Internet of Things Security: Architectures and Security Measures

Preface
Contents
List of Figures
List of Tables
1 Introduction
	1.1 The Concept of Internet of Things
	1.2 Techniques and Applications of IoT
	1.3 The Components of an IoT System
	1.4 IoT Industries and Their Characteristics
		1.4.1 Characteristics of Mart Logistics
		1.4.2 Characteristics of Intelligent Transport Systems
		1.4.3 Characteristics of Smart Home
		1.4.4 Characteristics of Intelligent MedicalSystem/WIT120
	1.5 Security and Privacy Issues in IoT
	1.6 Summary
	References
2 Architectures of the Internet of Things
	2.1 Introduction
	2.2 The Basic Three-Layer Architecture of IoT
		2.2.1 IoT Architecture Based on Data Flow: A Basic IoT Architecture
			2.2.1.1 The Perception Layer
			2.2.1.2 The Network Layer
			2.2.1.3 The Processing Layer
		2.2.2 Where to Place Fog Computing and EdgeComputing
	2.3 IoT Architecture Based on IoT Devices: The Sea-Cloud Architecture
	2.4 A Four-Layer Architectures of IoT
	2.5 A Five-Layer Architecture of IoT
	2.6 A Six-Layer Architecture of Fog Computing
	2.7 The Six-Domain Architecture of IoT
	2.8 Summary
	References
3 IoT Security Architecture
	3.1 Introduction
	3.2 A Layered IoT Security Architecture
	3.3 A ``4+2\'\' Structure of IoT Security Architecture
	3.4 IoT Perception Layer Security Mechanisms
		3.4.1 Perception Layer Security Requirements
		3.4.2 Security Threats and Methods of Protection for IoT Devices
		3.4.3 Security Threats and Methods of Security Protection for Up-Stream Data
		3.4.4 Security Threats and Methods of Security Protection for Down-Stream Data
	3.5 How to Ensure IoT Perception Layer Security
	3.6 IoT Network Layer Security Mechanisms
	3.7 Typical Security Techniques for IoT Network Layer
	3.8 IoT Processing Layer Security Mechanisms
	3.9 IoT Application Layer Security Mechanisms
	3.10 The Establishment of Trust and Key Management in IoT Systems
	3.11 Operational Supervision and Security Evaluation
	3.12 Summary
	References
4 Fundamentals of Cryptography
	4.1 Introduction
	4.2 Cryptographic Algorithms and Their Security Services
		4.2.1 Data Encryption
		4.2.2 Symmetric Key Encryption Algorithms
		4.2.3 Structures of Symmetric Block Ciphers
		4.2.4 Modes of Operation of Symmetric Block Ciphers
		4.2.5 Public Key Cryptosystems
		4.2.6 The RSA Public Key Cryptosystem
		4.2.7 The Advantages and Disadvantages of Different Types of Ciphers
		4.2.8 Cryptographic Functions and Their SecurityServices
	4.3 Deterministic and Probabilistic Encryptions
		4.3.1 Elgamal Public Key Cryptosystem
		4.3.2 Turning a Deterministic Encryption Algorithm into Probabilistic Behavior
	4.4 Cryptographic Hash Functions and Message Authentication Codes
		4.4.1 Cryptographic Hash Functions
		4.4.2 Applications of Hash Functions: (1) Message Authentication Codes
		4.4.3 Applications of Hash Functions: (2) Digital Signature Algorithms
	4.5 The Lightweight Features of Cryptographic Algorithms
	4.6 Summary
	References
5 Trust Mechanism and Key Management in IoT
	5.1 Introduction
	5.2 Properties of the Relation of Trust
	5.3 How to Set Up an Initial Trust
		5.3.1 Initial Trust Set-Up Based on Symmetric Key Cryptosystem
		5.3.2 Initial Trust Set-Up Based on a Public Key Cryptosystem
	5.4 Types of Identities in IoT Systems
		5.4.1 Named Identities
		5.4.2 Address-Based Identities
		5.4.3 Tag Identities
		5.4.4 The Authenticity of Identities
		5.4.5 The Authenticity of Anonymous Identities
	5.5 Identity Authentication Protocols
		5.5.1 Methods of Authentication
		5.5.2 Authentication Based on Shared Key
		5.5.3 Password-Based Authentication Protocols
		5.5.4 Public Key Based Authentication
		5.5.5 Schnorr Identity Authentication Protocol
	5.6 Key Management
		5.6.1 Symmetric Key Management
		5.6.2 Diffie-Hellman Key Agreement Protocol
		5.6.3 Man-in-the-Middle Attack on Diffie-HellmanProtocol
		5.6.4 Symmetric Key Distribution Using a Public Key Cryptosystem
	5.7 Introduction of PKI
		5.7.1 What is Public Key Certificate
		5.7.2 The X.509 Public Key Certificates
		5.7.3 The Trust Relations When There Is More than One CA
	5.8 Lightweight PKI for IoT Applications
	5.9 Summary
	References
6 IoT Perception Layer Security
	6.1 Introduction
	6.2 Security Threats in IoT Perception Layer
		6.2.1 Security Threats and Countermeasures Against Eavesdropping Attack
		6.2.2 Security Threats and Countermeasures Against Traffic Analysis Attack
		6.2.3 Security Threats and Countermeasures Against Impersonation Attack
		6.2.4 Security Threats and Countermeasures Against Data Modification Attack
		6.2.5 Security Threats and Countermeasures Against Laboratory Analysis
		6.2.6 Security Threats and Countermeasures Against Cloning Attack
		6.2.7 Security Threats and Countermeasures Against Sybil Attack
		6.2.8 Security Threats and Countermeasures Against Energy Exhaustion Attack
		6.2.9 Security Threats and Countermeasures Against Replay Attack
		6.2.10 Security Threats and Countermeasures Against Botnet Control
	6.3 Some Special Features of IoT Perception Layer Security
	6.4 Summary
	References
7 IoT Network Layer Security
	7.1 Introduction
	7.2 Security Threats in IoT Network Layer
	7.3 Network Security Protocols
		7.3.1 Network Architecture Models
		7.3.2 Internet Protocol Security (IPSec)
		7.3.3 Secure Socket Layer (SSL)
	7.4 Security Techniques in Mobile Communication Networks
		7.4.1 Security Techniques in 2G Mobile Communication Networks
		7.4.2 Security Techniques in 3G Mobile Communication Networks
		7.4.3 Security Techniques in LTE Mobile Communication Networks
	7.5 Security Techniques in LPWAN
		7.5.1 Security Techniques in NB-IOT
		7.5.2 Security Techniques in LoRa
	7.6 Summary
	References
8 IoT Processing Layer Security
	8.1 Introduction
	8.2 Security Threats in IoT Processing Layer
	8.3 Database for IoT Processing Layer
	8.4 Access Control Policies Applicable to IoT Processing Layer
	8.5 Security Mechanisms in Cloud Computing
		8.5.1 The Security Mechanism of Cloud Computing Platforms
		8.5.2 The Security Mechanism of Data Storage
		8.5.3 The Security Mechanism of Virtual Computing
		8.5.4 Security Mechanisms in Cloud Data
	8.6 Summary
	References
9 Privacy Protection in IoT Applications
	9.1 Introduction
	9.2 Privacy Protection by Identity Anonymity
		9.2.1 Group Signatures for Limited Identity Anonymity
		9.2.2 Ring Signatures for Limited Identity Anonymity
		9.2.3 Some Practical Tools for Privacy Protection
	9.3 Privacy Protection Based on Data Linkage
	9.4 Location Privacy Protection
		9.4.1 Location Privacy Protection by Hiding the Location Information
		9.4.2 Location Privacy Protection by Hiding the Identity Information
		9.4.3 Location Privacy Protection by Fake Location Information
		9.4.4 Location Privacy Protection by Fuzzy Location Information
	9.5 Graded Privacy Protection
	9.6 Summary
	References
10 RFID System Security
	10.1 Introduction
	10.2 Introduction of RFID Systems
	10.3 Security and Privacy Issues in RFID Systems
		10.3.1 RFID Tag Cloning Attack and Security Techniques
		10.3.2 RFID Tag Tracking Attack and SecurityTechniques
		10.3.3 RFID Relay Attack and Distance BoundingProtocols
	10.4 Summary
	References
11 On the IT Security and the OT Security in IoT
	11.1 Introduction
	11.2 The IT Security and OT Security in the PERA Model
	11.3 IT Security Versus OT Security
	11.4 Characteristics of Network Attacks Targeting at OT Security
	11.5 Characteristics of OT Security
	11.6 The Limitations of IoT Attackers
	11.7 Other Security Measures Related to OT Security in IoTSystems
		11.7.1 Stability of IoT Systems
		11.7.2 The Robustness of IoT Systems
		11.7.3 The Controllability of IoT Systems
	11.8 Compliance Verification of Commands in IoT Systems
	11.9 On the Intrusion Tolerance Mechanisms in IoT Systems
		11.9.1 External Data Source
		11.9.2 External Computation
		11.9.3 External Communication
		11.9.4 Human Interference
	11.10 An Architectural Construction of Intrusion Tolerance Scheme for IoT
		11.10.1 Traditional Intrusion Tolerance Techniques
		11.10.2 A Practical Intrusion Tolerance Technique for OT Security Based on Architectural Design
		11.10.3 Security Protection Modes of the Intrusion-Tolerance Architecture
		11.10.4 A Preliminary Security Analysis on the Proposed Intrusion-Tolerance Architecture
		11.10.5 On the Reliability of the Proposed Intrusion-Tolerance Architecture
	11.11 Some Suggestions on Security Protection of IoT Systems
	11.12 Summary
	References
12 A Comprehensive Set of Security Measures for IoT
	12.1 Introduction
	12.2 The Special Features of IoT Security Versus Traditional IT System Security
	12.3 Security Measures and Test Methods for IoT PerceptionLayer
		12.3.1 Physical Security Measures
			12.3.1.1 Security Measures for IoT Devices
			12.3.1.2 Security Measures on Effects from Environment to Equipment
			12.3.1.3 Security Measures on Effects from Equipment to Environment
			12.3.1.4 Advanced Security Measures
		12.3.2 Execution Environment Security Measures
			12.3.2.1 Security Measures on Passwords
			12.3.2.2 Security Measures on Important Data in IoT Devices
			12.3.2.3 Security Measures on Application Software
			12.3.2.4 Security Measures on Operating Systems
		12.3.3 Network Security Measures
			12.3.3.1 Security Measures on Network Ports
			12.3.3.2 Security Measures on Identity Authentication
			12.3.3.3 Security Measures on IoT Gate Nodes
		12.3.4 Data Security Measures
			12.3.4.1 Security Measures on Data Storage
			12.3.4.2 Security Measures on Data Communication
			12.3.4.3 Security Measures on Data Backups
		12.3.5 Key Management Security Measures
		12.3.6 Availability Related Security Measures
	12.4 Security Test Methods in General
		12.4.1 Existence Examination Test
		12.4.2 Correctness Examination Test
		12.4.3 Suitability Examination Test
		12.4.4 Human On-site Examination Test
		12.4.5 Validity Test
		12.4.6 Attack Simulation Test
			12.4.6.1 Attack Simulation on Data Integrity Service
			12.4.6.2 Attack Simulation on Data Source Authentication
			12.4.6.3 Attack Simulation on Data Freshness
	12.5 Test Methods of Some Specific Security Functionalities
		12.5.1 Test Methods of Data Encryption
		12.5.2 Test Methods of Message Authentication Code
		12.5.3 Test Methods of Identity Authentication
	12.6 An Example of Lightweight Security Implementation and Its Security Test
		12.6.1 A Lightweight Security Protocol
		12.6.2 The Security Services That the Protocol CanProvide
		12.6.3 Security Test on the Lightweight Security Protocol
	12.7 Summary
	References