Skip to main content
SpringerLink
Log in

End-to-End Security for IoT Communications: A Practical Implementation

  • Chapter
  • First Online:
Emerging Trends in Cybersecurity Applications

  • 603 Accesses

Abstract

IoT devices are slowly evolving as an inseparable part of our lives. These internet-connected appliances perform one operation and are specialize in doing so. Before communicating with these devices, establishing a secured key is necessary to prevent unauthorized access. The plug-and-play model for electronic devices is familiar to the users. These IoT devices fall into the same realm. The plug-pair-play (P3) model follows the same principle so that the user does not feel the added burden when operating with IoT devices. The P3 model avoids the use of preset credentials or known secrets. The model helps generate a shared key dynamically between each pair of devices and users before communication happens over the public internet. We also demonstrate how the key could help perform the device firmware update. Resource limitations are a concern when implementing cryptographic solutions. In this chapter, we tried to enforce a zero-trust pattern. Every request and response gets authenticated before operating. The framework described in this chapter sets the path to end-to-end secured communication for IoT devices.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. T. Adame, A. Bel, B. Bellalta, Increasing LPWAN scalability by means of concurrent multiband iot technologies: an industry 4.0 use case. IEEE Access 7, 46990–47010 (2019)

    Google Scholar 

  2. M.A. Al-Garadi, A. Mohamed, A.K. Al-Ali, X. Du, I. Ali, M. Guizani, A survey of machine and deep learning methods for internet of things (IoT) security. IEEE Commun. Surv. Tutor. 22(3), 1646–1685 (2020)

    Article  Google Scholar 

  3. H. Almuhimedi, F. Schaub, N. Sadeh, I. Adjerid, A. Acquisti, J. Gluck, L.F. Cranor, Y. Agarwal, Your location has been shared 5398 times! a field study on mobile app privacy nudging, in CHI ’15: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (ACM, New York, 2015), pp. 787–796 https://doi.org/10.1145/2702123.2702210

    Google Scholar 

  4. K. Ashton, That “internet of things” thing: In the real world things matter more than ideas. RFID J. 22, 97–114 (2009)

    Google Scholar 

  5. N. Asokan, T. Nyman, N. Rattanavipanon, A.-R. Sadeghi, G. Tsudik, Assured: architecture for secure software update of realistic embedded devices. IEEE Trans. Comput. Aided Design Integr. Circuits Syst. 37(11), 2290–2300 (2018)

    Article  Google Scholar 

  6. E. Bertino, N. Islam, Botnets and internet of things security. Computer 50(2), 76–79 (2017) https://doi.org/10.1109/MC.2017.62

    Article  Google Scholar 

  7. S. Bhattacharjya, H. Saiedian, Establishing and validating secured keys for IoT devices: using p3 connection model on a cloud-based architecture. Int. J. Inf. Secur. 21, 1–10 (2021). https://doi.org/10.1007/s10207-021-00562-7

    Google Scholar 

  8. S. Bhattarai, Y. Wang, End-to-end trust and security for internet of things applications. Computer 51(4), 20–27 (2018)

    Article  Google Scholar 

  9. B. Bryant, H. Saiedian, Improving SIEM alert metadata aggregation with a novel kill-chain based classification model. Comput. Secur. 94, 101817 (2020)

    Article  Google Scholar 

  10. B. Bryant, H. Saiedian, An evaluation of videogame network architecture, performance, and security. Comput. Netw. 192, 108128 (2021)

    Article  Google Scholar 

  11. Canonical Ltd. Who should bear the cost of IoT security: consumers or vendors? (2017). https://tinyurl.com/bdbwze24

  12. Congress.gov. H.R.1668 - 116th Congress (2019–2020): IoT Cybersecurity Improvement Act of 2020, December 4, 2020. https://www.congress.gov/bill/116th-congress/house-bill/1668

  13. S. Cotton, W. Scanlon, Characterization and modeling of the indoor radio channel at 868 MHz for a mobile bodyworn wireless personal area network. IEEE Antennas Wirel. Propag. Lett. 6, 51–55 (2007)

    Article  Google Scholar 

  14. B. Cyr, J. Mahmod, U. Guin, Low-cost and secure firmware obfuscation method for protecting electronic systems from cloning. IEEE Int. Things J. 6(2), 3700–3711 (2019)

    Article  Google Scholar 

  15. M. Fomichev, M. Maass, L. Almon, A. Molina, M. Hollick, Perils of zero-interaction security in the internet of things. Proc. ACM Interact. Mob. Wearable Ubiquitous Technol. 3(1), 1–38 (2019)

    Article  Google Scholar 

  16. M. Gao, Q. Wang, M.T. Arafin, Y. Lyu, G. Qu, Approximate computing for low power and security in the internet of things. IEEE Comput. 50(6), 27–34 (2017)

    Article  Google Scholar 

  17. V. Hassija, V. Chamola, V. Saxena, D. Jain, P. Goyal, B. Sikdar, A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access 7, 82721–82743 (2019). https://doi.org/10.1109/ACCESS.2019.2924045

    Article  Google Scholar 

  18. C. Horan, H. Saiedian, Cyber crime investigation: landscape, challenges, and future research directions. J. Cybersecur. Privacy 1(4), 580–596 (2021)

    Article  Google Scholar 

  19. F. Hussain, R. Hussain, S. Hassan, E. Hossain, Machine learning in IoT security: current solutions and future challenges. IEEE Commun. Surv. Tutor. 22(3), 1686–1721 (2020). https://doi.org/10.1109/COMST.2020.2986444

    Article  Google Scholar 

  20. C. Huth, J. Zibuschka, P. Duplys, T. Guneysu, Securing systems on the internet of things via physical properties of devices and communications, in 2015 Annual IEEE Systems Conference (SysCon) Proceedings (2015), pp. 8–13. https://doi.org/10.1109/SYSCON.2015.7116721

  21. W. Iqbal, H. Abbas, M. Daneshmand, B. Rauf, Y.A. Bangash, An in-depth analysis of IoT security requirements, challenges, and their countermeasures via software-defined security. IEEE Int. Things J. 7(10), 10250–10276 (2020). https://doi.org/10.1109/JIOT.2020.2997651

    Article  Google Scholar 

  22. N. Karie, N. Sahri, W. Yang, C. Valli, V. Kebande, A review of security standards and frameworks for IoT-based smart environments. IEEE Access 9, 121975–121995 (2021)

    Article  Google Scholar 

  23. K. Karmakar, V. Varadharajan, S. Nepal, U. Tupakula, SDN-enabled secure IoT architecture. IEEE Int. Things J. 8(8), 6549–6564 (2021). https://doi.org/10.1109/JIOT.2020.3043740

    Article  Google Scholar 

  24. D. Kreutz, F. Ramos, P. Verissimo, C.E. Rothenberg, S. Azodolmolky, S. Uhlig, Software-defined networking: a comprehensive survey. Proc. IEEE 103(1), 14–76 (2015). https://doi.org/10.1109/JPROC.2014.2371999

    Article  Google Scholar 

  25. R. Mahmoud, T. Yousuf, F. Aloul, I. Zualkernan, Internet of things (IoT) security: Current status, challenges and prospective measures, in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST) (2015), pp. 336–341. https://doi.org/10.1109/ICITST.2015.7412116

  26. P. Middleton, A. Velosa, F. Biscotti, Forecast analysis: enterprise IoT platforms, worldwide (2020). gartner.com/en/documents/3983783/forecast-analysis-enterprise-iot-platforms- worldwide

  27. N. Neshenko, E. Bou-Harb, J. Crichigno, G. Kaddoum, N. Ghani, Demystifying IoT security: an exhaustive survey on IoT vulnerabilities and a first empirical look on internet-scale IoT exploitations. IEEE Commun. Surv. Tutor. 21(3), 2702–2733 (2019). https://doi.org/10.1109/COMST.2019.2910750

    Article  Google Scholar 

  28. J. Nieminen, C. Gomez, M. Isomaki, T. Savolainen, B. Patil, Z. Shelby, M. Xi, J. Oller, Networking solutions for connecting Bluetooth low energy enabled machines to the internet of things. IEEE Netw. 28(6), 83–90 (2014)

    Article  Google Scholar 

  29. N. Pazos, M. Muller, M. Aeberli, N. Ouerhani, ConnectOpen - automatic integration of IoT devices, in 2015 IEEE 2nd World Forum on Internet of Things (WF-IoT) (2015), pp. 640–644

    Google Scholar 

  30. E. Ronen, A. Shamir, Extended functionality attacks on IoT devices: The case of smart lights, in 2016 IEEE European Symposium on Security and Privacy (EuroS&P) (2016), pp. 3–12

    Google Scholar 

  31. N. Sakimura, M. Jones, J. Bradley, JSON Web Token (JWT) (2015). https://datatracker.ietf.org/doc/html/rfc7519

  32. S.K. Sharma, X. Wang, Toward massive machine type communications in ultra-dense cellular IoT networks: current issues and machine learning-assisted solutions. IEEE Commun. Surv. Tutor. 22(1), 426–471 (2020)

    Article  Google Scholar 

  33. S. Swamy, D. Jadhav, N. Kulkarni, Security threats in the application layer in IoT applications, in 2017 International Conference on I-SMAC (IoT in Social, Mobile, Analytics and Cloud) (2017), pp. 477–480. https://doi.org/10.1109/I-SMAC.2017.8058395

  34. K. Zandberg, K. Schleiser, F. Acosta, H. Tschofenig, E. Baccelli, Secure firmware updates for constrained iot devices using open standards: a reality check. IEEE Access 7, 71907–71920 (2019). https://doi.org/10.1109/ACCESS.2019.2919760

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Abbott, Kansas City, MO, USA

    Sairath Bhattacharjya

  2. The Institute for Information Sciences and Electrical Engineering & Computer Science, The University of Kansas, Lawrence, KS, USA

    Hossein Saiedian

Authors
  1. Sairath Bhattacharjya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hossein Saiedian
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hossein Saiedian .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Kent Institute Australia, Sydney, NSW, Australia

    Abeer Alsadoon

  3. Ulster University, Ulster, UK

    Cathryn Peoples

  4. EPITA Engineering School, Paris, France

    Nour El Madhoun

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bhattacharjya, S., Saiedian, H. (2023). End-to-End Security for IoT Communications: A Practical Implementation. In: Daimi, K., Alsadoon, A., Peoples, C., El Madhoun, N. (eds) Emerging Trends in Cybersecurity Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-09640-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-09640-2_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-09639-6

  • Online ISBN: 978-3-031-09640-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation