avatarDr Mehmet Yildiz

Summarize

Cybersecurity / IoT

A Layer-by-Layer Security Review Approach for the Internet of Things

Perspectives from architectural and design goals of IoT security

Photo by fabio on Unsplash

In this article, I provide perspectives on the architectural and design goals of IoT security based on my years of experience in the field.

Emerging technology stacks bring new business challenges. Security for IoT (Internet of Things) has become a global issue, thus attracting business executives who invest enormous funds for cybersecurity and the overall security of IoT initiatives.

They invest in education, maintenance, and prevention activities in this domain. In addition, they invest in appliances, additional applications, and ethical hackers to harden security for the IoT ecosystem in their business.

The security aspect of the IoT solutions needs to be considered both at the macro and micro design phases. In the macro design phase, we develop high-level designs. The key work-product to develop in this phase is a comprehensive Security Model.

During the macro phase, it is difficult to identify the detailed issues, risks and dependencies. Therefore, it is critical to have consulting security subject matter experts at the macro level.

However, during the micro-design phase, the subject matter experts need to be involved in more details. For example, a secure boot for a device can be part of the micro design. In addition, security in IoT Protocols is another important aspect to consider in the micro designs.

Security threats exist at all layers, including physical, datalink, network, transport, session, and application layers. Furthermore, each layer poses its own security challenges. Therefore, we need to check known security threats for each layer in a comprehensive way.

At the Data Link layer, some common IoT security threats can be MAC (Media Access Control) Flooding, Port Stealing, DHCP (Dynamic Host Configuration Protocol) attacks, and ARP (Address Resolution Protocol) Flooding in the IoT ecosystem. Some known resolutions to the Data Link Layer attacks are the use of an Intrusion Detection System, using Dynamic ARP Inspection, and applying Root Guard.

Network layer security for IoT includes devices and appliances such as routers, firewalls, and switches in the IoT ecosystem. Spoofing and DoS (Denial of Service) attacks are some of the most common network layer security threats.

From a network security perspective, there are also several known threats to wireless devices. Some popular attacks for wireless devices can be Eavesdropping, Masquerading, Denial of Service and Message Modification.

At the Transport layer, the IoT security focus is on communication privacy and data integrity. Transport Layer Security (TLS) is a protocol providing cryptography for end-to-end communications security over networks. This protocol is commonly used for Internet communications and online transactions.

TLS is an IETF standard. TLS can prevent tampering, eavesdropping and message forgery. Another transport layer protocol to mention here is SSL (Secure Sockets Layer). SSL is another cryptographic protocol that is used to provide communications security over communication networks.

IoT Application layer security threats are widespread. Some popular ones for your consideration are session hijackers, data exfiltration, zero-day vulnerabilities, CSRF (Cross-site request forgery), SQL Injections (SQLi), and XSS (Cross-Site Scripting) attacks.

One of the popular solutions is the use of a WAF (Web Application Firewall). WAF is used to prevent attacks that take advantage of web application security flaws such as cross-site scripting, SQL injections, and security misconfiguration.

The layer-by-layer security approach may also require engaging additional subject matter experts to help. For example, network layer security threats can be better addressed by a network architect or a network specialist. In some organizations, the role of a network architect and specialist can be combined; hence one person can take the role of the security subject matter expert.

Likewise, the application-level security concerns can be addressed to the application architects or specialists for that specific application if it is a complex application spanning multiple layers in the ecosystem. Some business organisations keep consulting application architects to support security inquiries.

Life cycle management for IoT security is vital.

One of the observed key issues in IoT is limited guidance for life cycle maintenance for the effective administration of IoT devices. When the IoT devices are not maintained well, and especially security patches are not updated on a regular basis, or when alerts happen, we can face ongoing security risks and issues.

To address this concern, architects need to develop a comprehensive Operational Model for the solution and include the life cycle maintenance principles and guidelines in the document. Preparation, review, and approval of the Operational Model can surface many issues that can occur when the IoT solutions are implemented.

A proactive approach to maintaining healthy IoT life cycle management can help address the risks, issues, assumptions, and dependencies at an earlier phase of the solution. This approach helps address security issues related to life cycle management and has a massive impact on the solution's cost-effectiveness.

Thank you for reading my perspectives

An Introduction to IoT Ecosystem for Beginners and Aspiring Entrepreneurs

Reference: A Practical Guide for IoT Solution Architects

If you are a new reader and find this article valuable, you might check my holistic health and well-being stories reflecting my reviews, observations, and decades of sensible experiments.

Sample Health Improvement Articles for New Readers

I write about various hormones and neurotransmitters such as dopamine, serotonin, oxytocin, GABA, acetylcholine, norepinephrine, adrenaline, glutamate, and histamine.

One of my goals as a writer is to raise awareness about the causes and risk factors of prevalent diseases that can lead to suffering and death for a large portion of the population.

To raise awareness about health issues, I have written several articles that present my holistic health findings from research, personal observations, and unique experiences. Below are links to these articles for easy access.

Metabolic Syndrome, Type II Diabetes, Fatty Liver Disease, Heart Disease, Strokes, Obesity, Liver Cancer, Autoimmune Disorders, Homocysteine, Lungs Health, Pancreas Health, Kidneys Health, NCDs, Infectious Diseases, Brain Health, Dementia, Depression, Brain Atrophy, Neonatal Disorders, Skin Health, Dental Health, Bone Health, Leaky Gut, Leaky Brain, Brain Fog, Chronic Inflammation, Insulin Resistance, Elevated Cortisol, Leptin Resistance, Anabolic Resistance, Cholesterol, High Triglycerides, Metabolic Disorders, Gastrointestinal Disorders, Thyroid Disorders, Anemia, cardiac output, and major disorders.

I also wrote about valuable nutrients. Here are the links for easy access:

Lutein/Zeaxanthin, Phosphatidylserine, Boron, Urolithin, taurine, citrulline malate, biotin, lithium orotate, alpha-lipoic acid, n-acetyl-cysteine, acetyl-l-carnitine, CoQ10, PQQ, NADH, TMG, creatine, choline, digestive enzymes, magnesium, zinc, hydrolyzed collagen, nootropics, pure nicotine, activated charcoal, Vitamin B12, Vitamin B1, Vitamin D, Vitamin K2, Omega-3 Fatty Acids, N-Acetyl L-Tyrosine, Cod Liver Oil, and other nutrients to improve metabolism and mental health.

Disclaimer: My posts do not include professional or health advice. I document my reviews, observations, experience, and perspectives only to provide information and create awareness.

I publish my lifestyle, health, and well-being stories on EUPHORIA. My focus is on metabolic, cellular, mitochondrial, and mental health. Here is my collection of Insightful Life Lessons from Personal Stories.

If you enjoy writing and storytelling, you can join Medium, NewsBreak, and Vocal as a creator to find your voice, reach out to a broad audience, and monetize your content.

You may also check my blog posts about my articles and other writers’ articles contributing to my Medium publications. I share them on my website, digitalmehmet.com. Here is my professional bio. You can contact me via weblink.

As a writer, blogger, content developer, and reader, you might join Medium, Vocal Media, NewsBreak, Medium Writing Superstars, Writing Paychecks, WordPress, and Thinkers360 with my referral links. These affiliate links will not cost you extra to join the services.

You might join my six publications on Medium as a writer by sending a request via this link. 22K+ writers contribute to my publications. You might find more information about my professional background.

If you enjoy reading, you may join Medium with my referral link for limitless access to my stories and other writers.

IoT
Internet of Things
Cybersecurity
Technology
Science
Recommended from ReadMedium
avatarAlexander Nguyen
The resume that got a software engineer a $300,000 job at Google.

1-page. Well-formatted.

4 min read
avatarNetflix Technology Blog
Noisy Neighbor Detection with eBPF

By Jose Fernandez, Sebastien Dabdoub, Jason Koch, Artem Tkachuk

8 min read
avatarAbhay Parashar
17 Mindblowing Python Automation Scripts I Use Everyday

Scripts That Increased My Productivity and Performance

14 min read
avatarChristopher Tao
Do Not Use LLM or Generative AI For These Use Cases

Choose correct AI techniques for the right use case families

7 min read
avatarJohnwege
The Bitcoin End Game is Here

4 min read
avatarMichelle Teheux
We Could Learn a Lot About Sex From the Dutch

My Dutch relative’s views shocked me, but I immediately realized she was right

6 min read