UNIT 4

IOT WITH CLOUD COMPUTING

PRUDHVI KIRAN P
Assistant Professor, CSE - IOT Dept.
R. V. R. & J. C. College of Engineering
UNIT - 4 [ 13 Periods ]
loT with secure Cloud
Cloud Threats in loT, APl's in loT, Authentication in loT, Strategies for securing loT in Cloud,
Public key Cryptography.

SUBJECT CODE - CO 314 (EL01)

CLASS DETAILS - IOT V SEM - AUGUST 2023
FACULTY DETAILS - PRUDHVI KIRAN P, Asst. Prof., CSE (IOT), RVR&JC College of Engineering
QUESTION BANK - UNIT 4 [Assignment Questions - 2, 3,5]
1. Discuss in detail about various possible threats in IoT ecosystem from “things” to “cloud”.
2. Explain the concept of API with relevant block diagram. Mention few points representing the
role of API’s in IoT.
3. Discuss in detail about “authentication in IoT”.
4. What are the various strategies for securing IoT space in cloud environment.
5. Explain the concept of public key cryptography in detail with relevant block diagram and
mention how it is different from private key cryptography.
END
4.1. Cloud Threats in loT

CLICK THE BELOW LINK

https://drive.google.com/file/d/1JxJd64Qtw39DoAeZeF0QgpCseg7J4fMJ/view?usp=sharing
4.2. APl's in loT
 API stands for Application Programming Interface. APIs are mechanisms that enable two
software components to communicate with each other using a set of definitions and protocols.
For example, the weather office’s software system contains daily weather data. The weather app
on your phone “talks” to this system via APIs and shows you daily weather updates on your
phone.
 In general, API is the term referring to standard framework collection, protocols, and resources
dictating the generic web and mobile application. It defines the communication rules that every
application component must follow while exchanging information with each other.
 Application Programming Interfaces (APIs) are the foundation of IoT; used both to communicate
with the device and to leverage the information from the device, via Internet.
 In IoT specifically, APIs are used to gather and transfer data from the connected device to an
application or computer. They are also used to instruct a connected device to take a particular
action.
 APIs enable users to communicate with connected devices of IoT from anywhere in the world -
both to send information to and receive data from. Without an API, it would be impossible to
run an IoT deployment without having feet on the ground with each device.
User Interface

IoT Devices/Things

Internet/Cloud
 UNDERSTANDING IN DETAIL ABOUT API
https://
medium.com/star-gazers/understanding-apis-everything-you-need-to-know-about-apis-b0bf
53db6adf UNDERSTANDING ABOUT APIs IN IOT
https://www.hologram.io/blog/iot-apis-guide/
4.3. Authentication in loT

CLICK THE BELOW LINK

https://www.nabto.com/iot-device-authentication-comparison-guide/#:~:text=IoT%20device
%20authentication%20is%20all,are%20sharing%20on%20that%20network
.
4.4. Strategies for securing loT in Cloud
 IoT security is a cybersecurity subsect that focuses on protecting, monitoring, and fixing threats
to the Internet of Things (IoT) ecosystem, that involves devices that use sensors, software, or
other technologies to gather, store, and share data via the internet.

Devices in above graphical ecosystem, include traditional endpoints, such as computers, laptops,
mobile phones, tablets and servers, as well as non-traditional items, such as printers, cameras,
appliances, smart watches, health trackers, navigation systems, smart locks, smart thermostats, etc.
1. Implement Better Password Practices
 Sometimes the simplest methods are the most effective. Brute force methods are surprisingly
effective for hackers. Brute force is an attack method used by hackers that consists of automatically
trying to get the correct password by trying numerous times until it gets it right.
 While this method seems like it would take an enormous amount of time, hackers have many ways
of optimizing it. For starters, trying combinations of frequently used passwords makes it a safer bet
that it will eventually get it right. Another useful method is trying the default passwords for every
single device in your system. Remember, since everything is connected with each other in IoT
projects, even an IoT coffee maker without a proper password can compromise the entire project.
This issue can be solved by guaranteeing that good password practices are being applied throughout
the whole project. Apply practices such as:
• Change default passwords as soon as the object is booted up for the first time
• Do not use easily guessable passwords like “12345”, a birthday, a name, “admin”, “password”, etc.
• Incorporate combinations of letters, numbers, and symbols into each of your passwords
• Do not use the same password for every device or even multiple devices
• Use a password manager
• Instead of using a password utilize Public Key Cryptography
2. Encrypt Data When Connected to the Internet
 Data sent through the internet can be accessed and read if it is intercepted by hackers. Using a VPN
with encryption can make your data more secure.
 Encrypting data means taking the plaintext and converting it into a ciphertext, usually by a
randomly generated key. The information gets encrypted from one end, then it gets sent over the
internet, and finally, it gets deciphered on the other end.
 This means that even if your information was accessed by a hacker, it would be impossible to
understand. Encryption is a great tool for guaranteeing the integrity and secrecy of your
information.
3. Use VPN
 Using a VPN (stands for Virtual Private Network) can also change your IP address. A VPN is created
when a point-to-point connection is established with tunneling protocols. This means that your
project’s IP address, the number that identifies any device’s place in a network, can change to
reflect the new one used with the VPN.
 By applying a VPN across your IoT networks, you can make those networks much more robust and
secure. And any Internet-connected device can use a VPN to be a part of a private network. Devices
can range from standard consumer devices like cameras to specialized industrial sensors or other
operational tools.
4. Generating a Local Backup
 Cloud technology is very advantageous, but at the same time, it is also very vulnerable technology
that is prone to attacks. Now-a-days, IoT Device manufacturing companies often give users cloud
storage space free for their purchase. Although it is appealing to have a free item, users must also
be careful about the security measures and make sure that they secure the data and store their
data locally beyond the reach of hackers.
5. Set a Effective Monitoring System
 Implementing a strong IoT security framework can seem challenging in a complex ecosystem with
numerous internal and external parties. Introducing a monitoring system allows proper asset
inventory, visibility, identity, and control of interconnected devices. The approach must be
comprehensive, and following five-stage model is recommended:
 Identify
 Protect
 Detect
 Respond
 Recover
6. Implementing a Network Access Control (NAC)
A NAC solution with a proper switch detects most devices and identifies rogue connections to the
network. It can also apply controls to the devices that are unauthorized.
7. Running an IDS (intrusion detection system) and IPS (intrusion prevention system) on the
network:
 Running an IDS or IPS on the network will offer a good indication of when an IoT device has been
compromised.
8. Secure Communication Protocols:
 Ensure that your IoT devices communicate over secure protocols such as HTTPS or MQTT with
Transport Layer Security (TLS) encryption.
9. Consider patching and remediation efforts
 Patching and remediation involve changing the code of connected devices over time to ensure
optimal security. Before implementing a networked device, organizations must consider if the
device can be patched over time to combat the ever-changing threat landscape.
 Some devices are limited in their capabilities, or are too complex to comprehensively patch.
Therefore, remediation must be considered well before implementing a new IoT device into your
network.
10. Making sure to periodically update the IoT device
 Users need to update the IoT system while automatic updates must be enabled by the
manufacturing company itself so that the device check for official updates automatically.
 This will ensure the automatic installation of security updates on the IoT devices and stops
unauthorized persons from finding new ways of accessing the system.
 Hackers often target outdated devices, so staying up-to-date is a crucial defense against IoT cloud -
attacks.
11. Differentiate Your Product
 All IoT devices are manufactured with giving priority to easy connectivity in mind. IoT devices from
various manufacturers can be used as simple as plug n play. This may provide ease of understanding
and usage to the user; but this may also open way to the threats. So it is always a good practice, to
manufacture your device a little different, in view of connectivity and network access.

12. Using MFA (Multi Factor Authentication)

 One way to achieve a fortified IoT connection is through multi-factor authentication (MFA), which
requires various pieces of evidence to allow access to a device or network. This method is crucial
for the future of IoT, whether it be in smart fridges or health monitoring devices.
13. Conduct penetration testing or evaluation
 Connected devices are innately vulnerable since they are manufactured with ease of use and
connectivity at top of mind. Organizations must perform some kind of evaluation or penetration
testing on the hardware, software, and other equipment of their business before deploying IoT
devices.
 Penetration testing helps identify and understand vulnerabilities, as well as test security policies,
regulatory compliance, employee security awareness, risk response, and more.
 Conducting a pen test before IoT devices are deployed can prevent your organization from serious
IoT threats in the future.
14. Segment your Project
 Segmentation refers to the act of splitting your network into multiple subnetworks. This process can
not only boost performance but also make your project more secure.
 This is done so that in the event of a hacker getting access to one subnetwork of your project, the
other subnetworks are still left inaccessible. This can also be helpful in the scenario of having to
shut down only the compromised subnetwork and have the rest of the project working as normal.
 Network segments of these segments should monitor for anomalous activity, taking action if an
issue is detected. Security gateways.
15. Prepare for Scalability and Future Commissioning
 Introducing new devices to an already existing IoT project can leave some unexpected
vulnerabilities, and this is why you should prepare for the project’s growth from the very beginning.
 When introducing new devices to an existing project, it will be seen by any nearby networks. If you
do not take security and privacy in IoT measures seriously and add them to the project, hackers can
use the new vulnerabilities as a gateway to access your entire project.
 Apply strategies that guarantee that you are not leaving any open ports or that the connection
remains public for an extended period of time.
 Another way to effectively scale up your IoT project is by using a decentralized IoT Application
Enablement Platform (AEP). A decentralized AEP solution allows you to scale up easier by reducing
security risks and having minimal effect on the speed of communication - no matter how big you
get.
16. Deactivate unused devices
 Any IoT device you're not using regularly should be deactivated or unplugged. The fewer the
number of connected devices, the lesser the vulnerability of the network.
 On other hand, unused gear sitting on a network can get very expensive, in terms of network
bandwidth and maintenance.
17. Understanding your IoT Network
 It can be difficult to manage devices across an organization without learning how each device works
and what they do. Having an understanding of connected devices within your organization is the
first step to securing the IoT infrastructure.
18. Avoid Unauthorized Physical Access to IoT devices
 This help prevent unauthorized physical access to IoT devices. By securing the devices themselves,
organizations can mitigate the risk of tampering, theft, or physical attacks.
19. Enable Device Discovery and Complete Visibility
 You can’t secure what you can’t see. For a solution to be viable, it must provide an accurate, real-
time view into all endpoints on your network.
 A viable solution must provide a consolidated view of traditional systems, mobile and IoT devices as
well as virtual machines and cloud instances - regardless of where they are located.
4.5. Public key Cryptography
Public key cryptography involves a pair of keys known as a public key and a private key (a public key
pair. Each public key is published and the corresponding private key is kept secret. Data that is
encrypted with the public key can be decrypted only with the corresponding private key.
 CLICK THE BELOW LINK TO UNDERSTAND MORE ABOUT PKC
https://www.digitalguardian.com/blog/what-public-key-cryptography
UNIT - 4 [ 13 Periods ]

END OF UNIT 4

SUBJECT CODE - CO 314 (EL01)

CLASS DETAILS - IOT V SEM - AUGUST 2023
FACULTY DETAILS - PRUDHVI KIRAN P, Asst. Prof., CSE (IOT), RVR&JC College of Engineering