Open access peer-reviewed chapter

Adaptive Security Framework in Internet of Things (IoT) for Providing Mobile Cloud Computing

By Feda AlShahwan

Submitted: October 9th 2017Reviewed: February 12th 2018Published: March 22nd 2018

DOI: 10.5772/intechopen.75190

Downloaded: 434

Abstract

Internet of Things (IoT) has immense potential to change many of our daily activities, routines and behaviors. The pervasive nature of the information sources means that a great amount of data pertaining to possibly every aspect of human activity, both public and private, will be produced, transmitted, collected, stored and processed. Consequently, integrity and confidentiality of transmitted data as well as the authentication of (and trust in) the services that offer the data is crucial. Hence, security is a critical functionality for the IoT. Enormous growth of mobile devices capability, critical automation of industry fields and the widespread of wireless communication cast need for seamless provision of mobile web services in the Internet of Things (IoT) environment. These are enriched by mobile cloud computing. However, it poses a challenge for its reliability, data authentication, power consumption and security issues. There is also a need for auto self-operated sensors for geo-sensing, agriculture, automatic cars, factories, roads, medicals application and more. IoT is still highly not reliable in points of integration between how its devices are connected, that is, there is poor utilization of the existing IP security protocols. In this chapter, we propose a deep penetration method for the IoT connected set of devices, along with the mobile cloud. An architecture and testing framework for providing mobile cloud computing in the IoT that is based on the object security, power utilization, latency measures and packet loss rate is explained. Our solution is based on the use of existing security protocols between clients and the mobile hosts as well as a key management protocol between the individual mobile hosts implementing an out-of-band key exchange that is simple in practice, flexible and secure. We study the performance of this approach by evaluating a prototype implementation of our security framework. This chapter, in a preliminary manner, discusses the threats, hacks, misguided packets and over read sensor message. These packets are then translated by hardware and pushed through the web for later-on action or support. Our testing of a set of sensor-triggered scenario and setup clearly indicates the security threats from wireless connected small LAN environments and the overestimated sensor messages resulting from the initial set of the sensor readings, while we emphasize more on the security level of the web services serving the IoT-connected device. Also, we add a remark on how mobile web services and their enabling devices are by far vulnerable to a 4G hack over the utilization of power pack and a serious battery use power draining issues.

Keywords

  • IoT
  • mobile cloud
  • adaptive

1. Introduction

1.1. History of applications

Internet protocols were introduced as safe and secure data packets. These are the solid protocols to capture the packets within the services provided and served by the Internet, as a World Wide Web (WWW), as Fiber to the Premises (FTTP), Mail, video streaming and serving other protocols, presenting an edge to the web. In the last decade, a new era of security was introduced while testing and applying the new sensors and web service to the scene of Internet as more and more automation was introduced and tested for manufacturing purposes, statistics, traffic jam monitoring, file processing within factories, energy saving techniques, medical sensitive data and alerts applications.

Alert application includes measuring on a remote site the systolic and diastolic pressure, patient’s heart rate, pulse of a patient and sending out the sugar glucose far from hospital. In addition to this, testing results from a patient’s home, while he or she performs the test. Smartphone scans and senses the result and sends it via the web (an Internet protocol), through a smartphone application.

While using a wireless network, WiMAX, 3G, LTE, or 4th generation communication protocol, networks or simply a fixed network such as Asymmetric Digital Subscriber Line (ADSL) services (medium) known as industrial services. For example, an immediate auto shut off power is required for an overheated oven in an electric factory or an overcrowded traffic road. This helps to send a report of a series of processed photos to the operation center periodically, which would alert either a police patrol or movement to the site to clear the crowd or to solve the accident caused by traffic jam. The same set of steps are presented to show a critical case or a critical disruption of the normal settled case or the normal routine and this is when an indict application for Internet came to the scene of technical processed signals and connected smart devices.

Internet security is a major research topic in the field of computing and parallel processing, networking and data network design. In the past decade, a lot of researches have been done into the investigation of IoT. There are many faces to how such entity or terminology is defined, mainly, the term IoT refers to Internet-connected objects that are smart in a computational and connectivity manner. These objects are able also to compute, detect and communicate while making measurements to various functions. Functions include civil, domestic, manufacturing, industrial applications, automation and medical applications that bring new protocols to life, such as Time Division Multiple Access (TDMA—collision-free protocol), Carrier Sense Multiple Access (CSMA—slow and low traffic level). These protocols are applied to sensors of the IoT system and form the backbone for sensors’ communication in IoT system. An energy efficient MAC protocol and appropriate routing protocols are required in the IoT networks with limited resources. Several MAC [3] protocols have been proposed for various domains with TDMA, CSMA and Frequency Division Multiple Access (FDMA). These protocols are collision free. However, they require additional complexity to the sensors. Moreover, none of these protocols are accepted as a standard. Therefore, the significance of this scenario requires further research.

The connection is not stable for a number of reasons. For instance, the battery of the sensor may drain out, the wireless communication can be interrupted or a sensor drops out. Consequently, a methodology for self-adapting to the IoT system must be applied that allows for multi-path routing scheme. Multi-path routing protocols are used in mobile ad hoc networks and terrestrial WSNs [4, 5]. They are mainly divided into three categories, namely data centric, location based and hierarchical [6]. This classification is based on different application domains. Data-centric protocols are query based and they depend on the naming of desired data, which helps in eliminating unessential transmissions. Location-based protocols utilize the position information to relay the data to the desired regions rather than the whole network [7]. Hierarchical protocols aim at clustering the nodes so that cluster heads can do some aggregation and reduction of data in order to save energy. The main challenge for the existing routing protocols is preserving energy. This is due to the scarcity of resources. Energy in the IoT network will dominate the number of hops in the multi-hop scenario.

Thus, next era in the field of networks will be outside the realm of the traditional static network. In the IoT system, many of the objects that surround us in our daily life like homes, medical centers, factories, hospitals or government processes areas and universities will be active via web services. IoT smart items or gadgets are simply objects of the network that can receive, send and translate information through a Transmission Control Protocol (TCP) protocol or using sensor elements that can convert their sensors into signals.

The information and communication systems of the IoT networks involve a significant amount of data that have to be stored, processed and interpreted in a seamless, efficient and easily presented form. New sensor network technologies will emerge to meet the enormous amount of data and the new challenges in this system. This model will consist of session (alert, emails triggers, reports, actions movement, stopping of movement, narrow down, widening, etc.) that is delivered in a seamless uninterruptible and efficient manner. Cloud computing can provide the virtual infrastructure for such computing model which integrates monitoring devices, storage devices, sensors, etc.

IoT requires the usage of the limited network resources. From the existing networks and context-aware computation emerge the application of smart connections. The instant presence of the data and the high-speed communication networks are a result of the growing presence of LAN, 3G, WiFi, WiMax, 4G and LTE wireless Internet access. However, for the successful emergence of the IoT vision, the computing system will need to convert from the traditional mobile computing scenarios that use smartphones and wireless network and move into connecting smart objects and embedded intelligent devices. This transition for the IoT demands the following [8]:

  • A public or private accessible and shared environment that considers the context of its users and their appliances

  • Software structure and the communication networks to process and transfer the relevant data, information to where it is related

  • The analytic tools in the IoT that have the characteristic of automation and adaptive behavior

Smart connectivity and context-aware computation of the IoT system can be accomplished with the application of these abovementioned fundamentals. IoT is a representation of a Network of Things (NoT); more clearly, IoT has its own objects that are connected to the Internet, while NoT can be considered as Local Area Network (LAN), with none of its objects connected to the Internet. Social media networks, sensor networks are all versions of NoTs.

It is common to call NoT within a work environment as an enterprise-based application. The Information that is gathered and processed in these networks is tailored to be used only by the enterprise owners and the data may be revealed selectively [9]. An example of NoT applications is environmental monitoring, which is implemented to monitor and track the number of facility users and manage the utilities. For example, controls AC, electricity, alerts, heat, ventilation, and power.

The evolution of the current Internet into a network of interconnected objects, or gadgets, not only sense information from the surroundings and interacts with physical world but allows also using existing Internet standards to provide services for information transfer, analysis of data and web services. Web services are manipulated by the abundant devices and are accessed by the open wireless technology such as bluetooth, WiFi, Global System for Mobile communication (GSM), Wi-Max and Digital Subscriber Line (DSL) data access, along with tailored sniffers and sniff blocks [10]. Recently in 2012, the number of interconnected things invaded the lives of a visible number of individuals. As we are working on this chapter, there are 9 billion interconnected things and it is expected to reach 20 billion devices by 2020.

According to the above Gartner’s IT Hype Cycle [4] (Figure 1), IoT has been identified as one of the most emerging technologies in IT. A Hype Cycle is a way of representing the emergence, maturity, adoption and impact on applications of specific technologies [11]. It is obvious that IoT will take 5–10 years for market adoption. Furthermore, mobile applications and IoT will be the most disruptive class of technologies over the next 10 years. Gartner explains IoT as a network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment. But, for the successful spread of Internet of Things, the computing criterion need to go beyond traditional mobile computing and evolve into connecting everyday existing objects and embedding intelligence into our environment [12]. Table 1 below describes the smart environment application domain, where smart is a reference of a direct intelligent part or component of the network or IoT.

Figure 1.

Cycle of technologies during the years.

Table 1.

Smart environment application domain.

Table 1 explains the type of the network against criterion. For the smart home, smart retail, network size is expected to be small and the numbers of users are few. While for smart agriculture and smart water the network size need to be large as the users are not few. The mode of energy in all the application domains are either rechargeable or energy harvesting.

2. IoT and cloud internet in the coming years

Oxford defines the IoT as a proposed development of the Internet in which everyday objects have network connectivity, thus enabling them to send and receive data. The IoT is a term used to describe all connected objects nodes and computers that can and will perform a predefined set and a measurable set or group of functions and actions that send reports which react to a certain probe, indicating a signal as a response a to a unique sensor trigger.

The enormous spreading of smartphones and other handheld devices in the current decade has changed the computing environment. It becomes more autonomous, interactive and informative. Consequently, it motivated the researchers to focus on human-to-human interface in the late 1980s. As a result, the Ubiquitous Computing (UbiComp) technology has emerged. Mark Weiser, the forefather of UbiComp, defined a smart environment [13] as the physical world that is richly and invisibly interwoven with sensors, actuators, displays, and computational elements, embedded seamlessly in the everyday objects of our lives and connected through a continuous network.

The creation of the Internet has marked a foremost milestone toward achieving UbiComp’s vision which enables individual devices to communicate with any other device in the world.

Caceres and Friday [14] discuss the progress, opportunities and challenges during the 20-year anniversary of UbiComp. They discuss the building blocks of UbiComp and the characteristics of the system to adapt to the changing world. More importantly, they identify two critical technologies for growing the UbiComp infrastructure Cloud Computing and the IoT.

The advancements and convergence of micro-electro-mechanical systems (MEMS) technology, wireless communications and digital electronics has resulted in the development of miniature devices having the ability to sense, compute and communicate wirelessly in short distances. These miniature devices called nodes interconnect to form a wireless sensor networks (WSN) and find wide application in environmental monitoring, infrastructure monitoring, traffic monitoring, retail, etc., [2, 15].

In all of the previous cases, there has to be a governing protocol that authenticates measures and monitors the amount of work needed to perform the predescribed functions; we still have to emphasize the need for new protocols to control and stabilize the IoT environments, such CoCa.

CoCa is an example of a service infrastructure for the IoT that provides pervasive services and supports connecting embedded objects, backend systems and mobile devices in a seamless manner.

In this chapter, we shall investigate the security issues and threats that are passed through a uniform and stable environment making use of a preset of works function and signals, reports, etc., working under an IoT rule. More importantly, we shall put and entail the environment to the security text needed to ensure that there is a stable solid system with a model for traffic and car, road monitoring system, enabled with 5 sensors for flow, speed, sudden jam and total size of roads. Here, we use a model for a cloud computing, connected to a net system named CIT—prepared and authored by Kuwait University undergraduate to manage and extract useful data and send it over to the control room by making use of its protocols. We shall narrow the testing or hypothesis of this research paper to tackle and modify the working conditions of a Wi-Fi operated medium of an IoT scenarios. This chapter aims measure the lack of security and proposes more protocols and shows integration effort to the standards that govern any IoT environment. We propose the chapter as a proof that the IoT is not secure enough to withstand critical application, industrial function and high security. In addition to this, the abundance of Wi-Fi protocols is not the only reason and rules that not only put the IoT critical applications at risk but also leaves a lot of questioning on how the procedure or the IoT is designed to operate.

We propose that the IoT is not an optimal secure environment when critical applications are needed, whether in wireless connected machines or wired data networks.

3. Definitions, terminology, and elements

3.1. Definitions

As identified by Atzori et al. [1], IoT can be realized in three paradigms—Internet oriented (middleware), things oriented (sensors) and semantic oriented (knowledge). IoT can be more useful in applications where the three paradigms exist.

The RFID group defines IoT as the worldwide network of interconnected objects uniquely addressable based on standard communication protocols [16].

IoT has been defined by a group European research projects as [17] things that are active participants in business, information and social processes where they are enabled to interact and communicate among themselves and with the environment by exchanging data and information sensed about the environment, while reacting autonomously to the real/physical world events and influencing it by running processes that trigger actions and create services with or without direct human intervention.

Smart environment [18] utilizes information and communications protocols to make the critical, medical or emergency data and health hazard data structure components, services of a whole town management of traffic or, education, healthcare, public health, real estate and other utilities more aware, interactive and efficient.

In our definition, we make the definition more user-oriented and as close to real life as possible, thus generating data objects such as sensors, emails, physical alerts, triggers alarms, messages, emergency warning, actions, and so on, without restricting it to any standard communication protocol. This will provide significant amount of applications. Moreover, allow using the traditional existing protocols to deploy long lasting applications on the fly and at any time. Thus, our definition of IoT for smart environments is the communication of sensors and actuating devices to provide information across different platforms that can be accessed through a unified infrastructure, developing and enabling innovative applications. This is achieved by seamless large-scale sensing, data analytics and smart information interpretation using UbiComp and cloud computing.

3.1.1. IoT components

The components for IoT can be classified from high-level perspective into three categories that enables seamless UbiComp. Each category can be classified into more taxonomies as found in [1, 13, 19]. The three IoT components are:

  1. Hardware—made up of sensors, actuators and embedded communication hardware

  2. Middleware—on demand storage and computing tools for data analytics

  3. Presentation—novel easy to understand visualization and interpretation tools which can be widely accessed on different platforms and which can be designed for different applications.

The major properties compose or make the security issues of IoT and also ask for more security reliable measure for IoT, as listed below:

  1. Embedded utilization: Most IoT devices have only one single function or use (such as trigger light, turn on power, emerge alerts, message, control, sending datam monote house appliance, etc.); as a direct result, the recognition to a unique device makes up a pattern that gives an easy profile or can be filtered into a pattern.

  2. Divers: The devices of IoT are able to work across multiple spanned devices of computing from low end low frequency RFID to full function computers, thus the privacy policy must encompass all the range of computations.

  3. Scal: These devices, IoT functional ones, are easy to use and are added into the market with simply easy to use applications; thus it makes it hard for users to monitor the privacy and security issues at question.

  4. Mobile: Most if not all IoT devices are mobile and usually connected to the Internet via a large multiple set of services or service providers.

  5. Wireless: IoT devices, in most cases, get connected, and thus enabled, and become functional to the Internet via a large list of wireless protocol namely Wi-Fi, 802.11,WiMax, GSM, Bluetooth, etc.

A set of pervasive computing devices that monitors the technology applied to IoT is a characteristic that creates a set of challenges that need to be tackled. The challenges are listed in the following section.

3.1.2. Challenges and issues in IoT

There are some issues that act as a barrier against the spread of IoT:

  1. Heterogeneity of devices and its management

  2. Privacy and security of the data packets moved (transported) across these devices; thus a certain level of reliability must be built

  3. Network knowledge and content of the packets needs to be known, measured and identified

The challenges will directly dictate a development of new algorithms that are encrypted in an efficient way to provide a minimum level of security for IoT connected devices and its environment, namely a need for a confidential and highly integral level of data communicating across such service level connected devices,

The following figure illustrates how to provide the level of security for IoT (Figure 2):

  1. User privacy: Any user has to be secured enough not to have his/her unified information scattered across unwanted part of a private e-LAN or the Internet in general.

  2. User confidentiality: This item controls the need and actions to be taken that the provider of services in an IoT is able to deduct from observing the use of the look ahead system concerned with a specific user; at least, this deduction should be extremely difficult to take place.

  3. Authentication of data: All data and packet data with received information from IoT devices and user side or control units have to be authenticated.

  4. Strong resistance to hack and spam attacks: The IoT systems should avoid having one point of failure and should be able to recover from nodes or multiple nodes failure, also avoid, if necessary, single points of failure.

  5. Protocol for access and control: All information service providers must be able to adhere to access control protocols, to govern the way packets are retrieved and used within the network.

  6. Protection of data transport: This part is usually deeply discussed and portrayed by telecom protocols and its supporting security levels.

  7. User identification: It refers to the action by which the user validating users takes place before granting access to the system.

  8. Secure storage process: This involves confidentiality and access control of critical and sensitive parts of the packets and information that are stored in the network.

  9. Identity management: It is a wide look up area that handles identifying people and their connected things in an IoT system and controlling their access to libraries and services within that system by linking user profiles and their access levels and with the created user rights.

  10. Secure data communication: This lists authenticating communicating peers, ensuring confidentiality and complex process of communication data, thus filtering loss of data transaction, hiding and protecting the user profile details of common communicating protocol.

  11. Availability: Availability refers to complete allocation of authorized persons or systems only can access the system and to deny access or services to authorize users.

  12. Secure network access: This provides a network connection or services that can work only if the device is linked and validated.

  13. Secure content: Content secure transaction is the key to secure IoT, namely, using Digital Rights Management (DRM) protects the rights of the digital files moving across the IoT system or network.

  14. Secure execution environment: It refers to a secure, managed-application environment that is dedicated with a set of rules for preventing the system from hacks and attacks or suspicious applications.

  15. Tamper resistance: The full protection to the IoT system even if the logical part is down, it can resist hacks even with a physical attempt or if the device falls in the wrong hands or threats from outside parties or hackers.

Figure 2.

IoT security levels.

4. Securities and threat taxonomy for IoT

4.1. Security and threat idiom for the IoT connected environment

Typically, an IoT connected set of devices will have it is own security threats; meanwhile, the new algorithms or technologies in IoT security might be able to put some reliable solutions. Security threat level of IoT is a main topic that needs to be addressed and standardized. One typical example is how infinite its applications can be as it is basically linking or enabling devices to be smart and connected to the Internet.

We can safely state that the IoT is coupled with multiple security threats and alters overall information security risk profile, although the implementation of new protocols and restriction may help IoT fight against threats and vulnerabilities. IoT security is basically a data management topic and a highly rich research area. Effective management of these threats that are linked with IoT needs a deep and thorough evaluation of risk given the environment and development of a plan to go through clear and calculated risk.

The various threats associated with the use of IoT [13] are listed in the following paragraphs (Figure 3):

  1. Identification threat covers determination of unique device/user/session with authentication, authorization, accounting, and provisioning.

  2. Communication threat handles a d.enial-of-service attack (DoS) and it occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages, and/or other commands.

  3. Physical threat includes micro probing and reverse engineering causing serious security problem by directly tampering the hardware components. Some types of physical attack require expensive material because of which they are relatively hard to perform. Some examples are de-packaging of chip, layout reconstruction, micro-probing.

  4. Embedded security threat model will span all the threats at physical and MAC layer [20, 21]. Security threats such as device and data tampering, side channel analysis, bus monitoring, etc., will be the concerns at device level.

  5. Storage management has crucial impact on the key management to achieve confidentiality and integrity. We must also be careful in choosing which cryptographic components to use as the building blocks since, for example, the cipher texts for some public key encryption.

Figure 3.

Threats taxonomy for IoT.

5. Conclusion

The IoT [1] has immense potential to change many of our daily activities, routines and behaviors. The pervasive nature of the information sources means that a great amount of data pertaining to possibly every aspect of human activity, both public and private, will be produced, transmitted, collected, stored and processed. Consequently, integrity and confidentiality of transmitted data as well as the authentication of (and trust in) the services that offer the data is crucial. Hence, security is a critical functionality for the IoT [14].

Wireless data networks, are prone to a large number of attacks such as eavesdropping, spoofing, denial of service, and so on. Legacy Internet systems mitigate these attacks by relying on link layer, network layer, transport layer or application layer encryption and authentication of the underlying data. Though some of these solutions are applicable to the IoT domain, the inherently limited processing and communication capabilities of IoT devices prevent the use of full-fledged security suites.

© 2018 The Author(s). Licensee IntechOpen. This chapter is distributed under the terms of the Creative Commons Attribution 3.0 License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

How to cite and reference

Link to this chapter Copy to clipboard

Cite this chapter Copy to clipboard

Feda AlShahwan (March 22nd 2018). Adaptive Security Framework in Internet of Things (IoT) for Providing Mobile Cloud Computing, Mobile Computing - Technology and Applications, Mutamed Khatib and Nael Salman, IntechOpen, DOI: 10.5772/intechopen.75190. Available from:

chapter statistics

434total chapter downloads

More statistics for editors and authors

Login to your personal dashboard for more detailed statistics on your publications.

Access personal reporting

Related Content

This Book

Next chapter

Taxonomy of Cloud Lock-in Challenges

By Justice Opara-Martins

Related Book

First chapter

An Overview of the Physical Insight and the Various Performance Metrics of Fading Channels in Wireless Communication Systems

By K.P. Peppas, H.E. Nistazakis and G.S. Tombras

We are IntechOpen, the world's leading publisher of Open Access books. Built by scientists, for scientists. Our readership spans scientists, professors, researchers, librarians, and students, as well as business professionals. We share our knowledge and peer-reveiwed research papers with libraries, scientific and engineering societies, and also work with corporate R&D departments and government entities.

More About Us