IoT Architecture and Protocols

UNIT- V
Service layer protocols and Security

The service layer in IoT (Internet of Things) protocols involves a set of standardized frameworks and
technologies that facilitate communication and interoperability between devices, networks, and applications.
In the context of IoT, various standards and protocols, such as oneM2M, ETSI M2M, OMA, BBF, and
others, define how services should be provided, consumed, and secured across IoT networks.

In addition to these service layer protocols, certain low-level communication protocols and security
mechanisms, such as MAC 802.15.4, 6LoWPAN, RPL, and security at the application layer, play critical
roles in providing a secure and reliable communication framework.

Let’s go over the key service layer protocols and security considerations for IoT, focusing on the service
layer and network protocols like MAC 802.15.4, 6LoWPAN, and RPL.

1. Service Layer Protocols for IoT

a) OneM2M

 Description: oneM2M is a global standard for M2M (Machine-to-Machine) and IoT

communications, aiming to enable interoperability and scalability of IoT systems. It defines an
architecture and standardized service layer that ensures the integration of various IoT devices and
systems across different domains and networks.
 Components:
o Common Service Functions (CSF): Provide fundamental features like device management,
data storage, security, and application enablement.
o Application Functions (AF): Represent IoT applications and services interacting with the
CSF.

Page | 1
Unit-5
IoT Architecture and Protocols

 Security Considerations:
o End-to-end security: oneM2M provides comprehensive security mechanisms like
authentication, encryption, and access control.
o Authorization: Ensures secure access to devices and services based on user roles.
o TLS/SSL for data transport encryption.
o Data Privacy: Ensures that data exchanged between devices and applications is secure and
protected from unauthorized access.

b) ETSI M2M (European Telecommunications Standards Institute M2M)

 Description: ETSI M2M is an earlier initiative by ETSI to develop standards for M2M
communication. It focuses on communication between devices in IoT and M2M applications.
 Components:
o Service Capability Layer (SCL): Provides common services such as data storage,
management, and access control.
o M2M Service Layer (SL): Ensures communication between applications and devices.
 Security Considerations:
o ETSI M2M relies on TLS and IPsec for securing data in transit.
o It also includes provisions for device authentication, secure storage, and access control to
protect sensitive data.

Page | 2
Unit-5
IoT Architecture and Protocols

c) OMA (Open Mobile Alliance)

 Description: OMA defines standards for mobile services, including mobile device management
(MDM) and service orchestration. OMA has several protocols used for M2M communications,
notably OMA Lightweight M2M (LWM2M), which is widely used in IoT.
 OMA LWM2M: A lightweight protocol designed for resource-constrained devices, commonly used
for device management and data collection in IoT.
 Security Considerations:
o DTLS (Datagram Transport Layer Security) is used for securing communication in
LWM2M.
o X.509 certificates are used for device authentication and establishing secure connections.
o CoAP (Constrained Application Protocol) also works with security mechanisms like
OSCOAP for encrypting payloads in low-resource environments.

Page | 3
Unit-5
IoT Architecture and Protocols

d) BBF (Broadband Forum)

 Description: BBF focuses on standards for broadband communication, and in the context of IoT, it
provides standards for network management, interoperability, and security. BBF standards like TR-
069 enable remote management of IoT devices.
 Security Considerations:
o Secure Device Management: TR-069 employs TLS/SSL for secure communication
between devices and the management server.
o Authentication and Access Control: Ensures that only authorized devices and users can
manage IoT devices.

2. Security in IoT Protocols

IoT security requires a multi-layered approach to safeguard devices, networks, and applications. Various
IoT protocols address security concerns, including authentication, encryption, integrity, and data privacy.

Page | 4
Unit-5
IoT Architecture and Protocols

a) MAC 802.15.4

 Description: IEEE 802.15.4 is a standard for low-rate wireless personal area networks (LR-
WPANs) and is commonly used in IoT applications like Zigbee, Thread, and WirelessHART.
 Security Considerations:
o Authentication: 802.15.4 supports symmetric key-based authentication for network access.
o Encryption: It provides AES-128 encryption to secure data at the MAC layer.
o Integrity: Message Integrity Codes (MIC) are used to ensure data integrity and detect
tampering during transmission.
o Key Management: Key establishment and management can be done via protocols like
Zigbee or Thread, but these need to be handled securely to avoid key exposure.

b) 6LoWPAN (IPv6 over Low Power Wireless Personal Area Networks)

 Description: 6LoWPAN is a protocol designed to enable IPv6 packets to be sent over low-power,
low-bandwidth wireless networks like IEEE 802.15.4.
 Security Considerations:
o IPv6 Security: Since 6LoWPAN uses IPv6, it can leverage IPv6 security features like IPsec
for end-to-end encryption and authentication.
o Low Power Security: Lightweight security protocols like DTLS (Datagram TLS) are often
used for securing communication in resource-constrained IoT devices.
o Key Management: Secure methods like Elliptic Curve Cryptography (ECC) are used for
efficient and secure key management in low-power devices.

c) RPL (Routing Protocol for Low Power and Lossy Networks)

 Description: RPL is a routing protocol designed for IoT devices that operate in low-power and lossy
networks, such as those based on 6LoWPAN or Zigbee.
 Security Considerations:
o Secure Routing: RPL includes provisions for securing the routing process by authenticating
the nodes and ensuring that only trusted nodes participate in routing.
o Integrity and Confidentiality: RPL can use IPsec and AES encryption to ensure the
confidentiality and integrity of routing messages.
o Replay Protection: RPL incorporates mechanisms to protect against replay attacks by using
sequence numbers and timestamps.

Page | 5
Unit-5
IoT Architecture and Protocols

3. Application Layer Security in IoT

At the application layer, securing communication between IoT devices and applications is crucial to ensure
data privacy, integrity, and confidentiality.

a) CoAP (Constrained Application Protocol)

 Description: CoAP is a lightweight, HTTP-like protocol designed for constrained devices. It is

widely used for M2M and IoT applications.
 Security Considerations:
o DTLS: CoAP uses DTLS (Datagram Transport Layer Security) to secure communication by
providing encryption, integrity, and authentication.
o OSCOAP: OSCOAP is a specific security extension of CoAP for constrained environments,
enabling end-to-end encryption of message payloads.
o Access Control: Access control policies can be implemented using tokens, roles, or policies
to ensure authorized users access the IoT service.

b) MQTT (Message Queuing Telemetry Transport)

 Description: MQTT is a lightweight messaging protocol widely used in IoT applications, especially
in scenarios requiring real-time communication and low-bandwidth.
 Security Considerations:
o TLS/SSL: MQTT uses TLS to secure communication between clients and brokers.
o Authentication: MQTT brokers typically support username/password authentication and
client certificate-based authentication.
o Message Integrity: MQTT messages can be signed or checked for integrity to prevent
tampering.
o Authorization: Access control mechanisms ensure that only authorized devices or users can
publish or subscribe to specific topics.

c) RESTful APIs

 Description: RESTful APIs are widely used for communication between IoT devices and
applications. They enable stateless, scalable interaction through standard HTTP methods (GET,
POST, PUT, DELETE).
 Security Considerations:
o OAuth2: Used for token-based authentication and authorization, allowing secure access to
APIs.
o JWT (JSON Web Tokens): Often used in IoT to authenticate API requests and verify the
identity of the client.
o TLS: Protects data transmitted via REST APIs by encrypting HTTP traffic.
o API Rate Limiting: To prevent DoS (Denial of Service) attacks, REST APIs can implement
rate limiting and other abuse-prevention mechanisms.

Page | 6
Unit-5