Module-3

Prototyping and Designing

the Software for IoT
Applications

Dr. Vijay Kumar Gowda B N

INTRODUCTION

• Figures 1.3 to 1.5 showed that in order to develop the IoT software five levels are
needed:
(i) Gather + Consolidate, (ii) Connect, (iii) Collect + Assemble, (iv) Manage and
Analyse and (v) Applications and Services.
• The methods of developing software, which are used at levels of IoT devices, gateways,
Internet connectivity and web and cloud applications.

The understanding of these terms will enable the reader ease in learning the
development processes for software including the APIs:

Dr. Vijay Kumar Gowda B N

 PROTOTYPING EMBEDDED DEVICE SOFTWARE

• The previous chapter described prototyping and development boards—Arduino, Intel

Galileo, Edison, Raspberry Pi, BeagleBone and mBed. Prototype development of the
programs requires bootloader, OS and IDE. Software embeds into a device platform.
• First level in IoT architectural concept is gathering (data from devices/sensors) +
consolidating (enriching). Second level is connection to the Internet. An IDE enables
development of software for functions at first and second levels. IDE may also enable
usages of the OS or RTOS functions at an embedded device.
• Bootloader firmware stores at flash/ROM of a microcontroller in a device and enables
communication with a computer having an IDE. The IDE, in general, consists of the
APIs, libraries, compilers, RTOS, simulator, editor, assembler, debugger, emulators,
logic analyser, code burner, and other software for integrated development of the
system.
• An IDE may be an open source. For example, Arduino has an open source IDE which is
downloadable from the Arduino website. IDE enables the development of codes on a
computer, and later on downloading (pushing) of codes on to embedded device, such
as Arduino or microcontroller board. The code-burner places codes into flash memory
or EEROM or EPROM. The specific application codes are thus embedded into the
device.
Dr. Vijay Kumar Gowda B N
Programming Embedded Device Arduino Platformusing IDE
• Arduino board can be programmed using avr-gcc tools. The Arduino board has a pre-
installed bootloader embedded into the firmware.
• Arduino programmer develops the codes using a graphical cross-platform IDE.
Arduino provides simplicity.
• IDE of Arduino board also has simplicity, is based on processing language and makes
the programming easy.
• The board connects to a computer which runs the IDE.
• The bootloader program hand overs the control and enables running of the loader,
which loads the required OS functions and software into the system hardware and
networking capabilities into the board.
• The Arduino bootloader provisions for multitasking by the usage of interrupt
(analogous to eventing) handing functions for each task. Multitasking is done by
assigning multiple values of a number n for the tasks (n > 0).
• When an instruction for interrupt; for example, INT n executes, then interrupt-
handing function n is called for execution. Each task or thread can have the number
n associated with it. Interrupt-handing function, similar to a callback(n) executes on
event n or similar to catch function on exception n.
• The IDE consists of a set of software modules, which provide the software and
hardware environment for developing and prototyping the software for a specific
device platform.
• First, a computer downloads an appropriate IDE version, as per the computer OS. A
computer usually runs Windows or Dr. Vijay Kumar Gowda B N
Mac OS X or Linux.
• The bootloader enables the computer to push the developed codes into a board
using the Arduino IDE through a USB cable or a labelled serial port.
• Arduino bootloader need not initiate the upload of OS, as done in a computer where
bootloader loads the OS from the secondary disk.
• The Arduino IDE is available from the website of Arduino.
• A programmer downloads the required IDE version. IDE runs on the computer and
enables the development of the codes, their simulation and upload (embedding) on
to the device platform.
• The Arduino IDE includes a C/C++ library.
• The library is called Wiring for a project of the same name with open source module
at a website.
• The Wiring library functions make coding easy for the Arduino IO operations.

Dr. Vijay Kumar Gowda B N

 Development of the Codes
• Arduino IDE functions as a file editor for the codes using the Processing environment and
library functions.
• The editor provides automatic indentation, highlights the syntax of the codes and matches
braces.
• The edited file compiles, checks and lists errors, if no errors, enables pushing of codes for
embedding onto the board through serial or USB port.
• Simplicity of Arduino is clear from the fact that only two functions are necessary to define
executable program functions for the board, namely, setup() and loop().
• The function setup() runs at the start and is used for initialising settings, and function
loop() has a program in endless loop using statement ‘while (true) {statements ;}’ which
runs till power off.
• A serial monitor at the IDE enables messages from the embedded software for the
microcontroller into the computer screen where the IDE is setup.
• The messages are required during testing and debugging the downloaded software during
test stages.

Dr. Vijay Kumar Gowda B N

Using GPIO Pins
• Assume that a programmer is well versed in C/C++ programming.
• Example 9.1 shows how to program GPIO pins and serial monitor at the IDE (for
computer screen display) using Arduino IDE C/C++.
• The example is for switching on only of north and south pathways TLs.
• Next example will describe full control of traffic lights for all four pathways
sequentially and also use of an internal LED for testing the successful running of
the program.
Example 9.1: Programming for Arduino controlled traffic-control lights (TLs) at a road
junction:
Assume Arduino Uno board as an embedded device platform (Section 8.4.1) for the
following project: three TLs—Red, Yellow and Green needs to be controlled on each of
the four north, east, south and west clockwise pathways.
Let twelve GPIO pins on Uno connect twelve number externally connected LEDs, R0, Y0,
G0, R1, Y1, G1, R2, Y2, G2, R3, Y3, and G3, (four sets of three R, G, Y LEDs each). The
port LEDs represents the TLs during the prototype-development and testing-stage.
How can the port LEDs be On-Off programmed so that north and south pathways
directed roads and traffic is switched on and east and west pathways traffic switched
off?

Dr. Vijay Kumar Gowda B N

Example 9.2 is for a complete program for switching on and off of north and south
pathways and east and west pathways, after intervals of 10 s each. The LEDs in ON
states remain so for 30 s period. Function delay() provides the period of 30 s and
also the intervals of 10 s between switching on of traffic along north and south
pathways and switching on of traffic along east and west pathways. Test LED switch
off for 6s between the successive repeat cycles.

Dr. Vijay Kumar Gowda B N

 Reading from the Sensors and Devices
Using ADC Analog Input
• Assume a temperature sensor is used for measuring between 0 degree and 100
degree Celsius.
• A sensor sends analog output at an analog input of a 10 bit ADC
• An ADC output converts to serial by a parallel input to serial-output (PISO) converter.
• The serial output connects to the serial SPI input pin at Arduino Uno board.
• An RH% sensor can also be used in a similar manner where measured value is in RH%
in place of degree Celsius .
• The ADC output for a sensor at 100 degrees is decimal 1023 (=binary 1111111111)
and decimal 0 (=0000000000) for 0 degree.
• Example 9.3 explains the usage of analog read functions for the Arduino.
Using the Libraries
Sections 7.5 described software serial libraries and their usages for data communication
using serial bus protocols, UART, I2C, USB and CAN. Section 8.3.6 described mBed device
platform libraries. The library functions can directly be used during coding.
Using the Timers
Timer functions are required in a number of applications. A number of timer libraries are
available. A set of timer functions library is available online.9 MsTimer stands for
millisecond timers with two states. It holds a simple usage (Example 9.4). It has two
functions set() and start(). First one Dr.
setsVijaythe timer
Kumar Gowdafor
B N interrupt after a preset interval and
second one to start running the timer.
Using Software Serial Library
• A serial interface library has functions to read and write as per serial protocols.
• A protocol based communication first transmits the header bits. These may include the
address of the device or registers (control, data, status or other registers).
• The data bits transmit after header bits and control bits, if any.
• End-bits transmit in the end.
• Each serial protocol has specific ways of formatting and sequencing during
communication.
• UART protocol based communication uses two signals, denoted by Tx or TxD (for serial
transmission of header, data and other bits) and Rx or RxD (for serial reception).
• Assume that baud rate is 2400. Then, 240 times a new set of 8-bits data transmits in
one second.
• 10 bits transmit for each set for data, character, command or address.
• A byte represents a character in a string, a sensed data and command for receiving
device or address of destined or receiving device.
Using I2C Serial Protocol
• I2C protocol is communication protocol for a serial-bus that communicates in
synchronous mode.
• A device transfers data as a master or slave.
• Master means the device can address and communicate with a number of slaves.
Master sends clock pulses to the slave devices for synchronisation. Maximum
connected devices can be up to 127.
Dr. Vijay Kumar Gowda B N
 DEVICES, GATEWAYS, INTERNET AND WEB/CLOUD SERVICES
SOFTWAREDEVELOPMENT

• The connected devices in IoT/M2M use the CoAP and LWM2M web-
communication protocols and messaging-protocols, such as message-cache,
Message Queue Telemetry Transport (MQTT), and Extensible Messaging and
Presence (XMPP).
• MQTT is a publish/subscribe (Pub/Sub) protocol. The devices connect, network
and communicate over the web. They use the communication gateway, SOAP,
REST, RESTful HTTP and WebSockets.
• Figure 3.1 showed the connected devices, protocols and usages of the Internet in
IoT/M2M applications and services.
• Figure 9.1 shows five levels for software development for applications and
services in the IoT or M2M. The software needs are for the devices, local network,
gateway, cloud/ web connectivity and web/cloud APIs.

Dr. Vijay Kumar Gowda B N

Dr. Vijay Kumar Gowda B N
• Software, such as Eclipse IoT, enable the development of software for the first, second and
third levels.
• The software enables the device gateways connectivity to the Internet and cloud server.
• Eclipse IoT enables open source implementations of IoT protocols. The implementable
protocols include MQTT CoAP, OMA-DM and OMA LWM2M and Internet connectivity
protocols
Use of Software Stack for an Intended Complete Solution
• Now consider the software for higher levels. Each level has characteristic
complexity and fragments.
• The connected devices use a variety of protocols, such as LWM2M, CoAP,
MQTT, and methods for connecting to the web. Web communication uses the
Gateway, SOAP, REST, RESTful HTTP and WebSockets functions.
• A stack is a full set, consisting of frameworks, applications and services that are
minimum needs for intended complete solution.

Dr. Vijay Kumar Gowda B N

End-to-End IoT Solutions with Java using Eclipse IoT Stack

• Open Services Gateway Initiative (OSGi) provides and maintains open standard
specifications.
• OSGi describes the specification of management of Java packages/classes in a modular
system, which enables the implementation of a complete and dynamic component
model.
• A component means software which can reuse a core set of frameworks and services
for provisioning the solutions.
• The components and applications deploy in the form of bundles and can be remotely
installed, started, stopped, updated, and uninstalled without requiring system reboot.
• OSGi in addition gives specifications for service platforms in Java language.
• The component or application life-cycle management uses a set of APIs. When a
service registers, then service bundles detect the deletion or addition of new services
and get adapted.

Dr. Vijay Kumar Gowda B N

 Programming MQTT clients and MQTT
Server
• A communication mode is request-response mode.
• An HTTP client makes a request to a server which sends a response.
• The client is said to pull the required messages (data) in response.
• When physical devices, such as streetlights exchange data between each other, or
when other system, such as a central server or controller, controls them, then data
exchanges are just 10s of bytes. The devices need a lightweight method in place of
the HTTP.
• A communication mode is pub-sub mode. MQTT protocol provides for three
objects:MQTT clients at the devices, MQTT broker and MQTT clients at the
application(s).
• Assume that a device, such as a streetlight deploys MQTT client for sending the
sensed data and receives commands from the application end through a broker
(intermediate server).
• MQTT-client, unlike HTTP, does not have to pull the messages (commands) which
the device needs for its control. An MQTT broker pushes the messages to the client,
provided a client has subscribed to those. A broker functions like a dashboard,
where the messages first reach from the sources and from there the messages then
dispatch to the subscribers
Dr. Vijay Kumar Gowda B N
Example 9.11 gives an Eclipse Paho Java implementation of MQTT clients broker
architecture.

Dr. Vijay Kumar Gowda B N

 Module-3
Chapter-2
Introduction to IOT Privacy and
Security

Dr. Vijay Kumar Gowda B N

INTRODUCTION
• International organisations are making a number of efforts towards
ensuring that IoT design must ensure trust, data security and privacy.
• Trust is important. For example, consider the messages and video clips
of the operations from the ATMs to server. A user places the trust in
the bank that sensitive information will not bedisclosed which can
harm the user.
• Security is important. For example, consider the ATM messages. They
should communicate on Internet securely. The security distortions can
lead to serious consequences.
• A smart city security is also important. The city deploys smart health,
public safety, transport, and deploys IoT and smart home applications
and services. An organization has taken initiative for solving cyber
security problems in smart cities.
• Privacy is important. The video clips communicate on the Internet in a
smart home security application. If the clips reach unrelated entities, it
can lead to serious breach of home security

Dr. Vijay Kumar Gowda B N

 VULNERABILITIES, SECURITY
REQUIREMENTS AND THREAT ANALYSIS
Explain the requirements of privacy and security, vulnerabilities from threats and
threat analysis in IoT

Privacy
• Message privacy means that the message should not reach into the hands of the
unrelated entities.
• When data or messages communicate from the things (device platforms), those
are meant only for the applications or services and for targeted goals only.
• Privacy also means no interference or disturbance from other. Consider an
example of messages from embedded devices in an automobile using the Internet
to an automobile service centre (Example 5.2).
• Privacy means the messages reach only the centre and used only by the services of
the centre. Another automobile company on whose hands the data falls may face
serious business consequences.

Dr. Vijay Kumar Gowda B N

• IoT necessarily need privacy policy. A privacy policy needs to determine that
‘how much of the IoT devices data and which data need absolute privacy and
which need limited privacy’.
• Company authorities need the support for accessing the data which may be
private for individuals.
• The authorities also need to respect the individual customer needs of privacy
and understand that privacy is a legitimate human need.
• Privacy policy vendors should take privacy seriously. They must respect their
customers enough to understand that the privacy is a legitimate human need.
• National Institute of Standards and Technology (NIST), USA is developing the
standards for privacy.
• A system may be secure but may inadvertently breach the privacy of an
individual.
• A tracking service may track a vehicle while does not want his/her
movements to be tracked.
• Security authorities and agencies need support for accessing data which may
be private for individuals.
• The authorities also need to respect the individual’s needs.
Dr. Vijay Kumar Gowda B N
Vulnerabilities of IoT
• Vulnerability means weak without complete protection, weakness to defend
oneself or can be easily influenced from surrounding unwanted things from
itself.
• An IoT security article describes that there are many vulnerabilities, due to
participation of the number of layers, hardware sublayers and software in
applications and services.
• The nature of IoT also varies. For example, sensors, machines, automobiles,
wearables, and so on.
• Each faces different kind of vulnerabilities and has complex security and
privacy issues.
• IoT network can be vulnerable to eavesdropping. Eavesdropper creates
security issues.
• An eavesdropper, say E, listens to the messages and commands in the network
during communication and obtains confidential messages. A server at E sends
fake commands which a server S for the devices data assumes that are from
the devices or applications. S issues responses for the device operations in
response to requests from E. E listens these responses. A fake device at E can
be used to send the device data, such as sensor data, requests and commands
from E for disrupting the control system.
• Use of secret keyencryption can protect the messages to and from device,
server, application or service. Dr. Vijay Kumar Gowda B N
• The key is a device software-generated string which can be cracked by trying
large number of combinations.
• Open Web Application Security Project10 (OWASP) has undertaken the
associated security issues of IoT for the purpose of helping developers,
manufacturers and consumers.
• OWASP is open source and has free to use licensing policy.
• OWASP has undertaken a number of security related subprojects, such as ones
for defining, the ‘Top Vulnerabilities’, ‘Attack Surface Areas’ and Testing Guides’.
• OWASP has identified top ten vulnerabilities in IoT applications/services as
follows:
o Insecure web interface
o Insufficient authentication or authorisation
o Insecure network services
o Lack of transport encryption/integrity verification
o Privacy concerns
o Insecure cloud interface
o Insecure mobile interface
o Insufficient security configurability
o Insecure software or firmware
o Poor physical security

Dr. Vijay Kumar Gowda B N

Security Requirements
• IoT reference architecture means a guide for one or more concrete
architects.
• IoT reference architecture is a set of three architectural views—
functional, information, and deployment and operational.
• A functional view is from F. Carrez and co-workers. Security is one of the
functional groups (FG) of the functional view. FG for security consists of
security functions between the application and device.
• Security FG contains five sets of functions which are required for
ensuring security and privacy. Large number of devices, applications and
services communicate in IoT.
• Five functional components (FCs) of security are defined in IoT reference
architecture.
Following are five functional components (FCs):
1. Identity management (IdM)
2. Authentications
3. Authorisation
4. Key exchange and management
5. Trust and reputation
• Figure 10.1 lists the functions of a security function group in functional
view in IoT reference architecture.
Dr. Vijay Kumar Gowda B N
Dr. Vijay Kumar Gowda B N
The block diagram represents the security function group components in a functional view
within an IoT (Internet of Things) reference architecture.
Device Network:
This part on the left represents the various IoT components, such as tags, activation
mechanisms, sensing devices, storage, and data processing elements. These components
are essential in collecting and managing data within the IoT environment.
Security Layer:
The central section outlines the security functions critical to protecting IoT devices and
data. It includes:
Identify Management: Ensures that each device or entity is uniquely identifiable
within the network.
Authentication: Verifies the identity of devices or users trying to access the network.
Authorization: Manages permissions, defining what each device or user is allowed to
do.
Key Exchange and Management: Facilitates secure communication through
encryption, ensuring keys are properly distributed and managed.
Trust and Reputation: Builds trust within the IoT ecosystem, maintaining device
reputation and network integrity.
These security functions interact with both the Device Network and the Application Support
Layer.
Dr. Vijay Kumar Gowda B N
Application Support Layer (APIs/Software):
This section on the right represents the layer where applications and business
applications reside. These applications utilize data from IoT devices and are protected by
the security functions.
The layer includes:
Applications: Generic software solutions that may use data from the IoT network.
Business Applications: Specific software solutions tailored to business needs and
using IoT data for analysis, decision-making, and automation.
The arrows indicate bidirectional communication and interactions between the Device
Network, Security Layer, and Application Support Layer. This setup ensures that security
functions are integrated across the architecture, providing consistent protection for data,
devices, and applications in an IoT environment.

Dr. Vijay Kumar Gowda B N

Threat Analysis
• A threat-analysis tool first generates the threats and analyses a
system for threat(s).
• Threat analysis means uncovering the security design flaws
after specifying the stride category, data flow diagram,
elements between that the interactions occuring during the
stride, and processes which are activated for analysis. Stride
means a regular or steady course, pace or striding means,
passing over or across in one long step (set of statements when
considering a threat to a software component).
• Stride means taking a long step for dainty little steps.
• Example 10.2 shows the case of a threat-analysis tool for
analysis during a stride.

Dr. Vijay Kumar Gowda B N

This model highlights potential points of vulnerability (such as HTTP connections over the
Internet) and establishes boundaries to secure the application’s sensitive processes and data.
The security boundaries and data flow indicate areas where threat mitigation strategies may
be needed, like encryption, authentication, and access control.
Dr. Vijay Kumar Gowda B N
• Figure 10.2 shows an example of tool usage for threat analysis during a web service
interaction between the application and web.
• Examples of element types are process, data store, flow, boundary and an external
specified element.
• Tool predefines a number of threat categories. A new category can also be created.
The tool suggests threat definitions and generates the mitigation solutions
automatically.
• The tool messages on display (analysis view) show the vulnerabilities and the data
flow diagram.
• For example, data flow between the device and application or service. The analysis
view shows threats which are active and which inactive. An example of threat is
‘data store inaccessible’. The view also shows the category in which it is active and
inactive. A stride category example is ‘spoofing’ and threat is ‘spoofing the web
context process’. Another example of threat is ‘denial of servicecategory’

Dr. Vijay Kumar Gowda B N

 IoT SECURITY TOMOGRAPHY AND
LAYERED ATTACKER MODEL
Security Tomography
• Computational tomography means a computing method of producing a three-
dimensional picture of the internal structures of an object, by observation and
recording of the differences in effects on passage of energy waves impinging
on those structures.
• Computational security in complex set of networks utilises the network
tomography procedures of identifying the network vulnerabilities. This enables
design of efficient attack strategies.
• A complex set of networks may be distributed or collaborative. Network
tomography refers to the study of vulnerabilities and security aspects for
network monitoring in a complex system, such as WSNs, RFIDs or IoT networks
and allocating resources and ensuring network reliability and security.
• Monitoring of individual nodes is not fast acting and is also impractical.
Network tomography helps in observing each network section (for example, a
WSN nodes network between two access points) and subsections. The security
tomography means finding attack vulnerable sections/subsections from the
observations for behaviours using a finite number of objects or threats in a
complex set of subsystems. Dr. Vijay Kumar Gowda B N
Layered Attacker Model

Dr. Vijay Kumar Gowda B N

Figure 10.4 shows a layered attacker model and possible attacks on the layers.
Following are the suggested solutions for mitigating the attacks on the layers (OSI
modified six layers IoT Architecture).
Layer 1 Attacks Solution
Solution depends on the devices used. For example, link-level provisioning of security
uses—BT LE link level AES-CCM 128 authenticated encryption algorithm for
confidentiality
and authentication, and ZigBee at link-level security using AES-CCM-128.
Layer 2 Attacks Solution
Programming the network switches to prevent internal node attacks during use of
DHCP or Spanning Tree Protocol (STP). Additional controls may include ARP inspection,
disabling unused ports and enforcing effective security on VLAN’s (Virtual LAN) to
prevent VLAN hopping. VLAN refers to a group of end stations with a common set of
requirements, independent of a physical location.14 VLANs have the same attributes as
a physical LAN but allow you to group end stations even if they are not located
physically on the same LAN segment. LWM2M OMA specification for device gateway to
the Internet has provisions for MAS for security, root key data store, and devices and
data authentication.
Layer 3 Attacks Solution
Use of temper resistant router, use of packet filtering and controlling routing messages
and packets data between layers 3 and 4 through a firewall reduces the risks.
Dr. Vijay Kumar Gowda B N
Layer 4 Attacks Solution
Port scanning method is a solution which identifies the vulnerable port. A solution is the
opening of network ports and configuring effectively the firewall, and locking down ports
only to those required. A solution is DTLS between layers 5 and 4. The DTLS has provisions for
three types of security services, viz. integrity, authentication and confidentiality. A solution is
include SASL (Simple Authentication and Security Layer) for security when using the XMPP
protocol.
Layers 5 and 6 Attacks Solution
Above layer 4, we are looking primarily at application-level attacks which are results of poor
coding practices. Assume an attacker injects the SQL input to extract data from the database
(e.g. SELECT * from USERS). When the application fails to validate the injection, the query
extracts the data.
Web applications/services can use HTTPS communication link. The features of S-HTTP
(Secure HTTP) are as follows:
• Application-level security (HTTP specific)
• Content privacy domain header
• Allows use of digital signatures and encryption, various encryption options
• Server-client negotiations
• Cryptographic scheme is a property assigned for the link
• Specific algorithm is the value assigned
• Direction specification is done, one-way or two-way security

Dr. Vijay Kumar Gowda B N

CISCO suggested layered framework provisions for following solutions:
• Layers 1–6: Role-based security
• Layers 1–4 Anti-temper and detection-based security
• Layers 1–6: Data protection and confidentiality
• Layers 1–6: IP protection

Dr. Vijay Kumar Gowda B N