2 offers a wide range of instance types optimized for different
workloads, making it easy to find the right configuration for your specific use case.
A connection to EC2 service is first established by callingboto.ec2.connect_to_region.
• The EC2 region, AWS access key and AWS secret key are passed to this function. After connecting
to
• EC2 , a new instance is launched using the conn.run_instances function.
• The AMI-ID, instance type, EC2 key handle and security group are passed to this function.
• This function returns a reservation. The instances associated with a reservation are obtained using
reservation.instances.
• Finally the status of an instance associated with a reservation is obtained using the instance.update
function.
ii) Amazon AutoScaling

Amazon AutoScaling allows automatically scaling Amazon EC2 capacity uo or dowm according to user
defined conditions. Therefore, with AutoScaling users can increase the number of EC2 instances running
their applications seamlessly during spikes in the application workloads to meet the application
performance requirements and scale down capacity when the workload is low to save costs. AutoScaling
can be used for auto scaling IoT applications and IoT platformsndeployed on amazon EC2.

AutoScaling Service
• A connection to AutoScaling service is first established by calling
boto.ec2.autoscale.connect_to_region function. The EC2 region,AWS access key and AWS secret key are
passed to this function.

Launch Configuration
• After connecting to AutoScaling service, a new launch configuration is created by calling
conn.create_launch_con figuration. Launch configuration contains instructions on how to launch
new instances including the AMI-ID, instance type, security groups, etc.
AutoScaling Group
• After creating a launch configuration, it is then associated with a new AutoScaling group.
AutoScaling group is created by calling conn.create_auto_scaling_group. The
settings for AutoScaling group such as the maximum and minimum number of instances in the group,
the launch configuration, availability zones, optional load balancer to use with the group, etc.
AutoScaling Policies
• After creating an AutoScaling group, the policies for scaling up and scaling down are defined.
• In this example, a scale up policy with adjustment type Change In Capacity and scaling_ad justment =
1 is defined.
• Similarly a scale down policy with adjustment type ChangeInCapacity and scaling_ad justment = -1
is defined.
CloudWatch Alarms
• With the scaling policies defined, the next step is to create Amazon CloudWatch alarms that trigger
these policies.
• The scale up alarm is defined using the CPUUtilization metric with the Average statistic and
threshold greater 70% for a period of 60 sec. The scale up policy created previously is associated
with this alarm. This alarm is triggered when the average CPU utilization of the instances in the
group becomes greater than 70% for more than 60 seconds.
• The scale down alarm is defined in a similar manner with a threshold less than 50%.

iii) Amazon S3:

Amazon Simple Storage Service (S3) is a highly scalable object storage service that allows you to store
and retrieve very large amount of data from anywhere on the web. S3 provides highly reliable, scalable,
fast, fully redundant and affordable storage infrastructure. S3 can serve as a raw datastore (or “Thing
Tank”) for IoT systems for storing raw data, such as sensor data, log data, image, audio and video data. It
is designed to provide 99.99% durability and 99.99% availability, ensuring that your data is always safe
and accessible.
• A connection to S3 service is first established by calling boto.connect_s3 function. The AWS access
key and AWS secret key are passed to this function.
• The upload_to_s3_bucket_path function uploads the file to the S3 bucket specified at the specified
path.

• The upload_to_s3_bucket_root function uploads the file to the S3 bucket root.

iv) Amazon RDS

Amazon RDS is a web service that allows you to create instances of MySQL, Oracle or Microsoft SQL
Server in the cloud. With RDS, developers can easily setup, operate and scale a relational database in the
cloud.
RDS can serve as a scalable relational datastore for IoT systems. With RDS, IoT system developers can
store any amount of data in scalable relational databases.
A connection to RDS service is first established by calling boto.rds.connect_to_region function. The RDS
region, AWS access key and AWS secret key are passed to this function.

• After connecting to RDS service, the conn.create_dbinstance function is called to launch a

new RDS instance.

• The input parameters to this function include the instance ID, database size, instance type, database
username, database password, database port, database engine (e.g. MySQL5.1), database name,
security groups, etc.

v) Amazon Dynamo DB

Amazon DynamoDB is a fully-managed, scalable, high performance No-SQL database service.

DynamoDB can serve as a scalable datastore for IoT systems. With DynamoDB IoT developers can store
any amount of data and serve any level of requests for this data.
A connection to DynamoDB service is first established by callingboto.dynamodb.connect_to_region.
• After connecting to DynamoDB service, a schema for the new table is created by calling
conn.create_schema.
• The schema includes the hash key and range key names and types.
• A DynamoDB table is then created by calling conn.create_table function with the table schema,
read units and write units as input parameters.

• The conn.get_table is function is used to retrieve an existing table.

vi) Amazon EMR

Amazon EMR is a web service that utilizes Hadoop framework running on Amazon EC2 and Amazon S3.
EMR allows processing of massive scale data, hence suitable for IoT applications that generate large
volumes of data that needs to be analyzed. Data processing jobs are formulated with the MapReduce
parallel data processing model.

MapReduce is a parallel data processing model for processing and analysis of massive scale data.
MapReduce has two phases: Map and Reduce. MapReduce programs are written in functional
programming style to create Map and Reduce functions. The input data to the map and reduce phases is in
the form of key-value pairs.
6. SkyNetIoT Messaging Platform.

SkyNet is an open source instant messaging platform for Internet of Things. The single SkyNet API
supports HTTP-REST,WebSockets,MQTT and CoAP protocols for guaranteed message delivery and low
bandwidth satellite communication.. SkyNet allows you to register devices( or nodes) on the Network. A
device can be anything including sensors, smart home devices, cloud resources, drones etc. Each device is
assigned a UUID and a secret token. Devices or client applications can subscribe to other devices and
receive/send messages.

 The first step is to create a device on SkyNet. The POST request to create a device returns the
UUID and token of the created device.
 Next is updating a device, retrieving last 10 events related to a device, subscribing to a device and
sending message to a device.