Cryptography is the process of securing information by transforming the information into a secure format and vice versa. In other words, encrypting and decrypting the formation to secure it. Firstly, let’s understand the security issues in IoT to understand the role of cryptography in securing IoT devices.
IoT Architecture
In short, IoT has three layers of architecture i.e., the Perception layer, the Network layer, and the Application layer.
- Firstly, The Perception layer is concerned with collecting and sensing the information on IoT objects. The collection of information is done in this layer with the help of different devices such as sensor nodes, smart cards, and RFID tags.
- Secondly, The Network layer is concerned with managing wireless and wired connections. that is to say, It transfers the gathered data through the sensors and computers across the wired and wireless networks.
- Finally, The Application layer is the interface between the applications and the end-users. Certainly, It provides the means for communication between them.
Security Concerns at Perception layer
| Unauthorized access | Due to physically capture or logic attacked, the sensitive information at the end-nodes is captured by the attacker |
| Availability | The end-node stops to work since physically captured or attacked logically |
| Routing attack | Certainly, Attacks on a routing path |
| Denial of Services (DOS) | In short, an attempt to make an IoTend-node resource unavailable to users |
| Transmission threats | Threats in transmission, such as interrupting, blocking, data manipulation, etc. |
Security Concerns at Perception layer
| Data breach | Information release of secure information to an untrusted environment |
| Transmission threats | Threats in transmission, such as interrupting, blocking, data manipulation, etc. |
| Denial of Services (DOS) | In short, an attempt to make an IoTend-node resource unavailable to users |
| Routing attack | Certainly, Attacks on a routing path |
| Malicious code | For example Virus, junk message that can cause software failure |
Security Concerns at the Application layer
| Remote configuration | In short, Fail to configure at interfaces |
| Misconfiguration | To sum up, Mis-configuration at remote IoT end-node, end-device, or end-gateway |
| Security Management | Logs and keys leakage |
| Management system | Failure of the management system |
- Above all, the area of use of cryptography in the internet of things is in securing the communication channels.
- IoT-centric communication protocols, for example, MQTT and AMQP allow developers to use Transport Layer Security (TLS) to ensure all data sent over the network is unreadable to outside parties.
- TLS is the rightful heir to the better-known standard known as Secure Sockets Layer (SSL), which was the long-time standard for web encryption (see HTTPS) but is now considered insecure.
- TLS ensures that data between two entities is not readable nor prone to manipulation by third parties.
- In addition to encrypting the main data connections, it’s also important to encrypt any available secondary communication channels such as those use for maintenance or customer features.
- For instance, if an IoT device comes with a web portal for use by consumers (think of a web interface for a printer) that should also come encrypted by default.
- That is to say, anyone on the same network could intercept usernames, passwords, or use session data to impersonate those logged in to control these devices. For the same reason, insecure maintenance interfaces like telnet should be shuttered in favor of secure approaches like Secure Shell (SSH).
According to recent research, Cryptography (or more specifically, Symmetric Cryptography) will be a key point in order to provide security for IoT environments. Therefore, in addition to confidentiality, integrity, privacy, availability, suitability, non-repudiation, and trust, security technologies including cryptography have also become relevant in this domain.
